Mailinglist Archive: opensuse-factory (915 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180207 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180207

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
MozillaFirefox (57.0.4 -> 58.0.1)
autoyast2 (4.0.28 -> 4.0.29)
evolution (3.26.4 -> 3.26.5)
evolution-data-server (3.26.4 -> 3.26.5)
evolution-ews (3.26.4 -> 3.26.5)
gnome-music (3.26.1 -> 3.26.2)
gnome-photos
gupnp-igd (0.2.4 -> 0.2.5)
gvfs (1.34.1 -> 1.34.2)
hugin (2017.0.0 -> 2018.0.0)
libgexiv2 (0.10.6 -> 0.10.7)
libstorage-ng (3.3.145 -> 3.3.149)
mysql-connector-cpp
perl-MIME-Types (2.14 -> 2.17)
texlive
texlive-specs-m (2017.133.20170101_pl1svn43813 ->
2017.136.20170101_pl1svn43813)
texlive-specs-n (2017.133.2.004svn28119 -> 2017.136.2.004svn28119)
tracker (2.0.2 -> 2.0.3)
tracker-miners (2.0.3 -> 2.0.4)
vala (0.38.6 -> 0.38.7)
xdg-desktop-portal-kde (5.11.95 -> 5.12.0)
yast2-bootloader (4.0.14 -> 4.0.15)
yast2-firewall (4.0.10 -> 4.0.11)
yast2-installation (4.0.30 -> 4.0.31)
yast2-kdump (4.0.0 -> 4.0.1)
yast2-nis-client (4.0.1 -> 4.0.2)
yast2-storage-ng (4.0.82 -> 4.0.84)

=== Details ===

==== MozillaFirefox ====
Version update (57.0.4 -> 58.0.1)
Subpackages: MozillaFirefox-translations-common

- Added patch:
* mozilla-alsa-sandbox.patch: Fix bmo#1430274, ALSA sound (still
or again?) not working in Firefox 58 due to sandboxing.
- update to Firefox 58.0.1
MFSA 2018-05
* Arbitrary code execution through unsanitized browser UI (bmo#1432966)
- use correct language packs
- readd mozilla-enable-csd.patch as it only lands for FF59 upstream
- allow larger number of nested elements (mozilla-bmo256180.patch)
- update to Firefox 58.0 (bsc#1077291)
* Added Nepali (ne-NP) locale
* Added support for form autofill for credit card
* Optimize page load by caching JavaScript internal representation
MFSA 2018-02
* CVE-2018-5091 (bmo#1423086)
Use-after-free with DTMF timers
* CVE-2018-5092 (bmo#1418074)
Use-after-free in Web Workers
* CVE-2018-5093 (bmo#1415291)
Buffer overflow in WebAssembly during Memory/Table resizing
* CVE-2018-5094 (bmo#1415883)
Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
* CVE-2018-5095 (bmo#1418447)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-5097 (bmo#1387427)
Use-after-free when source document is manipulated during XSLT
* CVE-2018-5098 (bmo#1399400)
Use-after-free while manipulating form input elements
* CVE-2018-5099 (bmo#1416878)
Use-after-free with widget listener
* CVE-2018-5100 (bmo#1417405)
Use-after-free when IsPotentiallyScrollable arguments are freed
from memory
* CVE-2018-5101 (bmo#1417661)
Use-after-free with floating first-letter style elements
* CVE-2018-5102 (bmo#1419363)
Use-after-free in HTML media elements
* CVE-2018-5103 (bmo#1423159)
Use-after-free during mouse event handling
* CVE-2018-5104 (bmo#1425000)
Use-after-free during font face manipulation
* CVE-2018-5105 (bmo#1390882)
WebExtensions can save and execute files on local file system
without user prompts
* CVE-2018-5106 (bmo#1408708)
Developer Tools can expose style editor information cross-origin
through service worker
* CVE-2018-5107 (bmo#1379276)
Printing process will follow symlinks for local file access
* CVE-2018-5108 (bmo#1421099)
Manually entered blob URL can be accessed by subsequent private browsing
tabs
* CVE-2018-5109 (bmo#1405599)
Audio capture prompts and starts with incorrect origin attribution
* CVE-2018-5110 (bmo#1423275) (affects only OS X)
Cursor can be made invisible on OS X
* CVE-2018-5111 (bmo#1321619)
URL spoofing in addressbar through drag and drop
* CVE-2018-5112 (bmo#1425224)
Extension development tools panel can open a non-relative URL in the panel
* CVE-2018-5113 (bmo#1425267)
WebExtensions can load non-HTTPS pages with
browser.identity.launchWebAuthFlow
* CVE-2018-5114 (bmo#1421324)
The old value of a cookie changed to HttpOnly remains accessible to scripts
* CVE-2018-5115 (bmo#1409449)
Background network requests can open HTTP authentication in unrelated
foreground tabs
* CVE-2018-5116 (bmo#1396399)
WebExtension ActiveTab permission allows cross-origin frame content access
* CVE-2018-5117 (bmo#1395508)
URL spoofing with right-to-left text aligned left-to-right
* CVE-2018-5118 (bmo#1420049)
Activity Stream images can attempt to load local content through file:
* CVE-2018-5119 (bmo#1420507)
Reader view will load cross-origin content in violation of CORS headers
* CVE-2018-5121 (bmo#1402368) (affects only OS X)
OS X Tibetan characters render incompletely in the addressbar
* CVE-2018-5122 (bmo#1413841)
Potential integer overflow in DoCrypt
* CVE-2018-5090
Memory safety bugs fixed in Firefox 58
* CVE-2018-5089
Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
- requires NSS 3.34.1
- requires rust 1.21
- removed obsolete patches:
mozilla-bindgen-systemlibs.patch
mozilla-bmo1360278.patch
mozilla-bmo1399611-csd.patch
mozilla-rust-1.23.patch
- rebased patches
- updated man-page

==== autoyast2 ====
Version update (4.0.28 -> 4.0.29)
Subpackages: autoyast2-installation

- fate#323460
- support for disabling edit action per module. Currently used
mainly by the new firewall module
- 4.0.29

==== evolution ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-lang evolution-plugin-bogofilter
evolution-plugin-pst-import evolution-plugin-spamassassin

- Update to version 3.26.5:
+ Crash under message-list.c:free_message_info_data().
+ Indentation in plain text adds unwanted spaces around links.
+ Composer-autosave: Use-after-free during snapshot save to file.
+ Bugs fixed: bgo#339675, bgo#792343, bgo#792385, bgo#792480,
bgo#792781, bgo#792736, bgo#792909, bgo#788589, bgo#788823,
bgo#720387.
+ Updated translations.

==== evolution-data-server ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-data-server-lang libcamel-1_2-60 libebackend-1_2-10
libebook-1_2-19 libebook-contacts-1_2-2 libecal-1_2-19 libedata-book-1_2-25
libedata-cal-1_2-28 libedataserver-1_2-22 libedataserverui-1_2-1

- Update to version 3.26.5:
+ Prevent early free of an ESource when it has pending
operations.
+ IMAPx:
- Select destination mailbox only when permanentflags not known
yet.
- Sort array of UIDs before syncing changes to the server.
+ Prevent passing NULL ldap handle into LDAP functions ][.
+ Bugs fixed: bgo#792513, bgo#789522.

==== evolution-ews ====
Version update (3.26.4 -> 3.26.5)
Subpackages: evolution-ews-lang

- Update to version 3.26.5:
+ Bugs fixed: bgo#793037.

==== gnome-music ====
Version update (3.26.1 -> 3.26.2)
Subpackages: gnome-music-lang

- Update to version 3.26.2:
+ Bugs fixed:
- Block spotify plugin (glgo#gnome-music#132).
- DiscListBoxWidget: Update favorites playlist (bgo#784998).
- Albumartcache: Fix order in method call.
- Flatpak: Update music repository URL (glgo#gnome-music#138).
- Misc flatpak fixes.
+ Updated translations.

==== gnome-photos ====
Subpackages: gnome-photos-lang gnome-shell-search-provider-gnome-photos

- Add gnome-photos-Dont-leak-thumbnailer-path-string.patch:
thumbnail-factory: Don't leak the thumbnailer path string.
- Add gnome-photos-application-fixes.patch: application: Avoid
CRITICALs.
- Add gnome-photos-Check-RDF-type-before-using-it.patch: utils:
Check the RDF type before using it, not the MIME type.

