Mailinglist Archive: opensuse-factory (607 mails)

< Previous Next >
[opensuse-factory] Leap 15.2 Build 581.2 released!
  • From: openSUSE release team <opensuse-releaseteam@xxxxxxxxxxxx>
  • Date: Fri, 21 Feb 2020 04:08:59 +0000
  • Message-id: <158225813923.7660.9401637904329856901@go-agent-stagingbot-6>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.2&build=581.2&groupid=50
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.2

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m1p6gXPc/edit#gid=801313279
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
MozillaFirefox (68.4.2 -> 68.5.0)
MozillaThunderbird (68.4.1 -> 68.5.0)
QtAV (1.12.0 -> 1.13.0)
edict (20180305 -> 20191016)
ipmitool (1.8.18 -> 1.8.18+git20200204.7ccea28)
kcm_tablet (3.1.1 -> 3.2.0)
kdeconnect-kde (1.3.3 -> 1.4)
plymouth
python-PyWebDAV3-GNUHealth (0.10.2 -> 0.10.3)
xfce4-whiskermenu-plugin (2.4.1 -> 2.4.2)
xfconf

=== Details ===

==== MozillaFirefox ====
Version update (68.4.2 -> 68.5.0)
Subpackages: MozillaFirefox-translations-common
MozillaFirefox-translations-other

- Firefox Extended Support Release 68.5.0 ESR
* Fixed: Various stability and security fixes
- Mozilla Firefox ESR68.5
MFSA 2020-06 (bsc#1163368)
* CVE-2020-6796 (bmo#1610426)
Missing bounds check on shared memory read in the parent
process
* CVE-2020-6797 (bmo#1596668)
Extensions granted downloads.open permission could open
arbitrary applications on Mac OSX
* CVE-2020-6798 (bmo#1602944)
Incorrect parsing of template tag could result in JavaScript
injection
* CVE-2020-6799 (bmo#1606596)
Arbitrary code execution when opening pdf links from other
applications, when Firefox is configured as default pdf
reader
* CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5

==== MozillaThunderbird ====
Version update (68.4.1 -> 68.5.0)
Subpackages: MozillaThunderbird-translations-common
MozillaThunderbird-translations-other

- Mozilla Thunderbird 68.5
* new: Support for Client Identity IMAP/SMTP Service Extension
(bmo#1532388)
* new: Support for OAuth 2.0 authentication for POP3 accounts
(bmo#1538409)
* fixed: Status area goes blank during account setup
(bmo#1593122)
* fixed: Calendar: Could not remove color for default
categories (bmo#1584853)
* fixed: Calendar: Prevent calendar component loading multiple
times (bmo#1606375)
* fixed: Calendar: Today pane did not retain width between
sessions (bmo#1610207)
* fixed: Various <a href="https://www.mozilla.org/en-
US/security/known-
vulnerabilities/thunderbird/#thunderbird68.5">security
fixes</a>
* unresolved: When upgrading from Thunderbird version 60 to
version 68, add-ons are not automatically updated during the
upgrade process. They will however be updated during the add-
on update check. It is of course possible to reinstall
compatible add-ons via the Add-ons Manager or via
addons.thunderbird.net. (bmo#1574183)
MFSA 2020-07 (bsc#1163368)
* CVE-2020-6793 (bmo#1608539)
Out-of-bounds read when processing certain email messages
* CVE-2020-6794 (bmo#1606619)
Setting a master password post-Thunderbird 52 does not delete
unencrypted previously stored passwords
* CVE-2020-6795 (bmo#1611105)
Crash processing S/MIME messages with multiple signatures
* CVE-2020-6797 (bmo#1596668)
Extensions granted downloads.open permission could open
arbitrary applications on Mac OSX
* CVE-2020-6798 (bmo#1602944)
Incorrect parsing of template tag could result in JavaScript
injection
* CVE-2020-6792 (bmo#1609607)
Message ID calculcation was based on uninitialized data
* CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,
bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)
Memory safety bugs fixed in Thunderbird 68.5
- Mozilla Thunderbird 68.4.2 (bsc#1162777)
* changed: Calendar: Task and Event tree colours adjusted for
the dark theme (bmo#1608344)
* fixed: Retrieval of S/MIME certificates from LDAP failed
(bmo#1604773)
* fixed: Address-parsing crash on some IMAP servers when
preference mail.imap.use_envelope_cmd was set (bmo#1609690)
* fixed: Incorrect forwarding of HTML messages caused SMTP
servers to respond with a timeout (bmo#1222046)
* fixed: Calendar: Various parts of the calendar UI stopped
working when a second Thunderbird window opened (bmo#1608407)

==== QtAV ====
Version update (1.12.0 -> 1.13.0)
Subpackages: libQtAV1 libQtAVWidgets1

- Add 0001-Fix-build-with-Qt-5.14.patch
- Update to 1.13.0
* Add python bindings
* More apis for qml player
* Auto rotate video
* Apple store
* Fix ios plugin not found
* Support chapters
* Muxer, encoder, transcoder improvements
* Compatible with new ffmpeg
* videotoolbox: hevc,
* cuda: new devices
* Android: no longer depends on private qt module
* Fix opensl error
* mediacodec: 0-copy via a plugin from https://github.com/wang-bin/mdk-sdk
- Drop patches merged upstream:
* fix-build-newer-ffmpeg.patch
* disable-use-of-deprecated-header.patch

==== edict ====
Version update (20180305 -> 20191016)

- Fix invalid RPM group.
- Drop "Provides: locale(ja)" to reduce the size of Japanese base
system
- Update to snapshot 20191016
* No changelog recorded.
- Update to snapshot 20190313
* No changelog recorded.
- Update to snapshot 20181125
* No changelog recorded.
- Split package into: edict, edict2, jmdict. This way, one need not
install the rather large XML variant (jmdict) if not needed.
- Added JIS X 0213-2012 Kanji dictionary ("kanjd213").
- Remove the computer terminology dictionary "compdic", as it is
already included in the word dictionary.

==== ipmitool ====
Version update (1.8.18 -> 1.8.18+git20200204.7ccea28)

- Don't hardcode /usr but use rpm variables
- bsc#1163026
- CVE-2020-5208
- Use license macro for COPYING, instead of doc
- Add ChangeLog mainline log to docs for shorter
obs changelogs. This will be the last more detailed
changelog, due to more important buffer overflow patches.
Otherwise this changelog will not include (mainline) changes
anymore.
- Update to version 1.8.18+git20200204.7ccea28:
* fru, sdr: Fix id_string buffer overflows
* lanp: Fix buffer overflows in get_lan_param_select
* channel: Fix buffer overflow
* session: Fix buffer overflow in ipmi_get_session_info
* fru: Fix buffer overflow in ipmi_spd_print_fru
* fru: Fix buffer overflow vulnerabilities
* chassis: bootmbox: Refix 62a04390
* configure: Drop requirement for curses et. al libs
- Add a configure option to disable IANA PEN database internet download
A autotools_define_DOWNLOAD.diff
D create_pen_list_from_local_file.patch
- New pen database:
M enterprise-numbers
- Patches adjusted to latest mainline code:
M fix_file_permissions.patch
M ipmitool_adjust_suse_paths.patch
M several_more_compile_fixes.patch

==== kcm_tablet ====
Version update (3.1.1 -> 3.2.0)
Subpackages: kcm_tablet-lang

- Update to version 3.2.0
- Main changes:
* screen tablet area calculation fix (by Jason Gerecke); this
should finally fix or at least greatly improve calibration.
* GCC9 support.
* xlib backend removed, x11-xlib dependency removed.
- New device definitions:
* CTL-4100, CTL-4100WL, CTL-6100, CTL-6100WL (by Stefano Guidoni)
- Drop patches merged upstream:
* 0001-Supposedly-fix-building-with-gcc9.patch
* 0001-Remove-x11-xlib-dependency.patch
- Add patch to fix build with cmake >= 3.14 (X11 never had an XLIB component):
* 0001-Remove-x11-xlib-dependency.patch
- Add patch to fix build with GCC 9:
* 0001-Supposedly-fix-building-with-gcc9.patch

==== kdeconnect-kde ====
Version update (1.3.3 -> 1.4)
Subpackages: kdeconnect-kde-lang

- Update to 1.4
* New "KDE Connect" desktop app to control the phone from the PC
* SMS app that can read and write SMS texts
* control PC system's global volume from a phone
* flip forward and back through presentation slides
* compatibility with Thunar (Xfce's file manager) and Elementary
applications such as Pantheon Files.
- Run spec-cleaner
- Update to 1.3.5
* Add detectPlatform to always use wayland in a wayland session
* i18n: fix extraction of nautilus extension
* Don't update new notifications
* Install desktop file for kdeconnectd
* [sftp] Fix error message wording
* Change plugin name
* [sftp] Give better error messages for common errors
* [sftp] Improve error reporting
* Use KAboutData to set information about the daemon
* Disable session management
* Print socket error when connection fails
* [kio] Mount device during stat if necessary
* [backends/lan] Don't fail silently when a UDP packet could not
be unserialized
* Fix crash in daemon
* Fix crash in notifications plugin (kde#400010)
* Don't show multiple windows when replying to a notification
- Drop Leap 42.3 specific patches, it's no longer supported:
* 0001-Fix-build-on-Leap-42.3.patch
* 0001-Revert-Retry-the-network-packet-if-it-failed-to-unse.patch
- Don't install SuSEfirewall2 file on Tumbleweed anymore, Sf2 has
been dropped
- Use noun phrase in descriptions.
- Update to 1.3.4
* Always play when call ended (kde#400787)
* [cli] Show all reachable devices (kde#402088)
* [sftp] Get device ID from URL
* Retry the network packet if it failed to unserialize
* Fix sending keys via CLI
* [kio] Fix file browsing with non-KIO file managers
- Run spec-cleaner
- Refresh 0001-Fix-build-on-Leap-42.3.patch
- Add 0001-Revert-Retry-the-network-packet-if-it-failed-to-unse.patch
to make it build on Leap 42.3
- Drop Provides/Obsoletes for kdeconnect-kde-devel, that package
doesn't exist anymore since 2015 and nothing should need it
- Add 0001-Fix-build-on-Leap-42.3.patch to make it build on Leap
42.3
- Update to 1.3.3
* Instantiate QApplication object to fix crash on KDE Neon
(kde#400178)
* Fix build failure on musl based systems (kde#395161)
- Update to 1.3.2
* Also allow modern algorithms, for compat with future apps
* Remove characters from UUID that aren't legal in URLs
* Add new notifications at the top of the list
* Change the 'Dismiss all notifications' icon
* Fix DBus signals in Mprisremote
- Update to 1.3.1
* Fix a bug that would hang Nautilus when copying a file if
paired devices were available
* Fix remote filesystem reconnection issue
* Add a missing dependency check in cmake
* Add missing notification category to the plasmoid
- Mark license file with %license instead of %doc
- Update to 1.3.0
* Fixed frequent crash when receiving notifications
* Fixed MPRIS player entries never being deleted
* Added a Gnome Files (Nautilus) extension to send files from the
context menu
* Added handling of "tel:" links with KDE Connect
* Support sending album art in MPRIS plugin
* Allow sharing more than one file from the CI (eg: --share *.mp3)
- Remove patches, now upstream:
* 0001-Fix-null-dereference.patch
- Modified wording in Description to match that KDE Connect
runs under any Linux desktop (see upstream README.md file)
- Add 0001-Fix-null-dereference.patch to fix a null dereference.
- Add signature file kdeconnect-kde-v1.2.1.tar.xz.sig
- Update to 1.2.1
* Require the latest version of KF5
* Was getting a double-delete, now it won't crash
* Get rid of ProcessRunner
* Add album art to mpris network packets
* Add title, artist and album to MPRIS network packets
* Fix information leak via /tmp (kde#383144)
* Add support for new Android 2.3 (API 9+) cipher
* Fix kdeconnect-cli device list
* Fix "error activiting kdeconnectd" for kdeconnect-cli
* Delay kdeconnectd autostart phase
* Fix Notifications in Plasmoid
* Make sure there's not a path within the filename
* share plugin: fix path display
* Use pactl instead of KMix in PauseMusic Plugin
- needs KDE Frameworks 5.42 now
- Update to 1.2.0
- Update build requirements, it needs Qt 5.7 and KF 5.38 now
- Remove patches, now upstream:
* 0001-Treat-device-names-as-plaintext-not-rich-text.patch
- Add patch to fix unauthenticated HTML injection (kde#382243):
* 0001-Treat-device-names-as-plaintext-not-rich-text.patch
- Update to 1.0.3
- Update to 1.0.2
- Update to 1.0.1
* fixes some issues found in 1.0
- Drop upstreamed fix-build-with-older-qt.patch
- Add fix-build-with-older-qt.patch from upstream to make it
compile with Qt < 5.6, and lower the Qt requirement to 5.2 again
(as demanded by CMakeLists.txt)
- Add firewalld service file
- Build docs again
- Require at least Qt 5.6
- New upstream version 1.0
* Trigger custom commands from phone
* Reply to SMS messages from the desktop
* Receive desktop notifications on phone
* TLS encryption
- Update to 0.9g
* No changelog provided
- Drop upstreamed 0001-This-syntax-also-works-on-older-OpenSSH-versions.patch
- Add 0001-This-syntax-also-works-on-older-OpenSSH-versions.patch from
upstream to be compatible with older openssh versions (bnc#961554)
- Update to 0.9f
* Adds translations
- Update to 0.9
* KF5 version
- Update to 0.8
* No changelog provided
- Add Requires: sshfs to make it work.
- Update to 0.7.3:
* No changelog provided

==== plymouth ====
Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4
libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft
plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt
plymouth-theme-spinner

- Sync the default openSUSE theme from Tumbleweed

==== python-PyWebDAV3-GNUHealth ====
Version update (0.10.2 -> 0.10.3)

- vewrsion 0.10.3
Check for binary type before encoding

==== xfce4-whiskermenu-plugin ====
Version update (2.4.1 -> 2.4.2)
Subpackages: xfce4-whiskermenu-plugin-lang

- Update to 2.4.2
* Fix crash when selecting desktop action. (bxo#16445)
* Translation updates

==== xfconf ====
Subpackages: libxfconf-0-3 xfconf-lang

- xfconfd needs to be a hard dependency to libxfconf (boo#1163214)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages