Packages changed:
MozillaFirefox (78.0.2 -> 79.0)
autoyast2 (4.3.30 -> 4.3.31)
ca-certificates-mozilla (2.40 -> 2.42)
libcontainers-common (20200603 -> 20200727)
libfido2
libstorage-ng (4.3.37 -> 4.3.39)
logrotate (3.16.0 -> 3.17.0)
mozilla-nspr (4.25 -> 4.26)
mozilla-nss (3.53.1 -> 3.54)
nano (4.9.3 -> 5.0)
okteta (0.26.3 -> 0.26.4)
permissions (1550_20200710 -> 1550_20200727)
plasma5-thunderbolt (5.19.3 -> 5.19.4)
snapper (0.8.11 -> 0.8.12)
yast2 (4.3.17 -> 4.3.19)
yast2-add-on (4.3.2 -> 4.3.3)
yast2-installation (4.3.10 -> 4.3.13)
yast2-network (4.3.13 -> 4.3.15)
yast2-nis-client (4.3.1 -> 4.3.3)
yast2-packager (4.3.4 -> 4.3.5)
yast2-pam (4.2.4 -> 4.3.2)
yast2-schema (4.3.3 -> 4.3.4)
yast2-security (4.3.0 -> 4.3.1)
yast2-services-manager (4.3.1 -> 4.3.2)
yast2-users (4.3.4 -> 4.3.5)
=== Details ===
==== MozillaFirefox ====
Version update (78.0.2 -> 79.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 79.0
MFSA 2020-30 (bsc#1174538)
* CVE-2020-15652 (bmo#1634872)
Potential leak of redirect targets when loading scripts in a worker
* CVE-2020-6514 (bmo#1642792)
WebRTC data channel leaks internal address to peer
* CVE-2020-15655 (bmo#1645204)
Extension APIs could be used to bypass Same-Origin Policy
* CVE-2020-15653 (bmo#1521542)
Bypassing iframe sandbox when allowing popups
* CVE-2020-6463 (bmo#1635293)
Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656 (bmo#1647293)
Type confusion for special arguments in IonMonkey
* CVE-2020-15658 (bmo#1637745)
Overriding file type when saving to disk
* CVE-2020-15657 (bmo#1644954)
DLL hijacking due to incorrect loading path
* CVE-2020-15654 (bmo#1648333)
Custom cursor can overlay user interface
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1638856,
bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646220,
bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678)
Memory safety bugs fixed in Firefox 79
- updated dependency requirements:
* mozilla-nspr >= 4.26
* mozilla-nss >= 3.54
* rust >= 1.43
* rust-cbindgen >= 0.14.3
- removed obsolete patch
mozilla-bmo1463035.patch
- fixed syntax issue in desktop file (boo#1174360)
==== autoyast2 ====
Version update (4.3.30 -> 4.3.31)
Subpackages: autoyast2-installation
- Removed "image" section from "software" section (bsc#1140711).
- 4.3.31
==== ca-certificates-mozilla ====
Version update (2.40 -> 2.42)
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
- AddTrust External CA Root
- AddTrust Class 1 CA Root
- LuxTrust Global Root 2
- Staat der Nederlanden Root CA - G2
- Symantec Class 1 Public Primary Certification Authority - G4
- Symantec Class 2 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
- certSIGN Root CA G2
- e-Szigno Root CA 2017
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
==== libcontainers-common ====
Version update (20200603 -> 20200727)
- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
/usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
- Add documentation for credHelpera
- Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
- docs: user namespace can't be shared in pods
- Switch references from libpod.conf to containers.conf
- Allow empty host port in --publish flag
- update document login see config.json as valid
- Update storage to 1.20.2
- Add back skip_mount_home
==== libfido2 ====
Subpackages: libfido2-1 libfido2-udev
- Cleanup udev rules, trying to use the Debian specific plugdev
group fills up the journal.
- Make the udev rules package noarch, correct Summary
==== libstorage-ng ====
Version update (4.3.37 -> 4.3.39)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#765
- added functions to query whether a MD RAID supports spare and
journal devices
- 4.3.39
- merge gh#openSUSE/libstorage-ng#764
- add _constraints file for OBS requiring at least 4 GB disk size
(bsc#1174375)
- 4.3.38
==== logrotate ====
Version update (3.16.0 -> 3.17.0)
- Update to 3.17.0:
* lock state file to prevent parallel execution of logrotate
* add '.bak' extension to default taboo list
* allow to pass a home-relative path to 'include'
* 'switch_user_permanently': skip switchback check if switched to root
* logrotate.service: enable 'ProtectClock' to restrict setting of clock
* delete old logs hit by 'maxage' regardless of 'dateext'
==== mozilla-nspr ====
Version update (4.25 -> 4.26)
- update to version 4.26
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
* Better support parallel building on Windows.
* The internal release automatic script requires python 3.
==== mozilla-nss ====
Version update (3.53.1 -> 3.54)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add "certSIGN Root CA G2" root certificate.
* bmo#1645174 - Add Microsec's "e-Szigno Root CA 2017" root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for "O=Government
Root Certification Authority; C=TW" root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove "LuxTrust Global Root 2" root certificate.
* bmo#1639987 - Remove "Staat der Nederlanden Root CA - G2" root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
==== nano ====
Version update (4.9.3 -> 5.0)
Subpackages: nano-lang
- GNU nano 5.0:
* With --indicator (or -q or 'set indicator') nano will show a kind
of scrollbar on the righthand side of the screen to indicate where
in the buffer the viewport is located and how much it covers.
* With <Alt+Insert> any line can be "tagged" with an anchor, and
<Alt+PageUp> and <Alt+PageDown> will jump to the nearest anchor.
When using line numbers, an anchor is shown as "+" in the margin.
* The Execute Command prompt is now directly accessible from the
main menu (with ^T, replacing the Spell Checker). The Linter,
Formatter, Spell Checker, Full Justification, Suspension, and
Cut-Till-End functions are available in this menu too.
* On terminals that support at least 256 colors, nine new color
names are available: pink, purple, mauve, lagoon, mint, lime,
peach, orange, and latte. These do not have lighter versions.
* For the color names red, green, blue, yellow, cyan, magenta,
white, and black, the prefix 'light' gives a brighter color.
Prefix 'bright' is deprecated, as it means both bold AND light.
* All color names can be preceded with "bold," and/or "italic,"
(in that order) to get a bold and/or italic typeface.
* With --bookstyle (or -O or 'set bookstyle') nano considers any
line that begins with whitespace as the start of a paragraph.
* Refreshing the screen with ^L now works in every menu.
* In the main menu, ^L also centers the line with the cursor.
* Toggling the help lines with M-X now works in all menus except
in the help viewer and the linter.
* At a filename prompt, the first <Tab> lists the possibilities,
and these are listed near the bottom instead of near the top.
* Bindable function 'curpos' has been renamed to 'location'.
* Long option --tempfile has been renamed to --saveonexit.
* Short option -S is now a synonym of --softwrap.
* The New Buffer toggle (M-F) has become non-persistent. Options
- -multibuffer and 'set multibuffer' still make it default to on.
* Backup files will retain their group ownership (when possible).
* Data is synced to disk before "... lines written" is shown.
* The raw escape sequences for F13 to F16 are no longer recognized.
* Distro-specific syntaxes, and syntaxes of less common languages,
have been moved down to subdirectory syntax/extra/. The affected
distros and others may wish to move wanted syntaxes one level up.
Syntaxes for Markdown, Haskell, and Ada were added.
==== okteta ====
Version update (0.26.3 -> 0.26.4)
Subpackages: libKasten4 libOkteta3 libkasten-lang libokteta-lang okteta-data okteta-lang
- Update to 0.26.4
* Improved: struct2osd uses castxml now (gccxml has been
deprecated)
* Improved: less deprecated Qt code usage, avoiding logged
runtime warnings
* Improved: translations
==== permissions ====
Version update (1550_20200710 -> 1550_20200727)
Subpackages: chkstat permissions-config permissions-doc
- Update to version 20200727:
* etc/permissions: remove static /var/spool/* dirs
* etc/permissions: remove outdated entries
* etc/permissions: remove unnecessary static dirs and devices
* screen: remove now unused /var/run/uscreens
==== plasma5-thunderbolt ====
Version update (5.19.3 -> 5.19.4)
Subpackages: plasma5-thunderbolt-lang
- Update to 5.19.4
* New bugfix release
* For more details please see:
* https://kde.org/announcements/plasma-5.19.4
- No code changes since 5.19.3
==== snapper ====
Version update (0.8.11 -> 0.8.12)
Subpackages: libsnapper5 snapper-zypp-plugin
- fixed error when using mksubvolume to create /tmp (bsc#1174401)
- version 0.8.12
==== yast2 ====
Version update (4.3.17 -> 4.3.19)
Subpackages: yast2-logs
- XML: do not export the system ID if it is not defined
(boo#1174424).
- 4.3.19
- Handle exceptions when parsing xml file (related to bsc#1170886)
- 4.3.18
==== yast2-add-on ====
Version update (4.3.2 -> 4.3.3)
- Fix the schema definition for the add_on_products
and add_on_others elements (boo#1174424).
- 4.3.3
==== yast2-installation ====
Version update (4.3.10 -> 4.3.13)
- AY: Removed "image" section from "software" section
(bsc#1140711).
- 4.3.13
- Handle exceptions when parsing xml file (related to bsc#1170886)
- 4.3.12
- handle device autoconfig setting in summary screen (bsc#1168036)
- 4.3.11
==== yast2-network ====
Version update (4.3.13 -> 4.3.15)
- AutoYaST: do not crash when the <host> section is present
(bsc#1174643).
- 4.3.15
- Do not crash when configuring an IPv6 route through AutoYaST
(bsc#1174353)
- 4.3.14
==== yast2-nis-client ====
Version update (4.3.1 -> 4.3.3)
- Fixed the mechanism used to ensure the usage of "compat" for
certain databases (bsc#1174603).
- 4.3.3
- Properly save the NSS configuration (related to bsc#1173119).
- 4.3.2
==== yast2-packager ====
Version update (4.3.4 -> 4.3.5)
- Handle exceptions when parsing xml file (related to bsc#1170886)
- 4.3.5
==== yast2-pam ====
Version update (4.2.4 -> 4.3.2)
- Fixed a bug, introduced in the latest version, related to
deletion of nsswitch entries (related to bsc#1173119).
- 4.3.2
- Added function to query PAM modules (bsc#1171318).
- 4.3.1
- Support reading nsswitch.conf from /usr/etc (bsc#1173119).
- 4.3.0
==== yast2-schema ====
Version update (4.3.3 -> 4.3.4)
- Fix the schema definition for the add_on_products and
add_on_others elements (boo#1174424).
- 4.3.4
==== yast2-security ====
Version update (4.3.0 -> 4.3.1)
- Use pam_pwquality instead of pam_cracklib depending on
availability (bsc#1171318)
- Fix setting dictpath for pam_pwquality (bsc#1174619)
- 4.3.1
==== yast2-services-manager ====
Version update (4.3.1 -> 4.3.2)
- Fix detection of modifications in AutoYaST config mode
(bsc#1173408)
- Fix remembering of services configuration in AutoYaST config mode
(bsc#1173408)
- 4.3.2
==== yast2-users ====
Version update (4.3.4 -> 4.3.5)
- Load the right nsswitch.conf from either, /usr/etc or /etc
- Related to bsc#1173119.
- 4.3.5