Mailinglist Archive: opensuse-factory (520 mails)

< Previous Next >
[opensuse-factory] Leap 42.3 Build 0249 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&version=42.3&build=0249&groupid=28
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2042.3

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m1p6gXPc/edit#gid=298435253
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
bash
breeze4-style
dejagnu (1.4.4 -> 1.6)
glibc
glibc
grub2 (2.02~rc2 -> 2.02)
kalzium (16.08.2 -> 17.04.0)
libtirpc
libxslt
lua (5.2.2 -> 5.2.4)
mariadb (10.0.29 -> 10.0.30)
mpg123
obs-service-tar_scm
patterns-openSUSE (20150918 -> 20170518)
plasma5-session
postgresql-init (9.4 -> 9.6)
python (2.7.12 -> 2.7.13)
python-base (2.7.12 -> 2.7.13)
python-dnspython
python-doc (2.7.12 -> 2.7.13)
python-python-dateutil
rdma-core
rpcbind
sddm
vhba-kmp
yast2-registration (3.2.9 -> 3.2.10)

=== Details ===

==== bash ====
Subpackages: bash-doc bash-lang libreadline6 readline-devel readline-doc

- Add upstream patch bash-4.3-newline-in-arithmetics.patch
to fix bsc#1035371 .. syntax error with expr in loops
- Add patch bash-3.2-CVE20169401-simple-segv.patch even if
upstream says it is not a security issue (bsc#1010845)

==== breeze4-style ====

- Add change from K:F5:
- Supplement packagand(breeze5-stlye:libqt4) as a replecement for
Requires/Recommends in plasma5-session and breeze5-style

==== dejagnu ====
Version update (1.4.4 -> 1.6)

- Update to 1.6
* Proper support for target communication via SSH has been added.
* A large number of very old config and baseboard files have been
removed. If you need to resurrect these, you can get them from
version 1.5.3. If you can show that a board is still in use,
it can be put back in the distribution.
* The --status command line option is now the default. This means
that any error in the testsuite Tcl scripts will cause runtest
to abort with exit status code 2. The --status option has been
removed from the documentation, but will continue to be
accepted for backward compatibility.
* runtest now exits with exit code 0 if the testsuite "passed",
1 if something unexpected happened (eg, FAIL, XPASS or
UNRESOLVED), and 2 if an exception is raised by the Tcl
interpreter.
* runtest now exits with the standard exit codes of programs that
are terminated by the SIGINT, SIGTERM and SIGQUIT signals.
* The user-visible utility procedures `absolute', `psource' and
`slay' have been removed. If a testsuite uses any of these
procedures, a copy of the procedure should be made and placed
in the lib directory of the testsuite.
* Support was added for testing the D compiler.
* ~/.dejagnurc is now loaded last, not first. This allows the
user to have the ability to override anything in their
environment (even the site.exp file specified by $DEJAGNU).
* The user-visible utility procedure `unsetenv' is deprecated
and will be removed in the next release. If a testsuite uses
any of these procedures, a copy of the procedure should be made
and placed in the lib directory of the testsuite.
- Run tests during build
- Small spec-file polishing
- Update to dejagnu 1.5.3
* More bugfixes
- Add gpg signature
- Add dependencies for macros dealing with info files
- Use fdupes to avoid duplicate files
- Small spec file cleanup by spec-cleaner
- Update to dejagnu 1.5.2
* New boards and bugfixes
- Update to dejagnu 1.5.1
1. The runtest.1 man page has been brought up to date.
2. The Docbook/SGML documentation files were removed in favour of the
Docbook/XML documentation. The Texinfo source for the Info pages is
now automatically generated from the Docbook source.
3. The Makefile structure has been substantially simplified. There
is now a single top-level Makefile.am. The use of recursive make
has been eliminated.
4. lib/mondfe.exp and lib/xsh.exp have been removed. Users requiring
these communication modes can still use the DejaGnu 1.4 branch or
can contact dejagnu@xxxxxxx to discuss reinstating these files.
5. The configure script now ensures that Expect is installed and that
it is linked against Tcl 8.3 or greater.
6. The runtest program now gracefully handles the possibility of the
expect binary vanishing after DejaGnu has been installed (for
example, by the user altering their PATH).
7. The user-visible utility procedures `absolute', `prune', `psource'
and `slay' are deprecated and will be removed in the next release.
If a testsuite uses any of these procedures, a copy of the
procedure should be made and placed in the lib directory of the
testsuite.
- dejagnu-ignore-libwarning.patch: Removed
- dejagnu-make_doc.patch: Removed
- Build as noarch

==== glibc ====
Subpackages: glibc-32bit glibc-locale-32bit

- dlclose-assert-init-called.patch: remove improper assert in dlclose
(bsc#1035445, BZ #11941)
- power9-support.patch,
power9-strcmp.patch,
power9-strncmp.patch: POWER9 enablement (bsc#1026224, fate#321607)

==== glibc ====
Subpackages: glibc-devel glibc-extra glibc-info glibc-locale nscd

- dlclose-assert-init-called.patch: remove improper assert in dlclose
(bsc#1035445, BZ #11941)
- power9-support.patch,
power9-strcmp.patch,
power9-strncmp.patch: POWER9 enablement (bsc#1026224, fate#321607)

==== grub2 ====
Version update (2.02~rc2 -> 2.02)
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin
grub2-x86_64-efi grub2-x86_64-xen

- new upstream version 2.02
* rediff
- use-grub2-as-a-package-name.patch
- update translations
- Grub not working correctly with xen and btrfs snapshots (bsc#1026511)
* Add grub2-btrfs-09-get-default-subvolume.patch
* grub2-xen-pv-firmware.cfg : search path in default subvolume

==== kalzium ====
Version update (16.08.2 -> 17.04.0)

- Update to 17.04.0
* New feature release
* For more details please see:
* https://www.kde.org/announcements/announce-applications-17.04.0.php
- Changes since 17.03.90:
* None
- Update to 17.03.90
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/announce-applications-17.04-rc.php
- Changes since 17.03.80:
* None
- Update to 17.03.80
* New feature release
* For more details please see:
* https://www.kde.org/announcements/announce-applications-17.03.80.php
- Changes since 16.12.3:
* Exclude qml directory from built until it is ported
* Fix build with extra-cmake-modules > 5.30
- Update to 16.12.3
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/announce-applications-16.12.3.php
- Changes since 16.12.2:
* Fix build with extra-cmake-modules > 5.30
- Remove patches, now upstream:
* fix-build-with-ecm-5.31.patch
- Add fix-build-with-ecm-5.31.patch
- Update to KDE Applications 16.12.2
* KDE Applications 16.12.2
* https://www.kde.org/announcements/announce-applications-16.12.2.php
- - Update to KDE Applications 16.12.1
* KDE Applications 16.12.1
* https://www.kde.org/announcements/announce-applications-16.12.1.php
- Update to KDE Applications 16.12.0
* KDE Applications 16.12.0
* https://www.kde.org/announcements/announce-applications-16.12.0.php
- Update to KDE Applications 16.11.90
* KDE Applications 16.12.0 RC
* https://www.kde.org/announcements/announce-applications-16.12-rc.php
- Update to KDE Applications 16.11.80
* KDE Applications 16.12.0 Beta
* https://www.kde.org/announcements/announce-applications-16.12-beta.php
- Update to KDE Applications 16.08.3
* KDE Applications 16.08.3
* https://www.kde.org/announcements/announce-applications-16.08.3.php

==== libtirpc ====
Subpackages: libtirpc-netconfig libtirpc3

- add 0001-fix-remote-rpcbind-denial-of-service-vulnerability.patch
fixes remote rpcbind denial-of-service vulnerability (bsc#1037559)
VUL-0: CVE-2017-8779

==== libxslt ====
Subpackages: libxslt-devel libxslt-tools libxslt1 libxslt1-32bit

- Fixed CVE-2015-7995 bsc#952474
* Type confusion vulnerability may cause a DoS
- Added patch libxslt-CVE-2015-7995.patch
- Fixed CVE-2017-5029 bcs#1035905
* Limit buffer size in xsltAddTextString to INT_MAX
- Added patch libxslt-1.1.28-CVE-2017-5029.patch
- security update: initialize random generator, CVE-2015-9019
[bsc#934119]
+ libxslt-random-seed.patch
- Added patch libxslt-CVE-2016-4738.patch
* Fix heap overread in xsltFormatNumberConversion: An empty
decimal-separator could cause a heap overread. This can be
exploited to leak a couple of bytes after the buffer that holds
the pattern string.
* bsc#1005591 CVE-2016-4738

==== lua ====
Version update (5.2.2 -> 5.2.4)
Subpackages: liblua5_2 lua-devel

- update to 5.2.4: bugfix release, fixed:
* wrong overflow check in table.unpack
* ephemeron table wrongly collecting strong keys
* crash in chunks that are too long
* Stack overflow in vararg functions with many fixed parameters
called with few arguments. (CVE-2014-5461, bsc#893824)
* Garbage collector can trigger too many times in recursive loops.
* Wrong assert when reporting concatenation errors (manifests only
when Lua is compiled in debug mode).
* Wrong error message in some short-cut expressions.
* luac listings choke on long strings.
* see http://www.lua.org/bugs.html for details
(some of these were wrongly listed in changelog for 5.2.2)
- drop upstreamed lua-CVE-2014-5461.patch
- this update fixes Leap 42.2 bug boo#1010089 by updating "lua"
to the same version as "lua52"
- lua-restore-5.2.2-abi.patch: reorder items in private
Table struct, restoring ABI compatibility
- provides Lua(API) & Lua(devel)
- fix update-alternatives

==== mariadb ====
Version update (10.0.29 -> 10.0.30)
Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18
libmysqld18 mariadb-client mariadb-errormessages

- update to MariaDB 10.0.30 GA
* notable changes:
* XtraDB updated to 5.6.35-80.0
* TokuDB updated to 5.6.35-80.0
* PCRE updated to 8.40
* MDEV-11027: better InnoDB crash recovery progress reporting
* MDEV-11520: improvements to how InnoDB data files are extended
* Improvements to InnoDB startup/shutdown to make it more robust
* MDEV-11233: fix for FULLTEXT index crash
* MDEV-6143: MariaDB Linux binary tarballs will now always untar
to directories that match their filename
* release notes and changelog:
* https://kb.askmonty.org/en/mariadb-10030-release-notes
* https://kb.askmonty.org/en/mariadb-10030-changelog
* fixes the following CVEs:
CVE-2017-3313 [bsc#1020890]
CVE-2017-3302 [bsc#1022428] - remove our patch that is no
longer needed (mariadb-10.0.29-incorrect_list_handling.patch)
- refresh mysql-community-server-5.1.46-logrotate.patch
- re-enable the profiling support in as it was enabled in SLE12SP0
* it also fixes [bsc#996821]
- set the default umask to 077 in mysql-systemd-helper [bsc#1020976]
- [bsc#1034911] - tracker bug

==== mpg123 ====
Subpackages: mpg123-esound mpg123-openal mpg123-pulse

- dont require mpg123-32bit, it is not present
- Update baselibs.conf
- add a baselibs.conf, so 32bit wine can use it or even
build against it.

==== obs-service-tar_scm ====
Subpackages: obs-service-obs_scm-common

- added Requires: python2 for Fedora >= 25

==== patterns-openSUSE ====
Version update (20150918 -> 20170518)
Subpackages: patterns-openSUSE-apparmor patterns-openSUSE-apparmor_opt
patterns-openSUSE-base patterns-openSUSE-books patterns-openSUSE-console
patterns-openSUSE-devel_C_C++ patterns-openSUSE-devel_basis
patterns-openSUSE-devel_gnome patterns-openSUSE-devel_ide
patterns-openSUSE-devel_java patterns-openSUSE-devel_kde
patterns-openSUSE-devel_kde_frameworks patterns-openSUSE-devel_kernel
patterns-openSUSE-devel_perl patterns-openSUSE-devel_python
patterns-openSUSE-devel_python3 patterns-openSUSE-devel_qt4
patterns-openSUSE-devel_qt5 patterns-openSUSE-devel_rpm_build
patterns-openSUSE-devel_ruby patterns-openSUSE-devel_web
patterns-openSUSE-dhcp_dns_server patterns-openSUSE-directory_server
patterns-openSUSE-enhanced_base patterns-openSUSE-enhanced_base_opt
patterns-openSUSE-file_server patterns-openSUSE-fonts
patterns-openSUSE-fonts_opt patterns-openSUSE-games
patterns-openSUSE-gateway_server patterns-openSUSE-generic_server
patterns-openSUSE-gnome patterns-openSUSE-gnome_admin pattern
s-openSUSE-gnome_basis patterns-openSUSE-gnome_basis_opt
patterns-openSUSE-gnome_games patterns-openSUSE-gnome_ide
patterns-openSUSE-gnome_imaging patterns-openSUSE-gnome_imaging_opt
patterns-openSUSE-gnome_internet patterns-openSUSE-gnome_laptop
patterns-openSUSE-gnome_multimedia patterns-openSUSE-gnome_multimedia_opt
patterns-openSUSE-gnome_office patterns-openSUSE-gnome_office_opt
patterns-openSUSE-gnome_utilities patterns-openSUSE-gnome_yast
patterns-openSUSE-imaging patterns-openSUSE-imaging_opt patterns-openSUSE-kde
patterns-openSUSE-kde_edutainment patterns-openSUSE-kde_games
patterns-openSUSE-kde_ide patterns-openSUSE-kde_imaging
patterns-openSUSE-kde_internet patterns-openSUSE-kde_multimedia
patterns-openSUSE-kde_office patterns-openSUSE-kde_plasma
patterns-openSUSE-kde_telepathy patterns-openSUSE-kde_utilities
patterns-openSUSE-kde_utilities_opt patterns-openSUSE-kde_yast
patterns-openSUSE-kvm_server patterns-openSUSE-lamp_server
patterns-openSUSE-laptop patterns-openSUSE-
lxde patterns-openSUSE-lxde_laptop patterns-openSUSE-lxde_office
patterns-openSUSE-mail_server patterns-openSUSE-minimal_base
patterns-openSUSE-minimal_base-conflicts patterns-openSUSE-misc_server
patterns-openSUSE-multimedia patterns-openSUSE-multimedia_opt
patterns-openSUSE-network_admin patterns-openSUSE-non_oss
patterns-openSUSE-non_oss_opt patterns-openSUSE-office
patterns-openSUSE-office_opt patterns-openSUSE-print_server
patterns-openSUSE-remote_desktop patterns-openSUSE-rest_dvd
patterns-openSUSE-sw_management patterns-openSUSE-sw_management_gnome
patterns-openSUSE-sw_management_kde patterns-openSUSE-tabletpc
patterns-openSUSE-technical_writing patterns-openSUSE-update_test
patterns-openSUSE-x11 patterns-openSUSE-x11_opt patterns-openSUSE-x11_yast
patterns-openSUSE-xen_server patterns-openSUSE-xfce
patterns-openSUSE-xfce_basis patterns-openSUSE-xfce_laptop
patterns-openSUSE-xfce_office patterns-openSUSE-yast2_basis
patterns-openSUSE-yast2_install_wf

- don't recommend non-oss pattern in desktops anymore. Provides no really
needed features anymore but looks scary to some in the installation summary.
- Recommend zypper-lifecycle-plugin in sw_management for stable
distributions

==== plasma5-session ====

- Add changes from K:F5:
- Use update-alternatives to create default.desktop xsession (boo#1030873)
- Remove requirement of breeze4-style, replaced by a supplement of
packagand(breeze5-style:libqt4) in breeze4-style itself

==== postgresql-init ====
Version update (9.4 -> 9.6)

- Bump version to 9.6 for compatibility with the latest
PostgreSQL package on SLE12.

==== python ====
Version update (2.7.12 -> 2.7.13)
Subpackages: python-curses python-gdbm

- update for SLE (bsc#1027282)
- removed obsolete python-2.7-urllib2-localnet-ssl.patch
- refreshed python-2.7.9-sles-disable-verification-by-default.patch
to work with PEP493-compatibe config.
Variable "PYTHONHTTPSVERIFY" is now recognized and setting it
to 1 will enable strict TLS checking, while setting to 0 will disable
checking. The default behavior depends on whether a policy file
(typically from python-strict-tls-check package) is present: if it is,
the policy decides what happens, empty policy file means upstream policy.
If not present, checking is disabled by default.
- update to 2.7.13
* dozens of bugfixes, see NEWS for details
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well
- update python-2.7.10-overflow_check.patch
with python-2.7.13-overflow_check.patch, incorporating upstream changes
- add "-fwrapv" to optflags explicitly because upstream code still
relies on it in many places
- provide python2-* symbols, for support of new packages built as
python2-foo

==== python-base ====
Version update (2.7.12 -> 2.7.13)
Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-devel python-xml

- SLE package update (bsc#1027282)
- refresh python-2.7.5-multilib.patch
- dropped upstreamed patches:
python-fix-short-dh.patch
python-2.7.7-mhlib-linkcount.patch
python-2.7-urllib2-localnet-ssl.patch
CVE-2016-0772-smtplib-starttls.patch
CVE-2016-5699-http-header-injection.patch
CVE-2016-5636-zipimporter-overflow.patch
python-2.7-httpoxy.patch
- Add python-ncurses-6.0-accessors.patch: Fix build with
NCurses 6.0 and OPAQUE_WINDOW set to 1.
(dimstar@xxxxxxxxxxxx)
- update to 2.7.13
* dozens of bugfixes, see NEWS for details
* updated cipher lists for openssl wrapper, support openssl >= 1.1.0
* properly fix HTTPoxy (CVE-2016-1000110)
* profile-opt build now applies PGO to modules as well
- add python-2.7.13-overflow_check.patch, incorporating upstream changes
(bnc#964182)
- add "-fwrapv" to optflags explicitly because upstream code still
relies on it in many places
- provide python2-* symbols, for support of new packages built as
python2-foo
- rename macros.python to macros.python2 accordingly
- require python-rpm-macros package, drop macro definitions from
macros.python2

==== python-dnspython ====

- Update for the multipython build.
- Rename python-dnspython.asc to python-dnspython.keyring.
- Spec cleanup.

==== python-doc ====
Version update (2.7.12 -> 2.7.13)

- update to 2.7.13
- provide python2-* symbols, for support of new packages built as
python2-foo

==== python-python-dateutil ====

- Don't provide python2-dateutil, singlespec packages should use
correct name.
- Converted to single-spec
- Enabled tests
- Spec cleanup

==== rdma-core ====
Subpackages: libibverbs1 librdmacm1

- Split rdma-ndd into its own package to replace previous package
from infiniband-diags (bsc#1039146).
- Update to 14-rc1-40-g706fc2af (fate#321907, bsc#1020415).
No releases notes. Contains libbnxtre bug fixes
- Add baselibs.conf to generate -32bit libraries (bsc#1038742).

==== rpcbind ====

- add 0032-fix-remote-rpcbind-denial-of-service-vulnerability.patch
fixes remote rpcbind denial-of-service vulnerability (bsc#1037559)
VUL-0: CVE-2017-8779

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Also set the default last session in sysconfig-support.patch
(replaces boo949903.patch)
- Adjust 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch
to also handle symlinks for the last session
- Replace patch with newer version:
* 0001-Also-theme-the-default-cursor-for-the-root-window.patch
- Add upstream patches:
* 0001-Parse-desktop-file-sections.patch
* 0002-Ignore-session-desktop-files-with-the-Hidden-propert.patch
- Add downstream patch:
* 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch
- Fix typo in sysconfig-support.patch (DYSPLAY -> DISPLAY)
- Use default.desktop as default autologin session file
- BuildRequire python-docutils instead of python3-docutils on SLE

==== vhba-kmp ====

- Add vhba-signal.diff so it builds with Linux 4.11

==== yast2-registration ====
Version update (3.2.9 -> 3.2.10)

- Don't crash if the regurl provided by linuxrc is invalid, use
the one provided by the control file as fallback (bsc#1035908).
- 3.2.10


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages