April 2018 - openSUSE Factory - openSUSE Mailing Lists

[opensuse-factory] New Tumbleweed snapshot 20180410 released!
by Dominique Leuenberger 12 Apr '18

12 Apr '18

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: Mesa Mesa-drivers alsa (1.1.5 -> 1.1.6) alsa-utils (1.1.5 -> 1.1.6) efibootmgr file filesystem gcc7 (7.3.1+r258313 -> 7.3.1+r258812) gdb gnutls hostname pesign python-rpm rpm rzsz (0.12.20 -> 0.12.21~rc) texinfo === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libGL-devel Mesa-libGL1 Mesa-libglapi0 libgbm1 libwayland-egl1 - Remove n_Disable-AMDGPU-GFX9-Vega-on-LLVM-lessthan-6.0.0.patch. * Not needed since we build Mesa against LLVM 6. (bnc#1082298) - Remove u_Fix-crash-in-swrast-when-setting-a-texture-for-a-pix.patch. * It was disabled for long time and does not seem to be needed. (bnc#1082306) - Enable nine on arm/aarch64 ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon libxatracker2 - Remove n_Disable-AMDGPU-GFX9-Vega-on-LLVM-lessthan-6.0.0.patch. * Not needed since we build Mesa against LLVM 6. (bnc#1082298) - Remove u_Fix-crash-in-swrast-when-setting-a-texture-for-a-pix.patch. * It was disabled for long time and does not seem to be needed. (bnc#1082306) - Enable nine on arm/aarch64 ==== alsa ==== Version update (1.1.5 -> 1.1.6) Subpackages: alsa-devel libasound2 libasound2-32bit - Avoid the use of license tag for old distros for fixing build - Updated to alsa-lib 1.1.6: * Change FSF address (Franklin Street) * pcm: route: Fix use_getput flag computation for 3 byte formats * test: correct emulation for channel-map TLV * Change snd_dlopen() function to return the error string * configure.ac: build extra mixer modules conditionally * configure.ac: do not enable alisp code by default * conf/ucm: Rearrange Makefile.am * conf/ucm: Add dual HD-audio codecs config for Lenovo * conf/ucm: Add Gigabyte mobo UCM profile with dual HD-audio codecs * asound.h: add SNDRV_PCM_FORMAT_{S, U}20 * pcm: add and describe SND_PCM_FORMAT_{S, U}20 * pcm: linear, route: handle linear formats with 20-bit sample on 4 bytes * pcm: plug: add SND_PCM_FORMAT_{S, U}20 to linear_preferred_formats * pcm: remove unused macros of COPY_LABELS/COPY_END * pcm: remove unused macros of GETU_LABELS/GETU_END * pcm: remove unused macros of NORMS_LABELS/NORMS_END * pcm: fix wrong comments for some cases of linear interpolation of PCM samples * topology: Fix to skip writing of header for compound elements * control: Proper reference of internal versioned functions * timer: Proper reference of internal versioned symbols * core: Proper reference of internal snd_dlopen() * conf/ucm: Add chtrt5645-mono-speaker-analog-mic configuration * pcm: Return the consistent error code for unexpected PCM states * pcm: Fix two bugs in snd_pcm_area_silence() * pcm: fix a bug to copy silent samples aligned to 64 * pcm: another fix for the snd_pcm_area_silence() fast path * pcm: ioplug: Use boundary for wrap around * pcm: Do not access lock_enabled if thread safe API * pcm: ioplug: Provide hw_avail helper function for plugins * pcm: Provide areas_copy function which handles buffer wrap around * pcm: ioplug: update prepare and draining state correctly * topology: Fix parsing config with multiple hw_configs * pcm: hw: Keep control data from kernel when SND_PCM_APPEND * control ext: fix the default .rawmidi_next_device callback * modules: smixer_python - add support for python3 * a set of fixes to reduce gcc warnings * pcm: Skip avail_min check during draining * pcm: ioplug: Implement proper drain behavior * conf: USB-Audio: Add second S/PDIF device on Phiree U2SX - Remove obsoleted patches: 0001-pcm-route-Fix-use_getput-flag-computation-for-3-byte.patch 0002-conf-ucm-Rearrange-Makefile.am.patch 0003-conf-ucm-Add-dual-HD-audio-codecs-config-for-Lenovo.patch 0004-conf-ucm-Add-Gigabyte-mobo-UCM-profile-with-dual-HD-.patch 0005-conf-ucm-Add-chtrt5645-mono-speaker-analog-mic-confi.patch 0006-pcm-Return-the-consistent-error-code-for-unexpected-.patch - Use %license file tag ==== alsa-utils ==== Version update (1.1.5 -> 1.1.6) - Avoid %license tag for old distros to fix builds - Updated to alsa-utils 1.1.6: * Change FSF address (Franklin Street) * aplay: Adjust sample rate limits to support newer hardware * alsactl: Only start restore service when asoundrc file exists * alsaloop: fix a typo in the comparison * speaker-test: Refactor the tone-generator codes * aplay: Fix wav file not being split on 32 bit platforms * bat: alsa.c - move the thread cleanup pop before goto exit3 - Remove obsoleted patches: 0001-aplay-Adjust-sample-rate-limits-to-support-newer-har.patch 0002-alsactl-Only-start-restore-service-when-asoundrc-fil.patch - Use %license file tag ==== efibootmgr ==== - Use %license instead of %doc [bsc#1082318] ==== file ==== Subpackages: file-devel file-magic libmagic1 - Correct line break in patch file-5.24-nitpick.dif (boo#1087924) ==== filesystem ==== - Add /etc/modprobe.d and /usr/lib/modprobe.d (bsc#1082050). ==== gcc7 ==== Version update (7.3.1+r258313 -> 7.3.1+r258812) Subpackages: cpp7 gcc7-c++ gcc7-fortran gcc7-info gcc7-locale gcc7-objc libasan4 libcilkrts5 libgfortran4 libstdc++6-devel-gcc7 libstdc++6-gcc7-locale libubsan0 - Update to gcc-7-branch head (r258812). * Picks fix to no longer enable -mpc-relative-literal-loads by default with --enable-fix-cortex-a53-843419. - Enable --enable-fix-cortex-a53-843419 on aarch64. [bnc#1084812] [bnc#1087930] ==== gdb ==== - Add some -Wno-error flags for gcc-8 compatibility. ==== gnutls ==== Subpackages: libgnutls-dane0 libgnutls-devel libgnutls30 libgnutls30-32bit - Simplify the DANE support %ifdef condition * build with DANE on openSUSE only - Adjust RPM groups. Drop %if..%endif guards that are idempotent. ==== hostname ==== - Use %license instead of %doc [bsc#1082318] ==== pesign ==== - Add pesign-bsc1087742-fix-efisiglist.patch to fix the generation of efi signature list. (bsc#1087742) ==== python-rpm ==== Subpackages: python2-rpm python3-rpm - remove rpmlint-Factory buildignore ==== rpm ==== Subpackages: rpm-build rpm-devel - %install_info: if we are going to fail, at least fail on install not on attempted upgrades or uninstall [bsc#1084997] ==== rzsz ==== Version update (0.12.20 -> 0.12.21~rc) - Update to 0.12.21~rc bsc#1086416: * RC candidate from 1999 containing bunch of trivial fxies that most other distributions ship - Rebase patches: * lrzsz-0.12.20-automake-1.13.patch * lrzsz-autotools.patch * lrzsz-po.patch ==== texinfo ==== Subpackages: info makeinfo - install-info_exitcode.patch: install-info needs to return success when it does nothing. We need 0 return value even on failure as old packages in SLE-11 and SLE-12 can become uninstallable. (bsc#1084997) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

3 2

[opensuse-factory] Leap 15.0 Build 197.1 released!
by Ludwig Nussel 12 Apr '18

12 Apr '18

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.0&bui… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&q… When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3… to record your testing efforts and use bugzilla to report bugs. Packages changed: adobe-sourceserifpro-fonts (1.014 -> 2.000) fprintd (0.7.0 -> 0.8.0) kdeconnect-kde (1.2.1 -> 1.3.0) libsoup (2.60.3 -> 2.62.0) listres (1.0.3 -> 1.0.4) webkit2gtk3 (2.18.6 -> 2.20.0) === Details === ==== adobe-sourceserifpro-fonts ==== Version update (1.014 -> 2.000) - Update to 2.000 * Changes 1.017: + Add ExtraLight, Light and Black weights. + Semibold and Bold were made heavier. + Lcommaaccent and lcommaaccent were added (missing in first release). * Changes 2.000: + Increase character set to Adobe Latin 4. + Add Greek (AG-1) & Cyrillic (AC-2) writing systems. + Add Small Caps for all of the above. + Add superiors for Latin capitals. - Update url to github.com ==== fprintd ==== Version update (0.7.0 -> 0.8.0) Subpackages: fprintd-lang fprintd-pam - Update to version 0.8.0 * Lockdown the daemon to minimise potential security issues * Don't wake up readers when there's no enrolled fingerprints ==== kdeconnect-kde ==== Version update (1.2.1 -> 1.3.0) Subpackages: kdeconnect-kde-lang - Update to 1.3.0 * Fixed frequent crash when receiving notifications * Fixed MPRIS player entries never being deleted * Added a Gnome Files (Nautilus) extension to send files from the context menu * Added handling of "tel:" links with KDE Connect * Support sending album art in MPRIS plugin * Allow sharing more than one file from the CI (eg: --share *.mp3) - Remove patches, now upstream: * 0001-Fix-null-dereference.patch - Modified wording in Description to match that KDE Connect runs under any Linux desktop (see upstream README.md file) ==== libsoup ==== Version update (2.60.3 -> 2.62.0) Subpackages: libsoup-2_4-1 libsoup-lang typelib-1_0-Soup-2_4 - Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036). - Update to version 2.62.0: + Updated translations. - Update to version 2.61.91: + Add limit to header length to avoid DOS attacks (bgo#792173). + Update the public-suffix list. + Revert "cookie-jar: use base domain to decide if cookie is third party" (bgo#792130). - Modernize spec-file by calling spec-cleaner - Update to version 2.61.90: + Various improvements to the WebSocket implementation (bgo#792113). + cookie-jar: use base domain to decide if cookie is third party (bgo#792130). + Add new API to create a new connection from a SoupSession (bgo#792212). + soup-headers: accept any 3 digit number as message status code (bgo#792124). - Remove unneeded %clean section: RPM does this kind of work itself already. - Adopt the use of %make_build macro rather than raw make command, following the best practices. - Update to version 2.61.2: + Session: don't request Keep-Alive for upgraded connections (bgo#788723). - Update to version 2.61.1: + tld-parser: use Python 3 (bgo#785735). + Fix heap-buffer-overflow in soup_ntlm_parse_challenge() (bgo#788037). + Fix possibly uninitialized value in ssl-test. + SoupCache: fix the timestamp for responses (bgo#791031). - Drop libsoup-tld-parser-py3.patch: fixed upstream. - Update to version 2.60.3: + heap-buffer-overflow in soup_ntlm_parse_challenge() (bgo#788037). + session: don't request Keep-Alive for upgraded connections (bgo#788723). + soup-headers: accept any 3 digit number as message status code (bgo#792124). - Use python3 during build: + Add libsoup-tld-parser-py3.patch: Use python3 for tld-parser. + Add python3-base BuildRequires. - Update to version 2.60.2: + Fix documentation typos (bgo#788920). + format-zero-length warning triggered in soup-logger.c (bgo#789096). + Warnings while generating inrospection files (bgo#789099). + Updated translations. - Add conditional use for translation-update-upstream: suse-only requirement. - Update Url to https://wiki.gnome.org/Projects/libsoup: current libsoup's project web page. - Run spec-cleaner -p to get respectives pkgconfig(*): gio-2.0, gobject-2.0, gobject-introspection-1.0, gtk-doc and libxml-2.0. - Update to version 2.60.1: + Fallback to another authentication type if the current failed (bgo#788238). + Fix unbalanced G_GNUC_BEGIN_IGNORE_DEPRECATIONS use in soup-session.c (bgo#787166). + SoupCache: fix setting default value for cache dir (bgo#788452). + Updated translations. - Update Url to https://wiki.gnome.org/LibSoup: current LibSoup's web page. - Update to version 2.60.0: + Updated translations. - Update to version 2.59.90.1: + Fixed a chunked decoding buffer overrun that could be exploited against either clients or servers (bgo#785774, CVE-2017-2885). - Changes from version 2.59.90: + Several SoupAuthNegotiate compatibility fixes (bgo#783780, bgo#783781). + Include a payload in SoupWebsocketConnection's "ping" messages (to avoid problems with certain buggy server implementations), and emit a signal when receiving a "pong" (to allow apps to notice when the remote peer has disconnected them) (bgo#785660). + Fix the interpretation of wss:// URIs, which previously mostly didn't work (bgo#784766). + Fixed SoupContentSniffer behavior on XML files with no Content-Type (webkit#173923). + Fixed a bug with cancelling async requests (bgo#773257). + Reverted the (undocumented) change in 2.58.0 to call soup_session_abort() after changing SoupSession:proxy-resolver; while this made its behavior more consistent with :proxy-uri, it ended up breaking things (bgo#781590). + Allow HTTP responses that have no trailing CRLF after the response headers (and no body) (bgo#780352). + Fixed an out-of-bounds read in SoupURI parsing (bgo#785042). + Fixed a spurious (debug-level) error message in SoupWebsocketConnection (bgo#784935). + Fixed introspection annotations on soup_message_headers_get_content_range(). + Fixed a flake in tests/header-parsing (bgo#777258). + Update tests/test-cert.pem to use stronger algorithms to avoid problems with newer gnutls (bgo#784949). + Fixed examples/get to not accidentally break https certificate validation (bgo#784259). + Misc updates to apache/php stuff in unit tests. - Update to version 2.58.2 (CVE-2017-2885, boo#1052916): + Fixed a chunked decoding buffer overrun that could be exploited against either clients or servers (bgo#785774, CVE-2017-2885). - Replace krb5-devel BuildRequires with pkgconfig(krb5): This does not exactly reproduce what configure is looking for (it ignores the .pc file) but it helps OBS in chosing between krb5 and krb5-mini, shortening build cycles. - Update to version 2.58.1: + Reverts a change to SoupSession to close all open connections when the :proxy-resolver property is changed (bgo#777326). This change was made in 2.58.0 but accidentally left out of the NEWS for that release; although that behavior made :proxy-resolver more consistent with :proxy-uri, it ended up breaking Evolution EWS (bgo#781590). + Fixed undefined behavior in tests/header-parsing that could make the test spuriously fail (bgo#777258). + Updates to the configure tests for Apache for use in tests/: - Dropped support for Apache 2.2. - Changed PHP support from PHP 5 to PHP 7. - mod_unixd can now be either built-in or dynamically loaded (bgo#776478). + Updated translations. - Update to version 2.58.0: + Fix authentication issues when the SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE flag is used (bgo#778497, bgo#777936). + MSVC build improvements. + Updated translations. - Update to version 2.57.1: + Added SoupWebsocketConnection:keepalive-interval, to make a connection send regular pings (bgo#773253). + Added soup_auth_manager_clear_cached_credentials() and SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE, to allow greater control over the use of cached HTTP auth credentials (bgo#774031, bgo#774033). + Fixed the use of SoupSession:proxy-uri values containing passwords (bgo#772932). + Various minor WebSocket fixes: - Avoid sending data after we start closing the connection (bgo#774957). - Do not log a critical if the peer sends an invalid close status code. - Log a debug message when a "pong" is received. + Fix introspection of soup_message_headers_get_content_range(). + Replaced Vala [Deprecated] annotations with [Version] to avoid build warnings (bgo#773177). + MSVC build improvements. + Updated error/message strings to use Unicode punctuation (bgo#772217). + Updated translations. - Update to version 2.56.0: + Added SoupWebsocketConnection:max-incoming-payload-size property, to override the default maximum incoming payload size (bgo#770022). + Added soup-version.h symbols (in particular soup_check_version()) to introspection (bgo#771439). + Updated the copy of the public suffix list used by SoupTLD (bgo#769650). + Updated translations. - Update to version 2.55.90: + Removed support for SSLv3 fallback; sites that reject TLS 1.x handshakes will now just fail with an error (Firefox and Chrome have both already switched to this behavior) (bgo#765940). + Fixed the parsing of <double>s in the new GVariant-based XMLRPC code (bgo#767707). + Fixed soup_server_set_ssl_cert_file(), which was added in 2.48 but didn't actually work. + Added GObject properties to SoupLogger to make it bindings-friendly (bgo#768053). + Fixed build error on FreeBSD (bgo#765376). + Fixed build with certain new versions of glibc that define "EOF" as a macro (bgo#768731). + Updated m4/ax_code_coverage.m4 with support for lcov 1.12. + Updated po files for future gettext versions. + Updated translations. - Drop libsoup-Prefix-signal-ID.patch: fixed upstream. - Add libsoup-Prefix-signal-ID.patch: Buildfix commit from upstream git. - Update to version 2.54.1: + Fixed an ABI break in 2.54.0 caused by adding a member to SoupAuthClass; 2.54.1 is ABI-compatible with 2.53.92 and earlier, but NOT with the anomalous 2.54.0. If you built packages against 2.54.0, you will need to rebuild them against 2.54.1. + Fixed NTLM authentication when ntlm_auth from the latest version of Samba is present (bgo#765106). + Updates to MSVC build, including for GSS-API support. + Updated translations. - Drop libsoup-auth-ntlm-fix.patch: Fixed upstream. - Add libsoup-auth-ntlm-fix.patch: Fix NTLM auth failure with latest samba (bgo#765106, boo#976110). - Update to version 2.54.0.1: + Fix a build problem with the 2.54.0 tarball, which would not build if you configured with "--without-gnome". - Update to version 2.54.0: + Fixed examples/simple-httpd on Windows (bgo758759). - Update to version 2.53.92: + libsoup now supports HTTP "Negotiate"/GSSAPI/Kerberos authentication. It must be enabled specifically by the application and is also subject to certain other restrictions, some of which are not yet controllable through the API (bgo#587145). + Added support for building under MSVC (bgo#758759). + Fixed a problem with the 2.53.90 tarball that caused translations to be mis-installed. + Updated translations. - Remove intltoolize call: the tarball has been corrected. - Add krb5-devel BuildRequires: new dependency for krb5 support. - Pass --with-krb5-config=%{_libexecdir}/mit/bin/krb5-config and - -with-gssapi to configure in order to enable krb5 support. - Update to version 2.53.90: + NUL bytes in headers are now ignored (bgo#760832). + Fixed transfer annotation of soup_form_decode* functions (bgo#743966). + Updated translations. - Call intltoolize before configure in order to fix up the tarball to work with recent versions of intltool. - Update to version 2.53.2: + Fixed up symbol visibility handling for mingw by copying GLib's system (bgo#757146). + Finally marked the old SoupSessionAsync and SoupSessionSync methods as deprecated (bgo#757146). + Added libsoup-2.4.deps for valac. + Make it possible to build from git without gtk-doc being installed. + Updated translations. - Update to version 2.53.1: + Really fixed build under MinGW for sure this time. + Fixed SoupServer Web Sockets code so that the SoupClientContext passed to a SoupServerWebsocketCallback is fully usable (rather than crashing when you try to do most things). - Update to version 2.52.2: + Fixed build under MinGW. + Fix SoupServerWebsocketCallback handling so that the SoupClientContext passed to it is still valid. + Added a .deps file to define dependencies for valac. - Update to version 2.52.1: + Fixed build under MinGW. + Fixed build with --disable-introspection (bgo#755389). + Fixed HTTP authentication protection space handling for files directly under the root directory (bgo#755617). + Fixed a warning when loading data from SoupCache while using an authenticated proxy (bgo#756076). + Updated translations. - Update to version 2.52.0: + Removed duplicate test paths from tests/date so it will pass with glib 2.46.0. - Update to version 2.51.92: + Added g_autoptr() support for all libsoup types (bgo#754721). + Added a missing (allow-none) annotation to soup_uri_normalize() (bgo#754776). + Updated translations. - Update to version 2.51.90: + Added a new GVariant-based XMLRPC API, and deprecated the old GValue-based API (along with the associated GValue-manipulating utilities) (bgo#746495). + Multiple build fixes for Visual Studio (bgo#752952). + Added VAPI generation (bgo#750679). + Fixed the mode bits on soup-cookie.c, which was previously marked executable for some reason (rh#1247285). + Updated translations. - Add pkgconfig(vapigen) BuildRequires: New dependency. - Update to version 2.51.3: + Fixed "make check" in non-English locales (rh#1224989, bgo#749397). + Fixed some compiler warnings (bgo#748514). + Updated translations. - Update to version 2.50.0: + Updated translations. - Update to version 2.49.92: + Fixed an NTLM problem that caused spurious "Authentication Failed" errors in evolution-ews (bgo#735197). + Updated translations. - Update to version 2.49.91.1: + websockets: minor optimization. + websockets: fix 32-bit build. + docs: fix build. + tests: fix when building without glib-networking available. - Update to version 2.49.91: + Libsoup now has support for WebSockets in both SoupSession and SoupServer (bgo#627738). + Added support for NTLMv2 Session Security to SoupAuthNTLM. (This is transparent to the app/user; if the server supports it, it will be used) (bgo#739192). + Added soup_server_accept_iostream() to allow feeding a non-GSocketConnection GIOStream to SoupServer (eg, when accepting HTTP requests on some other sort of connection) (bgo#744186). + Added soup_session_steal_connection() and soup_client_context_steal_connection(), to allow you to steal a GIOStream from a SoupSession or SoupServer and then use it for non-HTTP purposes (bgo#721343). + Added soup_server_add_early_handler(), for adding SoupServer handlers to run at :got-headers time rather than :got-body (eg, to set up a streaming read of the request body) (bgo#625645). + Added a new SOUP_MESSAGE_IGNORE_CONNECTION_LIMITS flag, which can be used to bypass SoupSession:max-conns and SoupSession:max-conns-per-host on a per-message basis (bgo#744720). + Multiple SoupCache fixes: - Leaked resources are now cleaned up when opening the cache (bgo#667682). - The "Age" header is no longer added to cached responses (bgo#741108). - Fixed the interpretation of the "must-revalidate" directive to not be stricter than required (bgo#744468). - Messages retrieved from cache now behave slightly more like non-cache messages in terms of SoupSession signals and timing (bgo#744788). Additionally, there is a new SoupMessage::starting signal, which is like SoupSession::request-started, but emitted for cached resources as well (bgo#731153). + Fixed soup_session_cancel_message() to work reliably on paused messages (bgo#745094). + Added code-coverage support to the build (bgo#744744). + Fixed the library symbol check in "make check" to work when building with linker options that result in slightly different organization (bgo#741348). + Added a hack to SoupSessionFeature so that people will stop re-reporting an old Eclipse bug against libsoup (bgo#710242). + Miscellaneous bug and leak fixes in the test programs, leak fixes in libsoup, and documentation updates. + Updated translations. - Update to version 2.49.1: + Fixed a bug in the SoupMessage:event signal that broke evolution's ability to connect to https hosts with "bad" certificates (bgo#739951). + Fixed a case where the async codepaths could potentially block on a synchronous write (bgo#727138). + Fixed the symbol soup_server_set_ssl_cert_file() to get exported, and added soup_server_get_uris() to the documentation. + Improved a bunch of introspection annotations (bgo#729987). + Clarified some documentation. + Fixed Windows build, twice (bgo#738003, bgo#738551). + Updated translations. - Update to version 2.48.1: + Fixed a bug in the SoupMessage:event signal that broke evolution's ability to connect to https hosts with "bad" certificates (bgo#739951). + Fixed a case where the async codepaths could potentially block on a synchronous write (bgo#727138). + Fixed the symbol soup_server_set_ssl_cert_file() to get exported, and added soup_server_get_uris() to the documentation. + Improved a bunch of introspection annotations (bgo#729987). + Clarified some documentation. + Fixed Windows build, twice (bgo#738003, bgo#738551). + Updated translations. - Update to version 2.48.0: + Updated translations. - Update to version 2.47.92: + Fixed a crash in SoupCache when receiving certain invalid Cache-Control headers (bgo#733587). + Updated translations. - Update to version 2.47.4: + Fixed two crashes that could occur in multithreaded use (in particular, with the latest git gvfs) (bgo#732783, bgo#732925). + Fixed the handling of data: URIs with base64-encoded data but no explicit MIME type (bgo#732112). + Fixed a bug in SoupAuthNTLM that affected 28-character-long passwords (bgo#732087). + Fixed tests to pass with GLib git master (which warns if you use deprecated GObject properties, and which also caught a mutex-handling bug in test-utils.c). + Updated translations. - Update to version 2.47.3: + Added new-and-improved SoupServer API, and deprecated much of the existing API. + SoupSession now has a :tls-interaction property, which can be used to add a GTlsInteraction to a session, allowing it to provide a client-side certificate if the server requests one (bgo#334021). + soup_session_abort() no longer tries to close active connections, which was causing crashes in evolution (rh#1093314). + Fixed a GMainContext-handling bug that could cause crashes in gstreamer's souphttpsrc (bgo#729737). + Fixed a memory leak when requesting to delete a cookie that didn't exist. + Updated translations. - Update to version 2.46.0: + No changes, just a version bump. - Update to version 2.45.92: + Fixed problems with using an http proxy on port 80. + Plugged a small per-connection leak. + Belatedly bumped up the glib requirement to 2.38, which is required for the TAP driver. + Fixed up some leftover issues from the test porting to gtestutils. - Update to version 2.45.90: + Fixed a problem where libsoup would use the "http" proxy settings for "https" requests (bgo#724316). + Updated SoupContentSniffer to match the current version of the MIME sniffing specification (bgo#648849, bgo#715126). + Updated the soup-tld APIs to accept ASCII-encoded hostnames in addition to UTF-8 ones. + Ported the test programs to the gtestutils framework, added support for installed tests, and made the tests use the TAP driver. + Some tests still need to be split up into more pieces, and the debug output is now somewhat less useful in some cases. + Fixed the test programs to not depend on local proxy settings. + Added some more checks to header-tests (bgo#722341). + Fixed the "simple-proxy" example program, which had been broken for a while. + Updated translations. - Update to version 2.45.3: + The documentation has finally been updated to reflect the new APIs added in 2.42. + Added GBytes-valued :request-body-data and :response-body-data properties to SoupMessage, which should help some bindings. + We now set TCP_NODELAY on sockets, improving throughput a bit. In particular, this avoids an unnecessary extra round trip in the TLS handshake. + The SoupSession APIs that return GErrors now return the actual underlying gio errors in the event of connection failures and the like. + Updated the copy of the Public Suffix list used by soup-tld. + Updated the soup_server_pause_message() / soup_server_unpause_message() documentation to clarify when you can and can't call them (bgo#710602). + soup_message_set_request() and soup_message_set_response() now g_warn_if_fail() if you pass an invalid Content-Type (And they also have better introspection annotations) (bgo#686766). + session-test now passes when run against the dummy TLS backend (ie, if you don't have glib-networking installed), as long as you have the latest glib. + Fixed build with -Werror=format-nonliteral (bgo#720082). + Fix build with --without-ntlm (bgo#710267). + Fixed a few warnings. + Updated translations. - Update to version 2.44.2 (bnc#849913): + Fixed a hang with internet radio streams in Rhythmbox (and some other places) (bgo#710494). + Fixed a connection leak when cancelling the close of a message GInputStream (bgo#711260). + Plugged a few memory leaks (bgo#711085) + Fix build with --without-ntlm (bgo#710267) + Fixed a few warnings. + Fixed connection-test to pass with current glib (bgo#711361). + Tests are now more verbose by default under "make check", since current automake just redirects all the output to a log file anyway. - Update to version 2.44.1: + Fixed a sporadic failure in tests/connection-test. + Bugs fixed: bgo#695652, bgo#707711, bgo#708621, bgo#708696, bgo#709647. + Updated translations. - Update to version 2.44.0: + Updated translations. - Update to version 2.43.92: + Fixed a bug in the connection-pool code, which would in certain cases accidentally keep using a connection after a message was cancelled while in progress (bgo#708006). + Fixed some problems when falling back from samba single-sign-on-based NTLM to ordinary ask-for-a-password NTLM. (bgo#703186). + When sending a conditional GET request, SoupCache now preserves the original message's list of disabled features, ensure that it gets back the same kind of response the original message would have (bgo#706338). + Fixed a warning when the remote host closes the connection while we are writing something using chunked encoding (bgo#703297). + Added SoupServer:http-aliases and :https-aliases properties, to specify URI schemes that should be treated as though they were http (bgo#703694). + Fixed race conditions in cache-test and timeout-test that could cause spurious failures (bgo#698305). - Update to version 2.43.90: + Fixed the handling of unsatisfiable range requests in SoupServer. + Fixed the handling of IPv6 address literals with scope IDs (bgo#669724). - Update to version 2.43.5: + SoupProxyURIResolver is now deprecated in favor of the SoupSession:proxy-resolver property (bgo#680273). + The SoupKnownStatusCode enum is now called SoupStatus (bgo#684409). + Fixed the parsing of URI schemes in SoupURI (bgo#703776). + Fixed SoupLogger to print a message's response headers even if the message gets cancelled before the complete response body is received (bgo#703200). + Fixed a build problem in non-UTF-8 locales (bgo#702534). + SoupSession now warns if you use soup_session_pause_message() or soup_session_unpause_message() on a synchronous message (bgo#703461). - Update to version 2.43.4: + Fixed a bug that could cause synchronous sessions to get stuck in a state where no new messages would ever get processed (bgo#703463). + Fixed another memory leak in SoupSocket (found while added a test case for bgo#700472). + Switched to using g_cclosure_marshal_generic() rather than using glib-genmarshal (bgo#686042). + Changed SoupServer to call unref() on the query hash table after calling the handler, rather than destroy(), so that the handler can keep a copy of the query data if it wants (bgo#702793). + Fixed a few introspection annotations. + Updated examples/get to use SoupLogger and to allow redirecting the output to a file (bgo#703231, bgo#703229). - Update to version 2.43.2: + Fixed an authentication error when using NTLM when connecting to an https site over a proxy; the code was getting confused and thinking that the 200 OK response to the CONNECT meant that NTLM auth had succeeded (bgo#698728). + Fixed a memory leak in SoupSocket (bg0#700472). + Fixed a missing include error on some platforms (bgo#700003). + Fixed warnings when running against the "dummy" TLS backend (bgo#700518). - Update to version 2.43.1: + Including <libsoup/soup.h> no longer pulls in the system networking headers. This may cause some packages to no longer compile, if they were accidentally depending on this. Adding "#include <gio/gnetworking.h>" will fix them (bgo#692134). + Fixed SoupSession:proxy-resolver (bgo#698163). + Added soup_message_set_priority(), to mark messages as being high, low, or normal priority, and update the message queue to prioritize them accordingly (bgo#696277). + Fixed several test programs to still work if glib-networking isn't installed and fixed another to still work if the kernel has no IPv6 support (bgo#698220). - Update to version 2.42.1: + Fixed SoupProxyResolverDefault (bgo#697028). + Fixed a gigantic memory leak when using SoupCache (bgo#696594). + Fixed a build problem on Windows (bgo#696354). + Fixed ntlm-test to pass whether or not Samba ntlm_auth support was compiled in (bgo#697510). + Updated translations. - Update to version 2.42.0: + Fixed a compiler warning on 32bit in a test program. + Updated translations. - Added support for translation-update-upstream. - Update to version 2.41.92: + Fixed a bug that caused libsoup to retry an incorrect password repeatedly, forever, in a certain case that affected Google calendars in evolution in particuar (rh##916224). + Also added code to make such infinite retry loops impossible in the future. + Fixed SoupRequestData's handling of URIs with "%00" in them (bgo##695246). + Added the SoupSession:proxy-resolver property (bgo#680273). + Added missing G_BEGIN_DECLS/G_END_DECLS to soup-message-headers.h, so that its functions can be called from C++. + Updated translations. - Update to version 2.41.91: + Fixed a crash that showed up with XMLRPC requests in WebKitGTK (bgo#694920). + Fixed SoupCache to update the cached headers when it receives a 304 Not Modified response, and added a test for this (bgo#695121). + libsoup now builds under automake 1.13 (and "make check" works under the parallel test harness which is the default in 1.13) (bgo#694135). + The tests/ directory now contains only actual test programs that are run by "make check", and the programs that are intended more as example code are under examples/. + Updated translations. - Update to version 2.41.90: + Added SoupSession:local-address property, which allows you to force connections to bind to a particular local address (bgo#693215). + Fixed SoupCache to properly handle messages that get cancelled, and added tests for this (bgo#692310). + Fixed a reference leak in SoupCache that resulted in epiphany hanging for several seconds on exit and then eventually printing "Cache flush finished despite X pending requests". And added more tests (bgo#682527). + Fixed SoupAuthNTLM so that SoupSession:authenticate gets emitted with retrying=TRUE if the first attempt fails (bgo#693222). + Fixed the SoupSession:add-feature-by-type property to accept non-SoupSessionFeature features as well. + Fixed a build bug that would break all the apache-based tests if you didn't have PHP installed (bgo#693311). + Updated translations. - Update to version 2.41.5: + Reverted the change to SoupURI's password handling from 2.41.4, since it turns out to have broken some things (bgo#692149). + Avoid a g_return_if_fail() when loading SoupSession:ssl-ca-file fails (bgo#691930). + Fixed a bug in SoupBodyInputStream that caused redirects in WebKitGTK to hang. (bgo#692026). + Updated translations. - Update to version 2.41.4: + Lots of docs fixes. + The plain SoupSession type now supports soup_session_queue_message(), soup_session_send_message() and there are now soup_session_new() and soup_session_new_with_options(). + The mirroring of the SoupMessage API onto SoupRequestHTTP, added in 2.41.3, has been reverted. However, new APIs soup_session_send() and soup_session_send_async() have been added that let you use the GInputStream-based API with SoupMessages rather than SoupRequest, so if you're doing HTTP-specific stuff, you can just use that instead. + soup_message_get_https_status() now returns the certificate and flags for unsuccessful https connections as well as successful ones (bgo#690176). + Fixed a deadlock when calling soup_session_abort() on a SoupSessionSync in some cases (bgo#691399). + Internal SoupCache rewrites/improvements (bgo#682112). + Plugged a memory leak in SoupCache (bgo#690382) and in SoupAuthDigest (bgo#690142). + LIBSOUP_DISABLE_DEPRECATED has been renamed to SOUP_DISABLE_DEPRECATED. + Fixed the samba-windbind-based NTLM support. + SoupAuthManager is now a public class. + SoupURI now treats "http://user@example.com" as having a password of "" rather than NULL. + build: libsoup now uses autoreconf instead of gnome-autogen.sh, and no longer uses AM_GLIB_GNU_GETTEXT. + Updated translations. - Update to version 2.41.3: + SoupRequest is now stable API. SoupRequester, however, is deprecated. Instead you can now call soup_session_request() or soup_session_request_uri() to create a SoupRequest. + SoupRequestHTTP now has a number of fields and methods that mirror the SoupMessage data, so you don't have to use soup_request_http_get_message() in many cases. On the flip side, there is also now soup_message_get_request(). And you can create a SoupRequestHTTP directly (and override its request method) by using soup_session_request_http() or soup_session_request_http_uri()). + soup_message_set_chunk_allocator() is now deprecated; apps that want to do streaming reads should just use SoupRequest, which is vastly more sane. + SoupPasswordManager is now deprecated, and SoupPasswordManagerGNOME is now a no-op (and libsoup-gnome no longer links against libgnome-keyring) (bgo#594377, bgo#679866) + SoupCookieJarSqlite is now deprecated in favor of SoupCookieJarDB, which is exactly the same thing except that it's in libsoup itself rather than being in libsoup-gnome + SoupProxyResolverGNOME is now deprecated; there hasn't been any real reason to use it since SoupProxyResolverDefault was added. + SoupSession is no longer an abstract class, and you can create a plain SoupSession, which behaves in a more traditionally-gio-like way. + Usernames and passwords passed into SoupSession a URI will now be cleared after they're used, so that if they are wrong, the authenticate signal will be emitted on the next round (bgo#689673) + SoupURI now leaves "%00" in URIs as-is, rather than decoding it to "\0", which was not intended and is never useful. + Fixed a bug in SoupBodyOutputStream that could cause libsoup to sometimes use blocking I/O rather than non-blocking when writing chunked message bodies (bgo#688974) + Fixed a bug in SoupFilterInputStream that could cause some non-blocking reads to suck up CPU while waiting for the network + tests: misc small fixes + Updated translations. - Replace sqlite3-devel BuildRequires with pkgconfig(sqlite3). - Drop libgnome-keyring-devel BuildRequires: no longer needed. - Update to version 2.41.2: + libsoup-2.4.so and libsoup-gnome-2.4.so now only export the symbols that are part of the public API. (bgo#595176) + Added SOUP_VERSION_MIN_REQUIRED / SOUP_VERSION_MAX_ALLOWED macros like the corresponding glib ones, to allow libsoup users to request per-version deprecation/availability warnings. + Fixed a crash caused by a race condition in SoupSessionSync, and reorganized some code to avoid other possible similar race conditions. (bgo#684238) + Fixed a crash when a DNS resolution failed, caused by a bug in the GTask porting in 2.41.1. (bgo#688330) + Fixed a problem that would cause g_warning()s in epiphany when browsing sites that (incorrectly) returned empty Cache-Control headers. (bgo#683433) + We now add a Host header to HTTP/1.0 requests as well as HTTP/1.1 ones. + Fixed a bug in the printing of IPv6 address literals in the Host header in SoupLogger. + Belatedly added soup-multipart-input-stream.h to soup.h. + Removed an evil hack in the long-deprecated SoupProxyResolver code (not to be confused with SoupProxyURIResolver) (bgo#687659) + Fixed a few race conditions in the test programs that could cause "make check" to fail on slow or heavily-loaded machines. + Further cleaned up and reorganized the internal HTTP I/O codepaths, in preparation for an improved SoupCache. (bgo#682112). + Updated translations. - Update to version 2.41.1: + Changed the behavior of NTLM authentication to be more like what other apps apparently do (bgo#624613) + Fixed a crash caused by a race condition in SoupSessionSync. (bgo#684238) + SoupRequest now supports resource:// URIs, for reading from gresource (bgo#682721) + Added new compile-time and runtime APIs for checking the libsoup version (bgo#684514) + Updated to take advantage of (and require) glib 2.35: removed all g_type_init() calls and ported to GTask. + Added support for Apache 2.4 to the unit tests. + Updated translations. - Update to version 2.40.3: + soup_message_get_https_status() now returns the certificate and flags for unsuccessful https connections as well as successful ones (bgo#690176) + Fixed a deadlock when calling soup_session_abort() on a SoupSessionSync in some cases. (bgo#691399) + Fixed a bug in SoupFilterInputStream that could cause some non-blocking reads to suck up CPU while waiting for the network. + SoupURI now leaves "%00" in URIs as-is, rather than decoding it to "\0", which was not intended and is never useful. + A few minor docs fixes. + Updated translations. - Update to version 2.40.2: + Fixed a crash caused by a race condition in SoupSessionSync (bgo#684238) + Fixed a problem that would cause g_warning()s in epiphany when browsing sites that (incorrectly) returned empty Cache-Control headers (bgo#683433) + Belatedly added soup-multipart-input-stream.h to soup.h. + Added support for Apache 2.4 to the unit tests. Also fixed a few race conditions that could cause "make check" to fail on slow or heavily-loaded machines. + Updated translations. - Update to version 2.40.1: + Improved the parsing of multipart/x-mixed-replace responses (bgo#685752). + Fixed handling of IPv6 address literals (bgo#684990). + Updated translations. - Update to version 2.40.0: + Updated translations. - Update to version 2.39.92: + Fixed some g_warnings (and a possible crash) with the soup_request_send_async() (bgo#683404). + Fixed a hang with SoupSessionSync (bgo#682923). + Handle empty "Cache-Control" headers. + Updated translations. - Update to version 2.39.91: + Added missing annotations. + Fixed a crash (bgo#682569) + Fixed the SoupMessage:network-event signal + Bugs fixed: bgo#683200 + Updated translations. - Update to version 2.39.90: + Added SoupMultipartInputStream, for handling multipart responses (particularly multipart/x-mixed-replace) (bgo#656684) + Fixed a potential crash in SoupSessionAsync after the session is finalized + Fixed a regression in soup_tls_is_public_suffix() (bgo#681085) + Added a SOUP_MESSAGE_IDEMPOTENT flag, so that apps can bypass the "POSTs must be sent on new connections" check, which was causing evolution-ews to have to create a new connection for every request (bgo#681493) + Changed SoupSession so that pending SoupMessages now hold a ref on the session. It is possible that this will break code that was depending on the old, dumb, behavior (where unreffing the session with messages pending would cause those messages to be cancelled), in which case this will be reverted before 2.40. + Fixed memory leaks found by valgrind + Cleaned up some code in SoupCache (bgo#681509) + Updated translations. - Update to version 2.39.5: + Fixed several bugs in the soup-message-io updates that could cause hangs or I/O errors (bgo#679527) + Fixed SoupServer:async-context to work properly again + Further fixes to soup_uri_normalize() when using the "unescape_extra" parameter. (bgo#680018) + Fixed soup_xmlrpc_parse_method_call() to handle the case where there is no <params> element (which is legal) (bgo#671661) + Fixed the deprecation warning on soup_message_headers_get() (bgo#680143) + Added warnings to some erroneous SoupSocket usages rather than returning bogus data (bgo#673083) + Fixed build under Windows/MinGW + SoupSocket no longer emits the "readable" signal when a socket is disconnected if that socket is non-blocking + Updated public suffix list to the current version + Updated translations. - Update to version 2.39.4.1: + Fixed indentation problems in tld-parser.py so it will work under python 3 (bgo#680089) + Actually fixed cookies in non-suffixed/private domains, which still didn't work after the last fix (bgo#679230) + Updated translations. - Update to version 2.39.4: + Fixed the SoupRequest codepaths to properly retry in the case where the server closes a persistent connection when we try to use it (bgo#679527) + Fixed the content-type and content-length of requests retrieved from SoupCache (bgo#680029) + Fixed the handling of cookies in non-suffixed and private domains ("localhost", "foo.local", etc., bgo#679230) + Fixed cookie parsing to allow attribute values on "secure" and "HttpOnly" (bgo#678753) + Fixed a (rare) crash when closing the stream returned from SoupRequestHTTP. + Bugs fixed: bgo#671770, bgo#678909, bgo#680055, bgo#680018. + Updated translations. - Update to version 2.39.3: + Added new functions for comparing domains against the "public suffix" list, and in particular fixed SoupCookieJar to not allow setting cookies in "public" domains (eg, ".co.uk"). [bgo#673802] + Added two new SoupCookieJar APIs (soup_cookie_jar_get_cookies() and soup_cookie_jar_set_cookie_with_first_party()) as part of fixing the handling of HttpOnly cookies in WebKitGTK. [bgo#677922] + Fixed g-i annotation of soup_message_headers_get_content_type() [bgo#677002] + Updated translations. - Update to version 2.39.2: + Fixed several bugs that resulted from the I/O code rewrite in 2.39.1, and added more test cases to exercise the new code paths: - Problems with cancelling messages from the got-headers signal (bgo#674747) - Persistent connections were not always being closed properly after a message was cancelled mid-response. - Cancelling a SoupRequest before it started I/O didn't work. - Asynchronous HTTP authentication via the SoupRequest API (bgo#675306) - Memory leak (bgo#676038) - Refcounting bug that manifested as a crash in rygel (bgo#676038) - Handling failed CONNECT requests via SoupRequest (bgo#675865) - Messages with trailing junk following a compressed message body (bgo#676477) + Fixed three cache-related bugs that affect some sites + Fixed a bug in the /usr/bin/ntlm_auth integration when you don't already have credentials cached, and avoid printing warning messages when ntlm_auth is present but not usable. + Fixed some g-ir-scanner warnings, and included SoupRequester/SoupRequest in the introspected API (bgo#676742) + Added soup_buffer_get_as_bytes() (bgo#676776) + Updated translations. - Update to version 2.39.1: + Major rewrite of the I/O code to use gio streams more directly. + Libsoup now finally supports SOCKS proxies again (bgo#553269) + Certain error messages returned from the streaming API are now localized + Added a SoupCookieJar:is-persistent property, to distinguish memory-only jars from SoupCookieJarText and SoupCookieJarSqlite (bgo#672838) + Updated translations. - Add intltool BuildRequires: new dependency. - Create a lang package, which is recommended by the library. - Update to version 2.38.1: + Fixed a situation where soup_connection_disconnect() could end up calling g_object_unref(NULL) when an idle connection was closed. [bgo#672178] + Fixed two warnings when cancelling an in-progress soup_socket_connect_async(). + Fixed a crash when disposing a SoupServer with open connections. [bgo#673468] + Fixed the SoupSession:ssl-use-system-ca-file property to get turned off (rather than on) when you set it to FALSE... Also fixed up the property notifications around the various certificate-verification properties (ssl-ca-file, ssl-use-system-ca-file, and tls-database). + Fixed SoupSession to not leak paused SoupMessages that were still in progress when it was unreffed. [bgo#673905] + Updated the win32 file: URI code again, to fix regressions in the WebKit tests. [webkit#82484] - Update to version 2.38.0: + Minor documentation fixes - Update to version 2.37.92: + Added soup_session_prefetch_dns() and deprecated soup_session_prepare_for_uri(). The new method takes a completion callback, allowing you to know how many DNS resolutions are currently outstanding, so you don't spam the resolver. [webkit#41630] - Update to version 2.37.91: + Fixed an out-of-bounds memory read that could occur when parsing malformed requests/responses. + Fixed a build-related bug in Makefile.glib that affected locales such as Estonian where "Z" is not the last (ASCII) letter of the alphabet. [bgo#654395] + Fixed the handling of file: URIs with query components, which got broken in 2.37.90. + Fixed SoupAuthManagerNTLM to not fall back to allowing Basic auth when NTLM failed. + Further tweaked the warnings/fallback in SoupURI, so that soup_uri_to_string() on an http URI with a NULL path would translate that to "/" like it used to. [bgo#670431] + Fixed a warning when cancelling the load of a page with many subresources. [bgo#667245] + Use G_GNUC_BEGIN/END_IGNORE_DEPRECATIONS if GLib is new enough, to avoid getting warned about the use of GValueArray. - Update to version 2.37.90: + Added various return-if-fails and other sanity checks to various functions. [bgo#669479] + Updated docs/annotation of soup_form_decode_multipart() to note that all of the out parameters are (allow-none). Fixed the file_control_name parameter to actually allow NULL like the docs already claimed. [bgo#669479] + Fixed a minor URI parsing bug. (It was allowing URI schemes to contain numbers.) + Fixed a few memory leaks introduced in the 2.37 cycle. + Fixed SoupServer to be able to correctly respond to HTTP/1.0 requests over IPv6 (which previously would always have returned "400 Bad Request"). [bgo#666399] + Changed SoupSessionAsync to make it possible to finalize it from the "wrong" thread. [bgo#667364] + Fixed SoupCache to not cache resources whose URIs have query components (unless they have explicit cache headers); to not generate broken conditional requests for resources that cannot be conditionally validated; and to not spew warnings when receiving invalid Cache-Control headers. [bgo#668865] - Update to version 2.37.5.1: + Replace some of the newly-added SoupURI g_return_if_fail()s with g_warn_if_fail()s. Although it had always been documented that SoupURIs must have a non-NULL path, most functions treated NULL the same as "", and various apps (eg, rhythmbox, midori) were accidentally relying on this. - Update to version 2.37.5: + Fixed a bug in SoupSession:use-thread-context. + Fixed the case of cancelling a message from SoupSession::request-started [bgo#668098] + Fixed a crash in epiphany when loading a page with more than 1000 or so images. [bgo#668508] + Fixed a bunch of cases involving invalid URLs found while testing SoupServer against an HTTP protocol fuzzer. Also fixed up some documentation/annotations and added some new test cases. [bgo#667637] + Fixed SoupRequestFile to work on Windows. - Remove xz BuildRequires now that it comes for free in the build system. - Update to version 2.37.4: + SoupMessage now has a "network-event" signal that can be monitored for information about DNS, proxy lookup, TCP connections, and TLS handshakes. + The HTTP header parsing code now avoids hitting g_return_if_fails() (and returns an error instead) in a few cases of seriously-invalid headers. [bgo#666316] + POSTs and other non-idempotent requests are now always sent on newly-created connections. You can also force this behavior on other messages by setting the SOUP_MESSAGE_NEW_CONNECTION flag. [bgo#578990] + Server-closed idle connections are now detected ahead of time on Windows, preventing occasional spurious "Connection terminated unexpectedly" errors. (This had been fixed on UNIX since 2.28, but the earlier fix didn't work with WinSock.) [bgo#578990] + Plugged a leak in SoupRequestHTTP. [bgo#667099] - Update to version 2.37.3: + Simplified SoupHTTPInputStream and SoupRequestHTTP, allowing related simplifications in WebKit's ResourceHandleSoup. This is an ABI-incompatible change, but SoupHTTPInputStream is an unstable API. [bgo#663451] + Fixed a bug that caused the SOUP_MESSAGE_CERTIFICATE_TRUSTED flag to always be cleared, causing epiphany to claim all https pages were untrusted. [bgo#665182] + Fixed some bugs in the handling of SoupSession:http-aliases and SoupSession:https-aliases. + Fixed SoupContentDecoder's "ignore Content-Encoding: gzip because the server didn't actually mean it" hack to handle x-gzip too. + Clarified the documentation on SoupSession:ssl-strict [bgo#666280] + Fixed handling of ACLOCAL_FLAGS [bgo#641470] - Add xz BuildRequires because we can't build a package for a xz-compressed tarball without explicitly specifying that... See bnc#697467 for more details. - Remove explicit Requires for glib2-devel, libgnutls-devel, libgcrypt-devel, libgpg-error-devel, libxml2-devel in devel subpackage: the needed ones will automatically be added the pkgconfig() way. - Split typelib files into typelib-1_0-Soup-2_4 subpackage. - Add typelib-1_0-Soup-2_4 Requires to devel subpackage. - Update to version 2.37.2: + Fixed up the output of SoupDirectoryInputStream, thus improving the display of local directories in WebKit-based browsers. [bgo#662266] + Fixed a bug introduced in 2.37.1 that caused some cancelled SoupMessages to be leaked. [bgo#662847] + Added new SoupSession properties "http-aliases" and "https-aliases" that allow you to configure more explicitly what URL protocols are treated as aliases for http (eg, "dav:", "webcal:", etc), and which should be recognized as meaning something else, (eg, "ftp:") + Added soup_session_would_redirect() and soup_session_redirect_message(), to help users that want to handle some or all redirects themselves. Added soup_message_set_redirect() to make it easier to return redirection responses from a SoupServer. + Added the SoupSession "use-thread-context" property, which tells it to use GMainContexts in a gio-compliant way (and in particular, allows having different messages running in different GMainContexts on the same SoupSession, though only to a limited extent since SoupSessionAsync is still not thread-safe). In particular, this was added in order to address webkit#68238. + Made SoupURI %-encode non-ASCII characters when parsing URIs, in particular to fix a problem with certain servers sending syntactically invalid redirects that they would then only interpret correctly if you fixed the syntax for them. [bgo#662806] + Fixed a connection-handling bug that could cause problems with servers that requested authentication and then timed out the connection while the application was waiting for the user to enter a password. [bgo#660057] + Made NTLM and Basic authentication handle some non-ASCII usernames and passwords. (NTLM should handle most. It's impossible to fix Basic in the general case.) [bgo#576838] + Added support for "deflate" Content-Encoding, so that we can work with broken servers that insisted on using it even though we explicitly indicated in the request headers that we didn't support it. [bgo#661682] - Update to version 2.37.1: + Fixed a problem with connections being assigned to multiple requests at once after a redirection [bgo#651146]. + Ported SoupSession to use GTlsDatabase internally, and added two new properties, SoupSession:use-system-ca-file (to specify that the session should use the default system tlsdb) and SoupSession:tlsdb (to specify a specific tlsdb to use) + Likewise, added SoupServer:tls-certificate, for specifying a certificate/key for an https server to use. + Made SoupHTTPInputStream more memory efficient [bgo#659255] + Fixed soup_message_get_https_status() to return information more reliably (with latest glib-networking). - Update to version 2.36.1: + Fixed a problem with connections being assigned to multiple requests at once after a redirection [bgo#651146] - Update to version 2.36.0: + Improvements to gtk-doc documentation. - Update to version 2.35.92: + Fixed a problem where SoupHTTPRequest response bodies could be truncated. [bgo#659256] + Fixed a bug in copying TLS information from SoupSocket to SoupMessage, causing all https connections to be reported as "untrusted" in epiphany. + Made SoupSession remove items from its host cache after a while, so that if a host changes IP address, it will eventually try to re-resolve it. [bgo#646959] - Update to version 2.35.90: + Added SOUP_MESSAGE_CAN_REBUILD flag, to use with soup_message_body_set_accumulate(FALSE) on a request body, to indicate that the caller will recreate the request body after it has been discarded if the message needs to be re-sent. [bgo#656650] + Fixed the build on mingw-w64 by not using "interface" as variable name. [bgo#656402] + (The multihosted https server regression mentioned in the 2.35.5 NEWS turned out to be a glib-networking bug, which is fixed as of 2.29.18.) - Add samba-winbind Suggests to libsoup-2_4-1: the NTLM single sign on feature works with /usr/bin/ntlm_auth (but can fallback to the old method if this is not present). - Remove Requires for libsoup-2_4-1 and Obsoletes for libsoup-64bit from main package since there is no such main package anymore. - Update to version 2.35.5: + bgo#650940: Support NTLM single sign on via samba's /usr/bin/ntlm_auth. + bgo#581342: Default to TLS+extensions for https connections, falling back to SSLv3-without-extensions only if the server fails to negotiate TLS. + bgo#631368: Fixed a problem with https pages sometimes not loading when using a proxy. + bgo#648848: SoupContentSniffer: don't use gio's sniffing rules, since the spec now recommends that browsers not do any additional sniffing beyond what's in the spec. + bgo#653707: Fixed SoupRequestHTTP to work properly with alternate GMainContexts. + bgo#655397: Added some annotations from Vala's vapi files. - Update to version 2.35.4: + CVE-2011-2054: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory. [bgo#653258] + Plugged another SoupCache memory leak. + Simplified SoupCache keys, and handle collisions. [bgo#649963] + Annotate SoupSession:add-feature, etc, as (skip), so they don't conflict with the methods of the same name. [bgo#655150] - Update to version 2.35.3: + Always send the "Keep-Alive" header. + Deal with broken apache Content-Encoding for .gz files, that was leading to decompressing the files. + Various cache improvements, including: - Do not store hop-by-hop headers in cache. - Store the HTTP status code in the cache. - Add versioning support to SoupCache. + Fix integer overflow on 32bit. + Fix memory leaks. + Build fixes. - Update to version 2.34.2: + Two SoupCache-related leak fixes + bgo#648948: Minor build fix for Debian/Ubuntu + Fixed a docs typo. - Update to version 2.34.1: + Two multipart forms/Content-Disposition fixes: . UTF-8-encoded header encoding/decoding rules updated to match RFC 5987. In particular, a UTF-8-encoded filename parameter in Content-Disposition will now override an ASCII one. . When not using UTF-8-encoded filenames in Content-Disposition, always quote the filename, since some servers erroneously fail to handle non-quoted ones. (bgo#641280) + Fixed several memory leaks + Fixed decoding base64 data: URLs (bgo#646896) + Fixed a bug in soup_uri_to_string() in which (invalid) port numbers could be output as negative numbers (tripping up a WebKit "sanity checking" test) (bgo#647767) + Fixed a cache corruption bug in SoupCache (bgo#648285) + Fixed a crash in SoupSessionSync when using soup_session_abort(). - Update to version 2.34.0: + Fixed the GMainContext handling of the new SoupProxyResolverDefault (which among other things fixes gstreamer usage inside epiphany). bgo#646201 + Tweaked the introspection Makefile rules to fix a problem building on Debian/Ubuntu. bgo#645505 + Belated bumped the shared library versioning to reflect the API additions since 2.32.0 - Update to version 2.33.92: + LIBSOUP NO LONGER DEPENDS ON GCONF OR LIBPROXY. (see below). + Added SoupProxyResolverDefault, which uses uses gio's GProxyResolver to resolve proxies [bgo#642982] Despite the "default" in the name, it is not used by default, for compatibility reasons, but it is available in plain libsoup, not libsoup-gnome. (Of course, it depends on having glib-networking installed.) + Updated SoupProxyResolverGNOME to be based on SoupProxyResolverDefault, but explicitly requesting the "gnome" GProxyResolver if it is available [bgo#625898], and removed the old code that used GConf and libproxy directly. + Added soup_server_disconnect(), to explicitly disconnect a SoupServer, since it is not possible to g_object_unref() it from memory-managed language bindings. [bgo#638576] + SoupDate now parses month names case-insensitively [bgo#644048] + Avoid a g_return_if_fail() when using SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY with non-http URIs (file:, data:, etc). [bgo#643226] + SoupCookieJar now catches overflows when parsing very distant dates [bgo#643462] + Fixed a buggy interaction between request body streaming and restarted requests. Added some new tests to tests/chunk-test.c to make sure that a specific (unsupported!) way of using those methods would not get broken in the future. + Fixed soup_socket_get_remote_address(), which had been broken since 2.33.4 (and which in turn caused soup_client_context_get_address/_get_host to be broken). [bgo#645227] - Drop gconf2-devel and libproxy-devel BuildRequires. - Update to version 2.33.90: + glib-networking is a compile and runtime dependency now. + bgo#642075: fixed a bug in talking to servers with virtual hosts with Unicode names (IDNs). + bgo#640414: added a "Connection: Keep-Alive" header when talking to HTTP/1.0 hosts, to improve performance. + bgo#642028: changed SoupCache to not cache multipart/x-mixed-replace content. - Changes from version 2.33.6: + bgo#639768: made SoupSessionAsync do idle-connection cleanup more sanely, resulting in faster load times for pages with lots of subresources. + bgo#639783: fixed soup_form_decode()'s behavior (and by extension, SoupServer query string handling) with datasets that contain multiple values for the same key, and added a test case. + bgo#640556: fixed warnings pointed out by gcc 4.6, including a bug in SoupCache that would cause unnecessary revalidations. + bgo#641022: belated copied a fix from the WebKit copy of soup-cache.c into ours, and fixed a bug in the local copy of soup-request-data.c, in preparation for making WebKit use the libsoup versions. - Changes from version 2.33.5: + bgo#637741: fixed certain cases of soup_session_cancel_message() with SoupSessionSync that could previously cause warnings or crashes. - Changes from version 2.33.4: + SoupSocket now uses GSocketConnection and GTlsConnection internally rather than making socket calls directly and using GIOStream, and TLS is handled via glib's APIs rather than using gnutls directly. + The gzip Content-Encoding handler is now implemented using GZlibDecompressor + As a result of the above two changes, libsoup no longer directly depends on gnutls, libgcrypt, or zlib, though it still indirectly depends on zlib via glib and libxml2. Also, although libsoup does not depend on glib-networking as a build-time dependency, some "make check" tests will be skipped if it is not installed. + bgo#523100: the SoupRequest/SoupCache code from WebKit has been imported, but it is not yet recommended for general use, and is not necessarily API stable. + Added SoupMessage:tls-certificate and SoupMessage:tls-errors, which give more information about the certificate used to authenticate a TLS connection. + It is now possible to disable Basic or Digest auth in a session by using soup_session_remove_feature_by_type() with SOUP_TYPE_AUTH_BASIC or SOUP_TYPE_AUTH_DIGEST. Likewise, the right way to enable NTLM support now is to call soup_session_add_feature_by_type() with SOUP_TYPE_AUTH_NTLM; SOUP_SESSION_USE_NTLM is now deprecated. + bgo#603825: allow setting cookies on file:// URIs, since other browsers do, and WebKit has a test for it. + bgo#635395: .gir/.typelib files now include C header/library information (needed by vala and some other bindings) + Added annotations on soup_message_headers_get_content_type() and SoupHTTPVersion + bgo#636741: fixed a Set-Cookie processing leak. - Add glib-networking BuildRequires, and explicit Requires in libsoup-2_4-1 since we need the gio module for TLS support. - Remove now unneeded gnutls-devel BuildRequires. - Drop libsoup-gnutls-allow-tls.patch: the TLS handling is now done in glib-networking. - Update to version 2.32.2: + bgo#634422: Fixed a regression in 2.32.0 that caused evolution-exchange to get stuck and stop updating. + bgo#635101: Fixed a regression in 2.32.0 with apps using asynchronous sessions from multiple threads. + Fixed the regression tests. - Update to version 2.32.1: + bgo#631525: Fixed a regression in 2.32.0 with the use of persistent connections that caused spurious "Connection terminated unexpectedly" errors. + Fixed a regression in 2.32.0 that caused proxy-related DNS errors to return SOUP_STATUS_CANT_RESOLVE rather than SOUP_STATUS_CANT_RESOLVE_PROXY. + bgo#631679: Usernames/passwords specified explicitly in request URIs now override existing cached auth info. + bgo#630540: Changed soup_uri_decode() and soup_uri_normalize() to just ignore malformed %-encoding rather than returning NULL, for consistency with soup_uri_new(). + bgo#620220: Fixed soup_form_decode() to ignore invalid parameters, and soup_form_encode_hash() to just g_return_if_fail() rather than crashing if there are NULL values in the hash. + bgo#629160: Added another workaround for stupid servers that close the connection before returning the full response + bgo#631641: Fixed a bug in SoupCookieJarText that deleted excess cookies whenever any cookie expired. + Fixed a small leak in SoupContentDecoder + bgo#631679: Added regression tests for passwords-in-URIs - Update to version 2.32.0: + No changes, just a version bump. - Add libsoup-gnutls-allow-tls.patch: let gnutls try to use TLS, instead of being SSL 3.0-only. This might lead to some websites not being accessible with libsoup, and upstream does not want this behavior; a proper fix needs a lot of work. See discussion in bnc#634040. - Update to version 2.31.92: + Updated for gobject-introspection 0.9.5. Also added some new annotations and removed a bunch of private headers from the scanning process. + bgo#628728: Percent-encoded characters in URIs are no longer automatically normalized to uppercase, since apparently some servers are stupid. + bgo#629449: Fixed a crash when resolving a URI containing both spaces and non-UTF8 8bit characters. - Update to version 2.31.90: + bgo#526321: libsoup now tries to connect to each IP address associated with a hostname, if the first one fails. + Fixed Accept-Language header generation in locales where "," is used as the decimal point. - Update to version 2.31.6: + Disabled TLS 1.2 in addition to the already-disabled 1.1 and 1.0, thus making libsoup usable with gnutls 2.10. [bgo#622857] + When using libproxy 0.3 or newer, libsoup no longer leaks proxy-related environment variables into child processes [bgo#603285] + Changed the way message/connection binding works in SoupSession so that (among other things), when there are multiple requests queued to a host, and one of them gets a network error, the other requests are still allowed to try to succeed, rather than all failing immediately. [bgo#619633] + SoupSession now limits the number of times a message can be redirected, to avoid infinite loops [bgo#604383] + Fixed handling of certain messages where the response headers included "Connection: close" but the server did not actually close the connection at the end. [bgo#611481] + Fixed some incorrect g-i annotations [bgo#621021] + Fixed an out-of-bounds memory access when processing certain Set-Cookie headers [bgo#620288] + Improved msg->reason_phrase on network errors [bgo#623274] + Fixed gir file disting [bgo#621727] - Update to version 2.31.2: + bgo#576595: gobject-introspection has now been merged in + bgo#617216: Marked SoupSession abstract + bgo#618641: Fixed a problem with SoupSessionAsync that would cause messages to get lost if you aborted a previous message while it was still looking up the hostname + bgo#615535: Fixed another connecting-to-lame-http-server problem. - Add gobject-introspection-devel BuildRequires and pass - -enable-introspection to %configure. - Update to version 2.30.1: + bgo#611663 - Fix for https through proxies that close the connection when returning a "407 Proxy Authentication Required" response, and add a regression test for that case. + bgo#614176 - Don't quote the multipart boundary string if it's not needed, since RFC 2616 recommends that you don't, and some servers don't handle quotes there correctly + bgo#614183 - Don't put an extra blank line before the first multipart part, since it's unnecessary and some servers don't handle a multipart preamble correctly. + bgo#614198 - Don't put Content-Transfer-Encoding headers in the multipart/form-data parts, even though the HTML 4 spec says you must, since no other browsers do, and some servers don't handle them correctly. + bgo#615711 - Changed SoupCookieJarSqlite to actually erase deleted cookies from the database. + bgo#611663 - Fixed SoupLogger to be more robust against getting passed bad data by the session. + Fixed SoupAuthDomain to ignore paths when doing proxy auth + bgo#613442 - Fixed a g_warning when hovering over a javascript link in WebKit. + Updated translations. - Update to version 2.30.0: + Fixed a crash in the whitespace-stripping code in soup_uri_new() [bgo#612644] + Update content-sniffing algorithm to match Chrome and the soon-to-be-updated sniffing spec. [bgo#611502] + We now handle "Content-Encoding: x-gzip" as well as "gzip" (even though "x-gzip" has been deprecated for more than 10 years). [bgo#611476] + Fixed leaks found by valgrind + Make the "make check" programs only bind to 127.0.0.1, not any public network interfaces. [bgo#609489] + Add a test to sniffing-test to make sure that Content-Type parameters are preserved correctly. - Update to version 2.29.91: + Added SOUP_SESSION_SSL_STRICT and SOUP_MESSAGE_CERTIFICATE_TRUSTED, to allow callers to determine if an https response comes from a server with a recognized/valid or unrecognized/invalid certificate. [bgo#610374] + Fixed handling of certain badly-formatted URIs [bgo#590524] - Update to version 2.29.90: + Added soup_cookie_jar_set_accept_policy() and related API for implementing cookie acceptance policies. [bgo#608353] + Fixed the "request-read" signal in SoupServer to actually be emitted. - Update to version 2.29.6: + Fixed SoupContentDecoder to ignore trailing junk after the encoded message body (as other browsers do), rather than getting stuck in an infinite loop. [bgo#606352] + Fixed an invalid read in soup_cookie_applies_to_uri() [bgo#607024] + Fixed linking on OS X [bgo#606959] + Removed a harmless warning in SoupServer. [bgo#606645] - Update to version 2.29.5: + Added SoupContentDecoder, providing support for Content-Encoding: gzip for WebKitGTK. [bgo#522772] + Added "accept-language" and "accept-language-auto" properties to SoupSession, to support the Accept-Language header. [bgo#597004] + Fixed a bug in SoupPasswordManagerGNOME that could cause crashes if you typed the wrong password once and then tried again. [bgo#595554] + Fixed a crash in SoupAuthDigest if the server claims support for both qop=auth and qop=auth-int. (This was not noticed sooner because no one actually supports qop=auth-int, and the server in question here was probably confused. :) + Updated cookie parsing/output to more closely match draft-ietf-httpstate-cookie-00. [Also fixes bgo#603496 (WebKit unit test), and bgo#604794 (hang parsing malformed Set-Cookie header)] + Fixed https-via-proxy to not hang if there is an error communicating with the proxy immediately after the TLS negotiation. [bgo#587528] + Fixed a bug that broke gobject-introspection's introspection of libsoup. [bgo#603696] + Handle spurious CR/LFs between responses. [bgo#602863] + Fixed soup-message-client-io to not erroneously include URI fragments on the Request-Line when sending via a proxy. + Fixed Digest authentication against certain (buggy?) clients/servers that require you to use quotes in exactly the same places where the spec uses them. [bgo#582219] + Fix ugly gtype-related hack to work with the latest unstable glib - Remove libsoup-gir-repository-build.patch. Fixed upstream - Package baselibs.conf - Change gnome-keyring-devel BuildRequires to libgnome-keyring-devel, following the module split upstream. - Add libsoup-gir-repository-build.patch to fix the gir-repository build. - Update to version 2.29.3: + Fixed a crash in SoupCookieJarSqlite when using cookie databases not created by libsoup (eg, upgraded epiphany installations). + Fixed SoupCookieJar to handle non-http URIs properly (so that, eg, JavaScript bookmarklets that try to set/read cookies won't cause crashes). [bgo#602498] + HEAD requests that receive a "303 See Other" response will now do a HEAD, not a GET, on the redirected-to resource. Fixes gvfs access to some sites, including certain youtube.com URIs. [bgo#600830] + Fixed a g_warning that would always trigger in the server-side SoupCookie code. [bgo#602389] + Fixed the server-side SoupMultipart code to be able to parse multiparts containing binary attachments, rather than rejecting them as malformed. [bgo#601640] + Fixed the Request-Line format in the https-over-proxy case. Among other things, this fixes access to bugzilla.gnome.org from WebKitGTK-based browsers. [bgo#598277, bgo#600826] + Fixed a leak in SoupSession if a message was cancelled while the initial socket connection was in progress. [bgo#596074] + Fixed server-side parsing of Digest auth. [bgo#602898] + Fixed WinSock initialization on Windows. [bgo#600689] + Fixed a sporadic crash in the SSL code on Windows. [bgo#600748] + Fixed handling of https connections with timeouts on Windows. [bgo#600749] + Added soup_session_prepare_for_uri(), to allow DNS prefetching for faster browsing. [bgo#598948] + SoupSession now avoids redundant DNS lookups again when first connecting to a new site, resulting in (probably imperceptibly) faster loads. + Added some debugging APIs to SoupConnection and SoupSession for use by, eg, epiphany's soup-fly extension. [bgo#589163] - Update to version 2.28.1: + libsoup will now attempt to make multiple connections to a server at once when there are multiple messages queued to that server. The previous behavior (only allowing a single pending connection to each server) resulted in slow load times on pages with lots of subresources (images, css, js, etc) on servers that disallow persistent connections. [bgo#594768] + There should now be fewer (no?) "Connection terminated unexpectedly" errors in WebKitGTK. + Fixed a crash in SoupCookieJarSqlite [bgo#596859] + Fixed soup_address_get_physical() and address-to-name resolution of SoupAddress? + Fixed a bug in SoupContentSniffer that could cause false negatives [bgo#597545]. + Fixed the configure error if you have gnutls-devel but not gcrypt-devel installed [bgo#587709]. - Update to version 2.28.0: + Fixed a handful of leaks found with valgrind, including a large one in SoupContentSniffer + bgo#584522 - Changed the behavior of SoupCookieJarSqlite to improve performance. + bgo#59495 - Fixed a crash in SoupSocket that affected gupnp + bgo#594508 - Fixed the type of the SOUP_METHOD_* and SOUP_URI_SCHEME_* macros to be const char * rather than gpointer. - Update to version 2.27.92: + Removed SoupPasswordManager from the public API until its problems can be addressed. Although it is still present, you need to #define a special symbol for it to be visible in the header files; see bgo#594377 for details. + Fixed a bug where empty query components were dropped from URIs. [bgo#594405] + Fixed "make check" to work (but warn) when building with - -disable-ssl. + Fixed some small documentation bugs. - Update to version 2.27.91: + Added SoupPasswordManager, an interface for managing persistent password storage, and SoupPasswordManagerGNOME (in libsoup-gnome), which implements it using gnome-keyring. + libsoup should now notice when the server closes a persistent connection, and close its side of the connection sooner. This should hopefully fix the spurious "Connection terminated unexpectedly" errors in WebKitGTK. [bgo#578990] + Fixed some problems with connection management in SoupSession that could cause a session to eventually "stall" and be unable to process new requests. [bgo#592084] + Fixed an infinite loop that caused 100% CPU usage if the network went down at exactly the right time while there were unsent messages in the queue. [bgo#592492] + Fixed a crash in SoupLogger. [bgo#591857] + Fixed the definition of soup_message_is_keepalive() for HTTP/1.0 messages, to fix a problem introduced in 2.27.90 where some messages would load completely but never emit "finished". + Fixed a crash in SoupServer introduced in 2.27.90 when processing a request with no "Host" header. - Add gnome-keyring-devel BuildRequires. - Update to version 2.27.90: + libsoup now uses glib's GResolver rather than its own DNS code. For 2.27.90, the only visible change should be that internationalized domain names are now supported. [bgo#548287] + Added soup_message_disable_feature(), which allows you to disable particular features (eg, cookies, proxy, content-sniffing, etc) on a per-message basis. [bgo#574773] + It is now possible to implement "OPTIONS *" in a SoupServer; you must explicitly register a handler for "*" in order to do this. [bgo#590751] + Ignore Content-Length on EOF-terminated responses, to match other browsers and therefore cope with broken servers that send the wrong length. + Fixed the status code when trying to fetch an https URI with a non-gnutls build of libsoup. [bgo#590464] + Fixed strict-aliasing warnings introduced in 2.27.4 [bgo#588771] + Fixed some warnings noted by fortify [bgo#591226] and -Wextra + libsoup now uses automake 1.11's silent-rules support by default (if you are building with automake 1.11). Use "./configure --disable-silent-rules" or "make V=1" to disable - Update to version 2.27.5: + Fixed a crash when a web server redirected a request to a non-http URI (eg, "about:blank"). [bgo#528882] + Fixed a hang when trying to create an attachment on certain bugzilla installations from epiphany. [bgo#584645] + Fixed verification of V1 TLS certificates [bgo#589323] + Fixed compile problems on Windows (in the ssl code), and on Linux (when the most recent version of gtk-doc was installed). - Update to version 2.27.4: + Added SoupContentSniffer and the "content-sniffed" signal on SoupMessage, to do Content-Type sniffing per the HTML5 / draft-abarth-mime-sniff algorithm. [bgo#572589] + Updated the earlier SoupSession timeout fixes ([bgo#574414], [bgo#578928]) so that async connect() also times out [bgo#588177] and SSL works on Windows again [bgo#587910]. + Fixed the behavior on a 301 response to a POST to match real-world usage rather than what the spec says. (We were doing the right thing on 302 and 303, but had missed 301.) [bgo#586692] + Changed configure so that if GNUTLS isn't found then it errors out, rather than silently building an SSL-less libsoup. Configure with --disable-ssl if you actually don't want SSL. [bgo#584955] - Update to version 2.27.2: + Replaced SoupProxyResolver with SoupProxyURIResolver, which is a bit simpler, works with non-HTTP URIs (and so could be used by gvfsd-ftp) and supports proxy auth correctly. [bgo#580051] + Fixed SoupSession to not try to resolve http server hostnames when it's just going to pass the hostname off to a proxy server anyway. This fixes things on hosts that use a proxy for everything and have no working DNS config [bgo#577532] and also makes WebKitGTK behave more like other browsers in terms of per-host connection limits (we now limit connections based on hostname rather than on IP address). + We also no longer set the AI_CANONNAME flag when calling getaddrinfo(), which saves us a little bit of unnecessary network traffic. + libsoup now always uses SSL 3.0 (not TLS 1.0 or 1.1) for https URIs, to work around problems with older servers that don't implement the (apparently quite confusing) TLS/SSL compatibility rules correctly. Makes a bunch of previously-inaccessible sites now accessible in WebKitGTK (notably PayPal) [bgo#581342]. Will eventually be revisited, to first try TLS 1.1 and fall back if that fails. + Fixed Digest auth to (recent) Apple CalDAV servers. [bgo#583091] + Changed the way the SoupSession "authenticate" signal works a bit. We now never emit "authenticate" before sending a request, even if we know for sure that it's going to fail, because this makes the semantics of the authenticate handler too complicated (and because we'll only get into this situation if a previous call to the authenticate handler failed anyway). Fixes problems in WebKitGTK when you cancel a password dialog, and then later try to load the page again. [bgo#583462] + Fixed a bug in the CRLF-vs-LF patch (bgo#571283) that caused libsoup to fail to parse the response headers (returning SOUP_STATUS_MALFORMED) if a CR LF got split across two read()s. [bgo#582002] + Allow using PUT in soup_form_request_for_data(), to work with certain broken web APIs. [bgo#581860]. Also, fixed a problem with empty POST bodies that made some parts of gmail not work in WebKitGTK. + Applied some minor bugfixes to configure.in and autogen.sh [bgo#583911, bgo#583942]. Fixed configure.in to not use gcc warning options that the installed version of gcc doesn't recognize [bgo#578851]. + Added G_GNUC_NULL_TERMINATED and G_GNUC_PRINTF to a few methods that should have had them. [bgo#581754] - Update to version 2.27.1: + SOUP_SESSION_TIMEOUT now works properly with SoupSessionAsync [bgo#574414] and SSL [bgo#578928]. Added tests/timeout-test to test this. + SoupDate fixes: - soup_date_to_string() now handles SOUP_DATE_RFC2822 [bgo#579055] - soup_date_new_from_string() now accepts 24:00 as a time in ISO8601 timestamps - soup_date_to_string() now coerces the date to UTC for HTTP and cookie dates, and outputs the UTC correct offset for the other date types. - Added regression tests to tests/date + soup_headers_parse() now completely ignores syntactically-incorrect headers, rather than passing them to soup_message_headers_append() and causing a g_warning. soup_message_headers_append() now also rejects 0-length header names. Updated tests/header-parsing to check this. [bgo#579318] + Fix a crash when cancelling a message from a "restarted" handler, and updated a regression test to notice the underlying cause. [bgo#380193] + Completing the API updates for bgo#576760 from 2.26.1, soup_message_headers_get() is now marked deprecated in favor of soup_message_headers_get_one() and _get_list(). - Do not package ChangeLog file: it's not distributed anymore. - Update to version 2.26.1: + Fix SoupProxyResolverGNOME bugs [bgo#578746, bgo#578809] + Fixed warnings when a message has a network problem when many other messages are queued. [bgo#578809] - Update to version 2.26.0.9: + libsoup uses libproxy for PAC and WPAD proxy resolution again. However, it arranges to do all communication with GConf itself, to ensure that libproxy doesn't call it in non-thread-safe ways. [bgo#571527] + Fixed a bug in SoupSessionSync when proxy resolution failed. [bgo#574957] + SoupURI now handles unencoded spaces in URIs. In particular, redirects via Location headers with spaces in them now work. [bgo#566530] + libsoup can now deal with servers (and clients) that erroneously use LF LF instead of CR LF CR LF to separate the headers and body. [bgo#571283] + Added soup_message_headers_get_one() and soup_message_headers_get_list(), which will eventually deprecate soup_message_headers_get(). This lets applications deal correctly with implementations that erroneously send multiple copies of single-valued headers. [bgo#576760] + In particular, soup_message_headers_get_content_type() now ignores duplicate Content-Type headers [bgo#576760] and also ignores syntactically-incorrect Content-Type headers. [bgo#577630] + SoupCookieJar can now store multiple cookies with the same domain and name, but different paths. [bgo#577360] + Abnormal SSL connection closes are now treated as ordinary EOFs, for compatibility with certain sites. [bgo#577386] + soup_header_g_string_append_param() now allows NULL values. [bgo#577728] + soup_message_headers_append() now rejects header names and values with newlines or certain other illegal data in them, rather than generating syntactically invalid headers. + Fixed a small bug in soup_date_new_from_string's ISO 8601 handling [bgo578369 for g_time_val_from_iso8601]. + The regression tests now work correctly on machines where "localhost" resolves to "::1" instead of "127.0.0.1". [bgo#576583] + Miscellaneous documentation fixes/clarifications. - Update to version 2.26.0: + Temporarily disable libproxy support to work around a bug in its gnome plugin that causes gvfsd-http (and probably eventually other apps) to crash. (bgo#571527) + Fixed a bug that showed up in WebKit, where if many messages were queued all at once to a server that doesn't support persistent connections, some of the requests will get lost. (bgo#574365) + Fixed SoupServer to support using SOUP_ENCODING_EOF, so you can stream responses of unknown length to HTTP/1.0 clients. (bgo#572153) + Fixed several bugs that prevented SoupCookieJarSqlite from working. (bgo#572409) + Added G_{BEGIN,END}_DECLS guards to public headers that were missing it. + Misc gtk-doc improvements. - Remove AutoReqProv: it's default now. - Remove -fno-strict-aliasing from CFLAGS. - Do not create an empty libsoup package. Have libsoup2_4-1 provide/obsolete it. - Merge the doc with the devel package since it only contained gtk-doc. - Add gconf2-devel BuildRequires since it's needed again (see first item in upstream changes). ==== listres ==== Version update (1.0.3 -> 1.0.4) - Update to version 1.0.4 * config: Add missing AC_CONFIG_SRCDIR * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== webkit2gtk3 ==== Version update (2.18.6 -> 2.20.0) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.20.0 (boo#1088182): + New API to retrieve and delete cookies with WebKitCookieManager. + New web process API to detect when form is submitted via JavaScript. + Several improvements and fixes in the touch/gestures support. + Support for the ?system? CSS font family. + Complex text rendering improvements and fixes. + Added a low power mode. + More complete and spec compliant WebDriver implementation. + Security fixes: CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117, CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122, CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129, CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. - Add webkit2gtk3-python3.patch: port to python 3 (bsc#1079812, webkit#156674). - Add conditional to optionally require python3, rather than python2 + python-xml, and adjust %build to use python3. - Update to version 2.19.92: + Ensure DNS prefetching cannot be re-enabled if disabled by settings. + Fix seek sometimes not working. + Fix rendering of emojis that were using the wrong scale factor in some cases. + Fix rendering of combining enclosed keycap. + Fix rendering scale of some layers in HiDPI. + Fix a crash in Wayland when closing the web view. + Fix crashes upower crashes when running inside a chroot or on systems with broken dbus/upower. + Fix memory leaks in GStreamer media backend when using GStreamer 1.14. + Fix the build with Enchant 2.x. + Fix several crashes and rendering issues. + Updated translations. - Replace pkgconfig(enchant) with enchant-devel BuildRequires: Allow webkit2gtk3 to build with whatever enchant is available in target distro. - Modernize spec-file by calling spec-cleaner - Update to version 2.19.91: + Add ENABLE_ADDRESS_SANITIZER to make it easier to build with asan support. + Fix a crash a under Wayland when using mesa software rasterization. + Make fullscreen video work again. + Fix handling of missing GStreamer elements. + Fix rendering when webm video is played twice. + Fix kinetic scrolling sometimes jumping around. + Fix build with ICU configured without collation support. + Fix several crashes and rendering issues. + Updated translations. - Do a minor spec cleanup. - Update to version 2.19.90: + WebSockets use system proxy settings now (requires libsoup 2.61.90). + Show the context menu on long-press gesture. + Add support for Shift + mouse scroll to scroll horizontally. + Fix zoom gesture to actually zoom instead of changing the page scale. + Implement support for Graphics ARIA roles. + Make sleep inhibitors work under Flatpak. + Add get element CSS value command to WebDriver. + Fix a crash aftter a swipe gesture. + Fix several crashes and rendering issues. - Drop webkit2gtk3-fix-wayland-crash.patch: fixed upstream. - Update to version 2.19.6: + Fix crashes due to duplicated symbols in libjavascriptcoregtk and libwebkit2gtk. + Fix parsing of timeout values in WebDriver. + Implement get timeouts command in WebDriver. + Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. + Fix several crashes and rendering issues. - Update to version 2.19.5: + This is a follow up release to export webkit_dom_dom_window_webkit_message_handlers_post_message() symbol that was hidden in 2.19.4 by mistake. - Changes from version 2.19.4: + Add web process API to detect when form is submitted via JavaScript. + Add new API to replace webkit_form_submission_request_get_text_fields() that is now deprecated. + Add WebKitWebView::web-process-terminated signal and deprecate web-process-crashed. + Fix rendering issues when editing text areas. + Use FastMalloc based GstAllocator for GStreamer. + Fix several crashes and rendering issues. + Updated translations. - Apply -DUSE_SYSTEM_MALLOC=ON unconditionally in all builds (bmalloc seems to be exhausting memory on run time). - Update to version 2.19.3: + Fix web process crash at startup in bmalloc. + Fix several memory leaks in GStreamer media backend. + WebKitWebDriver process no longer links to libjavascriptcoregtk. - Fix several crashes and rendering issues. - Changes from version 2.19.2: + Add new API to add, retrieve and delete cookies via WebKitCookieManager. + Add functions to WebSettings to convert font sizes between points and pixels. + Ensure cookie operations take effect when they happen before a web process has been spawned. + Automatically adjust font size when GtkSettings:gtk-xft-dpi changes. + Fix several crashes and rendering issues. - Allow OBS service to verify the tarball signature: + Add webkit2gtk3.keyring: Carlos Garcia Campos' public key. - Update to version 2.19.1: + Add initial resource load statistics support. + Add API to expose availability of certain editing commands in WebKitEditorState. + Add API to query whether a WebKitNavigationAction is a redirect or not. + Improve complex text rendering. + Add support for the "system" CSS font family. + Implement low power mode. + Fix several crashes and rendering issues. - Drop webkit2gtk3-no-return-in-nonvoid.patch: fixed upstream. - Add pkgconfig(libbrotlidec) and pkgconfig(upower-glib) BuildRequires: new dependencies. - Add webkit2gtk3-fix-wayland-crash.patch: fix crash when using Wayland with QXL/virtio (bsc#1079512, webkit#182490). - Add missing dependencies from the -devel package to the build typelib-1_0-*: just like libraries, a consumer of the devel package can assume the typelibs to be present: + typelib-1_0-WebKit2-%{_sonameverpkg}. + typelib-1_0-WebKit2WebExtension-%{_sonameverpkg}. - even on recent codestreams there is no binutils gold on s390 only on s390x. - Update to version 2.18.6: + Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. + Several fixes and improvements in WebDriver. + Security fixes: CVE-2018-4088, CVE-2017-13885, CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7153, CVE-2017-7161, CVE-2018-4096. - Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of ?high? resolution time to 1ms. + Fix API documentation generation with newer gtk-doc. + bsc#1075419 - Security fixes: includes improvements to mitigate the effects of Spectre (CVE-2017-5753 and CVE-2017-5715). - Update package descriptions. - Update to version 2.18.4: + Make WebDriver implementation more spec compliant. + Fix a bug when trying to remove cookies before a web process is spawned. + WebKitWebDriver process no longer links to libjavascriptcoregtk. + Fix several memory leaks in GStreamer media backend. + bsc#1073654 - Security fixes: CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, CVE-2017-13856. - Explicitly buildrequire python2-xml: the build system is (for now) hard locked on python2 and relies on the presence of python2-xml (used to be pulled in by glib2-devel in the past). - Update to version 2.18.3: + Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. + Fix handling of null capabilities in WebDriver implementation. + bsc#1069925 - Security fixes: CVE-2017-13798, CVE-2017-13788, CVE-2017-13803. - Update to version 2.18.2: + Fix rendering of arabic text. + Fix a crash in the web process when decoding GIF images. + Fix rendering of wind in Windy.com. + Fix several crashes and rendering issues. - Update to version 2.18.1: + Improve performance of GIF animations. + Fix garbled display in GMail. + Fix rendering of several material design icons when using the web font. + Fix flickering when resizing the window in Wayland. + Prevent default kerberos authentication credentials from being used in ephemeral sessions. + Fix a crash when webkit_web_resource_get_data() is cancelled. + Correctly handle touchmove and touchend events in WebKitWebView. + Fix the build with enchant 2.1.1. + Fix the build in HPPA and Alpha. + Fix several crashes and rendering issues. + bsc#1066892 - Security fixes: CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. + bsc#1073654 - Security fixes: CVE-2017-7157. - Enable gold linker on s390/s390x on SLE15/Tumbleweed. - Drop gcc6-c++ build conditionals for SLE12 / Leap42. - Update to version 2.18.0: + Initial WebDriver support. + New remote inspector infrastructure. + WebCrypto API support is now enabled by default. + GStreamerGL is enabled by default when building with GStreamer >= 1.10. + Kinetic scrolling support. + New API to create a WebKitContextMenuItem from a GAction. + New API to allow overriding the popup menu of select elements. - Add webkit2gtk3-no-return-in-nonvoid.patch: Fix brp error based on "warning: control reaches end of non-void function". - Update to version 2.17.92: + Improve CPU usage when rendering under Wayland in accelerated compositing mode. + Improve the memory consumption of the UI process under Wayland. + Fix rendering issues in some web sites with accelerated compositing enabled. + Fix a web process crash when closing the WebView. + Initialize libgcrypt in the network process too. + Show controls if a video element isn?t allowed to play inline. + Add support for cookies and screenshots commands in WebDriver. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.17.91: + Fix proxy HTTP authentication for HTTPS requests. + Stop kinetic scrolling when a zero movement is reached. + Fix UI process crash when selecting text. + Fix UI process crash when loading a favicon. + Properly handle WebDriver click command on option elements. + Fix web process crash when resizing the window with accelerated compositing enabled. + Fix crashes in 32 bit systems due to incorrect use of GVariant. + Fix several crashes and rendering issues. - Update to version 2.17.90: + WebCrypto API support is now enabled by default. + Add API to provide browser information required by automation. + Fix the expiration date of manually added cookies. + Add support for alerts in WebDriver. + WebKitDatabaseProcess binary has been renamed to WebKitStorageProcess. + Fix several crashes and rendering issues. - Update to version 2.17.5: + Add initial implementation of WebDriver. + Enable GStreamerGL by default when building with GStreamer >= 1.10. + Fix position of context menu in Wayland. + Properly close cookies database at network process exit. + Fix several crashes and rendering issues. + Updated translations. - Drop webkit2gtk3-gcc7.patch and webkit2gtk3-machine-context.patch: Fixed upstream. - Add pkgconfig(gstreamer-gl-1.0) BuildRequires: New dependency. - Add explicit Mesa-libEGL-devel, Mesa-libGL-devel, Mesa-libGLESv1_CM-devel, Mesa-libGLESv2-devel and Mesa-libGLESv3-devel BuildRequires. - Update to version 2.17.4: + Add API to allow overriding popup menus. + Add kinetic scrolling support. + Improve theme rendering performance when using GTK+ >= 3.20. + Improve error message when webkit_web_view_run_javascript() fails due to a JavaScript exception. + Fix artifacts when rendering large images. + Fix blob downloads. + Fix web process deadlock when seeking youtube videos. + Fix alpha premultiplying when using cairo to draw the video frames. + Fix web process deadlock when closing the remote inspector frontend. + Update several web inspector icons. + Fix several crashes and rendering issues. + Updated translations. - Changes from version 2.17.3: + Add new API to create a WebKitContextMenuItem from a GAction. + Fix graphics repaint hungs in accelerated compositing mode after a resize. + Fix rendering glitches in HiDPI in long GitHub Gist pages when focusing the comments textarea. + Remove Firefox user agent quirk for Google domains. + Remove LATEST_RECORD_VERSION from GnuTLS priority string. + Improve colors of inspector SVG icons. + Fix several crashes and rendering issues. + Updated translations. - Changes from version 2.17.2: + Update user agent quirks to make Youtube and new Google login page work. + Fix URL shown in the title of beforeunload dialogs. + Focus first input field of HTTP authentication dialog. + Fix rendering of PNG images when decoded in more than one chunk. + Update several web inspector icons. + Fix the build with OpenGL disabled. + Fix several crashes and rendering issues. - Changes from version 2.17.1: + Switch to use new remote inspector infraestructure instead of legacy Web Sockets based one. + Add API to enable and handle Web Automation. + Load large images asynchronously off the main theead. + Use GtkFileChooserNative for open/save dialogs when available. + Make file chooser run as modal by default if possible. + Fix position of dropdown menus in Wayland. + Keep URI fragments after a server redirection. + Implement support for aria-haspopup and aria-autocomplete. + Implement aria-value support for focusable separators. + Fix playing of some live streams. - Add webkit2gtk3-gcc7.patch: Fix build with gcc7 (webkit#173544). - Add webkit2gtk3-machine-context.patch: Fix build for ppc64le (webkit#173590). - Update to version 2.16.6: + Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short. + Fix the build when Wayland target is enabled and X11 disabled. + Fix several crashes and rendering issues. + bsc#1050469 - Security fixes: CVE-2017-7039, CVE-2017-7018, CVE-2017-7030, CVE-2017-7037, CVE-2017-7034, CVE-2017-7055, CVE-2017-7056, CVE-2017-7064, CVE-2017-7061, CVE-2017-7048, CVE-2017-7046. - Update to version 2.16.5: + Fix a web process crash when page finishes loading in several web sites. + Fix the menu of select elements not showing in some cases under Wayland. - Update to version 2.16.4 (CVE-2017-2538): + Fix web process deadlock when seeking youtube videos. + Fix blob downloads. + Improve theme rendering performance when using GTK+ >= 3.20. + Fix positioning of popup menus in Wayland. + Fix several crashes and rendering issues. + Security fixes: CVE-2017-2538. + bsc#1050469 - Security fixes: CVE-2017-7052. - Add conditional gcc6-c++ BuildRequires and #!BuildIgnore: libgcc_s1 and also and pass -DCMAKE_C_COMPILER=gcc-6 and - DCMAKE_CXX_COMPILER=g++-6 to cmake for SLE/Leap, so we can fully build Webkit2gtk3 without disabling features. - Drop webkitgtk-disable-gcc-version-checks.patch, no longer needed following above changes. - Remove the compilation flag to disable FTL JIT, no longer needed following above changes. - Update to version 2.16.3: + Fix URL shown in the title of beforeunload dialogs. + Focus first input field of HTTP authentication dialog. + Fix rendering glitches in HiDPI in long GitHub Gist pages when focusing the comments textarea. + Remove Firefox user agent quirk for Google domains. + Remove LATEST_RECORD_VERSION from GnuTLS priority string. + Fix several crashes and rendering issues. + bsc#1050469 - Security fixes: CVE-2017-2496, CVE-2017-2539, CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059. - Drop ncurses-devel BuildRequires: this is no longer required. - Update to version 2.16.2: + Update user agent quirks to make Youtube and new Google login page work. + Fix rendering of animated PNGs. + Fix playing of some live streams. + Update several web inspector icons. + Fix the build with NPAPI plugins enabled but X11 disabled. + Fix the build with OpenGL disabled. + Fix several crashes and rendering issues. + bsc#1050469 - Security fixes: CVE-2017-7006, CVE-2017-7012, CVE-2017-7019, CVE-2017-7038, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7049. - Update to version 2.16.1: + Fix no-third-party cookies policy in case of redirections. + Keep URL fragments after server redirections. + Honor GTK+ font settings. + Ensure depth and stencil renderbuffers are created on GLESv2. + Prevent new navigations from onbeforeunload handler and document unload. + Disallow beforeunload alerts from web pages users have never interacted with. + Fix several crashes and rendering issues. + bsc#1050469 - Security fixes: CVE-2017-7020. - Update to version 2.16.0: + Add missing types to WebKitAutocleanups. + Updated translations. - Update to version 2.15.92: + Show the context menu when triggered by the keyboard. + Fix web process deadlocks when destroying the media player. + Fix web process crashes when loading animated GIFs. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.15.91: + Fix rendering artifacts when resizing the window in accelerated compositing mode. + Remove flickering when leaving accelerated compositing mode. + Fix a web process crash when loading duck duck go. + Properly handle copy drag and drop operations. + Fix a hang when sending an IPC messages fails because socket read buffers are full. + Ensure we never try to load GTK2 plugins in Wayland. + Fix several crashes and rendering issues. - Update to version 2.15.90: + Add an API to add a custom tab into the print dialog. + Update cookie manager API to properly work with ephemeral sessions. + Fix rendering issues in long documents with transparent background. + Handle extended colors in cairo and texture mapper backends. + Release unused UpdateAtlas and reduce the tile coverage on memory pressure. + The media backend now stores preloaded media in /var/tmp instead of user cache dir. + Fix a deadlock when the media player is destroyed. + Fast replay on video hide/unhide on platforms with limited video buffer pools. + Fix network process crashes when loading custom URI schemes. + Fix video rendering when switching to accelerated compositing mode. + Fix several crashes and rendering issues. + Updated translations. - Drop upstream fixed patches: - webkit2gtk3-167785.patch - webkit2gtk3-167876.patch - webkit2gtk3-167890.patch - webkit2gtk3-167929.patch - Add webkit2gtk3-167785.patch: Fix build with disabled JIT (such as on ppc564le). - Add webkit2gtk3-167876.patch, webkit2gtk3-167890.patch and webkit2gtk3-167929.patch: fix webkit stalling on loading resources over the network. - Update to version 2.15.4: + Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don?t need it. + Add API to manage hardware acceleration policy. + Enable CSS Grid Layout by default. + Add API to create ephemeral WebViews to replace the legacy private browsing setting that is now deprecated. + Handle HTTP authentication for downloads having a WebView associated. + Add API to WebKitWebsiteDataManager to handle websites data. + Fix BadDamage X errors happening when resizing the WebView. + Fix several crashes and rendering issues. - Changes from version 2.15.3: + Add API to set network proxy settings. + Add API to set initial notification permissions. + Add WebKitSecurityOrigin to the API. + Add tag property to WebKitNotification. + Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers. + Improve memory pressure handler to reduce the CPU usage on memory pressure situations. + Add support for key and code properties on keyboard events. + More user agent string improvements to improve compatibility with several websites. + Fix network process crashes when loading custom URI schemes. + Fix web process crash when closing the web view in X11. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.15.2: + Add new API to notify about dynamically added forms to Web Extensions. + Implement selection interface and states for elements supporting aria-selected and for menu roles. + Expose STATE_SINGLE_LINE and STATE_MULTI_LINE for ARIA searchbox role. + Enable WebMemorySampler. + Downloads started by context menu actions now have a web view associated. + Fix a network process crash when main resource load is converted into a download. + Fix several crashes and rendering issues. - Changes from version 2.15.1: + GObject DOM bindings API marked as unstable has been removed. + Switch to use GMenu internally in the context menu implementation. + The network backend now always sniff contents for Downloads. - Update to version 2.14.5: + Fix rendering of non-accelerated contents with HiDPI. + Revert the fix for rendering issues in long documents with transparent background because it caused issues in HiDPI. - Update to version 2.14.4: + Make accelerating compositing mode on-demand again. By default it will only be used for websites that require it, saving a lot of memory on websites that don?t need it. + Fix rendering issues in long documents with transparent background. + Release unused UpdateAtlas and reduce the tile coverage on memory pressure. + The media backend now stores preloaded media in /var/tmp instead of user cache dir. + Make inspector work again when accelerated compositing support is disabled. + Fix a deadlock when the media player is destroyed. + Fix network process crashes when loading custom URI schemes. + Fix overlay scrollbars that are over a subframe. + Fix a crash in GraphicsContext3D::drawArrays when using OpenGL 3.2 core profile. + Fix BadDamage X errors happening when resizing the WebView. + Fix several crashes and rendering issues. + bsc#1024749 - Security fixes: CVE-2017-2365, CVE-2017-2366, CVE-2017-2373, CVE-2017-2363, CVE-2017-2362, CVE-2017-2350, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2371, CVE-2017-2364, CVE-2017-2369. - Update to version 2.14.3: + Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers. + Improve memory pressure handler to reduce the CPU usage on memory pressure situations. + Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times. + Fix high CPU usage in the web process loading hyphenation dictionaries. + More user agent string improvements to improve compatibility with several websites. + Fix web process crash when closing the web view in X11. + Fix the build with OpenGL ES2 enabled. + Fix several crashes and rendering issues. + bsc#1020950 - Security fixes: CVE-2016-7656, CVE-2016-7635, CVE-2016-7654, CVE-2016-7639, CVE-2016-7645, CVE-2016-7652, CVE-2016-7641, CVE-2016-7632, CVE-2016-7599, CVE-2016-7592, CVE-2016-7589, CVE-2016-7623, CVE-2016-7586. + Updated translations. - Do not recommend the -lang package with a version: it has close to no effect anyway, as the solver could simply ignore it to find a solution. - Update to version 2.14.2: + Expose WebKitDOMHTMLInputElement APIs for form autofill in unstable DOM API. + Properly update WebKitWebView and WebKitWebPage URI properties when request is modified by WebKitWebPage:send-request signal. + Restore user agent quirk for Yahoo. + Dot not leak the default WebKitWebsiteDataManager in WebKitWebContext. + Use eglGetPlatformDisplay when available instead of eglGetDisplay. + Avoid strstr() when checking (E)GL extensions. + Fix several crashes and rendering issues. + Fix the build with ENABLE_OPENGL=OFF and allow to build on Wayland without OpenGL again. + Updated translations. - Disable JIT on armv6 (webkit#141288). - Update to version 2.14.1: + MiniBrowser and jsc binaries are now installed in pkglibexecdir instead of bindir. + Improve performance when resizing a window with multiple web views in X11. + Check whether GDK can use GL before using gdk_cairo_draw_from_gl() in Wayland. + Updated default UserAgent string for better compatibility. + Fix a crash on github.com in IntlDateTimeFormat::resolvedOptions when using the C locale. + Fix BadDamage X errors when closing the web view in X11. + Fix UIProcess crash when using Japanese input method. + Fix build with clang due to missing header includes. + Fix the build with USE_REDIRECTED_XCOMPOSITE_WINDOW disabled. + Fix several crashes and rendering issues. + Updated translations. + bsc#1020950 - Security fixes: CVE-2016-4692, CVE-2016-7610. - Update to version 2.14.0: + Use gdk_cairo_draw_from_gl() when possible in Wayland to render directly using the GPU in the UI process. + Ensure we don't send an empty referrer header after session restore. + Fix a web process crash in pages using filter animations. + Fix main frame scrolling jumps when scrolling acclerated subframes. + Fix the size of the cairo surface created in the UI process on Wayland. + Fix memory leak in JavaScriptCore. + Fix the build when '.' is not in @INC by default in perl. + Updated translations. + bsc#1020950 - Security fixes: CVE-2016-4743, CVE-2016-7587, CVE-2016-7598. - Rebase webkitgtk-disable-gcc-version-checks.patch. - Reintroduce support for Gtk2 plugins like Flash. + Add pkgconfig(gtk+-2.0) BuildRequires. + No longer pass -DENABLE_PLUGIN_PROCESS_GTK2=OFF to configure. + Split the built plugin to it's own sub-package, webkit2gtk3-plugin-process-gtk2, and make sure it's excluded from the main package. + Only apply these changes to openSUSE via conditional. - Update to version 2.13.92: + Add clipboard support in Wayland. + Improve rendering of scrollbars with themes setting a minimum width for the scrollbar CSS gadget. + Fix another WebProcess crash when the last WebView is destroyed. + Fix the build with GCC 6. - Drop webkitgtk-fix-clipboard.patch: Fixed upstream. - Add webkitgtk-fix-clipboard.patch: Fix clipboard support in wayland (webkit#146574). - Update to version 2.13.91: + Improve the performance when resizing the WebView with the threaded compositor. + Do not try to use GL_PACK_ROW_LENGTH when compiling with GLES2, since it's not available. + Use a different plugins cache file in Wayland and X11. + Fix UI process crash visiting sites protected with HTTP auth when using GTK+ < 3.14. + Fix a WebProcess crash when the last WebView is destroyed. + Fix build configure without Wayland support. + Fix the build when compiling with Clang. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.13.90: + Add initial implementation of accelerating compositing support under Wayland. + Fix performance with the modesetting intel driver and DRI3 enabled. + Improved performance when resizing the web view on X11. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.13.4: + Switched to use the threaded compositor. Accelerated compositing mode is now always enabled by default and happens in a separate thread in the web process. + Make web view background colors work in accelerated compositing mode. + Fix several crashes and rendering issues. - Update to version 2.13.3: + Fix Web Process deadlocks when loading HLS videos. + Make videos work when painted into a canvas when accelerated compositing is enabled. + Fix flickering with animated GIFs. + Fix a Web Process crash when video repaint is requested with GStreamer GL enabled. + Reduce the amount of file descriptors that the Web Process keeps open. + Make memory pressure handler work when cgroups are not available. + Fix several crashes and rendering issues. - Update to version 2.13.2: + Properly redraw the web view when reparented in force compositing mode. + Flip the volume control layout in media controls on RTL. + Add support for video orientation to the GStreamer media backend. + Fix several crashes and rendering issues. - Update to version 2.13.1: + CSS Grid Layout has been unprefixed and can be enabled as an experimental feature at runtime. + The HTTP disk cache implements speculative resources revalidation. + Add a new WebKitSetting to allow universal access from file URLs. + Fix several crashes and rendering issues. - Rebase webkitgtk-typelib-sharelib-link.patch. - Add pkgconfig(gnutls) BuildRequires: New dependency. - Rebase webkitgtk-disable-gcc-version-checks.patch for 2.12.5 - Update to version 2.12.5: + Fix a regression introduced in 2.12.4 that caused a hang in the network process after a load failure. + Fix several crashes and rendering issues. - Rebase webkitgtk-disable-gcc-version-checks.patch for 2.12.4 - Update to version 2.12.4: + Security fixes: CVE-2016-4622, CVE-2016-4624, CVE-2016-4591, CVE-2016-4590. + Fix performance in accelerated compositing mode with the modesetting intel driver and DRI3 enabled. + Reduce the amount of file descriptors that the Web Process keeps open. + Fix Web Process deadlocks when loading HLS videos. + Make CSS and SVG animations run at 60fps. + Make meter elements accessible. + Improve accessibility name and description of elements to make it more compatible with W3C specs and fix several bugs in which the accessible name of objects was missing or broken. + Fix a crash when running windowed plugins under Wayland. + Fix a crash at process exit under Wayland. + Fix several crashes and rendering issues. + Updated translations. - Update _constraints memory requirements. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest version. - Update to version 2.12.3: + Security fixes: CVE-2016-1857, CVE-2016-1856. + Improved the detection of supported MIME types supported by the media player. + Fix web process crash when playing adaptive streaming media. + Change the volume while thumb slider is dragged, not only when released. + Fix leaked thread in network process. + Fix several crashes and rendering issues. + Updated translations. - Also apply webkitgtk-disable-gcc-version-checks.patch on Leap and use GCC 4.8. - Change condition to pass -DENABLE_DATABASE_PROCESS=OFF, - DENABLE_INDEXED_DATABASE=OFF and -DENABLE_FTL_JIT=OFF to cmake: newly on all SLE12 based systems (incl. Leap). - Update to GNOME 3.20.2 FATE#318572 - add -DUSE_SYSTEM_MALLOC=ON as in factory on ppc/s390 - handle s390 like s390x to fix build - Refresh webkitgtk-disable-gcc-version-checks.patch for latest version. - Update to version 2.12.2: + Fix rendering of scrollbars with GTK themes using stepper buttons. + Fix compatibility issue with 2.12.1 regarding local storage access from file URLs. + Make menu list buttons use the text color from the theme. + Do not show resize grip in non-resizable text fields. + Fix accessibility events causing Orca to echo key presses instead of speaking the inserted characters in password fields. + Fix an off by one error in hyphenation. + Fix several crashes and rendering issues. + Fix the build with libjpeg v9. + Updated translations. - Drop pkgconfig(gtk+-2.0) BuildRequires and pass - DENABLE_PLUGIN_PROCESS_GTK2=OFF to configure. We do no longer ship the flash-plugin in openSUSE, and it were the last consumer of this functionality. This also have the added bonus of freeing zenity and dependant packages of gtk2 dependencies. - Update to version 2.12.1: + Fix spotify player. + Improve themed control elements rendering to better match GTK+ widgets. + Make remote web inspector work again. + Fix several crashes and rendering issues. + Fix several memory leaks. + Fix the build in Linux / PowerPC. + Fix detection of S390X and PPC64 architectures. + Fix the build in glibc-based BSD systems. + Updated translations. - Add -DUSE_SYSTEM_MALLOC=ON to configure for ppc ppc64 ppc64le and s390x, needed now for build to complete. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest version. - Update to version 2.12.0: + Enable GSS-Negotiate support when available in libsoup. + Fix overlay scrollbar indicator position. + Fix smooth scrolling behavior that was not fixed in all cases in 2.11.92. + Fix the build with newer versions of GCC and clang. - Update webkitgtk-disable-gcc-version-checks.patch (partially merged). - Update to version 2.11.92: + Revert the patch to limit the number of tiles according to the visible area introduced in 2.11.90, because it caused rendering issues in several popular websites. + Fix scrollbars rendering again with GTK+ >= 3.19.11. + Fix rendering of slider input elements. + Fix rendering artifacts when using a web view background color. + Make webkit_web_context_clear_cache() work again. + Fix smooth scrolling behavior that was changed by mistake. + Don?t force ENABLE_INTROSPECTION=OFF on Mac. + Install WebProcess and NetworkProcess on OSX when not building the Mac port. - Update webkitgtk-disable-gcc-version-checks.patch to properly disable terminateDatabaseProcess method when it is disabled at compilation time. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest webkitgtk. - Update to version 2.11.91: + Do not show stale contents after session restore. + Fix flickering and rendering artifacts when entering accelerated compositing mode before the web view is realized. + Fix several rendering issues and crashes. + Fix build with FTL enabled in FreeBSD. + Updated translations. - Update webkitgtk-disable-gcc-version-checks.patch to fix building with gcc 4.8 (fix from Mike Gorse). - Update to version 2.11.90: + Switch to use overlay scrollbars like all other GTK+ widgets and ensure the behavior is consistent with GTK+ too. + Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. + Fix toggle buttons rendering with GTK+ 3.19. + Fix HTTP authentication dialog rendering when accelerated compositing mode is enabled. + Use G_TYPE_ERROR instead of G_TYPE_POINTER for GError parameters of signals. + Fix several memory leaks. - Rebase webkitgtk-disable-gcc-version-checks.patch. - Do not use binutils-gold on s390x and try to minimize memory used there at linking time. - Ensure JIT is also disabled on s390x. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest webkitgtk. - Update to version 2.11.5: + Switch FTL to use B3 backend instead of LLVM. + Add support for windowless NPAPI plugins with no UI in non X11 platforms. + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix a Web Process crash when quickly attempting many DnD operations. + Fix scrollbars rendering with older versions of GTK+. + Fix a crash when creating a WebKitWebView without providing a WebKitWebContext. - Drop llvm-devel BuildRequires as upstream now supports B3 instead of LLVM. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest webkitgtk. - Update to version 2.11.4: + Prefer to link to LLVM shared libraries when building with FTL enabled. + Fix runtime errors when serializing/deserializing session state. + Fix critical warnings when loading a URL after a session restore. + Fix the build with GTK+ < 3.14. + Fix the build with video support disabled. - Drop webkitgtk-llvm-shared-libs.patch: Fixed upstream. - Refresh webkitgtk-disable-gcc-version-checks.patch for latest webkitgtk. - Update to version 2.11.3: - NetworkProcess is now used unconditionally. The shared secondary process model is now the same as using the multiple process model and setting a process limit of 1. - Disable DNS prefetch when a proxy is configured. - Reduce the maximum simultaneous network connections to match other browsers. - Extend notifications API to notify WebKit when a notification is clicked by the user. - Add new API to save and restore a WebView session. - Add Web Extensions API to be notified about console messages. - Add WebKitURIRequest API to get the HTTP method. - Add API to handle beforeunload events. - Make WebKitWebView always propagate motion-notify-event signal. - Add a way to force accelerating compositing mode at runtime using an environment variable. - Fix input elements and scrollbars rendering with GTK+ 3.19. - Fix a crash in the UI process when the WebView is destroyed while the screensaver DBus proxy is being created. - Fix a WebProcess crash when loading large contents with custom URI schemes API. - Fix UI process crashes related to not having a main resource response when the load is committed for pages restored from the history cache. - Reenable JIT on SLE, except for the fourth tier (FTL) which requires LLVM 3.7. - Add webkitgtk-llvm-shared-libs.patch to replace llvm-config wrapper script. - Disable database support on SLE, which is requiring gcc >= 4.9: Add patch webkitgtk-disable-gcc-version-checks.patch to allow building with gcc 4.8, change BuildRequires to gcc-c++ / libedit-devel on SLE, instead of gcc-c++ >= 4.9 and llvm-devel, disable database and indexed database on SLE and disable JIT support on all platforms on SLE, which requires llvm >= 3.7. - Miscellaneous cleanups. - Stop setting ENABLE_YARR_JIT=OFF on secondary arches. Nowadays ENABLE_YARR_JIT is a private option, and setting ENABLE_JIT=OFF is sufficient to do the right thing. - Fix build: + Add llvm-devel and ncurses-devel BuildRequires. + Inject a llvm-config wrapper script into ~/bin, which replaces the original's output of static libs with dynamic shared objects. This is supposedly going to be corrected with LLVM 3.8. - Update to version 2.11.2: + Enable FTL by default in JavaScriptCore for x86_64. + Improved media backend performance by better handling glib main loop sources. + Fix rendering of lines when using solid colors. + Fix web process crashes due to BadDrawable X errors in accelerated compositing mode. + Updated translations. - Update to version 2.10.7: + Fix the build with GTK+ < 3.16. - Update to version 2.10.6: + Fix a deadlock in the Web Process when JavaScript garbage collector was running for a web worker thread that made google maps to hang. + Fix media controls displaying without controls attribute. + Fix a Web Process crash when quickly attempting many DnD operations. - Add binutils-gold BuildRequires: Use the gold linker for build and remove --reduce-memory-overheads from RPMOPT flags since gold-linker does not know it. - Update to version 2.11.1: + Improved general performance by better handling glib main loop sources. + Add autocleanups support to GObjects exposed in public API. + Upload the accelerated canvas as a texture by copying via GPU directly. + Popup menus no longer use a nested main loop. - Update to version 2.10.4: + Fixed dashed and dotted border painting. + Properly cancel navigation policy checks. + Several crashes fixed when running editor commands. + Fix several crashes due to assertions in Debug builds. + Fix the build on Mac OSX and bring back the Quartz target. + Fix the build on glibc-based BSD systems. - Update to version 2.10.3: + Fix graphics artifacts when entering/leaving Accelerated Compositing mode. + Honour 'forwards' fill-mode in Multiple-keyframe and delayed instantaneous animations. + Fix runtime warning when the inspector is closed. + Fix the build with GTK+2 plugin process disabled. + Gracefully handle errors when sending/receiving IPC messages data on connection close. + Fix several crashes and rendering issues. - Update to version 2.10.2: + Fix a regression introduced in 2.10.1 that disabled accelerated compositing. + Fix build with cmake 3.4. - Update to version 2.10.1: + Fix rendering of accelerated content in HiDPI screens. + Fix several media controls rendering issues. + Fix rendering of progress element with recent versions of GTK+. + Add and update some web inspector icons. + Correctly handle websites sending an invalid auth header. + Fix a crash when creating the UI process backing store in Wayland. + Fix the build with spellchecker disabled. + Fix the build with touch events disabled. + Fix the build with OpenGL disabled. + Several build fixes on Mac OSX. + Fix several crashes and rendering issues. - Update to version 2.10.0: + New HTTP disk cache for the Network Process. + IndexedDB support. + New Web Inspector UI. + Automatic ScreenServer inhibition when playing fullscreen videos. + Improved font matching algorithm. + Initial Editor API. + Performance improvements. - Update to version 2.9.92: + Data URLs are now decoded in the Web Process instead of the Network Process. + Fix Web Process crash recovery. + Fix a crash when sqlite3_initialize() is called from multiple threads. + Fix the volume bar in media controls. + Fix JavaScriptCore build with GCC 5. + Fix the build when accelerated 2D canvas is enabled but cairo was built without GLX. + Fix everal memory leaks. + Updated translations. - Drop webkitgtk-gcc5-buildfix.patch: Fixed upstream. - Update to version 2.9.91: + Fix performance regression introduced in previous release when scaling images. + Fix runtime critical warning when there are missing media plugins. + Fix the build on systems with GTK+ compiled with an old version of wayland. - Update to version 2.9.90: + Add API to request permission before showing PackageKit codec installation notifications. + Fix a crash closing a page when a context menu is open. + Fix DNS prefetch when using the network process. + Improve image quality when using newer versions of cairo/pixman. + Fix a crash when the web view is destroyed while the screensaver DBus proxy is being created. - Update to version 2.9.5: + Add API to set the maximum number of web processes per WebKitWebContext. + Add API to allow executing editing commands that require an argument. + Prevent clipboard contents from being lost when web process finishes. + Always allow font matching for strong aliases. + Move GStreamer missing plugins installer to the UI process. + Fix empty space in popup menus when first item is selected. + Fix a crash when SoupSession is destroyed in exit handler. + Disable NPAPI plugins when running on Wayland. + Updated translations. - Update to version 2.9.4: + Fix the window size reported when the web view isn't realized yet. This fixes the layout of some websites when opening new tabs in the browser and anchor links when opened in new tabs too. + Add API to be notified about editor state changes. + Add selection-changed signal to the Web Extensions API. + Add initial WebKitWebsiteDataManager API for process configuration options. + Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. + Correctly restore accelerated compositing after a WebProcess crash. + Only enable the input methods filter when there's an editable element focused. + Fix a crash on memory allocation using bmalloc on 32bit systems. + Allow to build with X11 and Wayland targets at the same time. + Fix a crash when spell checker returns no guesses. + Update and optimize some of the web inspector icons. + Updated translations. - Update to version 2.9.3: + Inhibit screen saver when playing full screen video. + Fix DOCUMENT_VIEWER cache model to actually disable the memory cache. + Fix a regression that prevented the WebKitWebView::context-menu signal from being emitted. + Update web inspector icon so Rendering Frames timeline distinguish between layout and painting. + Ensure fragment identifier part of URI is not removed for custom URI scheme requests. + Improve performance of keyboard events handling. + Expose element tag name as an object attribute to accessibility. + Fix the build with Wayland target enabled. - Update to version 2.9.2: + Add IndexedDB support using a dedicated database process. + Add construct property to WebKitWebContext to set the IndexedDB database directory. + Add allow-file-access-from-file-urls to WebKitSettings. + Improve network process disk cache performance by mapping cached resources in the web process instead of sending the resources data via IPC. + Prevent WorkQueue objects from being leaked and ensure its worker thread always exits. + webkit_dom_html_element_get_children() has been deprecated in favor of webkit_dom_element_get_children() to match the DOM spec. + ARIA menu items no longer have anonymous block children. + Map pre element to ATK_ROLE_SECTION instead of ATK_ROLE_PANEL. + Always include rows in the tree of accessible tables. + Fix the build with Netscape plugins disabled. + Fix XPixmaps leaked by GLContext when using EGL on X11. + Updated translations. - Update to version 2.9.1: + New disk cache implementation when using the network process. + Web inspector UI has been redesigned. + Add support for automatic hyphenation using libhyphen when it's available. + Fix network redirection to a non HTTP destination. - Add hyphen-devel BuildRequires: New dependency. - Update to version 2.8.5: + Fix the window size reported when the web view isn't realized yet. This fixes the layout of some websites when opening new tabs in the browser and anchor links when opened in new tabs too. + Prevent clipboard contents from being lost when web process finishes. + Always allow font matching for strong aliases. + Move GStreamer missing plugins installer to the UI process. + Fix a crash when spell checker returns no guesses. + Fix a crash when SoupSession is destroyed in exit handler. + Fix a crash closing a page when default context menu is open. + Several crashes and rendering issues fixed. + Updated translations. - Modify _constraints file for armv6l/armv7l arches to sizes so low that in practice it's disabled. - Update to version 2.8.4: + Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. + Improve detection and usage of GL/GLES/EGL libraries. + Fix a crash on memory allocation using bmalloc on 32bit systems. + Fix DOCUMENT_VIEWER cache model to actually disable the memory cache. + Fix a WebProcess crash after too many redirect error when there's an active NPAPI plugin. + Fix a WebProcess crash when gtk-font-name setting is empty. + Ensure Math.abs() doesn't return negative. + Correctly restore accelerated compositing after a WebProcess crash. + Respect X-Frame-Options headers when loading from application cache. + Several crashes and rendering issues fixed. + Fix the MIPS N64 detection. + Fix several memory leaks. + Updated translations. - Update to version 2.8.3: + Fixed a regression introduced in 2.8.2 that broke downloads when using the network process. + Fix the build with Netscape plugins disabled. + Fix XPixamps leaked by GLContext when using EGL on X11. - Changes from version 2.8.2: + Fix network redirection to a non HTTP destination. - Use a webkit subdirectory for the disk cache to avoid conflicts with other files in the cache directory when the disk cache is cleaned up. - Do not preserve the Origin header on on cross-origin redirects. - Prevent WorkQueue objects from being leaked and ensure its worker thread always exits. - Update to version 2.8.1: + Handle keep-alive connections in GStreamer HTTP source element. + Fix a crash in DOMObjectCache when a wrapped object owned by. the cache is unreffed by the user. + Fix rendering of drag and drop icon. + Fix the build with REDIRECTED_XCOMPOSITE_WINDOW disabled in X11 platform. + Fix the build with Wayland target enabled. + Fix the build for HPPA. - Add webkitgtk-gcc5-buildfix.patch: Fix build with gcc5. - Add BuildRequires pkgconfig(libnotify) to build with support for HTML5 notifications (bnc#926482). - Change webkit2gtk-4_0-injected-bundles Recommends to Requires: apps fail to load webkit if the bunldes are not available. - Update to version 2.8.0: + Initial gestures support. + HTML5 notifications. + User script messages. + HTML5 color input. + APNG support. + Performance improvements. + Playing audio notification signal. + Web view background colors. - Update to version 2.7.92: + Add APNG support. + Disable RC4 support in networking backend. + Add a configure option to build with OpenGL ES 2. + Add an option to enable MiniBrowser for non developer builds and always install it. + Check TLS errors as soon as they are set in the SoupMessage to prevent any data from being sent to the server in case of invalid certificate. + Make WebKitWebView always hold a reference on WebKitWebContext now that it?s possible to create new web contexts. + Fix a crash when entering accelerated compositing mode before the WebView is realized. + Fix some transfer annotations used in GObject DOM bindings. + Fix GObject DOM objects leaked when the web view contents are updated. + Fix a crash viewing http://www.last.fm/. + Fix an infinite loop in ARM Linux when parallel GC is enabled it again. + Fix the build with older versions of GStreamer. + Fix the build when NEON_INTRINSICS is enabled. + Fix the build with video enabled but WebAudio disabled. - Changes from version 2.7.91: + Enable concurrent JIT. + Add support for ARIA 1.1 ?switch? and ?searchbox? roles. + Fix synchronous loads when maximum connection limits are reached. + Fix web timing calculations when loading resources from the disk cache. + Fix a crash when loading a local file with webkit_web_view_load_alternate_html. + Fix a WebProcess crash when entering accelerating compositing mode before the WebView is realized. + Improve the appearance of fonts loaded via @font-face. + Fix undefined symbol issue when loading web extensions. + Build bmalloc as a static library. + Fix the build with CMake 3.2. + Fix the C-Loop LLInt build. + Updated translations. - Drop webkitgtk-bmalloc-as-static.patch: fixed upstream. - Add webkitgtk-bmalloc-as-static.patch: Build libbmalloc as static library. Only webkitgtk depends on it. - Update to version 2.7.90: + Use the new memory allocator bmalloc instead of TCMalloc which drastically improves the overall performance. + Remove WebKitWebView::close-notification signal and add WebKitNotification::closed instead. + Implement support for new AtkRole types for MathML. + Add support for input color type. + Add API to allow overriding the default color chooser implementation. + Resize the accelerating compositing window to a minimum size again after leaving accelerated compositing mode to save memory. + Ensure WebKitFrame objects are released when the frame is destroyed. + Clear the GObject DOM bindings internal cache when frames are destroyed. + Implement page overlays to bring back the inspector element highlighting. + Fix startup runtime critical warnings when using the network process. + Fix the build with recent versions of GLib that have GMutexLocker. + Fix the gtk-doc generation to appear in DevHelp. - Update to version 2.7.4: + Add API to change the WebKitWebView background color. + Add an option to create WebKitWebView snapshots with transparent background. + Add API to make the WebKitWebView editable. + Add is-playing-audio property to WebKitWebView. + Do not resize the accelerating compositing window to the web size until accelerated compositing mode is activated. - Update to version 2.7.3: + Add API to support HTML5 notifications. + Add UserMedia Permission Request API. + GObject DOM bindings API now correctly returns NULL intead of empty strings to be able to differentiate between not present and present but empty. + Add support for text-decoration-skip. + Improve the HTTP authentication dialog. + Expose the ID attribute of Meter and Option elements to accessibility. + Use latin1 instead of UTF-8 for HTTP header values. + Update NavigationItemProbes inspector icon. + Add video/mp2t as alternative mimetype for MPEG TS. + Add application/x-mpegurl and video/flv to the list of supported mimetypes. + Add SCHEDULING query support to HTTP media source element. + Fix deadlock when shutting down AudioDestination. + Updated translations. - Changes from version 2.7.2: + Fix SSL connection issues with some websites after the POODLE vulnerability fix. + Add API to handle user script messages. + Add context menu API to Web Process Extensions. + Add API to create a WebKitWebContext. + Add API to override the default local storage directory. + Add WebKitWebResource::failed-with-tls-errors signal to notify about load failures due to TLS errors also in sub-resources. + Fix several crashes in accessibility implementation. + Fix XMLHttpRequest with a timeout when using the network process. + Fix XMLHttpRequest with cookies disabled when using the network process. + Fix a crash in the network process when a synchronous load redirects to a new url in a different security origin. + Fix a crash in TextureMapper when video resolution changes. + Correctly report the memory used by the media player to the garbage collector to make sure it?s freed when the video element is removed from the DOM. + Fix documentation of webkit_print_operation_get_page_setup(). - Update to version 2.6.5: + Fix issue that caused some text to be inserted when trying to delete a word from the Twitter message box. + GObject DOM bindings API now correctly returns NULL intead of empty strings to be able to differentiate between not present and present but empty. + Do not resize the accelerating compositing window to the web size until accelerated compositing mode is activated. + Use latin1 instead of UTF-8 for HTTP header values. + Add SCHEDULING query support to HTTP media source element. + Add application/x-mpegurl and video/flv to the list of supported mimetypes. + Update NavigationItemProbes inspector icon. + Fix the build with recent GStreamer. + Fix the build on FreeBSD. + Fix build on OS X. + Fix the build on powerpc 32 bits. + Fixed several crashes in WebCore and JavaScriptCore. + Updated translations. - Drop webkitgtk-libatomic.patch: Fixed upstream. - Add webkitgtk-libatomic.patch: Check if libatomic is needed in order to use std::atomic; fixes build on ppc. - Update to version 2.6.4: + Fix SSL connection issues with some websites after the POODLE vulnerability fix. + Fix several crashes in accessibility implementation. + Fix XMLHttpRequest with a timeout when using the network process. + Fix XMLHttpRequest with cookies disabled when using the network process. + Fix a crash in the network process when a synchronous load redirects to a new url in a different security origin. + Fix documentation of webkit_print_operation_get_page_setup(). + Allow to build with GObject introspection disabled. + Fix the remote inspector when settings don't change after page initialization. - Update to version 2.6.3: + Fix a crash when loading flash plugins. + Correctly report the memory used by the media player to the garbage collector to make sure it's freed when the video element is removed from the DOM. + Fix a crash in TextureMapper when video resolution changes. + Ensure that CSS-generated text content is exposed to assistive technologies. + Enable CSS_IMAGE_SET on production builds to fix some icons that are not rendered in the web inspector. + Fix the build on FreeBSD and GNU Hurd. + Fix the build with video disabled. - Update to version 2.6.2: + SSLv3 is now disabled to protect us against POODLE vulnerability. + TLS errors are no longer ignored by default. + Fix the remote web inspector. + Fix rendering of buttons, selections and lists with recent GTK+ versions. + Improve performance of timers scheduled after a delay in microseconds. + Fix WebKitSettings:enable-smooth-scrolling to actually enable smooth scrolling. + Fix the build with drag and drop support disabled. - Update to version 2.6.1: + Ensure WebKitWebView:is-loading is TRUE right after a new load starts. + Fix a crash in the plugin process with some windowed flash plugins. + Allow to dock the inspector again once undocked when building with GTK+ >= 3.10. + TLS errors now take precedence over the HTTP authentication dialog. + Do not shrink on-disk cache to its default size on startup. + Improve the proportion and visibility of some web inspector icons. + Fix GTK+2 plugins not working after being updated. + Don?t include full path names in WebKitEnumTypes.h to ensure the generated headers are always identical. + Updated transations. - Disable JIT on Power architectures (-DEANBLE_JIT=OFF -DENABLE_YARR_JIT=0) - Update to version 2.6.0: + Make vimeo videos work again with the GStreamer media backend. + Add more free icons for the web inspector. + Fix a WebSocket crash when a connection is closed from server side. + Fixed a memory leak in JavaScriptCore. + Fix the build with video support disabled. + Fix CLoop on the 32-bit Big-Endians. + Updated translations. - Update to version 2.5.90: + Use free icons for the web inspector. + Change WebKitWebView::load-failed-with-tls-errors signal to pass the failing URI as signal argument instead of the host. + Add new API to allow overwrite existing files when downloading a file. + Add webkit_uri_response_get_http_headers() API. + Improve the UI of the HTTP authentication dialog. + Fix a crash when navigating away from a web page containing an ogg video. + Fix race condition when downloading a file due to the intermediate temporary file. + Fix toggle buttons rendering with recent GTK+ versions. + Fix selection rendering when unfocused with recent GTK+ versions. + Mak e the GStreamer media backend not send the transferMode HTTP header. - Setup environment to prefer GOLD linker (softlink /usr/bin/ld.gold to ~/bin/ld). - Pass -DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS="-Wl,--as-needed - Wl,-z,now" to cmake call: cmake changed the default to not accept libraries to have undefined symbols (-Wl,--no-undefined). In this case though, it is understood and expected, so we remove - -no-undefined from the FLAGS. - Initial package, version 2.5.3; based on webkitgtk3.spec. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] Features, Use Case and Articles for Leap 15
by ddemaio 12 Apr '18

12 Apr '18

Hi all, We would like to highlight some of the use cases for Leap 15. If you have submitted a package for Leap 15, could you please add your features to the https://en.opensuse.org/Features_15.0 page. Also, if you would like an article about your package and how it can be used in Leap, could you please send me an email with how to set up and use your package within Leap. I would like to collect these and start working on various articles that focus on packages and the use of those packages within Leap 15. v/r Doug -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] Leap 15.0 Build 196.1 released!
by Ludwig Nussel 12 Apr '18

12 Apr '18

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.0&bui… https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&q… When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3… to record your testing efforts and use bugzilla to report bugs. Packages changed: appstream-glib (0.7.4+git.3 -> 0.7.7) ark autoyast2 (4.0.44 -> 4.0.45) boost boost-base branding-openSUSE chrony createrepo_c curl (7.58.0 -> 7.59.0) dhcp ethtool exempi (2.2.2 -> 2.4.5) ffmpeg gcab (0.8 -> 1.1) gcc7 (7.3.1+r258313 -> 7.3.1+r258812) gegl (0.3.28 -> 0.3.30) gnome-settings-daemon gnutls gptfdisk grub2 gstreamer (1.12.4 -> 1.12.5) gstreamer-plugins-bad (1.12.4 -> 1.12.5) gstreamer-plugins-base (1.12.4 -> 1.12.5) gstreamer-plugins-good (1.12.4 -> 1.12.5) gstreamer-plugins-ugly (1.12.4 -> 1.12.5) hdf5 iproute2 kbd kcm_tablet (2.9.82 -> 3.0.0) kernel-firmware (20180320 -> 20180402) kernel-source kexec-tools korganizer libedit liblogging libmygpo-qt (1.0.9 -> 1.1.0) libnfnetlink libreoffice (6.0.2.1 -> 6.0.3.2) libsmbios (2.3.3 -> 2.4.1) libyajl mokutil multipath-tools (0.7.3+59+suse.1b6191c26774 -> 0.7.3+60+suse.46ac839) ncurses net-tools open-iscsi openldap2 (2.4.45 -> 2.4.46) osinfo-db p7zip patterns-base patterns-kde patterns-yast (20171005 -> 20180403) perl-Bootloader php7 (7.2.3 -> 7.2.4) plasma5-workspace python-rpm qemu rdma-core re2 (20180301 -> 20180401) rpm sg3_utils skanlite (2.0.1 -> 2.1.0.1) systemd texinfo transactional-update tuned util-linux util-linux-systemd xdm yast2 (4.0.61 -> 4.0.65) yast2-auth-client (3.3.18 -> 4.0.0) yast2-hardware-detection (3.1.8 -> 4.0.0) yast2-installation (4.0.42 -> 4.0.43) yast2-journal (3.2.1 -> 4.0.0) yast2-ldap (3.1.14 -> 4.0.0) yast2-network (4.0.24 -> 4.0.25) yast2-nfs-client (4.0.3 -> 4.0.5) yast2-packager (4.0.52 -> 4.0.55) yast2-ruby-bindings (4.0.4 -> 4.0.6) yast2-storage-ng (4.0.142 -> 4.0.148) yast2-trans (84.87.20180316.72781395d -> 84.87.20180406.01ef53789) yast2-transfer (3.1.3 -> 4.0.0) yast2-vm (3.2.5 -> 4.0.0) === Details === ==== appstream-glib ==== Version update (0.7.4+git.3 -> 0.7.7) Subpackages: appstream-glib-lang libappstream-builder8 libappstream-glib8 - Update to version 0.7.7: + Use shell-extensions::uuid for custom shell extensions metadata key. - Update to version 0.7.6+git.12: + Always resize AppStream icons to fit the destination size. + Add AS_IMAGE_LOAD_FLAG_ALWAYS_RESIZE to always resize the pixbuf. + Correctly validate files using OR in the metadata_license. + Update the SPDX license list to v3.0. + Don't abort the build if pngquant fails. + Add custom metadata key for shell extension uuid. + Do not fail to validate if the timestamps are out of order. + Treat pngquant exit code of 98 (nothing done) as success. - Modernize spec-file by calling spec-cleaner. - Update to version 0.7.6: + Never include '&' in attribute values. + Add support for release types. + Fix an invalid read when using as_app_parse_data() from Python. + as-app-desktop: don't deference invalid lists. - Use pkgconfig(yaml-0.1) instead of libyaml-devel: it's what meson actually looks for. - Add docbook-xsl-stylesheets and gtk-doc BuildRequires to avoid implicit dependencies. - Drop intltool BuildRequires: it is no longer required since upstream migrated to Gettext long ago, and gthread-2.0 and sqlite3 BuildRequires: both of them are no longer used/needed. - Pass dep11, builder, rpm, man, gtk-doc and introspection meson options as true, and alpm, fonts and stemmer as false, ensuring the desired features are enabled and visa versa. - Update to version 0.7.5: + Add as_app_parse_data(). + Add as_store_get_apps_by_provide(). + Add more GObject Introspection annotations for Python. + Describe connection problems/HTTP errors when validating images. + Do not use an 'enable' prefix for meson arguments. + Don't expect an enum when really passing a bitfield. + Don?t fall back to en if other languages are available. + Explicitly require a new enough json-glib. + Fix a crash when calling as_release_add_location() directly. + Fix appstream-compose when using new-style desktop IDs. + Fix compile with GCab v1.0. + Generate icons and samples for emoji fonts.. + Never change the default screenshot when processing AppData. + Support OARS v1.1 additions. + Use pngquant to make the application icons take up less space. - Add pngquant Requires: new runtime dependency to make the application icons take up less space. ==== ark ==== Subpackages: ark-lang libkerfuffle17 - Drop 0001-Swap-priorities-around-between-unar-and-unrar.patch again, unar's "unrar" wrapper has been split out and doesn't replace unrar anymore. There are good reasons not to prefer unar over unrar, it currently only supports a subset of RAR archives, and this also breaks creating of RAR archives with Ark if unar is installed. People who do want to install the new unrar_wrapper instead of the real unrar can still disable the rar plugin in Ark's settings to be able to open RAR archives with unar. ==== autoyast2 ==== Version update (4.0.44 -> 4.0.45) Subpackages: autoyast2-installation - Fix tests to use correct storage instance (part of fate#318196). - 4.0.45 ==== boost ==== - Use %license instead of %doc [bsc#1082318] ==== boost-base ==== Subpackages: boost-license1_66_0 libboost_date_time1_66_0 libboost_filesystem1_66_0 libboost_iostreams1_66_0 libboost_locale1_66_0 libboost_system1_66_0 libboost_thread1_66_0 - Use %license instead of %doc [bsc#1082318] ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE - Fix to boo#1087547, yast installation visibility ==== chrony ==== - Use %license instead of %doc [bsc#1082318] ==== createrepo_c ==== Subpackages: libcreaterepo_c0 python3-createrepo_c - fix spelling of old weakdeps feature switch (bsc#1088328) ==== curl ==== Version update (7.58.0 -> 7.59.0) Subpackages: libcurl4 libcurl4-32bit - Added message about protocol redirection not supported or disabled to the function findprotocol() [bsc#1076446] * Added curl-disabled-redirect-protocol-message.patch - Update to version 7.59.0 [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121] [bsc#1084532, CVE-2018-1000122] Changes: * curl: add --proxy-pinnedpubkey * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS * Add new tool option --happy-eyeballs-timeout-ms * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA Bugfixes: * openldap: check ldap_get_attribute_ber() results for NULL before using * FTP: reject path components with control codes * readwrite: make sure excess reads don't go beyond buffer end * lib555: drop text conversion and encode data as ascii codes * lib517: make variable static to avoid compiler warning * lib544: sync ascii code data with textual data * GSKit: restore pinnedpubkey functionality * darwinssl: Don't import client certificates into Keychain on macOS * parsedate: fix date parsing for systems with 32 bit long * openssl: fix pinned public key build error in FIPS mode * SChannel/WinSSL: Implement public key pinning * cookies: remove verbose "cookie size:" output * progress-bar: don't use stderr explicitly, use bar->out * build: open VC15 projects with VS 2017 * curl_ctype: private is*() type macros and functions * configure: set PATH_SEPARATOR to colon for PATH w/o separator * curl_easy_reset: clear digest auth state * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 * range: commonize FTP and FILE range handling * progress-bar docs: update to match implementation * fnmatch: do not match the empty string with a character set * fnmatch: accept an alphanum to be followed by a non-alphanum in char set * build: fix termios issue on android cross-compile * getdate: return -1 for out of range * formdata: use the mime-content type function * openssl: Don't add verify locations when verifypeer==0 * fnmatch: optimize processing of consecutive *s and ?s pattern characters * schannel: fix compiler warnings * content_encoding: Add "none" alias to "identity" * get_posix_time: only check for overflows if they can happen * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING * README: language fix * sha256: build with OpenSSL < 0.9.8 * smtp: fix processing of initial dot in data * --tlsauthtype: works only if libcurl is built with TLS-SRP support * tests: new tests for http raw mode * libcurl-security.3: man page discussion security concerns when using libcurl * curl_gssapi: make sure this file too uses our *printf() * BINDINGS: fix curb link (and remove ruby-curl-multi) * nss: use PK11_CreateManagedGenericObject() if available * travis: add build with iconv enabled * ssh: add two missing state names * CURLOPT_HEADERFUNCTION.3: mention folded headers * http: fix the max header length detection logic * header callback: don't chop headers into smaller pieces * CURLOPT_HEADER.3: clarify problems with different data sizes * curl --version: show PSL if the run-time lib has it enabled * examples/sftpuploadresume: resume upload via CURLOPT_APPEND * Return error if called recursively from within callbacks * sasl: prefer PLAIN mechanism over LOGIN * winbuild: Use CALL to run batch scripts * curl_share_setopt.3: connection cache is shared within multi handles * projects/README: remove reference to dead IDN link/package * lib655: silence compiler warning * configure: Fix version check for OpenSSL 1.1.1 * docs/MANUAL: formfind.pl is not accessible on the site anymore * unit1307: proper cleanup on OOM to fix torture tests * curl_ctype: fix macro redefinition warnings * build: get CFLAGS (including -werror) used for examples and tests * NO_PROXY: fix for IPv6 numericals in the URL * krb5: use nondeprecated functions * http2: mark the connection for close on GOAWAY * limit-rate: kick in even before "limit" data has been received * HTTP: allow "header;" to replace an internal header with a blank one * http2: verbose output new MAX_CONCURRENT_STREAMS values * SECURITY: distros' max embargo time is 14 days * curl tool: accept --compressed also if Brotli is enabled and zlib is not * WolfSSL: adding TLSv1.3 * checksrc.pl: add -i and -m options * CURLOPT_COOKIEFILE.3: "-" as file name means stdin - Refreshed patch libcurl-ocloexec.patch ==== dhcp ==== Subpackages: dhcp-client - Update to dhcp-4.3.6-P1: * CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd. * CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient. * Plugged a socket descriptor leak in OMAPI * The server now allows the client identifier (option 61) to own leases in more than one subnet concurrently [ISC-Bugs #41358]. * When replying to a DHCPINFORM, the server will now include options specified at the pool scope, provided the ciaddr field of the DHCPINFORM is populated. [ISC-Bugs #43219] [ISC-Bugs #45051]. * When memory allocation fails in a repeated way the process writes "Run out of memory." on the standard error and exists with status 1 [ISC-Bugs #32744]. * The new lmdb (Lightning Memory DataBase) bind9 configure option is now disabled by default to avoid the presence of this library to be detected which can lead to a link failure. [ISC-Bugs #45069] * The linux interface discovery code has been modified to use getifaddrs() as is done for BSD and OS-X. [ISC-Bugs #28761] and others. * Fixed a bug in OMAPI that causes omshell to crash when a name-value pair with a zero length value is shipped in an object [ISC-Bugs #29108]. * On 64-bit platforms, dhclient now generates the correct value for the script environment variable, "expiry", the lease expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326]. * Common timer logic was modified to cap the maximum timeout values at 0x7FFFFFFF - 1 [ISC-Bugs #28038]. * DHCP6 FQDN option unpacking code now correctly handles values that contain spaces, special, or non-printable characters. [ISC-Bugs #43592] * When running in -6 mode, dhclient can enforce the require option statement and will discard offered leases that do not contain all the required options specified in the client configuration [ISC-Bugs #41473]. * Altered DHCPv4 lease time calculation to avoid roll over errors on 64-bit OS systems when using -1 or large values for default-lease-time [ISC-Bugs #41976], * Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169]. * The server nows checks both the address and length of a prefix delegation when attempting to match it to a prefix pool [ISC-Bugs #35378]. * Modified DDNS support initialization such that DNS related ports will only be opened by the server (dhcpd) at startup if ddns-update-style is not "none"; by dhclient only if and when the it first attempts an update; and never by dhcrelay. [ISC-Bugs #45290] [ISC-Bugs #33377] * Added error logging to two memory allocation failure checks. [ISC-Bugs #41185] * Corrected a dhclient -6 issue that caused the client to crash with an "Impossible condition" error after de-preferencing its only IA binding [ISC-Bugs #44373]. * By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h, dhclient will now call the script with reason set to FAIL when run with -1 (one try) and there are no server responses. [ISC-bugs #18183] * The server now detects failover peers that are not referenced in at least one pool when run with the command line option for test mode, -T [ISC-Bugs #29892]. * Linux script updated [ISC-bugs #19430] [ISC-bugs #18111]. * Changed severity of the log message indicating UDP checksum errors in the received packets from 'info' to 'debug'. [ISC-bugs #41757] * Corrected a bug which could cause the server to sporadically crash while loading lease files with the lease-id-format is set to "hex" [ISC-Bugs #43185]. - Obsoleted patches: * 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch * 0019-dhcp-4.2.4-P1-interval.patch * 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch * 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch ==== ethtool ==== - add warning that changes should be submitted via git (i.e. not directly to IBS) to the specfile - drop BuildRoot (no longer needed in SLE15) - drop BuildRequire for xz (no longer needed in SLE15) - use %license rather than %doc for license file (bsc#1082318) - add backported post-4.13 upstream fixes (bsc#1088294): ethtool-fix-MFLCN-register-dump-for-82599-and-newer.patch ethtool-correct-display-of-VF-when-showing-vf-queue-.patch ethtool-show-VF-and-queue-in-the-help-for-N.patch ethtool-correct-VF-index-values-for-the-ring_cookie-.patch ==== exempi ==== Version update (2.2.2 -> 2.4.5) - Extend descriptions. - Update to 2.4.5: * Fix a buffer overflow in the PSD parser. (CVE-2018-7730 bnc#1085295) * Fix a buffer overflow in the TIFF parser. (CVE-2018-7728 bnc#1085297) * Fix a buffer overflow in PostScript parser. (CVE-2018-7729 bnc#1085296) * Fix a null dereference in WEBP parser. (CVE-2018-7731 bnc#1085294) * Properly initialize pointers in WEBP. * Fix an infinite loop in RIFF parser. * Fix an infinite loop in QuickTime parser. * Fix an infinite loop in ASF parser. * Adjust minimum version for gcc in documentation. * Fix a buffer overrun, memcpy() on overlapping regions, use after free in the exception handling. Fix a fatal assert with corrupt WEBP. * Fix a crash on a corrupt file. * Upgrade XMPCore to Adobe XMP CC 2014.12. * New flag to optimize layout on MPEG4 files. * GoPro MPEG4 video files support. * Improved JPEG support. * iXML support in WAVE files. * Several bugs and memory leaks fixes. * Changes from Adobe XMP CC 2013.06. * Pluggable file handlers (not exposed yet in Exempi) * Support for Exif 2.3 properties * New RIFF file handler * Better Postscript support. * Lot of bug fixes. * Now require (partial) C++11 support to compile (gcc 4.4.7 tested) * WebP format handler (contributed: Frankie Dintino, The Atlantic) * Several API improvements * Fix potential crash with corrupt TIFF file. * Fix header to pass -Wstrict-prototypes ==== ffmpeg ==== Subpackages: libavcodec57 libavdevice57 libavfilter6 libavformat57 libavresample3 libavutil55 libpostproc54 libswresample2 libswscale4 - Create a new package ffmpeg-private-devel which contains some headers under /usr/include/ffmpeg/private that were not installed by upstream. Those headers are needed by the libav package in order to build avconv and other tools using the libav* libraries generated by ffmpeg instead of its own. No other package should require ffmpeg-private-devel. - Build and install also the sidxindex tool ==== gcab ==== Version update (0.8 -> 1.1) Subpackages: gcab-lang libgcab-1_0-0 - Update description. - Modernize spec-file by calling spec-cleaner - Add gcab-revert-git-dep.patch: Revert new dependency on git, having a builddependency on git just to able to show version when using a git checkout is a bit much (bgo#793406). - Following the above patch, drop git BuildRequires. - Update to version 1.1: + Add git version in --version. + Fix list of new symbols in index page. + Fix unused declarations. - Drop fixed upstream patches: gcab-meson-build-fixes.patch; gcab-folder-simplify_sort_cfiles.patch; gcab-doc-fixes.patch. - Drop intltool BuildRequires: it's no longer a requirement after upstream migration to Gettext. - Add git BuildRequires: new dependency. - Add a little summary of its content to the main package description. ==== gcc7 ==== Version update (7.3.1+r258313 -> 7.3.1+r258812) Subpackages: cpp7 libgcc_s1 libgcc_s1-32bit libgfortran4 libgomp1 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit - Update to gcc-7-branch head (r258812). * Picks fix to no longer enable -mpc-relative-literal-loads by default with --enable-fix-cortex-a53-843419. - Enable --enable-fix-cortex-a53-843419 on aarch64. [bnc#1084812] [bnc#1087930] ==== gegl ==== Version update (0.3.28 -> 0.3.30) Subpackages: gegl-0_3 gegl-0_3-lang libgegl-0_3-0 - Update to 0.3.30 - Rather complex code changes, which is in NEWS file - Now minimum build requirement for GIMP 2.10.0 - Update to version 0.3.28: + New stable branch, long packaged as gegl-unstable in openSUSE, changes far to many to list, please see NEWS packaged in docs sub-package. - Lots of BuildRequires, Requires and sub-package changes. - Drop upstream fixed patches: + gegl-UF_long.patch. + gegl-lua52.patch. + gegl-0.2.0-CVE-2012-4433.patch. + gegl-ruby19.patch. + gegl-0.2.0-linker-flags.patch - Fix SRPM group. Update descriptions. Remove idempotent %if..%endif around %package. - Modernize spec-file by calling spec-cleaner - require liberation-fonts instead of liberation2-fonts, it is dead [bsc#1077375] [rh#856239] - Replace liberation-fonts BuildRequires with liberation2-fonts: the new set works as well. - Fix CVE-2012-4433 (bsc#789835): + Add gegl-0.2.0-CVE-2012-4433.patch: Fix buffer overflow in and add plausibility checks to ppm-load op. - Use pkgconfig instead of libffmpeg-devel - Add gegl-0.2.0-linker-flags.patch to add -lm to linker flags. - fix build for factory * add patch: gegl-UF_long.patch * newer suitesparse abandoned UF_long in favor for SuiteSparse_long - fix build for graphics repo * ugly fix, multiple provides of gd by gd and gd-tools from libgd2 - update license to new format - Add gegl-ruby19.patch: Fix build with ruby 1.9. - Add liberation-fonts: the documentation references bitstream vera sans font, so we need to provide it for the build. - Update to version 0.2.0: + OpenCL support + Build improvements. + High level API to apply ops directly to buffers with arguments. + Final bits of translation infrastructure. + Invalidate regions when disconnecting input pads. + Operations: - New operation: global-matting - Allow transform core to do perspective transforms. - Added string based key/value pairs to operations. - Added arguments for dealing with scaled down preview rendering. + Added human interaction ranges and non-linear mapping to properties. + Buffer: - Removed broken lanczos sampler. - Add gegl_buffer_set_color and gegl_buffer_set_pattern - Added ability to drop cached tiles. - Added API for handling abyss policy (not implemented yet) - Avoid iterating global tile cache when flushing/destroying buffers that have no tiles in the cache. - Add intltool BuildRequires: new dependency upstream, for translations. - Add lensfun-devel BuildRequires to build with lensfun support. - Add libexiv2-devel BuildRequires to build with libexiv2 support. - Add libjasper-devel BuildRequires to build with Jasper support. - Add libspiro-devel BuildRequires to build with SPIRO support. - Add suitesparse-devel BuildRequires to build with UMFPACK support. - Uncomment ruby BuildRequires: it was commented out because a file was missing in a earlier tarball. - Rename subpackages from gegl-0_1/libgegl-0_1-0 to gegl-0_2/libgegl-0_2-0 following the upstream soname change. - Create a gegl-0_2-lang subpackage for new translations. - Add gegl-lua52.patch: fix build with lua 5.2, while still being compatible with lua 5.1. - Update to version 0.1.8: + New operations: spread, vignette, map-relative, noise-reduction, plasma, fractal-trace, exr-save, lens-correct, emboss, cubism, ripple, color-to-alpha, color-rotate, red-eye-removal, convolution-matrix, deinterlace, polar-coordinates, lens-distortion, pixelise. + Split GeglView GTK Widget into separate utility library + build/test improvements. + Buffer: - Added lohalo resampler, API and infrastructure for doing non affine resamplings. - Clean spec-file using spec-cleaner. - Drop docs-build-fix.diff: fixed upstream. - update to 0.1.6 (see NEWS) ? New operations: max-rgb, pixelise, motion blur. ? Fixed a bugs in matting-levin that made GEGL halt due to errors detected by babl sanity code, this made 0.1.4 be unusable if you had all dependendency when building. ? build/test improvements. ? Buffer: Added API to use external tile backends, allowing to plug-in alien tilebackends, for GIMP/Krita/OSM or similar. - remove upstreamed patches bgo609706 bgo610680 (thanks, Vincent) - BuildRequire graphviz-gd instead of graphviz: we do require png capabilities, which are split out of the main package. Theoretically, we should require graphviz-devel, but this package also does not drag in -gd. - Add gegl-fix-overflow.patch to fix overflow found by gcc 4.5. - Update to version 0.1.2: + GeglLookup, configurable floating point lookup tables for lazy computation. + Use GFileIOStream in GeglTileBackendFile. + Optimizations: in-place processing for point filters/composers, SIMD version of gegl:opacity, avoid making unneccesary sub-buffers, removed some manual instrumentation from critical paths, improved speed of samplers. + Added xml composition/reference image based regression tests. + Added performance tracking framework. + Syntactic sugar using varargs for constructing gegl graphs from C. + Build fixes on cygwin. + Gegl# fixes. + Initial, but unstable code towards multithreading. + Improvements to lua op in workshop. + Added new resamplers upsize, upsharp, upsmooth, downsize, downsharp and downsmooth. + Removed gegl:tonemap and gegl:normal ops. - Drop gegl-new-babl.patch: fixed upstream. - Add gegl-fix-build.patch: remove printf that breaks build because of missing include. - Rename package from gegl-0_0 and libgegl-0_0-0 to gegl-0_1 and libgegl-0_1-0 following soname bump. - Add gegl-new-babl.patch to fix build with babl 0.1.2. - Update to version 0.1.0: + Renamed gegl:load-buffer to gegl:buffer-source and gegl:save-buffer to gegl:buffer-sink (but the old names still work) + Represent colors using doubles instead of floats (this change is independent from internal processing) + Removed the GTK+ UI parts of the gegl binary and turned gegl into a pure command line tool (which can still visualize stuff with help help the SDL based display operation) + Consider {x=G_MININT/2, y=G_MININT/2, width=G_MAXINT, height=G_MAXINT} as the only valid region wichin processing may occur. Processing outside of this region is undefined behaviour. + Added support for storing allocation stack traces for GeglBuffers so that debuging buffer leaks becomes much easier + Made small changes and cleanups of the public API, e.g. - Removed gegl_node_adapt_child() - Made GeglConfig an explicit object - Removed most of the ifdeffed stuff to mask away internal structures - Added gegl_rectangle_infinite_plane() and gegl_rectangle_is_infinite_plane() + Added new sampler GeglSamplerSharp + Added format property go gegl:buffer-sink + Cleaned up and made gegl:introspect work again + Add a bunch of test cases using the automake test sytem (make check) and also port buffer tests to automake + General cleanups, bug fixes, increased robustness and improved documentation - Drop gegl-babl_api_change.patch: fixed upstream. - Temporarly remove ruby BuildRequires as the build is broken when it's there right now. - Add gegl-babl_api_change.patch to make gegl build with babl 0.1.0. Patch taken from Fedora. - Remove autoreconf call. - Do not make gegl0_0 explicitly Requires libbabl-0_0-0. ==== gnome-settings-daemon ==== Subpackages: gnome-settings-daemon-lang - Add gnome-settings-daemon-timeout-grabbing-keys.patch: Retry grabbing media-key accelerators when timed out (bgo#792353). ==== gnutls ==== - Simplify the DANE support %ifdef condition * build with DANE on openSUSE only - Adjust RPM groups. Drop %if..%endif guards that are idempotent. ==== gptfdisk ==== - Use %license instead of %doc [bsc#1082318] ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix Nvidia GPU in legacy I/O slot 2 disappears during system startup (bsc#1082914) * 0001-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled-MMIO-da.patch - Fix packed-not-aligned error on GCC 8 (bsc#1084632) * 0001-Fix-packed-not-aligned-error-on-GCC-8.patch ==== gstreamer ==== Version update (1.12.4 -> 1.12.5) Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.12.5: + pad: fix some stream deactivation deadlocks/races. + registrychunks: don't read from unaligned memory when loading registry. + ptp: fix build failure with #undef USE_MEASUREMENT_FILTERING. + downloadbuffer: Don't hold the mutex while posting the download-complete message. + playbin3: Fix accessing invalid index in GstStream when received select-stream event. + id3v2: re-fix handling of ID3 v2.4 tags with extended headers. + audio: fix handling of U32BE format. + videodecoder: Reset QoS time after pushing segment. This fixes playbin gapless playback with videos. + subparse: push out of last chunk of text if last line has no newline. + aacparse: When parsing raw input, accept frames of any size. This fixes handling of encoded silence. + splitmuxsrc: Improve not-linked handling. + rtspsrc: also proxy multicast-iface property to RTCP udpsrc. + flacdec: flush flac decoder on lost sync, so that it can re-sync. + matroskamux: Only mark new clusters as keyframe if they start on a keyframe or we're muxing only audio. + matroskamux: Clip maximum cluster duration to the maximum possible value. + h264parse: reset internal 'state' variable properly. + x264enc: fix build with newer x264 with support for multiple bit depths. + x265enc: Fix tagging of keyframes on output buffers. + glimagesink: Correct PAR in output caps when transforming. + vtdec: destroy and create the GL context on start()/stop(), fixing a refcount loop. + player: fix criticals when reading info/track properties that are NULL. + lv2: fix inverted boolean properties. + rtponviftimestamp: fix state change function init/reset, fixing memory corruption or leaks on shutdown. + libav: some build issues fixes. + rtsp-server: Place netaddress meta on packets received via TCP. Fixes keep-alive via RTCP in TCP interleaved mode. + rtsp-server: gi annotation fixes. + gst-libav: internal ffmpeg copy was updated to ffmpeg 3.3.6. + Various fixes for memory leaks, deadlocks and crashes in all modules. - Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036). - Modernize spec-file by calling spec-cleaner ==== gstreamer-plugins-bad ==== Version update (1.12.4 -> 1.12.5) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Update to version 1.12.5: + Bugs fixed: bgo#794069, bgo#794353, bgo#794620, bgo#794537, bgo#793629, bgo#789476, bgo#789476, bgo#791910, bgo#791813, bgo#791772, bgo#791330, bgo#791982. - Drop gst-bad-vtdec-destroy-create-fix.patch and gst-bad-player-transfer-ownership.patch: Fixed upstream. ==== gstreamer-plugins-base ==== Version update (1.12.4 -> 1.12.5) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.12.5: + Bugs fixed: bgo#668995, bgo#792983, bgo#784530, bgo#771853, bgo#789358, bgo#791638 - Drop gst-pb-playbin3-fix-accessing-invalid-index.patch: Fixed upstream. - Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036). - Modernize spec-file by calling spec-cleaner. - Drop filesystem PreRequires: this is simply nonsense. ==== gstreamer-plugins-good ==== Version update (1.12.4 -> 1.12.5) Subpackages: gstreamer-plugins-good-lang - Update to version 1.12.5: + Bugs fixed: bgo#792775, bgo#793067, bgo#792376, bgo#792644, bgo#791473, bgo#757449, bgo#791494. - Drop upstream fixed patches: + gst-good-equalizer-fix-Wincompatible-pointer-types-warning.patch. + gst-good-fix-memory-leak-GAP-buffers.patch. + gst-good-flacdec-flush-flac-decoder.patch - Unconditionally enable translation-update-upstream: on Tumbleweed, this results in a NOP and for Leap in SLE paid translations being used (boo#1086036). ==== gstreamer-plugins-ugly ==== Version update (1.12.4 -> 1.12.5) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.12.5: + Bugs fixed: bgo#792111. - Drop gst-ugly-amrnwbdec-fixes.patch and gst-x264enc-fix-build-x264-multiple-bit-depths.patch: Fixed upstream. - Add gst-x264enc-fix-build-x264-multiple-bit-depths.patch: x264enc: fix build with newer x264 with support for multiple bit depths (bgo#792111). ==== hdf5 ==== Subpackages: libhdf5-101 libhdf5_hl100 - Only build one examples package for all flavors, do not include dependencies as these would be flavor specific (bsc#1088547). - Fix some typos, one trivial, two mispelled macros ==== iproute2 ==== - list of patches packed into patches.tar.xz on its creation (this is a fake changelog entry added to silence factory-auto bot): adjust-installation-directories-for-openSUSE-SLE.patch use-sysconf-_SC_CLK_TCK-if-HZ-undefined.patch add-explicit-typecast-to-avoid-gcc-warning.patch xfrm-support-displaying-transformations-used-for-Mob.patch man-fix-documentation-references-in-manual-pages.patch split-link-and-compile-steps-for-binaries.patch examples-fix-bashisms-in-example-script.patch utils-Move-BIT-macro-to-common-header.patch rdma-Add-basic-infrastructure-for-RDMA-tool.patch rdma-Add-dev-object.patch rdma-Add-link-object.patch rdma-Add-json-and-pretty-outputs.patch rdma-Implement-json-output-for-dev-object.patch rdma-Add-json-output-to-link-object.patch rdma-Add-initial-manual-for-the-tool.patch rdma-fix-duplicate-initialization-in-port_names.patch iplink-check-for-message-truncation-in-iplink_get.patch iplink-double-the-buffer-size-also-in-iplink_get.patch utils-return-default-family-when-rtm_family-is-not-R.patch Really-fix-get_addr-and-get_prefix-error-messages.patch iproute-Add-support-for-extended-ack-to-rtnl_talk.patch ss-enclose-IPv6-address-in-brackets.patch lib-fix-extended-ack-with-and-without-libmnl.patch lib-need-to-pass-LIBMNL-flag.patch change-how-Config-is-used-in-Makefile-s.patch tc-ip-more-Makefile-updates-for-LIBMNL.patch lib-Dump-ext-ack-string-by-default.patch bpf-unbreak-libelf-linkage-for-bpf-obj-loader.patch libnetlink-Fix-extack-attribute-parsing.patch ifstat-Fix-memleak-in-dump_kern_db-for-json-output.patch ss-Fix-potential-memleak-in-unix_stats_print.patch iproute-Fix-for-missing-Oifs-display.patch ipmaddr-Avoid-accessing-uninitialized-data.patch ss-Fix-for-added-diag-support-check.patch link_gre6-Fix-for-changing-tclass-flowlabel.patch tc-actions-store-and-dump-correct-length-of-user-coo.patch ss-Distinguish-between-IPv4-and-IPv6-wildcard-socket.patch ip-maddr-fix-filtering-by-device.patch man-add-additional-explainations-for-ss.patch tc-move-action-cookie-print-out-of-the-stats-if.patch tc-remove-action-cookie-len-from-printout.patch link_gre6-Detect-invalid-encaplimit-values.patch man-tc-csum.8-Fix-inconsistency-in-example-descripti.patch tc-bash-completion-add-missing-classid-keyword.patch gre-ip6tnl-tunnel-Fix-noencap-support.patch Restore-no-print-directory-option-for-silent-builds.patch iplink-Validate-minimum-tx-rate-is-less-than-maximum.patch ipaddress-Make-sure-VF-min-max-rate-API-is-supported.patch - add Provides and Obsoletes for removed iproute2-doc - use fdupes to avoid OBS warnings (and unlinked duplicate files) - use %license for license file (bsc#1082318) - drop outdated sgml/tex/pdf documentation: patches/README-re-add-updated-information-link.patch patches/README-update-location-of-git-repositories-remove-br.patch patches/Remove-leftovers-from-removed-Latex-documentation.patch patches/doc-drop-old-ip-command-documentation.patch patches/doc-remove-obsolete-ip-tunnels-documentation.patch patches/doc-remove-outdated-IPv6-flow-label-document.patch patches/doc-remove-outdated-arpd-documentation.patch patches/doc-remove-outdated-nstat-rtstat-documentation.patch patches/doc-remove-outdated-ss-documentation.patch patches/doc-remove-outdated-tc-filters-documentation.patch - move remaining files from iproute2-doc (which are fairly small) into the main package and drop iproute2-doc completely - make guards and apply-patches scripts executable in prep phase (needed to fix build in IBS) - add more post-4.12 fixes (bsc#1085669): devlink-fix-port-new-monitoring-message-typo.patch ip-address-Fix-negative-prints-of-large-TX-rate-limi.patch ip-link-Fix-use-after-free-in-nl_get_ll_addr_len.patch lib-libnetlink-re-malloc-buff-if-size-is-not-enough.patch lib-libnetlink-update-rtnl_talk-to-support-malloc-bu.patch rdma-Check-return-value-of-strdup-call.patch rdma-Check-that-port-index-exists-before-operate-on-.patch rdma-Fix-misspelled-SYS_IMAGE_GUID.patch rdma-Ignore-unknown-netlink-attributes.patch rdma-Protect-dev_map_lookup-from-wrong-input.patch rdma-Reduce-scope-of-_dev_map_lookup-call.patch tc-fix-command-tc-actions-del-hang-issue.patch - add warning that changes should be submitted via git (i.e. not directly to IBS) to both specfiles - reorder patches into upstream order (and move SUSE specific ones to the end); this allows fewer modifications compared to original upstream commits and makes future backports easier (no effect on expanded source tree) - transform the package to patches tarball and series.conf for easier maintenance (no effect on expanded source tree) * pack all patches into a tarball * list them in series.conf * apply patches in a loop using guard utility ==== kbd ==== Subpackages: kbd-legacy - Disable characters >=U+F000. These do not work properly (bsc#1085432#c15, kbd-unicode-fxxx.patch). ==== kcm_tablet ==== Version update (2.9.82 -> 3.0.0) Subpackages: kcm_tablet-lang - Update to version 3.0.0 * Implemented hotplugging on Xlib (by Fabian Vogt). Hotplugging should now work on Debian/Ubuntu based distributions, and all other distributions that don't build libXCB with Xinput enabled. * Screen mapping configuration now uses output names instead of screen indices. This invalidates existing screen mapping configurations. * Tablet Finder should no longer skip button detection. * First steps in fixing rotation handling in multi-screen setup. However, for now if you want your screen rotation to be tracked, it has to be set as primary screen. Qt bug: https://bugreports.qt.io/browse/QTBUG-65598 * Minor calibration dialog fixes. Calibration still might be off with Cintiq devices. Fixing those would require some feedback: https://userbase.kde.org/Wacomtablet#Calibration_issues_.26_manual_calibrat… * New device definitions: + Lenovo Yoga 520 (by Felipe Abrahao) + Wacom Intuos Pro L (PTH-860) (by Melvin Vermeeren) + Wacom Bamboo One M (CTL-671) (by Alexander) - Drop Implement-hotplugging-on-Xlib.patch, merged upstream - Mark license file as %license ==== kernel-firmware ==== Version update (20180320 -> 20180402) Subpackages: ucode-amd - Update to version 20180402: * amdgpu: update vce firmware for Polaris * linux-firmware: Add firmware file for Intel Bluetooth,9560 * linux-firmware: Add firmware file for Intel Bluetooth,9260 * linux-firmware: Update firmware file for Intel Bluetooth,8265 * linux-firmware: Update firmware patch for Intel Bluetooth 8260 * nfp: update Agilio SmartNIC firmware to rev 2.0.7 * cxgb4: update firmware to revision 1.18.9.0 * linux-firmware: intel: Update Geminilake audio firmware * linux-firmware: intel: Update Kabylake audio firmware * linux-firmware: intel: Update Broxton audio firmware * linux-firmware: intel: Update Skylake audio firmware ==== kernel-source ==== - Update arm kabi files to reflect changes in iProc driver. - commit 5c17dc1 - Update ppc kabi files to reflect kabi fixes. - commit d584de6 - Remove patces for bug 1087405 due to regression - Refresh patches.arch/powerpc-numa-Invalidate-numa_cpu_lookup_table-on-cpu.patch. - Delete patches.arch/cpu-hotplug-Convert-hotplug-locking-to-percpu-rwsem.patch. - Delete patches.arch/cpu-hotplug-Provide-cpus_read-write_-un-lock.patch. - Delete patches.arch/cpu-hotplug-Provide-lockdep_assert_cpus_held.patch. - Delete patches.arch/powerpc-Don-t-call-lockdep_assert_cpus_held-from-arc.patch. - Delete patches.arch/powerpc-Only-obtain-cpu_hotplug_lock-if-called-by-rt.patch. - Delete patches.arch/stop_machine-Provide-stop_machine_cpuslocked.patch. - Delete patches.arch/workqueue-Work-around-edge-cases-for-calc-of-pool-s-.patch. - Delete patches.suse/KABI-cpu-hotplug-provide-the-old-get-put_online_cpus.patch. - commit f91a2ea - Update ppc kabi files. A change in mm_context_t - commit 4e5f64a - mm, sparse: do not swamp log with huge vmemmap allocation (bnc#1082184, bnc#1087928). - commit 080516f - powerpc/mm: Fixup tlbie vs store ordering issue on POWER9 (bsc#1087908). - powerpc/mm/radix: Move the functions that does the actual tlbie closer (bsc#1087908). - Refresh patches.arch/powerpc-Add-CPU-feature-bits-for-TM-bug-workarounds-.patch. - Refresh patches.arch/powerpc-Free-up-CPU-feature-bits-on-64-bit-machines.patch. - commit 9f17cf2 - powerpc/mm: Workaround Nest MMU bug with TLB invalidations (bsc#1087908). - commit 2dc45cc - powerpc/64s/radix: Optimize TLB range flush barriers (bsc#1087908). - commit ab0534b - Fix kABI for musb flush_irq_work field addition (bsc#1085536). - commit bd7d8c7 - kABI: protect struct mlx5_core_srq (bsc#1046305 FATE#322943). - Delete patches.suse/kabi-IB-mlx5-Fix-integer-overflows-in-mlx5_ib_create_srq.patch. Move kABI workaround to patches.kabi/ - commit 8b4c573 - kABI: protect struct mlx5_core_srq (bsc#1046305 FATE#322943). - commit 722e1e3 - kabi/severities: Ignore livepatching kABI changes Namely klp_*_patch symbols (enable, disable, (un)register). - commit 1162b94 - powerpc/lib/xor_vmx: Ensure no altivec code executes before enable_kernel_altivec() (bsc#1065729). - commit a384ead - powerpc: Fix check for copy/paste instructions in alignment handler (bsc#1055117). - commit d9df9cc - livepatch: Add an extra flag to distinguish registered patches (bsc#1071995 fate#323487). - livepatch: Remove Nop structures when unused (bsc#1071995 fate#323487). - livepatch: Remove replaced patches from the stack (bsc#1071995 fate#323487). - Refresh patches.suse/livepatch-add-atomic-replace.patch. - Refresh patches.suse/livepatch-allow-to-replace-even-disabled-patches.patch. - Refresh patches.suse/livepatch-atomic-replace-and-cumulative-patches-documentation.patch. - Refresh patches.suse/livepatch-free-only-structures-with-initialized-kobject.patch. - Refresh patches.suse/livepatch-use-lists-to-manage-patches-objects-and-functions.patch. - Delete patches.suse/livepatch-allow-to-unpatch-only-functions-of-the-given-type.patch. - Delete patches.suse/livepatch-correctly-handle-atomic-replace-for-not-yet-loaded-modules.patch. - Delete patches.suse/livepatch-improve-dynamic-struct-klp_object-detection-and-manipulation.patch. - Delete patches.suse/livepatch-initial-support-for-dynamic-structures.patch. - Delete patches.suse/livepatch-support-separate-list-for-replaced-patches.patch. Atomic replace, update to v11. - commit 25ee7a3 - Delete kabi/arm64/symtypes-default. - Delete kabi/arm64/symvers-default. - Delete kabi/ppc64le/symtypes-default. - Delete kabi/ppc64le/symvers-default. - Delete kabi/s390x/symtypes-default. - Delete kabi/s390x/symvers-default. - Delete kabi/x86_64/symtypes-default. - Delete kabi/x86_64/symvers-default. Disable imported kABI for now for openSUSE-15.0 branch. - commit 460eb3a - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - Refresh patches.drivers/scsi-csiostor-add-support-for-32-bit-port-capabiliti.patch. - Refresh patches.drivers/scsi-lpfc-Add-64G-link-speed-support.patch. - Refresh patches.drivers/scsi-lpfc-Add-PCI-Ids-for-if_type-6-hardware.patch. - Refresh patches.drivers/scsi-lpfc-Add-SLI-4-if_type-6-support-to-the-code-ba.patch. - Refresh patches.drivers/scsi-lpfc-Add-WQ-Full-Logic-for-NVME-Target.patch. - Refresh patches.drivers/scsi-lpfc-Add-embedded-data-pointers-for-enhanced-pe.patch. - Refresh patches.drivers/scsi-lpfc-Add-if_type-6-support-for-cycling-valid-bi.patch. - Refresh patches.drivers/scsi-lpfc-Add-push-to-adapter-support-to-sli4.patch. - Refresh patches.drivers/scsi-lpfc-Allow-set-of-maximum-outstanding-SCSI-cmd-.patch. - Refresh patches.drivers/scsi-lpfc-Change-Copyright-of-12.0.0.0-modified-file.patch. - Refresh patches.drivers/scsi-lpfc-Enable-fw-download-on-if_type-6-devices.patch. - Refresh patches.drivers/scsi-lpfc-Fix-IO-failure-during-hba-reset-testing-wi.patch. - Refresh patches.drivers/scsi-lpfc-Fix-PRLI-handling-when-topology-type-chang.patch. - Refresh patches.drivers/scsi-lpfc-Fix-RQ-empty-firmware-trap.patch. - Refresh patches.drivers/scsi-lpfc-Fix-SCSI-io-host-reset-causing-kernel-cras.patch. - Refresh patches.drivers/scsi-lpfc-Fix-frequency-of-Release-WQE-CQEs.patch. - Refresh patches.drivers/scsi-lpfc-Fix-header-inclusion-in-lpfc_nvmet.patch. - Refresh patches.drivers/scsi-lpfc-Fix-issue_lip-if-link-is-disabled.patch. - Refresh patches.drivers/scsi-lpfc-Fix-nonrecovery-of-NVME-controller-after-c.patch. - Refresh patches.drivers/scsi-lpfc-Fix-nvme-embedded-io-length-on-new-hardwar.patch. - Refresh patches.drivers/scsi-lpfc-Fix-soft-lockup-in-lpfc-worker-thread-duri.patch. - Refresh patches.drivers/scsi-lpfc-Increase-CQ-and-WQ-sizes-for-SCSI.patch. - Refresh patches.drivers/scsi-lpfc-Indicate-CONF-support-in-NVMe-PRLI.patch. - Refresh patches.drivers/scsi-lpfc-Rework-lpfc-to-allow-different-sli4-cq-and.patch. - Refresh patches.drivers/scsi-lpfc-Rework-sli4-doorbell-infrastructure.patch. - Refresh patches.drivers/scsi-lpfc-Treat-SCSI-Write-operation-Underruns-as-an.patch. - Refresh patches.drivers/scsi-lpfc-Update-11.4.0.7-modified-files-for-2018-Co.patch. - Refresh patches.drivers/scsi-lpfc-Validate-adapter-support-for-SRIU-option.patch. - Refresh patches.drivers/scsi-lpfc-Work-around-NVME-cmd-iu-SGL-type.patch. - Refresh patches.drivers/scsi-lpfc-change-copyright-of-12.0.0.1-modified-files-to.patch. - Refresh patches.drivers/scsi-lpfc-code-cleanup-for-128byte-wqe-data-type.patch. - Refresh patches.drivers/scsi-lpfc-correct-debug-counters-for-abort.patch. - Refresh patches.drivers/scsi-lpfc-fix-mailbox-wait-for-post_sgl-mbox-command.patch. - Refresh patches.drivers/scsi-lpfc-fix-scsi-lun-discovery-when-port-configured-for.patch. - Refresh patches.drivers/scsi-lpfc-make-several-unions-static-fix-non-ansi.patch. - Refresh patches.drivers/scsi-lpfc-memory-allocation-error-during-driver-start-up-on.patch. - Refresh patches.drivers/scsi-lpfc-move-placement-of-target-destroy-on-driver.patch. - Refresh patches.drivers/scsi-lpfc-streamline-nvme-initiator-wqe-setup.patch. - Refresh patches.drivers/scsi-lpfc-streamline-nvme-targe6t-wqe-setup.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-11.4.0.7.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-12.0.0.0.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-12.0.0.1.patch. Move patches to the sorted section. - commit fbb5005 - intel_th: Use correct method of finding hub (FATE#325099). - commit 0af4c94 - Preliminary patch sort & update - commit 1073359 - scsi: lpfc: Add missing unlock in WQ full logic (bsc#1077989). - scsi: lpfc: use __raw_writeX on DPP copies (bsc#1077989). - commit 62cee1d - s390/qeth: on channel error, reject further cmd requests (bnc#1088343, LTC#165985). - commit 5b6cf5f - Refresh patches.drivers/scsi-csiostor-add-support-for-32-bit-port-capabiliti.patch. - Refresh patches.drivers/scsi-lpfc-Add-64G-link-speed-support.patch. - Refresh patches.drivers/scsi-lpfc-Add-PCI-Ids-for-if_type-6-hardware.patch. - Refresh patches.drivers/scsi-lpfc-Add-SLI-4-if_type-6-support-to-the-code-ba.patch. - Refresh patches.drivers/scsi-lpfc-Add-WQ-Full-Logic-for-NVME-Target.patch. - Refresh patches.drivers/scsi-lpfc-Add-embedded-data-pointers-for-enhanced-pe.patch. - Refresh patches.drivers/scsi-lpfc-Add-if_type-6-support-for-cycling-valid-bi.patch. - Refresh patches.drivers/scsi-lpfc-Add-push-to-adapter-support-to-sli4.patch. - Refresh patches.drivers/scsi-lpfc-Allow-set-of-maximum-outstanding-SCSI-cmd-.patch. - Refresh patches.drivers/scsi-lpfc-Change-Copyright-of-12.0.0.0-modified-file.patch. - Refresh patches.drivers/scsi-lpfc-Enable-fw-download-on-if_type-6-devices.patch. - Refresh patches.drivers/scsi-lpfc-Fix-IO-failure-during-hba-reset-testing-wi.patch. - Refresh patches.drivers/scsi-lpfc-Fix-PRLI-handling-when-topology-type-chang.patch. - Refresh patches.drivers/scsi-lpfc-Fix-RQ-empty-firmware-trap.patch. - Refresh patches.drivers/scsi-lpfc-Fix-SCSI-io-host-reset-causing-kernel-cras.patch. - Refresh patches.drivers/scsi-lpfc-Fix-frequency-of-Release-WQE-CQEs.patch. - Refresh patches.drivers/scsi-lpfc-Fix-header-inclusion-in-lpfc_nvmet.patch. - Refresh patches.drivers/scsi-lpfc-Fix-issue_lip-if-link-is-disabled.patch. - Refresh patches.drivers/scsi-lpfc-Fix-nonrecovery-of-NVME-controller-after-c.patch. - Refresh patches.drivers/scsi-lpfc-Fix-nvme-embedded-io-length-on-new-hardwar.patch. - Refresh patches.drivers/scsi-lpfc-Fix-soft-lockup-in-lpfc-worker-thread-duri.patch. - Refresh patches.drivers/scsi-lpfc-Increase-CQ-and-WQ-sizes-for-SCSI.patch. - Refresh patches.drivers/scsi-lpfc-Indicate-CONF-support-in-NVMe-PRLI.patch. - Refresh patches.drivers/scsi-lpfc-Rework-lpfc-to-allow-different-sli4-cq-and.patch. - Refresh patches.drivers/scsi-lpfc-Rework-sli4-doorbell-infrastructure.patch. - Refresh patches.drivers/scsi-lpfc-Treat-SCSI-Write-operation-Underruns-as-an.patch. - Refresh patches.drivers/scsi-lpfc-Update-11.4.0.7-modified-files-for-2018-Co.patch. - Refresh patches.drivers/scsi-lpfc-Validate-adapter-support-for-SRIU-option.patch. - Refresh patches.drivers/scsi-lpfc-Work-around-NVME-cmd-iu-SGL-type.patch. - Refresh patches.drivers/scsi-lpfc-change-copyright-of-12.0.0.1-modified-files-to.patch. - Refresh patches.drivers/scsi-lpfc-code-cleanup-for-128byte-wqe-data-type.patch. - Refresh patches.drivers/scsi-lpfc-correct-debug-counters-for-abort.patch. - Refresh patches.drivers/scsi-lpfc-fix-mailbox-wait-for-post_sgl-mbox-command.patch. - Refresh patches.drivers/scsi-lpfc-fix-scsi-lun-discovery-when-port-configured-for.patch. - Refresh patches.drivers/scsi-lpfc-make-several-unions-static-fix-non-ansi.patch. - Refresh patches.drivers/scsi-lpfc-memory-allocation-error-during-driver-start-up-on.patch. - Refresh patches.drivers/scsi-lpfc-move-placement-of-target-destroy-on-driver.patch. - Refresh patches.drivers/scsi-lpfc-streamline-nvme-initiator-wqe-setup.patch. - Refresh patches.drivers/scsi-lpfc-streamline-nvme-targe6t-wqe-setup.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-11.4.0.7.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-12.0.0.0.patch. - Refresh patches.drivers/scsi-lpfc-update-driver-version-to-12.0.0.1.patch. - commit 78112c4 - hv_balloon: fix bugs in num_pages_onlined accounting (fate#323887). - hv_balloon: simplify hv_online_page()/hv_page_online_one() (fate#323887). - hv_balloon: fix printk loglevel (fate#323887). - commit 0be921f - PCI: hv: Only queue new work items in hv_pci_devices_present() if necessary (fate#323887, bsc#1087659). - PCI: hv: Remove the bogus test in hv_eject_device_work() (fate#323887, bsc#1087659). - PCI: hv: Fix a comment typo in _hv_pcifront_read_config() (fate#323887, bsc#1087659). - PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() (fate#323887, bsc#1087659, bsc#1087906). - PCI: hv: Serialize the present and eject work items (fate#323887, bsc#1087659). - commit ae18380 - add mainline tag to various patches to be able to get further work done - commit 6ad1ff6 - scripts/git_sort/git_sort.py: Handle unsupported cache db format The upcoming python3 port will introduce two changes to the database format used for the cache: the default database format of python's "shelve" module changed from bdb to gnu dbm and the default protocol version of the "pickle" module changed from 0 to 3. python2 only supports the gnu dbm format if the gdbm module is available. python2 does not handle pickle protocol version 3. In case a user runs the python3 version of git-sort and then runs the python2 version again, the cache file will be unreadable. Handle that situation explicitly by rebuilding the cache. If this commit is not available, the alternative workaround is to delete the cache file manually (typically under ~/.cache/git-sort). - commit 15bd1c2 - iscsi-target: Fix non-immediate TMR reference leak (bsc#1088381). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bsc#1088381). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bsc#1088381). - commit 34e6573 - Ran series_sort.py prior to adding my patches. - commit da61622 - kabi/severities: ignore PPC KVM - commit 7d22756 - powerpc/traps: Use SRR1 defines for program check reasons (bsc#1061840). - commit ea11890 - powerpc: Add PPC_FEATURE2_HTM_NO_SUSPEND (bsc#1055117). - commit 7ef8218 - powerpc/xive: prepare all hcalls to support long busy delays (bsc#1088273). - powerpc/xive: shutdown XIVE when kexec or kdump is performed (bsc#1088273). - powerpc/xive: fix hcall H_INT_RESET to support long busy delays (bsc#1088273). - powerpc/64/kexec: fix race in kexec when XIVE is shutdowned (bsc#1088273). - commit 61f67a6 - KVM: PPC: Book3S HV: Work around TEXASR bug in fake suspend state (bsc#1061840). - KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode (bsc#1061840). - KVM: PPC: Book3S HV: Work around transactional memory bugs in POWER9 (bsc#1061840). - powerpc/powernv: Provide a way to force a core into SMT4 mode (bsc#1061840). - powerpc: Add CPU feature bits for TM bug workarounds on POWER9 v2.2 (bsc#1061840). - powerpc: Free up CPU feature bits on 64-bit machines (bsc#1061840). - powerpc: Book E: Remove unused CPU_FTR_L2CSR bit (bsc#1061840). - powerpc: Use feature bit for RTC presence rather than timebase presence (bsc#1061840). - powerpc/pseries: Fix clearing of security feature flags (bsc#1068032). - commit acbd042 - powerpc/powernv: Enable TM without suspend if possible (bsc#1055117). - Refresh patches.arch/powerpc-powernv-Check-device-tree-for-RFI-flush-sett.patch. - Refresh patches.arch/powerpc-powernv-Set-or-clear-security-feature-flags.patch. - commit 53035ed - powerpc/tm: Add commandline option to disable hardware transactional memory (bsc#1055117). - commit d4945ad - powerpc/64s: msgclr when handling doorbell exceptions from system reset (bsc#1065729). - commit 920b4d2 - powerpc/64s: Avoid cpabort in context switch when possible (bsc#1055117). - Refresh patches.arch/powerpc-64s-Replace-CONFIG_PPC_STD_MMU_64-with-CONFI.patch. - Refresh patches.arch/powerpc-store-and-restore-the-pkey-state-across-cont.patch. - commit 4153120 - fw_cfg: write vmcoreinfo details (bsc#1077919). - crash: export paddr_vmcoreinfo_note() (bsc#1077919). - fw_cfg: add DMA register (bsc#1077919). - fw_cfg: add a public uapi header (bsc#1077919). - fw_cfg: handle fw_cfg_read_blob() error (bsc#1077919). - fw_cfg: remove inline from fw_cfg_read_blob() (bsc#1077919). - fw_cfg: fix sparse warnings around FW_CFG_FILE_DIR read (bsc#1077919). - fw_cfg: fix sparse warning reading FW_CFG_ID (bsc#1077919). - fw_cfg: fix sparse warnings with fw_cfg_file (bsc#1077919). - fw_cfg: fix sparse warnings in fw_cfg_sel_endianness() (bsc#1077919). - commit d4b3f19 - powerpc/64: Drop explicit hwsync in context switch (bsc#1065729). - Refresh patches.arch/powerpc-64s-Add-support-for-ori-barrier_nospec-patch.patch. - Refresh patches.arch/powerpc-Add-barrier_nospec.patch. - commit e5a5881 - powerpc/64: Drop reservation-clearing ldarx in context switch (bsc#1065729). - commit 6038e82 - fw_cfg: fix driver remove (bsc#1077919). - fw_cfg: fix the command line module name (bsc#1077919). - commit e296044 - powerpc/powernv: Fix SMT4 forcing idle code (bsc#1061840). - powerpc/lpar/debug: Initialize flags before printing debug message (bsc#1065729). - powerpc: Move default security feature flags (bsc#1068032). - commit a13eef9 - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit 6ad4507 - x86/platform/UV: Fix critical UV MMR address error (bsc#1087542). - x86/platform/UV: Fix GAM Range Table entries less than 1GB (bsc#1087542). - commit 1ed61f7 - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit 8376280 - ipc/shm: Fix pid freeing (bsc#1088323). - ipc/sem: Fix semctl(..., GETPID, ...) between pid namespaces (bsc#1088323). - ipc/msg: Fix msgctl(..., IPC_STAT, ...) between pid namespaces (bsc#1088323). - ipc/shm: Fix shmctl(..., IPC_STAT, ...) between pid namespaces (bsc#1088323). - ipc/util: Helpers for making the sysvipc operations pid namespace aware (bsc#1088323). - commit 834881a - powerpc/64: Call H_REGISTER_PROC_TBL when running as a HPT guest on POWER9 (bsc#1055117). - commit d22d56e - cxl: Fix possible deadlock when processing page faults from cxllib (bsc#1055014). - cxl: Fix timebase synchronization status on P9 (bsc#1055014). - commit 97da1b3 - run series_sort.py - commit dcd8dad - powerpc/64s: Wire up cpu_show_spectre_v2() (bsc#1068032). - powerpc/64s: Wire up cpu_show_spectre_v1() (bsc#1068032). - powerpc/64s: Enhance the information in cpu_show_meltdown() (bsc#1068032). - commit 63a2f99 - powerpc/64s: Move cpu_show_meltdown() (bsc#1068032). Refresh patches.arch/powerpc-64-barrier_nospec-Add-debugfs-trigger.patch. - commit e6621ab - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() (bsc#1068032). - powerpc/powernv: Set or clear security feature flags (bsc#1068032). - commit 88dba39 - powerpc/pseries: Set or clear security feature flags (bsc#1068032). - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() (bsc#1068032). - Refresh patches.arch/powerpc-64s-barrier_nospec-Add-hcall-trigger.patch. - commit a943584 - FS-Cache: fix dereference of NULL user_key_payload (bsc#1052766). - commit 55e6fcf - nilfs2: fix race condition that causes file system corruption (bsc#1052766). - commit a722fb7 - ocfs2: fix cluster hang after a node dies (bsc#1052766). - commit 4120511 - powerpc: Add security feature flags for Spectre/Meltdown (bsc#1068032). - commit 5f230fd - quota: propagate error from __dquot_initialize (bsc#1052766). - commit cb9d963 - fsnotify: fix pinning group in fsnotify_prepare_user_wait() (bsc#1052766). - commit c437982 - fscrypt: lock mutex before checking for bounce page pool (bsc#1052766). - commit 209ee5e - fscrypt: fix dereference of NULL user_key_payload (bsc#1052766). - commit f373382 - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags (bsc#1068032). - commit b7a53a4 - isofs: fix timestamps beyond 2027 (bsc#1052766). - commit a587b63 - Refresh rfi patches patches.arch/powerpc-rfi-flush-Always-enable-fallback-flush-on-ps.patch patches.arch/powerpc-rfi-flush-Call-setup_rfi_flush-after-LPM-mig.patch patches.arch/powerpc-rfi-flush-Differentiate-enabled-and-patched-.patch - commit d7870ce - NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 (bsc#1085539). - commit 1d9d091 - jbd2: fix sphinx kernel-doc build warnings (bsc#1052766). - commit fc5bd65 - ext4: correct documentation for grpid mount option (bsc#1052766). - commit 93f8b5b - ext4: save error to disk in __ext4_grp_locked_error() (bsc#1052766). - commit 3dda242 - net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support (bsc#1085539). - commit c074125 - ext4: fix a race in the ext4 shutdown path (bsc#1052766). - commit 51e6374 - ext4: fix crash when a directory's i_size is too small (bsc#1052766). - commit 7d7ac9f - ext4: fix fdatasync(2) after fallocate(2) operation (bsc#1052766). - commit 887455a - powerpc/64s: Relax PACA address limitations (bsc#1065729). Refresh patches.arch/powerpc-rfi-flush-Make-it-possible-to-call-setup_rfi.patch - commit 16255f0 - net: qmi_wwan: add Sierra EM7565 1199:9091 (bsc#1085539). - commit d8901e2 - powerpc/64s/radix: Remove bolted-SLB address limit for per-cpu stacks (bsc#1055186, fate#323286). - commit 79fc554 - net: qmi_wwan: add Quectel BG96 2c7c:0296 (bsc#1085539). - commit 78209a8 - ext4: fix interaction between i_size, fallocate, and delalloc after a crash (bsc#1052766). - commit cbe1a44 - ext4: fix quota inconsistency during orphan cleanup for read-only mounts (bsc#1052766). - commit f8cbe3f - ext4: fix incorrect quotaoff if the quota feature is enabled (bsc#1052766). - commit 5e83762 - run series_sort.py - commit b8d67c7 - Refresh patches.arch/powerpc-rfi-flush-Move-the-logic-to-avoid-a-redo-int.patch - commit 0f4792f - lkdtm: fix handle_irq_event symbol for INT_HW_IRQ_EN (bsc#1052766). - cpu/hotplug: Remove unused check_for_tasks() function (bsc#1087405). - commit aff55d7 - scsi: aacraid: remove redundant setting of variable c (bsc#1077989). - commit 46a3cd8 - eeprom: at24: fix reading from 24MAC402/24MAC602 (bsc#1052766). - commit e377943 - scripts/git_sort/git_sort.py: helgas/pci.git bsc#1087659 - commit 718b019 - add mainline tag to one crypto patch to be able to get further work done - commit ce6483f - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bsc#1077989). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bsc#1077989). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bsc#1077989). - libata: Enable queued TRIM for Samsung SSD 860 (bsc#1077989). - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bsc#1077989). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bsc#1077989). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bsc#1077989). - libata: don't try to pass through NCQ commands to non-NCQ devices (bsc#1077989). - libata: remove WARN() for DMA or PIO command without data (bsc#1077989). - libata: fix length validation of ATAPI-relayed SCSI commands (bsc#1077989). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bsc#1077989). - commit c6aedf4 - libnvdimm: passthru functions clear to send (FATE#324636). - Refresh patches.drivers/libnvdimm-fix-integer-overflow-static-analysis-warni.patch. - commit 9f63ca3 - scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info (bsc#1077989). - scsi: core: scsi_get_device_flags_keyed(): Always return device flags (bsc#1077989). - scsi: core: Fix a scsi_show_rq() NULL pointer dereference (bsc#1077989). - scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg (bsc#1077989). - commit 56f0ee6 - scsi: aacraid: Fix udev inquiry race condition (bsc#1077989). - Refresh patches.drivers/scsi-aacraid-Fix-hang-in-kdump.patch. - commit 2a83436 - scsi: mpt3sas: wait for and flush running commands on shutdown/unload (bsc#1081917). - scsi: mpt3sas: fix oops in error handlers after shutdown/unload (bsc#1081917). - commit a349d88 - scsi: mpt3sas: Do not use 32-bit atomic request descriptor for Ventura controllers (bsc#1081917). - scsi: mpt3sas: make function _get_st_from_smid static (bsc#1081917). - scsi: mpt3sas: lockless command submission (bsc#1081917). - scsi: mpt3sas: simplify _wait_for_commands_to_complete() (bsc#1081917). - scsi: mpt3sas: simplify mpt3sas_scsi_issue_tm() (bsc#1081917). - scsi: mpt3sas: simplify task management functions (bsc#1081917). - scsi: mpt3sas: always use first reserved smid for ioctl passthrough (bsc#1081917). - scsi: mpt3sas: check command status before attempting abort (bsc#1081917). - scsi: mpt3sas: Introduce mpt3sas_get_st_from_smid() (bsc#1081917). - scsi: mpt3sas: open-code _scsih_scsi_lookup_get() (bsc#1081917). - scsi: mpt3sas: separate out _base_recovery_check() (bsc#1081917). - scsi: mpt3sas: use list_splice_init() (bsc#1081917). - scsi: mpt3sas: set default value for cb_idx (bsc#1081917). - scsi: mpt3sas: Remove unused variable requeue_event (bsc#1081917). - scsi: mpt3sas: Replace PCI pool old API (bsc#1081917). - commit cb50073 - libnvdimm, {btt, blk}: do integrity setup before add_disk() (FATE#323731). - libnvdimm, btt: Fix an incompatibility in the log layout (FATE#323731). - libnvdimm, namespace: fix label initialization to use valid seq numbers (FATE#323731). - libnvdimm, dimm: clear 'locked' status on successful DIMM enable (FATE#323731). - commit d622fe7 - ceph: only dirty ITER_IOVEC pages for direct read (bsc#1084898). - commit 39d3e00 - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit 0eac7e1 - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit 31ba015 - dm: bump DM_VERSION_MINOR in response to target method error code changes (fate#322738,fate#322919,fate#322950,fate#323773). - dm ioctl: fix alignment of event number in the device list (fate#322738,fate#322919,fate#322950,fate#323773). - bcache: don't attach backing with duplicate UUID (bsc#1076110). - bcache: fix crashes in duplicate cache device register (bsc#1076110). - Refresh with patch-mainline info from upstream patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit d9ed9f7 - Refresh patches.drivers/crypto-ccp-add-check-to-get-psp-master-only-when-psp-is-detected.patch. - commit 3c722f3 - hv_netvsc: enable multicast if necessary (fate#323887). - commit 8ac01bc - i40evf: fix mac filter removal timing issue (bsc#1085952). - commit 77d77ad - Check all profiles attached to the label (bsc#1085996). - commit bdb6960 - EDAC, sb_edac: Fix missing DIMM sysfs entries with KNL SNC2/SNC4 mode (bsc#1087398). - commit 379aede - clk: bcm2835: Protect sections updating shared registers (bsc#1085535). - clk: bcm2835: Fix ana->maskX definitions (bsc#1085535). - clk: migrate the count of orphaned clocks at init (bsc#1085535). - i2c: bcm2835: Set up the rising/falling edge delays (bsc#1085535). - clk: Don't touch hardware when reparenting during registration (bsc#1085535). - clk: fix a panic error caused by accessing NULL pointer (bsc#1085535). - clk: imx: imx7d: Fix parent clock for OCRAM_CLK (bsc#1085535). - clocksource/drivers/arm_arch_timer: Validate CNTFRQ after enabling frame (bsc#1085535). - clocksource/drivers/arm_arch_timer: Fix mem frame loop initialization (bsc#1085535). - commit 99eb15b - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bsc#1086359). - commit e6b5922 - arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery (bsc#1088051). - arm64: mm: fix thinko in non-global page table attribute check (bsc#1088049). - arm64: Remove unimplemented syscall log message (bsc#1085535). - arm64: cpufeature: Fix CTR_EL0 field definitions (bsc#1085535). - arm64: proc: Set PTE_NG for table entries to avoid traversing them twice (bsc#1085535). - arm64: fix CONFIG_DEBUG_WX address reporting (bsc#1085535). - arm64: mm: Fix false positives in set_pte_at access/dirty race detection (bsc#1085535). - arm64: Initialise high_memory global variable earlier (bsc#1085535). - arm64: fpsimd: Prevent registers leaking from dead tasks (bsc#1085535). - arm64: prevent regressions in compressed kernel image size when upgrading to binutils 2.27 (bsc#1085535). - arm64: Implement arch-specific pte_access_permitted() (bsc#1085535). - arm64: ensure __dump_instr() checks addr_limit (bsc#1085535). - arm64: fault: Route pte translation faults via do_translation_fault (bsc#1085535). - arm64: mm: Use READ_ONCE when dereferencing pointer to pte table (bsc#1085535). - arm64: Make sure SPsel is always set (bsc#1085535). - commit 9ca6ca7 - mmc: block: fix updating ext_csd caches on ioctl call (bsc#1051510). - commit 750d5f5 - blacklist.conf: update mmc entry - commit 2ee5678 - usb: usbmon: Read text within supplied buffer size (bsc#1087092). - commit 86b2669 - USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h (bsc#1087092). - commit 1ed8de7 - Revert "usb: musb: host: don't start next rx urb if current one failed" (bsc#1087092). - commit b079d8b - usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() (bsc#1087092). - commit 5b90439 - xhci: Fix front USB ports on ASUS PRIME B350M-A (bsc#1087092). - commit f61cb1b - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bsc#1051510). - Refresh patches.suse/kernel-add-release-status-to-kernel-build.patch. - Refresh patches.suse/sched-throttle-nohz.patch. - commit a31081c - blacklist.conf: Add mac80211 entry - commit 8a71e13 - media: s3c-camif: fix out-of-bounds array access (bsc#1051510). - media: vivid: fix incorrect capabilities for radio (bsc#1051510). - media: cx25821: prevent out-of-bounds read on array card (bsc#1051510). - media: au0828: fix VIDEO_V4L2 dependency (bsc#1051510). - ath10k: fix recent bandwidth conversion bug (bsc#1051510). - ath10k: advertize beacon_int_min_gcd (bsc#1051510). - iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq (bsc#1051510). - ath9k: Protect queue draining by rcu_read_lock() (bsc#1051510). - mac80211: don't WARN on bad WMM parameters from buggy APs (bsc#1051510). - mt7601u: let mac80211 validate rx CCMP PN (bsc#1051510). - regmap: Format data for raw write in regmap_bulk_write (bsc#1051510). - regmap: Don't use format_val in regmap_bulk_read (bsc#1051510). - regmap: Correct offset handling in regmap_volatile_range (bsc#1051510). - regmap-i2c: Off by one in regmap_i2c_smbus_i2c_read/write() (bsc#1051510). - regmap: Fix reversed bounds check in regmap_raw_write() (bsc#1051510). - regmap: Correct comparison in regmap_cached (bsc#1051510). - commit f0366d2 - add a cherry-picked id to earlycon fix patch - commit c41f9b4 - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (stable fixes). - x86/efi: Fix kernel param add_efi_memmap regression (stable fixes). - x86: Make X86_BUG_FXSAVE_LEAK detectable in CPUID on AMD (stable fixes). - x86/microcode/intel: Disable late loading on model 79 (stable fixes). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (stable fixes). - x86/microcode/intel: Extend BDW late-loading with a revision check (stable fixes). - x86/mm, mm/hwpoison: Clear PRESENT bit for kernel 1:1 mappings of poison pages (stable fixes). - x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages (stable fixes). - blacklist.conf: - Refresh patches.arch/x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch. - Refresh patches.arch/x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch. - commit 6fad1e8 - HID: multitouch: Support PTP Stick and Touchpad device (bsc#1085535). - commit 121a18f - blacklist.conf: arm64: ignore compiler warning fix - commit f435aeb - HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working (bsc#1087092). - commit c28bdad - HID: multitouch: Only look at non touch fields in first packet of a frame (bsc#1087092). - commit d86f5f8 - PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle (bsc#1087092). - commit c4ccc7e - Refresh patches.suse/0001-lan78xx-Connect-phy-early.patch. - commit 1f9e0fb - arm64: assembler: Change order of macro arguments in phys_to_ttbr (bsc#1087414). - commit 50ba314 - net/mlx4_core: Fix memory leak while delete slave's resources (bsc#1046300 FATE#322946). - net/mlx4_en: Fix mixed PFC and Global pause user control requests (bsc#1046299 FATE#322947). - net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path (bsc#1046303 FATE#322944). - net/mlx5e: Fix memory usage issues in offloading TC flows (bsc#1046303 FATE#322944). - net/mlx5e: Fix traffic being dropped on VF representor (bsc#1046303 FATE#322944). - net/mlx5e: Don't override vport admin link state in switchdev mode (bsc#1046303 FATE#322944). - RDMA/ucma: Check that device exists prior to accessing it (bsc#1046306 FATE#322942). - RDMA/ucma: Check that device is connected prior to access it (bsc#1046306 FATE#322942). - RDMA/qedr: Fix QP state initialization race (bsc#1050545 FATE#322893). - RDMA/qedr: Fix rc initialization on CNQ allocation failure (bsc#1050545 FATE#322893). - RDMA/qedr: fix QP's ack timeout configuration (bsc#1050545 FATE#322893). - bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa() (bsc#1050242 FATE#322914). - RDMA/ucma: Ensure that CM_ID exists prior to access it (bsc#1046306 FATE#322942). - RDMA/ucma: Fix use-after-free access in ucma_close (bsc#1046306 FATE#322942). - RDMA/ucma: Fix access to non-initialized CM_ID object (bsc#1046306 FATE#322942). - commit bacc3ae - net/mlx5e: Sync netdev vxlan ports at open (bsc#1046303 FATE#322944). - RDMA/core: Do not use invalid destination in determining port reuse (bsc#1046306 FATE#322942). - IB/mlx5: Fix integer overflows in mlx5_ib_create_srq (bsc#1046305 FATE#322943). - IB/mlx5: Fix incorrect size of klms in the memory region (bsc#1046305 FATE#322943). - commit 78a69dd - net/mlx5: Make eswitch support to depend on switchdev (bsc#1046305 FATE#322943). - RDMA/rdma_cm: Fix use after free race with process_one_req (bsc#1046306 FATE#322942). - RDMA/ucma: Correct option size check using optlen (bsc#1046306 FATE#322942). - RDMA/ucma: Check AF family prior resolving address (bsc#1046306 FATE#322942). - RDMA/ucma: Don't allow join attempts for unsupported AF family (bsc#1046306 FATE#322942). - IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq (bsc#1046305 FATE#322943). - commit 9a507f9 - Move a few upstreamed i915 patches into sorted section - commit 31b54c4 - Re-sorted sorted section. - Refresh patches.arch/powerpc-64s-Fix-NULL-AT_BASE_PLATFORM-when-using-DT-.patch. - Refresh patches.arch/powerpc-64s-Fix-lost-pending-interrupt-due-to-race-c.patch. - Refresh patches.arch/powerpc-mm-Add-tracking-of-the-number-of-coprocessor.patch. - Refresh patches.arch/powerpc-mm-radix-Remove-unused-code.patch. - Refresh patches.drivers/drm-i915-Fix-DPLCLKA_CFGCR0-bits-for-Port-F. - Refresh patches.drivers/drm-i915-For-HPD-connected-port-use-hpd_pin-instead-. - Refresh patches.drivers/drm-i915-cnl-Add-AUX-F-support. - Refresh patches.drivers/drm-i915-cnl-Add-Cannonlake-PCI-IDs-for-another-SKU. - Refresh patches.drivers/drm-i915-cnl-Add-HPD-support-for-Port-F. - Refresh patches.drivers/drm-i915-cnl-Add-Port-F-definition. - Refresh patches.drivers/drm-i915-cnl-Add-right-GMBUS-pin-number-for-HDMI-on-. - Refresh patches.drivers/drm-i915-cnl-Enable-DDI-F-on-Cannonlake. - Refresh patches.drivers/drm-i915-cnl-Extend-Wa-1178-to-Aux-F. - Refresh patches.drivers/drm-i915-cnl-Fix-DP-max-rate-for-Cannonlake-with-por. - Refresh patches.drivers/drm-i915-cnl-Fix-_CNL_PORT_TX_DW2_LN0_F-definition. - Refresh patches.drivers/drm-i915-cnl-Fix-aux-selection-for-WA-1178. - Refresh patches.drivers/drm-i915-cnl-WaPipeControlBefore3DStateSamplePattern. - Refresh patches.drivers/drm-i915-cnl-apply-Display-WA-1178-to-fix-type-C-don. - Refresh patches.drivers/drm-i915-dmc-DMC-1.07-for-Cannonlake. - Refresh patches.drivers/drm-i915-dp-abstract-rate-array-length-limiting. - Refresh patches.drivers/drm-i915-dp-clean-up-source-rate-limiting-for-cnl. - Refresh patches.drivers/drm-i915-dp-limit-DP-link-rate-based-on-VBT-on-CNL. - commit 7eebb19 - powerpc/kexec_file: Fix error code when trying to load kdump kernel (bsc#1065729). - powerpc: Fix invalid use of register expressions (bsc#1065729). - commit 7f76cbc - drm/i915: Fix hibernation with ACPI S0 target state (bsc#1051510). - drm/i915/execlists: Use a locked clear_bit() for synchronisation with interrupt (bsc#1051510). - drm/i915: Wrap engine->schedule in RCU locks for set-wedge protection (bsc#1051510). - drm/i915/psr: Check for the specific AUX_FRAME_SYNC cap bit (bsc#1051510). - drm/i915: Correctly handle limited range YCbCr data on VLV/CHV (bsc#1051510). - ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() (bsc#1051510). - ASoC: mt8173-rt5650: fix child-node lookup (bsc#1051510). - commit 2b920b8 - Preliminary patch sort and update - commit 7e40132 - blacklist.conf: Update drm and ath9k blacklist - commit cd79980 - arm64: mm: ignore memory above supported physical address size (bsc#1087414). - commit 492164f - arm64: fix comment above tcr_compute_pa_size (bsc#1087414). - commit 084a935 - KVM: arm/arm64: fix HYP ID map extension to 52 bits (bsc#1087414). - commit 816eb92 - arm64: fix ID map extension to 52 bits (bsc#1087414). - commit 08c26ef - objtool: Fix 32-bit build (bnc#1058115 git-fixes). - commit 17df039 - acpi, numa: fix pxm to online numa node associations (bsc#1087144). - commit cc55a09 - Refresh patches.arch/powerpc-64s-Fix-NULL-AT_BASE_PLATFORM-when-using-DT-.patch. - Refresh patches.arch/powerpc-64s-Fix-lost-pending-interrupt-due-to-race-c.patch. - Refresh patches.arch/powerpc-mm-Add-tracking-of-the-number-of-coprocessor.patch. - Refresh patches.arch/powerpc-mm-radix-Remove-unused-code.patch. - commit 8e8e208 - ppc64le: reliable stacktrace: fix .text check (bsc#1087458). - commit 1aa954a - ppc64le: reliable stacktrace: fix stacktrace for idle tasks (bsc#1087458). - commit 5938588 - x86/entry/64: Don't use IST entry for #BP stack (bsc#1087088). - commit 10d3c90 - posix-timers: Protect posix clock array access against speculation (bnc#1081358 CVE-2017-5715). - commit 5a1acc8 - KABI: cpu/hotplug: provide the old get|put_online_cpus() (bsc#1087405). - commit f687c6d - Import kabi files from RC2 - commit 3f5879f - run series_sort.py - commit d353f7c - powerpc: Don't call lockdep_assert_cpus_held() from arch_update_cpu_topology() (bsc#1087405). - workqueue: Work around edge cases for calc of pool's cpumask (bsc#1087405). - powerpc: Only obtain cpu_hotplug_lock if called by rtasd (bsc#1087405). Refresh patches.arch/powerpc-numa-Invalidate-numa_cpu_lookup_table-on-cpu.patch. - cpu/hotplug: Convert hotplug locking to percpu rwsem (bsc#1087405). - stop_machine: Provide stop_machine_cpuslocked() (bsc#1087405). - cpu/hotplug: Provide lockdep_assert_cpus_held() (bsc#1087405). - cpu/hotplug: Provide cpus_read|write_[un]lock() (bsc#1087405). - commit 47384e4 - ipc/shm.c: add split function to shm_vm_ops (bsc#1052766). - commit 4d132c0 - dax: fix vma_is_fsdax() helper (bsc#1052766). - commit b56bd6f - Run series_sort.py: patches.arch/powerpc-64s-Fix-NULL-AT_BASE_PLATFORM-when-using-DT-.patch. patches.arch/powerpc-64s-Fix-lost-pending-interrupt-due-to-race-c.patch. patches.arch/powerpc-mm-Add-tracking-of-the-number-of-coprocessor.patch. patches.arch/powerpc-mm-radix-Remove-unused-code.patch. - commit d6d2551 - blacklist.conf: config only - commit 80e80db - HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection (bsc#1085539). - commit 45e56be - HID: hid-elecom: extend to fix descriptor for HUGE trackball (bsc#1085536). - commit 31aa2e9 - Update config files. - commit f6b4573 - HID: usbhid: fix out-of-bounds bug (bsc#1085536). - commit 8c5a469 - arm64: Fix TTBR + PAN + 52-bit PA logic in cpu_do_switch_mm (bsc#1087414). - commit 78c2b65 - HID: wacom: Always increment hdev refcount within wacom_get_hdev_data (bsc#1085536). - commit 928bfef - arm64: enable 52-bit physical address support (bsc#1087414). - commit 19c75f1 - HID: wacom: generic: Clear ABS_MISC when tool leaves proximity (bsc#1085536). - commit 52ce6f1 - HID: wacom: generic: Send MSC_SERIAL and ABS_MISC when leaving prox (bsc#1085536). - commit 7d14c4c - HID: i2c-hid: allocate hid buffers for real worst case (bsc#1085536). - commit 8469205 - HID: wacom: Correct coordinate system of touchring and pen twist (bsc#1085536). - HID: wacom: Properly report negative values from Intuos Pro 2 Bluetooth (bsc#1085536). - commit 3415c32 - HID: wacom: leds: Don't try to control the EKR's read-only LEDs (bsc#1085536). - commit 9dd7e47 - HID: wacom: bits shifted too much for 9th and 10th buttons (bsc#1085536). - commit 981162e - isdn/i4l: fetch the ppp_write buffer in one shot (bsc#1085536). - commit b48a9e9 - arm64: allow ID map to be extended to 52 bits (bsc#1087414). - commit 6c68c5d - arm64: handle 52-bit physical addresses in page table entries (bsc#1087414). - commit b24364b - ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() (bsc#1087092). - commit 9648543 - arm64: don't open code page table entry creation (bsc#1087414). - commit d140261 - arm64: head.S: handle 52-bit PAs in PTEs in early page table setup (bsc#1087414). - Delete out-of-tree patch patches.suse/arm64-add-PTE_ADDR_MASK.patch - commit a185a0c - arm64: handle 52-bit addresses in TTBR (bsc#1087414). - Refresh patches.suse/0010-arm64-Move-post_ttbr_update_workaround-to-C-code.patch. - Refresh patches.suse/0012-arm64-KVM-Use-per-CPU-vector-when-BP-hardening-is-en.patch - Refresh patches.suse/arm64-Add-software-workaround-for-Falkor-erratum-104.patch - Refresh patches.suse/v2-4-9-arm64-kpti-Add---enable-callback-to-remap-swapper-using-nG-mappings.patch. - commit 2db3dd8 - mfd: lpc_ich: Avoton/Rangeley uses SPI_BYT method (bsc#1051510). - commit 4767d8c - ima/policy: fix parsing of fsuuid (bsc#1051510). - ima: relax requiring a file signature for new files with zero length (bsc#1051510). - commit 2cdd97f - arm64: limit PA size to supported range (bsc#1087414). - commit 70ee670 - arm64: add kconfig symbol to configure physical address size (bsc#1087414). - commit d185b34 - earlycon: add reg-offset to physical address before mapping (bsc#1051510). - commit 4cbd533 - brcmfmac: fix P2P_DEVICE ethernet address generation (bsc#1051510). - commit f59d048 - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table (bsc#1051510). - commit f568264 - Preliminary series sort / update - commit 50c4a36 - usb: Don't print a warning if interface driver rebind is deferred at resume (bsc#1087211). - commit a2c4fdd - USB: usbip: remove useless call in usbip_recv (bsc#1087092). - commit 01880ff - Input: matrix_keypad - fix race when disabling interrupts (bsc#1051510). - commit e958019 - Drivers: hv: vmbus: Fix ring buffer signaling (fate#323887). - hv_netvsc: common detach logic (fate#323887). - hv_netvsc: change GPAD teardown order on older versions (fate#323887). - hv_netvsc: use RCU to fix concurrent rx and queue changes (fate#323887). - hv_netvsc: disable NAPI before channel close (fate#323887). - hv_netvsc: fix locking during VF setup (fate#323887). - hv_netvsc: fix locking for rx_mode (fate#323887). - hv_netvsc: avoid repeated updates of packet filter (fate#323887). - hv_netvsc: fix filter flags (fate#323887). - scsi: storvsc: Spread interrupts when picking a channel for I/O requests (fate#323887). - hv_netvsc: propagate rx filters to VF (fate#323887). - hv_netvsc: filter multicast/broadcast (fate#323887). - hv_netvsc: defer queue selection to VF (fate#323887). - hv_netvsc: use napi_schedule_irqoff (fate#323887). - hv_netvsc: fix race in napi poll when rescheduling (fate#323887). - hv_netvsc: cancel subchannel setup before halting device (fate#323887). - hv_netvsc: fix error unwind handling if vmbus_open fails (fate#323887). - hv_netvsc: only wake transmit queue if link is up (fate#323887). - hv_netvsc: avoid retry on send during shutdown (fate#323887). - scsi: storvsc: Increase cmd_per_lun for higher speed devices (fate#323887). - commit c2c371a - rtlwifi: rtl8723be: Fix loss of signal (bsc#1051510). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bsc#1051510). - mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards (bsc#1051510). - mmc: dw_mmc: Avoid accessing registers in runtime suspended state (bsc#1051510). - mmc: sdhci-pci: Fix S0i3 for Intel BYT-based controllers (bsc#1051510). - mmc: avoid removing non-removable hosts during suspend (bsc#1051510). - mmc: mmc_test: Ensure command queue is disabled for testing (bsc#1051510). - commit f5a53da - ALSA: aloop: Fix access to not-yet-ready substream via cable (bsc#1051510). - ALSA: aloop: Sync stale timer before release (bsc#1051510). - ALSA: hda/realtek - Fix speaker no sound after system resume (bsc#1051510). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1051510). - ALSA: hda - Force polling mode on CFL for fixing codec communication (bsc#1051510). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bsc#1051510). - ALSA: hda/realtek - Always immediately update mute LED with pin VREF (bsc#1051510). - drm: udl: Properly check framebuffer mmap offsets (bsc#1051510). - drm: Reject getfb for multi-plane framebuffers (bsc#1051510). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bsc#1051510). - drm/vmwgfx: Fix black screen and device errors when running without fbdev (bsc#1051510). - drm/radeon: Don't turn off DP sink when disconnected (bsc#1051510). - commit f5e4005 - btrfs: add missing initialization in btrfs_check_shared (bsc#1087185). - commit 0dc4dff - mei: me: allow runtime pm for platform with D0i3 (bsc#1087204). - commit 91f0e9a - usbip: keep usbip_device sockfd state in sync with tcp_socket (bsc#1087092). - commit a9c0193 - CIFS: zero sensitive data when freeing (bsc#1087092). - commit 342e490 - usbip: list: don't list devices attached to vhci_hcd (bsc#1087092). - commit 80e4e06 - usbip: prevent bind loops on devices attached to vhci_hcd (bsc#1087092). - commit 1b1531b - cifs: Fix autonegotiate security settings mismatch (bsc#1087092). - commit 7bd8fc2 - cifs: Fix missing put_xid in cifs_file_strict_mmap (bsc#1087092). - commit 15a395c - cifs: fix NULL deref in SMB2_read (bsc#1085539). - commit a05b05d - cifs: check MaxPathNameComponentLength != 0 before using it (bsc#1085536). - commit 5af1893 - usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer (bsc#1085539). - commit cba3218 - cifs: Select all required crypto modules (bsc#1085536). - commit 23399f9 - cifs: release auth_key.response for reconnect (bsc#1085536). - commit 0221ea3 - cifs: release cifs root_cred after exit_cifs (bsc#1085536). - commit 5fcee93 - cifs: check rsp for NULL before dereferencing in SMB2_open (bsc#1085536). - commit bb4352e - usbip: remove kernel addresses from usb device and urb debug msgs (bsc#1085539). - usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input (bsc#1085539). - commit 6015ddb - usbip: fix usbip bind writing random string after command in match_busid (bsc#1085539). - commit 251451b - powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs (bsc#1065729). - commit 5dca109 - usbip: prevent leaking socket pointer address in messages (bsc#1085539). - commit c149b42 - powerpc/livepatch: Fix livepatch stack access (bsc#1086660). - commit 37df8c9 - usbip: stub: stop printing kernel pointer addresses in messages (bsc#1085539). - commit 9f24363 - usbip: vhci: stop printing kernel pointer addresses in messages (bsc#1085539). - commit dbda174 - blacklist.conf: we do not build the tools - commit 24b7f9c - Update patches.arch/powerpc-tm-Flush-TM-only-if-CPU-has-TM-feature.patch (bsc#1075746, bsc#1087231, CVE-2018-1091). - commit 7102e9a - blacklist.conf: false positive - commit d595303 - usbnet: fix alignment for frames with no ethernet header (bsc#1085539). - Refresh patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch. - commit 45660b1 - uwb: properly check kthread_run return value (bsc#1085536). - commit f546456 - uwb: ensure that endpoint is interrupt (bsc#1085536). - commit 5aba24e - xhci: Don't add a virt_dev to the devs array before it's fully allocated (bsc#1085539). - commit df88c42 - xhci: Cleanup current_cmd in xhci_cleanup_command_queue() (bsc#1085536). - commit b7e5b94 - xhci: Identify USB 3.1 capable hosts by their port protocol capability (bsc#1085536). - commit bd7eec8 - Revert "xhci: Limit USB2 port wake support for AMD Promontory hosts" (bsc#1085536). - commit 6bc0fd3 - xhci: Fix sleeping with spin_lock_irq() held in ASmedia 1042A workaround (bsc#1085536). - commit bb7b728 - staging: ncpfs: memory corruption in ncp_read_kernel() (bsc#1086162, CVE-2018-8822). - commit 4da6eb3 - /pirq: fix error path cleanup when binding MSIs (bnc#1065600). - commit 01219ee - x86/mm: Fix {pmd,pud}_{set,clear}_flags() (bnc#1065600). - commit f6df79c - xen/balloon: Mark unallocated host memory as UNUSABLE (bnc#1065600). - commit d2ace39 - x86-64/Xen: eliminate W+X mappings (bnc#1065600). - commit df523b5 - xhci: fix wrong endpoint ESIT value shown in tracing (bsc#1085536). - commit 33411cf - xhci: fix finding correct bus_state structure for USB 3.1 hosts (bsc#1085536). - commit 85ca58c - blacklist.conf: we do not buil the tools - commit a686bd3 - uas: fix comparison for error code (bsc#1051943). - commit 3e3561a - usb: uas: unconditionally bring back host after reset (bsc#1051943). - commit 323a206 - blacklist.conf: patch changes only logging - commit ac5efdb - blacklist.conf:subsystem not used - commit 695a5dd - net: ibm: ibmveth: constify vio_device_id (bsc#1061843). - ibmveth: properly unwind on init errors (bsc#1061843). - net: ibm: ibmveth: constify dev_pm_ops structures (bsc#1061843). - commit da73308 - USB: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1085539). - usb: misc: usb3503: make sure reset is low for at least 100us (bsc#1085539). - commit 4030478 - USB: serial: cp210x: add new device ID ELV ALC 8xxx (bsc#1085539). - commit 885cc1c - Update patches.drivers/nvmet_fc-prevent-new-io-rqsts-in-possible-isr-comple.patch (bsc#1083575). - commit 44b0542 - USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bsc#1085539). - commit de14177 - blacklist.conf: subsystem not used - commit 0406ef2 - USB: fix usbmon BUG trigger (bsc#1085539). - commit 4896206 - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bsc#1085539). - commit 4a1b6e3 - USB: serial: ftdi_sio: add id for Airbus DS P8GR (bsc#10855539). - commit 8912afa - USB: serial: option: adding support for YUGA CLM920-NC5 (bsc#1085539). - commit 651ceb3 - USB: serial: qcserial: add Sierra Wireless EM7565 (bsc#1085539). - commit 814b845 - USB: serial: option: add support for Telit ME910 PID 0x1101 (bsc#1085539). - commit ccecbba - blacklist.conf: not needed in our configuration - commit 192f439 - usb: Add device quirk for Logitech HD Pro Webcam C925e (bsc#1085539). - commit 2db4499 - usb: add RESET_RESUME for ELSA MicroLink 56K (bsc#1085539). - commit fdc4f36 - sched/numa: avoid trapping faults and attempting migration of file-backed dirty pages (bnc#1064414 reduce unnecessary migrations and numab conflicts). - commit ca8fdbf - audit: fix memleak in auditd_send_unicast_skb (bsc#1086997). - commit a70d9a2 - crypto: dh - fix memleak in setkey (bsc#1086994). - commit e6b64ce - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1086946). - commit b6afd97 - brcmsmac: allocate ucode with GFP_KERNEL (bsc#1085174). - commit f82808c - crypto: ccp - add check to get PSP master only when PSP is detected (bsc#1063068). - KVM: x86: Fix device passthrough when SME is active (bsc#1084912). - x86/efi: Free efi_pgd with free_pages() (git-fixes d9e9a6418065). - x86/vsyscall/64: Use proper accessor to update P4D entry (git-fixes 49275fef986a). - scripts/git_sort/git_sort.py: - commit 0188aa6 - blacklist c179ea270100 powerpc/kprobes: Fix warnings from __this_cpu_read() on preempt kernels 94d3084a0f8c powerpc/32s: Fix compile error with CONFIG_PPC_PTDUMP - commit f6243d1 - powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access (bsc#1065729). - commit b6d0e6a - usb: dwc3: of-simple: fix missing clk_disable_unprepare (bsc#1085539). - commit c383569 - usb: dwc3: gadget: Wait longer for controller to end command processing (bsc#1085539). - commit ccd154d - usb: xhci: fix TDS for MTK xHCI1.1 (bsc#1085539). - commit 9eac7a6 - USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bsc#1085539). - commit 23cc14b - Refresh patches.drivers/ibmvnic-Potential-NULL-dereference-in-clean_one_tx_p.patch. - commit c83e9b6 - usb: musb: da8xx: fix babble condition handling (bsc#1085539). - commit 1be976d - drm/amdgpu: fix prime teardown order (bsc#1051510). - watchdog: hpwdt: Remove legacy NMI sourcing (bsc#1051510). - Revert "drm/radeon/pm: autoswitch power state when in balanced mode" (bsc#1051510). - PM / runtime: Update links_count also if !CONFIG_SRCU (bsc#1051510). - watchdog: imx2_wdt: restore previous timeout after suspend+resume (bsc#1051510). - watchdog: hpwdt: fix unused variable warning (bsc#1051510). - watchdog: hpwdt: Check source of NMI (bsc#1051510). - watchdog: hpwdt: SMBIOS check (bsc#1051510). - watchdog: Fix potential kref imbalance when opening watchdog (bsc#1051510). - media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart (bsc#1051510). - media: bt8xx: Fix err 'bt878_probe()' (bsc#1051510). - PCI: designware-ep: Fix ->get_msi() to check MSI_EN bit (bsc#1051510). - PCI: endpoint: Fix find_first_zero_bit() usage (bsc#1051510). - vgacon: Set VGA struct resource types (bsc#1051510). - pinctrl: Really force states during suspend/resume (bsc#1051510). - pinctrl: intel: Initialize GPIO properly when used through irqchip (bsc#1051510). - agp/intel: Flush all chipset writes after updating the GGTT (bsc#1051510). - ath10k: handling qos at STA side based on AP WMM enable/disable (bsc#1051510). - rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled (bsc#1051510). - Bluetooth: btqcomsmd: Fix skb double free corruption (bsc#1051510). - Bluetooth: hci_qca: Avoid setup failure on missing rampatch (bsc#1051510). - crypto: cavium - fix memory leak on info (bsc#1051510). - PM / devfreq: Propagate error from devfreq_add_device() (bsc#1051510). - pinctrl: cherryview: Mask all interrupts on Intel_Strago based systems (bsc#1051510). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bsc#1051510). - PM / runtime: Fix handling of suppliers with disabled runtime PM (bsc#1051510). - crypto: brcm - Explicity ACK mailbox message (bsc#1051510). - rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd (bsc#1051510). - PM: core: Fix device_pm_check_callbacks() (bsc#1051510). - commit 6b1c180 - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bsc#1085539). - commit 821249d - qed: Fix MPA unalign flow in case header is split across two packets (bsc#1050536 FATE#322898 bsc#1050545 FATE#322893). - bnxt_en: Return standard Linux error codes for hwrm flow cmds (bsc#1050242 FATE#32291). - bnxt_en: Remove unwanted ovs-offload messages in some conditions (bsc#1050242 FATE#32291). - infiniband: bnxt_re: use BIT_ULL() for 64-bit bit masks (bsc#1050244 FATE#322915). - infiniband: qplib_fp: fix pointer cast (bsc#1050244 FATE#322915). - commit 72c0fdb - blacklist.conf: subsystem not used - commit c778a11 - blacklist.conf: subsystem not used - commit 11379a6 - blacklist.conf: subsystem not used - commit 1fab475 - blacklist.conf: subsystem not used - commit 506214b - blacklist.conf: subsystem not used - commit 5d07732 - USB: serial: usb_debug: add new USB device id (bsc#1085539). - USB: serial: option: add Quectel BG96 id (bsc#1085539). - commit c98442a - svcrdma: Estimate Send Queue depth properly (bsc#1081515). - svcrdma: Limit RQ depth (bsc#1081515). - commit 8eb6546 - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bsc#1085539). - commit 4176e03 - blacklist.conf: not applicable change to Makefiles - commit a0544d1 - usb: hub: Cycle HUB power when initialization fails (bsc#1085539). - commit d1a83ef - PCI/DPC: Enable DPC only if AER is available (bsc#1082368). - commit 654d5a4 - powerpc: System reset avoid interleaving oops using die synchronisation (bsc#1086791). - commit 715df69 - powerpc/crash: Remove the test for cpu_online in the IPI callback (bsc#1086791). - powerpc: Do not send system reset request through the oops path (bsc#1086791). - commit fe60432 - get_fs_type: Validate fs type string argument (bsc#1082943). - commit 709e045 - dcache: Add cond_resched in shrink_dentry_list (bsc#1086194). - commit 413a765 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (bsc#1084829 CVE-2018-8043). - commit 4836f39 - Fix whitespace breakage in series.conf Commit ceb4998ac05a ("s390: scrub registers on kernel entry and KVM exit (LTC#164304, bsc#1084911).") changed the first line of series.conf. Incidentally, the scripts in scripts/git_sort/quilt-mode.sh rely on this line being present for the replacement (via the modified quilt) of the simple series file in the expanded tree with a link to series.conf. - commit d49c5e2 - Refresh patches.drivers/0001-module-warn-if-module-init-probe-takes-long.patch. - commit caebf3e - KVM: PPC: Book3S HV: Disable tb_offset (bsc#1086196). - commit 529e36c - armv7hl: Disable uacces with memcpy (boo#1080435) - commit 4e513aa - drm/amdgpu/dce: Don't turn off DP sink when disconnected (bsc#1051510). - commit 15ae848 - drm/i915: Disable tv output on i9x5gm (bsc#1086657). - drm/i915: Specify which engines to reset following semaphore/event lockups (FATE#322643 bsc#1055900). - commit 0838c05 - powerpc: Remove unused flush_dcache_phys_range() (bsc#1065729). - powerpc/mm/radix: Remove unused code (bsc#1055186, fate#323286, git-fixes). - powerpc/mm: Add tracking of the number of coprocessors using a context (bsc#1055014). - powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened (bsc#1065729). - commit ff3617a - drm/i915/dp: Write to SET_POWER dpcd to enable MST hub (bsc#1051510). - ACPI / watchdog: Fix off-by-one error at resource assignment (bsc#1073960). - Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bsc#1082504). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bsc#1051510). - commit ce5f883 - Preliminary patch sort / update (again) - commit 805d5d7 - ibmvnic: Potential NULL dereference in clean_one_tx_pool() (bsc#1085224, git-fixes). - commit 7acb565 - supported.conf: Add AMDGPU driver (bsc#1069343) - commit 591ff59 - hugetlbfs: check for pgoff value overflow (bnc#1084353, CVE-2018-7740). - commit 621f100 - test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches (bsc#1083647). - commit 4714d41 - Move bpf-introduce-ARG_PTR_TO_MEM_OR_NULL.patch to the sorted section The patch was added to the KABI section mistakenly. - commit 638bcf0 - USB: Fix off by one in type-specific length check of BOS SSP capability (bsc#1085539). - commit f57a20f ==== kexec-tools ==== - kexec-tools-vmcoreinfo-in-xen.patch: Revert "kexec-tools: Read always one vmcoreinfo file" (bsc#1085626, bsc#951740). - kexec-tools-fix-kexec-p-segfault.patch: Fix a segmentation fault when trying to run "kexec -p" (bsc#1080916). - kexec: add -a option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported (bsc#1080916, boo#1076839). * kexec-tools-Return-ENOSYS-when-kexec-does-not-know.patch * kexec-tools-Fix-option-checks-to-take-KEXEC_FILE_LOAD.patch * kexec-tools-Do-not-special-case-the-s-option.patch * kexec-tools-Add-option-to-revert-s.patch * kexec-tools-Add-option-to-fall-back-to-KEXEC_LOAD.patch * kexec-tools-Document-s-c-and-a-options-in-the-man-page.patch - kexec-tools-ppc64-leverage-kexec_file_load-support.patch: kexec/ppc64: leverage kexec_file_load support (bsc#1080916). ==== korganizer ==== Subpackages: korganizer-lang - Add fix-folder-properties.patch to fix "Folder Properties" not appearing (kde#392395) ==== libedit ==== - move Changelog back to runtime package as it might not be only developer documentation - Use %license instead of %doc [bsc#1082318] - Move development docu into -devel subpackage ==== liblogging ==== - Use %license instead of %doc [bsc#1082318] ==== libmygpo-qt ==== Version update (1.0.9 -> 1.1.0) - Update to 1.1.0: * Deprecated Qt4 support * Improvements in Qt5 support * Fix in URL parsing, preventing Double Encoding of URLs ==== libnfnetlink ==== - Use %license instead of %doc [bsc#1082318] ==== libreoffice ==== Version update (6.0.2.1 -> 6.0.3.2) Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-sv libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit - Reduce the ifarch condition based on new exclusivearch - Name directly dependencies that were accidentaly pulled by gtk3 before - Conditionalize gtk3 build as it requires "newer" gnome than the one we ship on SLE12 currently - Update glib2 requirement to match what code actually uses - Reduce archs to only those that are really capable of finishing the build - Update to 6.0.3.2 fate#324870: * Final 6.0.3 tag for release - Disable firebird engine on SLE for now - Also drop boost_string_fixes.patch merged in upstream differently - Version update to 6.0.3.1: * Another bugfix release milestone - Drop patch orcus-0.13.3.patch merged upstream - Drop patch bnc955545.patch merged upstream - Drop patch bnc1081079.patch merged upstream - Require liberation-fonts instead of Recommends wrt bsc#1083213 * Basically we need ANY font, but liberation-fonts are the Arial/etc. compatible and thus you can view the MS Word documents - Drop Build/Require on xorg-x11-fonts ==== libsmbios ==== Version update (2.3.3 -> 2.4.1) Subpackages: python-smbios smbios-utils-bin smbios-utils-python - Update shared library packaging to meet guideline. - Use find's -exec + strategy. - Escape all % signs to %% where needed. - Update to 2.4.1: * Minor fixes submitted for help2man improvements and a signed comparison. * Fix a crash when used by fwupd [boo#1086732] - Changes in 2.4.0: * Convert all python2 -> python3. * Drop libsmbios C++ library. * Introduce support for WMI SMM API provided by Linux kernel 4.15+. * Add proper support for SMBIOS 3.0 tables. * Fix many many crashers. * Clean up long standing coverity errors. - Package was ported to python3 by upstream, no functional changes, no api changes. [bsc#1076409] ==== libyajl ==== - Use %license instead of %doc [bsc#1082318] - Move other docu to -devel package where it better fits ==== mokutil ==== - Use %license instead of %doc [bsc#1082318] ==== multipath-tools ==== Version update (0.7.3+59+suse.1b6191c26774 -> 0.7.3+60+suse.46ac839) Subpackages: kpartx multipath-tools-rbd - Fixed license tags in spec file * multipath tools / libmultipath is GPL-2.0-only * libmpathcmd is LGPL-2.0-or-later * kpartx is GPL-2.0-or-later * libdmmp is GPL-3.0-or-later * adopt SPDX format. - Update to version 0.7.3+60+suse.46ac839: * libmultipath/hwtable: don't hard-code ALUA for IBM IPR (bsc#1085212, bsc#1075129) ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Change baselibs.conf to avoid mixed version requirements (bsc#1082744) - Add ncurses patch 6.1-20180317 + fix a check in infotocap which may not have detected a problem when it should have. + add a check in tic for the case where setf/setb are given using different strings, but provide identical results to setaf/setab. + further improve fix for terminfo.5 (patch by Kir Kolyshkin). + reorder loop-limit checks in winsnstr() in case the string has no terminating null and only the number of characters is used (patch by Gyorgy Jeney). ==== net-tools ==== Subpackages: net-tools-lang - Use %license instead of %doc [bsc#1082318] ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_1_0 - Cleaned up complaints by gcc-8 about strings (bsc#1084640) - Fixed rpmlint complaint about libopeniscsiusr summary not starting with a capital letter - Fixed libopeniscsiusr global variable overload - No functional changes. This updates: * open-iscsi-SUSE-latest.diff.bz2, and * open-iscsi.spec ==== openldap2 ==== Version update (2.4.45 -> 2.4.46) Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client - bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything. - Upgrade to upstream 2.4.46 release - removed obsolete back-port patches: * 0013-ITS-8692-let-back-sock-generate-increment-line.patch * 0016-ITS-8782-fix-cancel-memleak.patch OpenLDAP 2.4.46 Release (2018/03/22) Fixed libldap connection delete callbacks when TLS fails to start (ITS#8717) Fixed libldap to not reuse tls_session if TLS hostname check fails (ITS#7373) Fixed libldap cross-compiling with OpenSSL 1.1 (ITS#8687) Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791) Fixed libldap MozNSS CA certificate hash matching (ITS#7374) Fixed libldap MozNSS with PEM certs when also using an NSS cert db (ITS#7389) Fixed libldap MozNSS initialization (ITS#8484) Fixed libldap GnuTLS with GNUTLS_E_AGAIN (ITS#8650) Fixed libldap memory leak with cancel operations (ITS#8782) Fixed slapd Eventlog registry key creation on 64-bit Windows (ITS#8705) Fixed slapd to maintain SSF across SASL binds (ITS#8796) Fixed slapd syncrepl deadlock when updating cookie (ITS#8752) Fixed slapd syncrepl callback to always be last in the stack (ITS#8752) Fixed slapd telephoneNumberNormalize when the value is spaces and hyphens (ITS#8778) Fixed slapd CSN queue processing (ITS#8801) Fixed slapd-ldap TLS connection timeout with high latency connections (ITS#8720) Fixed slapd-ldap to ignore unknown schema when omit-unknown-schema is set (ITS#7520) Fixed slapd-mdb with an optimization for long lived read transactions (ITS#8226) Fixed slapd-meta assert when olcDbRewrite is modified (ITS#8404) Fixed slapd-sock with LDAP_MOD_INCREMENT operations (ITS#8692) Fixed slapo-accesslog cleanup to only occur on failed operations (ITS#8752) Fixed slapo-dds entryTTL to actually decrease as per RFC 2589 (ITS#7100) Fixed slapo-syncprov memory leak with delete operations (ITS#8690) Fixed slapo-syncprov to not clear pending operation when checkpointing (ITS#8444) Fixed slapo-syncprov to correctly record contextCSN values in the accesslog (ITS#8100) Fixed slapo-syncprov not to log checkpoints to accesslog db (ITS#8607) Fixed slapo-syncprov to process changes from this SID on REFRESH (ITS#8800) Fixed slapo-syncprov session log parsing to not block other operations (ITS#8486) Build Environment Fixed Windows build with newer MINGW version (ITS#8697) Fixed compiler warnings and removed unused variables (ITS#8578) Contrib Fixed ldapc++ Control structure (ITS#8583) Documentation Delete stub manpage for back-ldbm (ITS#8713) Fixed ldap_bind(3) to mention the LDAP_SASL_SIMPLE mechanism (ITS#8121) Fixed ldap.conf(5) to note SASL_MECH/SASL_REALM are no longer user-only (ITS#8818) Fixed slapd-config(5) typo for olcTLSCipherSuite (ITS#8715) Fixed slapo-syncprov(5) indexing requirements (ITS#5048) ==== osinfo-db ==== - bsc#974580 - modify volume id for some windows iso files First, use "X64FREE?" instead of "X64FRE". Second, add "IR1_SSS_X64FREV_EN-US_DV5". modify-volume-id-for-windows.patch ==== p7zip ==== - add p7zip-16.02-CVE-2017-17969.patch to fix a heap-based buffer overflow in a shrink decoder [bnc#1077725], [CVE-2017-17969] - remove CPP/7zip/Compress/Rar* files from the tar archive as they have incompatible license [bnc#1077978] * also remove DOC/unRarLicense.txt * add p7zip_16.02_norar.patch to adjust makefile according to it * remove no longer used Codecs - remove 7zr manpage, fixes boo#899627 - Explicitly package %{_docdir}/%{name} to fix build with RPM 4.13. - Add CVE-2016-9296.patch to fix a null pointer dereference problem (CVE-2016-9296) - Update to version 16.02 - From Windows version of 7-Zip 16.02: - The BUG in 16.00 - 16.01 was fixed: 7-Zip mistakenly reported the warning "There are some data after the end of the payload data" for split archives. - Version 16.01 (never published) - From Windows version of 7-Zip 16.01: - The bugs in SWM (WIM), EXE (PE) and CHM code were fixed. - There are some internal changes in source code for better compatibility with VS2015 C++ compiler. - Version 16.00 (never published) - Better support for OpenBsd (CPP/Windows/System.cpp), thanks Josh (https://sourceforge.net/p/p7zip/discussion/383043/thread/ee32dcd8/?limit=25…) - From Windows version of 7-Zip 16.00: - 7-Zip now can extract multivolume ZIP archives (z01, z02, ... , zip). - Some fixed bugs: - bzip2 decoder -mmt2 reported E_FAIL (for k_My_HRESULT_WritingWasCut case), if we extract partial file. - 7z solid update (hang in break). - sha1 worked incorrectly for call after call with ((size & 3) != 0). - 7z update bcj bugs were fixed. - Split (aaa.001) fixed. - iso loop fix. - rar4 multivol -stdin kpidSize. - Drag and drop 1<2.txt. - Memory access violation fix. - Removed CVE-2016-2334.patch and CVE-2016-2335.patch, fixed upstream. - Temporarily disable gui building - Fix security issues: - CVE-2016-2334: 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability (boo#979822) - CVE-2016-2335: 7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability (boo#979823) (CVE-2016-2334.patch, CVE-2016-2335.patch) - Build 7zG (gui for p7zip) and added subpackage p7zip-gui for openSUSE >= 13.2 and Leap 42.1. - Update to version 15.14.1 - Patch #32 Compiling in OS X fails with p7zip_15.14. - Fixed spec file to build with copied makefile.linux_amd64_asm for arch x86-64 and added required yasm as BuildRequires. - Update to version 15.14 * Based on 7-zip 15.14 release * Build fixes * All the fixes from 7-zip 15.14, see the included ChangeLog - Drop p7zip-CVE-2015-1038.patch, upstream. - Enable PIE & LD_BIND_NOW security features - Package all the text documentation - Update to version 15.09 * Based on 7-zip 15.09 release * 7-Zip now can extract ext2 and multivolume VMDK images. * 7-Zip now can extract ext3 and ext4 (Linux file system) images. * 7-Zip now can extract GPT images and single file QCOW2, VMDK, VDI images. * 7-Zip now can extract solid WIM archives with LZMS compression. * 7-Zip now can extract RAR5 archives. * 7-Zip now doesn't sort files by type while adding to solid 7z archive. new -mqs switch to sort files by type while adding to solid 7z archive. * 7-Zip now can create 7z, xz and zip archives with 1536 MB dictionary for LZMA/LZMA2. * 7-Zip now can extract .zipx (WinZip) archives that use xz compression. - Refresh p7zip-CVE-2015-1038.patch - fixed CVE-2015-1038 [bnc#912878] + p7zip-CVE-2015-1038.patch - update to 9.38.1 - bug #145 "p7zip crashes while moving memory in MoveItems" - update to 9.38 - patch #23 fixes "7z with unicode file name with surrogate pair is not handled well in Linux" - bug #139 "password from commanline is visible in processes list" Now the characters of the password are replaced with *. - bug#138 If you extract the password with # program crashes 7z now supports long password in RAR 3 and 4. - 7-Zip could ignore some options when you created ZIP archives. For example, it could use ZipCrypto cipher instead of AES-256. - New -mf=FilterID switch to specify compression filter. Examples: 7z a -mf=bcj2 a.7z a.tar 7z a -mf=delta:4 a.7z a.wav 7z a -mf=bcj a.tar.xz a.tar - New class FString for file names at file systems. - Speed optimization in CRC code for big-endian CPUs. - Speed optimizations in AES code for Intel's 32nm CPUs. - Speed optimizations in CRC calculation code for Intel's Atom CPUs. - bug with multi archives which are links. - #3283518 : Asm/x{32,64}/7zCrcT8U.asm introduces executable stack - test suite segfaults on qemu-arm, we will see if it is a bug in p7zip or a glitch in qemu later. - Enable assembly support for x86-64 - Update to version 9.20 - From Windows version of 7-zip 9.20, What's new after 7-Zip 4.65 (2009-02-03): - 7-Zip now supports LZMA2 compression method. - 7-Zip now can update solid .7z archives. - 7-Zip now supports XZ archives. - 7-Zip now supports PPMd compression in ZIP archives. - 7-Zip now can unpack NTFS, FAT, VHD, MBR, APM, SquashFS, CramFS, MSLZ archives. - 7-Zip now can unpack GZip, BZip2, LZMA, XZ and TAR archives from stdin. - 7-Zip now can unpack some TAR and ISO archives with incorrect headers. - 7-Zip now supports files that are larger than 8 GB in TAR archives. - NSIS and WIM support was improved. - Partial parsing for EXE resources, SWF and FLV. - The support for archives in installers was improved. - 7-Zip now can stores NTFS file timestamps to ZIP archives. - Speed optimizations in PPMd codec. - Speed optimizations in CRC calculation code for Intel's Atom CPUs. - New -scrc switch to calculate total CRC-32 during extracting / testing. - 7-Zip File Manager now doesn't use temp files to open nested archives stored without compression. - Disk fragmentation problem for ZIP archives created by 7-Zip was fixed. - Some bugs were fixed. - New localizations: Hindi, Gujarati, Sanskrit, Tatar, Uyghur, Kazakh. - Not in p7zip : Speed optimizations in AES code for Intel's 32nm CPUs. - From Windows version of 7-zip 9.17 - Disk fragmentation problem for ZIP archives created by 7-Zip was fixed. Notes: 7-Zip now uses 4 MB RAM buffer as file cache, when you create ZIP archives. It reduces the number of Move_File_Position and Write_to_File operations. - From Windows version of 7-zip 9.18 - 7-Zip now can unpack SquashFS and CramFS filesystem images. - 7-Zip now can unpack some TAR and ISO archives with incorrect headers. - Some bugs were fixed. - From Windows version of 7-zip 9.16 - 7-Zip now supports files that are larger than 8 GB in TAR archives. - NSIS support was improved : - 7-Zip now supports BZip2 method in NSIS installers. - 7-Zip now can extract identical files from NSIS installers. - Some bugs were fixed. - New localizations: Hindi, Gujarati, Sanskrit. - From Windows version of 7-zip 9.15 - Some bugs were fixed. - New localization: Tatar - From Windows version of 7-zip 9.14 - WIM support was improved. 7-Zip now can create WIM archives without compression. - sf#3069545 "kSignatureDummy?" fixed - fix deps o no fdupes on suse_version < 1100 (SLES9, SLE10) - remove Author from description - update to version 9.13 * From Windows version of 7-zip 9.12 - Some bugs were fixed. * #2863580 "Crash in Rar decoder on a corrupted file" fixed * #2860898 "Dereferencing a zero pointer in cab handler" fixed * #2860679 "Division by zero in cab decoder" fixed - update to version 9.12 * From Windows version of 7-zip 9.12 - ZIP / PPMd compression ratio was improved in Maximum and Ultra modes. - The BUG in 7-Zip 9.* beta was fixed: LZMA2 codec didn't work, if more than 10 threads were used (or more than 20 threads in some modes). * makefile.openbsd is now compatible with OpenBSD ports tree. (thanks to jggimi) * cmake projects added. * 7zFM and 7zG can be built on MacOSX but these ports are in very alpha stage. make app to build p7zip.app (p7zip for MacOSX) - update to version 9.11 (never published) * From Windows version of 7-zip 9.11 - 7-Zip now supports PPMd compression in .ZIP archives. - Speed optimizations in PPMd codec. - The support for archives in installers was improved. - Some bugs were fixed. - update to version 9.10 (never published) * From Windows version of 7-zip 9.05 to 9.10 - 7-Zip now can unpack Apple Partition Map (APM) disk images. - 7-Zip now can unpack MSLZ archives. - Partial parsing for EXE resources, SWF and FLV. - Some bugs were fixed. * p7zip can now use hugetlbfs on Linux (thank to Joachim Henke) Like with the Windows large pages, this gives a nice speedup, when running memory intensive operations. * p7zip now uses UTF8 (kCFStringNormalizationFormD) On MacOSX fixes #2831266 "p7zip can't find NFC Unicode filename in OSX Terminal" and #2976169 "German Umlauts Failure" - update to version 9.05 (never published) * p7zip now uses precompiled header with gcc 4 - remove obsolete patch (gcc_missing_include.patch) - renew patch (install.patch) - update to version 9.04 * 7-Zip now can update solid .7z archives * 7-Zip now supports LZMA2 compression method * 7-Zip now supports XZ archives * 7-Zip now can unpack NTFS, FAT, VHD and MBR archives * 7-Zip now can unpack GZip, BZip2, LZMA, XZ and TAR archives from stdin * New -scrc switch to calculate total CRC-32 during extracting / testing * Some bugs were fixed * #2799966 " A newly created 7z archive (by p7zip 4.65) is broken and cannot be unpacked / listed / tested" Fixed: now "7za a -mx=9 archive.7z directory" creates a good archive even if there are a lot of executable files * Fixed: the RAM size was reported incorrectly on MacOSX 64bits (with 2Gb+ RAM) * #2798023 "segfault handling very large multivolume .7z file" p7zip now displays the following error "Error: Too many open files" if you don't have enough rights to open all the splitted files (on Linux: ulimit -n) - included update from 4.65 * The bug in 7-Zip 4.63 was fixed: 7-Zip could not decrypt .ZIP archives encrypted with WinZip-AES method * 7-Zip now can unpack ZIP archives encrypted with PKWARE-AES * Some bugs were fixed * Fixed: the RAM size was reported incorrectly on MacOSX 64bits * Fixed: makefile.linux_amd64_asm_icc * DJGPP: makefile.djgpp becomes makefile.djgpp_old * DJGPP: makefile.djgpp_watt added (thank to Rugxulo) * you can now compile 7za with a cmake project (see README) - included update from 4.61 * 7-Zip now supports LZMA compression for .ZIP archives * Ask for password twice when creating encrypted archive * 7zG added (read GUI/readme.txt) * p7zip didn't use the BCJ /BCJ2 filters for executables (: * makefile.linux_amd64_asm_icc added (tested with Intel Compiler 11 on Ubuntu 8.04 x64) * 7-Zip now can unpack UDF, XAR and DMG/HFS archives * It's allowed to use -t switch for "list" and "extract" commands * Bug: wrong timestamp for files extracted from .zip or .rar archives ==== patterns-base ==== Subpackages: patterns-base-32bit patterns-base-apparmor patterns-base-apparmor_opt patterns-base-base patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base-32bit patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base-32bit patterns-base-readonly_root_tools patterns-base-sw_management patterns-base-update_test patterns-base-x11 patterns-base-x11_enhanced patterns-base-x11_opt - Don't install systemd-coredump by default on Leap (bsc#1083849) - Add systemd-coredump to the list of recommended packages of miminal_base Latest systemd package splitted off its coredump management facility into a sub-package. Recommend this package so this functionnality is still available by default on SLE (but will be disabled on Leap, see bsc#1083849). Also give the possibility to block it by using a soft dep (Recommends:). This might be needed on live images for example where space is rather low. - Remove grub varients from patterns bsc#1064265 - added timezone as recommended to minimal_base pattern [bsc#1085075] - ethtool is available on SLE 15, moving out of "opensuse only" section [bsc#1087354] ==== patterns-kde ==== Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - Replace plasma-nm5-vpnc with plasma-nm5-openconnect ==== patterns-yast ==== Version update (20171005 -> 20180403) Subpackages: patterns-yast-x11_yast patterns-yast-yast2_basis - Suggest yast2-kdump on all arches (bsc#1078393) - yast2_install_wf shouldn't be a visible pattern (bsc#1081724) - Recommend yast2-support (bsc#1084073) - yast2-auth-server package should be recommended (bsc#1085330) ==== perl-Bootloader ==== - Use %license instead of %doc [bsc#1082318] ==== php7 ==== Version update (7.2.3 -> 7.2.4) Subpackages: apache2-mod_php7 php7-ctype php7-dom php7-iconv php7-json php7-mysql php7-pdo php7-pgsql php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - updated to 7.2.4: This is a security release with also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.4 - php7-no-build-date.patch refreshed ==== plasma5-workspace ==== Subpackages: plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs - Add Fix-weather-engine-BBC-provider.patch to adapt the BBC weather engine provider to changes in the RSS feed that broke it (kde#392510) ==== python-rpm ==== - remove rpmlint-Factory buildignore - Switch really to singlespec thus allowing us to build without python2-devel present in the distribution ==== qemu ==== - Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 - Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch ==== rdma-core ==== Subpackages: libibverbs libibverbs1 libmlx4-1 libmlx5-1 - Add Provide/Obsolete for librdmacm in librdmacm1 (bsc#1086173) ==== re2 ==== Version update (20180301 -> 20180401) - Update to version 2018-04-01 * developer visible changes only ==== rpm ==== Subpackages: rpm-32bit - %install_info: if we are going to fail, at least fail on install not on attempted upgrades or uninstall [bsc#1084997] ==== sg3_utils ==== Subpackages: libsgutils2-1_43-2 - Update to svn r763: * More NVMe bugfixes * sg_vpd: add device constituents vpd * sg_raw: add --raw option * sg_turs: add --low option * sg_ses: decoding dpage fixes; add --quiet option - rescan-scsi-bus.sh: Fixup syntax error (bsc#1087008) - Use separate repository for SLE15 ==== skanlite ==== Version update (2.0.1 -> 2.1.0.1) Subpackages: skanlite-lang - Update to version 2.1.0.1: * Add translations that were missing in 2.1.0 (kde#392598) - Update to version 2.1.0: * Allow index to start from 0 (kde#360432) * D-BUS support * Bugfix: wrong folder selection dialog behavior (kde#377929) * Fix DPI info in 16-bit PNG * Fix handling of empty prefix * Correct display of applied filename templates * Default to PNG format if no format is provided (kde#374315) ==== systemd ==== Subpackages: libsystemd0 libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-sysvinit udev - Split systemd-coredump sub-package off (bsc#1083849) ==== texinfo ==== - install-info_exitcode.patch: install-info needs to return success when it does nothing. We need 0 return value even on failure as old packages in SLE-11 and SLE-12 can become uninstallable. (bsc#1084997) ==== transactional-update ==== - Add conflicts with snapper-zypp-plugin ==== tuned ==== - Remove sap subpackages entirely. These conflict with possible other SLE optimized sap subpackages (bnc#1064832). ==== util-linux ==== Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang - su: Set ALWAYS_SET_PATH default to "yes" (bsc#353876#c7); add one-time wrapper forcing ALWAYS_SET_PATH on upgrade. - Use %license instead of %doc [bsc#1082318] ==== util-linux-systemd ==== - su: Set ALWAYS_SET_PATH default to "yes" (bsc#353876#c7); add one-time wrapper forcing ALWAYS_SET_PATH on upgrade. - Use %license instead of %doc [bsc#1082318] ==== xdm ==== - systemd-logind integration requires to use -keeptty with X server to hold the controlling tty (and breaks startx!).[boo#1088365] - Do not generate an error on not existing shell functions *_vars in /usr/lib/X11/display-manager ==== yast2 ==== Version update (4.0.61 -> 4.0.65) - improve wayland support (bsc#1083907) - 4.0.65 - Use SHA2 instead of MD5 when determining whether a license was already accepted or not (related to fate#325461). - 4.0.64 - Add a new API to handle product licenses. - Given a license, remember whether another one with the same content was already accepted (fate#325461). - 4.0.63 - Added ProductUpgrade class to better evaluate the product for upgrading (related to bsc#1086259) - 4.0.62 ==== yast2-auth-client ==== Version update (3.3.18 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-hardware-detection ==== Version update (3.1.8 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-installation ==== Version update (4.0.42 -> 4.0.43) - Fix tests to use correct storage instance (part of fate#318196). - 4.0.43 ==== yast2-journal ==== Version update (3.2.1 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-ldap ==== Version update (3.1.14 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-network ==== Version update (4.0.24 -> 4.0.25) - Fixed preformatted proposal for network module (bsc#1088488) - 4.0.25 ==== yast2-nfs-client ==== Version update (4.0.3 -> 4.0.5) - Use only nfsvers (or its alias) to specify the version of the NFS protocol, instead of the legacy nfs4 (vfstype) and minorversion (bsc#1088426). - Detect legacy entries and warn the user. - 4.0.5 - Command line interface: display correct content in the 'Options' column (bsc#1087826) when listing. - Command line interface: updated help about the 'type' option. - 4.0.4 ==== yast2-packager ==== Version update (4.0.52 -> 4.0.55) - Given a license, remember whether another one with the same content was already accepted (fate#325461). - 4.0.55 - Better evaluate the product to upgrade, do not use the package solver if there is only one base product to install, use some fallbacks when the solver fails (bsc#1086259) - 4.0.54 - Fix tests to use correct storage instance (part of fate#318196). - 4.0.53 ==== yast2-ruby-bindings ==== Version update (4.0.4 -> 4.0.6) - Allow to directly abort the process (needed for fate#318196). - 4.0.6 - Log a warning if no text domain is configured for translations, this helps with debugging (improved as a part of bsc#1081466) - 4.0.5 ==== yast2-storage-ng ==== Version update (4.0.142 -> 4.0.148) - Force UTF-8 encoding for (most) strings coming from libstorage-ng (bsc#1088067). - 4.0.148 - Better error handling if no storage proposal is possible (bsc#1064677) - 4.0.147 - Recover method #exists_in_probed? (bsc#1087818). - 4.0.146 - Partitioner: do not crash when a striped logical volume is selected (bsc#1087702). - Fixed an error searching devices by name introduced by the recent sanitization related to bsc#1083672. - 4.0.145 - Partitioner: add check for minimum size when using snapshots (bsc#1085131). - 4.0.144 - If a duplicate PV is found, show an specific error message with instructions (bsc#1082542). - 4.0.143 - Use correct probe mode in unit tests (fate#318196). ==== yast2-trans ==== Version update (84.87.20180316.72781395d -> 84.87.20180406.01ef53789) Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-en yast2-trans-en_GB yast2-trans-en_US yast2-trans-es yast2-trans-fi yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-nb yast2-trans-nl yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-sv yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20180406.01ef53789 (bsc#1088113 and others). * Added check_po_files.rb script * Another translation update * Experimentally add python-brace-format * First round of translation fixes * Fixed a format string. * Manual tweaks * More fixes * New POT for text domain 'packager'. * New POT for text domain 'registration'. * New POT for text domain 'storage'. * New POT for text domain 'tftp-server'. * Restored the removed translations * Revert back the removed strings * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Swedish) * another experiment, add c-format - Update to version 84.87.20180404.7829627b4 (bsc#1085376, bsc#1086920): * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Czech) * Translated using Weblate (Danish) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Hungarian) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Korean) * Translated using Weblate (Lithuanian) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * New POT for text domain 'add-on'. * New POT for text domain 'alternatives'. * New POT for text domain 'auth-client'. * New POT for text domain 'autoinst'. * New POT for text domain 'base'. * New POT for text domain 'bootloader'. * New POT for text domain 'cio'. * New POT for text domain 'cluster'. * New POT for text domain 'control'. * New POT for text domain 'docker'. * New POT for text domain 'firewall'. * New POT for text domain 'firstboot'. * New POT for text domain 'fonts'. * New POT for text domain 'ftp-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'installation'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'network'. * New POT for text domain 'nfs'. * New POT for text domain 'packager'. * New POT for text domain 'registration'. * New POT for text domain 's390'. * New POT for text domain 'storage'. * New POT for text domain 'update'. * New POT for text domain 'users'. * Update rpm-groups (bsc#1086643) * Obsolete yast2-trans-sr-Latn by yast2-trans-sr-latin. ==== yast2-transfer ==== Version update (3.1.3 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-vm ==== Version update (3.2.5 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] NVIDIA proprietary driver on kernel 4.16 (was: New Tumbleweed snapshot 20180406 released!)
by Andrei Dziahel 11 Apr '18

11 Apr '18

Hi list, There are issue reports about subj (http://rglinuxtech.com/?p=2232) which, along with the lack of any traces of swiotlb-related patches in https://build.opensuse.org/package/show/X11:Drivers:Video/nvidia-gfxG04, begs for question whether we are affected. Did someone using NVIDIA driver try new kernel yet? @Stefan Dirsch, have you maybe? Thanks! -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

9 23

[opensuse-factory] YaST 54th Sprint Report
by Martin Vidner 11 Apr '18

11 Apr '18

We were in the middle of rewr-- no, refac--, recompiling all of YaST into Visual Basic when we found that it was April 2nd already and had to scratch the entire project. Next year for sure. So you are left with a report of enterprise grade stabilization and we hope that your servers will be very bored running our software. https://lizards.opensuse.org/2018/04/11/highlights-of-yast-development-spri… -- Martin Vidner, YaST Team http://en.opensuse.org/User:Mvidner

1 0

[opensuse-factory] What is this? systemd message, Leap 15.0 beta
by Carlos E. R. 11 Apr '18

11 Apr '18

I get dozens of these while I run a zypper dup: 2018-04-05T19:08:24.186510+02:00 Minas-Anor systemd[1]: nss-lookup.target: Dependency Before=nss-lookup.target dropped 2018-04-05T19:08:24.580094+02:00 Minas-Anor systemd[1]: nss-lookup.target: Dependency Before=nss-lookup.target dropped 2018-04-05T19:08:26.180673+02:00 Minas-Anor systemd[1]: nss-lookup.target: Dependency Before=nss-lookup.target dropped 2018-04-05T19:08:26.586548+02:00 Minas-Anor systemd[1]: nss-lookup.target: Dependency Before=nss-lookup.target dropped -- Cheers/Saludos Carlos E. R. (testing openSUSE Leap 15.0, at Minas-Anor) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

6 14

[opensuse-factory] New Tumbleweed snapshot 20180407 released!
by Dominique Leuenberger 10 Apr '18

10 Apr '18

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: PackageKit autoyast2 (4.0.44 -> 4.0.45) gnome-online-accounts gpg2 gtk2-branding-openSUSE (42.1 -> 15.0) inst-source-utils (2018.03.13 -> 2018.04.06) installation-images-Kubic (14.366 -> 14.367) kdump kexec-tools libostree libstorage-ng (3.3.200 -> 3.3.207) libvirt (4.1.0 -> 4.2.0) llvm6 mbedtls (2.7.0 -> 2.8.0) multipath-tools (0.7.3+59+suse.1b6191c26774 -> 0.7.3+60+suse.46ac839) openldap2 openssh osinfo-db patterns-media publicsuffix (20180312 -> 20180328) python-base qemu qemu-linux-user re2 (20180301 -> 20180401) strace (4.21 -> 4.22) systemd xdm xf86-input-libinput (0.26.0 -> 0.27.0) xf86-video-ati (18.0.0 -> 18.0.1) xmessage (1.0.4 -> 1.0.5) xprop (1.2.2 -> 1.2.3) xrdb (1.1.0 -> 1.1.1) xset (1.2.3 -> 1.2.4) xsetroot (1.1.1 -> 1.1.2) yast2 (4.0.60 -> 4.0.65) yast2-firewall (4.0.21 -> 4.0.22) yast2-installation (4.0.42 -> 4.0.44) yast2-network (4.0.23 -> 4.0.25) yast2-nfs-client (4.0.3 -> 4.0.5) yast2-packager (4.0.49 -> 4.0.55) yast2-ruby-bindings (4.0.4 -> 4.0.6) yast2-storage-ng (4.0.139 -> 4.0.147) yast2-trans (84.87.20180208.cf7cad734 -> 84.87.20180406.01ef53789) yast2-users (4.0.3 -> 4.0.4) === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Remove pkgconfig(npapi-sdk) BuildRequires:, it is no longer needed as browser plugin is not built since 1.1.0. ==== autoyast2 ==== Version update (4.0.44 -> 4.0.45) Subpackages: autoyast2-installation - Fix tests to use correct storage instance (part of fate#318196). - 4.0.45 ==== gnome-online-accounts ==== Subpackages: gnome-online-accounts-lang libgoa-1_0-0 libgoa-backend-1_0-1 typelib-1_0-Goa-1_0 - Disable telepathy support, it isn't used for years. Remove BuildRequires(libaccounts-glib/telepathy-glib) accordingly. ==== gpg2 ==== Subpackages: gpg2-lang - Added gnupg-CVE-2018-9234.patch: Enforce that key certification can only be done with the master key, and not a signing subkey. (bnc#1088255 CVE-2018-9234) ==== gtk2-branding-openSUSE ==== Version update (42.1 -> 15.0) - Build package for SLE and openSUSE using multibuild. ==== inst-source-utils ==== Version update (2018.03.13 -> 2018.04.06) - add support for transalted EULA ==== installation-images-Kubic ==== Version update (14.366 -> 14.367) - merge gh#openSUSE/installation-images#242 - adjust adddir script to allow updating coreutils (bsc#1087901) - 14.367 ==== kdump ==== - kdump-pass-IPv6-address-prefix-separately.patch: IPv6 setup: pass address prefix in separate dracut arg (bsc#1062026). - kdump-pass-all-IP-routes-to-kdump-environment.patch: IP setup: pass all routes to kdump environment (bsc#1062026). - kdump-remove-IPv6-brackets-for-getaddrinfo.patch: Routable: do not pass bracketed IPv6 to getaddrinfo (bsc#1062026). - kdump-skip-IPv4-if-no-address.patch: IP setup: don't bother with IPv4 if there are no addresses (bsc#1062026). - kdump-use-bus-id-to-identify-qeth-devices.patch: Use bus id to identify qeth devices (bsc#1085617). ==== kexec-tools ==== - kexec-tools-vmcoreinfo-in-xen.patch: Revert "kexec-tools: Read always one vmcoreinfo file" (bsc#1085626, bsc#951740). - kexec-tools-fix-kexec-p-segfault.patch: Fix a segmentation fault when trying to run "kexec -p" (bsc#1080916). - kexec: add -a option to fall back to KEXEC_LOAD when KEXEC_FILE_LOAD is not supported (bsc#1080916, boo#1076839). * kexec-tools-Return-ENOSYS-when-kexec-does-not-know.patch * kexec-tools-Fix-option-checks-to-take-KEXEC_FILE_LOAD.patch * kexec-tools-Do-not-special-case-the-s-option.patch * kexec-tools-Add-option-to-revert-s.patch * kexec-tools-Add-option-to-fall-back-to-KEXEC_LOAD.patch * kexec-tools-Document-s-c-and-a-options-in-the-man-page.patch - kexec-tools-ppc64-leverage-kexec_file_load-support.patch: kexec/ppc64: leverage kexec_file_load support (bsc#1080916). ==== libostree ==== Subpackages: libostree-1-1 - Drop pkgconfig(libgsystem) BuildRequires: this is no longer needed. ==== libstorage-ng ==== Version update (3.3.200 -> 3.3.207) Subpackages: libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#508 - added helper function - support lock within same process - 3.3.207 - merge gh#openSUSE/libstorage-ng#507 - added function to set freq and passno - removed unneeded const - added documentation - 3.3.206 - merge gh#openSUSE/libstorage-ng#506 - added minix to enum of filesystem types - 3.3.205 - merge gh#openSUSE/libstorage-ng#505 - enable system-wide lock - 3.3.204 - merge gh#openSUSE/libstorage-ng#504 - handle pid_t in bindings - extended integration test - 3.3.203 - merge gh#openSUSE/libstorage-ng#503 - only insert resize action for devices existing in LHS and RHS (bsc#1085523) - added action dependency - added unit tests - fixed typo - added documentation - 3.3.202 - merge gh#openSUSE/libstorage-ng#502 - Simplified supplements for lang subpkg (bsc#1081454) - 3.3.201 ==== libvirt ==== Version update (4.1.0 -> 4.2.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - util: improvements in error handling 09877303-virSocketAddrParseInternal.patch, 412afdb8-intro-virSocketAddrParseAny.patch bsc#1080957 - Update to libvirt 4.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 6b3d716e-keycodemap-py3.patch, 33c6eb96-fix-libvirtd-reload-deadlock.patch, 464889ff-rpc-aquire-ref-dispatch.patch, c6f1d519-rpc-simplify-dispatch.patch, 06e7ebb6-rpc-invoke-dispatch-unlocked.patch, 86cae503-rpc-fix-pre-exec.patch, eefabb38-rpc-virtlockd-virtlogd-single-thread.patch, fbf31e1a-CVE-2018-1064.patch, fb327ac2-virtlockd-admin-socket.patch, 64370c4b-libxl-MigrateBegin.patch, 99486799-libxl-MigrateConfirm.patch, f5eacf2a-libxl-MigratePerform.patch, 4e6fcdb6-libxl-libxlDomObjFromDomain-cleanup.patch, fe51dbda-libxl-use-FindByRef.patch, 60b3fcd9-libxl-MigratePrepare.patch, 3c89868c-libxl-lock-after-ListRemove.patch, 13e81fc6-libxl-EndJob-on-error.patch, 594b8b99-libxl-DefineXMLFlags-API-pattern.patch, c66e344e-libxl-dont-deref-NULL.patch, 83edaf44-libxl-dont-hardcode-sched-weight.patch, apibuild-py3.patch ==== llvm6 ==== Subpackages: libLLVM6 libclang6 - Do not export Polly static libraries which we do not distribute. * Updated llvm-do-not-install-static-libraries.patch - Use external jsoncpp instead of the bundled one. * Added polly-cmake-Trust-pkg-config-in-FindJsoncpp.patch - llvm6-devel must require llvm6-polly-devel * Files in llvm6-devel reference Polly. ==== mbedtls ==== Version update (2.7.0 -> 2.8.0) Subpackages: libmbedcrypto1 libmbedtls10 libmbedx509-0 mbedtls-devel - Update to version 2.8.0: * Security: + Defend against Bellcore glitch attacks by verifying the results of RSA private key operations. + Fix implementation of the truncated HMAC extension. The previous implementation allowed an offline 2^80 brute force attack on the HMAC key of a single, uninterrupted connection (with no resumption of the session). + Reject CRLs containing unsupported critical extensions. Found by Falko Strenzke and Evangelos Karatsiolis. + Fix a buffer overread in ssl_parse_server_key_exchange() that could cause a crash on invalid input. + Fix a buffer overread in ssl_parse_server_psk_hint() that could cause a crash on invalid input. * Features: + Enable reading encrypted PEM files produced by software that uses PBKDF2-SHA2, such as OpenSSL 1.1. Submitted by Antonio Quartulli, OpenVPN Inc. Fixes #1339 + Support public keys encoded in PKCS#1 format. #1122 * New deprecations: + Compression and crypto don't mix. We don't recommend using compression and cryptography, and have deprecated support for record compression (configuration option MBEDTLS_ZLIB_SUPPORT). * Bugfix: + Fix mbedtls_x509_crt_profile_suiteb, which used to reject all certificates with flag MBEDTLS_X509_BADCERT_BAD_PK even when the key type was correct. In the context of SSL, this resulted in handshake failure. Reported by daniel in the Mbed TLS forum. #1351 + Fix setting version TLSv1 as minimal version, even if TLS 1 is not enabled. Set MBEDTLS_SSL_MIN_MAJOR_VERSION and MBEDTLS_SSL_MIN_MINOR_VERSION instead of MBEDTLS_SSL_MAJOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_1. #664 + Fix compilation error on Mingw32 when _TRUNCATE is defined. Use _TRUNCATE only if __MINGW32__ is not defined. Fix suggested by Thomas Glanzmann and Nick Wilson on issue #355 + Fix memory allocation corner cases in memory_buffer_alloc.c module. Found by Guido Vranken. #639 + Don't accept an invalid tag when parsing X.509 subject alternative names in some circumstances. + Fix a possible arithmetic overflow in ssl_parse_server_key_exchange() that could cause a key exchange to fail on valid data. + Fix a possible arithmetic overflow in ssl_parse_server_psk_hint() that could cause a key exchange to fail on valid data. + Fix a 1-byte heap buffer overflow (read-only) during private key parsing. Found through fuzz testing. * Changes + Fix tag lengths and value ranges in the documentation of CCM encryption. Contributed by Mathieu Briand. + Fix a typo in a comment in ctr_drbg.c. Contributed by Paul Sokolovsky. + Remove support for the library reference configuration for picocoin. + MD functions deprecated in 2.7.0 are no longer inline, to provide a migration path for those depending on the library's ABI. + Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 ==== multipath-tools ==== Version update (0.7.3+59+suse.1b6191c26774 -> 0.7.3+60+suse.46ac839) Subpackages: kpartx multipath-tools-rbd - Fixed license tags in spec file * multipath tools / libmultipath is GPL-2.0-only * libmpathcmd is LGPL-2.0-or-later * kpartx is GPL-2.0-or-later * libdmmp is GPL-3.0-or-later * adopt SPDX format. - Update to version 0.7.3+60+suse.46ac839: * libmultipath/hwtable: don't hard-code ALUA for IBM IPR (bsc#1085212, bsc#1075129) ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - bsc#1085064 Add script "openldap_update_modules_path.sh" which which removes the configuration item olcModulePath in cn=config which is after upgrade from SLE12 to SLE15 holds inappropriate information. If the cn=config is being used on a system, the conflicting items in slapd.conf are ignored, despite of it, the backend DB configuration section has been also commented out in the default slapd.conf. In case of correct cn=config (the olcModulePath has been already removed), the script stops without touching anything. ==== openssh ==== Subpackages: openssh-helpers - Use %license instead of %doc [bsc#1082318] - add OpenSSL 1.0 to 1.1 shim to remove dependency on old OpenSSL (update tracker: bsc#1080779) - Add missing crypto hardware enablement patches for IBM mainframes (FATE#323902) - add missing part of systemd integration (unit type) - BuildRequire pkgconfig(libsystemd) instead of systemd-devel: allow the scheduler to pick systemd-mini flavors to get build going. - Replace forgotten references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - tighten configuration access rights - Update to vanilla 7.6p1 Most important changes (more details below): * complete removal of the ancient SSHv1 protocol * sshd(8) cannot run without privilege separation * removal of suport for arcfourm blowfish and CAST ciphers and RIPE-MD160 HMAC * refuse RSA keys shorter than 1024 bits Distilled upstream log: - OpenSSH 7.3 - --- Security * sshd(8): Mitigate a potential denial-of-service attack against the system's crypt(3) function via sshd(8). An attacker could send very long passwords that would cause excessive CPU use in crypt(3). sshd(8) now refuses to accept password authentication requests of length greater than 1024 characters. Independently reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto. * sshd(8): Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari at verint.com * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding oracle countermeasures. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers are disabled by default and only included for legacy compatibility. * ssh(1), sshd(8): Improve operation ordering of MAC verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the MAC before decrypting any ciphertext. This removes the possibility of timing differences leaking facts about the plaintext, though no such leakage has been observed. Reported by Jean Paul Degabriele, Kenny Paterson, Torben Hansen and Martin Albrecht. * sshd(8): (portable only) Ignore PAM environment vars when UseLogin=yes. If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh. - --- New Features * ssh(1): Add a ProxyJump option and corresponding -J command-line flag to allow simplified indirection through a one or more SSH bastions or "jump hosts". * ssh(1): Add an IdentityAgent option to allow specifying specific agent sockets instead of accepting one from the environment. * ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be optionally overridden when using ssh -W. bz#2577 * ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per draft-sgtatham-secsh-iutf8-00. * ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03. * ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA signatures in certificates; * ssh(1): Add an Include directive for ssh_config(5) files. * ssh(1): Permit UTF-8 characters in pre-authentication banners sent from the server. bz#2058 - --- Bugfixes * ssh(1), sshd(8): Reduce the syslog level of some relatively common protocol events from LOG_CRIT. bz#2585 * sshd(8): Refuse AuthenticationMethods="" in configurations and accept AuthenticationMethods=any for the default behaviour of not requiring multiple authentication. bz#2398 * sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!" message when forward and reverse DNS don't match. bz#2585 * ssh(1): Close ControlPersist background process stderr except in debug mode or when logging to syslog. bz#1988 * misc: Make PROTOCOL description for direct-streamlocal(a)openssh.com channel open messages match deployed code. bz#2529 * ssh(1): Deduplicate LocalForward and RemoteForward entries to fix failures when both ExitOnForwardFailure and hostname canonicalisation are enabled. bz#2562 * sshd(8): Remove fallback from moduli to obsolete "primes" file that was deprecated in 2001. bz#2559. * sshd_config(5): Correct description of UseDNS: it affects ssh hostname processing for authorized_keys, not known_hosts; bz#2554 * ssh(1): Fix authentication using lone certificate keys in an agent without corresponding private keys on the filesystem. bz#2550 * sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit is set; previously keepalive packets were not being sent. bz#2252 - --- Portability * ssh(1), sshd(8): Fix compilation by automatically disabling ciphers not supported by OpenSSL. bz#2466 * misc: Fix compilation failures on some versions of AIX's compiler related to the definition of the VA_COPY macro. bz#2589 * sshd(8): Whitelist more architectures to enable the seccomp-bpf sandbox. bz#2590 * ssh-agent(1), sftp-server(8): Disable process tracing on Solaris using setpflags(__PROC_PROTECT, ...). bz#2584 * sshd(8): On Solaris, don't call Solaris setproject() with UsePAM=yes it's PAM's responsibility. bz#2425 - OpenSSH 7.4 - --- Potentially-incompatible changes * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. * sshd(8): Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Pre-auth compression support has been disabled by default for >10 years. Support remains in the client. * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of trusted paths by default. The path whitelist may be specified at run-time. * sshd(8): When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, sshd will now refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced-command override the other could be a bit confusing and error-prone. * sshd(8): Remove the UseLogin configuration directive and support for having /bin/login manage login sessions. - --- Security * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist (run-time configurable). Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS#11 module across the forwarded agent channel: PKCS#11 modules are shared libraries, so this would result in code execution on the system running the ssh-agent if the attacker has control of the forwarded agent-socket (on the host running the sshd server) and the ability to write to the filesystem of the host running ssh-agent (usually the host running the ssh client). Reported by Jann Horn of Project Zero. * sshd(8): When privilege separation is disabled, forwarded Unix- domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. This release refuses Unix-domain socket forwarding when privilege separation is disabled (Privilege separation has been enabled by default for 14 years). Reported by Jann Horn of Project Zero. * sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Reported by Jann Horn of Project Zero. * sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). This release removes support for pre-authentication compression from sshd(8). Reported by Guido Vranken using the Stack unstable optimisation identification tool (http://css.csail.mit.edu/stack/) * sshd(8): Fix denial-of-service condition where an attacker who sends multiple KEXINIT messages may consume up to 128MB per connection. Reported by Shi Lei of Gear Team, Qihoo 360. * sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user(a)127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. Reported by Laurence Parry. - --- New Features * ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the version in PuTTY by Simon Tatham. This allows a multiplexing client to communicate with the master process using a subset of the SSH packet and channels protocol over a Unix-domain socket, with the main process acting as a proxy that translates channel IDs, etc. This allows multiplexing mode to run on systems that lack file- descriptor passing (used by current multiplexing code) and potentially, in conjunction with Unix-domain socket forwarding, with the client and multiplexing master process on different machines. Multiplexing proxy mode may be invoked using "ssh -O proxy ..." * sshd(8): Add a sshd_config DisableForwarding option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. Like the 'restrict' authorized_keys flag, this is intended to be a simple and future-proof way of restricting an account. * sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method. This is identical to the currently-supported method named "curve25519-sha256(a)libssh.org". * sshd(8): Improve handling of SIGHUP by checking to see if sshd is already daemonised at startup and skipping the call to daemon(3) if it is. This ensures that a SIGHUP restart of sshd(8) will retain the same process-ID as the initial execution. sshd(8) will also now unlink the PidFile prior to SIGHUP restart and re-create it after a successful restart, rather than leaving a stale file in the case of a configuration error. bz#2641 * sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives to appear in sshd_config Match blocks. * sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.) and a few more to provide access to the contents of the certificate being offered. * Added regression tests for string matching, address matching and string sanitisation functions. * Improved the key exchange fuzzer harness. - --- Bugfixes * ssh(1): Allow IdentityFile to successfully load and use certificates that have no corresponding bare public key. bz#2617 certificate id_rsa-cert.pub (and no id_rsa.pub). * ssh(1): Fix public key authentication when multiple authentication is in use and publickey is not just the first method attempted. bz#2642 * regress: Allow the PuTTY interop tests to run unattended. bz#2639 * ssh-agent(1), ssh(1): improve reporting when attempting to load keys from PKCS#11 tokens with fewer useless log messages and more detail in debug messages. bz#2610 * ssh(1): When tearing down ControlMaster connections, don't pollute stderr when LogLevel=quiet. * sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending sftp(1) to ensure that ssh(1) restores the terminal mode correctly if suspended during a password prompt. * ssh(1): Avoid busy-wait when ssh(1) is suspended during a password prompt. * ssh(1), sshd(8): Correctly report errors during sending of ext- info messages. * sshd(8): fix NULL-deref crash if sshd(8) received an out-of- sequence NEWKEYS message. * sshd(8): Correct list of supported signature algorithms sent in the server-sig-algs extension. bz#2547 * sshd(8): Fix sending ext_info message if privsep is disabled. * sshd(8): more strictly enforce the expected ordering of privilege separation monitor calls used for authentication and allow them only when their respective authentication methods are enabled in the configuration * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD but potentially crashy on Cygwin. * Fix false positive reports caused by explicit_bzero(3) not being recognised as a memory initialiser when compiled with - fsanitize-memory. * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for configuration examples. - --- Portability * On environments configured with Turkish locales, fall back to the C/POSIX locale to avoid errors in configuration parsing caused by that locale's unique handling of the letters 'i' and 'I'. bz#2643 * sftp-server(8), ssh-agent(1): Deny ptrace on OS X using ptrace(PT_DENY_ATTACH, ..) * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL. * Fix compilation for libcrypto compiled without RIPEMD160 support. * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640 * sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing. * All: Explicitly test for broken strnvis. NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Try to detect this mess, and assume the only safe option if we're cross compiling. - OpenSSH 7.5 - --- Potentially-incompatible changes * This release deprecates the sshd_config UsePrivilegeSeparation option, thereby making privilege separation mandatory. Privilege separation has been on by default for almost 15 years and sandboxing has been on by default for almost the last five. * The format of several log messages emitted by the packet code has changed to include additional information about the user and their authentication state. Software that monitors ssh/sshd logs may need to account for these changes. For example: Connection closed by user x 1.1.1.1 port 1234 [preauth] Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth] Connection closed by invalid user x 1.1.1.1 port 1234 [preauth] Affected messages include connection closure, timeout, remote disconnection, negotiation failure and some other fatal messages generated by the packet code. * [Portable OpenSSH only] This version removes support for building against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting versions prior to 1.0.1 over 12 months ago (i.e. they no longer receive fixes for security bugs). - --- Security * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by default, sshd offers them as lowest-preference options and will remove them by default entriely in the next release. Reported by Jean Paul Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of Royal Holloway, University of London. * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making a recursive file transfer could be maniuplated by a hostile server to perform a path-traversal attack. creating or modifying files outside of the intended target directory. Reported by Jann Horn of Google Project Zero. - --- New Features * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from algorithm lists, e.g. Ciphers=-*cbc. bz#2671 - --- Bugfixes * sshd(1): Fix NULL dereference crash when key exchange start messages are sent out of sequence. * ssh(1), sshd(8): Allow form-feed characters to appear in configuration files. * sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs extension, where SHA2 RSA signature methods were not being correctly advertised. bz#2680 * ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in known_hosts processing. bz#2591 bz#2685 * ssh(1): Allow ssh to use certificates accompanied by a private key file but no corresponding plain *.pub public key. bz#2617 * ssh(1): When updating hostkeys using the UpdateHostKeys option, accept RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA keys when only the ssh-rsa-sha2-* methods were enabled in HostkeyAlgorithms and not the old ssh-rsa method. bz#2650 * ssh(1): Detect and report excessively long configuration file lines. bz#2651 * Merge a number of fixes found by Coverity and reported via Redhat and FreeBSD. Includes fixes for some memory and file descriptor leaks in error paths. bz#2687 * ssh-keyscan(1): Correctly hash hosts with a port number. bz#2692 * ssh(1), sshd(8): When logging long messages to stderr, don't truncate "\r\n" if the length of the message exceeds the buffer. bz#2688 * ssh(1): Fully quote [host]:port in generated ProxyJump/-J command- line; avoid confusion over IPv6 addresses and shells that treat square bracket characters specially. * ssh-keygen(1): Fix corruption of known_hosts when running "ssh-keygen -H" on a known_hosts containing already-hashed entries. * Fix various fallout and sharp edges caused by removing SSH protocol 1 support from the server, including the server banner string being incorrectly terminated with only \n (instead of \r\n), confusing error messages from ssh-keyscan bz#2583 and a segfault in sshd if protocol v.1 was enabled for the client and sshd_config contained references to legacy keys bz#2686. * ssh(1), sshd(8): Free fd_set on connection timeout. bz#2683 * sshd(8): Fix Unix domain socket forwarding for root (regression in OpenSSH 7.4). * sftp(1): Fix division by zero crash in "df" output when server returns zero total filesystem blocks/inodes. * ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors encountered during key loading to more meaningful error codes. bz#2522 bz#2523 * ssh-keygen(1): Sanitise escape sequences in key comments sent to printf but preserve valid UTF-8 when the locale supports it; bz#2520 * ssh(1), sshd(8): Return reason for port forwarding failures where feasible rather than always "administratively prohibited". bz#2674 * sshd(8): Fix deadlock when AuthorizedKeysCommand or AuthorizedPrincipalsCommand produces a lot of output and a key is matched early. bz#2655 * Regression tests: several reliability fixes. bz#2654 bz#2658 bz#2659 * ssh(1): Fix typo in ~C error message for bad port forward cancellation. bz#2672 * ssh(1): Show a useful error message when included config files can't be opened; bz#2653 * sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the manual page (previously incorrectly) advertised. bz#2637 * sshd_config(5): Repair accidentally-deleted mention of %k token in AuthorizedKeysCommand; bz#2656 * sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM; bz#2665 * ssh-agent(1): Relax PKCS#11 whitelist to include libexec and common 32-bit compatibility library directories. * sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME response handling. * ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted keys. It was not possible to delete them except by specifying their full physical path. bz#2682 - --- Portability * sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA crypto coprocessor. * sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg inspection. * ssh(1): Fix X11 forwarding on OSX where X11 was being started by launchd. bz#2341 * ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that contain non-printable characters where the codeset in use is ASCII. * build: Fix builds that attempt to link a kerberised libldns. bz#2603 * build: Fix compilation problems caused by unconditionally defining _XOPEN_SOURCE in wide character detection. * sshd(8): Fix sandbox violations for clock_gettime VSDO syscall fallback on some Linux/X32 kernels. bz#2142 - OpenSSH 7.6 - --- Potentially-incompatible changes This release includes a number of changes that may affect existing configurations: * ssh(1): delete SSH protocol version 1 support, associated configuration options and documentation. * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC. * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST ciphers. * Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement. * ssh(1): do not offer CBC ciphers by default. - --- Security * sftp-server(8): in read-only mode, sftp-server was incorrectly permitting creation of zero-length files. Reported by Michal Zalewski. - --- New Features * ssh(1): add RemoteCommand option to specify a command in the ssh config file instead of giving it on the client's command line. This allows the configuration file to specify the command that will be executed on the remote host. * sshd(8): add ExposeAuthInfo option that enables writing details of the authentication methods used (including public keys where applicable) to a file that is exposed via a $SSH_USER_AUTH environment variable in the subsequent session. * ssh(1): add support for reverse dynamic forwarding. In this mode, ssh will act as a SOCKS4/5 proxy and forward connections to destinations requested by the remote SOCKS client. This mode is requested using extended syntax for the - R and RemoteForward options and, because it is implemented solely at the client, does not require the server be updated to be supported. * sshd(8): allow LogLevel directive in sshd_config Match blocks; bz#2717 * ssh-keygen(1): allow inclusion of arbitrary string or flag certificate extensions and critical options. * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit ToS/DSCP value and just use the operating system default. * ssh-add(1): added -q option to make ssh-add quiet on success. * ssh(1): expand the StrictHostKeyChecking option with two new settings. The first "accept-new" will automatically accept hitherto-unseen keys but will refuse connections for changed or invalid hostkeys. This is a safer subset of the current behaviour of StrictHostKeyChecking=no. The second setting "off", is a synonym for the current behaviour of StrictHostKeyChecking=no: accept new host keys, and continue connection for hosts with incorrect hostkeys. A future release will change the meaning of StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent option in sshd(8). bz#2705 - --- Bugfixes * ssh(1): use HostKeyAlias if specified instead of hostname for matching host certificate principal names; bz#2728 * sftp(1): implement sorting for globbed ls; bz#2649 * ssh(1): add a user@host prefix to client's "Permission denied" messages, useful in particular when using "stacked" connections (e.g. ssh -J) where it's not clear which host is denying. bz#2720 * ssh(1): accept unknown EXT_INFO extension values that contain \0 characters. These are legal, but would previously cause fatal connection errors if received. * ssh(1)/sshd(8): repair compression statistics printed at connection exit * sftp(1): print '?' instead of incorrect link count (that the protocol doesn't provide) for remote listings. bz#2710 * ssh(1): return failure rather than fatal() for more cases during session multiplexing negotiations. Causes the session to fall back to a non-mux connection if they occur. bz#2707 * ssh(1): mention that the server may send debug messages to explain public key authentication problems under some circumstances; bz#2709 * Translate OpenSSL error codes to better report incorrect passphrase errors when loading private keys; bz#2699 * sshd(8): adjust compatibility patterns for WinSCP to correctly identify versions that implement only the legacy DH group exchange scheme. bz#2748 * ssh(1): print the "Killed by signal 1" message only at LogLevel verbose so that it is not shown at the default level; prevents it from appearing during ssh -J and equivalent ProxyCommand configs. bz#1906, bz#2744 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber existing keys if they exist but are zero length. zero-length keys could previously be made if ssh-keygen failed or was interrupted part way through generating them. bz#2561 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to place the current session in the background. * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734 * sshd(8): avoid reliance on shared use of pointers shared between monitor and child sshd processes. bz#2704 * sshd_config(8): document available AuthenticationMethods; bz#2453 * ssh(1): avoid truncation in some login prompts; bz#2768 * sshd(8): Fix various compilations failures, inc bz#2767 * ssh(1): make "--" before the hostname terminate argument processing after the hostname too. * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting new-style private keys. Fixes problems related to private key handling for no-OpenSSL builds. bz#2754 * ssh(1): warn and do not attempt to use keys when the public and private halves do not match. bz#2737 * sftp(1): don't print verbose error message when ssh disconnects from under sftp. bz#2750 * sshd(8): fix keepalive scheduling problem: activity on a forwarded port from preventing the keepalive from being sent; bz#2756 * sshd(8): when started without root privileges, don't require the privilege separation user or path to exist. Makes running the regression tests easier without touching the filesystem. * Make integrity.sh regression tests more robust against timeouts. bz#2658 * ssh(1)/sshd(8): correctness fix for channels implementation: accept channel IDs greater than 0x7FFFFFFF. - --- Portability * sshd(9): drop two more privileges in the Solaris sandbox: PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723 * sshd(8): expose list of completed authentication methods to PAM via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code, mostly to do with host/network byte order confusion. bz#2735 * Add --with-cflags-after and --with-ldflags-after configure flags to allow setting CFLAGS/LDFLAGS after configure has completed. These are useful for setting sanitiser/fuzzing options that may interfere with configure's operation. * sshd(8): avoid Linux seccomp violations on ppc64le over the socketcall syscall. * Fix use of ldns when using ldns-config; bz#2697 * configure: set cache variables when cross-compiling. The cross- compiling fallback message was saying it assumed the test passed, but it wasn't actually set the cache variables and this would cause later tests to fail. * Add clang libFuzzer harnesses for public key parsing and signature verification. - packaging: * moving patches into a separate archive * first round of rebased patches: [-X11_trusted_forwarding] [-allow_root_password_login] [-blocksigalrm] [-cavstest-ctr] [-cavstest-kdf] [-disable_short_DH_parameters] [-eal3] [-enable_PAM_by_default] [-fips] [-fips_checks] [-gssapi_key_exchange] [-hostname_changes_when_forwarding_X] [-lastlog] [-missing_headers] [-pam_check_locks] [-pts_names_formatting] [-remove_xauth_cookies_on_exit] [-seccomp_geteuid] [-seccomp_getuid] [-seccomp_stat] [-seed-prng] [-send_locale] [-systemd-notify] * not rebased (obsoleted) patches (so far): [-additional_seccomp_archs] [-allow_DSS_by_default] [-default_protocol] [-dont_use_pthreads_in_PAM] [-eal3_obsolete] [-gssapimitm] [-saveargv-fix] * obviously removing all standalone patch files: [openssh-7.2p2-allow_root_password_login.patch] [openssh-7.2p2-allow_DSS_by_default.patch] [openssh-7.2p2-X11_trusted_forwarding.patch] [openssh-7.2p2-lastlog.patch] [openssh-7.2p2-enable_PAM_by_default.patch] [openssh-7.2p2-dont_use_pthreads_in_PAM.patch] [openssh-7.2p2-eal3.patch] [openssh-7.2p2-blocksigalrm.patch] [openssh-7.2p2-send_locale.patch] [openssh-7.2p2-hostname_changes_when_forwarding_X.patch] [openssh-7.2p2-remove_xauth_cookies_on_exit.patch] [openssh-7.2p2-pts_names_formatting.patch] [openssh-7.2p2-pam_check_locks.patch] [openssh-7.2p2-disable_short_DH_parameters.patch] [openssh-7.2p2-seccomp_getuid.patch] [openssh-7.2p2-seccomp_geteuid.patch] [openssh-7.2p2-seccomp_stat.patch] [openssh-7.2p2-additional_seccomp_archs.patch] [openssh-7.2p2-fips.patch] [openssh-7.2p2-cavstest-ctr.patch] [openssh-7.2p2-cavstest-kdf.patch] [openssh-7.2p2-seed-prng.patch] [openssh-7.2p2-gssapi_key_exchange.patch] [openssh-7.2p2-audit.patch] [openssh-7.2p2-audit_fixes.patch] [openssh-7.2p2-audit_seed_prng.patch] [openssh-7.2p2-login_options.patch] [openssh-7.2p2-disable_openssl_abi_check.patch] [openssh-7.2p2-no_fork-no_pid_file.patch] [openssh-7.2p2-host_ident.patch] [openssh-7.2p2-sftp_homechroot.patch] [openssh-7.2p2-sftp_force_permissions.patch] [openssh-7.2p2-X_forward_with_disabled_ipv6.patch] [openssh-7.2p2-ldap.patch] [openssh-7.2p2-IPv6_X_forwarding.patch] [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] [openssh-7.2p2-prevent_timing_user_enumeration.patch] [openssh-7.2p2-limit_password_length.patch] [openssh-7.2p2-keep_slogin.patch] [openssh-7.2p2-kex_resource_depletion.patch] [openssh-7.2p2-verify_CIDR_address_ranges.patch] [openssh-7.2p2-restrict_pkcs11-modules.patch] [openssh-7.2p2-prevent_private_key_leakage.patch] [openssh-7.2p2-secure_unix_sockets_forwarding.patch] [openssh-7.2p2-ssh_case_insensitive_host_matching.patch] [openssh-7.2p2-disable_preauth_compression.patch] [openssh-7.2p2-s390_hw_crypto_syscalls.patch] [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch] - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) - sshd_config is has now permissions 0600 in secure mode - Fix preauth seccomp separation on mainframes (bsc#1016709) [openssh-7.2p2-s390_hw_crypto_syscalls.patch] [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch] - enable case-insensitive hostname matching (bsc#1017099) [openssh-7.2p2-ssh_case_insensitive_host_matching.patch] - add CAVS tests [openssh-7.2p2-cavstest-ctr.patch] [openssh-7.2p2-cavstest-kdf.patch] - Adding missing pieces for user matching (bsc#1021626) - Properly verify CIDR masks in configuration (bsc#1005893) [openssh-7.2p2-verify_CIDR_address_ranges.patch] - Remove pre-auth compression support from the server to prevent possible cryptographic attacks. (CVE-2016-10012, bsc#1016370) [openssh-7.2p2-disable_preauth_compression.patch] - limit directories for loading PKCS11 modules (CVE-2016-10009, bsc#1016366) [openssh-7.2p2-restrict_pkcs11-modules.patch] - Prevent possible leaks of host private keys to low-privilege process handling authentication (CVE-2016-10011, bsc#1016369) [openssh-7.2p2-prevent_private_key_leakage.patch] - Do not allow unix socket forwarding when running without privilege separation (CVE-2016-10010, bsc#1016368) [openssh-7.2p2-secure_unix_sockets_forwarding.patch] - prevent resource depletion during key exchange (bsc#1005480, CVE-2016-8858) [openssh-7.2p2-kex_resource_depletion.patch] - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - enable geteuid{,32} syscalls on mainframes, since it may be called from libica/ibmica on machines with hardware crypto accelerator (bsc#1004258) [openssh-7.2p2-seccomp_geteuid.patch] - fix regression of (bsc#823710) [openssh-7.2p2-audit_fixes.patch] - add slogin (removed upstreams) [openssh-7.2p2-keep_slogin.patch] - require OpenSSL < 1.1 where that one is a default - sshd.service: Set TasksMax=infinity, as there should be no limit on the amount of tasks sshd can run. - remaining patches that were still missing since the update to 7.2p2 (FATE#319675): - allow X forwarding over IPv4 when IPv6 sockets is not available [openssh-7.2p2-X_forward_with_disabled_ipv6.patch] - do not write PID file when not daemonizing [openssh-7.2p2-no_fork-no_pid_file.patch] - use correct options when invoking login [openssh-7.2p2-login_options.patch] - helper application for retrieving users' public keys from an LDAP server [openssh-7.2p2-ldap.patch] - allow forcing permissions over sftp [openssh-7.2p2-sftp_force_permissions.patch] - do not perform run-time checks for OpenSSL API/ABI change [openssh-7.2p2-disable_openssl_abi_check.patch] - suggest commands for cleaning known hosts file [openssh-7.2p2-host_ident.patch] - sftp home chroot patch [openssh-7.2p2-sftp_homechroot.patch] - ssh sessions auditing [openssh-7.2p2-audit.patch] - enable seccomp sandbox on additional architectures [openssh-7.2p2-additional_seccomp_archs.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch] - FIPS compatibility (no selfchecks, only crypto restrictions) [openssh-7.2p2-fips.patch] - PRNG re-seeding [openssh-7.2p2-seed-prng.patch] - preliminary version of GSSAPI KEX [openssh-7.2p2-gssapi_key_exchange.patch] - added gpg signature - enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784) [openssh-7.2p2-allow_DSS_by_default.patch] - enable trusted X11 forwarding by default [openssh-7.2p2-X11_trusted_forwarding.patch] - set UID for lastlog properly [openssh-7.2p2-lastlog.patch] - enable use of PAM by default [openssh-7.2p2-enable_PAM_by_default.patch] - copy command line arguments properly [openssh-7.2p2-saveargv-fix.patch] - do not use pthreads in PAM code [openssh-7.2p2-dont_use_pthreads_in_PAM.patch] - fix paths in documentation [openssh-7.2p2-eal3.patch] - prevent race consitions triggered by SIGALRM [openssh-7.2p2-blocksigalrm.patch] - do send and accept locale environment variables by default [openssh-7.2p2-send_locale.patch] - handle hostnames changes during X forwarding [openssh-7.2p2-hostname_changes_when_forwarding_X.patch] - try to remove xauth cookies on exit [openssh-7.2p2-remove_xauth_cookies_on_exit.patch] - properly format pts names for ?tmp? log files [openssh-7.2p2-pts_names_formatting.patch] - check locked accounts when using PAM [openssh-7.2p2-pam_check_locks.patch] - chenge default PermitRootLogin to 'yes' to prevent unwanted surprises on updates from older versions. See README.SUSE for details [openssh-7.2p2-allow_root_password_login.patch] - Disable DH parameters under 2048 bits by default and allow lowering the limit back to the RFC 4419 specified minimum through an option (bsc#932483, bsc#948902) [openssh-7.2p2-disable_short_DH_parameters.patch] - Add getuid() and stat() syscalls to the seccomp filter (bsc#912436) [openssh-7.2p2-seccomp_getuid.patch, openssh-7.2p2-seccomp_stat.patch] - upgrade to 7.2p2 upstream package without any SUSE patches Distilled upstream log: - OpenSSH 6.7 Potentially-incompatible changes: * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256(a)libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features: * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. * sftp(1): Allow resumption of interrupted uploads. * ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family * sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option * ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths * sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages Bugfixes: * sshd(8): Fix remote forwarding with the same listen port but different listen address. * ssh(1): Fix inverted test that caused PKCS#11 keys that were explicitly listed in ssh_config or on the commandline not to be preferred. * ssh-keygen(1): Fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted. * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in exit status. Previously we were always returning 0 * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the randomart border * ssh-agent(1): Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal() * ssh-add(1): Make stdout line-buffered; saves partial output getting lost when ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't) * ssh-keygen(1): When hashing or removing hosts, don't choke on @revoked markers and don't remove @cert-authority markers * ssh(1): Don't fatal when hostname canonicalisation fails and a ProxyCommand is in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion) * scp(1): When copying local->remote fails during read, don't send uninitialised heap to the remote end. * sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing filenames with a single quote char somewhere in the string * ssh-keyscan(1): Scan for Ed25519 keys by default. * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys. - OpenSSH 6.8 Potentially-incompatible changes: * sshd(8): UseDNS now defaults to 'no'. Configurations that match against the client host name (via sshd_config or authorized_keys) may need to re-enable it or convert to matching against addresses. New Features: * Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64. Fingerprints now have the hash algorithm prepended. An example of the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please note that visual host keys will also be different. * ssh(1), sshd(8): Experimental host key rotation support. Add a protocol extension for a server to inform a client of all its available host keys after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default off). * ssh(1): Add a ssh_config HostbasedKeyType option to control which host public key types are tried during host-based authentication. * ssh(1), sshd(8): fix connection-killing host key mismatch errors when sshd offers multiple ECDSA keys of different lengths. * ssh(1): when host name canonicalisation is enabled, try to parse host names as addresses before looking them up for canonicalisation. fixes bz#2074 and avoiding needless DNS lookups in some cases. * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer require OpenSSH to be compiled with OpenSSL support. * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based authentication. * sshd(8): SSH protocol v.1 workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA decryption. * sshd(8): Remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ public keys. * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted. Currently defaults to all. * sshd(8): Don't count partial authentication success as a failure against MaxAuthTries. * ssh(1): Add RevokedHostKeys option for the client to allow text-file or KRL-based revocation of host keys. * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA. * ssh(1): Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. * ssh(1): Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T". * ssh(1): Allow Match criteria to be negated. E.g. "Match !host". * The regression test suite has been extended to cover more OpenSSH features. The unit tests have been expanded and now cover key exchange. Bugfixes: * ssh-keyscan(1): ssh-keyscan has been made much more robust again servers that hang or violate the SSH protocol. * ssh(1), ssh-keygen(1): Fix regression: Key path names were being lost as comment fields. * ssh(1): Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored). * ssh(1): Tweak config re-parsing with host canonicalisation - make the second pass through the config files always run when host name canonicalisation is enabled (and not whenever the host name changes) * ssh(1): Fix passing of wildcard forward bind addresses when connection multiplexing is in use * ssh-keygen(1): Fix broken private key conversion from non-OpenSSH formats. * ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use. * Various fixes to manual pages - OpenSSH 6.9 Security: * ssh(1): when forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with "fail open" behaviour in the X11 server when clients attempted connections with expired credentials. This problem was reported by Jann Horn. * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to password guessing by implementing an increasing failure delay, storing a salted hash of the password rather than the password itself and using a timing-safe comparison function for verifying unlock attempts. This problem was reported by Ryan Castellucci. New Features: * ssh(1), sshd(8): promote chacha20-poly1305(a)openssh.com to be the default cipher * sshd(8): support admin-specified arguments to AuthorizedKeysCommand * sshd(8): add AuthorizedPrincipalsCommand that allows retrieving authorized principals information from a subprocess rather than a file. * ssh(1), ssh-add(1): support PKCS#11 devices with external PIN entry devices * sshd(8): allow GSSAPI host credential check to be relaxed for multihomed hosts via GSSAPIStrictAcceptorCheck option * ssh-keygen(1): support "ssh-keygen -lF hostname" to search known_hosts and print key hashes rather than full keys. * ssh-agent(1): add -D flag to leave ssh-agent in foreground without enabling debug mode Bugfixes: * ssh(1), sshd(8): deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use it against some 3rd-party SSH implementations that use it (older PuTTY, WinSCP). * Many fixes for problems caused by compile-time deactivation of SSH1 support (including bz#2369) * ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes >4K * ssh(1): fix out-of-bound read in EscapeChar configuration option parsing * sshd(8): fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks * ssh(1), sshd(8): improve disconnection message on TCP reset; bz#2257 * ssh(1): remove failed remote forwards established by muliplexing from the list of active forwards * sshd(8): make parsing of authorized_keys "environment=" options independent of PermitUserEnv being enabled * sshd(8): fix post-auth crash with permitopen=none * ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private keys to be encrypted with AEAD ciphers * ssh(1): allow ListenAddress, Port and AddressFamily configuration options to appear in any order * sshd(8): check for and reject missing arguments for VersionAddendum and ForceCommand * ssh(1), sshd(8): don't treat unknown certificate extensions as fatal * ssh-keygen(1): make stdout and stderr output consistent * ssh(1): mention missing DISPLAY environment in debug log when X11 forwarding requested * sshd(8): correctly record login when UseLogin is set * sshd(8): Add some missing options to sshd -T output and fix output of VersionAddendum and HostCertificate. bz#2346 * Document and improve consistency of options that accept a "none" argument" TrustedUserCAKeys, RevokedKeys (bz#2382), AuthorizedPrincipalsFile (bz#2288) * ssh(1): include remote username in debug output * sshd(8): avoid compatibility problem with some versions of Tera Term, which would crash when they received the hostkeys notification message (hostkeys-00(a)openssh.com) * sshd(8): mention ssh-keygen -E as useful when comparing legacy MD5 host key fingerprints * ssh(1): clarify pseudo-terminal request behaviour and use make manual language consistent * ssh(1): document that the TERM environment variable is not subject to SendEnv and AcceptEnv - OpenSSH 7.0: This focuses primarily on deprecating weak, legacy and/or unsafe cryptography. Security: * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world- writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. * sshd(8): Portable OpenSSH only: Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution. Also reported by Moritz Jodeit. * sshd(8): fix circumvention of MaxAuthTries using keyboard- interactive authentication. By specifying a long, repeating keyboard-interactive "devices" string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied. Found by Kingcope. Potentially-incompatible Changes: * Support for the legacy SSH version 1 protocol is disabled by default at compile time. * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions in README.legacy or http://www.openssh.com/legacy.html * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html * Support for the legacy v00 cert format has been removed. * The default for the sshd_config(5) PermitRootLogin option has changed from "yes" to "prohibit-password". * PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). New Features: * ssh_config(5): add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication. * sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications. * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes options to allow appending to the default set of algorithms instead of replacing it. Options may now be prefixed with a '+' to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss". * sshd_config(5): PermitRootLogin now accepts an argument of 'prohibit-password' as a less-ambiguous synonym of 'without- password'. Bugfixes: * ssh(1), sshd(8): add compatability workarounds for Cisco and more PuTTY versions. * Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux documentation relating to Unix domain socket forwarding * ssh(1): Improve the ssh(1) manual page to include a better description of Unix domain socket forwarding * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots, fixing failures to load keys when they are present. * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that wth empty CKA_ID * sshd(8): clarify documentation for UseDNS option - OpenSSH 7.1: Security: * sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas. Bugfixes: * ssh(1), sshd(8): add compatability workarounds for FuTTY * ssh(1), sshd(8): refine compatability workarounds for WinSCP * Fix a number of memory faults (double-free, free of uninitialised memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz Kocielski. - OpenSSH 7.1p2: * SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1 contains experimential support for resuming SSH-connections (roaming). The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys. The authentication of the server host key prevents exploitation by a man-in-the-middle, so this information leak is restricted to connections to malicious or compromised servers. MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the client can be completely disabled by adding 'UseRoaming no' to the gobal ssh_config(5) file, or to user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line. PATCH: See below for a patch to disable this feature (Disabling Roaming in the Source Code). This problem was reported by the Qualys Security Advisory team. * SECURITY: Eliminate the fallback from untrusted X11-forwarding to trusted forwarding for cases when the X server disables the SECURITY extension. Reported by Thomas Hoger. * SECURITY: Fix an out of-bound read access in the packet handling code. Reported by Ben Hawkes. * PROTOCOL: Correctly interpret the 'first_kex_follows' option during the intial key exchange. Reported by Matt Johnston. * Further use of explicit_bzero has been added in various buffer handling code paths to guard against compilers aggressively doing dead-store removal. Potentially-incompatible changes: * This release disables a number of legacy cryptographic algorithms by default in ssh: + Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES. + MD5-based and truncated HMAC algorithms. - OpenSSH 7.2: Security: * ssh(1), sshd(8): remove unfinished and unused roaming code (was already forcibly disabled in OpenSSH 7.1p2). * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. * ssh(1), sshd(8): increase the minimum modulus size supported for diffie-hellman-group-exchange to 2048 bits. * sshd(8): pre-auth sandboxing is now enabled by default (previous releases enabled it for new installations via sshd_config). New Features: * all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. * ssh(1): Add an AddKeysToAgent client option which can be set to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to 'confirm'). * sshd(8): add a new authorized_keys option "restrict" that includes all current and future key restrictions (no-*-forwarding, etc.). Also add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty". This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. * ssh(1): add ssh_config CertificateFile option to explicitly list certificates. bz#2436 * ssh-keygen(1): allow ssh-keygen to change the key comment for all supported formats. * ssh-keygen(1): allow fingerprinting from standard input, e.g. "ssh-keygen -lf -" * ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319 * sshd(8): support "none" as an argument for sshd_config Foreground and ChrootDirectory. Useful inside Match blocks to override a global default. bz#2486 * ssh-keygen(1): support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L" * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching certificates instead of plain keys. * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org') in hostname canonicalisation - treat them as already canonical and remove the trailing '.' before matching ssh_config. Bugfixes: * sftp(1): existing destination directories should not terminate recursive uploads (regression in openssh 6.8) * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED replies to unexpected messages during key exchange. * ssh(1): refuse attempts to set ConnectionAttempts=0, which does not make sense and would cause ssh to print an uninitialised stack variable. * ssh(1): fix errors when attempting to connect to scoped IPv6 addresses with hostname canonicalisation enabled. * sshd_config(5): list a couple more options usable in Match blocks. * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block. * ssh(1): expand tilde characters in filenames passed to -i options before checking whether or not the identity file exists. Avoids confusion for cases where shell doesn't expand (e.g. "-i ~/file" vs. "-i~/file"). * ssh(1): do not prepend "exec" to the shell command run by "Match exec" in a config file, which could cause some commands to fail in certain environments. * ssh-keyscan(1): fix output for multiple hosts/addrs on one line when host hashing or a non standard port is in use * sshd(8): skip "Could not chdir to home directory" message when ChrootDirectory is active. * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump. * sshd(8): avoid changing TunnelForwarding device flags if they are already what is needed; makes it possible to use tun/tap networking as non-root user if device permissions and interface flags are pre-established * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet. * ssh(1): fix multiplexing master failure to notice client exit. * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present empty key IDs. * sshd(8): avoid printf of NULL argument. * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature support. * ssh(1), sshd(8): fix connections with peers that use the key exchange guess feature of the protocol. * sshd(8): include remote port number in log messages. * ssh(1): don't try to load SSHv1 private key when compiled without SSHv1 support. * ssh-agent(1), ssh(1): fix incorrect error messages during key loading and signing errors. * ssh-keygen(1): don't leave empty temporary files when performing known_hosts file edits when known_hosts doesn't exist. * sshd(8): correct packet format for tcpip-forward replies for requests that don't allocate a port * ssh(1), sshd(8): fix possible hang on closed output. * ssh(1): expand %i in ControlPath to UID. * ssh(1), sshd(8): fix return type of openssh_RSA_verify. * ssh(1), sshd(8): fix some option parsing memory leaks. * ssh(1): add a some debug output before DNS resolution; it's a place where ssh could previously silently stall in cases of unresponsive DNS servers. * ssh(1): remove spurious newline in visual hostkey. * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+... * ssh(1): fix expansion of HostkeyAlgorithms=+... Documentation: * ssh_config(5), sshd_config(5): update default algorithm lists to match current reality. * ssh(1): mention -Q key-plain and -Q key-cert query options. * sshd_config(8): more clearly describe what AuthorizedKeysFile=none does. * ssh_config(5): better document ExitOnForwardFailure. * sshd(5): mention internal DH-GEX fallback groups in manual. * sshd_config(5): better description for MaxSessions option. Portability: * sshd(8): fix multiple authentication using S/Key. - OpenSSH 7.2p2: Security: * sshd(8): sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. (removing patches from previous version: * CVE-2016-0777_CVE-2016-0778.patch * openssh-6.6p1-X11-forwarding.patch * openssh-6.6p1-X_forward_with_disabled_ipv6.patch * openssh-6.6p1-audit1-remove_duplicit_audit.patch * openssh-6.6p1-audit2-better_audit_of_user_actions.patch * openssh-6.6p1-audit3-key_auth_usage-fips.patch * openssh-6.6p1-audit3-key_auth_usage.patch * openssh-6.6p1-audit4-kex_results-fips.patch * openssh-6.6p1-audit4-kex_results.patch * openssh-6.6p1-audit5-session_key_destruction.patch * openssh-6.6p1-audit6-server_key_destruction.patch * openssh-6.6p1-audit7-libaudit_compat.patch * openssh-6.6p1-audit8-libaudit_dns_timeouts.patch * openssh-6.6p1-blocksigalrm.patch * openssh-6.6p1-curve25519-6.6.1p1.patch * openssh-6.6p1-default-protocol.patch * openssh-6.6p1-disable-openssl-abi-check.patch * openssh-6.6p1-eal3.patch * openssh-6.6p1-fingerprint_hash.patch * openssh-6.6p1-fips-checks.patch * openssh-6.6p1-fips.patch * openssh-6.6p1-gssapi_key_exchange.patch * openssh-6.6p1-gssapimitm.patch * openssh-6.6p1-host_ident.patch * openssh-6.6p1-key-converter.patch * openssh-6.6p1-lastlog.patch * openssh-6.6p1-ldap.patch * openssh-6.6p1-login_options.patch * openssh-6.6p1-no_fork-no_pid_file.patch * openssh-6.6p1-pam-check-locks.patch * openssh-6.6p1-pam-fix2.patch * openssh-6.6p1-pam-fix3.patch * openssh-6.6p1-pts.patch * openssh-6.6p1-saveargv-fix.patch * openssh-6.6p1-seccomp_getuid.patch * openssh-6.6p1-seccomp_stat.patch * openssh-6.6p1-seed-prng.patch * openssh-6.6p1-send_locale.patch * openssh-6.6p1-sftp_force_permissions.patch * openssh-6.6p1-sftp_homechroot.patch * openssh-6.6p1-xauth.patch * openssh-6.6p1-xauthlocalhostname.patch) - update seccomp sandbox that broke after OpenSSL update (bsc#912436, bsc#977812) [openssh-6.6p1-seccomp_stat.patch] - openssh-6.6p1-ldap.patch: replace TRUE/FALSE with 1/0, since this defines did come via an indirect header inclusion and are not everywhere defined. - CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645 Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code to prevent information leak and buffer overflow - gpg signature and keyring added. pub 3200R/6D920D30 2013-12-10 [expires: 2021-01-01] uid Damien Miller <djm(a)mindrot.org> sub 3200R/672A1105 2013-12-10 [expires: 2021-01-01] - fix bashisms in sshd.init script - Ensure that ssh can use the ssh support of the gpg-agent (boo#899647) - Do not depend on insserv if the package build with systemd support; it's useless - Remove tcpwrappers support now, This feature was removed in upstream code at the end of April and the underlying libraries are abandonware. See: http://comments.gmane.org/gmane.linux.suse.general/348119 - curve25519 key exchange fix (-curve25519-6.6.1p1.patch) - patch re-ordering (-audit3-key_auth_usage-fips.patch, - audit4-kex_results-fips.patch) - Remove uneeded dependency on the OpenLDAP server (openldap2) from openssh-helpers. openssh-helpers just depends on the openldap client libraries, which will be auto-generated by rpm. - update to 6.6p1 Security: * sshd(8): when using environment passing with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be tricked into accepting any enviornment variable that contains the characters before the wildcard character. Features since 6.5p1: * ssh(1), sshd(8): removal of the J-PAKE authentication code, which was experimental, never enabled and has been unmaintained for some time. * ssh(1): skip 'exec' clauses other clauses predicates failed to match while processing Match blocks. * ssh(1): if hostname canonicalisation is enabled and results in the destination hostname being changed, then re-parse ssh_config(5) files using the new destination hostname. This gives 'Host' and 'Match' directives that use the expanded hostname a chance to be applied. Bugfixes: * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in ssh -W. bz#2200, debian#738692 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace sandbox modes, as it is reachable if the connection is terminated during the pre-auth phase. * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum parsing. Minimum key length checks render this bug unexploitable to compromise SSH 1 sessions. * sshd_config(5): clarify behaviour of a keyword that appears in multiple matching Match blocks. bz#2184 * ssh(1): avoid unnecessary hostname lookups when canonicalisation is disabled. bz#2205 * sshd(8): avoid sandbox violation crashes in GSSAPI code by caching the supported list of GSSAPI mechanism OIDs before entering the sandbox. bz#2107 * ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption that the SOCKS username is nul-terminated. * ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is not specified. * ssh(1), sshd(8): fix memory leak in ECDSA signature verification. * ssh(1): fix matching of 'Host' directives in ssh_config(5) files to be case-insensitive again (regression in 6.5). - FIPS checks in sftp-server - FIPS checks during ssh client and daemon startup (-fips-checks.patch) - Update openssh-6.5p1-audit4-kex_results.patch to ensure that we don't pass a NULL string to buffer_put_cstring. This happens when you have "Ciphers chacha20-poly1305(a)openssh.com" directive. - re-enabling the GSSAPI Key Exchange patch - re-enabling FIPS-enablement patch - enable X11 forwarding when IPv6 is present but disabled on server (bnc#712683, FATE#31503; -X_forward_with_disabled_ipv6.patch) - openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox (allowing use of the getuid syscall) (bnc#864171) - Update to 6.5p1 Features since 6.4p1: * ssh(1), sshd(8): support for key exchange using ECDH in Daniel Bernstein's Curve25519; default when both the client and server support it. * ssh(1), sshd(8): support for Ed25519 as a public key type fo rboth server and client. Ed25519 is an EC signature offering better security than ECDSA and DSA and good performance. * Add a new private key format that uses a bcrypt KDF to better protect keys at rest. Used unconditionally for Ed25519 keys, on demand for other key types via the -o ssh-keygen(1) option. Intended to become default in the near future. Details documented in PROTOCOL.key. * ssh(1), sshd(8): new transport cipher "chacha20-poly1305(a)openssh.com" combining Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details documented PROTOCOL.chacha20poly1305. * ssh(1), sshd(8): refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release. * ssh(1), sshd(8): refuse old proprietary clients and servers that use a weaker key exchange hash calculation. * ssh(1): increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419. * ssh(1), ssh-agent(1): support pkcs#11 tokens that only provide X.509 certs instead of raw public keys (requested as bz#1908). * ssh(1): new ssh_config(5) "Match" keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands. * ssh(1): support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names. * sftp-server(8): ability to whitelist and/or blacklist sftp protocol requests by name. * sftp-server(8): sftp "fsync(a)openssh.com" to support calling fsync(2) on an open file handle. * sshd(8): ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option. * ssh(1): ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data. Bugfixes since 6.4p1: * ssh(1), sshd(8): fix potential stack exhaustion caused by nested certificates. * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort. * sftp(1): bz#2137: fix the progress meter for resumed transfer. * ssh-add(1): bz#2187: do not request smartcard PIN when removing keys from ssh-agent. * sshd(8): bz#2139: fix re-exec fallback when original sshd binary cannot be executed. * ssh-keygen(1): make relative-specified certificate expiry times relative to current time and not the validity start time. * sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block. * sftp(1): bz#2129: symlinking a file would incorrectly canonicalise the target path. * ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent helper executable. * sshd(8): improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any). * sshd(8): bz#1297: tell the client (via a debug message) when their preferred listen address has been overridden by the server's GatewayPorts setting. * sshd(8): bz#2162: include report port in bad protocol banner message. * sftp(1): bz#2163: fix memory leak in error path in do_readdir(). * sftp(1): bz#2171: don't leak file descriptor on error. * sshd(8): include the local address and port in "Connection from ..." message (only shown at loglevel>=verbose). - systemd systems * create sysconfig file on systemd systems as well, yet do not require it at run-time (bnc#862600) * symlink rcsshd to /usr/bin/service - rename "-forcepermissions" patch to "-sftp_force_permissions" - disable key converter - ssh-keygen is able to do the same - add a rcsshd symlink to /usr/sbin/service - Add openssh-6.2p1-forcepermissions.patch to implement a force permissions mode (fate#312774). The patch is based on http://marc.info/?l=openssh-unix-dev&m=128896838930893 - Update to 6.4p1 Features since 6.2p2: * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. * The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. * ssh(1) ability to query what cryptographic algorithms are supported in the binary. * ssh(1): ProxyCommand=- for cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): -E option to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): support resuming partial downloads with the "reget" command and on the sftp commandline or on the "get" commandline with the "-a" (append) option. * ssh(1): "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): support for submethods to be appended to required authentication methods listed via AuthenticationMethods. Bugfixes since 6.2p2: * sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key. * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps. * sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108 * ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125 * ssh(1): reset the order in which public keys are tried after partial authentication success. * ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#2120 * ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations; bz#2122 * ssh(1): set TCP nodelay for connections started with -N; bz#2124 * ssh(1): correct manual for permission requirements on ~/.ssh/config; bz#2078 * ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. bz#1917 * ssh(1): properly deatch a ControlPersist master from its controlling terminal. * sftp(1): avoid crashes in libedit when it has been compiled with multi- byte character support. bz#1990 * sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. bz#1976, * ssh(1): fix incomplete bzero; bz#2100 * sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges. * Many improvements to the regression test suite. In particular log files are now saved from ssh and sshd after failures. * Fix a number of memory leaks. bz#1967 bz#2096 and others * sshd(8): fix public key authentication when a :style is appended to the requested username. * ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened. bz#2079 * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected * Fix unaligned accesses in umac.c for strict-alignment architectures. bz#2101 * Fix broken incorrect commandline reporting errors. bz#1448 * Only include SHA256 and ECC-based key exchange methods if libcrypto has the required support. * Fix crash in SOCKS5 dynamic forwarding code on strict-alignment architectures. - FIPS and GSSKEX patched disabled for now - fix server crashes when using AES-GCM - removed superfluous build dependency on X - spec file and patch cleanup * key converter is now in the -key-converter.patch * openssh-nodaemon-nopid.patch is -no_fork-no_pid_file.patch * openssh-nocrazyabicheck.patch is - disable-openssl-abi-check.patch * removing obsolete -engines.diff patch - patches from SLE11 * use auditing infrastructure extending upstream hooks (-auditX-*.patch) instead of the single old patch (-audit.patch) * FIPS enablement (currently disabled) (-fingerprint_hash.patch, -fips.patch) * GSSAPI key exchange (bnc#784689, fate#313068, -gssapi_key_exchange.patch) * SysV init script update - 'stop' now terminates all sshd processes and closes all connections, 'soft-stop' only terminates the listener process (keeps active sessions intact) (fate#314243) * helper application for retrieving users' public keys from an LDAP server (bnc#683733, fate#302144, -ldap.patch) - subpackage openssh-akc-ldap * several bugfixes: - login invocation (bnc#833605, -login_options.patch) - disable locked accounts when using PAM (bnc#708678, fate#312033, -pam-check-locks.patch) - fix wtmp handling (bnc#18024, -lastlog.patch) - init script is moved into documentation for openSUSE 12.3+ (as it confused systemd) - fix the logic in openssh-nodaemon-nopid.patch which is broken and pid_file therefore still being created. - Update to version 6.2p2 * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption * ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes * ssh(1)/sshd(8): Added support for the UMAC-128 MAC * sshd(8): Added support for multiple required authentication * sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) now immediately sends its SSH protocol banner to the server without waiting to receive the server's banner, saving time when connecting. * dozens of other changes, see http://www.openssh.org/txt/release-6.2 - avoid the build cycle between curl, krb5, libssh2_org and openssh by using krb5-mini-devel - Recommend xauth, X11-forwarding won't work if it is not installed - sshd.service: Do not order after syslog.target, it is not required or recommended and that target does not even exist anymore. - use ssh-keygen(1) default keylengths in generating the host key instead of hardcoding it - Updated to 6.1p1, a bugfix release Features: * sshd(8): This release turns on pre-auth sandboxing sshd by default for new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. * ssh-keygen(1): Add options to specify starting line number and number of lines to process when screening moduli candidates, allowing processing of different parts of a candidate moduli file in parallel * sshd(8): The Match directive now supports matching on the local (listen) address and port upon which the incoming connection was received via LocalAddress and LocalPort clauses. * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups} * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as an argument to refuse all port-forwarding requests. * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators to append some arbitrary text to the server SSH protocol banner. Bugfixes: * ssh(1)/sshd(8): Don't spin in accept() in situations of file descriptor exhaustion. Instead back off for a while. * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from the specification. bz#2023, * sshd(8): Handle long comments in config files better. bz#2025 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly picked up. bz#1995 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root on platforms that use login_cap. Portable OpenSSH: * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit sandbox from the Linux SECCOMP filter sandbox when the latter is not available in the kernel. * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to retrieve a CNAME SSHFP record. * Fix cross-compilation problems related to pkg-config. bz#1996 - Fix groupadd arguments - Add LSB tag to sshd init script - explicit buildrequire groff, needed for man pages - buildrequire systemd through pkgconfig to break cycle - When not daemonizing, such is used with systemd, no not create a PID file - do not buildrequire xorg-x11, the askpass is an extra package and should build from a different package - use correct download url and tarball format. - Update to version 6.0, large list of changes, seen http://www.openssh.org/txt/release-6.0 for detail. - By default openSSH checks at *runtime* if the openssl API version matches with the running library, that might be good if you are compiling SSH yourself but it is a totally insane way to check for binary/source compatibility in a distribution. - include X11 app default dir - Fix building for OS 11.0, 10.3, 10.2 * Don't require selinux on OS 11.0 or lower - Fix building for OS 11.2 and 11.1 - Cleanup remove remaining litteral /etc/init.d 's - add autoconf as buildrequire to avoid implicit dependency - Add systemd startup units - finalising libexecdir change (bnc#726712) - Update to 5.9p1 * sandboxing privsep child through rlimit - Avoid overriding libexecdir with %_lib (bnc#712025) - Clean up the specfile by request of Minh Ngo, details entail: * remove norootforbuild comments, redundant %clean section * run spec-beautifier over it - Add PIEFLAGS to compilation of askpass; fails otherwise - Update to verison 5.8p2 * Fixed vuln in systems without dev/random, we arenot affected * Fixes problems building with selinux enabled - Fix build with as-needed and no-add-needed - Enable libedit/autocompletion support in sftp - Change default keysizes of rsa and dsa from 1024 to 2048 to match ssh-keygen manpage recommendations. - Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. - Remove patch that is now upstream: * openssh-5.7p1-selinux.diff - specfile/patches cleanup - Update to 5.7p1 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). * Support building against openssl-1.0.0a. * Bug fixes. - Remove patches that are now upstream: * openssh-5.6p1-tmpdir.diff * openssh-linux-new-oomkill.patch - Add upstream patch to fix build with SELinux enabled. - Removed relics of no more implemented opensc support. - add pam_lastlog to show failed login attempts - remove permissions handling, no special handling needed - Use upstream oom_adj is deprecated patch - remove the code trying to patch X11 paths - which was broken for a very long time and was useless anyway as the Makefiles do this correctly themselves - Use %_smp_mflags - Fix warning "oom_adj is deprecated use oom_score_adj instead" - actualize README.SuSE (bnc#638893) - update to 5.6p1 * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. * Hostbased authentication may now use certificate host keys. * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. * Expand %h to the hostname in ssh_config Hostname options. * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication and will send them after authentication has successfully completed. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user * sshd(8) now supports indirection in matching of principal names listed in certificates. * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. * Additional sshd_config(5) options are now valid inside Match blocks * Revised the format of certificate keys. * bugfixes - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded any more), removed memory leak fix (fixed in upstream) - hint user how to remove offending keys (bnc#625552) - update to 5.5p1 - update to 5.5p1 * Allow ChrootDirectory to work in SELinux platforms. * bugfixes - Disable visual hostkey support again, after discussion on its usefulness. - Hardware crypto is supported and patched but never enabled, need to use --with-ssl-engine explicitely - fixed memory leak in sftp (bnc#604274) - honour /etc/nologin (bnc#530885) - Enable VisualHostKey (ascii art of the hostkey fingerprint) and HashHostKeys (hardening measure to make them unusable for worms/malicious users for further host hopping). - update to 5.4p1 * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and will trigger a warning if used. * Rewrite the ssh(1) multiplexing support to support non-blocking operation of the mux master, improve the resilience of the master to malformed messages sent to it by the slave and add support for requesting port- forwardings via the multiplex protocol. The new stdio-to-local forward mode ("ssh -W host:port ...") is also supported. The revised multiplexing protocol is documented in the file PROTOCOL.mux in the source distribution. * Add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 * Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has. bz#1229 * Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program: - Support the "-h" (human-readable units) flag for ls - Implement tab-completion of commands, local and remote filenames - Support most of scp(1)'s commandline arguments in sftp(1), as a first step towards making sftp(1) a drop-in replacement for scp(1). Note that the rarely-used "-P sftp_server_path" option has been moved to "-D sftp_server_path" to make way for "-P port" to match scp(1). - Add recursive transfer support for get/put and on the commandline * New RSA keys will be generated with a public exponent of RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35. * Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). - cleanup in patches - do not use paths at all, but prereq packages - Use complete path for groupadd and useradd in pre section. - audit patch: add fix for bnc#545271 - do not fix uid/gid anymore (bnc#536564) - select large PIE for SPARC, it is required to avoid "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz defined in COMMON section in sshd.o" - add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh - make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima(a)redhat.com for a patch - readd $SSHD_BIN so that sshd starts at all - Added a hook for ksshaskpass - readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote) - disable as-needed for this package as it fails to build with it - disable -f in startproc to calm the warning (bnc#506831) - do not enable sshd by default ==== osinfo-db ==== - bsc#974580 - modify volume id for some windows iso files First, use "X64FREE?" instead of "X64FRE". Second, add "IR1_SSS_X64FREV_EN-US_DV5". modify-volume-id-for-windows.patch ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Recommend xf86-video-nouveau by rest_core_dvd and rest_cd_core. ==== publicsuffix ==== Version update (20180312 -> 20180328) - Update to version 20180328: * Add gwiddle.co.uk (#521) * Add ox.rs (#522) * Add myjino.ru (#512) * Add ras.ru domains (#511) * Add AWS ElasticBeanstalk Osaka, JP region (#628) * Remove trailing whitespace (#621) ==== python-base ==== Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-devel python-xml - Add gcc8-miscompilation-fix.patch (boo#1084650). ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Fix OOB access in VGA emulation (CVE-2018-7858 bsc#1084604) 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 - Add new look up path "sys/class/tpm" for tpm cancel path based on Linux 4.0 change (commit 313d21eeab9282e)(bsc#1070615) 0079-tpm-lookup-cancel-path-under-tpm-de.patch ==== qemu-linux-user ==== - Be more specific about python version used in building package. Other minor spec file tweaks. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0080-vga-fix-region-calculation.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 * Patches added: 0079-tpm-lookup-cancel-path-under-tpm-de.patch ==== re2 ==== Version update (20180301 -> 20180401) - Update to version 2018-04-01 * developer visible changes only ==== strace ==== Version update (4.21 -> 4.22) - Update to strace 4.22 * Changes in behaviour * When printing string data, '8' and '9' following an octal escape sequence no longer lead to unabbreviated octal escape sequence output, as they used to do. * Angle brackets are now printed as octal number escape sequences in the output of paths associated with file descriptors. * Data dump for write syscalls (-e write) is performed regardless of successfulness of these syscall (addresses Debian bug #436284). * -r and -t options are now affect output independently. Previously, - r option led to ignoring of the -t option (addresses Debian bug #466195). * Improvements * Implemented delay injection (-e inject=SET:delay_enter= and - e inject=SET:delay_exit= options). * Added -A option for opening output files in append mode (addresses Debian bug #528488). * IPv6 addresses shown in socket information in -yy mode are now printed in brackets. * Enhanced decoding of bpf, prctl and ptrace syscalls. * Enhanced decoding of BTRFS_IOC_INO_PATHS, BTRFS_IOC_LOGICAL_INO, and PTP_* ioctl commands. * Enhanced NETLINK_ROUTE protocol decoding. * Updated lists of signal codes. * Updated lists of BPF_*, BTN_*, ETH_P_*, INET_DIAG_BC_*, KEY_*, POLL*, RWF_*, SCHED_FLAG_*, SCTP_* and error constants. * Implemented block/character device number printing in -yy mode. * Known pixel/SDR format names are printed as comments for pixelformat fields in v4l2 structures. * Enhanced decoding of kern_features syscall. * Enhanced NETLINK_NETFILTER netlink protocol decoder. * Optimized handling of large number of tracees. * Improved wall clock time measurement in syscall count statistics (-c -w option). * Extended the range of allowed values in -e inject=...:retval= expression. * Added i18n support. * Updated lists of ioctl commands from Linux 4.16. * Enhanced manual page. * Bug fixes * Fixed build on m68k. * Fixed v4l2 pixelformat decoding on big-endian architectures. * Fixed -O option. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-coredump systemd-logger systemd-sysvinit udev - /usr/lib/systemd/systemd-coredump was missing from systemd-coredump sub-package (boo#1088057) ==== xdm ==== Subpackages: xdm-xsession - systemd-logind integration requires to use -keeptty with X server to hold the controlling tty (and breaks startx!).[boo#1088365] - Do not generate an error on not existing shell functions *_vars in /usr/lib/X11/display-manager ==== xf86-input-libinput ==== Version update (0.26.0 -> 0.27.0) - Add U_Fix-left-handed-property.patch: Fix "left handed" property not set on all pointers (fdo#105667). - Update to version 0.27 * The libinput driver splits libinput devices into multiple X devices (e.g. a mouse and a keyboard device) and then routes the events accordingly. In the case where there is a user- specific on one device, a VT switch or suspend/resume cycle sometimes overwrote the configuration with the devices in-order, resulting in the loss of that configuration. e.g. if the keyboard device resumes after the mouse device, the natural scroll setting may get overwritten with the default. This is fixed now. And a note to the man page, we don't support specifying devices as /dev/input/by-id or /dev/input/by-path. It's not worth the effort, so at least point this out in the man page. ==== xf86-video-ati ==== Version update (18.0.0 -> 18.0.1) - Update to release 18.0.1 * This release supports xserver versions 1.13-1.19. It also works with xserver 1.20 RC1, so unless something unexpected happens, it should work with xserver 1.20 as well. This is a bug-fix release addressing issues in 18.0.0. While those issues shouldn't affect most users, I recommend that all users of 18.0.0 update to 18.0.1. + The Xorg process could crash when multiple primary screens are configured in xorg.conf. + TearFree could trigger debugging messages in the pixman library ==== xmessage ==== Version update (1.0.4 -> 1.0.5) - Update to version 1.0.5 * Stop leaking temporary buffer when realloc fails to enlarge it * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== xprop ==== Version update (1.2.2 -> 1.2.3) - Update to version 1.2.3 * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * Print which option was in error along with usage message * Add -version option to print program version * Free the thunks used by Show_Prop * Free the data returned by XListProperties() * Free the data returned by XGetWindowProperty() * Free the data returned by Format_Icons() * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== xrdb ==== Version update (1.1.0 -> 1.1.1) - Update to version 1.1.1 * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * configure: add more m4 quoting to quiet autoconf complaints * Remove unused macro RESOURCE_PROPERTY_NAME * Clean up sign/size conversion warnings from clang * Stop casting free() arguments to (char *) * unifdef -U__UNIXOS2__ * Print which option was in error along with usage message * Use SEEK_* names instead of raw numbers for fseek whence argument * Reformat code to X.Org standard coding style * Fix "editting" typo in comment * Use reallocarray() for array allocations & resizing * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== xset ==== Version update (1.2.3 -> 1.2.4) - Update to version 1.2.4 * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * autogen.sh: use quoted string variables * Include unistd.h for usleep() if HAVE_USLEEP * Fix one last warning about usage() format string. * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish - supersedes U_xset_fix-warning-about-usage-format-string.patch ==== xsetroot ==== Version update (1.1.1 -> 1.1.2) - Update to version 1.1.2 * autogen.sh changes * configure: Drop AM_MAINTAINER_MODE * Print which option was in error along with usage message * Only use results from GetWindowProperty if it returned success * Improve manpage and -help option. ==== yast2 ==== Version update (4.0.60 -> 4.0.65) - improve wayland support (bsc#1083907) - 4.0.65 - Use SHA2 instead of MD5 when determining whether a license was already accepted or not (related to fate#325461). - 4.0.64 - Add a new API to handle product licenses. - Given a license, remember whether another one with the same content was already accepted (fate#325461). - 4.0.63 - Added ProductUpgrade class to better evaluate the product for upgrading (related to bsc#1086259) - 4.0.62 - Make possible to use the Yast2::Popup class from the Report module (part of bsc#1082542). - 4.0.61 ==== yast2-firewall ==== Version update (4.0.21 -> 4.0.22) - Translate the installation finish client title (bsc#1084136) - 4.0.22 ==== yast2-installation ==== Version update (4.0.42 -> 4.0.44) - Start web VNC for the installation process (bsc#1078785) - 4.0.44 - Fix tests to use correct storage instance (part of fate#318196). - 4.0.43 ==== yast2-network ==== Version update (4.0.23 -> 4.0.25) - Fixed preformatted proposal for network module (bsc#1088488) - 4.0.25 - Added missing "textdomain" call to properly translate the web access check box label (bsc#1081466) - 4.0.24 ==== yast2-nfs-client ==== Version update (4.0.3 -> 4.0.5) - Use only nfsvers (or its alias) to specify the version of the NFS protocol, instead of the legacy nfs4 (vfstype) and minorversion (bsc#1088426). - Detect legacy entries and warn the user. - 4.0.5 - Command line interface: display correct content in the 'Options' column (bsc#1087826) when listing. - Command line interface: updated help about the 'type' option. - 4.0.4 ==== yast2-packager ==== Version update (4.0.49 -> 4.0.55) - Given a license, remember whether another one with the same content was already accepted (fate#325461). - 4.0.55 - Better evaluate the product to upgrade, do not use the package solver if there is only one base product to install, use some fallbacks when the solver fails (bsc#1086259) - 4.0.54 - Fix tests to use correct storage instance (part of fate#318196). - 4.0.53 - Adapt to API changes in storage-ng (part of bsc#1082542). - 4.0.52 - Added a known upgrade from SLE-HPC to SLES_HPC (bsc#1086734) - 4.0.51 - SLES-12 + HPC module can be upgraded to SLES_HPC-15, display correctly this product change in the migration selection and the upgrade summary dialog (bsc#1086734) - 4.0.50 ==== yast2-ruby-bindings ==== Version update (4.0.4 -> 4.0.6) - Allow to directly abort the process (needed for fate#318196). - 4.0.6 - Log a warning if no text domain is configured for translations, this helps with debugging (improved as a part of bsc#1081466) - 4.0.5 ==== yast2-storage-ng ==== Version update (4.0.139 -> 4.0.147) - Better error handling if no storage proposal is possible (bsc#1064677) - 4.0.147 - Recover method #exists_in_probed? (bsc#1087818). - 4.0.146 - Partitioner: do not crash when a striped logical volume is selected (bsc#1087702). - Fixed an error searching devices by name introduced by the recent sanitization related to bsc#1083672. - 4.0.145 - Partitioner: add check for minimum size when using snapshots (bsc#1085131). - 4.0.144 - If a duplicate PV is found, show an specific error message with instructions (bsc#1082542). - 4.0.143 - Use correct probe mode in unit tests (fate#318196). - Honor the LIBSTORAGE_MULTIPATH_AUTOSTART environment variable (part of fate#318196 and part of the fix for bsc#1082542). - 4.0.142 - Sanitize devicegraph after probing when there are LVM volume groups with missing physical volumes (bsc#1083672). - 4.0.141 - Partitioner: Report detailed reasons why resizing is not possible (fate#318196) - 4.0.140 - Partitioner: fixed an error that was causing filesystems to be deleted in some combination of actions (part of fate#318196). ==== yast2-trans ==== Version update (84.87.20180208.cf7cad734 -> 84.87.20180406.01ef53789) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en yast2-trans-en_GB yast2-trans-en_US yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20180406.01ef53789 (bsc#1088113 and others). * Added check_po_files.rb script * Another translation update * Experimentally add python-brace-format * First round of translation fixes * Fixed a format string. * Manual tweaks * More fixes * New POT for text domain 'packager'. * New POT for text domain 'registration'. * New POT for text domain 'storage'. * New POT for text domain 'tftp-server'. * Restored the removed translations * Revert back the removed strings * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Swedish) * another experiment, add c-format - Update to version 84.87.20180404.7829627b4 (bsc#1085376, bsc#1086920): * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Czech) * Translated using Weblate (Danish) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Hungarian) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Korean) * Translated using Weblate (Lithuanian) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * New POT for text domain 'add-on'. * New POT for text domain 'alternatives'. * New POT for text domain 'auth-client'. * New POT for text domain 'autoinst'. * New POT for text domain 'base'. * New POT for text domain 'bootloader'. * New POT for text domain 'cio'. * New POT for text domain 'cluster'. * New POT for text domain 'control'. * New POT for text domain 'docker'. * New POT for text domain 'firewall'. * New POT for text domain 'firstboot'. * New POT for text domain 'fonts'. * New POT for text domain 'ftp-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'installation'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'network'. * New POT for text domain 'nfs'. * New POT for text domain 'packager'. * New POT for text domain 'registration'. * New POT for text domain 's390'. * New POT for text domain 'storage'. * New POT for text domain 'update'. * New POT for text domain 'users'. * Update rpm-groups (bsc#1086643) * Obsolete yast2-trans-sr-Latn by yast2-trans-sr-latin. - Update to version 84.87.20180316.72781395d: * Automatic update of alternatives. * Automatic update of auth-client. * Automatic update of cio. * Automatic update of control. * Automatic update of docker. * Automatic update of firstboot. * Automatic update of fonts. * Automatic update of geo-cluster. * Automatic update of installation. * Automatic update of iscsi-lio-server. * Automatic update of network. * Automatic update of registration. * Automatic update of storage. * New POT for text domain 'alternatives'. * New POT for text domain 'auth-client'. * New POT for text domain 'autoinst'. * New POT for text domain 'base'. * New POT for text domain 'bootloader'. * New POT for text domain 'cio'. * New POT for text domain 'control'. * New POT for text domain 'docker'. * New POT for text domain 'firewall'. * New POT for text domain 'firstboot'. * New POT for text domain 'fonts'. * New POT for text domain 'ftp-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'installation'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'mail'. * New POT for text domain 'network'. * New POT for text domain 'packager'. * New POT for text domain 'registration'. * New POT for text domain 'samba-server'. * New POT for text domain 'storage'. * New POT for text domain 'update'. * New POT for text domain 'users'. * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Czech) * Translated using Weblate (Danish) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Galician) * Translated using Weblate (German) * Translated using Weblate (Greek) * Translated using Weblate (Hungarian) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Korean) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * Translated using Weblate (Turkish) - Update to version 84.87.20180301.762401304: * Automatic update of add-on. * Automatic update of alternatives. * Automatic update of apparmor. * Automatic update of auth-client. * Automatic update of autoinst. * Automatic update of base. * Automatic update of bootloader. * Automatic update of ca-management. * Automatic update of cio. * Automatic update of cluster. * Automatic update of control. * Automatic update of country. * Automatic update of docker. * Automatic update of firstboot. * Automatic update of fonts. * Automatic update of geo-cluster. * Automatic update of installation. * Automatic update of iscsi-lio-server. * Automatic update of kdump. * Automatic update of network. * Automatic update of ntp-client. * Automatic update of packager. * Automatic update of registration. * Automatic update of s390. * Automatic update of storage. * Automatic update of update. * Added translation using Weblate (Finnish) * Added translation using Weblate (Portuguese (Brazil)) * Drop ca-management * Drop inetd * Drop sshd * New POT for text domain 'add-on'. * New POT for text domain 'alternatives'. * New POT for text domain 'apparmor'. * New POT for text domain 'auth-client'. * New POT for text domain 'autoinst'. * New POT for text domain 'base'. * New POT for text domain 'bootloader'. * New POT for text domain 'ca-management'. * New POT for text domain 'caasp'. * New POT for text domain 'cio'. * New POT for text domain 'cluster'. * New POT for text domain 'configuration_management'. * New POT for text domain 'control'. * New POT for text domain 'country'. * New POT for text domain 'dns-server'. * New POT for text domain 'docker'. * New POT for text domain 'drbd'. * New POT for text domain 'firewall'. * New POT for text domain 'firstboot'. * New POT for text domain 'fonts'. * New POT for text domain 'ftp-server'. * New POT for text domain 'geo-cluster'. * New POT for text domain 'http-server'. * New POT for text domain 'installation'. * New POT for text domain 'instserver'. * New POT for text domain 'iplb'. * New POT for text domain 'iscsi-lio-server'. * New POT for text domain 'isns'. * New POT for text domain 'mail'. * New POT for text domain 'ncurses'. * New POT for text domain 'network'. * New POT for text domain 'nfs'. * New POT for text domain 'nfs_server'. * New POT for text domain 'nis'. * New POT for text domain 'nis_server'. * New POT for text domain 'ntp-client'. * New POT for text domain 'packager'. * New POT for text domain 'pkg-bindings'. * New POT for text domain 'rdp'. * New POT for text domain 'registration'. * New POT for text domain 'samba-client'. * New POT for text domain 'services-manager'. * New POT for text domain 'squid'. * New POT for text domain 'storage'. * New POT for text domain 'storage-ng'. * New POT for text domain 'tftp-server'. * New POT for text domain 'users'. * New POT for text domain 'vm'. * New POT for text domain 'y2packager'. * New POT for text domain 'yast2-apparmor'. * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Czech) * Translated using Weblate (Danish) * Translated using Weblate (Dutch) * Translated using Weblate (English) * Translated using Weblate (Esperanto) * Translated using Weblate (Finnish) * Translated using Weblate (French) * Translated using Weblate (Galician) * Translated using Weblate (German) * Translated using Weblate (Hungarian) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Korean) * Translated using Weblate (Persian) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * Translated using Weblate (Turkish) * Translated using Weblate (Ukrainian) * Fix handling of new text domains and clean up old pot-files. * Fix pot cleanup. Remove y2m call. Better run it before running this script * Ignore y2makepot errors in the Jenkins script (#16) * Remove unused text domain (renamed to apparmor) * Rename deprecated sr@Latn to sr-latin * iplb: Split translation of large strings * Update DOMAIN_MAP ==== yast2-users ==== Version update (4.0.3 -> 4.0.4) - Fix import of RootPassword if user is specified in autoyast profile (bsc#1081958) - 4.0.4 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] fwupdate-efi missing as a dependency for fwupdmgr
by Michael Aquilina 09 Apr '18

09 Apr '18

Probably best to read this github issue to understand it https://github.com/hughsie/fwupd/issues/454#issuecomment-379815881 TL;DR; posted a bug that `fwupdmgr update` was crashing. We found out the main cause was that `fwupdate-efi` was missing. It was suggested I file something with openSUSE to get this fixed. -- Michael Aquilina -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

2 1

[opensuse-factory] New Tumbleweed snapshot 20180406 released!
by Dominique Leuenberger 09 Apr '18

09 Apr '18

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: ImageMagick (7.0.7.25 -> 7.0.7.28) MozillaFirefox-branding-openSUSE NetworkManager-applet NetworkManager-pptp (1.2.4 -> 1.2.6) alsa-tools ark boost boost-base build (20180209 -> 20180329) createrepo_c cups-filters (1.20.0 -> 1.20.1) docbook-xsl ethtool fprintd (0.7.0 -> 0.8.0) fwupd gegl glibmm2_4 (2.52.1 -> 2.56.0) gnome-screenshot (3.26.0 -> 3.26.0+20180327.60e7720) grub2 hwdata (0.310 -> 0.311) jasper (1.900.14 -> 2.0.14) kcm_tablet (2.9.82 -> 3.0.0) kernel-firmware (20180320 -> 20180402) kernel-source (4.15.13 -> 4.16.0) korganizer lapack (3.5.0 -> 3.8.0) less libmygpo-qt (1.0.9 -> 1.1.0) libofx (0.9.10 -> 0.9.12) libreoffice (6.0.3.1 -> 6.0.3.2) libsecret (0.18.5 -> 0.18.6) libsmbios (2.3.3 -> 2.4.1) libzip logrotate mercurial (4.5.2 -> 4.5.3) patterns-base patterns-desktop patterns-gnome (20170319 -> 20180321) patterns-kde patterns-media perl-DBD-SQLite (1.56 -> 1.58) php7 (7.2.3 -> 7.2.4) plasma5-workspace psqlODBC (10.01.0000 -> 10.02.0000) python3 (3.6.4 -> 3.6.5) python3-base (3.6.4 -> 3.6.5) remmina (1.2.0~rcgit.27 -> 1.2.0~rcgit.28) rsync screen skanlite (2.0.1 -> 2.1.0.1) skopeo (0.1.26 -> 0.1.28) sqlite3 (3.22.0 -> 3.23.0) vala (0.40.1 -> 0.40.2) vim virt-manager vsftpd wireshark (2.4.5 -> 2.4.6) xmlgraphics-fop yast2-auth-client (3.3.18 -> 4.0.0) yast2-tftp-server (4.0.1 -> 4.0.2) === Details === ==== ImageMagick ==== Version update (7.0.7.25 -> 7.0.7.28) Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI5 libMagickWand-7_Q16HDRI5 perl-PerlMagick - Remove BuildRequires on dcraw, it is not needed at buildtime. - do not run tests on i586 at all - update to 7.0.7-28: * Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts - tesuite still fails, however: https://github.com/ImageMagick/ImageMagick/issues/1058 - added ImageMagick-write.t-pict.patch - added ImageMagick-tests.tap-attributes.patch - update to 7.0.7-27: * Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts. - remove ImageMagick-remove-test.tap-attributes.patch as the perl testsuite fails in bunch of tests anyway. Waiting for results of the upstream bug (https://github.com/ImageMagick/ImageMagick/issues/1019) - added ImageMagick-remove-test.tap-attributes.patch, removes failing test on i586 https://github.com/ImageMagick/ImageMagick/issues/1019 - update to 7.0.7-26 * Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts (credit to OSS Fuzz). ==== MozillaFirefox-branding-openSUSE ==== - recognize Leap 15.0 (boo#1087713) ==== NetworkManager-applet ==== Subpackages: NetworkManager-applet-lang NetworkManager-connection-editor libnm-gtk0 libnma0 nma-data typelib-1_0-NMA-1_0 - Re enable appindicator in autotools BuildRequires - Add feature-app-indicator-desktop-file.patch to launch the startup application with appindicator support and add a delay to ensure that the desktop's systray service is running beforehand. ==== NetworkManager-pptp ==== Version update (1.2.4 -> 1.2.6) Subpackages: NetworkManager-pptp-gnome NetworkManager-pptp-lang - Update to version 1.2.6: + Fix passing "user" and set "remotename" (bgo#794695) + Use gresources for UI file + Updated translations. - Update URL tag to https://wiki.gnome.org/Projects/NetworkManager: currently the Network Manager project's web page. - Drop icon_theme_cache_* post/postun scriptlets: its fucntionality has been moved to RPM file triggers (4.13, suse_version 1330). - Add gio-2.0, gio-unix-2.0 and glib-2.0 pkgconfig modules BuildRequires to avoid implicit dependencies. ==== alsa-tools ==== - Update to alsa-tools 1.1.6: * hwmixvolume: use python2 directly * Change FSF address (Franklin Street) * hdspconf, hdspmixer: validate the .desktop files * hdajackretask: add .desktop and icon files * hdspmixer: move .desktop and icon files to desktop, use modern destination for icons * hdspconf: move .desktop and icon files to desktop, use modern destination for icons * echomixer: add .desktop and icon files * envy24control: add .desktop and icon files * hwmixvolume: add .desktop and icon files * Makefile: fix version file creation * hdajacksensetest: add gitcompile to EXTRA_DIST - Rename README.SuSE to README.SUSE - Drop superfluous conditional builds; gtk and fltk are always available - Remove obsoleted patch alsa-tools-desktop-fix.dif ==== ark ==== Subpackages: ark-lang libkerfuffle17 - Drop 0001-Swap-priorities-around-between-unar-and-unrar.patch again, unar's "unrar" wrapper has been split out and doesn't replace unrar anymore. There are good reasons not to prefer unar over unrar, it currently only supports a subset of RAR archives, and this also breaks creating of RAR archives with Ark if unar is installed. People who do want to install the new unrar_wrapper instead of the real unrar can still disable the rar plugin in Ark's settings to be able to open RAR archives with unar. ==== boost ==== - Use %license instead of %doc [bsc#1082318] ==== boost-base ==== Subpackages: boost-license1_66_0 boost_1_66-jam libboost_date_time1_66_0 libboost_filesystem1_66_0 libboost_headers1_66_0-devel libboost_iostreams1_66_0 libboost_locale1_66_0 libboost_regex1_66_0 libboost_signals1_66_0 libboost_system1_66_0 libboost_thread1_66_0 - Use %license instead of %doc [bsc#1082318] ==== build ==== Version update (20180209 -> 20180329) Subpackages: build-mkbaselibs build-mkdrpms - KIWI: Support OBS-Profiles kiwi annotation kiwi profile filtering - Switch to a little perl http server to get rid of the python2 dependency - Avoid Ubuntu 18.04 uncompress failure messages - Don't rely on AppImage's auto-detection for architecture - build-recipe-livebuild: count ONIE images as build results ==== createrepo_c ==== Subpackages: libcreaterepo_c0 python3-createrepo_c - fix spelling of old weakdeps feature switch (bsc#1088328) ==== cups-filters ==== Version update (1.20.0 -> 1.20.1) - Version upgrade to 1.20.1 to provide upstream bugfixes also for SLE15 / Leap15 and be also already prepared for SLE12 (fate#323676). This is a bug fix release fixing several issues on the Braille support and other bugs, in particular (for details see the NEWS file): * libcupsfilters: Silenced warning when using CUPS < 2.x by eliminating the use of a recently introduced CUPS library function, see https://bugs.linuxfoundation.org/show_bug.cgi?id=1421 * cups-browsed: Fixed crash when CUPS reports a print queue without "device-uri" attribute when cups-browsed polls a list of local CUPS queues, see https://github.com/OpenPrinting/cups-filters/issues/16 - fix_upstream_bug_1421.patch is no longer needed because it is now fixed in the upstream sources (see the "libcupsfilters ... bug ... 1421" entry above). ==== docbook-xsl ==== Subpackages: docbook-xsl-stylesheets docbook5-xsl-stylesheets - Spec file: Missing 'g' in sed replacements of @VERSION@ of catalog files. This is needed to avoid the string "@VERSION@" in our installed catalog files. This leads to catalog resolution errors. - Applied spec-cleaner ==== ethtool ==== - Use %license instead of %doc [bsc#1082318] ==== fprintd ==== Version update (0.7.0 -> 0.8.0) Subpackages: fprintd-lang fprintd-pam fprintd-pam-32bit - Update to version 0.8.0 * Lockdown the daemon to minimise potential security issues * Don't wake up readers when there's no enrolled fingerprints ==== fwupd ==== Subpackages: fwupd-lang libfwupd2 - Update hasbang in installed files from /usr/bin/env python3 to /usr/bin/python3. - Update url - Small packaging cleanup with spec-cleaner ==== gegl ==== Subpackages: gegl-0_3 gegl-0_3-lang libgegl-0_3-0 - Add cairo and glib-2.0 BuildRequires to avoid implicit dependencies. ==== glibmm2_4 ==== Version update (2.52.1 -> 2.56.0) Subpackages: glibmm2_4-devel libgiomm-2_4-1 libglibmm-2_4-1 - Update to version 2.56.0: + Glib: - Threads::Private: Fix gobj() (bgo#791711). - TimeoutSource: Use monotonic time consistently (bgo#792524). - Add RefPtr::get(). (bgo#495762). + Gio: - TlsClientConnection: Deprecate set/get/property_use_ssl3(). - DataInputStream: Deprecate read_until(). - Application: Add property_resource_base_path_string(). This is a replacement for property_resource_base_path() which can't be fixed without breaking ABI (bgo#787496). - Application: Add three set_option_context_*() methods. - DesktopAppInfo: Add get_locale_string(). + Documentation: Slightly elaborate Glib::Variant<Variant> docs (bgo#778219). + tests: - glibmm_variant: Don't use C++14 features when a C++11 compiler is used (bgo#787648). - glibmm_interface_move test: Avoid unused function warnings. + gmmproc: - _WRAP_METHOD: . Accept optional list of exceptions in errthrow (bgo#787979). . Suppress the @return section in generated documentation if return type is void (bgo#787978). - Add _MEMBER_SET_STR macro, setter for strings (bgo#793778). - Drop gcc8.patch: Fixed upstream. ==== gnome-screenshot ==== Version update (3.26.0 -> 3.26.0+20180327.60e7720) Subpackages: gnome-screenshot-lang - Update to version 3.26.0+20180327.60e7720: + Updated translations. - Update to version 3.26.0+20180313.a35622c: + Remove po/Makevars. + Fix a grammar mistake in the man page. + Drop build-api wrapper. + Honor the mandir option. + Updated translations. - Switch to git checkout via source services. - Drop update-desktop-files BuildRequires and no longer call suse_update_desktop_file macro, not needed anymore. - Use autosetup macro. - Drop obsolete gnome-utils Conflicts, not needed anymore. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix Nvidia GPU in legacy I/O slot 2 disappears during system startup (bsc#1082914) * 0001-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled-MMIO-da.patch - Fix packed-not-aligned error on GCC 8 (bsc#1084632) * 0001-Fix-packed-not-aligned-error-on-GCC-8.patch ==== hwdata ==== Version update (0.310 -> 0.311) - Update to version 0.311: * Updated pci, usb and vendor ids. ==== jasper ==== Version update (1.900.14 -> 2.0.14) - Added patch: * jasper-CVE-2018-9055.patch + fix CVE-2018-9055, bsc#1087020: jasper: denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. - Upgrade to 2.0.14 * Soname and package name change libjasper1 to libjasper4 * Security fixes: + CVE-2016-9557 jasper: Signed integer overflow in jas_image.c - Removed patches: * jasper-1.900.1-uninitialized.patch + not needed any more * jasper-CVE-2016-10251.patch * jasper-CVE-2016-8654.patch * jasper-CVE-2016-9262.patch * jasper-CVE-2016-9395.patch * jasper-CVE-2016-9560.patch * jasper-CVE-2016-9583.patch * jasper-CVE-2016-9591.patch * jasper-CVE-2016-9600.patch * jasper-CVE-2017-1000050.patch * jasper-CVE-2017-5498.patch * jasper-CVE-2017-6850.patch + Fixed upstream - Added patches: * 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch + fix assertion failure JPC_NOMINALGAIN() which can be caused by a crafted JP2 file. * 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch + allow JasPer to be build with CMake 2.x as well as CMake 3.x. ==== kcm_tablet ==== Version update (2.9.82 -> 3.0.0) Subpackages: kcm_tablet-lang - Update to version 3.0.0 * Implemented hotplugging on Xlib (by Fabian Vogt). Hotplugging should now work on Debian/Ubuntu based distributions, and all other distributions that don't build libXCB with Xinput enabled. * Screen mapping configuration now uses output names instead of screen indices. This invalidates existing screen mapping configurations. * Tablet Finder should no longer skip button detection. * First steps in fixing rotation handling in multi-screen setup. However, for now if you want your screen rotation to be tracked, it has to be set as primary screen. Qt bug: https://bugreports.qt.io/browse/QTBUG-65598 * Minor calibration dialog fixes. Calibration still might be off with Cintiq devices. Fixing those would require some feedback: https://userbase.kde.org/Wacomtablet#Calibration_issues_.26_manual_calibrat… * New device definitions: + Lenovo Yoga 520 (by Felipe Abrahao) + Wacom Intuos Pro L (PTH-860) (by Melvin Vermeeren) + Wacom Bamboo One M (CTL-671) (by Alexander) - Drop Implement-hotplugging-on-Xlib.patch, merged upstream - Mark license file as %license ==== kernel-firmware ==== Version update (20180320 -> 20180402) Subpackages: ucode-amd - Update to version 20180402: * amdgpu: update vce firmware for Polaris * linux-firmware: Add firmware file for Intel Bluetooth,9560 * linux-firmware: Add firmware file for Intel Bluetooth,9260 * linux-firmware: Update firmware file for Intel Bluetooth,8265 * linux-firmware: Update firmware patch for Intel Bluetooth 8260 * nfp: update Agilio SmartNIC firmware to rev 2.0.7 * cxgb4: update firmware to revision 1.18.9.0 * linux-firmware: intel: Update Geminilake audio firmware * linux-firmware: intel: Update Kabylake audio firmware * linux-firmware: intel: Update Broxton audio firmware * linux-firmware: intel: Update Skylake audio firmware ==== kernel-source ==== Version update (4.15.13 -> 4.16.0) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Revert "tools: fix cross-compile var clobbering" (build fix). - commit 590ff92 - Update to 4.16-final. - commit 1b10c5b - Linux 4.15.15 (bnc#1012628). - team: Fix double free in error path (bnc#1012628). - skbuff: Fix not waking applications when errors are enqueued (bnc#1012628). - qede: Fix qedr link update (bnc#1012628). - net: systemport: Rewrite __bcm_sysport_tx_reclaim() (bnc#1012628). - net: Only honor ifindex in IP_PKTINFO if non-0 (bnc#1012628). - netlink: avoid a double skb free in genlmsg_mcast() (bnc#1012628). - net/iucv: Free memory obtained by kzalloc (bnc#1012628). - net: fec: Fix unbalanced PM runtime calls (bnc#1012628). - net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface (bnc#1012628). - commit 4904fc3 - net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred (bnc#1012628). - l2tp: do not accept arbitrary sockets (bnc#1012628). - ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() (bnc#1012628). - dccp: check sk for closed state in dccp_sendmsg() (bnc#1012628). - dpaa_eth: remove duplicate increment of the tx_errors counter (bnc#1012628). - dpaa_eth: increment the RX dropped counter when needed (bnc#1012628). - dpaa_eth: remove duplicate initialization (bnc#1012628). - dpaa_eth: fix error in dpaa_remove() (bnc#1012628). - soc/fsl/qbman: fix issue in qman_delete_cgr_safe() (bnc#1012628). - s390/qeth: on channel error, reject further cmd requests (bnc#1012628). - s390/qeth: lock read device while queueing next buffer (bnc#1012628). - s390/qeth: when thread completes, wake up all waiters (bnc#1012628). - s390/qeth: free netdevice when removing a card (bnc#1012628). - net: Fix hlist corruptions in inet_evict_bucket() (bnc#1012628). - net: use skb_to_full_sk() in skb_update_prio() (bnc#1012628). - ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() (bnc#1012628). - sch_netem: fix skb leak in netem_enqueue() (bnc#1012628). - kcm: lock lower socket in kcm_attach (bnc#1012628). - test_rhashtable: add test case for rhltable with duplicate objects (bnc#1012628). - rhashtable: Fix rhlist duplicates insertion (bnc#1012628). - ppp: avoid loop in xmit recursion detection code (bnc#1012628). - net sched actions: return explicit error when tunnel_key mode is not specified (bnc#1012628). - ipv6: Reflect MTU changes on PMTU of exceptions for MTU-less routes (bnc#1012628). - net: phy: Tell caller result of phy_change() (bnc#1012628). - mlxsw: spectrum_buffers: Set a minimum quota for CPU port traffic (bnc#1012628). - ipv6: sr: fix scheduling in RCU when creating seg6 lwtunnel state (bnc#1012628). - ipv6: sr: fix NULL pointer dereference when setting encap source address (bnc#1012628). - ipv6: old_dport should be a __be16 in __ip6_datagram_connect() (bnc#1012628). - net: ipv6: keep sk status consistent after datagram connect failure (bnc#1012628). - macvlan: filter out unsupported feature flags (bnc#1012628). - devlink: Remove redundant free on error path (bnc#1012628). - net: phy: relax error checking when creating sysfs link netdev->phydev (bnc#1012628). - sysfs: symlink: export sysfs_create_link_nowarn() (bnc#1012628). - qed: Fix non TCP packets should be dropped on iWARP ll2 connection (bnc#1012628). - tcp: purge write queue upon aborting the connection (bnc#1012628). - qed: Fix MPA unalign flow in case header is split across two packets (bnc#1012628). - openvswitch: meter: fix the incorrect calculation of max delta_t (bnc#1012628). - net: dsa: Fix dsa_is_user_port() test inversion (bnc#1012628). - commit 0e7b541 - Linux 4.15.14 (bnc#1012628). - MIPS: ralink: Remove ralink_halt() (bnc#1012628). - MIPS: ralink: Fix booting on MT7621 (bnc#1012628). - MIPS: lantiq: Fix Danube USB clock (bnc#1012628). - MIPS: lantiq: Enable AHB Bus for USB (bnc#1012628). - MIPS: lantiq: ase: Enable MFD_SYSCON (bnc#1012628). - iio: chemical: ccs811: Corrected firmware boot/application mode transition (bnc#1012628). - iio: st_pressure: st_accel: pass correct platform data to init (bnc#1012628). - iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock() (bnc#1012628). - ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit (bnc#1012628). - ALSA: aloop: Sync stale timer before release (bnc#1012628). - ALSA: aloop: Fix access to not-yet-ready substream via cable (bnc#1012628). - ALSA: hda - Force polling mode on CFL for fixing codec communication (bnc#1012628). - ALSA: hda/realtek - Fix speaker no sound after system resume (bnc#1012628). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bnc#1012628). - ALSA: hda/realtek - Always immediately update mute LED with pin VREF (bnc#1012628). - mmc: core: Fix tracepoint print of blk_addr and blksz (bnc#1012628). - mmc: core: Disable HPI for certain Micron (Numonyx) eMMC cards (bnc#1012628). - mmc: block: fix updating ext_csd caches on ioctl call (bnc#1012628). - mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems (bnc#1012628). - mmc: dw_mmc: exynos: fix the suspend/resume issue for exynos5433 (bnc#1012628). - mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs (bnc#1012628). - PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L (bnc#1012628). - ahci: Add PCI-id for the Highpoint Rocketraid 644L card (bnc#1012628). - lockdep: fix fs_reclaim warning (bnc#1012628). - clk: bcm2835: Fix ana->maskX definitions (bnc#1012628). - clk: bcm2835: Protect sections updating shared registers (bnc#1012628). - clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops (bnc#1012628). - RDMA/mlx5: Fix crash while accessing garbage pointer and freed memory (bnc#1012628). - Drivers: hv: vmbus: Fix ring buffer signaling (bnc#1012628). - pinctrl: samsung: Validate alias coming from DT (bnc#1012628). - Bluetooth: btusb: Remove Yoga 920 from the btusb_needs_reset_resume_table (bnc#1012628). - Bluetooth: btusb: Add Dell OptiPlex 3060 to btusb_needs_reset_resume_table (bnc#1012628). - libata: fix length validation of ATAPI-relayed SCSI commands (bnc#1012628). - libata: remove WARN() for DMA or PIO command without data (bnc#1012628). - libata: don't try to pass through NCQ commands to non-NCQ devices (bnc#1012628). - libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs (bnc#1012628). - libata: disable LPM for Crucial BX100 SSD 500GB drive (bnc#1012628). - libata: Enable queued TRIM for Samsung SSD 860 (bnc#1012628). - libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs (bnc#1012628). - libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions (bnc#1012628). - libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version (bnc#1012628). - sched, cgroup: Don't reject lower cpu.max on ancestors (bnc#1012628). - cgroup: fix rule checking for threaded mode switching (bnc#1012628). - nfsd: remove blocked locks on client teardown (bnc#1012628). - media: tegra-cec: reset rx_buf_cnt when start bit detected (bnc#1012628). - hugetlbfs: check for pgoff value overflow (bnc#1012628). - h8300: remove extraneous __BIG_ENDIAN definition (bnc#1012628). - mm/vmalloc: add interfaces to free unmapped page table (bnc#1012628). - x86/mm: implement free pmd/pte page interfaces (bnc#1012628). - mm/khugepaged.c: convert VM_BUG_ON() to collapse fail (bnc#1012628). - mm/thp: do not wait for lock_page() in deferred_split_scan() (bnc#1012628). - mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink() (bnc#1012628). - Revert "mm: page_alloc: skip over regions of invalid pfns where possible" (bnc#1012628). - drm/vmwgfx: Fix black screen and device errors when running without fbdev (bnc#1012628). - drm/vmwgfx: Fix a destoy-while-held mutex problem (bnc#1012628). - drm/radeon: Don't turn off DP sink when disconnected (bnc#1012628). - drm/amd/display: We shouldn't set format_default on plane as atomic driver (bnc#1012628). - drm/amd/display: Add one to EDID's audio channel count when passing to DC (bnc#1012628). - drm: Reject getfb for multi-plane framebuffers (bnc#1012628). - drm: udl: Properly check framebuffer mmap offsets (bnc#1012628). - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1012628). - module: propagate error in modules_open() (bnc#1012628). - acpi, numa: fix pxm to online numa node associations (bnc#1012628). - ACPI / watchdog: Fix off-by-one error at resource assignment (bnc#1012628). - libnvdimm, {btt, blk}: do integrity setup before add_disk() (bnc#1012628). - brcmfmac: fix P2P_DEVICE ethernet address generation (bnc#1012628). - rtlwifi: rtl8723be: Fix loss of signal (bnc#1012628). - tracing: probeevent: Fix to support minus offset from symbol (bnc#1012628). - mtdchar: fix usage of mtd_ooblayout_ecc() (bnc#1012628). - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bnc#1012628). - mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0 (bnc#1012628). - mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0 (bnc#1012628). - can: peak/pcie_fd: fix echo_skb is occupied! bug (bnc#1012628). - can: peak/pcie_fd: remove useless code when interface starts (bnc#1012628). - can: ifi: Repair the error handling (bnc#1012628). - can: ifi: Check core revision upon probe (bnc#1012628). - can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack (bnc#1012628). - can: cc770: Fix queue stall & dropped RTR reply (bnc#1012628). - can: cc770: Fix use after free in cc770_tx_interrupt() (bnc#1012628). - tty: vt: fix up tabstops properly (bnc#1012628). - selftests/x86/ptrace_syscall: Fix for yet more glibc interference (bnc#1012628). - x86/vsyscall/64: Use proper accessor to update P4D entry (bnc#1012628). - x86/efi: Free efi_pgd with free_pages() (bnc#1012628). - posix-timers: Protect posix clock array access against speculation (bnc#1012628). - kvm/x86: fix icebp instruction handling (bnc#1012628). - x86/build/64: Force the linker to use 2MB page size (bnc#1012628). - x86/boot/64: Verify alignment of the LOAD segment (bnc#1012628). - hwmon: (k10temp) Only apply temperature offset if result is positive (bnc#1012628). - hwmon: (k10temp) Add temperature offset for Ryzen 1900X (bnc#1012628). - perf/x86/intel/uncore: Fix Skylake UPI event format (bnc#1012628). - perf stat: Fix CVS output format for non-supported counters (bnc#1012628). - perf/core: Fix ctx_event_type in ctx_resched() (bnc#1012628). - trace/bpf: remove helper bpf_perf_prog_read_value from tracepoint type programs (bnc#1012628). - perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period() (bnc#1012628). - perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers (bnc#1012628). - iio: ABI: Fix name of timestamp sysfs file (bnc#1012628). - iio: imu: st_lsm6dsx: fix endianness in st_lsm6dsx_read_oneshot() (bnc#1012628). - iio: imu: st_lsm6dsx: introduce conf_lock mutex (bnc#1012628). - staging: android: ion: Zero CMA allocated memory (bnc#1012628). - kbuild: disable clang's default use of -fmerge-all-constants (bnc#1012628). - bpf: skip unnecessary capability check (bnc#1012628). - bpf, x64: increase number of passes (bnc#1012628). - commit def7e44 - staging: ncpfs: memory corruption in ncp_read_kernel() (bsc#1086162, CVE-2018-8822). - commit a967c04 - x86/entry/64: Don't use IST entry for #BP stack (bsc#1087088). - commit 67a9975 - brcmsmac: allocate ucode with GFP_KERNEL (bsc#1085174). - commit 580a38a - Update vanilla config files. - commit 9beaab6 - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (bsc#1084829 CVE-2018-8043). - commit 7b5f96b - Update to 4.16-rc7. - Eliminated 1 patch. - commit 7a36f2f ==== korganizer ==== Subpackages: korganizer-lang - Add fix-folder-properties.patch to fix "Folder Properties" not appearing (kde#392395) ==== lapack ==== Version update (3.5.0 -> 3.8.0) Subpackages: libblas3 liblapack3 - Update to version 3.8.0: * Symmetric-indefinite Factorization: Aasen?s tridiagonalization 2 stage. * LAPACKE interfaces. - Static -pic libraries are no longer built. ==== less ==== - Use %license instead of %doc [bsc#1082318] ==== libmygpo-qt ==== Version update (1.0.9 -> 1.1.0) - Update to 1.1.0: * Deprecated Qt4 support * Improvements in Qt5 support * Fix in URL parsing, preventing Double Encoding of URLs ==== libofx ==== Version update (0.9.10 -> 0.9.12) Subpackages: libofx-devel - Update to version 0.9.12: + Fixing a buffer overflow (CVE-2017-2816). - Add libofx-CVE-2017-14731.patch: Fix a buffer overflow on unexpected tag names (CVE-2017-14731, boo#1060437). - Update to version 0.9.11: + Add support for client uid, from kde#366326 bug. - Rename libofx6 subpackage to libofx7, following the soname bump. - Delete backup files that should not be in the tarball. ==== libreoffice ==== Version update (6.0.3.1 -> 6.0.3.2) Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit - Update to 6.0.3.2 fate#324870: * Final 6.0.3 tag for release ==== libsecret ==== Version update (0.18.5 -> 0.18.6) Subpackages: libsecret-1-0 libsecret-lang typelib-1_0-Secret-1 - Update to version 0.18.6: + Fix shared key derivation between libsecret and gnome-keyring (bgo#778357). + Avoid run-time error when gnome-keyring is not responding (bgo#787391). + Enable cross compilation (bgo#748111). + GI annotation fixes (bgo#785034). + Fix textual typos (bgo#782206). + Updated translations. - Drop libsecret-secret-size.patch: fixed upstream. ==== libsmbios ==== Version update (2.3.3 -> 2.4.1) Subpackages: python-smbios smbios-utils-python - Update shared library packaging to meet guideline. - Use find's -exec + strategy. - Escape all % signs to %% where needed. - Update to 2.4.1: * Minor fixes submitted for help2man improvements and a signed comparison. * Fix a crash when used by fwupd [boo#1086732] - Changes in 2.4.0: * Convert all python2 -> python3. * Drop libsmbios C++ library. * Introduce support for WMI SMM API provided by Linux kernel 4.15+. * Add proper support for SMBIOS 3.0 tables. * Fix many many crashers. * Clean up long standing coverity errors. ==== libzip ==== Subpackages: libzip-devel libzip5 - add pkgconfig.patch - fixes boo#1087756 ==== logrotate ==== - Use %license instead of %doc [bsc#1082318] ==== mercurial ==== Version update (4.5.2 -> 4.5.3) Subpackages: mercurial-lang - Mercurial 4.5.3 This is a regularly-scheduled bugfix release. * Bug Fixes + rebase: on abort, don't strip commits that didn't need to be rebased (issue5822) + hgweb: garbage collect on every request + amend: abort if unresolved merge conflicts found (issue5805) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-apparmor_opt patterns-base-base patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base_conflicts patterns-base-sw_management patterns-base-x11 patterns-base-x11_opt patterns-base-x86 - Recommend bash-completion by the base system (not minimal_base): most users will expect it to be present and until recently, it was in a recommended chain of systemd (boo#1087710). ==== patterns-desktop ==== Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-imaging_opt patterns-desktop-laptop patterns-desktop-multimedia patterns-desktop-multimedia_opt patterns-desktop-technical_writing - Do not recommend (non-free) AdobeICCProfiles for standard installations (boo#1088291). ==== patterns-gnome ==== Version update (20170319 -> 20180321) Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_ide patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Drop gnome-icon-theme recommendation from gnome_x11: this theme has been long superseded by adwaita. While reworking the pattern for the SLE12->15 migration, it snuck back in. - Only recommend gnome-initial-setup on SLE/Leap: those have a crippled variant of g-i-s only doing extended keyboard settings. g-i-s in Tumbleweed is 'the real thing' and is meant for system integrators, that can use it as initial system start to configure the system. - Drop dia and inkscape from defaults basically if you want to do vector operations you can install the packages while most users won't use these on default installation - Drop the gnome-menus as it is dead as snail since 2013 - Reduce remmina/vino/vinagre to require only remmina/vingare as SLE/openSUSE diff, vino is VNC server not needed by default * kill gnome admin which is now empty - Do not recommend amavisd-new - no need for virus scanner - Drop google-droid-fonts, all core pkgs recommend required fonts no need to mess with it in patterns - No longer recommend aria2 - Drop gutenprint and hplip from patterns here, this is handled by printing patterns - Drop gnome-laptop pattern, move gnome-bluetooth recommend to core - Drop gnome-imaging-opt moving dia to gnome-imaging - Remove suggest on sound-juicer - rippers can install it by hand - Remove abiword/gnumeric/pinpoint - we already pull full libreoffice, if someone wants to, they can pull it later on - Switch from empathy to pidgin (also dropping the telepathy connectors) as the empathy is kinda dying while pidgin rocks on - Bump version to $TODAY - Remove libui-gtk-pkg as it is gone - Remove various stray comments - Drop gtk2-devel from devel as we should strive to kill it - Drop gnome-doc-utils-devel as gnome-doc-utils is deprecated - Drop monodevelop as we do not really emphasise mono these days - Drop f-spot as it is gone - Recommend also gstreamer-plugins-libav - Drop yast-scanner and yast-tv as both modules were removed - Split gnome pattern into gnome_x11 and gnome (wayland) patterns to implement SLED system roles (FATE#324198). - Add gnome-user-share as requires (bsc#1075321). - Add deja-dup, gnome-characters and gnome-contacts are Recommends to gnome pattern (SLE only) (bsc#1069699). - Add brasero and file-roller as Recommends to gnome_basic pattern (SLE only) (bsc#1069699, bsc#1065945). - Fix requires in gnome_basic pattern, it MUST be gnome_basic, not gnome-basic (bsc#1066771), pattern name MUST NOT contain -, only _ is allowed. - Fix requires in gnome pattern on SLE, should be gnome-basic not gnome_basic. - Stop requiring yast2-control-center-gnome in gnome pattern, use x11_yast patterns as Recommends instead (bsc#1062733). - Remove gstreamer as Recommends, it is pulled by package dependencies. - Stop provides/obsoletes openSUSE patterns when building on SLE. - On SLE, gnome pattern requires gnome_basic and not just gnome_basis (bsc#1065166). - No longer requires cheese for g-c-c user panel, only recommends. - Switch to pidgin on SLE (bsc#1065191). - Recommends gnome-documents on SLE gnome pattern. - No longer recommends tracker-gui, it no longer exists. - Recommends NetworkManager-openvpn/pptp/openconnect-gnome on SLE gnome pattern (bsc#1065148). - Disable some implicit requires (gnome-shell/gnome-settings-daemon/gnome-control-center) when gdm is requires. - Massive cleanup on gnome_basis pattern, dropping obsolete package dependencies. - Add gnome_basic pattern, installing a basic GNOME desktop and application, with SLES as a use case. - evince should be included on SLE (bsc#1063397) - Do not requires x11_base pattern, it doesn't exist anymore and gnome_basis as requirement is enough. - base pattern now obsoletes and provides Default to make SLE-12 upgrades smoother (bsc#1062164) ==== patterns-kde ==== Subpackages: patterns-kde-devel_kde patterns-kde-devel_kde_frameworks patterns-kde-devel_qt5 patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - Replace plasma-nm5-vpnc with plasma-nm5-openconnect ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Require readonly_root_tools pattern by rest_dvd: add the pattern to the installation DVD (boo#1088229). - No longer require gnome_laptop by rest_cd_gnome: gnome_laptop has been dropped, as it was empty. - No longer require gnome_admin, gnome_imaging_opt, gnome_laptop, gnome_multimedia_opt and gnome_office_opt by rest_DVD: those patterns were eliminated. ==== perl-DBD-SQLite ==== Version update (1.56 -> 1.58) - updated to 1.58 see /usr/share/doc/packages/perl-DBD-SQLite/Changes 1.58 2018-03-28 - Switched to a production version. 1.57_01 2018-03-21 - Made it an error to fetch attributes from a statement handle whose database handle is inactive (ribasushi++) ==== php7 ==== Version update (7.2.3 -> 7.2.4) Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-openssl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zip php7-zlib - updated to 7.2.4: This is a security release with also contains several minor bug fixes. http://php.net/ChangeLog-7.php#7.2.4 - php7-no-build-date.patch refreshed ==== plasma5-workspace ==== Subpackages: plasma5-session plasma5-session-wayland plasma5-workspace-devel plasma5-workspace-lang plasma5-workspace-libs - Add Fix-weather-engine-BBC-provider.patch to adapt the BBC weather engine provider to changes in the RSS feed that broke it (kde#392510) ==== psqlODBC ==== Version update (10.01.0000 -> 10.02.0000) - Update to version 10.02.0000: * It's safer to call setlocale(LC_CTYPE, "") than calling setlocale(LC_ALL, "") * Avoid replacing effective notice messages. * Handle MALLOC/REALLOC errors while fetching tuples more effectively. * Make SQLSetPos(SQL_DELETE/SQL_REFRESH) more effective. Because queries calling currtid(2) like select .. from .. where ctid=currtid2(.., ..) cause Seq Scan, their execution may be very slow. It is better to execute queries using subqueries like select .. from .. where ctid=(select currtid2(.., ..)) because they cause Tid Scan. * Fix a crash bug in AddDeleted(). ==== python3 ==== Version update (3.6.4 -> 3.6.5) Subpackages: python3-curses python3-dbm python3-tk - update to 3.6.5 * bugfix release * see Misc/NEWS for details - drop ctypes-pass-by-value.patch - drop fix-localeconv-encoding-for-LC_NUMERIC.patch - refresh python-3.6.0-multilib-new.patch ==== python3-base ==== Version update (3.6.4 -> 3.6.5) Subpackages: libpython3_6m1_0 - update to 3.6.5 * bugfix release * see Misc/NEWS for details - drop ctypes-pass-by-value.patch - drop fix-localeconv-encoding-for-LC_NUMERIC.patch - refresh python-3.6.0-multilib-new.patch ==== remmina ==== Version update (1.2.0~rcgit.27 -> 1.2.0~rcgit.28) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp - Desktop and icon updates will only be executed on suse versions prior to 1500. - Activated telepathy plugin - Enabled PIE - Removed patch included in upstream - Upgraded to 1.2.0.-rcgit.28 Implemented enhancements: * window has no focus when open ssh sessions #1530 * Enhancement - Variables for pre- and post-commands #1485 * Register and support opening rdp files - Mime improvements #1497 (antenore) * Profile and group name niddles in the pre/post commands #1492 (antenore) * Add xdmcp protocol to Keywords #1491 (mfvescovi) Fixed bugs: * Remmina fails to connect to SSH server without compression since 1.2.0-rcgit-27 (git rcgit-27) #1505 * Pasting something that was copied in another VM that has since been closed causes crash #1484 * SSH password authentication failed Wrong state during pending SSH call #1428 * Fix clipboard cleanup, fixes issue #1484 #1486 (giox069) * telepathy: add dbus-glib-1 to link flags * Minor improvements on secure plugin and SNAP welcome message #1545 * Fixes segmentation fault reported by #1499 #1503 Other improvements: * Redesign - Removed icons where not needed #1535 * Delay and use gtk_window_present_with_time() #1533 * Update French translation #1524 * Fixes for fedora bugs - desktop file and AppStream metadata #1523 * Desktop data fixes #1522 * Updated Hungarian translation #1517 * Removed compression option as not compatible with all SSH servers #1506 ==== rsync ==== - Use %license instead of %doc [bsc#1082318] ==== screen ==== - Use %license instead of %doc [bsc#1082318] ==== skanlite ==== Version update (2.0.1 -> 2.1.0.1) Subpackages: skanlite-lang - Update to version 2.1.0.1: * Add translations that were missing in 2.1.0 (kde#392598) - Update to version 2.1.0: * Allow index to start from 0 (kde#360432) * D-BUS support * Bugfix: wrong folder selection dialog behavior (kde#377929) * Fix DPI info in 16-bit PNG * Fix handling of empty prefix * Correct display of applied filename templates * Default to PNG format if no format is provided (kde#374315) ==== skopeo ==== Version update (0.1.26 -> 0.1.28) - Run spec-cleaner on skopeo.spec - Enable ostree support on Tumbleweed, Leap 15 and SLE 15 - Enable support for containers/storage, which is especially useful to further support Podman and cri-o. - Update to skopeo v0.1.28: * vendor: bump containers/image and containers/image * Cleanup skopeo man page and README.md * Use credentials from authfile for skopeo commands * Update to a newer containers/storage master * Add global --override-arch and --override-os options ==== sqlite3 ==== Version update (3.22.0 -> 3.23.0) Subpackages: libsqlite3-0 libsqlite3-0-32bit sqlite3-devel sqlite3-doc - update to 3.23.0: * Add the sqlite3_serialize() and sqlite3_deserialize() interfaces when the SQLITE_ENABLE_DESERIALIZE compile-time option is used. * Recognize TRUE and FALSE as constants. (For compatibility, if there exist columns named "true" or "false", then the identifiers refer to the columns rather than Boolean constants.) * Support operators IS TRUE, IS FALSE, IS NOT TRUE, and IS NOT FALSE. * Added the SQLITE_DBSTATUS_CACHE_SPILL option to sqlite3_db_status() for reporting the number of cache spills that have occurred. * The "alternate-form-2" flag ("!") on the built-in printf implementation now causes string substitutions to measure the width and precision in characters instead of bytes. * If the xColumn method in a virtual table implementation returns an error message using sqlite3_result_error() then give that error message preference over internally-generated messages. * Added the -A command-line option to the CLI to make it easier to manage SQLite Archive files. * Add support for INSERT OR REPLACE, INSERT OR IGNORE, and UPDATE OR REPLACE in the Zipfile virtual table. * Enhance the sqlite3changeset_apply() interface so that it is hardened against attacks from deliberately corrupted changeset objects. * Added the sqlite3_normalize() extension function. * Query optimizer enhancements * Various bug fixes * Fix various issues reported by fuzzers, including: + CVE-2018-8740: NULL pointer dereference on CREATE TABLE as (bsc#1085790) ==== vala ==== Version update (0.40.1 -> 0.40.2) Subpackages: libvala-0_40-0 - Update to version 0.40.2: + Various bug fixes: gdbus: Fix missing declaration of _fd_list for async methods (bgo#794566). + Bindings: - glib-2.0: Use g_value_*et_schar instead of deprecated g_value_*et_char - gobject-2.0: Add ParamSpecGType. - gtk+-*.0: Hide dedicated constructors of compact classes bound as structs (bgo#794733). ==== vim ==== Subpackages: gvim vim-data vim-data-common - Pre-convert gvim icons, otherwise building vim depends on rsvg-convert -> librsvg -> cargo -> Rust -> LLVM - Cleanup SVG icon, make lines pixel-grid aligned - Correct RPM Group - Use %license instead of %doc [bsc#1082318] ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1086038 - VM guests cannot be properly installed with virt-install d15b78ab-virtinst-read-CPU-model-from-domain-capabilities.patch fd6a8154-virtinst-compare-host-and-domain-cpu-models.patch - Drop virtinst-dont-set-cpu-model-when-caps-mismatch.patch in favor of upstream versions. ==== vsftpd ==== - Add firewalld service file (bsc#1083705) ==== wireshark ==== Version update (2.4.5 -> 2.4.6) Subpackages: libwireshark9 libwiretap7 libwscodecs1 libwsutil8 wireshark-ui-qt - Wireshark 2.4.6: This release fixes minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1088200): * CVE-2018-9264: ADB dissector crash * CVE-2018-9260: IEEE 802.15.4 dissector crash * CVE-2018-9261: NBAP dissector crash * CVE-2018-9262: VLAN dissector crash * CVE-2018-9256: LWAPP dissector crash * CVE-2018-9263: Kerberos dissector crash * CVE-2018-9258: TCP dissector crash * CVE-2018-9257: CQL infinite loop * Memory leaks in multiple dissectors: CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.4.6.html ==== xmlgraphics-fop ==== - Added patch: * java8-compatibility.patch + Fix compatibility with java8 and lower when built with java9 or higher ==== yast2-auth-client ==== Version update (3.3.18 -> 4.0.0) - bnc#1087957 - version bump - 4.0.0 ==== yast2-tftp-server ==== Version update (4.0.1 -> 4.0.2) - do not report error when cloning without tftp installed (bsc#1081688) - 4.0.2 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

4 4