Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20200414 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor gstreamer-rtsp-server libgit2 (0.28.4 -> 0.28.5) libva (2.6.1 -> 2.7.0) libva-gl (2.6.1 -> 2.7.0) mc (4.8.23 -> 4.8.24) plymouth (0.9.5+git20190908+3abfab2 -> 0.9.5+git20191224+d7c737d) python-Jinja2 python-authheaders (0.12.0 -> 0.13.0) tigervnc (1.10.0 -> 1.10.1) xfce4-settings (4.14.2 -> 4.14.3) xfce4-taskmanager (1.2.2 -> 1.2.3) xfdesktop xfwm4 (4.14.0 -> 4.14.1) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch (bsc#1168306) ==== gstreamer-rtsp-server ==== - Fix boo#1168026, CVE-2020-6095 and TALOS-2020-1018: + Add gst-rtsp-Fix-NULL-pointer.patch: rtsp-auth: Fix NULL pointer dereference when handling an invalid basic Authorization header. - Add upstream bug fix patches: + Add gst-rtsp-fix-token-leak.patch: rtsp-auth: Fix default token leak. + Add gst-rtsp-replace-G_TYPE_INSTANCE_GET_PRIVATE.patch: rtsp-latency-bin: replace G_TYPE_INSTANCE_GET_PRIVATE as it's been deprecated. ==== libgit2 ==== Version update (0.28.4 -> 0.28.5) - Update to version 0.28.5: * Fix an out-of-bounds read when applying patches that do not end with a newline. * Fix an out-of-bounds read when decoding specially crafted binary patches. * Fix an out-of-bounds read when receiving a specially crafted "OK" packet via the smarthttp transport. * Fix lifetime for parsed patches depending on the lifetime of the parsed buffe. * Several fixes when parsing and applying patches. * Fix computed patch IDs for patches that have no newline at end of file. * Fix applying patches to trees that add new files. * Do not read configuration from a user's home directory if running in a sandboxed environment. * Fix handling of nested ignore rules overriding wildcard unignores in parent directories. * Fix reference locks not being correctly honored on Unix systems. * Follow 308 redirects when fetching or pushing from remote repositories on Windows. * Fix a race when detaching the libgit2 library on Windows. * Update the "binary" gitattribute macro to match git's change to "-diff -merge -text -crlf". * Refuse to delete the HEAD reference. * Fixes for several memory leaks. * When fetching from an anonymous remote using a URL with authentication information provided in the URL (eg https://foo:bar@example.com/repo), we would erroneously include the literal URL in the FETCH_HEAD file. We now remove that to match git's behavior. ==== libva ==== Version update (2.6.1 -> 2.7.0) Subpackages: libva-drm2 libva-x11-2 libva2 - Update to version 2.7.0 * trace: av1 decode buffers trace * trace: Add HEVC REXT and SCC trace for decoding. * Add av1 decode interfaces * Fix crashes on system without supported hardware by PR #369. * Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10 and X2B10G10R10. * Fix android build issue #365 and remove some trailing whitespace * Adjust call sequence to ensure authenticate operation is executed to fix #355 ==== libva-gl ==== Version update (2.6.1 -> 2.7.0) Subpackages: libva-glx2 libva-wayland2 - Update to version 2.7.0 * trace: av1 decode buffers trace * trace: Add HEVC REXT and SCC trace for decoding. * Add av1 decode interfaces * Fix crashes on system without supported hardware by PR #369. * Add 2 FourCC for 10bit RGB(without Alpha) format: X2R10G10B10 and X2B10G10R10. * Fix android build issue #365 and remove some trailing whitespace * Adjust call sequence to ensure authenticate operation is executed to fix #355 ==== mc ==== Version update (4.8.23 -> 4.8.24) Subpackages: mc-lang - Update to 4.8.24 * Implement the file edit and view history * sftpfs: support keyborad interactive authentication * add yabasic (Yet Another BASIC) syntax highlighting * File highlighting updates * New skins * Lots of other fixes - Remove sftp_interactive_password.patch - Remove mc-no-common.patch ==== plymouth ==== Version update (0.9.5+git20190908+3abfab2 -> 0.9.5+git20191224+d7c737d) Subpackages: libply-boot-client5 libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Remove gnu-unifont-bitmap-font runtime dependency, it is not used anywhere. - Replace autosetup -S git by setup + autopatch, remove git build dependency. - Remove unused kernel-headers and module-init-tools build deps. - Make plymouth-scripts noarch (installed in /usr/lib), adjust its runtime dependencies. - Fix spinfinity Requires, throbgress is no longer available, but the two-step plugin has gained the required capabilities. - Update to version plymouth-0.9.5+git20191224+d7c737d: * drm: Keep hw-rotation on devices with upside down LCD panels * themes: spinner/bgrt: Modify password dialog to match gnome 3.34 changes * two-step: Change keyboard-indicator positioning to fixed offset below dialog * two-step: Fix wrong horizontal position of bgrt logo on left-side-up LCD panels * drm: Mark buffer as clean in ply_renderer_head_new() * throbgress: Remove the throbgress plugin * boot-splash: fix memory leak in error path. - Add plymouth-disable-fedora-logo.patch: Disable the logo file which links to fedora custom position, and openSUSE don't have it. - Drop plymouth-dracut-path.patch: Nolonger needed for the latest update. - Drop plymouth-correct-runtime-dir.patch: Nolonger needed for the latest update. - Porting old patches to fit the latest update. 0001-Add-label-ft-plugin.patch 0002-Install-label-ft-plugin-into-initrd-if-available.patch - Upstream dropped theme throbgress, So we nolonger build it. ==== python-Jinja2 ==== - Enable testing on other archs again - Do not pull in py2 package on vim syntax ==== python-authheaders ==== Version update (0.12.0 -> 0.13.0) - Update to 0.13.0: * Switch from the deprecated publicsuffix package to publicsuffix2 ==== tigervnc ==== Version update (1.10.0 -> 1.10.1) Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - TigerVNC 1.10.1: Added libXdamage-devel and libXrandr-devel to the BuildRequisites, to build x0vncserver with DAMAGE, RANDR and XTEXT support - TigerVNC 1.10.1: Previously patched security fixes now in upstream release: CVE-2019-15691, bsc#1159856 CVE-2019-15692, bsc#1160250 CVE-2019-15693, bsc#1159858 CVE-2019-15694, bsc#1160251 CVE-2019-15695, bsc#1159860 dropping the following patches: * 0001-Make-ZlibInStream-more-robust-against-failures.patch * 0002-Encapsulate-PixelBuffer-internal-details.patch * 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch * 0004-Add-write-protection-to-OffsetPixelBuffer.patch * 0005-Handle-empty-Tight-gradient-rects.patch * 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch * 0007-Fix-depth-sanity-test-in-PixelFormat.patch * 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch * 0009-Remove-unused-FixedMemOutStream.patch * 0010-Use-size_t-for-lengths-in-stream-objects.patch * 0011-Be-defensive-about-overflows-in-stream-objects.patch * 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch * 0013-Handle-pixel-formats-with-odd-shift-values.patch ==== xfce4-settings ==== Version update (4.14.2 -> 4.14.3) Subpackages: xfce4-settings-lang - Update to version 4.14.3 * display: Allow resizing of minimal dialog (bxo#15450) * display: Use proper fallback configuration on "apply" and "toggle off" (bxo#16476) * keyboard: Fix crash when editing shortcut (bxo#15958) * keyboard: Fix log flood (bxo#16521) * settings-manager: Make sure content determines size * xfsettingsd: Handle failure to get Xkl engine for display (bxo#16017) * Translation Updates ==== xfce4-taskmanager ==== Version update (1.2.2 -> 1.2.3) Subpackages: xfce4-taskmanager-lang - Update to version 1.2.3 * Improve settings saving (bxo#15213) * Fix closing taskman with Esc (bxo#16656) * Move legend from tooltip to hide-able statusbar (bxo#14131) * Update copyright * Translation Updates ==== xfdesktop ==== Subpackages: xfdesktop-lang - Add xfce-backdrop.patch for bxo#16314 - Possible memory leak in xfdesktop when connecting and disconnecting DP monitor. ==== xfwm4 ==== Version update (4.14.0 -> 4.14.1) Subpackages: xfwm4-lang - Update to version 4.14.1 * Restore ?Always below? menu options (bxo#15884) * Fix a crash with GL or high CPU usage without any monitor (bxo#15852) * Fix raise delay (bxo#15974) * Fix translucent wireframe repaint (bxo#15966) * Fix hostname not showing initially when running apps remotely (bxo#15984) * Avoid drawing server-side shadows on maximized windows (bxo#16381) * Add keywords to settings dialogs desktop definitions (bxo#16621) * Fix Dnd of decoration buttons with embedded settings dialog (bxo#13861) * Blacklist SVGA3D GL renderer (bxo#16274) * Fix window title alignment (bxo#16067) * Restore window state when moving a maximized window (bxo#16348) * Fix pointer interactions with clients grabbing the pointer (bxo#16347) * Fix GTimeVal deprecation (bxo#16644) * Fix window selection vs. hovering in tabwin (bxo#16382) * Improve vblank mode auto-selection (GL/XPresent) * Fix transients pulling their parents from lower layers (bxo#15891) * Translation Updates -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org