[opensuse-factory] New Tumbleweed snapshot 20160901 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20160901 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: MozillaFirefox (48.0.1 -> 48.0.2) MozillaThunderbird (45.2 -> 45.3.0) binutils (2.26.1 -> 2.27) elfutils (0.166 -> 0.167) gcc6 (6.1.1+r239476 -> 6.2.1+r239849) grub2 libgcj-gcc6 (6.1.1+r239476 -> 6.2.1+r239849) lsof mailman (2.1.22 -> 2.1.23) python-setuptools (23.1.0 -> 26.1.1) systemd === Details === ==== MozillaFirefox ==== Version update (48.0.1 -> 48.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 48.0.2: * Mitigate a startup crash issue caused on Windows (bmo#1291738) ==== MozillaThunderbird ==== Version update (45.2 -> 45.3.0) Subpackages: MozillaThunderbird-translations-common - update to Thunderbird 45.3.0 (boo#991809) * Disposition-Notification-To could not be used in mail.compose.other.header * "edit as new message" on a received message pre-filled the sender as the composing identity. * Certain messages caused corruption of the drafts summary database. security fixes: * MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file ==== binutils ==== Version update (2.26.1 -> 2.27) Subpackages: binutils-devel - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. GAS: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as "lock addl $0x0, (%[re]sp)". * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. GOLD: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). GNU ld: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. - Add binutils-2.27-branch.diff with fixes on the branch sofar. - Remove gold-relocate-tls.patch, included in binutils 2.27. ==== elfutils ==== Version update (0.166 -> 0.167) Subpackages: libasm1 libdw1 libelf1 libelf1-32bit - Update to version 0.167: libasm: Add eBPF disassembler for EM_BPF files. backends: Add m68k and BPF backends. ld: Removed. dwelf: Add ELF/DWARF string table creation functions. dwelf_strtab_init, dwelf_strtab_add, dwelf_strtab_add_len, dwelf_strtab_finalize, dwelf_strent_off, dwelf_strent_str and dwelf_strtab_free. Support compressed sections from binutils 2.27. - Remove patch elfutils-0.166-elfcmp-comp-gcc6.patch: included upstream. ==== gcc6 ==== Version update (6.1.1+r239476 -> 6.2.1+r239849) Subpackages: cpp6 gcc6-c++ gcc6-fortran gcc6-info gcc6-locale gcc6-objc libasan3 libatomic1 libcilkrts5 libgcc_s1 libgcc_s1-32bit libgfortran3 libgomp1 libitm1 liblsan0 libmpx2 libmpxwrappers2 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc6 libtsan0 libubsan0 - Update to gcc-6-branch head (r239849). * Includes GCC 6.2 release. * Includes fix for OVMF compilation. - Refresh gcc-dir-version.patch. - gcc6-devel: require gmp-devel and mpc-devel - Update HSA_RUNTINE_LIB in gcc6-hsa-enablement.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - binutils 2.27 creates empty modules without a symtab. Add patch grub2-accept-empty-module.patch to not reject them. ==== libgcj-gcc6 ==== Version update (6.1.1+r239476 -> 6.2.1+r239849) Subpackages: gcc6-gij gcc6-java libgcj-devel-gcc6 libgcj-jar-gcc6 libgcj_bc1 - Update to gcc-6-branch head (r239849). * Includes GCC 6.2 release. * Includes fix for OVMF compilation. - Refresh gcc-dir-version.patch. - gcc6-devel: require gmp-devel and mpc-devel - Update HSA_RUNTINE_LIB in gcc6-hsa-enablement.patch ==== lsof ==== - modify lsof_4.89-nfs_hanging.patch and add a check for HasNFS variable as HasNFS may already have been set to 2 in the readmnt() function [bsc#995061] ==== mailman ==== Version update (2.1.22 -> 2.1.23) - update to 2.1.23 * CSRF protection in user options page (CVE-2016-6893) * header_filter_rules matching: headers and patterns are all decoded to unicode * another possible REMOVE_DKIM_HEADERS setting * SMTPDirect.py can now do SASL authentication and STARTTLS * bug fixes, i18n updates * for further details see NEWS ==== python-setuptools ==== Version update (23.1.0 -> 26.1.1) - fix certificate handling with certifi, add support for SUSE's CA bundle (setuptools-certpath.patch, fixes boo#993968) - remove shebang lines, strip executable bit from README, to silence the easy rpmlint warnings - update to 26.1.1: * Re-release of 26.1.0 with pytest pinned to allow for automated deployement and thus proper packaging environment variables, fixing issues with missing executable launchers. * #763: ``pkg_resources.get_default_cache`` now defers to the `appdirs project <https://pypi.org/project/appdirs>`_ to resolve the cache directory. Adds a vendored dependency on appdirs to pkg_resources. * #748: By default, sdists are now produced in gzipped tarfile format by default on all platforms, adding forward compatibility for the same behavior in Python 3.6 (See Python #27819). * #459 via #736: On Windows with script launchers, sys.argv[0] now reflects the name of the entry point, consistent with the behavior in distlib and pip wrappers. * #752 via #753: When indicating ``py_limited_api`` to Extension, it must be passed as a keyword argument. * Add