Packages changed: ImageMagick (7.0.10.27 -> 7.0.10.28) Mesa Mesa-drivers MozillaFirefox (77.0.1 -> 80.0) apache2 ark autoyast2 (4.3.35 -> 4.3.43) babeltrace bind (9.16.5 -> 9.16.6) bluedevil5 (5.19.4 -> 5.19.5) breeze (5.19.4 -> 5.19.5) breeze-gtk (5.19.4 -> 5.19.5) breezy btrfsmaintenance (0.4.2 -> 0.5) busybox ceph (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) cim-schema (2.50.0 -> 2.53.0) coreutils corosync cronie dav1d dbus-1 dcraw (9.27.0 -> 9.28.0) diffutils discover (5.19.4 -> 5.19.5) dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) drkonqi5 (5.19.4 -> 5.19.5) ebtables editorconfig-core-c emacs exiv2 (0.27.2 -> 0.27.3) f2fs-tools (1.13.0 -> 1.14.0) festival fetchmail (6.4.1 -> 6.4.8) fftw3 findutils flatpak (1.8.1 -> 1.8.2) freecell-solver (5.24.0 -> 6.0.1) gcc gcc10 (10.2.1+git501 -> 10.2.1+git583) gcc9 (9.3.1+git1296 -> 9.3.1+git1684) grep grub2 gstreamer-plugins-base health-checker (1.3.4 -> 1.4) heaptrack inkscape iputils (s20190709 -> s20200821) ispell kactivitymanagerd (5.19.4 -> 5.19.5) kcm_sddm (5.19.4 -> 5.19.5) kcm_tablet kde-cli-tools5 (5.19.4 -> 5.19.5) kde-gtk-config5 (5.19.4 -> 5.19.5) kde-user-manager (5.19.4 -> 5.19.5) kernel-64kb (5.8.2 -> 5.8.4) kernel-firmware (20200807 -> 20200827) kernel-source (5.8.2 -> 5.8.4) kgamma5 (5.19.4 -> 5.19.5) khotkeys5 (5.19.4 -> 5.19.5) kinfocenter5 (5.19.4 -> 5.19.5) kmenuedit5 (5.19.4 -> 5.19.5) kscreen5 (5.19.4 -> 5.19.5) kscreenlocker (5.19.4 -> 5.19.5) ksshaskpass5 (5.19.4 -> 5.19.5) ksysguard5 (5.19.4 -> 5.19.5) kwayland-integration (5.19.4 -> 5.19.5) kwayland-server (5.19.4 -> 5.19.5) kwin5 (5.19.4 -> 5.19.5) kwrited5 (5.19.4 -> 5.19.5) libX11 (1.6.9 -> 1.6.12) libXtst libblockdev (2.22 -> 2.24) libdatrie (0.2.10 -> 0.2.12) libdrm libetonyek libevdev (1.9.0 -> 1.9.1) libglvnd (1.2.0 -> 1.3.2) libisoburn (1.5.0 -> 1.5.2) libkdecoration2 (5.19.4 -> 5.19.5) libkscreen2 (5.19.4 -> 5.19.5) libksysguard5 (5.19.4 -> 5.19.5) libmysofa (1.0 -> 1.1) libodfgen (0.1.6 -> 0.1.7) libpwquality (1.4.1 -> 1.4.2) libqmi (1.24.14 -> 1.26.4) librdkafka (1.3.0 -> 1.5.0) libreoffice (7.0.1.1 -> 7.0.1.2) libspectre (0.2.8 -> 0.2.9) libstorage-ng (4.3.39 -> 4.3.40) libteam (1.29 -> 1.31) libthai (0.1.27 -> 0.1.28) libuv (1.34.2 -> 1.38.1) libva (2.7.0 -> 2.8.0) libva-gl (2.7.0 -> 2.8.0) libverto (0.2.6 -> 0.3.1) libyui-ncurses (2.56.1 -> 2.56.2) libzypp (17.24.1 -> 17.24.2) lua53 lvm2 (2.03.05 -> 2.03.10) lvm2-device-mapper (1.02.163 -> 1.02.173) m17n-db (1.7.0 -> 1.8.0) m17n-lib (1.7.0 -> 1.8.0) mailutils man mariadb (10.4.13 -> 10.4.14) milou5 (5.19.4 -> 5.19.5) mozilla-nspr (4.26 -> 4.27) mozilla-nss (3.54 -> 3.55) mozjs68 mpc (1.1.0 -> 1.2.0) mtdev (1.1.5 -> 1.1.6) multipath-tools (0.8.4+43+suse.908383f -> 0.8.4+183+suse.1817ce2) nano (5.1 -> 5.2) openldap2 (2.4.51 -> 2.4.52) openvpn oxygen5 (5.19.4 -> 5.19.5) package-update-indicator (5 -> 6) pango (1.44.7+11 -> 1.46.1) perl perl-HTML-Parser (3.72 -> 3.75) perl-libwww-perl (6.46 -> 6.47) permissions (1550_20200811 -> 1550_20200826) plasma-browser-integration (5.19.4 -> 5.19.5) plasma-nm5 (5.19.4 -> 5.19.5) plasma5-addons (5.19.4 -> 5.19.5) plasma5-desktop (5.19.4 -> 5.19.5) plasma5-integration (5.19.4 -> 5.19.5) plasma5-pa (5.19.4 -> 5.19.5) plasma5-thunderbolt (5.19.4 -> 5.19.5) plasma5-workspace (5.19.4 -> 5.19.5) polkit-kde-agent-5 (5.19.4 -> 5.19.5) postfix (3.5.6 -> 3.5.7) powerdevil5 (5.19.4 -> 5.19.5) procps purple-rocketchat (0.0+hg20200403 -> 0.0+git.20200717T223247) python-Babel python-Sphinx (3.1.2 -> 3.2.1) python-Sphinx-test (3.1.2 -> 3.2.1) python-appdirs python-bcrypt python-dulwich (0.20.2 -> 0.20.5) python-jedi python-rpm-macros (20200806.f44d3ac -> 20200824.8fa42a7) python-sip (4.19.19 -> 4.19.24) python-sphinxcontrib-websupport (1.2.3 -> 1.2.4) python3-qt5 (5.13.2 -> 5.15.0) qalculate (3.12.0 -> 3.12.1) qemu raspberrypi-firmware (2020.02.20 -> 2020.07.31) raspberrypi-firmware-config (2020.02.20 -> 2020.07.31) rubygem-ast (2.4.0 -> 2.4.1) rubygem-kramdown (2.2.1 -> 2.3.0) sed snapper (0.8.12 -> 0.8.13) snappy (1.1.7 -> 1.1.8) sudo suitesparse suse-module-tools (15.3.3 -> 15.3.4) syslogd system-users systemd systemd-presets-common-SUSE systemsettings5 (5.19.4 -> 5.19.5) sysuser-tools thunar tracker (2.3.4 -> 2.3.5) tracker-miners (2.3.3 -> 2.3.4) unixODBC (2.3.7 -> 2.3.8) userspace-rcu (0.10.0 -> 0.12.1) vlc (3.0.11 -> 3.0.11.1) webrtc-audio-processing (0.3 -> 0.3.1) xapian-core (1.4.15 -> 1.4.17) xdg-desktop-portal xdg-desktop-portal-kde (5.19.4 -> 5.19.5) xdm xf86-input-wacom (0.37.0 -> 0.39.0) xfce4-notifyd (0.6.1 -> 0.6.2) xfce4-screensaver xinit xorg-x11-fonts xorg-x11-fonts-converted xorg-x11-server (1.20.8+0 -> 1.20.9) yast2 (4.3.19 -> 4.3.24) yast2-drbd (4.3.2 -> 4.3.3) yast2-installation (4.3.14 -> 4.3.15) yast2-network (4.3.15 -> 4.3.17) yast2-online-update-configuration (4.3.1 -> 4.3.2) yast2-pkg-bindings (4.2.9 -> 4.3.0) yast2-schema (4.3.4 -> 4.3.5) yast2-services-manager (4.3.4 -> 4.3.5) yast2-storage-ng (4.3.14 -> 4.3.15) yast2-trans (84.87.20200814.909b1a4158 -> 84.87.20200829.ec23685593) yp-tools ypbind ypserv zlib zypper (1.14.37 -> 1.14.38) === Details === ==== ImageMagick ==== Version update (7.0.10.27 -> 7.0.10.28) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7 - added patches fix inkscape commandline [bsc#1174272] + ImageMagick-inkscape-commandilne.patch - fix bsc#1106272 - added patches fix https://github.com/ImageMagick/ImageMagick/commit/029fb3425ecf82e8b30c060e38a135d1d3e76bb3 + ImageMagick-set-correct-colorspace.patch - version update to 7.0.10.28 * Distorted clip path after -extent (reference https://github.com/ImageMagick/ImageMagick/issues/2414). * Paths in Photoshop EPS files are corrupted on conversion (reference https://github.com/ImageMagick/ImageMagick/issues/2413). ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Add vulkan device selection layer and vulkan overlay layer to baselibs for 32bit versions on 64bit architectures. - Add vulkan device selection layer and vulkan overlay layer - specfile/baselibs.conf cleanup * no longer support Mesa build without libglvnd * removed empty packages Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 - Add vulkan device selection layer and vulkan overlay layer to baselibs for 32bit versions on 64bit architectures. - Add vulkan device selection layer and vulkan overlay layer - specfile/baselibs.conf cleanup * no longer support Mesa build without libglvnd * removed empty packages Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 ==== MozillaFirefox ==== Version update (77.0.1 -> 80.0) - Mozilla Firefox 80.0 MFSA 2020-36 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-12401 (bmo#1631573) Timing-attack on ECDSA signature generation * CVE-2020-6829 (bmo#1631583) P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation * CVE-2020-12400 (bmo#1623116) P-384 and P-521 vulnerable to a side channel attack on modular inversion * CVE-2020-15665 (bmo#1651636) Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown * CVE-2020-15666 (bmo#1450853) MediaError message property leaks cross-origin response status * CVE-2020-15667 (bmo#1653371) Heap overflow when processing an update file * CVE-2020-15668 (bmo#1651520) Data Race when reading certificate information * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 - requires * NSPR 4.27 * NSS 3.55 - added mozilla-system-nspr.patch (bmo#1661096) - exclude ga-IE locale as it's failing to build - rollback parallelize locale build because it breaks bookmarks (boo#1167976) - preserve original default bookmark file during langpack build (boo#1167976) - add some ccache output during build - Use new memoryperjob _constraints instead of %limit_build macro. - use ccache for build - replace versioned RPM deps with requires_ge - parallelize locale build - Change *.appdata.xml location to latest AppStream standard - Mozilla Firefox 79.0 MFSA 2020-30 (bsc#1174538) * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 - updated dependency requirements: * mozilla-nspr >= 4.26 * mozilla-nss >= 3.54 * rust >= 1.43 * rust-cbindgen >= 0.14.3 - removed obsolete patch mozilla-bmo1463035.patch - fixed syntax issue in desktop file (boo#1174360) - Add mozilla-libavcodec58_91.patch to link against updated soversion of libavcodec (58.91) with ffmpeg >= 4.3. (patch provided by Atri Bhattacharya - enable MOZ_USE_XINPUT2 for TW (again) (boo#1173320) (Plasma 5.19.3 is now in TW) - Mozilla Firefox 78.0.2 * Fixed an accessibility regression in reader mode (bmo#1650922) * Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed a regression opening certain external applications (bmo#1650162) MFSA 2020-28 * CVE pending (bmo#1644076) X-Frame-Options bypass using object or embed tags - added desktop file actions - do not use XINPUT2 for the moment until Plasma 5.19.3 has landed (boo#1173993) - rework langpack integration (boo#1173991) * ship XPIs instead of directories * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service - fix pipewire support for TW (boo#1172903) - Mozilla Firefox 78.0.1 * Fixed an issue which could cause installed search engines to not be visible when upgrading from a previous release. - enable MOZ_USE_XINPUT2 for TW (boo#1173320) - Mozilla Firefox 78.0 * startup notifications now using Gtk instead of libnotify * PDF downloads now show an option to open the PDF directly in Firefox * Protections Dashboard (about:protections) * WebRTC not interrupted by screensaver anymore * disabled TLS 1.0 and 1.1 by default MFSA 2020-24 (bsc#1173576) * CVE-2020-12415 (bmo#1586630) AppCache manifest poisoning due to url encoded character processing * CVE-2020-12416 (bmo#1639734) Use-after-free in WebRTC VideoBroadcaster * CVE-2020-12417 (bmo#1640737) Memory corruption due to missing sign-extension for ValueTags on ARM64 * CVE-2020-12418 (bmo#1641303) Information disclosure due to manipulated URL object * CVE-2020-12419 (bmo#1643874) Use-after-free in nsGlobalWindowInner * CVE-2020-12420 (bmo#1643437) Use-After-Free when trying to connect to a STUN server * CVE-2020-12402 (bmo#1631597) RSA Key Generation vulnerable to side-channel attack * CVE-2020-12421 (bmo#1308251) Add-On updates did not respect the same certificate trust rules as software updates * CVE-2020-12422 (bmo#1450353) Integer overflow in nsJPEGEncoder::emptyOutputBuffer * CVE-2020-12423 (bmo#1642400) DLL Hijacking due to searching %PATH% for a library * CVE-2020-12424 (bmo#1562600) WebRTC permission prompt could have been bypassed by a compromised content process * CVE-2020-12425 (bmo#1634738) Out of bound read in Date.parse() * CVE-2020-12426 (bmo#1608068, bmo#1609951, bmo#1631187, bmo#1637682) Memory safety bugs fixed in Firefox 78 - requires * NSS >= 3.53.1 * nodejs >= 10.21 * Gtk+3 >= 3.14 - removed obsolete patches * mozilla-s390-bigendian.patch * mozilla-bmo1634646.patch - Add mozilla-pipewire-0-3.patch for openSUSE >= 15.2 to build WebRTC with pipewire support to enable screen sharing under Wayland; also add BuildRequires: pkgconfig(libpipewire-0.3) appropriately (boo#1172903). - adding SLE12 compatibility in spec file - add patches for s390x * mozilla-bmo1602730.patch (bmo#1602730) * mozilla-bmo1626236.patch (bmo#1626236) * mozilla-bmo998749.patch (bmo#998749) * mozilla-s390x-skia-gradient.patch - update create-tar.sh - Use same _constraints for ppc64 (BE) as ppc64le to avoid oom build failure - Exclude armv6, since it is unbuildable since about 3 years ==== apache2 ==== Subpackages: apache2-doc apache2-example-pages apache2-prefork apache2-utils - gensslcert: add -a argument to override default SAN value - Provide mod_ssl to keep compatibility with other distributions. Now obsoletes mod_ssl < %{version} instead of mod_ssl < 2.8.16. ==== ark ==== Subpackages: ark-lang libkerfuffle20 - Add patch to prevent path traversal (boo#1175857, CVE-2020-24654): * 0001-Pass-the-ARCHIVE_EXTRACT_SECURE_SYMLINKS-flag-to-lib.patch ==== autoyast2 ==== Version update (4.3.35 -> 4.3.43) Subpackages: autoyast2-installation - Recognize installed_product and installed_product_version as legal elements of rules.xml files (boo#1176089). - 4.3.43 - Add to erb templates more helpers (bsc#1175735) - Use