Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
binutils (2.29 -> 2.29.1)
gcc7 (7.2.1+r251579 -> 7.2.1+r253221)
krb5 (1.15.1 -> 1.15.2)
libsodium (1.0.12 -> 1.0.14)
permissions (20170922 -> 20170928)
=== Details ===
==== binutils ====
Version update (2.29 -> 2.29.1)
- Update to 2.29.1 release, accumulating bugfixes.
- Update binutils-2.29-branch.diff to @a38a1d80 and to be
relative to the 2.29.1 release fixing PRs 22199, 22170 and 22163.
==== gcc7 ====
Version update (7.2.1+r251579 -> 7.2.1+r253221)
Subpackages: cpp7 gcc7-c++ gcc7-fortran gcc7-info gcc7-locale gcc7-objc libasan4
libatomic1 libcilkrts5 libgcc_s1 libgcc_s1-32bit libgfortran4 libgomp1 libitm1 liblsan0
libmpx2 libmpxwrappers2 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit
libstdc++6-devel-gcc7 libtsan0 libubsan0
- Update to gcc-7-branch head (r253221).
* Includes similar fix to gcc41-ppc32-retaddr.patch, disable the
patch but keep the testcase.
- Add support for zero-sized VLAs and allocas with
- fstack-clash-protection. [bnc #1059075]
==== kmail ====
Subpackages: kmail-application-icons ktnef
- Recommend akonadi-search to make index-related functionality
work out of the box (boo#1053540, boo#1013687)
==== krb5 ====
Version update (1.15.1 -> 1.15.2)
Subpackages: krb5-32bit krb5-devel
- Upgrade to 1.15.2
* Fix a KDC denial of service vulnerability caused by unset status
* Preserve GSS contexts on init/accept failure [CVE-2017-11462]
* Fix kadm5 setkey operation with LDAP KDB module
* Use a ten-second timeout after successful connection for HTTPS KDC
requests, as we do for TCP requests
* Fix client null dereference when KDC offers encrypted challenge
* Ignore dotfiles when processing profile includedir directive
* Improve documentation
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent-devel libQt5Concurrent5 libQt5Core-devel
libQt5Core-private-headers-devel libQt5Core5 libQt5DBus-devel libQt5DBus5 libQt5Gui-devel
libQt5Gui-private-headers-devel libQt5Gui5 libQt5Network-devel libQt5Network5
libQt5OpenGL-devel libQt5OpenGL5 libQt5PlatformHeaders-devel libQt5PrintSupport-devel
libQt5PrintSupport5 libQt5Sql-devel libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-postgresql
libQt5Sql5-sqlite libQt5Sql5-unixODBC libQt5Test-devel libQt5Test5 libQt5Widgets-devel
libQt5Widgets5 libQt5Xml-devel libQt5Xml5 libqt5-qtbase-common-devel libqt5-qtbase-devel
- Update package descriptions and grouping.
- Use find -exec's "+" strategy
==== libsodium ====
Version update (1.0.12 -> 1.0.14)
- Update to version 1.0.14
* Internal consistency checks failing and primitives used with
dangerous/out-of-bounds/invalid parameters used to call abort(3).
Now, a custom handler that doesn't return can be set with the
set_sodium_misuse() function. It still aborts by default or if
the handler ever returns. This is not a replacement for non-fatal,
expected runtime errors. This handler will be only called in
unexpected situations due to potential bugs in the library or in
* *_MESSAGEBYTES_MAX macros (and the corresponding _messagebytes_max()
symbols) have been added to represent the maximum message size that
can be safely handled by a primitive. Language bindings are
encouraged to check user inputs against these maximum lengths.
* The test suite has been extended to cover more edge cases.
* crypto_sign_ed25519_pk_to_curve25519() now rejects points that
are not on the curve, or not in the main subgroup.
* Further changes have been made to ensure that smart compilers
will not optimize out code that we don't want to be optimized.
* The sodium_runtime_has_* symbols for CPU features detection are
now defined as weak symbols, i.e. they can be replaced with an
application-defined implementation. This can be useful to
disable AVX* when temperature/power consumption is a concern.
* crypto_kx_*() now aborts if called with no non-NULL pointers
to store keys to.
* SSE2 implementations of crypto_verify_*() have been added.
* Passwords can be hashed using a specific algorithm with the new
* Due to popular demand, base64 encoding (sodium_bin2base64())
and decoding (sodium_base642bin()) have been implemented.
* A new crypto_secretstream_*() API was added to safely encrypt
files and multi-part messages.
* The sodium_pad() and sodium_unpad() helper functions have been
added in order to add & remove padding.
* An AVX512 optimized implementation of Argon2 has been added.
* The crypto_pwhash_str_needs_rehash() function was added to check
if a password hash string matches the given parameters, or if it
needs an update.
Updates from 1.0.13
* An AVX2 optimized implementation of the Argon2 round function was added.
* The Argon2id variant of Argon2 has been implemented. The high-level
crypto_pwhash_str_verify() function automatically detects the
algorithm and can verify both Argon2i and Argon2id hashed passwords.
The default algorithm for newly hashed passwords remains Argon2i
in this version to avoid breaking compatibility with verifiers
running libsodium <= 1.0.12.
* A crypto_box_curve25519xchacha20poly1305_seal*() function set was implemented.
==== permissions ====
Version update (20170922 -> 20170928)
- Update to version 20170928:
* Fix invalid syntax bsc#1048645 bsc#1060738
- Update to version 20170927:
* fix typos in manpages
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org