Extension(py_limited_api=True). When set to a truthy value, that extension gets a filename apropriate for code using Py_LIMITED_API. When used correctly this allows a single compiled extension to work on all future versions of CPython 3. The py_limited_api argument only controls the filename. To be compatible with multiple versions of Python 3, the C extension will also need to set -DPy_LIMITED_API=... and be modified to use only the functions in the limited API. * #739 Fix unquoted libpaths by fixing compatibility between `numpy.distutils` and `distutils._msvccompiler` for numpy < 1.11.2 (Fix issue #728, error also fixed in Numpy). * #731: Bump certifi. * Style updates. See #740, #741, #743, #744, #742, #747. * #735: include license file. * #612 via #730: Add a LICENSE file which needs to be provided by the terms of the MIT license. * #725: revert `library_dir_option` patch (Error is related to `numpy.distutils` and make errors on non Numpy users). * #720 * #723: Improve patch for `library_dir_option`. * #717 * #713 * #707: Fix Python 2 compatibility for MSVC by catching errors properly. * #715: Fix unquoted libpaths by patching `library_dir_option`. * #714 and #704: Revert fix as it breaks other components downstream that can't handle unicode. See #709, #710, and #712. * #704: Fix errors when installing a zip sdist that contained files named with non-ascii characters on Windows would crash the install when it attempted to clean up the build. * #646: MSVC compatibility - catch errors properly in RegistryInfo.lookup. * #702: Prevent UnboundLocalError when initial working_set is empty. * #686: Fix issue in sys.path ordering by pkg_resources when rewrite technique is "raw". * #699: Fix typo in msvc support. * #609: Setuptools will now try to download a distribution from the next possible download location if the first download fails. This means you can now specify multiple links as ``dependency_links`` and all links will be tried until a working download link is encountered. * #688: Fix AttributeError in setup.py when invoked not from the current directory. * Cleanup of setup.py script. * Fixed documentation builders by allowing setup.py to be imported without having bootstrapped the metadata. * More style cleanup. See #677, #678, #679, #681, #685. * #674: Default ``sys.path`` manipulation by easy-install.pth is now "raw", meaning that when writing easy-install.pth during any install operation, the ``sys.path`` will not be rewritten and will no longer give preference to easy_installed packages. To retain the old behavior when using any easy_install operation (including ``setup.py install`` when setuptools is present), set the environment variable: SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite This project hopes that that few if any environments find it necessary to retain the old behavior, and intends to drop support for it altogether in a future release. Please report any relevant concerns in the ticket for this change. * #398: Fix shebang handling on Windows in script headers where spaces in ``sys.executable`` would produce an improperly-formatted shebang header, introduced in 12.0 with the fix for #188. * #663, #670: More style updates. * #516: Disable ``os.link`` to avoid hard linking in ``sdist.make_distribution``, avoiding errors on systems that support hard links but not on the file system in which the build is occurring. * #667: Update Metadata-Version to 1.2 when ``python_requires`` is supplied. * #631: Add support for ``python_requires`` keyword. * More style updates. See #660, #661, #641. * #659: ``setup.py`` now will fail fast and with a helpful error message when the necessary metadata is missing. * More style updates. See #656, #635, #640, [#644], #650, #652, and #655. * Updated style in much of the codebase to match community expectations. See #632, #633, #634, [#637], #639, #638, #642, #648. * If MSVC++14 is needed ``setuptools.msvc`` now redirect user to Visual C++ Build Tools web page. * #625 and #626: Fixes on ``setuptools.msvc`` mainly for Python 2 and Linux. * Pull Request #174: Add more aggressive support for standalone Microsoft Visual C++ compilers in msvc9compiler patch. Particularly : Windows SDK 6.1 and 7.0 (MSVC++ 9.0), Windows SDK 7.1 (MSVC++ 10.0), Visual C++ Build Tools 2015 (MSVC++14) * Renamed ``setuptools.msvc9_support`` to ``setuptools.msvc``. Re-release of v23.2.0, which was missing the intended commits. * #623: Remove used of deprecated 'U' flag when reading manifests. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - Add a script to fix /var/lib/machines to make it suitable for rollbacks (bsc#992573992573) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Two remarks :
gcc6 (6.1.1+r239476 -> 6.2.1+r239849)
So expecting storm rebuild on obs ? and big download afterwards ;-)
python-setuptools (23.1.0 -> 26.1.1) And then why not python3-setupools, it seems blocked on the legal review team, or did I (again :-)) misread the status of the sr ?
rebuilding python package for one python2 or python3 shouldn't create a such differenciated publish time, I guess if python2 package is legal ok, then its build on python3 should also be ? (you know how naive I can be right ? :-)) I'm just afraid of having such differences hiting our targeted developper, administrator final users. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Bruno, Changing the subject is also mandatory for you - the original mail did not exclude you from this rule :) On Tue, 2016-09-06 at 15:29 +0200, Bruno Friedmann wrote:
Two remarks : gcc6 (6.1.1+r239476 -> 6.2.1+r239849)
So expecting storm rebuild on obs ? and big download afterwards ;-)
Very likely, yes... time for you to call Swisscom and ask for more bandwidth
python-setuptools (23.1.0 -> 26.1.1)
And then why not python3-setupools, it seems blocked on the legal review team, or did I (again :-)) misread the status of the sr ?
You did not, python3-setuptools is indeed in the legal queue (together with some 1500+ ghc packages) python-setuptools did not end up in the legal queue as it did not change the License: tag; python whereas python3-setuptools has a diff like -License: Python-2.0 or ZPL-2.0 +License: MIT Resulting in legal having to validate (and then approve/decline) the chouce.
rebuilding python package for one python2 or python3 shouldn't create a such differenciated publish time, I guess if python2 package is legal ok, then its build on python3 should also be ? (you know how naive I can be right ? :-))
For some reason, the python3-setuptools maintainer now claim it's MIT; the python(2)-setuptools maintainers seem not to share the claim. OTher than that: it's two independent packages, not related in any way and as such are treated independently by any review team.
I'm just afraid of having such differences hiting our targeted developper, administrator final users.
That's something the maintainer should answer - but is, imho, a valid concern (coming from the main thing that we maintain py and py3 code as unrelated stuff in devel:lang:python - I would outright refuse to do so :) ) Cheers, Dominique
On mardi, 6 septembre 2016 15.44:02 h CEST Dominique Leuenberger / DimStar wrote:
Bruno,
Changing the subject is also mandatory for you - the original mail did not exclude you from this rule :)
Damn true, I promise or pay beer next time I'm gulty ...
On Tue, 2016-09-06 at 15:29 +0200, Bruno Friedmann wrote:
Two remarks : gcc6 (6.1.1+r239476 -> 6.2.1+r239849)
So expecting storm rebuild on obs ? and big download afterwards ;-)
Very likely, yes... time for you to call Swisscom and ask for more bandwidth
Well not swisscom, I'm using green.ch services :-) But I stop a non urgent rsync to be able to download 5088 packages :-)) At least it seem until now that the mirror sync goes better than last time we have those kind of snapshots.
python-setuptools (23.1.0 -> 26.1.1)
And then why not python3-setupools, it seems blocked on the legal review team, or did I (again :-)) misread the status of the sr ?
You did not, python3-setuptools is indeed in the legal queue (together with some 1500+ ghc packages) OMG, I can't imagine the status of my poor gcompris-qt nobody knows the email of a legal team kids ??? :-))))
python-setuptools did not end up in the legal queue as it did not change the License: tag; python whereas python3-setuptools has a diff like
-License: Python-2.0 or ZPL-2.0 +License: MIT
Resulting in legal having to validate (and then approve/decline) the chouce.
Okay ... good catch, I didn't realize that one.
rebuilding python package for one python2 or python3 shouldn't create a such differenciated publish time, I guess if python2 package is legal ok, then its build on python3 should also be ? (you know how naive I can be right ? :-))
For some reason, the python3-setuptools maintainer now claim it's MIT; the python(2)-setuptools maintainers seem not to share the claim. OTher than that: it's two independent packages, not related in any way and as such are treated independently by any review team.
I'm just afraid of having such differences hiting our targeted developper, administrator final users.
That's something the maintainer should answer - but is, imho, a valid concern (coming from the main thing that we maintain py and py3 code as unrelated stuff in devel:lang:python - I would outright refuse to do so
:) )
Nothing new on our schizopythonic way of doing things :-)
Cheers, Dominique
Thanks a lot, first for the subject change, then on your delightfull comments and spots on details. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch Bareos Partner, openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Bruno Friedmann -
Dominique Leuenberger -
Dominique Leuenberger / DimStar