Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.0&build=252.1&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.0 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: MozillaFirefox NetworkManager apparmor autoyast2 (4.0.52 -> 4.0.53) baloo5 bluez chromium cups-filters (1.20.2 -> 1.20.3) desktop-translations (84.87.20180423.2e342f3a -> 84.87.20180507.9a26f9e2) gdm gnome-maps (3.28.1 -> 3.28.2) gpg2 hack-fonts (2.020 -> 3.003) kernel-source kinfocenter5 kwalletmanager5 libXScrnSaver libetonyek (0.1.7 -> 0.1.8) libgcrypt libreoffice (6.0.4.1 -> 6.0.4.2) libsoup (2.62.0 -> 2.62.2) llvm5 openssl-1_1 patterns-base plasma-nm5 plasma5-desktop plasma5-pk-updates postfix rpm sddm shim util-linux util-linux-systemd webkit2gtk3 (2.20.1 -> 2.20.2) xen (4.10.0_18 -> 4.10.0_20) yast2-bootloader (4.0.31 -> 4.0.32) yast2-storage-ng (4.0.178 -> 4.0.179) === Details === ==== MozillaFirefox ==== Subpackages: MozillaFirefox-translations-common MozillaFirefox-translations-other - correct buildconfig (source-stamp.txt) and update channel definition ==== NetworkManager ==== Subpackages: NetworkManager-lang libnm-glib-vpn1 libnm-glib4 libnm-util2 libnm0 typelib-1_0-NM-1_0 typelib-1_0-NMClient-1_0 typelib-1_0-NetworkManager-1_0 - Add NM-look-at-all-rp-filter-value.patch: look at 'all' rp_filter value too to determine actual value (bsc#1084336, bgo#794689). ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang perl-apparmor python3-apparmor - add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099) ==== autoyast2 ==== Version update (4.0.52 -> 4.0.53) Subpackages: autoyast2-installation - Handle DASD or zFCP devices even when the profile is not in a remote location (bsc#1089554). - 4.0.53 ==== baloo5 ==== Subpackages: baloo5-file baloo5-file-lang baloo5-imports baloo5-imports-lang baloo5-kioslaves baloo5-kioslaves-lang baloo5-tools baloo5-tools-lang libKF5Baloo5 libKF5BalooEngine5 libKF5BalooEngine5-lang - Add upstream patch 0001-Avoid-infinite-loops-when-fetching-the-URL-from-Docu.patch: * Avoid infinite loops with corrupted databases (kde#378754) ==== bluez ==== Subpackages: libbluetooth3 - Add CVE-2016-9800-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch * Fix hcidump memory leak in pin_code_reply_dump(). (bsc#1013721)(CVE-2016-9800) CVE-2016-9804-tool-hcidump-Fix-memory-leak-with-malformed-packet.patch * Fix hcidump buffer overflow in commands_dump(). (bsc#1013877)(CVE-2016-9804) ==== chromium ==== - Add patch chromium-skia-system-fontconfig.patch to fix bsc#1092272 - Enable build on AArch64 - Fix build on AArch64: * set target_cpu to arm64 * disable tcmalloc and swiftshader for aarch64 * Add new patches: - chromium-65.0.3325.162-skia-aarch64-buildfix.patch - chromium-skia-neon.patch ==== cups-filters ==== Version update (1.20.2 -> 1.20.3) - Version upgrade to 1.20.3 to fix regression from 1.20.2 that ignores printers published using legacy CUPS broadcast ==== desktop-translations ==== Version update (84.87.20180423.2e342f3a -> 84.87.20180507.9a26f9e2) - Update to version 84.87.20180507.9a26f9e2: * Translated using Weblate (Dutch) * Translated using Weblate (German) * Translated using Weblate (Greek) * Translated using Weblate (Hindi) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Slovak) ==== gdm ==== Subpackages: gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Drop gdm-quit-plymouth-on-headless.patch: Patch is known to cause the first login to fail, a reworked patch needed. - Add gdm-quit-plymouth-on-headless.patch: Stop boot splash whenever a display is managed, to avoid systems without monitor from hanging (boo#1089673 bgo#795477). ==== gnome-maps ==== Version update (3.28.1 -> 3.28.2) Subpackages: gnome-maps-lang - Update to version 3.28.2: + Enable selecting map markers on touch screens. + Updated translations. ==== gpg2 ==== Subpackages: gpg2-lang - Added gnupg-CVE-2018-9234.patch: Enforce that key certification can only be done with the master key, and not a signing subkey. (bnc#1088255 CVE-2018-9234) ==== hack-fonts ==== Version update (2.020 -> 3.003) - Release 3.003; Major changes: * New license: + Eliminated Hack Open Font License + Added MIT License for Hack work + These license changes eliminated the Reserved Font Name "Hack" in the typeface license + No changes to co-licensure with the Bitstream Vera license from upstream source * Only provide ttf * For details, see https://github.com/source-foundry/Hack/blob/master/CHANGELOG.md - Update LICENSE.md and README.md to the versions from master - Removed service file, seems unnecessary ==== kernel-source ==== Subpackages: kernel-default kernel-vanilla-base - btrfs: Fix wrong first_key parameter in replace_path (follow up fix for bsc#1084721). - commit 4346da1 - btrfs: suspend qgroups during relocation recovery (bsc#1086467). - commit f0b899a - Refresh patches.suse/btrfs-qgroups-fix-rescan-worker-running-races.patch. The previous version reintroduced the race that upstream commit 8d9eddad194 was intended to fix. This version addresses that issue as well as fixing a separate issue where the rescan worker might not have resumed on mount. - commit 3847d2d - Delete patches.suse/btrfs-push-relocation-recovery-into-helper-thread.patch. Pushing relocation recovery into a thread allowed mounts to proceed but the file system would end up being unable to be unmounted for some time. - commit a456afe - ext4: Fix hole length detection in ext4_ind_map_blocks() (bsc#1090953). - commit 6264cfb - scripts/git_sort/git_sort.py: Remove duplicated repo entry - commit 5449163 - powerpc/64s: Enhance the information in cpu_show_spectre_v1() (bsc#1068032). - commit 447e243 - Enable uniput driver (bsc#1092566). - commit 7e93d22 - Refresh patches.suse/revert-btrfs-qgroup-move-half-of-the-qgroup-accounting-time-out-of-commit-trans.patch. - commit 6bb3a77 - powerpc/lib: Fix off-by-one in alternate feature patching (bsc#1065729). - commit 64ed10b - ibmvnic: Clean actual number of RX or TX pools (bsc#1092289). - commit 87e794b - ovl: treat btrfs mounts as different superblocks (bsc#1059336). - commit f3a38b6 - net/mlx5: Avoid cleaning flow steering table twice during error flow (bsc#1091532). - commit 62f9ca0 - x86/xen: Calculate __max_logical_packages on PV domains (bsc#1091543). - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1091543). - xen/vcpu: Handle xen_vcpu_setup() failure at boot (bsc#1091543). - commit bbde611 - powerpc/64s: Enable barrier_nospec based on firmware settings (bsc#1068032, bsc#1080157). Delete patches.arch/powerpc-64-barrier_nospec-Add-commandline-trigger.patch. Delete patches.arch/powerpc-64s-barrier_nospec-Add-hcall-trigger.patch. - commit a3f6f3e - Delete patches.arch/powerpc-64s-Use-barrier_nospec-in-RFI_FLUSH_SLOT.patch. - commit f4a4c12 - Refresh patches.arch/powerpc-64-Use-barrier_nospec-in-syscall-entry.patch. - commit 238866b - powerpc: Use barrier_nospec in copy_from_user() (bsc#1068032, bsc#1080157). - commit 080b1ec - Refresh patches.arch/powerpc-Add-barrier_nospec.patch Refresh patches.arch/powerpc-64s-Add-support-for-ori-barrier_nospec-patch.patch Refresh patches.arch/powerpc-64-Patch-barrier_nospec-in-modules.patch Delete patches.arch/powerpc-64-barrier_nospec-Add-debugfs-trigger.patch - commit 40ed6a0 - Refresh patches.drivers/ibmvfc-avoid-unnecessary-port-relogin.patch - commit d88d95f - x86/smpboot: Fix __max_logical_packages estimate (bsc#1091543). - commit 2eb7ead - qla2xxx: Enable T10-DIF with FC-NVMe enabled (bsc#1091264). - commit fa61ec8 ==== kinfocenter5 ==== Subpackages: kinfocenter5-lang - Add kcm_opengl-Fix-retrieval-of-DRI-information.patch to fix displaying 3D acceleration info and kernel module in "OpenGL" with kernels >= 3.12 ==== kwalletmanager5 ==== Subpackages: kwalletmanager5-lang - Remove setBadness calls (wtf) (boo#1090647) ==== libXScrnSaver ==== - added "Provides: %name = %version-%release" in order to work- around hard requires for wrongly packaged 3rd party package Slack (boo#1090514) ==== libetonyek ==== Version update (0.1.7 -> 0.1.8) - Version update to 0.1.8: + More support for keynote content + Add support for Keynote 1 documents. + Add support for Numbers 3 documents. + Fix several issues found by oss-fuzz. + Fix build with glm 0.9.9. + Other fixes and improvements. ==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit - Suggest libgcrypt20-hmac for package libgcrypt20 to ensure they are installed in the right order. [bsc#1090766] ==== libreoffice ==== Version update (6.0.4.1 -> 6.0.4.2) Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-ar libreoffice-l10n-bg libreoffice-l10n-ca libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-eo libreoffice-l10n-es libreoffice-l10n-et libreoffice-l10n-fa libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ko libreoffice-l10n-lt libreoffice-l10n-nb libreoffice-l10n-nl libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-sk libreoffice-l10n-sl libreoffice-l10n-sv libreoffice-l10n-uk libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit - Bump to 6.0.4.2: * 2 more fixes on top of 6.0.4.1 ==== libsoup ==== Version update (2.62.0 -> 2.62.2) Subpackages: libsoup-2_4-1 libsoup-lang typelib-1_0-Soup-2_4 - Update to version 2.62.2: + Fixes to instrospection annotation (bgo#795135). + Fixes to the test suite with PHP version >= 7.2 (bgo#795111). + Critical warning fixes to SoupSocket. + Updated translations. - Drop upstream fixed patches: + libsoup-SoupCookie-fix-instrospection-annotation.patch (bgo#795135). + libsoup-xmlrpc-server-dont-count-null.patch (bgo#795111). + libsoup-soup-socket-fix-critical-warning.patch. - Add upstream bug fix patches: + libsoup-SoupCookie-fix-instrospection-annotation.patch (bgo#795135). + libsoup-xmlrpc-server-dont-count-null.patch (bgo#795111). + libsoup-soup-socket-fix-critical-warning.patch. - Update to version 2.62.1: + Fix digest authentication with encoded URIs (bgo#794208). + Avoid unaligned memory accesses in WebSocket implementation (bgo#794421). + Use base domain to decide if cookies are third-party (bgo#792130). + Fix crash under soup_socket_new() (bgo#762138). ==== llvm5 ==== - Do not build stage1 with debug info. It was accidentally added with the use of %optflags. This should fix out of memory errors on 32bit architectures and speed up build everywhere else. (bsc#1092697) ==== openssl-1_1 ==== Subpackages: libopenssl1_1 libopenssl1_1-32bit - OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * add openssl-CVE-2018-0737.patch - Fix escaping in c_rehash (boo#1091961, bsc#1091963) * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch ==== patterns-base ==== Subpackages: patterns-base-32bit patterns-base-apparmor patterns-base-apparmor_opt patterns-base-base patterns-base-basesystem patterns-base-console patterns-base-enhanced_base patterns-base-enhanced_base-32bit patterns-base-enhanced_base_opt patterns-base-minimal_base patterns-base-minimal_base-32bit patterns-base-sw_management patterns-base-transactional_base patterns-base-update_test patterns-base-x11 patterns-base-x11_enhanced patterns-base-x11_opt - do not recommend ntp also in enhanced_base (boo#162331) ==== plasma-nm5 ==== Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp - Add supplements to avoid hard requires (part of fix for boo#982962) ==== plasma5-desktop ==== Subpackages: plasma5-desktop-lang - Add patch to fix display of certain submenus in kicker (kde#394013): * 0001-Fix-submenus-not-updating-when-switching-between-cat.patch ==== plasma5-pk-updates ==== Subpackages: plasma5-pk-updates-lang - Add patch to fix tooltip text with security or important updates (boo#1090375): * 0001-Use-n-instead-of-br-for-the-extra-part-of-the-summar.patch - Add patch to close the plasmoid after update installation (boo#1077633): * 0001-Close-the-plasmoid-after-updates-got-installed.patch ==== postfix ==== - remove pre-requirements on sysvinit(network) and sysvinit(syslog). There seems to be no good reason for that other than blowing up the dependencies (bsc#1092408). ==== rpm ==== Subpackages: rpm-32bit - Disable debuginfo dwz compression for baselibs packages [bnc#1092189] ==== sddm ==== Subpackages: sddm-branding-openSUSE - Amend patch to also canonicalize desktop session paths (boo#1092251): * 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch - Add patch to fix build with Qt 5.11: * 0001-Fix-build-with-Qt-5.11-1024.patch ==== shim ==== - Add shim-bsc1092000-fallback-always-try-first-option.patch to avoid being trapped in the infinite reset loop in machines with faulty firmware (bsc#1092000) ==== util-linux ==== Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libsmartcols1 libuuid1 libuuid1-32bit util-linux-lang - Fix lscpu and chcpu on systems with >1024 cores (bnc#1091164, util-linux-lscpu-chcpu-new-cpu-macros.patch). - Fix CPU count in chcpu (bnc#1091164, util-linux-chcpu-cpu-count.patch). ==== util-linux-systemd ==== - Fix lscpu and chcpu on systems with >1024 cores (bnc#1091164, util-linux-lscpu-chcpu-new-cpu-macros.patch). - Fix CPU count in chcpu (bnc#1091164, util-linux-chcpu-cpu-count.patch). ==== webkit2gtk3 ==== Version update (2.20.1 -> 2.20.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Disable JIT on riscv64 - Update to version 2.20.2: + Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. + Properly close the connection to the nested wayland compositor in the Web Process. + Avoid painting backing stores for zero-opacity layers. + Fix downloads started by context menu failing in some websites due to missing user agent HTTP header. + Fix video unpause when GStreamerGL is disabled. + Fix several GObject introspection annotations. + Update user agent quiks to fix Outlook.com and Chase.com. + Fix several crashes and rendering issues. + Security fixes: CVE-2018-4200. ==== xen ==== Version update (4.10.0_18 -> 4.10.0_20) - bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch ==== yast2-bootloader ==== Version update (4.0.31 -> 4.0.32) - Fix installation on BIOS Raid like Intel RSTe (bsc#1091283) - 4.0.32 ==== yast2-storage-ng ==== Version update (4.0.178 -> 4.0.179) - Partitioner: check whether required packages are installed before committing changes to disk (bsc#1089508). - 4.0.179 - Partitioner: fix buttons to abort and to go back (part of fate#318196 and related to bsc#1075443). - Partitioner: fixed detection of reprobed system to avoid unnecessary proposal re-calculation. - Partitioner: allow to select only valid parity algorithms when creating a new MD RAID (bsc#1090182). - Partitioner: "Configure..." button allowing to execute the YaST clients for iSCI, FCoE, DASD, zFCP and XPRAM (bsc#1090753). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org