Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20170604
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
Packages changed:
MozillaThunderbird
alsa (1.1.4 -> 1.1.4.1)
glu
initviocons
installation-images-Kubic (14.315 -> 14.317)
installation-images-openSUSE (14.315 -> 14.317)
lapack
libXfont
libXrandr
libglvnd
libvdpau
libxfce4ui
libzypp (16.11.0 -> 16.12.0)
marble
openmpi
openssh
python-kiwi (9.6.2 -> 9.7.0)
qemu (2.8.0 -> 2.9.0)
qemu-linux-user (2.8.0 -> 2.9.0)
qtcurve-kde4 (1.8.19~git20170506 -> 1.9.0)
sudo (1.8.19p2 -> 1.8.20p2)
tigervnc (1.7.1 -> 1.8.0)
wireshark (2.2.6 -> 2.2.7)
xen (4.9.0_04 -> 4.9.0_07)
xf86-input-evdev
xf86-input-synaptics
xf86-input-vmmouse
xf86-input-void
xf86-video-ast
xf86-video-cirrus
xf86-video-fbdev
xf86-video-nv
xf86-video-vesa
xf86-video-vmware
xfce4-vala
xorg-x11-driver-video
xrandr
xtrans
zypper (1.13.27 -> 1.13.28)
=== Details ===
==== MozillaThunderbird ====
Subpackages: MozillaThunderbird-translations-common
- explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work
with gcc7 (boo#1040105, boo#1042090)
==== alsa ====
Version update (1.1.4 -> 1.1.4.1)
Subpackages: alsa-devel libasound2 libasound2-32bit
- Update to alsa-lib 1.1.4.1: it's a bug-fix release, including
all previous patches:
* pcm: dmix: Fix the inconsistent PCM state
* pcm: dshare: Call snd_pcm_dshare_state() directly
* pcm: dmix: Workaround for binary incompatibility
* test: add a test for list operation to user-defined element sets
* conf: Check the availability of PTHREAD_MUTEX_RECURSIVE
* build: Define __USE_UNIX98 for old glibc
- Obsoleted patches:
0001-build-Define-__USE_UNIX98-for-old-glibc.patch
0098-dmix-Workaround-for-binary-incompatibility.patch
==== glu ====
Subpackages: glu-devel libGLU1 libGLU1-32bit
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041327)
==== initviocons ====
- Actually build with RPM_OPT_FLAGS, will also catch
too long -F arguments (bsc#1041840)
==== installation-images-Kubic ====
Version update (14.315 -> 14.317)
- merge gh#openSUSE/installation-images#186
- etc: update module.config to match 4.12
- 14.317
- sle15: don't require obsolete sles-release-DVD package (bsc#1041893)
- merge gh#openSUSE/installation-images#185
- allow driver updates also to be applied to the rescue system
(bsc#1025621)
- avoid build problems when different openssl versions exist
- new skelcd-control-<BRANDING> packages have files in /usr/lib/skelcd
- 14.316
- rewrite spec file to simplify building different flavors (bsc#1039285)
==== installation-images-openSUSE ====
Version update (14.315 -> 14.317)
- merge gh#openSUSE/installation-images#186
- etc: update module.config to match 4.12
- 14.317
- sle15: don't require obsolete sles-release-DVD package (bsc#1041893)
- merge gh#openSUSE/installation-images#185
- allow driver updates also to be applied to the rescue system
(bsc#1025621)
- avoid build problems when different openssl versions exist
- new skelcd-control-<BRANDING> packages have files in /usr/lib/skelcd
- 14.316
- rewrite spec file to simplify building different flavors (bsc#1039285)
==== lapack ====
Subpackages: libblas3 liblapack3
- Build the man pages in a separate .spec file (lapack-man). The
resulting rpm names are kept identical. This allows us to drop
doxygen out of lapack's main package buildroot, thus eliminating
a build cycle.
==== libXfont ====
- includes everything needed for missing sle issue entries:
fate #320388 (bsc#1041641)
boo#958383, bnc#921978, bnc#857544 (bsc#1041641)
CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 (bsc#1041641)
CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (bsc#1041641)
==== libXrandr ====
Subpackages: libXrandr2 libXrandr2-32bit
- includes everything needed for missing sle issue entries:
fate #320388, bnc#1003000, CVE-2016-7947, CVE-2016-7948 (bsc#1041366)
==== libglvnd ====
Subpackages: libglvnd-32bit libglvnd-devel
- Obsolete libglvnd0 <= %version-%release instead of only older
versions in order to fix conflicts on TW.
==== libvdpau ====
- includes everything needed for missing sle issue entries:
* fate #315643-315645, 319159-319161, 319618 (bsc#1041623)
* bnc#943967, bnc#943968, bnc#943969 (bsc#1041623)
* CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 (bsc#1041623)
==== libxfce4ui ====
Subpackages: libxfce4ui-1-0 libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools
- Add conditional for pkgconfig(gladeui-1.0) BuildRequires and
corresponding subpackage glade3-catalog-libxfce4ui. No longer
build glade integration for Tumbleweed.
==== libzypp ====
Version update (16.11.0 -> 16.12.0)
- Testcase: add missing solver flags (bsc#1041889)
- version 16.12.0 (0)
==== marble ====
Subpackages: libastro1 libmarblewidget-qt5-27 marble-devel
- Fix libastro1 Provides/Obsoletes
==== openmpi ====
Subpackages: openmpi-devel openmpi-libs
- Add openmpi-config package which contains runtime configuration
files for OpenMPI 1 and/or 2
- Remove execution rights from NEWS doc file
==== openssh ====
Subpackages: openssh-helpers
- Fix preauth seccomp separation on mainframes (bsc#1016709)
[openssh-7.2p2-s390_hw_crypto_syscalls.patch]
[openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch]
- enable case-insensitive hostname matching (bsc#1017099)
[openssh-7.2p2-ssh_case_insensitive_host_matching.patch]
- add CAVS tests
[openssh-7.2p2-cavstest-ctr.patch]
[openssh-7.2p2-cavstest-kdf.patch]
- Adding missing pieces for user matching (bsc#1021626)
- Properly verify CIDR masks in configuration
(bsc#1005893)
[openssh-7.2p2-verify_CIDR_address_ranges.patch]
- Remove pre-auth compression support from the server to prevent
possible cryptographic attacks.
(CVE-2016-10012, bsc#1016370)
[openssh-7.2p2-disable_preauth_compression.patch]
- limit directories for loading PKCS11 modules
(CVE-2016-10009, bsc#1016366)
[openssh-7.2p2-restrict_pkcs11-modules.patch]
- Prevent possible leaks of host private keys to low-privilege
process handling authentication
(CVE-2016-10011, bsc#1016369)
[openssh-7.2p2-prevent_private_key_leakage.patch]
- Do not allow unix socket forwarding when running without
privilege separation
(CVE-2016-10010, bsc#1016368)
[openssh-7.2p2-secure_unix_sockets_forwarding.patch]
- prevent resource depletion during key exchange
(bsc#1005480, CVE-2016-8858)
[openssh-7.2p2-kex_resource_depletion.patch]
- fix suggested command for removing conflicting server keys from
the known_hosts file (bsc#1006221)
- enable geteuid{,32} syscalls on mainframes, since it may be
called from libica/ibmica on machines with hardware crypto
accelerator (bsc#1004258)
[openssh-7.2p2-seccomp_geteuid.patch]
- fix regression of (bsc#823710)
[openssh-7.2p2-audit_fixes.patch]
- add slogin (removed upstreams)
[openssh-7.2p2-keep_slogin.patch]
- require OpenSSL < 1.1 where that one is a default
==== python-kiwi ====
Version update (9.6.2 -> 9.7.0)
Subpackages: kiwi-pxeboot kiwi-tools
- Bump version: 9.6.2 ? 9.7.0
- Make sure all required yum repo options are set
enabled and gpgcheck parameters has to be set for any
configured yum repository
- Fixup repository setup for yum
Yum cannot handle spaces between the key and the value.
This patch provides a method to tell ConfigParser to use
no spaces for the '=' delimiter and thus Fixes #357
- Reactivate warnings report in pytest
- Fixup kernel name lookup
If multiple abi compatible kernel module packages are installed
the kernel version of the boot kernel could be different from
the kernel module versions. In order to find the boot kernel
all kernel versions found must be checked. Fixes #355
- Fix/workaround invalid xsd pattern translation
The data structures are auto generated by the generateDS
tool which works nicely except for the arch-name xsd pattern
used in the RelaxNG schema. For some reason the used regular
expression is translated by generateDS into a python
expression not matching the original expression from the
schema. The result is an invalid python warning message after
the schema has successfully validated the arch string.
