Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
[opensuse-factory] Leap 15.0 Build 247.1 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.0&build=247.1&groupid=50
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.0

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m1p6gXPc/edit#gid=168760829
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
MozillaFirefox (59.0.2 -> 60.0)
NetworkManager-openvpn
yast2 (4.0.72 -> 4.0.73)
yast2-bootloader (4.0.29 -> 4.0.31)
yast2-installation (4.0.57 -> 4.0.58)
yast2-network (4.0.30 -> 4.0.31)
yast2-storage-ng (4.0.175 -> 4.0.178)
yast2-update (4.0.13 -> 4.0.14)

=== Details ===

==== MozillaFirefox ====
Version update (59.0.2 -> 60.0)
Subpackages: MozillaFirefox-translations-common
MozillaFirefox-translations-other

- update to Firefox 60.0esr
* Added a policy engine that allows customized Firefox deployments
in enterprise environments, using Windows Group Policy or a
cross-platform JSON file
* Applied Quantum CSS to render browser UI
* Added support for Web Authentication, allowing the use of USB
tokens for authentication to web sites
* Locale added: Occitan (oc)
MFSA 2018-11 (bsc#1092548)
* CVE-2018-5154 (bmo#1443092)
Use-after-free with SVG animations and clip paths
* CVE-2018-5155 (bmo#1448774)
Use-after-free with SVG animations and text paths
* CVE-2018-5157 (bmo#1449898)
Same-origin bypass of PDF Viewer to view protected PDF files
* CVE-2018-5158 (bmo#1452075)
Malicious PDF can inject JavaScript into PDF Viewer
* CVE-2018-5159 (bmo#1441941)
Integer overflow and out-of-bounds write in Skia
* CVE-2018-5160 (bmo#1436117)
Uninitialized memory use by WebRTC encoder
* CVE-2018-5152 (bmo#1415644, bmo#1427289)
WebExtensions information leak through webRequest API
* CVE-2018-5153 (bmo#1436809)
Out-of-bounds read in mixed content websocket messages
* CVE-2018-5163 (bmo#1426353)
Replacing cached data in JavaScript Start-up Bytecode Cache
* CVE-2018-5164 (bmo#1416045)
CSP not applied to all multipart content sent with
multipart/x-mixed-replace
* CVE-2018-5166 (bmo#1437325)
WebExtension host permission bypass through filterReponseData
* CVE-2018-5167 (bmo#1447969)
Improper linkification of chrome: and javascript: content in
web console and JavaScript debugger
* CVE-2018-5168 (bmo#1449548)
Lightweight themes can be installed without user interaction
* CVE-2018-5169 (bmo#1319157)
Dragging and dropping link text onto home button can set home page
to include chrome pages
* CVE-2018-5172 (bmo#1436482)
Pasted script from clipboard can run in the Live Bookmarks page
or PDF viewer
* CVE-2018-5173 (bmo#1438025)
File name spoofing of Downloads panel with Unicode characters
* CVE-2018-5174 (bmo#1447080) (Windows-only)
Windows Defender SmartScreen UI runs with less secure behavior
for downloaded files in Windows 10 April 2018 Update
* CVE-2018-5175 (bmo#1432358)
Universal CSP bypass on sites using strict-dynamic in their policies
* CVE-2018-5176 (bmo#1442840)
JSON Viewer script injection
* CVE-2018-5177 (bmo#1451908)
Buffer overflow in XSLT during number formatting
* CVE-2018-5165 (bmo#1451452)
Checkbox for enabling Flash protected mode is inverted in 32-bit
Firefox
* CVE-2018-5180 (bmo#1444086)
heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced
* CVE-2018-5181 (bmo#1424107)
Local file can be displayed in noopener tab through drag and
drop of hyperlink
* CVE-2018-5182 (bmo#1435908)
Local file can be displayed from hyperlink dragged and dropped
on addressbar
* CVE-2018-5151
Memory safety bugs fixed in Firefox 60
* CVE-2018-5150
Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8
- removed obsolete patches
0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
mozilla-bmo1005535.patch
- requires NSPR 4.19 and NSS 3.36.1
- requires rust 1.24 or higher
- use upstream source archive and detached signature for
source verification
- Fix armv7 build by:
* adding RUSTFLAGS="-Cdebuginfo=0"
* updating _constraints for %arm
- do not try CSD on kwin (boo#1091592)
- fix build in openSUSE:Leap:42.3:Update, use gcc7
- Mozilla Firefox 59.0.3:
* fixes for platforms other than GNU/Linux
- Add 0001-Bug-1435695-WebRTC-fails-to-build-with-GCC-8-r-dmino.patch
in order to fix boo#1090362.
- Add back mozilla-enable-csd.patch: New rebased version from
Fedora for version 59.0.x.

==== NetworkManager-openvpn ====
Subpackages: NetworkManager-openvpn-gnome NetworkManager-openvpn-lang

- Unconditionally enable translation-update-upstream: on
Tumbleweed, this results in a NOP and for Leap in SLE paid
translations being used (boo#1086036).

==== yast2 ====
Version update (4.0.72 -> 4.0.73)

- CWM: allow to define back handler for CWM#show.
- CWM: define default handlers for back and abort in CWM::Dialog.
- Needed for Expert Partitioner fate#318196.
- 4.0.73

==== yast2-bootloader ====
Version update (4.0.29 -> 4.0.31)

- Use "none" bootloader when the boot filesystem is nfs
(bsc#1090752).
- 4.0.31
- Make unit tests architecture agnostic (related to bsc#1091284).
- 4.0.30

==== yast2-installation ====
Version update (4.0.57 -> 4.0.58)

- disable mdadm auto assembly for installation (bsc#1090690)
- 4.0.58

==== yast2-network ====
Version update (4.0.30 -> 4.0.31)

- Fix the check for adjusting ifcfg configuration in case of
network based root filesystem when saving the network at the end
of the installation (bsc#1090752).
- 4.0.31

==== yast2-storage-ng ====
Version update (4.0.175 -> 4.0.178)

- AutoYaST: do not crash when size is set to 'auto' for a partition
without a mount point (bsc#1092414).
- 4.0.178
- Add note to YAML files for devices not supported in YAML
(part of fate#318196)
- 4.0.177
- Dump devicegraphs and actions in better strategic places
(part of fate#318196)
- Make sure not to write LUKS passwords to YAML dump files
- 4.0.176

==== yast2-update ====
Version update (4.0.13 -> 4.0.14)

- Fixed unmounting /mnt/dev when going back to the partition
selection dialog (fix up for the bsc#1089643)
- 4.0.14


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages