Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (19.1.5 -> 19.1.7) Mesa-drivers (19.1.5 -> 19.1.7) MozillaFirefox-branding-openSUSE MozillaThunderbird (60.8.0 -> 68.1.0) accountsservice adjtimex avahi avahi-glib2 bash (5.0 -> 5.0.11) blog boost-defaults (1.69.0 -> 1.71.0) catfish (1.4.9 -> 1.4.10) cdrdao cifs-utils curl (7.65.3 -> 7.66.0) emacs (26.2 -> 26.3) ffmpeg-4 fftw3 gdb gegl ghostscript graphene (1.8.6 -> 1.10.0) icecream (1.2 -> 1.3) iptables iputils kernel-64kb (5.2.13 -> 5.2.14) kernel-source (5.2.13 -> 5.2.14) kwalletmanager5 libaio libb64 libdmapsharing libdvbpsi (1.3.2 -> 1.3.3) libkolabxml libmbim (1.18.2 -> 1.20.0) libmypaint (1.3.0 -> 1.4.0) libqca-qt5 libqmi (1.22.4 -> 1.22.6) libsoup (2.66.2 -> 2.66.3) mercurial (5.1 -> 5.1.1) nano neon netcat-openbsd (1.195 -> 1.203) numactl open-iscsi opie orc (0.4.29 -> 0.4.30) patterns-base perl-Mojolicious (8.23 -> 8.24) perl-Test-Simple (1.302167 -> 1.302168) plymouth (0.9.4+git20190612+9359382 -> 0.9.5+git20190908+3abfab2) purple-lurch python-qt5 python-setproctitle readline spandsp swig (4.0.0 -> 4.0.1) v4l-utils === Details === ==== Mesa ==== Version update (19.1.5 -> 19.1.7) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to version 19.1.7 * another bugfix release .... - Add ppc64 for radeonsi to avoid build error - Update to version 19.1.6 * bugfix release ==== Mesa-drivers ==== Version update (19.1.5 -> 19.1.7) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 - Update to version 19.1.7 * another bugfix release .... - Add ppc64 for radeonsi to avoid build error - Update to version 19.1.6 * bugfix release ==== MozillaFirefox-branding-openSUSE ==== - layout.word_select.stop_at_punctuation -> true (boo#1133163) ==== MozillaThunderbird ==== Version update (60.8.0 -> 68.1.0) - Mozilla Thunderbird 68.1.0 * Offer to configure Exchange accounts for Office365. A third-party add-on is required for this account type. IMAP still exists as alternative. * several bugfixes MFSA 2019-30 * CVE-2019-11739 (bmo#1571481) Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message * CVE-2019-11746 (bmo#1564449) Use-after-free while manipulating video * CVE-2019-11744 (bmo#1562033) XSS by breaking out of title and textarea elements using innerHTML * CVE-2019-11742 (bmo#1559715) Same-origin policy violation with SVG filters and canvas to steal cross-origin images * CVE-2019-11752 (bmo#1501152) Use-after-free while extracting a key value in IndexedDB * CVE-2019-11743 (bmo#1560495) Cross-origin access to unload event attributes * CVE-2019-11740 (bmo#1563133,bmo#1573160) Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9, Thunderbird 68.1, and Thunderbird 60.9 - removed upstreamed fix-build-after-y2038-changes-in-glibc.patch - added thunderbird-locale-build.patch to fix locale build - Add -L flag to the stat call for checking file size of %{SOURCE4}. - Add fix-missing-return-warning.patch to silence a compiler warning. - Mozilla Thunderbird 68.0 * based on Firefox ESR 68 * File link attachments can now be linked to again instead of uploading them again * Mark all folders of an account as read * Run filters periodically. Improved filter logging * OAuth2 authentication for Yandex * Language packs can now be selected in the Advanced Options. Preference intl.multilingual.enabled needs to be set (and possily also extensions.langpacks.signatures.required needs to be set to false) * Added a policy engine that allows customized Thunderbird deployments in enterprise environments, using Windows Group Policy or a cross-platform JSON file * TCP keepalive for IMAP protocol * Full Unicode support for MAPI interfaces: New support for MAPISendMailW * Calendar: Time zone data can now include past and future changes. All known time zone changes from 2018 to 2022 are included. * Chat: In each conversation an individual spellcheck language can be selected now - removed obsolete patches * mozilla-bmo1463035.patch * mozilla-i586-domPrefs.patch * mozilla-bmo1464766.patch * mozilla-bmo1519629.patch * mozilla-i586-DecoderDoctorLogger.patch * mozilla-bmo1375074.patch - added fix-build-after-y2038-changes-in-glibc.patch to fix build in Tumbleweed (patch already upstream for next release) ==== accountsservice ==== Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 - Add accountsservice-wtmp-io-improvements.patch: Backports that improve wtmp io performance (boo#1139487). - Refresh as-fate318433-prevent-same-account-multi-logins.patch. ==== adjtimex ==== - Modernise spec file a bit ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7 - Trim descriptions of secondary packages. - Drop gtk2-devel and python-gtk-devel BuildRequires: No longer build gtk2 support. Following this, pass --disable-gtk to configure. Drop sub-package libavahi-ui0, no longer built. - Drop long disabled sub-packages libavahi-qt4-1 and libavahi-qt4-devel. ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Drop gtk2-devel and python-gtk-devel BuildRequires: No longer build gtk2 support. Following this, pass --disable-gtk to configure. Drop sub-package libavahi-ui0, no longer built. - Drop long disabled sub-packages libavahi-qt4-1 and libavahi-qt4-devel. ==== bash ==== Version update (5.0 -> 5.0.11) Subpackages: bash-doc bash-lang - Use new version scheme which now includes patch level as well - Add official patch bash50-010 * Change posix mode bahviour * Remove patch assignment-preceding-builtin.patch - Add official patch bash50-011 The conditional command did not perform appropriate quoted null character removal on its arguments, causing syntax errors and attempts to stat invalid pathnames. - Avoid pulling in bash-doc into every installation. Instead of recommeding it, supplement the documentation pattern. ==== blog ==== Subpackages: libblogger2 - Add blog-Remove-unused-header.patch: Fix build with new glibc (gh#bitstreamout/showconsole#3). ==== boost-defaults ==== Version update (1.69.0 -> 1.71.0) Subpackages: boost-devel boost-jam - Update for Boost 1.71.0 - Update for Boost 1.70.0 ==== catfish ==== Version update (1.4.9 -> 1.4.10) Subpackages: catfish-lang - Update to version 1.4.10 * New Features: - Preferences Dialog: * Window layout (titlebar vs. headerbar) * Display options (hidden files and sidebar) * Custom exclude directories - Option to close Catfish after opening a file (bxo#14888) * fix path exclusions (deb#926850) * Improved Application Menu: - Better use of space, padding, and margins - Clearer purpose labels - Keyboard accelerator for the sidebar (F9) is now displayed * General: - Better use of alt-accelerators - Improved installation instructions (bxo#15105) - Reduced warnings displayed in the terminal - Simplified Python 2/3 compatibility code - Standardized icon sizes, no more wrongly-sized icons in the results - Various code quality fixes (pylint, flake) * Search (Walk Method): - Enable traversing symbolic links, processing real paths only once - Add search priority, with each level processed alphabetically: 1. XDG paths (Desktop, Documents, etc) 2. Visible paths 3. Hidden paths * Translation Updates ==== cdrdao ==== - Add cdrdao-drop-gconf-dep.patch: Drop dependency on gconf2. Patch taken from debian. - Following the above, drop gconf2-devel BuildRequires. - Refresh patches with quilt. - Run spec-cleaner, use modern macros. ==== cifs-utils ==== - Fix double-free in mount.cifs; (bsc#1149164). * add 0011-fix-doublefree.patch ==== curl ==== Version update (7.65.3 -> 7.66.0) Subpackages: libcurl4 - Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481] * Changes: - CURLINFO_RETRY_AFTER: parse the Retry-After header value - HTTP3: initial (experimental still not working) support - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool - curl: support parallel transfers with -Z - curl_multi_poll: a sister to curl_multi_wait() that waits more - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID * Bugfixes: - CVE-2019-5481: FTP-KRB double-free - CVE-2019-5482: TFTP small blocksize heap buffer overflow - CMake: remove needless newlines at end of gss variables - CMake: use platform dependent name for dlopen() library - CURLINFO docs: mention that in redirects times are added - CURLOPT_ALTSVC.3: use a "" file name to not load from a file - CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED - CURLOPT_HEADERFUNCTION.3: clarify - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly - CURLOPT_READFUNCTION.3: provide inline example - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 - Curl_addr2string: take an addrlen argument too - Curl_fillreadbuffer: avoid double-free trailer buf on error - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown - alt-svc: add protocol version selection masking - alt-svc: fix removal of expired cache entry - alt-svc: make it use h3-22 with ngtcp2 as well - alt-svc: more liberal ALPN name parsing - alt-svc: send Alt-Used: in redirected requests - alt-svc: with quiche, use the quiche h3 alpn string - asyn-thread: create a socketpair to wait on - cleanup: move functions out of url.c and make them static - cleanup: remove the 'numsocks' argument used in many places - configure: avoid undefined check_for_ca_bundle - curl.h: add CURL_HTTP_VERSION_3 to the version enum - curl: cap the maximum allowed values for retry time arguments - curl: handle a libcurl build without netrc support - curl: make use of CURLINFO_RETRY_AFTER when retrying - curl: use CURLINFO_PROTOCOL to check for HTTP(s) - curl_global_init_mem.3: mention it was added in 7.12.0 - curl_version: bump string buffer size to 250 - curl_version_info.3: mentioned ALTSVC and HTTP3 - curl_version_info: offer quic (and h3) library info - curl_version_info: provide nghttp2 details - defines: avoid underscore-prefixed defines - docs/ALTSVC: remove what works and the experimental explanation - docs/EXPERIMENTAL: explain what it means and what's experimental now - docs/MANUAL.md: converted to markdown from plain text - docs/examples/curlx: fix errors - docs: s/curl_debug/curl_dbg_debug in comments and docs - easy: resize receive buffer on easy handle reset - examples: Avoid reserved names in hiperfifo examples - examples: add http3.c, altsvc.c and http3-present.c - http09: disable HTTP/0.9 by default in both tool and library - http2: when marked for closure and wanted to close == OK - http2_recv: trigger another read when the last data is returned - http: fix use of credentials from URL when using HTTP proxy - http_negotiate: improve handling of gss_init_sec_context() failures - md4: Use our own MD4 when no crypto libraries are available - multi: call detach_connection before Curl_disconnect - nss: use TLSv1.3 as default if supported - openssl: build warning free with boringssl - openssl: use SSL_CTX_set__proto_version() when available - plan9: add support for running on Plan 9 - progress: reset download/uploaded counter between transfers - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp - scp: fix directory name length used in memcpy - smb: init *msg to NULL in smb_send_and_recv() - smtp: check for and bail out on too short EHLO response - source: remove names from source comments - spnego_sspi: add typecast to fix build warning - src/makefile: fix uncompressed hugehelp.c generation - ssh-libssh: do not specify O_APPEND when not in append mode - ssh: move code into vssh for SSH backends - sspi: fix memory leaks - tests: Replace outdated test case numbering documentation - tftp: return error when packet is too small for options - timediff: make it 64 bit (if possible) even with 32 bit time_t - travis: reduce number of torture tests in 'coverage' - url: make use of new HTTP version if alt-svc has one - urlapi: verify the IPv6 numerical address - urldata: avoid 'generic', use dedicated pointers - vauth: Use CURLE_AUTH_ERROR for auth function errors ==== emacs ==== Version update (26.2 -> 26.3) Subpackages: emacs-info emacs-nox emacs-x11 etags - Update to emacs version 26.3 * New option 'help-enable-completion-auto-load'. This allows disabling the new feature introduced in Emacs 26.1 which loads files during completion of 'C-h f' and 'C-h v' according to 'definition-prefixes'. * Emacs now supports the new Japanese Era name. The newly assigned codepoint U+32FF was added to the Unicode Character Database compiled into Emacs. ==== ffmpeg-4 ==== Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58 libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5 - Add 0001-avcodec-h2645_parse-zero-initialize-the-rbsp-buffer.patch [boo#1149839, CVE-2019-15942] - Make ffmpeg-4.2-dlopen-fdk_aac.patch less verbose ==== fftw3 ==== Subpackages: libfftw3-3 libfftw3_threads3 - Add -ffat-lto-objects to avoid build failure ==== gdb ==== - Add _constraints for PowerPC need more than 3.5GB disk space to avoid build failure - Disable use of valgrind on old s390 (31bit) distros. - Enable librpm for version > librpm.so.3 [bsc#1145692]: * Allow any librpm.so.x * Fix unused variables in HAVE_LIBRPM code in gdb-6.6-buildid-locate-rpm-suse.patch * Add %build test to check for "zypper install <rpm-packagename>" message - Implements jsc#ECO-368, the 2019 toolchain module update ==== gegl ==== Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - bsc#1144344: Remove JPEG2000 support due to planned removal of jasper, drop pkgconfig(jasper) BuildRequires. ==== ghostscript ==== Subpackages: ghostscript-x11 - Add patch gs-CVE-2019-14811-885444fc.patch to fix bsc#1146882 for CVE-2019-14811,CVE-2019-14812,CVE-2019-14813 - Add patch gs-CVE-2019-14817-cd1b1cac.patch to fix bsc#1146884 for CVE-2019-14817 - Add patch openjpeg4gs-CVE-2018-6616-8ee33522.patch to fix bsc#1140359 for CVE-2019-12973 - Update RPM groups. ==== graphene ==== Version update (1.8.6 -> 1.10.0) - Update to version 1.10.0: + API additions, mostly driven by Gthree: - Add graphene_matrix_decompose(). - Add intersection methods to graphene_ray_t. - graphene_triangle_init_from_float(). - graphene_triangle_get_uv(). + Fix graphene_ray_transform(). + Documentation fixes. - Update to version 1.9.6: + Add radians based initialisers for graphene_euler_t. + Use pragma once for the header inclusion guard. + Remove unused function (#159) + Add multiply(), scale(), and add() operators to graphene_quaternion_t. + Add lerp() operator to all vector types. + Add graphene_plane_transform() + Documentation updates for graphene_ray_t. + Fix graphene_box_get_center() and. graphene_box_get_bounding_sphere() (#165) + Ensure that we detect empty or infinite boxes in the. graphene_box_t API. - Changes from version 1.9.4: + Graphene now uses an ancillary library called µTest for its test suite; this means it's possible to build and run the test suite without necessarily depending on GLib. + the conversion of the Euler angles type to and from matrices and. quaternions has been rewritten from scratch, and should not only be finally correct, but it should also cover more use cases—namely the "proper" Euler angles as well as the Tait–Bryan angles. + the ARM NEON implementation of the SIMD types has been improved, fixed, and tested, so it's not marked as experimental any more. + Require Meson ≥ 0.50.1. + Fix graphene_quaternion_equal() to consider the orientation, not just the component equality. + Fix graphene_quaternion_slerp() to always interpolate along the shortest path. + Re-implement the conversion of graphene_euler_t to and from graphene_matrix_t and graphene_quaternion_t. + Add graphene_rectangle_get_area() + Document restrictions of graphene_rect_round(), and deprecate the function. + Add graphene_rect_round_extents() + Port the test suite from GLib's testing utilities to µTest. + Remove internal floating point comparisons. + Improve the NEON extensions detection code. + Fix comparison operators for graphene_simd4f_t on ARM using the NEON extensions. + Remove the "experimental" compiler warning from the ARM NEON implementation of graphene_simd4f_t. - Changes from version 1.9.2: + Add graphene_rect_scale() method. + Fix warning from Meson by dropping unnecessary argument to. configure_file() + Clean up arguments of pkgconfig.generate() + Add equality operators to graphene_matrix_t. + Add getters for translation components of a graphene_matrix_t. + Use darwin_versions argument instead of rolling our own. + Add GRAPHENE_RECT_INIT_ZERO ==== icecream ==== Version update (1.2 -> 1.3) - Use noun phrase in summary. - Fix source URL - update to 1.3 - remove hardcoded compiler paths (compiler tarball is created with the same compiler that is used for build) - avoid build overloading by limiting number of local preprocessing runs to local CPUs available - fix Objective C/C++ support - fix job preloading to again allow sending one extra job to a fully busy node - use libarchive to handle archives instead of using tar - support xz and zstd compression for compiler tarballs (improved speed/size) - use zstd compression when sending network data, if possible (improved speed) - improve speed of creating compiler tarballs - more robust handling of receiving compiler tarballs - default cache size for compiler environments has been increased to 256MiB - path handling fixes - platforms improvements in icecc-create-env - fix memory detection on MacOSX - improve local performance when -include-pch is used - simplify PCH handling - fix keeping order of compiler debug arguments, especially -gsplit-dwarf - better support for assembler and preprocessor flags when building the Linux kernel - force local rebuild if local preprocessing fails (works around some GCC -fdirectives-only problems) - limit -fdirectives-only workarounds only to cases when it is used - improved handling of network timeouts - avoid a timeout when the scheduler cannot find any suitable host for building - if ICECC_SLOW_NETWORK=1 is set, sending network data is split into smaller chunks - --interface option allows restricting which network interface daemons will use - improved debug logs - release builds are built without assert checks, use --enable-debug for developer builds - added a manual page for icerun - fix scheduler warning about missing user icecream ==== iptables ==== Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft) ==== iputils ==== - Fix arping -w problem (https://github.com/iputils/iputils/issues/211) * added arping-fix-f-quit-on-first-reply-regression.patch (upstream commit 1df5350) ==== kernel-64kb ==== Version update (5.2.13 -> 5.2.14) Subpackages: kernel-64kb-devel - Linux 5.2.14 (bnc#1012628). - Revert "mmc: core: do not retry CMD6 in __mmc_switch()" (bnc#1012628). - x86/boot: Preserve boot_params.secure_boot from sanitizing (bnc#1012628). - Revert "x86/apic: Include the LDR when clearing out APIC registers" (bnc#1012628). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bnc#1012628). - x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (bnc#1012628). - KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity (bnc#1012628). - gpio: Fix irqchip initialization order (bnc#1012628). - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bnc#1012628). - afs: use correct afs_call_type in yfs_fs_store_opaque_acl2 (bnc#1012628). - afs: Fix possible oops in afs_lookup trace event (bnc#1012628). - afs: Fix leak in afs_lookup_cell_rcu() (bnc#1012628). - KVM: arm/arm64: Only skip MMIO insn once (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bnc#1012628). - drm/amdgpu: prevent memory leaks in AMDGPU_CS ioctl (bnc#1012628). - selftests/kvm: make platform_info_test pass on AMD (bnc#1012628). - selftests: kvm: fix state save/load on processors without XSAVE (bnc#1012628). - infiniband: hfi1: fix memory leaks (bnc#1012628). - infiniband: hfi1: fix a memory leak bug (bnc#1012628). - IB/mlx4: Fix memory leaks (bnc#1012628). - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bnc#1012628). - nvme: Fix cntlid validation when not using NVMEoF (bnc#1012628). - nvme-multipath: fix possible I/O hang when paths are updated (bnc#1012628). - Tools: hv: kvp: eliminate 'may be used uninitialized' warning (bnc#1012628). - Input: hyperv-keyboard: Use in-place iterator API in the channel callback (bnc#1012628). - scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bnc#1012628). - x86/boot/compressed/64: Fix boot on machines with broken E820 table (bnc#1012628). - HID: cp2112: prevent sleeping function called from invalid context (bnc#1012628). - HID: intel-ish-hid: ipc: add EHL device id (bnc#1012628). - kprobes: Fix potential deadlock in kprobe_optimizer() (bnc#1012628). - sched/core: Schedule new worker even if PI-blocked (bnc#1012628). - ravb: Fix use-after-free ravb_tstamp_skb (bnc#1012628). - wimax/i2400m: fix a memory leak bug (bnc#1012628). - net: cavium: fix driver name (bnc#1012628). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bnc#1012628). - net: kalmia: fix memory leaks (bnc#1012628). - cx82310_eth: fix a memory leak bug (bnc#1012628). - vfs: fix page locking deadlocks when deduping files (bnc#1012628). - lan78xx: Fix memory leaks (bnc#1012628). - clk: Fix potential NULL dereference in clk_fetch_parent_index() (bnc#1012628). - clk: Fix falling back to legacy parent string matching (bnc#1012628). - net: myri10ge: fix memory leaks (bnc#1012628). - liquidio: add cleanup in octeon_setup_iq() (bnc#1012628). - selftests: kvm: fix vmx_set_nested_state_test (bnc#1012628). - selftests: kvm: provide common function to enable eVMCS (bnc#1012628). - selftests: kvm: do not try running the VM in vmx_set_nested_state_test (bnc#1012628). - cxgb4: fix a memory leak bug (bnc#1012628). - scsi: target: tcmu: avoid use-after-free after command timeout (bnc#1012628). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bnc#1012628). - drm/mediatek: set DMA max segment size (bnc#1012628). - drm/mediatek: use correct device to import PRIME buffers (bnc#1012628). - netfilter: nft_flow_offload: skip tcp rst and fin packets (bnc#1012628). - gpio: Fix build error of function redefinition (bnc#1012628). - ibmveth: Convert multicast list size for little-endian system (bnc#1012628). - s390/qeth: serialize cmd reply with concurrent timeout (bnc#1012628). - Bluetooth: hci_qca: Send VS pre shutdown command (bnc#1012628). - Bluetooth: btqca: Add a short delay before downloading the NVM (bnc#1012628). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (bnc#1012628). - hv_netvsc: Fix a warning of suspicious RCU usage (bnc#1012628). - ixgbe: fix possible deadlock in ixgbe_service_task() (bnc#1012628). - tools: bpftool: fix error message (prog -> object) (bnc#1012628). - netfilter: nf_flow_table: teardown flow timeout race (bnc#1012628). - netfilter: nf_flow_table: conntrack picks up expired flows (bnc#1012628). - netfilter: nf_tables: use-after-free in failing rule with bound set (bnc#1012628). - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (bnc#1012628). - clk: samsung: exynos542x: Move MSCL subsystem clocks to its sub-CMU (bnc#1012628). - clk: samsung: exynos5800: Move MAU subsystem clocks to MAU sub-CMU (bnc#1012628). - clk: samsung: Change signature of exynos5_subcmus_init() function (bnc#1012628). - net/mlx5e: Fix error flow of CQE recovery on tx reporter (bnc#1012628). - netfilter: nf_flow_table: fix offload for flows that are subject to xfrm (bnc#1012628). - libbpf: set BTF FD for prog only when there is supported .BTF.ext data (bnc#1012628). - libbpf: fix erroneous multi-closing of BTF FD (bnc#1012628). - batman-adv: Fix netlink dumping of all mcast_flags buckets (bnc#1012628). - net/rds: Fix info leak in rds6_inc_info_copy() (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bnc#1012628). - net: dsa: tag_8021q: Future-proof the reserved fields in the custom VID (bnc#1012628). - Add genphy_c45_config_aneg() function to phy-c45.c (bnc#1012628). - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bnc#1012628). - taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte (bnc#1012628). - taprio: Fix kernel panic in taprio_destroy (bnc#1012628). - r8152: remove calling netif_napi_del (bnc#1012628). - Revert "r8152: napi hangup fix after disconnect" (bnc#1012628). - nfp: flower: handle neighbour events on internal ports (bnc#1012628). - nfp: flower: prevent ingress block binds on internal ports (bnc#1012628). - tcp: remove empty skb from write queue in error cases (bnc#1012628). - tcp: inherit timestamp on mtu probe (bnc#1012628). - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent (bnc#1012628). - net_sched: fix a NULL pointer deref in ipt action (bnc#1012628). - net: sched: act_sample: fix psample group handling on overwrite (bnc#1012628). - net: fix skb use after free in netpoll (bnc#1012628). - mld: fix memory leak in mld_del_delrec() (bnc#1012628). - commit af75f09 - config: enable SLAB_FREELIST_HARDENED (bsc#1127808) Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the free object pointer on a per-cache basis making it more difficult to locate kernel objects via exploits probing the cache metadata. This change was requested by the upstream openSUSE community to make the kernel more resistent to slab freelist attacks. Tests conducted by the kernel performance teams confirmed that the performance impact is detectable but negligible. - commit 94938f2 - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - commit f84c163 - config: enable STACKPROTECTOR_STRONG also on armv6hl Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled, enable it here as well. - commit f434a32 ==== kernel-source ==== Version update (5.2.13 -> 5.2.14) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 5.2.14 (bnc#1012628). - Revert "mmc: core: do not retry CMD6 in __mmc_switch()" (bnc#1012628). - x86/boot: Preserve boot_params.secure_boot from sanitizing (bnc#1012628). - Revert "x86/apic: Include the LDR when clearing out APIC registers" (bnc#1012628). - libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer (bnc#1012628). - x86/boot/compressed/64: Fix missing initialization in find_trampoline_placement() (bnc#1012628). - KVM: arm/arm64: VGIC: Properly initialise private IRQ affinity (bnc#1012628). - gpio: Fix irqchip initialization order (bnc#1012628). - RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (bnc#1012628). - afs: use correct afs_call_type in yfs_fs_store_opaque_acl2 (bnc#1012628). - afs: Fix possible oops in afs_lookup trace event (bnc#1012628). - afs: Fix leak in afs_lookup_cell_rcu() (bnc#1012628). - KVM: arm/arm64: Only skip MMIO insn once (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in fill_inode() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob() (bnc#1012628). - ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr() (bnc#1012628). - drm/amdgpu: prevent memory leaks in AMDGPU_CS ioctl (bnc#1012628). - selftests/kvm: make platform_info_test pass on AMD (bnc#1012628). - selftests: kvm: fix state save/load on processors without XSAVE (bnc#1012628). - infiniband: hfi1: fix memory leaks (bnc#1012628). - infiniband: hfi1: fix a memory leak bug (bnc#1012628). - IB/mlx4: Fix memory leaks (bnc#1012628). - RDMA/cma: fix null-ptr-deref Read in cma_cleanup (bnc#1012628). - nvme: Fix cntlid validation when not using NVMEoF (bnc#1012628). - nvme-multipath: fix possible I/O hang when paths are updated (bnc#1012628). - Tools: hv: kvp: eliminate 'may be used uninitialized' warning (bnc#1012628). - Input: hyperv-keyboard: Use in-place iterator API in the channel callback (bnc#1012628). - scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (bnc#1012628). - x86/boot/compressed/64: Fix boot on machines with broken E820 table (bnc#1012628). - HID: cp2112: prevent sleeping function called from invalid context (bnc#1012628). - HID: intel-ish-hid: ipc: add EHL device id (bnc#1012628). - kprobes: Fix potential deadlock in kprobe_optimizer() (bnc#1012628). - sched/core: Schedule new worker even if PI-blocked (bnc#1012628). - ravb: Fix use-after-free ravb_tstamp_skb (bnc#1012628). - wimax/i2400m: fix a memory leak bug (bnc#1012628). - net: cavium: fix driver name (bnc#1012628). - ibmvnic: Unmap DMA address of TX descriptor buffers after use (bnc#1012628). - net: kalmia: fix memory leaks (bnc#1012628). - cx82310_eth: fix a memory leak bug (bnc#1012628). - vfs: fix page locking deadlocks when deduping files (bnc#1012628). - lan78xx: Fix memory leaks (bnc#1012628). - clk: Fix potential NULL dereference in clk_fetch_parent_index() (bnc#1012628). - clk: Fix falling back to legacy parent string matching (bnc#1012628). - net: myri10ge: fix memory leaks (bnc#1012628). - liquidio: add cleanup in octeon_setup_iq() (bnc#1012628). - selftests: kvm: fix vmx_set_nested_state_test (bnc#1012628). - selftests: kvm: provide common function to enable eVMCS (bnc#1012628). - selftests: kvm: do not try running the VM in vmx_set_nested_state_test (bnc#1012628). - cxgb4: fix a memory leak bug (bnc#1012628). - scsi: target: tcmu: avoid use-after-free after command timeout (bnc#1012628). - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bnc#1012628). - drm/mediatek: set DMA max segment size (bnc#1012628). - drm/mediatek: use correct device to import PRIME buffers (bnc#1012628). - netfilter: nft_flow_offload: skip tcp rst and fin packets (bnc#1012628). - gpio: Fix build error of function redefinition (bnc#1012628). - ibmveth: Convert multicast list size for little-endian system (bnc#1012628). - s390/qeth: serialize cmd reply with concurrent timeout (bnc#1012628). - Bluetooth: hci_qca: Send VS pre shutdown command (bnc#1012628). - Bluetooth: btqca: Add a short delay before downloading the NVM (bnc#1012628). - net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx (bnc#1012628). - hv_netvsc: Fix a warning of suspicious RCU usage (bnc#1012628). - ixgbe: fix possible deadlock in ixgbe_service_task() (bnc#1012628). - tools: bpftool: fix error message (prog -> object) (bnc#1012628). - netfilter: nf_flow_table: teardown flow timeout race (bnc#1012628). - netfilter: nf_flow_table: conntrack picks up expired flows (bnc#1012628). - netfilter: nf_tables: use-after-free in failing rule with bound set (bnc#1012628). - net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context (bnc#1012628). - clk: samsung: exynos542x: Move MSCL subsystem clocks to its sub-CMU (bnc#1012628). - clk: samsung: exynos5800: Move MAU subsystem clocks to MAU sub-CMU (bnc#1012628). - clk: samsung: Change signature of exynos5_subcmus_init() function (bnc#1012628). - net/mlx5e: Fix error flow of CQE recovery on tx reporter (bnc#1012628). - netfilter: nf_flow_table: fix offload for flows that are subject to xfrm (bnc#1012628). - libbpf: set BTF FD for prog only when there is supported .BTF.ext data (bnc#1012628). - libbpf: fix erroneous multi-closing of BTF FD (bnc#1012628). - batman-adv: Fix netlink dumping of all mcast_flags buckets (bnc#1012628). - net/rds: Fix info leak in rds6_inc_info_copy() (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference when qdisc is reset (bnc#1012628). - net/sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (bnc#1012628). - net: dsa: tag_8021q: Future-proof the reserved fields in the custom VID (bnc#1012628). - Add genphy_c45_config_aneg() function to phy-c45.c (bnc#1012628). - net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate (bnc#1012628). - taprio: Set default link speed to 10 Mbps in taprio_set_picos_per_byte (bnc#1012628). - taprio: Fix kernel panic in taprio_destroy (bnc#1012628). - r8152: remove calling netif_napi_del (bnc#1012628). - Revert "r8152: napi hangup fix after disconnect" (bnc#1012628). - nfp: flower: handle neighbour events on internal ports (bnc#1012628). - nfp: flower: prevent ingress block binds on internal ports (bnc#1012628). - tcp: remove empty skb from write queue in error cases (bnc#1012628). - tcp: inherit timestamp on mtu probe (bnc#1012628). - net: stmmac: dwmac-rk: Don't fail if phy regulator is absent (bnc#1012628). - net_sched: fix a NULL pointer deref in ipt action (bnc#1012628). - net: sched: act_sample: fix psample group handling on overwrite (bnc#1012628). - net: fix skb use after free in netpoll (bnc#1012628). - mld: fix memory leak in mld_del_delrec() (bnc#1012628). - commit af75f09 - config: enable SLAB_FREELIST_HARDENED (bsc#1127808) Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the free object pointer on a per-cache basis making it more difficult to locate kernel objects via exploits probing the cache metadata. This change was requested by the upstream openSUSE community to make the kernel more resistent to slab freelist attacks. Tests conducted by the kernel performance teams confirmed that the performance impact is detectable but negligible. - commit 94938f2 - rpm/constraints.in: lower disk space required for ARM With a requirement of 35GB, only 2 slow workers are usable for ARM. Current aarch64 build requires 27G and armv6/7 requires 14G. Set requirements respectively to 30GB and 20GB. - commit f84c163 - config: enable STACKPROTECTOR_STRONG also on armv6hl Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled, enable it here as well. - commit f434a32 ==== kwalletmanager5 ==== Subpackages: kwalletmanager5-lang - Remove no longer required kdelibs4support-devel BuildRequires, explicitly add no longer pulled in dependencies - Remove some obsolete parts from the spec file ==== libaio ==== Subpackages: libaio-devel libaio1 - Add _constraints for PowerPC to avoid OOM at build time ==== libb64 ==== - Small spec file cleanup ==== libdmapsharing ==== - Add missing pkgconfig(avahi-client) and pkgconfig(gtk+-2.0) BuildRequires previously pulled in by avahi. ==== libdvbpsi ==== Version update (1.3.2 -> 1.3.3) - Update to version 1.3.3: + Fix regression in dvbpsi_decoder_psi_section_add() set i_last_section_number ==== libkolabxml ==== - add 0001-Make-sure-boost-is-found-when-using-libkolabxml.patch. boost is a public dependency and must be searched before using libkolabxml. ==== libmbim ==== Version update (1.18.2 -> 1.20.0) Subpackages: libmbim-glib4 mbimcli-bash-completion - Update to version 1.20.0: + Build updated with several fixes: - Explicitly define max allowed GLib version. - Fix issues with -Werror=type-limits. - Made compiler warning options compatible with clang. + mbim-proxy: - Fixed client subscription to service indications using wildcard. - Fixed client subscription update logic when services/cids are being removed. - New '--empty-timeout=[SECS}' option to specify the empty lifetime duration. - New '--no-exit' option to avoid the proxy from exiting. + Several other minor improvements and fixes. - Drop libmbim-fix-build-commits.patch: Fixed upstream. Follwing this, drop libtool BuildRequires and autoreconf call. ==== libmypaint ==== Version update (1.3.0 -> 1.4.0) - Update to version 1.4.0: * Back-port a few new features and bug fixes from the 2.0 alpha branch. - Add libmypaint-gegl-shlib-version.patch: Fixes building with GEGL Support by removing versioning from the gegl lib (gh#mypaint/libmypaint#144). - Minor refresh of patches to apply cleanly. - Version Obsoletes for mypaint-devel appropirately to avoid self-obsoleting. - Fix spurious exec perm for README.md file. ==== libqca-qt5 ==== Subpackages: libqca-qt5-plugins - Drop the obsolete libqca2 package. - Run spec-cleaner ==== libqmi ==== Version update (1.22.4 -> 1.22.6) Subpackages: libqmi-glib5 libqmi-tools - Update to version 1.22.6: + qmicli: - Fix potential dereference of null GArray in LOC service. + libqmi-glib: - Fix definitions for QMI_*_LTE_BAND_*_EUTRAN_32 enum values. + Build updated with several fixes: - Explicitly define max allowed GLib version. ==== libsoup ==== Version update (2.66.2 -> 2.66.3) Subpackages: libsoup-2_4-1 libsoup-lang typelib-1_0-Soup-2_4 - Update to version 2.66.3: + docs: various gtk-doc fixes. + SoupServer: Fixes to Windows path handling. - Update options passed to meson following upstream changes. ==== mercurial ==== Version update (5.1 -> 5.1.1) Subpackages: mercurial-lang - Mercurial 5.1.1 Regularly scheduled bug fix release. * commands + bookmarks: actual fix for race condition deleting bookmark * core + exchange: abort on pushing bookmarks pointing to secret changesets (issue6159) + python-zstandard: apply big-endian fix (issue6188) + fncache: make debugrebuildfncache not fail on broken fncache * tests + various test runner fixes + fixed use of `tr --delete` for tr(1) portability ==== nano ==== Subpackages: nano-lang - Do not recommend lang package. The lang package already has a supplements. ==== neon ==== - Drop unnecessary requirement for OpenSSL 1.1.1 - Apply neon-0.30.2_ssl-fix_timeout_retvals.patch only when building with OpenSSL 1.1.1 (bsc#1149792) ==== netcat-openbsd ==== Version update (1.195 -> 1.203) - Update to 1.203 matching debian - Remove patch verbose-numeric-port.patch - Refresh patches: * broadcast-support.patch * build-without-TLS-support.patch * connect-timeout.patch * dccp-support.patch * destination-port-list.patch * get-sev-by-name.patch * misc-failures-and-features.patch * port-to-linux-with-libsd.patch * quit-timer.patch * send-crlf.patch * serialized-handling-multiple-clients.patch * set-TCP-MD5SIG-correctly-for-client-connections.patch * udp-scan-timeout.patch * use-flags-to-specify-listen-address.patch ==== numactl ==== Subpackages: libnuma1 - numastat doesn't need perl anymore since 2012 ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Upgraded to upstream version 2.0.878, which becomes 2.0.878-suse with our (few) SUSE-specific changes needed for our build system. Changes include: * general bug fixes in iscsid, iscsiadm, and libopeniscsiusr, including better lock handling for multiple instances of iscsiadm * iscsiuio/qedi updates * systemd service-file updates/cleanups This replaces open-iscsi-2.0.877-suse.tar.bz2 with open-iscsi-2.0.878-suse.tar.bz2, and it resets open-iscsi-SUSE-latest.diff.bz2 with fixes after 2.0.878. ==== opie ==== - Remove ancient %clean section. Replace old $RPM_* shell vars by macros. ==== orc ==== Version update (0.4.29 -> 0.4.30) - Update to version 0.4.30: + Don't always generate static library but default to shared-only + Work around false positives in Microsoft UWP certification kit + Add endbr32/endbr64 instructions on x86/x86-64 for indirect branch tracking + Fix gtk-doc build when orc is used as a meson subproject + Switch float comparison in tests to ULP method to fix spurious failures + Fix flushing of ARM icache when using dual map + Use float constants/parameters when testing float opcodes + Add support for Hygon Dhyana processor + Fix PPC/PPC64 CPU family detection + Add little-endian PPC support + Fix compiler warnings with clang + Mark exec mapping writable in debug mode for allowing breakpoints + Various codegen refactorings + autotools support has been dropped in favour of Meson as build system. + Fix PPC CPU feature detection and add support for VSX/v2.07 + Add double/int64 support for PPC - No longer remove static file in install section, no longer needed as it's not built by default anymore. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - minimal_base: add libnss_usrfiles2, required to read /usr/etc ==== perl-Mojolicious ==== Version update (8.23 -> 8.24) - updated to 8.24 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.24 2019-09-11 - Added EXPERIMENTAL context method to Mojo::Log. - Added EXPERIMENTAL cleanup event to Mojo::IOLoop::Subprocess. - Added log helper to Mojolicious::Plugin::DefaultHelpers. - Improved log messages generated by Mojolicious to include request ids when possible ==== perl-Test-Simple ==== Version update (1.302167 -> 1.302168) - updated to 1.302168 see /usr/share/doc/packages/perl-Test-Simple/Changes 1.302168 2019-09-06 07:40:18-07:00 America/Los_Angeles - Fix Typo in a Test2::API::Breakage warning (Thanks E. Choroba) - Delay loading of Term::Table until needed (Thanks Graham Knop) ==== plymouth ==== Version update (0.9.4+git20190612+9359382 -> 0.9.5+git20190908+3abfab2) Subpackages: plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Add patch plymouth-avoid-umount-hanging-shutdown.patch: To avoid grantpt() call nsslookup, it will hanging system unmount /var during shutdown period(bsc#1105688, bsc#1129386, bsc#1134660). - Update to version 0.9.5+git20190908+3abfab2: * two-step: Deal with buggy firmware which does not pre-rotate the bgrt image * configure: bump so name * Internationalization: Add zh_HK and zh_TW translations. * add delay time to 8 seconds to fit AMD graphic card. ==== purple-lurch ==== - Add purple-lurch-libomemo-fix-dino-compat.patch: Fix compatibility issues with Dino (commit e3b2125e). ==== python-qt5 ==== Subpackages: python-qt5-utils python3-qt5 - Add %dir plugindir/designer for %{python_files devel} in spec to avoid build error for PowerPC. - Add patch to support QKeySequenceEdit widgets in pyuic: add-qkeysequenceedit-to-uic.patch ==== python-setproctitle ==== - Replace PyPI URL with GitHub URL - Drop errant skip-failing-tests.patch caused by missing test dependency procps - Add use-pkg-config.patch to build using pkg-config instead of python-config, as the latter is not shipped in python3-devel - Add LANG in %check to fix openSUSE/SLE 15 - Use %license ==== readline ==== Subpackages: libreadline8 readline-devel readline-doc - Avoid pulling in readline-doc into every installation. Instead of recommeding it, supplement the documentation pattern. ==== spandsp ==== - Modernized the specfile. ==== swig ==== Version update (4.0.0 -> 4.0.1) - Update to 4.0.1 - SWIG now cleans up on error by removing all generated files. - Add Python 3.8 support. - Python Sphinx compatibility added for Doxygen comments. - Some minor regressions introduced in 4.0.0 were fixed. - Fix some C++17 compatibility problems in Python and Ruby generated code. - Minor improvements/fixes for C#, Java, Javascript, Lua, MzScheme, Ocaml, Octave and Python. See https://raw.githubusercontent.com/swig/swig/master/CHANGES ==== v4l-utils ==== Subpackages: libv4l libv4l1-0 libv4l2-0 libv4lconvert0 - Split build of qv4l2ctl to an independent package. This allows building libv4l much earlier in the build cycle, as it no longer depends on libQt5. * Add use_system_v4l_for_qv4l.patch - Drop glu BuildRequires, only used for unused test binary in contrib.