Packages changed: MozillaThunderbird (60.6.1 -> 60.7.0) frameworkintegration (5.58.1 -> 5.58.2) gitg (3.30.1 -> 3.32.0) iputils (s20180629 -> s20190515) kcm_tablet lasem (0.4.3 -> 0.4.4) libgadu libselinux libselinux-bindings obs-service-tar_scm (0.10.6.1551887937.e42c270 -> 0.10.9.1557261720.32a1cdb) perl-Devel-StackTrace (2.03 -> 2.04) v4l2loopback (0.12.1_k5.1.4_1 -> 0.12.2_k5.1.4_1) === Details === ==== MozillaThunderbird ==== Version update (60.6.1 -> 60.7.0) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 60.7.0 * Attachment pane of Write window no longer focussed when attaching files using a keyboard shortcut MFSA 2019-15 (boo#1135824) * CVE-2019-9815 (bmo#1546544) Disable hyperthreading on content JavaScript threads on macOS * CVE-2019-9816 (bmo#1536768) Type confusion with object groups and UnboxedObjects * CVE-2019-9817 (bmo#1540221) Stealing of cross-domain images using canvas * CVE-2019-9818 (bmo#1542581) (Windows only) Use-after-free in crash generation server * CVE-2019-9819 (bmo#1532553) Compartment mismatch with fetch API * CVE-2019-9820 (bmo#1536405) Use-after-free of ChromeEventHandler by DocShell * CVE-2019-11691 (bmo#1542465) Use-after-free in XMLHttpRequest * CVE-2019-11692 (bmo#1544670) Use-after-free removing listeners in the event listener manager * CVE-2019-11693 (bmo#1532525) Buffer overflow in WebGL bufferdata on Linux * CVE-2019-7317 (bmo#1542829) Use-after-free in png_image_free of libpng library * CVE-2019-9797 (bmo#1528909) Cross-origin theft of images with createImageBitmap * CVE-2018-18511 (bmo#1526218) Cross-origin theft of images with ImageBitmapRenderingContext * CVE-2019-11694 (bmo#1534196) (Windows only) Uninitialized memory memory leakage in Windows sandbox * CVE-2019-11698 (bmo#1543191) Theft of user history data through drag and drop of hyperlinks to and from bookmarks * CVE-2019-5798 (bmo#1535518) Out-of-bounds read in Skia * CVE-2019-9800 (bmo#1540166, bmo#1534593, bmo#1546327, bmo#1540136, bmo#1538736, bmo#1538042, bmo#1535612, bmo#1499719, bmo#1499108, bmo#1538619, bmo#1535194, bmo#1516325, bmo#1542324, bmo#1542097, bmo#1532465, bmo#1533554, bmo#1541580) Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 ==== frameworkintegration ==== Version update (5.58.1 -> 5.58.2) Subpackages: frameworkintegration-plugin libKF5Style5 - Update to 5.58.2 * New bugfix release - Changes since 5.58.1: * ensure to search also in the legacy location ==== gitg ==== Version update (3.30.1 -> 3.32.0) Subpackages: gitg-lang libgitg-1_0-0 libgitg-ext-1_0-0 - Update to version 3.32.0: + Detect links in commit messages. + Push action with http/ssh support. + Fix time sort mode. + Add push support. + Add typeahead find feature. + Respect system fonts. + Update submodules at clone. + Add body to patch. + Shorcut to open preferences. + Honor GIT_DIR env. + Update menus for AppMenu removal. + Bump libgit2 to 0.27. + Use Unicode typography in user-visible strings. + Fix shared library paths in typelib files. + Migrate from Intltool to Gettext. + Meson polish. + Removed autotools. + Fixes in documentation. + Fixed several deprecations. + Misc fixes. - Drop upstream fixed patches: + gitg-Bump-libgit2-glib-dependency.patch. + gitg-Various-meson-build-fixes.patch. - Add pkgconfig(libdazzle-1.0) BuildRequires: New dependency. - Drop intltool BuildRequires: No longer needed, nor used. ==== iputils ==== Version update (s20180629 -> s20190515) Subpackages: rarpd - Update to version s20190515 (includes changes s20190324) * s20190324: 189 commits since s20180629 that include changing build system from autotools to meson, added rarpd and rdisc systemd service files, many fixes * s20190515 bugfix release (6 commits) - User visible change: arping and clockdiff are moved from /usr/sbin to /usr/bin (respect upstream path) - Backport patch 0001-build-sys-doc-Fix-the-dependency-on-xsltproc.patch (fixing build system) - Add workaround patch meson-remove-setcap-setuid.sh.patch - Remove 0001-tracepath-Fix-copying-input-IPv6-address.patch (included in s20190324 release) - Refresh old patches (iputils-ping-interrupt.diff, iputils-sec-ping-unblock.diff) - Changes caused by upstream switching to meson build system (drop sed build dependency) - Added locales - Fix typos ==== kcm_tablet ==== Subpackages: kcm_tablet-lang - Add patch to fix build with GCC 9: * 0001-Supposedly-fix-building-with-gcc9.patch ==== lasem ==== Version update (0.4.3 -> 0.4.4) - Update to version 0.4.4: + Updated translations. ==== libgadu ==== - Build against zlib. ==== libselinux ==== Subpackages: libselinux1 libselinux1-32bit selinux-tools - Set License: to correct value (bsc#1135710) ==== libselinux-bindings ==== - Set License: to correct value (bsc#1135710) ==== obs-service-tar_scm ==== Version update (0.10.6.1551887937.e42c270 -> 0.10.9.1557261720.32a1cdb) Subpackages: obs-service-obs_scm obs-service-obs_scm-common - Require external argparse for RHEL6 - Update to version 0.10.9.1557261720.32a1cdb: * fix encoding error for surrogates * glibc-common was used up to FC23 and RHEL7 - Update to version 0.10.8.1556896538.0693a62: * Compile python files before install * change order in GNUMakefile to prefer python3 * More thorought spec file cleanup * predefine python version in spec file for GNUMAkefile - the current guessing code is finding python2 and then uses that, because python2 still seems to be available in the build env, as we already know which python version we want we can just pass the path to make and skip the whole guessing. - Update to version 0.10.7.1556277536.7e9915a: * [dist] spec file: python3 only and multidist * Git also uses the LANGUAGE variable * centos_version and rhel_version are triple digits * Minimize diff with the version in openSUSE:Tools * Fix the logic to pick the locale package on Fedora * Forgot the guard 0 in one conditional - centos_version and rhel_version are triple digits - locally apply fixes from https://github.com/openSUSE/obs-service-tar_scm/pull/298 - Change requirement locale_package to glibc-common to fix building for CentOS6 and CentOS7 ==== perl-Devel-StackTrace ==== Version update (2.03 -> 2.04) - updated to 2.04 see /usr/share/doc/packages/perl-Devel-StackTrace/Changes 2.04 2019-05-24 - Add a partial workaround for "Bizarre copy" errors (GH #11) that come when attempting to look at arguments in the call stack. This is only a partial fix as there are cases that can lead to a SEGV. Ultimately this needs to be fixed in the Perl core. See https://rt.perl.org/Public/Bug/Display.html?id=131046 for relevant discussion. Fixed by pali. GH #21. ==== v4l2loopback ==== Version update (0.12.1_k5.1.4_1 -> 0.12.2_k5.1.4_1) - Update to version 0.12.2 * Fixed compat with kernel 5.0 * Replace v4l2_get_timestamp with ktime_get_ts(64) for linux-5.1 compat - Dropped v4l2loopback-no_deprecated_function.patch (merged upstream)