==== gupnp-igd ====
Version update (0.2.4 -> 0.2.5)

- Update to version 0.2.5:
+ Update gtk-doc to newer version to fix build failures.
- Update Url to https://wiki.gnome.org/Projects/GUPnP: current
GUPnP's web page.

==== gvfs ====
Version update (1.34.1 -> 1.34.2)
Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse
gvfs-lang

- Update to version 1.34.2:
+ Recent: Prevent crash when recent file changed.
+ Trash: Fix trash::orig-path for relative paths.
+ Mtp:
- Handle read-past-EOF ourselves to prevent hangs.
- Fix volume removal with current udev behavior.
+ Gphoto2: Fix volume removal with current udev behavior.
+ Updated translations.
- Drop gvfs-fix-mtp-volume-removal.patch and
gvfs-mtp-handle-read-past-eof.patch: Fixed upstream.

==== hugin ====
Version update (2017.0.0 -> 2018.0.0)

- update to version 2018.0.0
The version 2018.0 is mainly a bug fix release and introduce some minor new
features.
Several improvements for optimizer tabs:
* mark deselected images
* allow changing optimizer variables for all selected images at once
* option to ignore line cp
* hugin_stacker: New tool to stack overlapping images with several
averaging modes (e.g. mean, median).
* Hugin: Added option to disable auto-rotation of images in control
point and mask editor.
* Nona, verdandi and hugin_stacker can now write BigTIFF images
* Added expression parser to GUI: This allows to manipulate several
image variables at once. (This is the same as running pto_var
- -set from the command line.) This can be used e.g. to prealigns
the images in a given setup and then run cpfind --prealigned to
search control points only in overlapping images.
* Add user-defined assistant and expose it in the GUI. It allows
to set up different assistant strategies without the need to
recompiling. Provide also some examples (scanned images,
multi-row panoramas with orphaned images, single-shot panorama
cameras).
- drop python dependencies

==== libgexiv2 ====
Version update (0.10.6 -> 0.10.7)

- Update to version 0.10.7:
+ Add meson build support.
+ Use glib-mkenums for enum types.
+ Fix make check when running out of tree.
+ Use version script to clean up exported functions.
+ Fix --disable-vala.
+ Bugs fixed: bgo#784045, bgo#787455.

==== libstorage-ng ====
Version update (3.3.145 -> 3.3.149)
Subpackages: libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#450
- Ensure not to write malformed /etc/fstab entries (bsc#1066763)
- 3.3.149
- merge gh#openSUSE/libstorage-ng#451
- work on error handling
- 3.3.148
- merge gh#openSUSE/libstorage-ng#449
- fixed default value
- 3.3.147
- merge gh#openSUSE/libstorage-ng#448
- Add GraphvizFlags::DISPLAYNAME to Devicegraph
- merge gh#openSUSE/libstorage-ng#447
- allow finer control of flags in write_graphviz
- merge gh#openSUSE/libstorage-ng#446
- use sid as vertex id
- Translated using Weblate (Hungarian)
- Translated using Weblate (Hungarian)
- Translated using Weblate (Afrikaans)
- merge gh#openSUSE/libstorage-ng#444
- added Mountable::remove_mount_point()
- merge gh#openSUSE/libstorage-ng#443
- added PRETTY_CLASSNAME to GraphvizFlags
- Translated using Weblate (Chinese (Taiwan))
- merge gh#openSUSE/libstorage-ng#442
- renamed integration tests
- added integration tests
- Translated using Weblate (Chinese (Taiwan))
- merge gh#openSUSE/libstorage-ng#441
- added integration test
- added udevadm settle call
- Translated using Weblate (Korean)
- Translated using Weblate (Korean)

==== mysql-connector-cpp ====

- add mysql-connector-cpp-mariadb.patch
to fix compatibility with MariaDB, not supported options removed

==== perl-MIME-Types ====
Version update (2.14 -> 2.17)

- updated to 2.17
see /usr/share/doc/packages/perl-MIME-Types/ChangeLog

==== texlive ====

- drop freetype-devel buildrequires, we use freetype2 here.

==== texlive-specs-m ====
Version update (2017.133.20170101_pl1svn43813 -> 2017.136.20170101_pl1svn43813)

- Avoid broken scripts due former env correction, only repair
those scripts where the shebang exists
- Switch over to python 3 (boo#1077170)
- Avoid nasty warning about missing batchmode in ENVironment

==== texlive-specs-n ====
Version update (2017.133.2.004svn28119 -> 2017.136.2.004svn28119)

- Avoid broken scripts due former env correction, only repair
those scripts where the shebang exists
- Switch over to python 3 (boo#1077170)
- Avoid nasty warning about missing batchmode in ENVironment

==== tracker ====
Version update (2.0.2 -> 2.0.3)
Subpackages: libtracker-common-2_0 libtracker-control-2_0-0
libtracker-miner-2_0-0 libtracker-sparql-2_0-0 tracker-lang
typelib-1_0-Tracker-2_0 typelib-1_0-TrackerControl-2_0

- Update to version 2.0.3:
+ build:
- Improvements in meson support.
- Remove stale dependencies after Tracker miners split.
+ tests:
- Many fixes to functional tests.
- Remove old checks for maemo-specific features.
+ libtracker-miner: Small code improvements.
+ libtracker-sparql: use gint32 to unpack 'i' GVariant format.
+ Updated translations.
- Drop tracker-nb-translations.patch: Fixed upstream.
- Minor spec-clean, use autosetup and make_build macros.

==== tracker-miners ====
Version update (2.0.3 -> 2.0.4)
Subpackages: tracker-miner-files tracker-miners-lang

- Update to version 2.0.4:
+ build: Allow building tracker repo as a meson subproject.
+ libtracker-common: Rename to libtracker-miners-common.
+ libtracker-miners-common: Whitelist arm_fadvise64_64, getegid
and getegid32 syscalls.
+ tracker-extract:
- Add GExiv2-based extractor module for RAW files.
- Blacklist gstreamer modules via plugin instead of via
feature.
- Blacklist video4linux2 gstreamer plugin.
- Use enumerations for EXIF values.
- Fix image pixel density conversions.
+ tracker-miner-fs: Avoid setting rdf:types on empty files.
+ meson: dependency check fixes.
+ Updated translations.
- Drop tracker-miners-nb-translations.patch: Fixed upstream.

==== vala ====
Version update (0.38.6 -> 0.38.7)
Subpackages: libvala-0_38-0

- Update to version 0.38.7:
+ Regression fix: codegen: Don't try to infer error argument on
async begin methods (bgo#793158). This was a regression
introduced by (bgo#614294).

==== xdg-desktop-portal-kde ====
Version update (5.11.95 -> 5.12.0)
Subpackages: xdg-desktop-portal-kde-lang

- Add patch to fix build with latest Qt dev version where
QCUPSSupport::cupsOptionsList was removed from the private API
(kde#389825):
* 0001-Fix-build-with-Qt-dev-branch-where-QCUPSSupport-cups.patch
- Update to 5.12.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.12.0.php
- Changes since 5.11.95:
* None

==== yast2-bootloader ====
Version update (4.0.14 -> 4.0.15)

- Fix activating partition by UUID or label (bsc#1077427,
bsc#1076424)
- 4.0.15

==== yast2-firewall ====
Version update (4.0.10 -> 4.0.11)

- AutoYaST: When a profile using the SuSEFirewall2 schema is used,
the user is reported with an error if some property is not
supported or with a warning in other case. (fate#323460)
- 4.0.11

==== yast2-installation ====
Version update (4.0.30 -> 4.0.31)

- Added requirement iproute2 to spec file. This is needed by
the VNC AutoYaST installation in the second stage.
(Follow up of bnc#1077236)
- 4.0.31

==== yast2-kdump ====
Version update (4.0.0 -> 4.0.1)

- added supplements for yast2 and kdump (bsc#1070423)
- 4.0.1

==== yast2-nis-client ====
Version update (4.0.1 -> 4.0.2)

- Replace SuSEFirewall2 by firewalld (fate#323460)
- 4.0.2

==== yast2-storage-ng ====
Version update (4.0.82 -> 4.0.84)

- Partitioner: fixed 'Device Graph' section (part of fate#318196).
- 4.0.84
- Added a new 'disk' client, alias for 'partitioner' (bsc#1078900).
- 4.0.83


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups