Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&build=581.2&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.2 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: MozillaFirefox (68.4.2 -> 68.5.0) MozillaThunderbird (68.4.1 -> 68.5.0) QtAV (1.12.0 -> 1.13.0) edict (20180305 -> 20191016) ipmitool (1.8.18 -> 1.8.18+git20200204.7ccea28) kcm_tablet (3.1.1 -> 3.2.0) kdeconnect-kde (1.3.3 -> 1.4) plymouth python-PyWebDAV3-GNUHealth (0.10.2 -> 0.10.3) xfce4-whiskermenu-plugin (2.4.1 -> 2.4.2) xfconf === Details === ==== MozillaFirefox ==== Version update (68.4.2 -> 68.5.0) Subpackages: MozillaFirefox-translations-common MozillaFirefox-translations-other - Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 ==== MozillaThunderbird ==== Version update (68.4.1 -> 68.5.0) Subpackages: MozillaThunderbird-translations-common MozillaThunderbird-translations-other - Mozilla Thunderbird 68.5 * new: Support for Client Identity IMAP/SMTP Service Extension (bmo#1532388) * new: Support for OAuth 2.0 authentication for POP3 accounts (bmo#1538409) * fixed: Status area goes blank during account setup (bmo#1593122) * fixed: Calendar: Could not remove color for default categories (bmo#1584853) * fixed: Calendar: Prevent calendar component loading multiple times (bmo#1606375) * fixed: Calendar: Today pane did not retain width between sessions (bmo#1610207) * fixed: Various <a href="https://www.mozilla.org/en- US/security/known- vulnerabilities/thunderbird/#thunderbird68.5">security fixes</a> * unresolved: When upgrading from Thunderbird version 60 to version 68, add-ons are not automatically updated during the upgrade process. They will however be updated during the add- on update check. It is of course possible to reinstall compatible add-ons via the Add-ons Manager or via addons.thunderbird.net. (bmo#1574183) MFSA 2020-07 (bsc#1163368) * CVE-2020-6793 (bmo#1608539) Out-of-bounds read when processing certain email messages * CVE-2020-6794 (bmo#1606619) Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords * CVE-2020-6795 (bmo#1611105) Crash processing S/MIME messages with multiple signatures * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6792 (bmo#1609607) Message ID calculcation was based on uninitialized data * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Thunderbird 68.5 - Mozilla Thunderbird 68.4.2 (bsc#1162777) * changed: Calendar: Task and Event tree colours adjusted for the dark theme (bmo#1608344) * fixed: Retrieval of S/MIME certificates from LDAP failed (bmo#1604773) * fixed: Address-parsing crash on some IMAP servers when preference mail.imap.use_envelope_cmd was set (bmo#1609690) * fixed: Incorrect forwarding of HTML messages caused SMTP servers to respond with a timeout (bmo#1222046) * fixed: Calendar: Various parts of the calendar UI stopped working when a second Thunderbird window opened (bmo#1608407) ==== QtAV ==== Version update (1.12.0 -> 1.13.0) Subpackages: libQtAV1 libQtAVWidgets1 - Add 0001-Fix-build-with-Qt-5.14.patch - Update to 1.13.0 * Add python bindings * More apis for qml player * Auto rotate video * Apple store * Fix ios plugin not found * Support chapters * Muxer, encoder, transcoder improvements * Compatible with new ffmpeg * videotoolbox: hevc, * cuda: new devices * Android: no longer depends on private qt module * Fix opensl error * mediacodec: 0-copy via a plugin from https://github.com/wang-bin/mdk-sdk - Drop patches merged upstream: * fix-build-newer-ffmpeg.patch * disable-use-of-deprecated-header.patch ==== edict ==== Version update (20180305 -> 20191016) - Fix invalid RPM group. - Drop "Provides: locale(ja)" to reduce the size of Japanese base system - Update to snapshot 20191016 * No changelog recorded. - Update to snapshot 20190313 * No changelog recorded. - Update to snapshot 20181125 * No changelog recorded. - Split package into: edict, edict2, jmdict. This way, one need not install the rather large XML variant (jmdict) if not needed. - Added JIS X 0213-2012 Kanji dictionary ("kanjd213"). - Remove the computer terminology dictionary "compdic", as it is already included in the word dictionary. ==== ipmitool ==== Version update (1.8.18 -> 1.8.18+git20200204.7ccea28) - Don't hardcode /usr but use rpm variables - bsc#1163026 - CVE-2020-5208 - Use license macro for COPYING, instead of doc - Add ChangeLog mainline log to docs for shorter obs changelogs. This will be the last more detailed changelog, due to more important buffer overflow patches. Otherwise this changelog will not include (mainline) changes anymore. - Update to version 1.8.18+git20200204.7ccea28: * fru, sdr: Fix id_string buffer overflows * lanp: Fix buffer overflows in get_lan_param_select * channel: Fix buffer overflow * session: Fix buffer overflow in ipmi_get_session_info * fru: Fix buffer overflow in ipmi_spd_print_fru * fru: Fix buffer overflow vulnerabilities * chassis: bootmbox: Refix 62a04390 * configure: Drop requirement for curses et. al libs - Add a configure option to disable IANA PEN database internet download A autotools_define_DOWNLOAD.diff D create_pen_list_from_local_file.patch - New pen database: M enterprise-numbers - Patches adjusted to latest mainline code: M fix_file_permissions.patch M ipmitool_adjust_suse_paths.patch M several_more_compile_fixes.patch ==== kcm_tablet ==== Version update (3.1.1 -> 3.2.0) Subpackages: kcm_tablet-lang - Update to version 3.2.0 - Main changes: * screen tablet area calculation fix (by Jason Gerecke); this should finally fix or at least greatly improve calibration. * GCC9 support. * xlib backend removed, x11-xlib dependency removed. - New device definitions: * CTL-4100, CTL-4100WL, CTL-6100, CTL-6100WL (by Stefano Guidoni) - Drop patches merged upstream: * 0001-Supposedly-fix-building-with-gcc9.patch * 0001-Remove-x11-xlib-dependency.patch - Add patch to fix build with cmake >= 3.14 (X11 never had an XLIB component): * 0001-Remove-x11-xlib-dependency.patch - Add patch to fix build with GCC 9: * 0001-Supposedly-fix-building-with-gcc9.patch ==== kdeconnect-kde ==== Version update (1.3.3 -> 1.4) Subpackages: kdeconnect-kde-lang - Update to 1.4 * New "KDE Connect" desktop app to control the phone from the PC * SMS app that can read and write SMS texts * control PC system's global volume from a phone * flip forward and back through presentation slides * compatibility with Thunar (Xfce's file manager) and Elementary applications such as Pantheon Files. - Run spec-cleaner - Update to 1.3.5 * Add detectPlatform to always use wayland in a wayland session * i18n: fix extraction of nautilus extension * Don't update new notifications * Install desktop file for kdeconnectd * [sftp] Fix error message wording * Change plugin name * [sftp] Give better error messages for common errors * [sftp] Improve error reporting * Use KAboutData to set information about the daemon * Disable session management * Print socket error when connection fails * [kio] Mount device during stat if necessary * [backends/lan] Don't fail silently when a UDP packet could not be unserialized * Fix crash in daemon * Fix crash in notifications plugin (kde#400010) * Don't show multiple windows when replying to a notification - Drop Leap 42.3 specific patches, it's no longer supported: * 0001-Fix-build-on-Leap-42.3.patch * 0001-Revert-Retry-the-network-packet-if-it-failed-to-unse.patch - Don't install SuSEfirewall2 file on Tumbleweed anymore, Sf2 has been dropped - Use noun phrase in descriptions. - Update to 1.3.4 * Always play when call ended (kde#400787) * [cli] Show all reachable devices (kde#402088) * [sftp] Get device ID from URL * Retry the network packet if it failed to unserialize * Fix sending keys via CLI * [kio] Fix file browsing with non-KIO file managers - Run spec-cleaner - Refresh 0001-Fix-build-on-Leap-42.3.patch - Add 0001-Revert-Retry-the-network-packet-if-it-failed-to-unse.patch to make it build on Leap 42.3 - Drop Provides/Obsoletes for kdeconnect-kde-devel, that package doesn't exist anymore since 2015 and nothing should need it - Add 0001-Fix-build-on-Leap-42.3.patch to make it build on Leap 42.3 - Update to 1.3.3 * Instantiate QApplication object to fix crash on KDE Neon (kde#400178) * Fix build failure on musl based systems (kde#395161) - Update to 1.3.2 * Also allow modern algorithms, for compat with future apps * Remove characters from UUID that aren't legal in URLs * Add new notifications at the top of the list * Change the 'Dismiss all notifications' icon * Fix DBus signals in Mprisremote - Update to 1.3.1 * Fix a bug that would hang Nautilus when copying a file if paired devices were available * Fix remote filesystem reconnection issue * Add a missing dependency check in cmake * Add missing notification category to the plasmoid - Mark license file with %license instead of %doc - Update to 1.3.0 * Fixed frequent crash when receiving notifications * Fixed MPRIS player entries never being deleted * Added a Gnome Files (Nautilus) extension to send files from the context menu * Added handling of "tel:" links with KDE Connect * Support sending album art in MPRIS plugin * Allow sharing more than one file from the CI (eg: --share *.mp3) - Remove patches, now upstream: * 0001-Fix-null-dereference.patch - Modified wording in Description to match that KDE Connect runs under any Linux desktop (see upstream README.md file) - Add 0001-Fix-null-dereference.patch to fix a null dereference. - Add signature file kdeconnect-kde-v1.2.1.tar.xz.sig - Update to 1.2.1 * Require the latest version of KF5 * Was getting a double-delete, now it won't crash * Get rid of ProcessRunner * Add album art to mpris network packets * Add title, artist and album to MPRIS network packets * Fix information leak via /tmp (kde#383144) * Add support for new Android 2.3 (API 9+) cipher * Fix kdeconnect-cli device list * Fix "error activiting kdeconnectd" for kdeconnect-cli * Delay kdeconnectd autostart phase * Fix Notifications in Plasmoid * Make sure there's not a path within the filename * share plugin: fix path display * Use pactl instead of KMix in PauseMusic Plugin - needs KDE Frameworks 5.42 now - Update to 1.2.0 - Update build requirements, it needs Qt 5.7 and KF 5.38 now - Remove patches, now upstream: * 0001-Treat-device-names-as-plaintext-not-rich-text.patch - Add patch to fix unauthenticated HTML injection (kde#382243): * 0001-Treat-device-names-as-plaintext-not-rich-text.patch - Update to 1.0.3 - Update to 1.0.2 - Update to 1.0.1 * fixes some issues found in 1.0 - Drop upstreamed fix-build-with-older-qt.patch - Add fix-build-with-older-qt.patch from upstream to make it compile with Qt < 5.6, and lower the Qt requirement to 5.2 again (as demanded by CMakeLists.txt) - Add firewalld service file - Build docs again - Require at least Qt 5.6 - New upstream version 1.0 * Trigger custom commands from phone * Reply to SMS messages from the desktop * Receive desktop notifications on phone * TLS encryption - Update to 0.9g * No changelog provided - Drop upstreamed 0001-This-syntax-also-works-on-older-OpenSSH-versions.patch - Add 0001-This-syntax-also-works-on-older-OpenSSH-versions.patch from upstream to be compatible with older openssh versions (bnc#961554) - Update to 0.9f * Adds translations - Update to 0.9 * KF5 version - Update to 0.8 * No changelog provided - Add Requires: sshfs to make it work. - Update to 0.7.3: * No changelog provided ==== plymouth ==== Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Sync the default openSUSE theme from Tumbleweed ==== python-PyWebDAV3-GNUHealth ==== Version update (0.10.2 -> 0.10.3) - vewrsion 0.10.3 Check for binary type before encoding ==== xfce4-whiskermenu-plugin ==== Version update (2.4.1 -> 2.4.2) Subpackages: xfce4-whiskermenu-plugin-lang - Update to 2.4.2 * Fix crash when selecting desktop action. (bxo#16445) * Translation updates ==== xfconf ==== Subpackages: libxfconf-0-3 xfconf-lang - xfconfd needs to be a hard dependency to libxfconf (boo#1163214) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org