Mailinglist Archive: opensuse-factory (237 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20190529 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Sun, 02 Jun 2019 14:01:38 +0000
  • Message-id: <155948409877.9392.15960402012346539846@go-agent-stagingbot-8>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190529

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaThunderbird (60.6.1 -> 60.7.0)
frameworkintegration (5.58.1 -> 5.58.2)
gitg (3.30.1 -> 3.32.0)
iputils (s20180629 -> s20190515)
kcm_tablet
lasem (0.4.3 -> 0.4.4)
libgadu
libselinux
libselinux-bindings
obs-service-tar_scm (0.10.6.1551887937.e42c270 -> 0.10.9.1557261720.32a1cdb)
perl-Devel-StackTrace (2.03 -> 2.04)
v4l2loopback (0.12.1_k5.1.4_1 -> 0.12.2_k5.1.4_1)

=== Details ===

==== MozillaThunderbird ====
Version update (60.6.1 -> 60.7.0)
Subpackages: MozillaThunderbird-translations-common

- Mozilla Thunderbird 60.7.0
* Attachment pane of Write window no longer focussed when attaching
files using a keyboard shortcut
MFSA 2019-15 (boo#1135824)
* CVE-2019-9815 (bmo#1546544)
Disable hyperthreading on content JavaScript threads on macOS
* CVE-2019-9816 (bmo#1536768)
Type confusion with object groups and UnboxedObjects
* CVE-2019-9817 (bmo#1540221)
Stealing of cross-domain images using canvas
* CVE-2019-9818 (bmo#1542581) (Windows only)
Use-after-free in crash generation server
* CVE-2019-9819 (bmo#1532553)
Compartment mismatch with fetch API
* CVE-2019-9820 (bmo#1536405)
Use-after-free of ChromeEventHandler by DocShell
* CVE-2019-11691 (bmo#1542465)
Use-after-free in XMLHttpRequest
* CVE-2019-11692 (bmo#1544670)
Use-after-free removing listeners in the event listener manager
* CVE-2019-11693 (bmo#1532525)
Buffer overflow in WebGL bufferdata on Linux
* CVE-2019-7317 (bmo#1542829)
Use-after-free in png_image_free of libpng library
* CVE-2019-9797 (bmo#1528909)
Cross-origin theft of images with createImageBitmap
* CVE-2018-18511 (bmo#1526218)
Cross-origin theft of images with ImageBitmapRenderingContext
* CVE-2019-11694 (bmo#1534196) (Windows only)
Uninitialized memory memory leakage in Windows sandbox
* CVE-2019-11698 (bmo#1543191)
Theft of user history data through drag and drop of hyperlinks
to and from bookmarks
* CVE-2019-5798 (bmo#1535518)
Out-of-bounds read in Skia
* CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136,
bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108,
bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097,
bmo#1532465, bmo#1533554, bmo#1541580)
Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7

==== frameworkintegration ====
Version update (5.58.1 -> 5.58.2)
Subpackages: frameworkintegration-plugin libKF5Style5

- Update to 5.58.2
* New bugfix release
- Changes since 5.58.1:
* ensure to search also in the legacy location

==== gitg ====
Version update (3.30.1 -> 3.32.0)
Subpackages: gitg-lang libgitg-1_0-0 libgitg-ext-1_0-0

- Update to version 3.32.0:
+ Detect links in commit messages.
+ Push action with http/ssh support.
+ Fix time sort mode.
+ Add push support.
+ Add typeahead find feature.
+ Respect system fonts.
+ Update submodules at clone.
+ Add body to patch.
+ Shorcut to open preferences.
+ Honor GIT_DIR env.
+ Update menus for AppMenu removal.
+ Bump libgit2 to 0.27.
+ Use Unicode typography in user-visible strings.
+ Fix shared library paths in typelib files.
+ Migrate from Intltool to Gettext.
+ Meson polish.
+ Removed autotools.
+ Fixes in documentation.
+ Fixed several deprecations.
+ Misc fixes.
- Drop upstream fixed patches:
+ gitg-Bump-libgit2-glib-dependency.patch.
+ gitg-Various-meson-build-fixes.patch.
- Add pkgconfig(libdazzle-1.0) BuildRequires: New dependency.
- Drop intltool BuildRequires: No longer needed, nor used.

==== iputils ====
Version update (s20180629 -> s20190515)
Subpackages: rarpd

- Update to version s20190515 (includes changes s20190324)
* s20190324: 189 commits since s20180629 that include changing build
system from autotools to meson, added rarpd and rdisc systemd service
files, many fixes
* s20190515 bugfix release (6 commits)
- User visible change: arping and clockdiff are moved from /usr/sbin
to /usr/bin (respect upstream path)
- Backport patch 0001-build-sys-doc-Fix-the-dependency-on-xsltproc.patch
(fixing build system)
- Add workaround patch meson-remove-setcap-setuid.sh.patch
- Remove 0001-tracepath-Fix-copying-input-IPv6-address.patch
(included in s20190324 release)
- Refresh old patches (iputils-ping-interrupt.diff,
iputils-sec-ping-unblock.diff)
- Changes caused by upstream switching to meson build system (drop sed build
dependency)
- Added locales
- Fix typos

==== kcm_tablet ====
Subpackages: kcm_tablet-lang

- Add patch to fix build with GCC 9:
* 0001-Supposedly-fix-building-with-gcc9.patch

==== lasem ====
Version update (0.4.3 -> 0.4.4)

- Update to version 0.4.4:
+ Updated translations.

==== libgadu ====

- Build against zlib.

==== libselinux ====
Subpackages: libselinux1 libselinux1-32bit selinux-tools

- Set License: to correct value (bsc#1135710)

==== libselinux-bindings ====

- Set License: to correct value (bsc#1135710)

==== obs-service-tar_scm ====
Version update (0.10.6.1551887937.e42c270 -> 0.10.9.1557261720.32a1cdb)
Subpackages: obs-service-obs_scm obs-service-obs_scm-common

- Require external argparse for RHEL6
- Update to version 0.10.9.1557261720.32a1cdb:
* fix encoding error for surrogates
* glibc-common was used up to FC23 and RHEL7
- Update to version 0.10.8.1556896538.0693a62:
* Compile python files before install
* change order in GNUMakefile to prefer python3
* More thorought spec file cleanup
* predefine python version in spec file for GNUMAkefile
- the current guessing code is finding python2 and then uses that,
because python2 still seems to be available in the build env,
as we already know which python version we want we can just pass
the path to make and skip the whole guessing.
- Update to version 0.10.7.1556277536.7e9915a:
* [dist] spec file: python3 only and multidist
* Git also uses the LANGUAGE variable
* centos_version and rhel_version are triple digits
* Minimize diff with the version in openSUSE:Tools
* Fix the logic to pick the locale package on Fedora
* Forgot the guard 0 in one conditional
- centos_version and rhel_version are triple digits
- locally apply fixes from
https://github.com/openSUSE/obs-service-tar_scm/pull/298
- Change requirement locale_package to glibc-common to fix building
for CentOS6 and CentOS7

==== perl-Devel-StackTrace ====
Version update (2.03 -> 2.04)

- updated to 2.04
see /usr/share/doc/packages/perl-Devel-StackTrace/Changes
2.04 2019-05-24
- Add a partial workaround for "Bizarre copy" errors (GH #11) that come when
attempting to look at arguments in the call stack. This is only a partial
fix as there are cases that can lead to a SEGV. Ultimately this needs to be
fixed in the Perl core. See
https://rt.perl.org/Public/Bug/Display.html?id=131046 for relevant
discussion. Fixed by pali. GH #21.

==== v4l2loopback ====
Version update (0.12.1_k5.1.4_1 -> 0.12.2_k5.1.4_1)

- Update to version 0.12.2
* Fixed compat with kernel 5.0
* Replace v4l2_get_timestamp with ktime_get_ts(64) for
linux-5.1 compat
- Dropped v4l2loopback-no_deprecated_function.patch (merged
upstream)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups