[opensuse-factory] New Tumbleweed snapshot 20190225 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190225 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: MozillaFirefox (65.0 -> 65.0.1) crash gcal gsl hugin i4l-base joe ksshaskpass5 (5.15.0 -> 5.15.1) libblockdev libhangul (0.1.0+git20150224.78e9d89 -> 0.1.1~git20180606.42f7640) libyui-qt-pkg (2.45.25 -> 2.45.26) metis openssh openssh-askpass-gnome podofo python-argcomplete (1.9.2 -> 1.9.4) python-decorator (4.3.0 -> 4.3.2) qemu qemu-linux-user qqc2-desktop-style squid (4.5 -> 4.6) sysconfig (0.85.1 -> 0.85.2) === Details === ==== MozillaFirefox ==== Version update (65.0 -> 65.0.1) Subpackages: MozillaFirefox-translations-common - Update _constraints to avoid 'no space left' error seen on aarch64 - Mozilla Firefox 65.0.1 * Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bmo#1526387) * Improved playback of interactive Netflix videos (bmo#1524500) * Fixed incorrect sizing of the "Clear Recent History" window in some situations (bmo#1523696) * Fixed audio & video delays while making WebRTC calls (bmo#1521577, bmo#1523817) * Fixed video sizing problems during some WebRTC calls (bmo#1520200) * Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bmo#1523427) * Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bmo#1523635) MFSA 2019-04 (bsc#1125330) * CVE-2018-18356 bmo#1525817 Use-after-free in Skia * CVE-2019-5785 bmo#1525433 Integer overflow in Skia * CVE-2018-18511 bmo#1526218 Cross-origin theft of images with ImageBitmapRenderingContext - Enable LTO only for latest new toolchain (boo#1125038) for x86_64 (with increased memory constraints) ==== crash ==== - With a xen 4.11 dump crash will fail to start reporting "cannot fill pcpu struct" and "cannot read cpu_info" due to xen changes not tracked by crash updates. Fixed by including: crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch (bsc#1122594) ==== gcal ==== Subpackages: gcal-lang - add patches (parts of git commits from gnulib): - gnulib-4af4a4a71827c0bc5e0ec67af23edef4f15cee8e-excerpt.patch - gnulib-74d9d6a293d7462dea8f83e7fc5ac792e956a0ad-excerpt.patch to fix compilation on current glibc (fflush: adjust to glibc 2.28 libio.h removal) (fflush: be more paranoid about libio.h change) ==== gsl ==== Subpackages: libgsl23 libgslcblas0 - mark examples as a noarch package - install license for examples and remove unnecessary dependencies - add an examples sub package to test in production env - Simplify package naming for HPC. - Fix dependencies for HPC. - Library directory is always available when module file is installed, do not hide it. - Properly create and tear down default version links when the HPC master packages are installed/uninstalled. - Create pkgconfig file for gslcblas as well. - Add missing env variables to modules file: MANPATH, INFOPATH, PKG_CONFIG_PATH. ==== hugin ==== - Don't skip rpath (bsc#1125178). ==== i4l-base ==== Subpackages: i4l-isdnlog libcapi20-3 - add divactrl_2.1-sysmacros.diff to fix build - buildrequires groff to fix documentation build ==== joe ==== - Dropped .desktop files to follow openSUSE guidelines regarding console applications: https://lists.opensuse.org/opensuse-factory/2019-02/msg00377.html - Dropped obsolete patch joe-4.6-desktop_files.patch ==== ksshaskpass5 ==== Version update (5.15.0 -> 5.15.1) Subpackages: ksshaskpass5-lang - Update to 5.15.1 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.15.1.php - No code changes since 5.15.0 - Do not require openssh-askpass simply provide another password asking interface for openssh ==== libblockdev ==== Subpackages: libbd_btrfs2 libbd_crypto2 libbd_fs2 libbd_loop2 libbd_mdraid2 libbd_part2 libbd_swap2 libbd_utils2 libblockdev2 - Explain VDO. Fix grammar mishaps. ==== libhangul ==== Version update (0.1.0+git20150224.78e9d89 -> 0.1.1~git20180606.42f7640) - Update to version 0.1.1~git20180606.42f7640: * no english changelog ==== libyui-qt-pkg ==== Version update (2.45.25 -> 2.45.26) - Fix icon display to new libyui-qt function (boo#1125424) - 2.45.26 ==== metis ==== - add a examples subpackage which include graphs* file to test Metis - Set default module version correctly when installing master package, unset when deinstalling the default library package. - Fix %%post and %%postun scripts for HPC. - Fix dependencies for HPC. - Fix HPC modulefile: * Aibraries are always there when module file is installed. * Set PKG_CONFIG_PATH. - Fix package group names. ==== openssh ==== Subpackages: openssh-helpers - Handle brace expansion in scp when checking that filenames sent by the server side match what the client requested [bsc#1125687] * openssh-7.9p1-brace-expansion.patch - Updated security fixes: * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf and have progressmeter force an update at the beginning and end of each transfer. Added patches: - openssh-CVE-2019-6109-sanitize-scp-filenames.patch - openssh-CVE-2019-6109-force-progressmeter-update.patch * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. Added patch: - openssh-CVE-2019-6111-scp-client-wildcard.patch * Removed openssh-7.9p1-scp-name-validator.patch - Change the askpass wrapper to not use x11 interface: * by default we use the -gnome UI (which is gtk3 only, no gnome dep) * if desktop is KDE/LxQt we use ksshaskpass ==== openssh-askpass-gnome ==== - Supplement the openssh and libx11 together to ensure this package is installed on machines where there is X stack ==== podofo ==== - Add patches from upstream to fix several CVEs: * r1933-Really-fix-CVE-2017-7381.patch to fix a null pointer dereference (bsc#1032020, CVE-2017-7381) * r1936-Really-fix-CVE-2017-7382.patch to fix a null pointer dereference (bsc#1032021, CVE-2017-7382) * r1937-Really-fix-CVE-2017-7383.patch to fix a null pointer dereference (bsc#1032022, CVE-2017-7383) * r1938-Fix-CVE-2018-11256-PdfError-info-gives-not-found-page-0-based.patch to fix a null pointer dereference Denial of Service (bsc#1096889, CVE-2018-11256) * r1941-Fix-CVE-2017-8054-and-other-issues-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2017-8054, boo#1035596) * r1945-Fix-possible-incompatibility-of-PdfAESStream-with-OpenSSL-1.1.0g.patch * r1948-Fix-CVE-2018-12982-implementing-inline-PdfDictionary-MustGetKey.patch This patch was rebased from the one upstream so that it applies correctly. (CVE-2018-12982, boo#1099720) * r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch This patch was rebased from the one upstream so that it applies correctly and modified so it doesn't break binary compatibility. (CVE-2018-5783, boo#1076962) * r1950-Fix-null-pointer-dereference-in-PdfTranslator-setTarget.patch * r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch (CVE-2018-11255, boo#1096890) * r1953-Fix-CVE-2018-14320-Possible-undefined-behaviour-in-PdfEncoding-ParseToUnicode.patch (CVE-2018-14320, boo#1108764) * r1954-Fix-CVE-2018-20751-null-pointer-dereference-in-crop_page-of-tools-podofocrop.patch (CVE-2018-20751, boo#1124357) * r1961-EncryptTest-Fix-buffer-overflow-in-decrypted-out-buffer-in-TestEncrypt.patch This patch was rebased from the one upstream so that it applies correctly. * r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch - Renamed fix-build.patch to r1942-Fix-build-with-cmake-ge-3.12.patch to keep its name consistent with the other upstream patches. ==== python-argcomplete ==== Version update (1.9.2 -> 1.9.4) - Trim unnecessary build dependencies using trim-test-deps.patch - Simplify skip_tcsh_tests.patch so it is easier to read and update - Update to v1.9.4 * Use the correct interpreter when checking wrappers * Provide shellcode as a module function (#237) - from v1.9.3 * Fix handling of COMP\_POINT * Fix crash when writing unicode to debug\_stream in Python 2 ==== python-decorator ==== Version update (4.3.0 -> 4.3.2) - update to version 4.3.2 * now the decorator module can decorate generator functions by preserving their being generator functions * Set `python_requires='>=2.6, !=3.0.*, !=3.1.*'` in setup.py - update to version 4.3.1 * Added a section "For the impatient" to the README, addressing an issue raised by Amir Malekpour. * Added support for Python 3.7. * Now the path to the decorator module appears in the tracebacks, as suggested by a user at EuroPython 2018. ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-vgabios qemu-x86 - Package and cross-build rom files for aarch64 from SLE15/Leap15.0 to fix boo#1125964 - Add patch to fix seabios cross-compilation: * seabios-fix_cross_compilation.patch - Add patch to fix sgabios cross-compilation: * sgabios-fix-cross-build.patch - Fix _constraints to include all architectures for disk size (fix aarch64) - Revert upstream patch which declares x86 vmx feature a migration blocker. Given the proliferation of using vm's with host features passed through and the general knowledge that nested virtualization has many usage caveats, but still gets put in use in restricted scenarios, this patch did more harm than good, I feel. So despite this relaxation, please consider yourself warned that nested virtualization is not yet a supportable feature. (bsc#1121604) 0058-Revert-target-i386-kvm-add-VMX-migr.patch - Fix SEV VM device assignment (bsc#1123205) 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Remove 71-sev.rules, which modifies the default permissions of /dev/sev by adding the kvm group as reader/writer. Upstream decided to take a different approach for libvirt to manage SEV due to security concerns which I agree overrides the convenience of providing /dev/sev access to all the kvm group (bsc#1124842 bsc#1102604) ==== qemu-linux-user ==== - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0058-Revert-target-i386-kvm-add-VMX-migr.patch 0059-memory-Fix-the-memory-region-type-a.patch 0060-target-i386-sev-Do-not-pin-the-ram-.patch ==== qqc2-desktop-style ==== - Add 0001-Fix-MobileTextActionsToolBar.qml-with-Qt-5.9.patch (by Fabian Vogt) to fix an issue with Qt 5.9 - Downgrade the Qt version requirement to build with 5.9 ==== squid ==== Version update (4.5 -> 4.6) - Update to squid 4.6: + master commit b599471 leaks memory (#4919) + SourceFormat Enforcement (#367) + Detect IPv6 loopack binding errors (#355) + Do not call setsid() in --foreground mode (#354) + Fail Rock swapout if the disk dropped write reqs (#352) + Initialize StoreMapSlice when reserving a new cache slot (#350) + Fixed disker-to-worker queue overflows (#353) + Fix OpenSSL builds that define OPENSSL_NO_ENGINE (#349) + Fix BodyPipe/Sink memory leaks associated with auto-consumption + Exit when GoIntoBackground() fork() call fails (#344) + GCC-8 compile errors with -O3 optimization (#4875) + Initial translations to ka/georgian language (#345) + basic_ldap_auth: Return BH on internal errors (#347) ==== sysconfig ==== Version update (0.85.1 -> 0.85.2) Subpackages: sysconfig-netconfig - version 0.85.2 - Fixed changes file to mention relevant github pull requests. - Removed remaining preun rpm hook from EOL openSUSE versions - Merged /var/adm/netconfig move revert from openSUSE:Factory causing to not find md5 sums from previous netconfig version due to incorrectly merged hook in spec file and trouble on transactional systems without writeable /var/lib/netconfig. Removed obsoletes revert-var-adm-lib-netconfig-move.patch. (bsc#1124152,bsc#1124340). - Merged rpm spec bash section marks (gh#openSUSE/sysconfig#23) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 27.02.2019 um 13:00 schrieb Dominique Leuenberger:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190225
Just a heads-up, not a complaint (factory, after all). This build still ships virtualbox 5.2 (and client tools). It will not work correctly with the new virtualbox 6.0.x graphics model (vboxsvga). It SHOULD work with the legacy gfx option (vboxvga) - however, it doesn't install anyway. So, graphics on virtualbox falls back to some 640x* graphics Nothing provides ksym(default:__cpuhp_remove_state) = 325d7cf0 Is there any plan to slip vbox 6.0 into 15.1 or is this something which will only go into tumbleweed? Regards Ralf -- Ralf Lang Linux Consultant / Developer Tel.: +49-170-6381563 Mail: lang@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
It will not work correctly with the new virtualbox 6.0.x graphics model (vboxsvga). It SHOULD work with the legacy gfx option (vboxvga) - however, it doesn't install anyway. So, graphics on virtualbox falls back to some 640x* graphics
Nothing provides ksym(default:__cpuhp_remove_state) = 325d7cf0
That aspect just solved itself. The current build has a working, installable vbox 5.2 guest and it does indeed work with the vboxvga graphics interface. no vboxsvga though, as this is 6.x only (much better 3d support) -- Ralf Lang Linux Consultant / Developer Tel.: +49-170-6381563 Mail: lang@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2/27/19 8:22 AM, Ralf Lang wrote:
It will not work correctly with the new virtualbox 6.0.x graphics model (vboxsvga). It SHOULD work with the legacy gfx option (vboxvga) - however, it doesn't install anyway. So, graphics on virtualbox falls back to some 640x* graphics
Nothing provides ksym(default:__cpuhp_remove_state) = 325d7cf0
That aspect just solved itself. The current build has a working, installable vbox 5.2 guest and it does indeed work with the vboxvga graphics interface. no vboxsvga though, as this is 6.x only (much better 3d support)
VirtualBox 6.0.X has a different requirement for SUID components. As a result, it needs a revised version of the permissions package. The changes have been approved by the Security Group, but that package has not yet filtered through the system and been incorporated into TW. The first successful build was last night, after failures for 30 days! Yes, things do move that slowly. If you really want 6.0.4, you need to get it from Oracle, or be patient for another week. Larry -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi Larry, Am 27.02.2019 um 15:53 schrieb Larry Finger:
On 2/27/19 8:22 AM, Ralf Lang wrote:
It will not work correctly with the new virtualbox 6.0.x graphics model (vboxsvga). It SHOULD work with the legacy gfx option (vboxvga) - however, it doesn't install anyway. So, graphics on virtualbox falls back to some 640x* graphics
Nothing provides ksym(default:__cpuhp_remove_state) = 325d7cf0
That aspect just solved itself. The current build has a working, installable vbox 5.2 guest and it does indeed work with the vboxvga graphics interface. no vboxsvga though, as this is 6.x only (much better 3d support)
VirtualBox 6.0.X has a different requirement for SUID components. As a result, it needs a revised version of the permissions package. The changes have been approved by the Security Group, but that package has not yet filtered through the system and been incorporated into TW. The first successful build was last night, after failures for 30 days! Yes, things do move that slowly. If you really want 6.0.4, you need to get it from Oracle, or be patient for another week.
Larry
Great news! It's not an issue at all, I can do any testing and bugzilla reporting based on 5.2 and vboxvga. Just wanted to point out to other willing testers that they may need to specifically use the vboxvga option. As mentioned above, no complaining at all. Regards Ralf -- Ralf Lang Linux Consultant / Developer Tel.: +49-170-6381563 Mail: lang@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 2019-02-27 at 08:53 -0600, Larry Finger wrote:
VirtualBox 6.0.X has a different requirement for SUID components. As a result, it needs a revised version of the permissions package. The changes have been approved by the Security Group, but that package has not yet filtered through the system and been incorporated into TW. The first successful build was last night, after failures for 30 days! Yes, things do move that slowly. If you really want 6.0.4, you need to get it from Oracle, or be patient for another week.
Yes, some review queus are unfortunately oferloaded at times. It's a tradeoff between speed and reliable checks. At the moment, virtualBox 6.0 is 'known to be ok, but we also know it breaks libvirt integration' - which leaves us with two options: * libvirt integration is being disabled (not offering it is better than offering a broken variant) * libvirt catches up and supports vbox 6.0.x I do hope we get either varian submitted shortly, so that we can move forward with VirtualBox. Cheers Dominique
On 2/27/19 9:05 AM, Dominique Leuenberger / DimStar wrote:
On Wed, 2019-02-27 at 08:53 -0600, Larry Finger wrote:
VirtualBox 6.0.X has a different requirement for SUID components. As a result, it needs a revised version of the permissions package. The changes have been approved by the Security Group, but that package has not yet filtered through the system and been incorporated into TW. The first successful build was last night, after failures for 30 days! Yes, things do move that slowly. If you really want 6.0.4, you need to get it from Oracle, or be patient for another week.
Yes, some review queus are unfortunately oferloaded at times. It's a tradeoff between speed and reliable checks.
At the moment, virtualBox 6.0 is 'known to be ok, but we also know it breaks libvirt integration' - which leaves us with two options:
* libvirt integration is being disabled (not offering it is better than offering a broken variant)
I've submitted this option - SR#679973. Cheers, Jim -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello
Ralf Lang <lang@b1-systems.de> wrote It will not work correctly with the new virtualbox 6.0.x graphics model
(vboxsvga). It SHOULD work with the legacy gfx option (vboxvga) - however, it doesn't install anyway. So, graphics on virtualbox falls back to some 640x* graphics
Nothing provides ksym(default:__cpuhp_remove_state) = 325d7cf0
That aspect just solved itself. The current build has a working, installable vbox 5.2 guest and it does indeed work with the vboxvga graphics interface. no vboxsvga though, as this is 6.x only (much better 3d support)
Thank you for the head up :) I just updated my Leap-15.1 [1] guest installation via the following commands [2] which is running under i.e. using an openSUSE community based verson of VirtualBox (6.0.4_SUSE r128164) on my Leap 15 host and, now for the first time, I finally have a normal 24 inch display of my 15.1 guest installation. [1] I installed the openSUSE-Leap-15.1-DVD-x86_64-Build417.2-Media.iso last weekend under virtualbox 6.0.x on my Leap 15.0 host [2] zypper dup zypper in -f virtualbox-guest-tools Many thanks from Paris :) James P.S. For what it is worth, I am under the impression that the network bandwidth management works better on the 6.x version of virtualbox. Your mileage may vary of course. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (6)
-
Dominique Leuenberger -
Dominique Leuenberger / DimStar -
James PEARSON -
Jim Fehlig -
Larry Finger -
Ralf Lang