[opensuse-factory] New Tumbleweed snapshot 20180201 released!
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180201
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
Packages changed:
kactivitymanagerd
kdeconnect-kde (1.2 -> 1.2.1)
kernel-source (4.14.15 -> 4.15.0)
libpng16 (1.6.31 -> 1.6.34)
multipath-tools (0.7.3+31+suse.6804bb73f72d -> 0.7.3+38+suse.a16beed5280a)
nano (2.9.1 -> 2.9.3)
plasma5-openSUSE
python-base
python-pycurl
rollback-helper
snapper (0.5.3 -> 0.5.4)
spice
webkit2gtk3
=== Details ===
==== kactivitymanagerd ====
- Require libQt5Sql5-sqlite, apparently it crashes without it, and
even if not it would probably not work properly (boo#1078173)
==== kdeconnect-kde ====
Version update (1.2 -> 1.2.1)
Subpackages: kdeconnect-kde-lang
- Update to 1.2.1
* Require the latest version of KF5
* Was getting a double-delete, now it won't crash
* Get rid of ProcessRunner
* Add album art to mpris network packets
* Add title, artist and album to MPRIS network packets
* Fix information leak via /tmp (kde#383144)
* Add support for new Android 2.3 (API 9+) cipher
* Fix kdeconnect-cli device list
* Fix "error activiting kdeconnectd" for kdeconnect-cli
* Delay kdeconnectd autostart phase
* Fix Notifications in Plasmoid
* Make sure there's not a path within the filename
* share plugin: fix path display
* Use pactl instead of KMix in PauseMusic Plugin
- needs KDE Frameworks 5.42 now
==== kernel-source ====
Version update (4.14.15 -> 4.15.0)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms
- Update to 4.15-final.
- Eliminated 5 patches.
- Config changes:
- Security:
- GENERIC_CPU_VULNERABILITIES=y
- commit 978c9b0
- Update
patches.kernel.org/4.14.14-036-RDS-Heap-OOB-write-in-rds_message_alloc_sgs.patch
upstream references (add CVE-2018-5332 bsc#1075621).
- commit 510de01
- Update
patches.kernel.org/4.14.14-037-RDS-null-pointer-dereference-in-rds_atomic_fr.patch
upstream references (add CVE-2018-5333 bsc#1075617).
- commit e6cf845
==== libpng16 ====
Version update (1.6.31 -> 1.6.34)
Subpackages: libpng16-16 libpng16-16-32bit libpng16-compat-devel libpng16-devel
- check with -j1
- Fix SRPM group and grammar issues.
- removed obsoleted Obsoletes
- update to 1.6.34:
* Removed contrib/pngsuite/i*.png; some of these were incorrect
and caused test failures.
- includes 1.6.33:
* Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
missing parenthesis in contrib/pngminus/pnm2png.c
* Fixed off-by-one error in png_do_check_palette_indexes()
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
to fix shortlived oss-fuzz issue 3234.
* Compute a larger limit on IDAT because some applications write
a deflate buffer for each row
* Use current date (DATE) instead of release-date (RDATE) in last
changed date of contrib/oss-fuzz files.
* Enabled ARM support in CMakeLists.txt
* Fixed incorrect typecast of some arguments to png_malloc() and
png_calloc() that were png_uint_32 instead of png_alloc_size_t
* Use pnglibconf.h.prebuilt when building for ANDROID with cmake
* Initialize memory allocated by png_inflate to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_set_text_2() due to truncated iTXt or zTXt
chunk.
* Initialize memory allocated by png_read_buffer to zero, using
memset, to stop an oss-fuzz "use of uninitialized value"
detection in png_icc_check_tag_table() due to truncated iCCP
chunk.
* Removed redundant tests
* Added an interlaced version of each file in contrib/pngsuite.
* Relocate new memset() call in pngrutil.c
* Add support for loading images with associated alpha in the
Simplified API
* Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
state
* Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
* Add end_info structure and png_read_end() to the libpng fuzzer
- includes 1.6.32:
* Avoid possible NULL dereference in png_handle_eXIf when
benign_errors are allowed. Avoid leaking the input buffer
"eXIf_buf".
* Eliminated png_ptr->num_exif member from pngstruct.h and added
num_exif to arguments for png_get_eXIf() and png_set_eXIf().
* Added calls to png_handle_eXIf(() in pngread.c and
png_write_eXIf() in pngwrite.c, and made various other fixes
to png_write_eXIf().
* Changed name of png_get_eXIF and png_set_eXIf() to
png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
breaking API compatibility with libpng-1.6.31.
* Updated contrib/libtests/pngunknown.c with eXIf chunk.
* Initialized btoa[] in pngstest.c
* Stop memory leak when returning from png_handle_eXIf() with an
error
* Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
* Update libpng.3 and libpng-manual.txt about eXIf functions.
* Restored png_get_eXIf() and png_set_eXIf() to maintain API
compatability.
* Removed png_get_eXIf_1() and png_set_eXIf_1().
* Check length of all chunks except IDAT against user limit to
fix an OSS-fuzz issue (Fixes CVE-2017-12652)
* Check length of IDAT against maximum possible IDAT size,
accounting for height, rowbytes, interlacing and zlib/deflate
overhead.
* Restored png_get_eXIf_1() and png_set_eXIf_1(), because
strlen(eXIf_buf) does not work (the eXIf chunk data can
contain zeroes).
* Revised symlink creation, no longer using deprecated cmake
LOCATION feature
* Fixed five-byte error in the calculation of IDAT maximum
possible size.
* Moved chunk-length check into a png_check_chunk_length()
private function
* Moved bad pngs from tests to contrib/libtests/crashers
* Moved testing of bad pngs into a separate
tests/pngtest-badpngs script
* Added the --xfail (expected FAIL) option to pngtest.c. It
writes XFAIL in the output but PASS for the libpng test.
* Require cmake-3.0.2 in CMakeLists.txt
* Fix "const" declaration info_ptr argument to png_get_eXIf_1()
and the num_exif argument to png_get_eXIf_1()
* Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
* Added huge_IDAT.png and empty_ancillary_chunks.png to
testpngs/crashers.
* Make pngtest --strict, --relax, --xfail options imply -m
(multiple).
* Removed unused chunk_name parameter from png_check_chunk_length().
* Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
leak.
* Initialize profile_header[] in png_handle_iCCP() to fix
OSS-fuzz issue.
* Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
OSS-fuzz UMR.
* Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
* Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
to account for the minimum 'deflate' stream, and relocate the
test to a point after the keyword has been read.
* Check that the eXIf chunk has at least 2 bytes and begins with
"II" or "MM".
* Added a set of "huge_xxxx_chunk.png" files to
contrib/testpngs/crashers, one for each known chunk type, with
length = 2GB-1.
* Check for 0 return from png_get_rowbytes() and added some
(size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
issues (162705, 162706, and 162707).
* Renamed chunks in contrib/testpngs/crashers to avoid having
files whose names differ only in case; this causes problems with
some platforms
* Added contrib/oss-fuzz directory which contains files used by
the oss-fuzz project
- cleanup with spec-cleaner
==== multipath-tools ====
Version update (0.7.3+31+suse.6804bb73f72d -> 0.7.3+38+suse.a16beed5280a)
Subpackages: kpartx multipath-tools-rbd
- Update to version 0.7.3+38+suse.a16beed5280a:
* kpartx: don't delete partitions from partitions (bsc#1078362)
* hwtable: add latest updates (bsc#1078363)
* multipathd.service: set TasksMax=infinity (bsc#1060616)
==== nano ====
Version update (2.9.1 -> 2.9.3)
Subpackages: nano-lang
- GNU nano 2.9.3:
* fix a segfault with trimblanks that could occur when a typed
space caused the word after it to be pushed to the next line
* make macros work also when your keyboard still emits escape
sequences
* add the options -M and --trimblanks for the command line
* recognizeskey combos with Shift on a few more terminals
* no longer show dots in certain prompt texts when visible
witespace is turned on
* fix two corner cases when doing replacements in a marked region
* allow to open a named pipe again when using --noread
* accurately detect a needed color change when a line contains
a start match but not a corresponding end match any more
- includes changes gom 2.9.2:
* correctly display the Modified state when undoing/redoing
(also when the file was saved somewhere midway)
* improve the undoing of an automatic linefeed at EOF
* show the cursor again when compiled with --withslang
* rename the option 'justifytrim' to 'trimblanks' because it
will now snip trailing whitespace also while you are typing
(and hard-wrapping is enabled)
* continue pushing words to the next line much longer (when
hard-wrapping)
* make <Tab> and
participants (1)
-
Dominique Leuenberger