[opensuse-factory] New Tumbleweed snapshot 20191230 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20191230 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (70.0.1 -> 71.0) MozillaThunderbird (68.3.0 -> 68.3.1) clamav exim (4.92.2 -> 4.93) gnome-menus-branding-openSUSE gvfs perl-Mojolicious (8.27 -> 8.29) perl-Template-Toolkit (2.29 -> 3.003) xdg-desktop-portal (1.4.2 -> 1.6.0) xdg-desktop-portal-gtk (1.4.0 -> 1.6.0) yast2-control-center (4.2.2 -> 4.2.3) === Details === ==== MozillaFirefox ==== Version update (70.0.1 -> 71.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 rust/cargo >= 1.37 - reactivate webrtc for platforms where it was disabled - updated create-tar.sh to cover buildid and origin repo information - > removed obsolete source-stamp.txt - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch - changed locale building procedure * removed obsolete compare-locales.tar.xz - added mozilla-bmo1601707.patch to fix gcc/LTO builds (bmo#1601707, boo#1158466) - added mozilla-bmo849632.patch to fix big endian issues in skia used for WebGL ==== MozillaThunderbird ==== Version update (68.3.0 -> 68.3.1) Subpackages: MozillaThunderbird-translations-common - add mozilla-bmo1583471.patch to allow building with rust 1.39 - Mozilla Thunderbird 68.3.1 * In dark theme unread messages no longer shown in blue to distinguish from tagged messages * Account setup is now using client side DNS MX lookup instead of relying on a server Bugfixes * Searching LDAP address book crashed in some circumstances * Message navigation with backward and forward buttons did not work in some circumstances * WebExtension toolbar icons were displayed too small * Calendar: Tasks due today were not listed in bold * Calendar: Last day of long-running events was not shown ==== clamav ==== Subpackages: libclamav9 libfreshclam2 - The freshclam.service should not be started before the network is online (it checks for updates immediately upon service start) ==== exim ==== Version update (4.92.2 -> 4.93) - update to exim 4.93 * SUPPORT_DMARC replaces EXPERIMENTAL_DMARC * DISABLE_TLS replaces SUPPORT_TLS * Bump the version for the local_scan API. * smtp transport option hosts_try_fastopen defaults to "*". * DNSSec is requested (not required) for all queries. (This seemes to ask for trouble if your resolver is a systemd-resolved.) * Generic router option retry_use_local_part defaults to "true" under specific pre-conditions. * Introduce a tainting mechanism for values read from untrusted sources. * Use longer file names for temporary spool files (this avoids name conflicts with spool on a shared file system). * Use dsn_from main config option (was ignored previously). - update to exim 4.92.3 * CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat, remote code execution seems to be possible ==== gnome-menus-branding-openSUSE ==== - Convert package to _multibuild. ==== gvfs ==== Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang - BuildRequire pkgconfig(systemd): meson.build tries to inspect systtemd.pc to find the right unit-directories. ==== perl-Mojolicious ==== Version update (8.27 -> 8.29) - updated to 8.29 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.29 2019-12-28 - Improved async/await support to work in many more cases, such as WebSocket handlers. 8.28 2019-12-26 - Added EXPERIMENTAL support for async/await (with -async Mojo::Base flag). - Added EXPERIMENTAL all_settled and any methods to Mojo::Promise. ==== perl-Template-Toolkit ==== Version update (2.29 -> 3.003) - updated to 3.003 see /usr/share/doc/packages/perl-Template-Toolkit/Changes ==== xdg-desktop-portal ==== Version update (1.4.2 -> 1.6.0) Subpackages: xdg-desktop-portal-lang - Update to version 1.6.0: + tests: Adapt to libportal api changes. - Changes from version 1.5.4: + background: - Add a signal to the impl api. - Rewrite the monitoring to better track when apps disappear. + permissions: Fix SetValue handling of GVariant wrapping. This is an api change. + openuri: - Add a per-type always-ask option. - Show the app chooser dialog less often. + memorymonitor: A new portal to let apps receive low memory warnings. + filetransfer: A new portal to rewrite file paths between sandboxes. - Changes from version 1.5.3: + Add more tests. + location: Various fixes. + document portal: Monitor fuse mount. + openuri: - Only ask 3 times to use the same app. - Add an 'ask' option. + Fix build from git. + email: Allow multiple addresses, cc and bcc. + filechooser: Allow saving multiple files. + Update translations. - Changes from version 1.5.2: + Add many more tests, using libportal. + gamemode: Add a pidfd-based api. + inhibit: Send a Response signal. + openuri: Add an OpenDirectory api. + Updated translations. - Changes from version 1.5.1: + Add a portal for setting desktop backgrounds + Add tests. + Optionally use libportal (for tests). - Changes from version 1.5.0: + Add a secret portal that is meant be used via libsecret inside the sandbox. One backend for this will live in gnome-keyring, others are possible. + Fix a file descriptor leak. + Reduce log spam. + Updated translations. - Add pkgconfig(libportal) BuildRequires: New dependency. ==== xdg-desktop-portal-gtk ==== Version update (1.4.0 -> 1.6.0) Subpackages: xdg-desktop-portal-gtk-lang - Update to version 1.6.0: + Updated translations. - Changes from version 1.5.2: + email: Work with sandboxed email clients. + wallpaper: - Support http: uris. - Improve preview. + appchooser: Modernize the appearance. + background: Improve application monitoring. + Require xdg-desktop-portal 1.5. - Changes from version 1.5.1: + settings: Get animations-enabled setting from gnome-shell. + wallpaper: Add a portal backend for setting desktop backgrounds. + email: Support multiple addresses, cc and bcc. + filechooser: Support saving multiple files. + Updated translations. - Changes from version 1.5.0: + screencast: - Support window selection. - Fix a crash. + settings: - Add a settings portal backend. - Handle enable-animations setting like gsd. + Updated translations. - Add BuildRequires: pkgconfig(gnome-desktop-3.0): New dependency. ==== yast2-control-center ==== Version update (4.2.2 -> 4.2.3) Subpackages: yast2-control-center-qt - Fix theming icons again (boo#1159283) - 4.2.3 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, as an heads up, FF ignores MOZ_PLUGIN_PATH now, resulting in dysfunctional plug-ins. Wolfgang is innocent of course, upstream intentionally broke it: https://bugzilla.mozilla.org/show_bug.cgi?id=1602308 Dirty quick fix for Flash: ln -s ../../browser-plugins/libfreshwrapper-flashplayer.so /usr/lib64/mozilla/plugins Cheers, Pete Am Mittwoch, 1. Januar 2020, 05:03:05 CET schrieb Dominique Leuenberger:
MozillaFirefox (70.0.1 -> 71.0)
- Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 rust/cargo >= 1.37 - reactivate webrtc for platforms where it was disabled - updated create-tar.sh to cover buildid and origin repo information - > removed obsolete source-stamp.txt - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch - changed locale building procedure * removed obsolete compare-locales.tar.xz - added mozilla-bmo1601707.patch to fix gcc/LTO builds (bmo#1601707, boo#1158466) - added mozilla-bmo849632.patch to fix big endian issues in skia used for WebGL
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, would you mind to open a bugreport for openSUSE? We should discuss there (or on mozilla-factory-mozilla@) how to proceed. We could either patch Firefox to still search in the /usr/$LIB/browser-plugins location or change the "convention" that browser-plugins need to be installed in /usr/$LIB/mozilla/plugins which is still supported w/o env changes. I tend to the latter because there is only one plugin left? Wolfgang Am 06.01.20 um 18:12 schrieb Hans-Peter Jansen:
Hi,
as an heads up, FF ignores MOZ_PLUGIN_PATH now, resulting in dysfunctional plug-ins. Wolfgang is innocent of course, upstream intentionally broke it:
https://bugzilla.mozilla.org/show_bug.cgi?id=1602308
Dirty quick fix for Flash:
ln -s ../../browser-plugins/libfreshwrapper-flashplayer.so /usr/lib64/mozilla/plugins
Cheers, Pete
Am Mittwoch, 1. Januar 2020, 05:03:05 CET schrieb Dominique Leuenberger:
MozillaFirefox (70.0.1 -> 71.0)
- Mozilla Firefox 71.0 * Improvements to Lockwise, our integrated password manager * More information about Enhanced Tracking Protection in action * Native MP3 decoding on Windows, Linux, and macOS * Configuration page (about:config) reimplemented in HTML * New kiosk mode functionality, which allows maximum screen space for customer-facing displays MFSA 2019-36 * CVE-2019-11756 (bmo#1508776) Use-after-free of SFTKSession object * CVE-2019-17008 (bmo#1546331) Use-after-free in worker destruction * CVE-2019-13722 (bmo#1580156) (Windows only) Stack corruption due to incorrect number of arguments in WebRTC code * CVE-2019-17014 (bmo#1322864) Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure * CVE-2019-17010 (bmo#1581084) Use-after-free when performing device orientation checks * CVE-2019-17005 (bmo#1584170) Buffer overflow in plain text serializer * CVE-2019-17011 (bmo#1591334) Use-after-free when retrieving a document in antitracking * CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209 bmo#1580288, bmo#1585760, bmo#1592502) Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 * CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937 bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865 bmo#1594181) Memory safety bugs fixed in Firefox 71 - requires NSPR >= 4.23 NSS >= 3.47.1 rust/cargo >= 1.37 - reactivate webrtc for platforms where it was disabled - updated create-tar.sh to cover buildid and origin repo information - > removed obsolete source-stamp.txt - removed obsolete patches mozilla-bmo1511604.patch mozilla-openaes-decl.patch - changed locale building procedure * removed obsolete compare-locales.tar.xz - added mozilla-bmo1601707.patch to fix gcc/LTO builds (bmo#1601707, boo#1158466) - added mozilla-bmo849632.patch to fix big endian issues in skia used for WebGL
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Montag, 6. Januar 2020, 19:26:09 CET schrieb Wolfgang Rosenauer:
Hi,
would you mind to open a bugreport for openSUSE?
Done: https://bugzilla.opensuse.org/show_bug.cgi?id=1160302
We should discuss there (or on mozilla-factory-mozilla@) how to proceed.
We could either patch Firefox to still search in the /usr/$LIB/browser-plugins location or change the "convention" that browser-plugins need to be installed in /usr/$LIB/mozilla/plugins which is still supported w/o env changes. I tend to the latter because there is only one plugin left?
Agreed. Doesn't look, like any other browser engines seem to care for this, and if so, they could be relocated to /usr/$LIB/mozilla/plugins as well. Also, my tests imply, that the original libflashplayer.so from flash_player_npapi_linux-32.0.0.303.x86_64.tar.gz does work well. IIRC, the purpose of libfreshwrapper-flashplayer.so was to wrap the chromium provided flash engine. Since chromium has given up on flash (does they?), it looks like we could/should revert to the adobe provided distribution. I'm preparing an improved spec of this right now, that will build with TW (minus KDE4 parts). Cheers, Pete -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hans-Peter Jansen schrieb:
Since chromium has given up on flash (does they?)
All browsers have given up on Flash, and so has Adobe. There will be no updates and no further support from anyone after the end of this year, and browsers are removing support during this year. Mozilla has stated that Firefox ESR will have support until the official end of support from Adobe at the end of this year, but I expect non-ESR releases to remove support earlier than that. tl;dr: If you still use Flash anywhere, make sure you switch to other solutions before the end of this year - or be prepared to use old, unmaintained and insecure software to access that content in the future. KaiRo -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Dominique Leuenberger -
Hans-Peter Jansen -
Robert Kaiser -
Wolfgang Rosenauer