The problem has been reported to the generateDS developer.
As long as their is no fix available in generateDS the
following workaround in kiwi applies: The original xs:token
pattern validation will be disabled on the generateDS
level and applies only to the schema. This Fixes #347
- Some fine tune updates
* Updated the docs for system_create command
* Reverted dracut image initialization
* Updated yum comment about repo_gpgcheck option
* Updated variable name in disk builder
* Typo correction
- Include signing-key feature for boot images
This commit extends the behavior of --signing-key options in order
to import the provided key file into the boot image, in addition to
the regular image root tree.
Related to #342
- Fix use of pre requires in spec file
- Fixup working dir for editboot scripts
editbootconfig and editbootinstall scripts needs to be
called from within the correct directory to allow access
to the written bootloader config files. For live images
the working directory was set to the wrong place. This
Fixes #353
- remove duplicated code from dhclient setup
IPADDR is assigned within dhclientImportInfo
original patch by Dinar Valeev
- Fix spelling of 'processor'
https://bugzilla.opensuse.org/show_bug.cgi?id=957927
- Fixed pre-req for kiwi-pxeboot subpackage
the binaries groupadd and useradd used in the preinstall
scriptlet and provided by the shadow package needs a pre
requirement on shadow to make sure they exist when the
package gets installed. Fixes (bsc#1040256)
- Fix existing root check, fixes #349
This commit fixes the validation of an existing root directory
for the command 'system build'. System build used to create the root
directory before performing the root existance check, thus the
check was always failing in any case. The root directory is created
inside the RootInit class within the 'create' method.
Fixes #349
- Extend --signing-key to Apt package manager
This commit extends support for --siging-key to the Apt package
manager. However it has only been included for the chrooted
operations, as current implementation of the bootstrap procedure does
not provide signature check capabilities.
Related to #342
- Extend --signing-key option to Yum and Dnf
This commit extends the --signing-key options support to Yum and Dnf
package managers. In addition, signature check for repositories
had to be disabled for Yum and Dnf, as kiwi unrelated issues were
found while testing. Nevertheless, package signature checks are
fully functional.
Related to #342
- Add --signing-key option
This commit adds --signing-key option which sets a key file to import
into the package manager trusted keys database. This commit adds this
flag support only for zypper.
Fixes #342
- Don't print warning report
The auto generated xml_parse.py uses the python warnings module
The unit tests uses the coverage module in py.test to create
a report. The latest py.test update now also creates a warnings
report which is unwanted because some of the unit tests
intentionally causes the creation of a warning as the expected
result but we don't want to see that in a py.test warnings
report. Therfore this patch switches off the creation of that
warnings report
- Update manual page of build command
Add information for --allow-existing-root option
- Fixup default behavior of build command
The build command automatically used an existing root tree
from a former build attempt. However this could cause an
inconsistent image if the former build root was not based on
the same image type setup. Thus it is better to allow this
only if the --allow-existing-root option is specified along
with the build command call
- Fixed alpha sorting of options
- Complete zypper cache cleanup
also the raw and solv cache needs to be deleted
- Update manual pages
Add information and use case for --clear-cache option
- Added --clear-cache option
The system prepare and build commands now provides the
option --clear-cache which deletes all cache data
associated with the repositories to build the image.
This Fixes #341
- Let dracut create a compressed initrd
dracut was called in a way to create an uncompressed initrd archive
and kiwi later runs the xz compression on it. That way the default
compression parameters used by dracut get lost. Fixes #335
- Improve rpm-check-signatures support
This commit ensures the signatures are checked for both: the
repository and the rpm package. It applies for zypper, dnf and
yum package managers.
- Fixup boot-load-size for efi loader in iso
Pass the real boot-load-size of the used loader as number
of 512byte blocks to the iso creation call. Related to
(bsc#939456)
- Update documentation to meet review results
- Added GCE image primary setup information
- Added Azure image primary setup information
- Added EC2 image primary setup information
- Map partition ID's from sgdisk to lowercase
- rework building virtual disk image chapter
Adapt to style as used in the live iso chapter and add
references to low level topics regarding the setup of
the image to work in the public cloud. Related to #323
==== qemu ====
Version update (2.8.0 -> 2.9.0)
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86
- Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan)
0056-jazz_led-fix-bad-snprintf.patch
0057-slirp-smb-Replace-constant-strings-.patch
0058-altera_timer-fix-incorrect-memset.patch
0059-Hacks-for-building-on-gcc-7-Fedora-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495)
0055-9pfs-local-forbid-client-access-to-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Address various security/stability issues
* Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334)
0051-input-limit-kbd-queue-depth.patch
* Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242)
0052-audio-release-capture-buffers.patch
* Fix OOB access in megasas device emulation (CVE-2017-8380
bsc#1037336)
0053-scsi-avoid-an-off-by-one-error-in-m.patch
* Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211)
0054-vmw_pvscsi-check-message-ring-page-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Fix building packages for some older distros.
- Further refine our handling of building firmware (or not) for
the various arch's and distro versions we build for. Note that
if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream
binary blobs are used, which may have migration incompatibilities
with previous versions of qemu provided.
- Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen
HVM guests got broken (bsc#1034131)
0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
- Include experimental, unsupported feature to assist in some
performance analysis work.
0050-i386-Allow-cpuid-bit-override.patch
- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9
* Includes fix for CVE-2017-7471, a virtfs security issue.
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Add empty keyboard queue tracepoint to help openQA testing work
better (bsc#1031692)
0048-input-Add-trace-event-for-empty-key.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9
- Enable ceph/rbd support for s390x (bsc#1030068)
- Enable ceph/rbd support for ppc* as available
- Update ARM in-kernel-timers patch (bsc#1033416)
* Patches renamed:
0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch
0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch
0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch
0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch
0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch
* Patches added (support patch):
0046-RFC-update-Linux-headers-from-irqs-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (included in upstream source archive):
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Added additional documentation provided with v2.9.0
- Fix build failure with gcc7 (bsc#1031340)
ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch
- Made miscellaneous spec file refinements
- The support documents included are now fairly accurate for the
arm and s390 world, and the x86 version also received a few
tweaks. Also included in those docs is a url reference to upstream
qemu deprecation plans and discussions.
(fate#321146)
- Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu
max feature overrides for libvirt compatability.
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9
* Includes fix for in guest privilege escalation when using TCG
(bsc#1030624)
* Patches dropped (equivalent included in upstream source archive):
0047-linux-user-exclude-cpu-model-code-w.patch
- Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384)
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (no longer needed based on what we now build for):
0024-virtfs-proxy-helper-Provide-__u64-f.patch
* Patches dropped (included in upstream source archive):
0034-dma-rc4030-limit-interval-timer-rel.patch
* Patches renamed:
0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch
0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch
0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch
0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch
0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch
0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch
0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch
0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch
0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch
0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch
0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch
0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch
0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch
0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch
0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch
0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch
0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch
0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch
0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch
0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch
0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch
0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9
* Updated version carries fixes for the following reported issues:
CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703,
CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612,
CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114,
CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311,
CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184
* Patches dropped:
seabios_128kb.patch (no longer required)
* Patches dropped (included in upstream source archive):
0035-net-imx-limit-buffer-descriptor-cou.patch
0045-virtio-gpu-call-cleanup-mapping-fun.patch
0051-virtio-gpu-fix-information-leak-in-.patch
0052-display-cirrus-ignore-source-pitch-.patch
0053-s390x-kvm-fix-small-race-reboot-vs..patch
0054-target-s390x-use-qemu-cpu-model-in-.patch
0056-tests-check-path-to-avoid-a-failing.patch
0057-display-virtio-gpu-3d-check-virgl-c.patch
0058-watchdog-6300esb-add-exit-function.patch
0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
0060-virtio-gpu-fix-memory-leak-in-resou.patch
0061-virtio-fix-vq-inuse-recalc-after-mi.patch
0062-audio-es1370-add-exit-function.patch
0063-audio-ac97-add-exit-function.patch
0064-megasas-fix-guest-triggered-memory-.patch
0065-cirrus-handle-negative-pitch-in-cir.patch
0066-cirrus-fix-blit-address-mask-handli.patch
0067-cirrus-fix-oob-access-issue-CVE-201.patch
0068-usb-ccid-check-ccid-apdu-length.patch
0069-sd-sdhci-check-data-length-during-d.patch
0070-virtio-gpu-fix-resource-leak-in-vir.patch
0071-cirrus-fix-patterncopy-checks.patch
0072-cirrus-add-blit_is_unsafe-call-to-c.patch
* Patches renamed:
0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch
0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch
0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch
0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch
0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch
0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch
0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch
0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch
0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch
0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch
0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch
0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch
0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch
0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
==== qemu-linux-user ====
Version update (2.8.0 -> 2.9.0)
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0056-jazz_led-fix-bad-snprintf.patch
0057-slirp-smb-Replace-constant-strings-.patch
0058-altera_timer-fix-incorrect-memset.patch
0059-Hacks-for-building-on-gcc-7-Fedora-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0055-9pfs-local-forbid-client-access-to-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0051-input-limit-kbd-queue-depth.patch
0052-audio-release-capture-buffers.patch
0053-scsi-avoid-an-off-by-one-error-in-m.patch
0054-vmw_pvscsi-check-message-ring-page-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0049-ACPI-don-t-call-acpi_pcihp_device_p.patch
0050-i386-Allow-cpuid-bit-override.patch
- Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0048-input-Add-trace-event-for-empty-key.patch
- Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches renamed:
0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch
0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch
0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch
0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch
0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch
0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch
* Patches added:
0046-RFC-update-Linux-headers-from-irqs-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped:
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Made miscellaneous spec file refinements
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
* Patches added:
0048-i386-Replace-uint32_t-with-FeatureW.patch
0049-i386-Don-t-override-cpu-options-on-.patch
- Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped:
0047-linux-user-exclude-cpu-model-code-w.patch
* Patches added:
0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (no longer needed based on what we now build for):
0024-virtfs-proxy-helper-Provide-__u64-f.patch
* Patches dropped (included in upstream source archive):
0034-dma-rc4030-limit-interval-timer-rel.patch
* Patches renamed:
0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch
0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch
0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch
0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch
0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch
0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch
0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch
0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch
0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch
0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch
0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch
0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch
0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch
0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch
0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch
0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch
0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch
0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch
0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch
0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch
0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch
0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch
0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
- Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9
* Patches dropped (included in upstream source archive):
0035-net-imx-limit-buffer-descriptor-cou.patch
0045-virtio-gpu-call-cleanup-mapping-fun.patch
0051-virtio-gpu-fix-information-leak-in-.patch
0052-display-cirrus-ignore-source-pitch-.patch
0053-s390x-kvm-fix-small-race-reboot-vs..patch
0054-target-s390x-use-qemu-cpu-model-in-.patch
0056-tests-check-path-to-avoid-a-failing.patch
0057-display-virtio-gpu-3d-check-virgl-c.patch
0058-watchdog-6300esb-add-exit-function.patch
0059-virtio-gpu-3d-fix-memory-leak-in-re.patch
0060-virtio-gpu-fix-memory-leak-in-resou.patch
0061-virtio-fix-vq-inuse-recalc-after-mi.patch
0062-audio-es1370-add-exit-function.patch
0063-audio-ac97-add-exit-function.patch
0064-megasas-fix-guest-triggered-memory-.patch
0065-cirrus-handle-negative-pitch-in-cir.patch
0066-cirrus-fix-blit-address-mask-handli.patch
0067-cirrus-fix-oob-access-issue-CVE-201.patch
0068-usb-ccid-check-ccid-apdu-length.patch
0069-sd-sdhci-check-data-length-during-d.patch
0070-virtio-gpu-fix-resource-leak-in-vir.patch
0071-cirrus-fix-patterncopy-checks.patch
0072-cirrus-add-blit_is_unsafe-call-to-c.patch
* Patches renamed:
0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch
0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch
0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch
0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch
0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch
0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch
0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch
0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch
0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch
0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch
0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch
0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch
0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch
0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch
0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
==== qtcurve-kde4 ====
Version update (1.8.19~git20170506 -> 1.9.0)
Subpackages: libqtcurve-cairo1 libqtcurve-utils2 qtcurve-gtk2 qtcurve-qt5
- Update to 1.9.0
* Make X11 drop shadow size configurable
==== sudo ====
Version update (1.8.19p2 -> 1.8.20p2)
- update to 1.8.20p2 which obsoletes patches:
* sudo-1.8.19p2-CVE-2017-1000367.patch
* sudo-1.8.19p2-decrement_env_len.patch
* sudo-1.8.19p2-dont_overwrite_ret_val.patch
Major changes between sudo 1.8.20p2 and 1.8.20p1:
* Fixed a bug parsing /proc/pid/stat on Linux when the process
name contains newlines. This is not exploitable due to the /dev
traversal changes in sudo 1.8.20p1.
Major changes between sudo 1.8.20p1 and 1.8.20:
* Fixed "make check" when using OpenSSL or GNU crypt.
Bug #787.
* Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux
when the process name contains spaces. Since the user has control
over the command name, this could potentially be used by a user
with sudo access to overwrite an arbitrary file on systems with
SELinux enabled. Also stop performing a breadth-first traversal
of /dev when looking for the device; only a hard-coded list of
directories are checked,
Major changes between sudo 1.8.20 and 1.8.19p2:
* Added support for SASL_MECH in ldap.conf. Bug #764
* Added support for digest matching when the command is a glob-style
pattern or a directory. Previously, only explicit path matches
supported digest checks.
* New "fdexec" Defaults option to control whether a command
is executed by path or by open file descriptor.
* The embedded copy of zlib has been upgraded to version 1.2.11.
* Fixed a bug that prevented sudoers include files with a relative
path starting with the letter 'i' from being opened. Bug #776.
* Added support for command timeouts in sudoers. The command will
be terminated if the timeout expires.
* The SELinux role and type are now displayed in the "sudo -l"
output for the LDAP and SSSD backends, just as they are in the
sudoers backend.
* A new command line option, -T, can be used to specify a command
timeout as long as the user-specified timeout is not longer than
the timeout specified in sudoers. This option may only be
used when the "user_command_timeouts" flag is enabled in sudoers.
* Added NOTBEFORE and NOTAFTER command options to the sudoers
backend similar to what is already available in the LDAP backend.
* Sudo can now optionally use the SHA2 functions in OpenSSL or GNU
crypt instead of the SHA2 implementation bundled with sudo.
* Fixed a compilation error on systems without the stdbool.h header
file. Bug #778.
* Fixed a compilation error in the standalone Kerberos V authentication
module. Bug #777.
* Added the iolog_flush flag to sudoers which causes I/O log data
to be written immediately to disk instead of being buffered.
* I/O log files are now created with group ID 0 by default unless
the "iolog_user" or "iolog_group" options are set in sudoers.
* It is now possible to store I/O log files on an NFS-mounted
file system where uid 0 is remapped to an unprivileged user.
The "iolog_user" option must be set to a non-root user and the
top-level I/O log directory must exist and be owned by that user.
* Added the restricted_env_file setting to sudoers which is similar
to env_file but its contents are subject to the same restrictions
as variables in the invoking user's environment.
* Fixed a use after free bug in the SSSD backend when the fqdn
sudoOption is enabled and no hostname value is present in
/etc/sssd/sssd.conf.
* Fixed a typo that resulted in a compilation error on systems
where the killpg() function is not found by configure.
* Fixed a compilation error with the included version of zlib
when sudo was built outside the source tree.
* Fixed the exit value of sudo when the command is terminated by
a signal other than SIGINT. This was broken in sudo 1.8.15 by
the fix for Bug #722. Bug #784.
* Fixed a regression introduced in sudo 1.8.18 where the "lecture"
option could not be used in a positive boolean context, only
a negative one.
* Fixed an issue where sudo would consume stdin if it was not
connected to a tty even if log_input is not enabled in sudoers.
Bug #786.
* Clarify in the sudoers manual that the #includedir directive
diverts control to the files in the specified directory and,
when parsing of those files is complete, returns control to the
original file. Bug #775.
==== tigervnc ====
Version update (1.7.1 -> 1.8.0)
- removed unneeded -fPIC flags for CFLAGS, these made it avoid
PIE support.
- Update to tigervnc 1.8.0
* Overhaul of the Java client to match the look and behaviour of the native client
* Initial work for multi-threaded decoding in the Java client
* vncconfig no longer needed for clipboard with Xvnc/libvnc.so
* vncserver has system wide config support
* Full support for alpha cursors in Xvnc/libvnc.so and both viewers
- Removed patches:
* U_Add-xorg-xserver-1.19-support.patch
* U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch
* U_tigervnc-better-check-for-screen-visibility.patch
- U_tigervnc-better-check-for-screen-visibility.patch
* Crop operations to visible screen. (bnc#1032272)
==== wireshark ====
Version update (2.2.6 -> 2.2.7)
Subpackages: libwireshark8 libwiretap6 libwscodecs1 libwsutil7 wireshark-ui-qt
- Wireshark 2.2.7 (bsc#1042330):
This release fixes minor vulnerabilities that could be used to
trigger dissector crashes, infinite loopsm or cause excessive use
of CPU resources by making Wireshark read specially crafted
packages from the network or a capture file:
* CVE-2017-9352: Bazaar dissector infinite loop (bsc#1042304)
* CVE-2017-9348: DOF dissector read overflow (bsc#1042303)
* CVE-2017-9351: DHCP dissector read overflow (bsc#1042302)
* CVE-2017-9346: SoulSeek dissector infinite loop (bsc#1042301)
* CVE-2017-9345: DNS dissector infinite loop (bsc#1042300)
* CVE-2017-9349: DICOM dissector infinite loop (bsc#1042305)
* CVE-2017-9350: openSAFETY dissector memory exhaustion (bsc#1042299)
* CVE-2017-9344: BT L2CAP dissector divide by zero (bsc#1042298)
* CVE-2017-9343: MSNIP dissector crash (bsc#1042309)
* CVE-2017-9347: ROS dissector crash (bsc#1042308)
* CVE-2017-9354: RGMP dissector crash (bsc#1042307)
* CVE-2017-9353: IPv6 dissector crash (bsc#1042306)
==== xen ====
Version update (4.9.0_04 -> 4.9.0_07)
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU
- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop
due to incorrect return value
CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch
- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory
leakage via capture buffer
CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch
- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108)
xen-4.9.0-testing-src.tar.bz2
==== xf86-input-evdev ====
- includes everything needed for missing sle issue entries:
fate #320263, fate#315643-315645, 319159-319161, 319618 (bsc#1041371)
- 50-elotouch.conf: Make sure an 'TouchSystems CarrollTouch 4500U'
is an absolute device (bnc#876089, bsc#1041371)
==== xf86-input-synaptics ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041556)
==== xf86-input-vmmouse ====
- includes everything needed for missing sle issue entries:
fate #320612, fate #315643-315645, 319159-319161, 319618, bnc#922188
(bsc#1041589)
==== xf86-input-void ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041352)
==== xf86-video-ast ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618, bnc#867165 (bsc#1041346)
==== xf86-video-cirrus ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041347)
==== xf86-video-fbdev ====
- includes everything needed for missing sle issue entries:
fate #320388 (bsc#1041351)
==== xf86-video-nv ====
- commented out modalias lines in specfile in order to no longer
install xf86-video-nv driver by default (bnc#868732, bsc#1041416)
- covers missing SLE entry fate#320388 (bsc#1041416)
==== xf86-video-vesa ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041379)
==== xf86-video-vmware ====
- includes everything needed for missing sle issue entries:
fate #315643-315645, 319159-319161, 319618 (bsc#1041651)
==== xfce4-vala ====
- Simplify situation around vala versions:
+ BuildRequire libvala-devel: this is a virtual symbol provided
by the various libvala-*-devel versions.
+ Programatically find the API version provided by libvala-devel
to pass this to configure.
- Add 0%{?leap_version} == 420300 to allow build on Leap 42.3.
==== xorg-x11-driver-video ====
- get rid of old and no longer supported drivers
xorg-x11-driver-video-{radeonhd,unichrome} (bnc#873443, bsc#1041398)
==== xrandr ====
- includes everything needed for missing sle issue entries:
fate #320388 (bsc#1041382)
- Add xrandr-print-outputs-per-provider.patch from sle12. This makes
the --listproviders option in xrandr(1) also print which outputs are
supported by each provider or GPU. (patch by federico@suse.com)
==== xtrans ====
- includes everything needed for missing sle issue entries:
fate #320388 (bsc#1041610)
==== zypper ====
Version update (1.13.27 -> 1.13.28)
Subpackages: zypper-aptitude zypper-log
- Accept --auto-agree-with-product-licenses from SUSEconnect (bsc#1037783)
- version 1.13.28
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org