Mailinglist Archive: opensuse-factory (300 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20191230 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Wed, 01 Jan 2020 04:03:05 +0000
  • Message-id: <157785138528.16073.2624201555494446361@go-agent-stagingbot-6>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20191230

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaFirefox (70.0.1 -> 71.0)
MozillaThunderbird (68.3.0 -> 68.3.1)
clamav
exim (4.92.2 -> 4.93)
gnome-menus-branding-openSUSE
gvfs
perl-Mojolicious (8.27 -> 8.29)
perl-Template-Toolkit (2.29 -> 3.003)
xdg-desktop-portal (1.4.2 -> 1.6.0)
xdg-desktop-portal-gtk (1.4.0 -> 1.6.0)
yast2-control-center (4.2.2 -> 4.2.3)

=== Details ===

==== MozillaFirefox ====
Version update (70.0.1 -> 71.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 71.0
* Improvements to Lockwise, our integrated password manager
* More information about Enhanced Tracking Protection in action
* Native MP3 decoding on Windows, Linux, and macOS
* Configuration page (about:config) reimplemented in HTML
* New kiosk mode functionality, which allows maximum screen space
for customer-facing displays
MFSA 2019-36
* CVE-2019-11756 (bmo#1508776)
Use-after-free of SFTKSession object
* CVE-2019-17008 (bmo#1546331)
Use-after-free in worker destruction
* CVE-2019-13722 (bmo#1580156) (Windows only)
Stack corruption due to incorrect number of arguments in WebRTC code
* CVE-2019-17014 (bmo#1322864)
Dragging and dropping a cross-origin resource, incorrectly loaded
as an image, could result in information disclosure
* CVE-2019-17010 (bmo#1581084)
Use-after-free when performing device orientation checks
* CVE-2019-17005 (bmo#1584170)
Buffer overflow in plain text serializer
* CVE-2019-17011 (bmo#1591334)
Use-after-free when retrieving a document in antitracking
* CVE-2019-17012 (bmo#1449736, bmo#1533957, bmo#1560667, bmo#1567209
bmo#1580288, bmo#1585760, bmo#1592502)
Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3
* CVE-2019-17013 (bmo#1298509, bmo#1472328, bmo#1577439, bmo#1577937
bmo#1580320, bmo#1584195, bmo#1585106, bmo#1586293, bmo#1593865
bmo#1594181)
Memory safety bugs fixed in Firefox 71
- requires
NSPR >= 4.23
NSS >= 3.47.1
rust/cargo >= 1.37
- reactivate webrtc for platforms where it was disabled
- updated create-tar.sh to cover buildid and origin repo information
- > removed obsolete source-stamp.txt
- removed obsolete patches
mozilla-bmo1511604.patch
mozilla-openaes-decl.patch
- changed locale building procedure
* removed obsolete compare-locales.tar.xz
- added mozilla-bmo1601707.patch to fix gcc/LTO builds
(bmo#1601707, boo#1158466)
- added mozilla-bmo849632.patch to fix big endian issues in skia
used for WebGL

==== MozillaThunderbird ====
Version update (68.3.0 -> 68.3.1)
Subpackages: MozillaThunderbird-translations-common

- add mozilla-bmo1583471.patch to allow building with rust 1.39
- Mozilla Thunderbird 68.3.1
* In dark theme unread messages no longer shown in blue to
distinguish from tagged messages
* Account setup is now using client side DNS MX lookup instead of
relying on a server
Bugfixes
* Searching LDAP address book crashed in some circumstances
* Message navigation with backward and forward buttons did not work
in some circumstances
* WebExtension toolbar icons were displayed too small
* Calendar: Tasks due today were not listed in bold
* Calendar: Last day of long-running events was not shown

==== clamav ====
Subpackages: libclamav9 libfreshclam2

- The freshclam.service should not be started before the network is
online (it checks for updates immediately upon service start)

==== exim ====
Version update (4.92.2 -> 4.93)

- update to exim 4.93
* SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
* DISABLE_TLS replaces SUPPORT_TLS
* Bump the version for the local_scan API.
* smtp transport option hosts_try_fastopen defaults to "*".
* DNSSec is requested (not required) for all queries. (This seemes to
ask for trouble if your resolver is a systemd-resolved.)
* Generic router option retry_use_local_part defaults to "true" under specific
pre-conditions.
* Introduce a tainting mechanism for values read from untrusted sources.
* Use longer file names for temporary spool files (this avoids
name conflicts with spool on a shared file system).
* Use dsn_from main config option (was ignored previously).
- update to exim 4.92.3
* CVE-2019-16928: fix against Heap-based buffer overflow in string_vformat,
remote code execution seems to be possible

==== gnome-menus-branding-openSUSE ====

- Convert package to _multibuild.

==== gvfs ====
Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse
gvfs-lang

- BuildRequire pkgconfig(systemd): meson.build tries to inspect
systtemd.pc to find the right unit-directories.

==== perl-Mojolicious ====
Version update (8.27 -> 8.29)

- updated to 8.29
see /usr/share/doc/packages/perl-Mojolicious/Changes
8.29 2019-12-28
- Improved async/await support to work in many more cases, such as WebSocket
handlers.
8.28 2019-12-26
- Added EXPERIMENTAL support for async/await (with -async Mojo::Base flag).
- Added EXPERIMENTAL all_settled and any methods to Mojo::Promise.

==== perl-Template-Toolkit ====
Version update (2.29 -> 3.003)

- updated to 3.003
see /usr/share/doc/packages/perl-Template-Toolkit/Changes

==== xdg-desktop-portal ====
Version update (1.4.2 -> 1.6.0)
Subpackages: xdg-desktop-portal-lang

- Update to version 1.6.0:
+ tests: Adapt to libportal api changes.
- Changes from version 1.5.4:
+ background:
- Add a signal to the impl api.
- Rewrite the monitoring to better track when apps disappear.
+ permissions: Fix SetValue handling of GVariant wrapping. This
is an api change.
+ openuri:
- Add a per-type always-ask option.
- Show the app chooser dialog less often.
+ memorymonitor: A new portal to let apps receive low memory
warnings.
+ filetransfer: A new portal to rewrite file paths between
sandboxes.
- Changes from version 1.5.3:
+ Add more tests.
+ location: Various fixes.
+ document portal: Monitor fuse mount.
+ openuri:
- Only ask 3 times to use the same app.
- Add an 'ask' option.
+ Fix build from git.
+ email: Allow multiple addresses, cc and bcc.
+ filechooser: Allow saving multiple files.
+ Update translations.
- Changes from version 1.5.2:
+ Add many more tests, using libportal.
+ gamemode: Add a pidfd-based api.
+ inhibit: Send a Response signal.
+ openuri: Add an OpenDirectory api.
+ Updated translations.
- Changes from version 1.5.1:
+ Add a portal for setting desktop backgrounds
+ Add tests.
+ Optionally use libportal (for tests).
- Changes from version 1.5.0:
+ Add a secret portal that is meant be used via libsecret inside
the sandbox. One backend for this will live in gnome-keyring,
others are possible.
+ Fix a file descriptor leak.
+ Reduce log spam.
+ Updated translations.
- Add pkgconfig(libportal) BuildRequires: New dependency.

==== xdg-desktop-portal-gtk ====
Version update (1.4.0 -> 1.6.0)
Subpackages: xdg-desktop-portal-gtk-lang

- Update to version 1.6.0:
+ Updated translations.
- Changes from version 1.5.2:
+ email: Work with sandboxed email clients.
+ wallpaper:
- Support http: uris.
- Improve preview.
+ appchooser: Modernize the appearance.
+ background: Improve application monitoring.
+ Require xdg-desktop-portal 1.5.
- Changes from version 1.5.1:
+ settings: Get animations-enabled setting from gnome-shell.
+ wallpaper: Add a portal backend for setting desktop backgrounds.
+ email: Support multiple addresses, cc and bcc.
+ filechooser: Support saving multiple files.
+ Updated translations.
- Changes from version 1.5.0:
+ screencast:
- Support window selection.
- Fix a crash.
+ settings:
- Add a settings portal backend.
- Handle enable-animations setting like gsd.
+ Updated translations.
- Add BuildRequires: pkgconfig(gnome-desktop-3.0): New dependency.

==== yast2-control-center ====
Version update (4.2.2 -> 4.2.3)
Subpackages: yast2-control-center-qt

- Fix theming icons again (boo#1159283)
- 4.2.3


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups