Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
[opensuse-factory] Leap 15.0 Build 247.1 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
MozillaFirefox (59.0.2 -> 60.0)
yast2 (4.0.72 -> 4.0.73)
yast2-bootloader (4.0.29 -> 4.0.31)
yast2-installation (4.0.57 -> 4.0.58)
yast2-network (4.0.30 -> 4.0.31)
yast2-storage-ng (4.0.175 -> 4.0.178)
yast2-update (4.0.13 -> 4.0.14)

=== Details ===

==== MozillaFirefox ====
Version update (59.0.2 -> 60.0)
Subpackages: MozillaFirefox-translations-common

- update to Firefox 60.0esr
* Added a policy engine that allows customized Firefox deployments
in enterprise environments, using Windows Group Policy or a
cross-platform JSON file
* Applied Quantum CSS to render browser UI
* Added support for Web Authentication, allowing the use of USB
tokens for authentication to web sites
* Locale added: Occitan (oc)
MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898)
Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075)
Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5160 (bmo#1436117)
Uninitialized memory use by WebRTC encoder
* CVE-2018-5152 (bmo#1415644, bmo#1427289)
WebExtensions information leak through webRequest API
* CVE-2018-5153 (bmo#1436809)
Out-of-bounds read in mixed content websocket messages
* CVE-2018-5163 (bmo#1426353)
Replacing cached data in JavaScript Start-up Bytecode Cache
* CVE-2018-5164 (bmo#1416045)
CSP not applied to all multipart content sent with
* CVE-2018-5166 (bmo#1437325)
WebExtension host permission bypass through filterReponseData
* CVE-2018-5167 (bmo#1447969)
Improper linkification of chrome: and javascript: content in
web console and JavaScript debugger
* CVE-2018-5168 (bmo#1449548)
Lightweight themes can be installed without user interaction
* CVE-2018-5169 (bmo#1319157)
Dragging and dropping link text onto home button can set home page
to include chrome pages
* CVE-2018-5172 (bmo#1436482)
Pasted script from clipboard can run in the Live Bookmarks page
or PDF viewer
* CVE-2018-5173 (bmo#1438025)
File name spoofing of Downloads panel with Unicode characters
* CVE-2018-5174 (bmo#1447080) (Windows-only)
Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
* CVE-2018-5175 (bmo#1432358)
Universal CSP bypass on sites using strict-dynamic in their policies
* CVE-2018-5176 (bmo#1442840)
JSON Viewer script injection
* CVE-2018-5177 (bmo#1451908)
Buffer overflow in XSLT during number formatting
* CVE-2018-5165 (bmo#1451452)
Checkbox for enabling Flash protected mode is inverted in 32-bit
* CVE-2018-5180 (bmo#1444086)
heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
* CVE-2018-5181 (bmo#1424107)
Local file can be displayed in noopener tab through drag and
drop of hyperlink
* CVE-2018-5182 (bmo#1435908)
Local file can be displayed from hyperlink dragged and dropped
on addressbar
* CVE-2018-5151
Memory safety bugs fixed in Firefox 60
* CVE-2018-5150
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- removed obsolete patches
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher
- use upstream source archive and detached signature for
source verification
- Fix armv7 build by:
* adding RUSTFLAGS="-Cdebuginfo=0"
* updating _constraints for %arm
- do not try CSD on kwin (boo#1091592)
- fix build in openSUSE:Leap:42.3:Update, use gcc7
- Mozilla Firefox 59.0.3:
* fixes for platforms other than GNU/Linux
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
in order to fix boo#1090362.
- Add back mozilla-enable-csd.patch: New rebased version from
Fedora for version 59.0.x.

==== NetworkManager-openvpn ====
Subpackages: NetworkManager-openvpn-gnome NetworkManager-openvpn-lang

- Unconditionally enable translation-update-upstream: on
Tumbleweed, this results in a NOP and for Leap in SLE paid
translations being used (boo#1086036).

==== yast2 ====
Version update (4.0.72 -> 4.0.73)

- CWM: allow to define back handler for CWM#show.
- CWM: define default handlers for back and abort in CWM::Dialog.
- Needed for Expert Partitioner fate#318196.
- 4.0.73

==== yast2-bootloader ====
Version update (4.0.29 -> 4.0.31)

- Use "none" bootloader when the boot filesystem is nfs
- 4.0.31
- Make unit tests architecture agnostic (related to bsc#1091284).
- 4.0.30

==== yast2-installation ====
Version update (4.0.57 -> 4.0.58)

- disable mdadm auto assembly for installation (bsc#1090690)
- 4.0.58

==== yast2-network ====
Version update (4.0.30 -> 4.0.31)

- Fix the check for adjusting ifcfg configuration in case of
network based root filesystem when saving the network at the end
of the installation (bsc#1090752).
- 4.0.31

==== yast2-storage-ng ====
Version update (4.0.175 -> 4.0.178)

- AutoYaST: do not crash when size is set to 'auto' for a partition
without a mount point (bsc#1092414).
- 4.0.178
- Add note to YAML files for devices not supported in YAML
(part of fate#318196)
- 4.0.177
- Dump devicegraphs and actions in better strategic places
(part of fate#318196)
- Make sure not to write LUKS passwords to YAML dump files
- 4.0.176

==== yast2-update ====
Version update (4.0.13 -> 4.0.14)

- Fixed unmounting /mnt/dev when going back to the partition
selection dialog (fix up for the bsc#1089643)
- 4.0.14

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages