Mailinglist Archive: opensuse-factory (387 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20190527 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190527

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaFirefox (66.0.5 -> 67.0)
kernel-firmware (20190502 -> 20190514)
opus (1.3 -> 1.3.1)
pipewire (0.2.5 -> 0.2.6)
polkit-default-privs (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)
python-kiwi (9.17.37 -> 9.17.39)
python-pexpect (4.6.0 -> 4.7.0)
python-pyasn1-modules (0.2.4 -> 0.2.5)
python-requests (2.21.0 -> 2.22.0)
ruby2.6
spandsp
webkit2gtk3 (2.24.1 -> 2.24.2)
wireshark (3.0.1 -> 3.0.2)
yast2-add-on (4.1.11 -> 4.1.12)

=== Details ===

==== MozillaFirefox ====
Version update (66.0.5 -> 67.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 67.0
* Firefox 67 will be able to run different Firefox installs side by side

https://blog.nightly.mozilla.org/2019/01/14/moving-to-a-profile-per-install-architecture/
* Tabs can now be pinned from the Page Actions menu in the address bar
* Users can block known cryptominers and fingerprinters in the
Custom settings or their Content Blocking preferences
* The Import Data from Another Browser feature is now also available
from the File menu
* Firefox will now protect you against running older versions which
can lead to data corruption and stability issues
* Easier access to your list of saved logins from the main menu and
login autocomplete
* We?ve added a toolbar menu for your Firefox Account to provide more
transparency for when you are synced, sharing data across devices
and with Firefox. Personalize the appearance of the menu with your
own avatar
* Enable FIDO U2F API, and permit registrations for Google Accounts
* Enabled AV1 support on Linux
MFSA 2019-13 (boo#1135824)
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-9821 (bmo#1539125)
Use-after-free in AssertWorkerThread
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11695 (bmo#1445844)
Custom cursor can render over user interface outside of web content
* CVE-2019-11696 (bmo#1392955)
Java web start .JNLP files are not recognized as executable files
for download prompts
* CVE-2019-11697 (bmo#1440079)
Pressing key combinations can bypass installation prompt delays and
install extensions
* CVE-2019-11698 (bmo#1543191)
Theft of user history data through drag and drop of hyperlinks
to and from bookmarks
* CVE-2019-11700 (bmo#1549833) (Windows only)
res: protocol can be used to open known local files
* CVE-2019-11699 (bmo#1528939)
Incorrect domain name highlighting during page navigation
* CVE-2019-11701 (bmo#1518627)
webcal: protocol default handler loads vulnerable web page
* CVE-2019-9814 (bmo#1527592, bmo#1534536, bmo#1520132, bmo#1543159,
bmo#1539393, bmo#1459932, bmo#1459182, bmo#1516425)
Memory safety bugs fixed in Firefox 67
* CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
bmo#1532465, bmo#1533554, bmo#1541580)
Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
- requires
* rust/cargo >= 1.32
* mozilla-nspr >= 4.21
* mozilla-nss >= 3.43
* rust-cbindgen >= 0.8.2
- rebased patches
- KDE integration for default browser detection is broken in this revision
- Fix armv7 build with:
* mozilla-disable-wasm-emulate-arm-unaligned-fp-access.patch

==== kernel-firmware ====
Version update (20190502 -> 20190514)
Subpackages: ucode-amd

- Update to version 20190514:
* linux-firmware: Update firmware file for Intel Bluetooth 8265
* linux-firmware: Update firmware file for Intel Bluetooth 9260
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 22161
* amlogic: add video decoder firmwares
* iwlwifi: update -46 firmwares for 22260 and 9000 series
* iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
* iwlwifi: add -46.ucode firmwares for 9000 series

==== opus ====
Version update (1.3 -> 1.3.1)

- Update to version 1.3.1
* This release fixes an issue with the analysis on files with
digital silence (all zeros), especially on x87 builds
(mostly affects 32-bit builds).
* Two new features:
+ A new OPUS_GET_IN_DTX query to know if the encoder is in
DTX mode (last frame was either a comfort noise frame or
not encoded at all)
+ A new (and still experimental) CMake-based build system
that is eventually meant to replace the VS2015 build
system (the autotools one will stay).

==== pipewire ====
Version update (0.2.5 -> 0.2.6)
Subpackages: libpipewire-0_2-1 pipewire-modules pipewire-spa-plugins
pipewire-spa-tools pipewire-tools

- Update to version 0.2.6:
+ Improve error checking for threads.
+ Fix some memory and fd leaks.
+ Fix compilation with C++ compilers and clang.
+ DISABLE_RTKIT should now not try to use dbus at all.
+ Camera Portal fixes:
- add Camera media.role.
- Rename module-flatpak to module-portal.
- Use the portal permissions store for camera checks.
+ Actually use the passed fd in pipewiresrc.
+ Make properties with "pipewire." prefix read-only.
+ Add security label to client object.
+ Enforce link permissions.
+ Permissions of objects are now combined with parent
permissions.
+ Remove libv4l2 dependency, it is not used.
+ Improve format negotiation in autolink #146.
+ Try to avoid list corruption with event emmission #143.
+ Fix destroy of client-node memory corruption.
+ Various small improvements.
- Remove pkgconfig(libv4l2) BuildRequires: follow upstreams cleanup
of build dependencies.
- Drop avoid-invalid-conversion-error-with-C++.patch: fixed
upstream.

==== polkit-default-privs ====
Version update (13.2+20190520.a67a2af -> 13.2+20190523.efe368f)

- Update to version 13.2+20190523.efe368f:
* polkit profiles: whitelist lightdm-gtk-greeter-settings (bsc#1135695)

==== python-kiwi ====
Version update (9.17.37 -> 9.17.39)

- Bump version: 9.17.38 ? 9.17.39
- Update obs docs per review by Tom
- Disable check-valid-until with repository_gpgcheck
This commit is two fold:
* From one side fixes a wrong use of the `trusted` option for
apt repositories. `trusted=no` does not force to run the gpg checks
it just forces the repository to be considered untrusted regardless
the result of the security checks.
* From the other side it disables the option `check-valid-until` in
case gpg checks are disabled using the `repository_gpgcheck`. It
works at repository level. This enables using unmaintained or
expired repositories for the build.
Fixes #1028
- Simplify shell pipe expression with shell builtin
Replace "echo $var | sed ..." expression with ${var//SEARCH/REPLACE}
shell builtin as suggested by Codacy
- Make mediacheck runtime check arch independent
The check_mediacheck_only_for_x86_arch runtime check fails on
non x86 architectures but the tagmedia toolchain exists independent
of the platform architecture. This Fixes #1091
- Set home as protected path
Along with adding home to the protection list, cleanup
the prepare instance cleanup code in a way that it only
runs if a root_bind object exists which needs to call
its cleanup path
- Extend docs about building multiple profiles on OBS
- Remove FIXME from the runtime configuration file example
- Improve the documentation about building in the Build Service
Co-Authored-By: Thomas Schraitle <tom_schr@xxxxxx>
- Turn sphinx warnings into errors
Modify the sphinx Makefile to treat warnings
like undefined references as errors
- kiwi-live-lib: mount live ISO as read-only
During the boot process of a live image, dracut shows this WARNING:
dracut-initqueue: mount: /run/initramfs/live: WARNING: device
write-protected, mounted read-only
This is not a problem, as the live ISO image is, indeed, read-only.
This patch fix this cosmetic issue being explicit in the mount
options in `mountIso` function.
- Call isolinux-config only on supported archs
- Discard default dependencies for sysroot.mount
This commit makes default dependencies from sysroot.mount to be
explicitly omitted. This fixes potential inconsistencies in
ordering pre-mount.service with local-fs.target. This change is
also applied to upstream sysroot.mount generator here:
https://github.com/systemd/systemd/pull/12281
Fixes #1015
- Fix locale setting
For pre-Leap 15 openSUSE versions KIWI >= 9.12.0 was not completely
setting locale, as it was missingto set the RC_LANG variable from
`/etc/sysconfig/language` file. Current commit enforces to update
locale in `/etc/sysconfig/language` (if the file exists) at the
same time it applies systemd-firstboot configurations.
Fixes #1081
- Cleanup TODO & FIXME from xml_description.rst
- Add GitLab CI pipeline badge to README.rst
- Extend the development documentation
Co-Authored-By: Thomas Schraitle <tom_schr@xxxxxx>
- Log thrown exceptions in Compress.get_format()
- Fix documentation of Compress.get_format()
- log exception in SystemPrepare.__del__
- Use yaml.safe_load instead of yaml.load
yaml.load is relatively dangerous when the loaded data comes from untrusted
sources, as it can allow for arbitrary code execution, see:
https://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML
safe_load limits the created python objects to the basic Python types like
integers and strings, which is all that we need for the runtime configuration
file.
- Fixing doc source for broken refs and xml syntax
- Document the usage of profiles via the CLI and OBS
- Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@xxxxxxxxxxxxxxxxxxxxxxxx>
- Improve the documentation of the runtime configuration file
Co-Authored-By: Thomas Schraitle <tom_schr@xxxxxx>
- Apply suggestions from @tomschr
Co-Authored-By: dcermak <45594031+dcermak@xxxxxxxxxxxxxxxxxxxxxxxx>
- Extend the documentation of Custom Disk Volumes
- Add documentation of the XML schema in a tutorial like fashion
Co-Authored-By: Thomas Schraitle <tom_schr@xxxxxx>
- Add documentation how to configure VMX build types
- Cleanup warnings in utils/size.py
- use a raw string for the regexp search string
- improve the readability of the returned value
- Make the user.password attribute mandatory
Not providing a user password results in an error when usermod or openssl
is later called by kiwi (depending on the value of `pwdformat`).
This fixes #1061.
- Fixed repo setup for cloud integration test builds
Using the devel:languages:python repos leads to inconsistencies
on the module dependencies
- Bump version: 9.17.37 ? 9.17.38
- Delete obsolete repository types
Deleted red-carpet, slack-site, up2date-mirrors, urpmi and yast2
from the allowed values list of the repository type attribute.
This Fixes #1029
- Fixed build_in_buildservice stale references
Fixed style issues reported on sphinx build. Also deleted
pointers to non existing references
- Delete suseRemovePackagesMarkedForDeletion
Any package removal is controlled by kiwi itself. There is no
need to provide a shell helper method that is rpm specific.
This Fixes #1054
- Preserve licenses/other txt files by baseStripFirmware (bsc#1132455) (Fixes
#1063)
LICENSES are usually not large and should be kept alongside
of the binaries. Also some firmware files sideload additional
txt files (like for example brcmfmac43430 needs the sdio description
txt files). We should just always include them because they're
not listed as needed files.
Co-Authored-By: Dan ?ermák <dcermak@xxxxxxxx>
- Split overview/workflow.rst into multiple files
Co-Authored-By: Thomas Schraitle <tom_schr@xxxxxx>
- Update doc/source/building/build_in_buildservice.rst
Co-Authored-By: dcermak <45594031+dcermak@xxxxxxxxxxxxxxxxxxxxxxxx>
- Rework documentation about building on OBS
- Added integration test guest image for OpenStack
- Update suse integration tests per Factory changes
The way plymouth themes are provided has changed on suse.
The package plymouth-branding-openSUSE is no longer providing
the theme named openSUSE. In fact the plan is to switch to
the upstream bgrt theme which is provided in another package.
This commit adapts to the changes in the distribution
- Bump copyright year in the docs

==== python-pexpect ====
Version update (4.6.0 -> 4.7.0)

- Update to 4.7.0:
* The :meth:`.pxssh.login` method now no longer requires a username if an ssh
config is provided and will raise an error if neither are provided.
(:ghpull:`562`).
* The :meth:`.pxssh.login` method now supports providing your own ssh command
via the cmd parameter. (:ghpull:`528`) (:ghpull:`563`).
* :class:`.pxssh` now supports the use_poll parameter which is passed into
:meth:`.pexpect.spawn` (:ghpull:`542`).
* Minor bug fix with ssh_config. (:ghpull:`498`).
* :meth:`.replwrap.run_command` now has async support via an async_
parameter. (:ghpull:`501`).
* :meth:`.pexpect.spawn` will now read additional bytes if able up to a
buffer limit. (:ghpull:`304`).
- Drop merged patch fix-test.patch

==== python-pyasn1-modules ====
Version update (0.2.4 -> 0.2.5)

- Update to 0.2.5:
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
in CMS
- Added RFC6019 providing BinaryTime - an alternate format
for representing Date and Time
- RFC3565 superseded by RFC5649
- Added RFC5480 providng Elliptic Curve Cryptography Subject
Public Key Information
- Added RFC8520 providing X.509 Extensions for MUD URL and
MUD Signer
- Added RFC3161 providing Time-Stamp Protocol support
- Added RFC3709 providing Logotypes in X.509 Certificates
- Added RFC3274 providing CMS Compressed Data Content Type
- Added RFC4073 providing Multiple Contents protection
with CMS
- Execute testsuite

==== python-requests ====
Version update (2.21.0 -> 2.22.0)

- Update to 2.22.0:
* Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are
incompatible)
- Rebase requests-no-hardcoded-version.patch

==== ruby2.6 ====
Subpackages: libruby2_6-2_6 ruby2.6-devel

- Move RPM macros to %_rpmmacrodir.

==== spandsp ====

- Disable LTO (boo#1136056).

==== webkit2gtk3 ====
Version update (2.24.1 -> 2.24.2)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37
libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0
webkit2gtk-4_0-injected-bundles

- Update to version 2.24.2:
+ Fix rendering of emojis copy-pasted from GTK emoji chooser.
+ Fix space characters not being rendered with some CJK fonts.
+ Fix adaptive streaming playback with older GStreamer versions.
+ Set a maximum zoom level for pinch zooming gesture.
+ Fix navigation gesture to not interfere with scrolling.
+ Fix SSE2 detection at compile time, ensuring the right flags
are passed to the compiler.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615.
+ Updated translations.
- Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.

==== wireshark ====
Version update (3.0.1 -> 3.0.2)
Subpackages: libwireshark12 libwiretap9 libwscodecs2 libwsutil10 wireshark-ui-qt

- Wireshark 3.0.2 (bsc#1136021)
* Wireshark dissection engine crash.
- Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.0.2.html

==== yast2-add-on ====
Version update (4.1.11 -> 4.1.12)

- Fix: Update repository will be registered while installing
an add-on on a running system (bsc#1055126).
- 4.1.12


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >