[opensuse-factory] New Tumbleweed snapshot 20181004 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20181004 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick NetworkManager-openvpn (1.8.4 -> 1.8.6) apache2 boost boost-base clamav (0.100.1 -> 0.100.2) gstreamer-transcoder (1.14.0 -> 1.14.1) icedtea-web installation-images-Kubic (14.384 -> 14.385) iptables jemalloc kdelibs4 kernel-source (4.18.9 -> 4.18.11) ldb (1.3.5 -> 1.4.2) libetpan (1.8 -> 1.9.1) patterns-desktop patterns-devel-C-C++ patterns-devel-base patterns-devel-perl patterns-devel-ruby patterns-server (20170319 -> 20180718) perl-Text-CSV_XS (1.36 -> 1.37) purple-carbons (0.1.6 -> 0.2.0) python-setuptools (40.2.0 -> 40.4.3) samba (4.8.4+git.37.a7a861d7982 -> 4.9.1+git.46.ff87d06bace) signon-ui (0.15 -> 0.17+20171022) squid (4.2 -> 4.3) sshfs (2.9 -> 2.10) sssd tdb tevent v4l-utils vlc (3.0.3 -> 3.0.4) === Details === ==== ImageMagick ==== Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick - allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading only by default security policy [bsc#1105592c#32] - also disable EPS coder in default policy.xml [bsc#1105592] [bsc#1109976#c7] ==== NetworkManager-openvpn ==== Version update (1.8.4 -> 1.8.6) Subpackages: NetworkManager-openvpn-gnome NetworkManager-openvpn-lang - Update to version 1.8.6: + Don't validate auth parameter and pass it directly to openvpn. + Fix endless loop checking for encrypted certificate. + Sanitize newlines in export ovpn file. + Improve project description in doap file. + Various minor bugfixes and improvements. + Updated translations. - Use autosetup and make_build macros. ==== apache2 ==== Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils - consider also patterns in APACHE_CONF_INCLUDE_DIRS as documentation says (patch Juergen Gleiss) - relink /usr/sbin/httpd after apache2-MPM uninstall [bsc#1107930c#1] - simplify find_mpm function from script-helpers - /usr/sbin/httpd is now created depending on preference hardcoded in find_mpm (script-helpers), not depending on alphabetical order of MPMs - simplify spec file a bit ==== boost ==== - Stay with openmpi also on ppc ==== boost-base ==== Subpackages: boost-license1_68_0 boost_1_68-jam libboost_date_time1_68_0 libboost_filesystem1_68_0 libboost_headers1_68_0-devel libboost_iostreams1_68_0 libboost_locale1_68_0 libboost_program_options1_68_0 libboost_regex1_68_0 libboost_signals1_68_0 libboost_system1_68_0 libboost_thread1_68_0 - Stay with openmpi also on ppc ==== clamav ==== Version update (0.100.1 -> 0.100.2) Subpackages: libclamav7 libclammspack0 - Update to version 0.100.2: * bsc#1110723, CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. * bsc#1103040, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. * Make freshclam more robust against lagging signature mirrors. * On-Access "Extra Scanning", an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see: https://bugzilla.clamav.net/show_bug.cgi?id=12048 - Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457, clamav-freshclam-exit.patch). ==== gstreamer-transcoder ==== Version update (1.14.0 -> 1.14.1) Subpackages: libgsttranscoder-1_0-0 typelib-1_0-GstTranscoder-1_0 - Update to version 1.14.1: + transcodebin: Handle files with several tracks of a kind. This doesn't support transcoding the various tracks yet, but there is a FIXME about that for now. + Force profile=high in youtube target. ==== icedtea-web ==== Subpackages: icedtea-web-javadoc - BuildConflict with java >= 11, since it cannot build icedtea-web due to removed classes. ==== installation-images-Kubic ==== Version update (14.384 -> 14.385) - merge gh#openSUSE/installation-images#267 - adjust to glibc-locale package split - 14.385 ==== iptables ==== Subpackages: libiptc0 libxtables12 xtables-plugins - note build-time dependency on libnftnl >= 1.1.1 ==== jemalloc ==== - Disable profiling on armv6 until boo#1105633 get fixed ==== kdelibs4 ==== Subpackages: kdelibs4-branding-upstream kdelibs4-core libkde4 libkdecore4 libksuseinstall1 - Add 0001-Fix-the-smbclient-4.9-check.patch to fix the libsmbclient symbols check in kdebase4-runtime. - Run spec-cleaner. ==== kernel-source ==== Version update (4.18.9 -> 4.18.11) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.18.11 (bnc#1012628). - spi: Fix double IDR allocation with DT aliases (bnc#1012628). - iw_cxgb4: only allow 1 flush on user qps (bnc#1012628). - vmw_balloon: include asm/io.h (bnc#1012628). - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (bnc#1012628). - ext4, dax: set ext4_dax_aops for dax files (bnc#1012628). - ext4, dax: add ext4_bmap to ext4_dax_aops (bnc#1012628). - ext4: show test_dummy_encryption mount option in /proc/mounts (bnc#1012628). - ext4: don't mark mmp buffer head dirty (bnc#1012628). - ext4: fix online resizing for bigalloc file systems with a 1k block size (bnc#1012628). - ext4: fix online resize's handling of a too-small final block group (bnc#1012628). - ext4: recalucate superblock checksum after updating free blocks/inodes (bnc#1012628). - ext4: avoid arithemetic overflow that can trigger a BUG (bnc#1012628). - ext4: avoid divide by zero fault when deleting corrupted inline directories (bnc#1012628). - ext4: check to make sure the rename(2)'s destination is not freed (bnc#1012628). - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012628). - drm/amdgpu: add new polaris pci id (bnc#1012628). - drm: udl: Destroy framebuffer only if it was initialized (bnc#1012628). - drm/vc4: Fix the "no scaling" case on multi-planar YUV formats (bnc#1012628). - drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early (bnc#1012628). - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bnc#1012628). - drm/nouveau/drm/nouveau: Fix deadlock with fb_helper with async RPM requests (bnc#1012628). - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement (bnc#1012628). - drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload (bnc#1012628). - drm/nouveau: Fix deadlocks in nouveau_connector_detect() (bnc#1012628). - drm/nouveau: Remove duplicate poll_enable() in pmops_runtime_suspend() (bnc#1012628). - drm/nouveau: Only write DP_MSTM_CTRL when needed (bnc#1012628). - drm/nouveau: Reset MST branching unit before enabling (bnc#1012628). - drm/i915/bdw: Increase IPS disable timeout to 100ms (bnc#1012628). - ocfs2: fix ocfs2 read block panic (bnc#1012628). - libata: mask swap internal and hardware tag (bnc#1012628). - Revert "ubifs: xattr: Don't operate on deleted inodes" (bnc#1012628). - scsi: target: iscsi: Use bin2hex instead of a re-implementation (bnc#1012628). - scsi: target: iscsi: Use hex2bin instead of a re-implementation (bnc#1012628). - Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" (bnc#1012628). - bpf/verifier: disallow pointer subtraction (bnc#1012628). - Revert "rpmsg: core: add support to power domains for devices" (bnc#1012628). - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012628). - mm: disable deferred struct page for 32-bit arches (bnc#1012628). - fork: report pid exhaustion correctly (bnc#1012628). - crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2 (bnc#1012628). - ring-buffer: Allow for rescheduling when removing pages (bnc#1012628). - Revert "PCI: Add ACS quirk for Intel 300 series" (bnc#1012628). - spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers (bnc#1012628). - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bnc#1012628). - xen/netfront: don't bug in case of too many frags (bnc#1012628). - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012628). - platform/x86: dell-smbios-wmi: Correct a memory leak (bnc#1012628). - mtd: rawnand: denali: fix a race condition when DMA is kicked (bnc#1012628). - mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able (bnc#1012628). - ALSA: oxfw: fix memory leak of private data (bnc#1012628). - ALSA: oxfw: fix memory leak of discovered stream formats at error path (bnc#1012628). - ALSA: oxfw: fix memory leak for model-dependent data at error path (bnc#1012628). - ALSA: fireworks: fix memory leak of response buffer at error path (bnc#1012628). - ALSA: firewire-tascam: fix memory leak of private data (bnc#1012628). - ALSA: firewire-digi00x: fix memory leak of private data (bnc#1012628). - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() (bnc#1012628). - ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bnc#1012628). - ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bnc#1012628). - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path (bnc#1012628). - ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors (bnc#1012628). - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bnc#1012628). - ASoC: tas6424: Save last fault register even when clear (bnc#1012628). - ASoC: cs4265: fix MMTLR Data switch control (bnc#1012628). - ASoC: wm9712: fix replace codec to component (bnc#1012628). - NFC: Fix the number of pipes (bnc#1012628). - NFC: Fix possible memory corruption when handling SHDLC I-Frame commands (bnc#1012628). - net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags (bnc#1012628). - net: mvpp2: let phylink manage the carrier state (bnc#1012628). - net/ipv6: do not copy dst flags on rt init (bnc#1012628). - ipv6: use rt6_info members when dst is set in rt6_fill_node (bnc#1012628). - bnxt_en: Fix VF mac address regression (bnc#1012628). - tls: fix currently broken MSG_PEEK behavior (bnc#1012628). - socket: fix struct ifreq size in compat ioctl (bnc#1012628). - net: dsa: mv88e6xxx: Fix ATU Miss Violation (bnc#1012628). - hv_netvsc: fix schedule in RCU context (bnc#1012628). - net/sched: act_sample: fix NULL dereference in the data path (bnc#1012628). - udp6: add missing checks on edumux packet processing (bnc#1012628). - neighbour: confirm neigh entries when ARP packet is received (bnc#1012628). - tls: clear key material from kernel memory when do_tls_setsockopt_conf fails (bnc#1012628). - tls: zero the crypto information from tls_context before freeing (bnc#1012628). - tls: don't copy the key out of tls12_crypto_info_aes_gcm_128 (bnc#1012628). - udp4: fix IP_CMSG_CHECKSUM for connected sockets (bnc#1012628). - qmi_wwan: set DTR for modems in forced USB2 mode (bnc#1012628). - pppoe: fix reception of frames with no mac header (bnc#1012628). - net: hp100: fix always-true check for link up state (bnc#1012628). - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (bnc#1012628). - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012628). - gso_segment: Reset skb->mac_len after modifying network header (bnc#1012628). - commit 4a5c1c1 - Linux 4.18.10 (bnc#1012628). - crypto: ccp - add timeout support in the SEV command (bnc#1012628). - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012628). - clk: tegra: bpmp: Don't crash when a clock fails to register (bnc#1012628). - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bnc#1012628). - pinctrl: msm: Fix msm_config_group_get() to be compliant (bnc#1012628). - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() (bnc#1012628). - blk-mq: only attempt to merge bio if there is rq in sw queue (bnc#1012628). - IB/mlx5: fix uaccess beyond "count" in debugfs read/write handlers (bnc#1012628). - block/DAC960.c: fix defined but not used build warnings (bnc#1012628). - staging: fsl-dpaa2/eth: Fix DMA mapping direction (bnc#1012628). - dmaengine: sh: rcar-dmac: avoid to write CHCR.TE to 1 if TCR is set to 0 (bnc#1012628). - drm/amd/pp: Send khz clock values to DC for smu7/8 (bnc#1012628). - arm64: perf: Disable PMU while processing counter overflows (bnc#1012628). - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bnc#1012628). - ASoC: rt5651: Fix workqueue cancel vs irq free race on remove (bnc#1012628). - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress (bnc#1012628). - remoteproc: qcom: q6v5-pil: fix modem hang on SDM845 after axis2 clk unvote (bnc#1012628). - scsi: lpfc: Fix panic if driver unloaded when port is offline (bnc#1012628). - scsi: lpfc: Fix NVME Target crash in defer rcv logic (bnc#1012628). - scsi: libfc: fixup 'sleeping function called from invalid context' (bnc#1012628). - ALSA: pcm: Fix snd_interval_refine first/last with open min/max (bnc#1012628). - selftests/android: initialize heap_type to avoid compiling warning (bnc#1012628). - selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run (bnc#1012628). - rtc: bq4802: add error handling for devm_ioremap (bnc#1012628). - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012628). - drm/amdkfd: Fix kernel queue 64 bit doorbell offset calculation (bnc#1012628). - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bnc#1012628). - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bnc#1012628). - rcutorture: Use monotonic timestamp for stall detection (bnc#1012628). - net: mvpp2: make sure we use single queue mode on PPv2.1 (bnc#1012628). - net: gemini: Allow multiple ports to instantiate (bnc#1012628). - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012628). - gpio: pxa: Fix potential NULL dereference (bnc#1012628). - staging: bcm2835-audio: Don't leak workqueue if open fails (bnc#1012628). - lightnvm: pblk: enable line minor version detection (bnc#1012628). - lightnvm: pblk: assume that chunks are closed on 1.2 devices (bnc#1012628). - ASoC: qdsp6: q6afe-dai: fix a range check in of_q6afe_parse_dai_data() (bnc#1012628). - drm/amd/display: support access ddc for mst branch (bnc#1012628). - tools/testing/nvdimm: Fix support for emulating controller temperature (bnc#1012628). - f2fs: do checkpoint in kill_sb (bnc#1012628). - coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 (bnc#1012628). - coresight: tpiu: Fix disabling timeouts (bnc#1012628). - coresight: Handle errors in finding input/output ports (bnc#1012628). - sched/fair: Fix util_avg of new tasks for asymmetric systems (bnc#1012628). - parport: sunbpp: fix error return code (bnc#1012628). - tls: Fix zerocopy_from_iter iov handling (bnc#1012628). - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012628). - drm/nouveau/debugfs: Wake up GPU before doing any reclocking (bnc#1012628). - drm/nouveau: Fix runtime PM leak in drm_open() (bnc#1012628). - mmc: sdhci: do not try to use 3.3V signaling if not supported (bnc#1012628). - mmc: tegra: prevent HS200 on Tegra 3 (bnc#1012628). - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bnc#1012628). - tty: fix termios input-speed encoding (bnc#1012628). - tty: fix termios input-speed encoding when using BOTHER (bnc#1012628). - serial: 8250: of: Correct of_platform_serial_setup() error handling (bnc#1012628). - ASoC: hdmi-codec: fix routing (bnc#1012628). - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes (bnc#1012628). - liquidio: fix hang when re-binding VF host drv after running DPDK VF driver (bnc#1012628). - ARM: hisi: check of_iomap and fix missing of_node_put (bnc#1012628). - net: hns3: Fix return value error in hns3_reset_notify_down_enet (bnc#1012628). - ARM: hisi: fix error handling and missing of_node_put (bnc#1012628). - ARM: hisi: handle of_iomap and fix missing of_node_put (bnc#1012628). - net: hns3: Fix for reset_level default assignment probelm (bnc#1012628). - net: hns3: Reset net device with rtnl_lock (bnc#1012628). - efi/esrt: Only call efi_mem_reserve() for boot services memory (bnc#1012628). - sched/core: Use smp_mb() in wake_woken_function() (bnc#1012628). - arm64: dts: mt7622: update a clock property for UART0 (bnc#1012628). - pinctrl: rza1: Fix selector use for groups and functions (bnc#1012628). - pinctrl: mt7622: Fix probe fail by misuse the selector (bnc#1012628). - configfs: fix registered group removal (bnc#1012628). - MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads (bnc#1012628). - KVM: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bnc#1012628). - PM / devfreq: use put_device() instead of kfree() (bnc#1012628). - security: check for kstrdup() failure in lsm_append() (bnc#1012628). - KVM: PPC: Book3S HV: Add of_node_put() in success path (bnc#1012628). - evm: Don't deadlock if a crypto algorithm is unavailable (bnc#1012628). - Bluetooth: Use lock_sock_nested in bt_accept_enqueue (bnc#1012628). - spi: dw: fix possible race condition (bnc#1012628). - bpf: fix rcu annotations in compute_effective_progs() (bnc#1012628). - vfs: fix freeze protection in mnt_want_write_file() for overlayfs (bnc#1012628). - mtdchar: fix overflows in adjustment of `count` (bnc#1012628). - audit: fix use-after-free in audit_add_watch (bnc#1012628). - arm64: dts: uniphier: Add missing cooling device properties for CPUs (bnc#1012628). - net/mlx5: Add missing SET_DRIVER_VERSION command translation (bnc#1012628). - binfmt_elf: Respect error return from `regset->active' (bnc#1012628). - mmc: meson-mx-sdio: fix OF child-node lookup (bnc#1012628). - of: add helper to lookup compatible child node (bnc#1012628). - NFSv4.1 fix infinite loop on I/O (bnc#1012628). - NFSv4: Fix a tracepoint Oops in initiate_file_draining() (bnc#1012628). - x86/EISA: Don't probe EISA bus for Xen PV guests (bnc#1012628). - of: fix phandle cache creation for DTs with no phandles (bnc#1012628). - perf tools: Fix maps__find_symbol_by_name() (bnc#1012628). - perf/core: Force USER_DS when recording user stack data (bnc#1012628). - xtensa: ISS: don't allocate memory in platform_setup (bnc#1012628). - cifs: integer overflow in in SMB2_ioctl() (bnc#1012628). - CIFS: fix wrapping bugs in num_entries() (bnc#1012628). - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012628). - Revert "cdc-acm: implement put_char() and flush_chars()" (bnc#1012628). - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() (bnc#1012628). - USB: yurex: Fix buffer over-read in yurex_write() (bnc#1012628). - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bnc#1012628). - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012628). - USB: serial: io_ti: fix array underflow in completion handler (bnc#1012628). - USB: net2280: Fix erroneous synchronization change (bnc#1012628). - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bnc#1012628). - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bnc#1012628). - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bnc#1012628). - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bnc#1012628). - usb: uas: add support for more quirk flags (bnc#1012628). - USB: Add quirk to support DJI CineSSD (bnc#1012628). - dm verity: fix crash on bufio buffer that was allocated with vmalloc (bnc#1012628). - mei: bus: need to unlink client before freeing (bnc#1012628). - mei: bus: fix hw module get/put balance (bnc#1012628). - mei: ignore not found client in the enumeration (bnc#1012628). - usb: mtu3: fix error of xhci port id when enable U3 dual role (bnc#1012628). - usb: xhci: fix interrupt transfer error happened on MTK platforms (bnc#1012628). - usb: Don't die twice if PCI xhci host is not responding in resume (bnc#1012628). - xhci: Fix use after free for URB cancellation on a reallocated endpoint (bnc#1012628). - misc: hmc6352: fix potential Spectre v1 (bnc#1012628). - misc: ibmvsm: Fix wrong assignment of return code (bnc#1012628). - Tools: hv: Fix a bug in the key delete code (bnc#1012628). - vmbus: don't return values for uninitalized channels (bnc#1012628). - ovl: fix oopses in ovl_fill_super() failure paths (bnc#1012628). - ipmi: Fix I2C client removal in the SSIF driver (bnc#1012628). - ipmi: Move BT capabilities detection to the detect call (bnc#1012628). - ipmi: Rework SMI registration failure (bnc#1012628). - mmc: omap_hsmmc: fix wakeirq handling on removal (bnc#1012628). - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1012628). - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bnc#1012628). - xen/netfront: fix waiting for xenbus state change (bnc#1012628). - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012628). - RDMA/cma: Protect cma dev list with lock (bnc#1012628). - xen-netfront: fix warn message as irq device name has '/' (bnc#1012628). - PCI/AER: Honor "pcie_ports=native" even if HEST sets FIRMWARE_FIRST (bnc#1012628). - x86/mm/pti: Add an overflow check to pti_clone_pmds() (bnc#1012628). - x86/pti: Check the return value of pti_user_pagetable_walk_pmd() (bnc#1012628). - x86/pti: Check the return value of pti_user_pagetable_walk_p4d() (bnc#1012628). - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bnc#1012628). - dmaengine: mv_xor_v2: kill the tasklets upon exit (bnc#1012628). - iommu/ipmmu-vmsa: IMUCTRn.TTSEL needs a special usage on R-Car Gen3 (bnc#1012628). - regulator: qcom_spmi: Fix warning Bad of_node_put() (bnc#1012628). - regulator: qcom_spmi: Use correct regmap when checking for error (bnc#1012628). - drm/amd/pp: Set Max clock level to display by default (bnc#1012628). - i2c: aspeed: Fix initial values of master and slave state (bnc#1012628). - drivers/base: stop new probing during shutdown (bnc#1012628). - KVM: arm/arm64: Fix vgic init race (bnc#1012628). - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bnc#1012628). - s390/qeth: reset layer2 attribute on layer switch (bnc#1012628). - s390/qeth: fix race in used-buffer accounting (bnc#1012628). - soc: qcom: smem: Correct check for global partition (bnc#1012628). - ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci (bnc#1012628). - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012628). - xen-netfront: fix queue name setting (bnc#1012628). - nfp: avoid buffer leak when FW communication fails (bnc#1012628). - ALSA: usb-audio: Generic DSD detection for Thesycon-based implementations (bnc#1012628). - efi/arm: preserve early mapping of UEFI memory map longer for BGRT (bnc#1012628). - reset: imx7: Fix always writing bits as 0 (bnc#1012628). - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (bnc#1012628). - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc (bnc#1012628). - Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets (bnc#1012628). - mac80211: restrict delayed tailroom needed decrement (bnc#1012628). - MIPS: jz4740: Bump zload address (bnc#1012628). - ASoC: rt5514: Fix the issue of the delay volume applied (bnc#1012628). - staging: bcm2835-camera: handle wait_for_completion_timeout return properly (bnc#1012628). - staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout (bnc#1012628). - perf script: Show correct offsets for DWARF-based unwinding (bnc#1012628). - powerpc/powernv: opal_put_chars partial write fix (bnc#1012628). - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() (bnc#1012628). - nvme-rdma: unquiesce queues when deleting the controller (bnc#1012628). - nvmet: fix file discard return status (bnc#1012628). - perf powerpc: Fix callchain ip filtering (bnc#1012628). - ARM: exynos: Clear global variable on init error path (bnc#1012628). - omapfb: rename omap2 module to omap2fb.ko (bnc#1012628). - fbdev: Distinguish between interlaced and progressive modes (bnc#1012628). - video: fbdev: pxafb: clear allocated memory for video modes (bnc#1012628). - perf powerpc: Fix callchain ip filtering when return address is in a register (bnc#1012628). - fbdev/via: fix defined but not used warning (bnc#1012628). - video: goldfishfb: fix memory leak on driver remove (bnc#1012628). - perf tools: Fix struct comm_str removal crash (bnc#1012628). - fbdev: omapfb: off by one in omapfb_register_client() (bnc#1012628). - perf tests: Fix record+probe_libc_inet_pton.sh to ensure cleanups (bnc#1012628). - perf tests: Fix record+probe_libc_inet_pton.sh when event exists (bnc#1012628). - perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 (bnc#1012628). - perf tools: Synthesize GROUP_DESC feature in pipe mode (bnc#1012628). - gfs2: Don't reject a supposedly full bitmap if we have blocks reserved (bnc#1012628). - perf test: Fix subtest number when showing results (bnc#1012628). - media: ov5645: Supported external clock is 24MHz (bnc#1012628). - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012628). - IB/ipoib: Fix error return code in ipoib_dev_init() (bnc#1012628). - block: allow max_discard_segments to be stacked (bnc#1012628). - IB/rxe: Drop QP0 silently (bnc#1012628). - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bnc#1012628). - MIPS: ath79: fix system restart (bnc#1012628). - dmaengine: pl330: fix irq race with terminate_all (bnc#1012628). - media: tw686x: Fix oops on buffer alloc failure (bnc#1012628). - kbuild: do not update config when running install targets (bnc#1012628). - kbuild: add .DELETE_ON_ERROR special target (bnc#1012628). - clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure (bnc#1012628). - clk: core: Potentially free connection id (bnc#1012628). - Input: pxrc - fix freeing URB on device teardown (bnc#1012628). - clk: mvebu: armada-37xx-periph: Fix wrong return value in get_parent (bnc#1012628). - clk: imx6sll: fix missing of_node_put() (bnc#1012628). - clk: imx6ul: fix missing of_node_put() (bnc#1012628). - gfs2: Special-case rindex for gfs2_grow (bnc#1012628). - iwlwifi: cancel the injective function between hw pointers to tfd entry index (bnc#1012628). - nfp: don't fail probe on pci_sriov_set_totalvfs() errors (bnc#1012628). - amd-xgbe: use dma_mapping_error to check map errors (bnc#1012628). - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012628). - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bnc#1012628). - ALSA: usb-audio: Add support for Encore mDSD USB DAC (bnc#1012628). - ALSA: msnd: Fix the default sample sizes (bnc#1012628). - iommu/io-pgtable-arm: Fix pgtable allocation in selftest (bnc#1012628). - iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE (bnc#1012628). - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bnc#1012628). - usb: dwc3: change stream event enable bit back to 13 (bnc#1012628). - net/mlx5: Use u16 for Work Queue buffer fragment size (bnc#1012628). - net/mlx5: Fix possible deadlock from lockdep when adding fte to fg (bnc#1012628). - net/mlx5: Fix not releasing read lock when adding flow rules (bnc#1012628). - tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY (bnc#1012628). - erspan: return PACKET_REJECT when the appropriate tunnel is not found (bnc#1012628). - erspan: fix error handling for erspan tunnel (bnc#1012628). - net/mlx5: Fix debugfs cleanup in the device init/remove flow (bnc#1012628). - net/mlx5: Check for error in mlx5_attach_interface (bnc#1012628). - net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC (bnc#1012628). - net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (bnc#1012628). - tipc: orphan sock in tipc_release() (bnc#1012628). - rds: fix two RCU related problems (bnc#1012628). - net: qca_spi: Fix race condition in spi transfers (bnc#1012628). - net/mlx5: Fix use-after-free in self-healing flow (bnc#1012628). - be2net: Fix memory leak in be_cmd_get_profile_config() (bnc#1012628). - commit 3aeb311 ==== ldb ==== Version update (1.3.5 -> 1.4.2) Subpackages: libldb1 libldb1-32bit - Update license to LGPL-3.0 +- Update to 1.4.2 + Security fix for CVE-2018-1140 (NULL pointer de-reference, bug 13374) + Fix memory leaks and missing error checks (bug 13459, 13471, 13475) - 1.4.1 + add some missing return value checks + Fix several mem leaks in ldb_index ldb_search ldb_tdb (bug#13475) + ldb_tdb: Use mem_ctx and so avoid leak onto long-term memory on duplicated add. (bug#13471) + ldb: Fix memory leak on module context (bug#13459) + Refused build of Samba 4.8 with ldb 1.4 (bug #13519) + Prevent similar issues in the future at configure time (bug #13519) - 1.4.0 + New LMDB backend (experimental) + Comprehensive tests for index behaviour + Enforce transactions for writes + Enforce read lock use for all reads + Fix memory leak in paged_results module. We hold at most 10 outstanding paged result cookies (bug #13362) + Fix compiler warnings + Python3 improvements + Restore --disable-python build + Fix for performance regression on one-level searches (bug #13448) + Samba's subtree_rename could fail to rename some entries (bug #13452) ==== libetpan ==== Version update (1.8 -> 1.9.1) - update to version 1.9.1 * Fixed some build issues for Visual Studio * Fixes for GnuTLS * Various bug fixes - Remove libetpan-1.6-openssl11.patch, fixed upstream ==== patterns-desktop ==== Subpackages: patterns-desktop-books patterns-desktop-imaging patterns-desktop-imaging_opt patterns-desktop-laptop patterns-desktop-multimedia patterns-desktop-multimedia_opt patterns-desktop-technical_writing - Use much more fitting pattern-laptop icon for laptop pattern. ==== patterns-devel-C-C++ ==== - Change icon for C devel package. (boo#1039994) ==== patterns-devel-base ==== Subpackages: patterns-devel-base-devel_basis patterns-devel-base-devel_kernel patterns-devel-base-devel_rpm_build patterns-devel-base-devel_web - Change icons for RPM and Web devel patterns. (boo#1039994) ==== patterns-devel-perl ==== - Change icon for Perl devel pattern. (boo#1039994) ==== patterns-devel-ruby ==== - Change icon for Ruby devel pattern. (boo#1039994) ==== patterns-server ==== Version update (20170319 -> 20180718) Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server patterns-server-file_server patterns-server-gateway_server patterns-server-kvm_server patterns-server-lamp_server patterns-server-mail_server patterns-server-xen_server - Merge with the version from SLE/Leap 15 full changes now below in the changelog. - xen patterns should be only available on x86_64 (BSC#1088175) - remove 32bits patterns for XEN or KVM - Replace openldap2 with 389-ds [bsc#1084789] - add vim as a Recommends for XEN/KVM_tools patterns (BSC#1078908) - version: 20180302 ==== perl-Text-CSV_XS ==== Version update (1.36 -> 1.37) - update to 1.37 1.37 - 2018-09-27, H.Merijn Brand * Moved pod-tests from t to xt * Add munge as alias for munge_column_names * Update Devel::PPPort * Simplified ref-check defines in XS (issue 12, thanks pali) * Tested against perl-5.29.3 ==== purple-carbons ==== Version update (0.1.6 -> 0.2.0) - Update to version 0.2.0: * Got rid of the commands, the plugin now sends a feature discovery request to the server and activates message carbons if they are supported by the server. ==== python-setuptools ==== Version update (40.2.0 -> 40.4.3) Subpackages: python2-setuptools python3-setuptools - update to version 40.4.3: * #1480: Bump vendored pyparsing in pkg_resources to 2.2.1. - changes from version 40.4.2: * #1497: Updated gitignore in repo. - changes from version 40.4.1: * #1480: Bump vendored pyparsing to 2.2.1. - changes from version 40.4.0: * #1481: Join the sdist --dist-dir and the build_meta sdist directory argument to point to the same target (meaning the build frontend no longer needs to clean manually the dist dir to avoid multiple sdist presence, and setuptools no longer needs to handle conflicts between the two). - changes from version 40.3.0: * #1402: Fixed a bug with namespace packages under Python 3.6 when one package in current directory hides another which is installed. * #1427: Set timestamp of .egg-info directory whenever egg_info command is run. * #1474: build_meta.get_requires_for_build_sdist now does not include the wheel package anymore. * #1486: Suppress warnings in pkg_resources.handle_ns. * #1479: Remove internal use of six.binary_type. ==== samba ==== Version update (4.8.4+git.37.a7a861d7982 -> 4.9.1+git.46.ff87d06bace) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610); - Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed. - Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j<jobs>'; (bso#13606); - Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592); - Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568); ==== signon-ui ==== Version update (0.15 -> 0.17+20171022) - Add patch to return a proper username again: * 0001-Reintroduce-the-username-field-reading-with-webkit-o.patch - Update to webengine branch (4368bb77d9d1abc2978af514225ba4a42c29a646): * No WebKit dependency anymore * While it has missing features, it's important to switch to a maintained browser engine. * Does not support webkit-options.d, which means usernames will be blank and autologin non-functional. Tokens are still saved. - Add patch to fix bug in WebEngine integration: * 0001-Fix-WebEngine-cache-directory-path.patch - Update to version 0.17+15.10.20150810 * no changelog available ==== squid ==== Version update (4.2 -> 4.3) - Correct changelog - Enable tests - New upstream stable version 4.3: * Bug 4885: Excessive memory usage when running out of descriptors * Bug 4877: Add missing text about external_acl_type %DATA changes * Bug 4875 pt1: GCC-8 compile errors with -O3 optimization * Bug 4716: Blank lines in cachemgr.conf are not skipped * Bug 4691: balance_on_multiple_ip config option docs * basic_pop3_auth: fix startup errors * langpack: Add missing dialect aliases * Fix range_offset_limit debugging * Fix icc build errors * Update systemd dependencies in squid.service ==== sshfs ==== Version update (2.9 -> 2.10) - sshfs 2.10: * Fix a crash due to a race condition when listing directory contents * Document limited hardlink support * Add support for more SSH options. * Drop support for the nodelay workaround * Drop support for the nodelaysrv workaround The same effect (enabling NODELAY on the server side and enabling X11 forwarding) can be achieved by explicitly passing - o ForwardX11 * Remove support for -o workaround=all - Add source signature and verify source signature - clean up spec file ==== sssd ==== Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Add dependency to adcli for sssd-ad (SLE15: fate#326619, bsc#1109849) (SLE12SP4: fate#326620, bsc#1110121) ==== tdb ==== Subpackages: libtdb1 libtdb1-32bit - Update license to LGPL-3.0 ==== tevent ==== Subpackages: libtevent0 libtevent0-32bit - Update license to LGPL-3.0 ==== v4l-utils ==== Subpackages: libv4l libv4l1-0 libv4l2-0 libv4lconvert0 - sysmacros.patch: include <sys/sysmacros.h> for minor ==== vlc ==== Version update (3.0.3 -> 3.0.4) Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt - Update to version 3.0.4: + Decoder: * Blacklist some intel GPU when decoding HEVC * Decode AV1 streams * Fix playback of low-fps files * Fix hardware decoding of low-latency sliced H.264 streams on macOS * Fix seeking with streams containing WebVTT subtitles * Fix decoding some CC-608 streams with roll-up * Fix crashes with LPCM streams * Fix colorspace of JPEG, PNG and screen inputs * Fix MediaCodec rotation handling + Demux: * Improve FLV fps detection * Fix some ogg/flac * Improve support for broken HEVC inside MKV * Fix some AVI regression for broken files and for DVAudio * Support files splitted in the .mts%d pattern * Fixes for MKV seeking * Fix for MP4 disabled track selection * Fix playback of incomplete RAR files (downloading) + Audio Output: * Improve iOS session management and resume-from-pause * Improve macOS audio performance * Support 44.1kHz DTS passthrough * Fix crashes on DirectSound output + Video Output: * Fix some crash in Direct3D11/Direct3D9 because of sensors * Fix some broken DVD subtitles rendering (OpenGL, notably) * Fix crashes on old mac machines, after some time * Fix memleaks on the EGL output (Android notably) * Fix misc display in Direct3D11 due to broken drivers * Fix potential green screen on Windows XP + Text renderer: * Fix rendering of arabic fonts fallback on macOS * Fix head buffer overflow on macOS with some fonts * Fix rendering of fonts with specific fonts * Fix some RTL rendering + Misc: * Fix live555, macOS-UI, screen capture crashes * Change the extension registration names on Windows * Fix VLM 'now' date * Fixes on the HTTPD server * Fix on the NTservice registration * Fix --stop-time option * Fix ChromeCast compatibility with web interface * Fix subtitles alignment * Fix infinite recursion on directory playback * Fix detection SAT>IP servers + Qt: Fix tooltip display when using Wayland + Updated translations - Drop vlc-qt-5.11.patch: fixed upstream. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2018-10-08 19:00, Dominique Leuenberger wrote:
==== ImageMagick ==== Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick
- allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading only by default security policy [bsc#1105592c#32] - also disable EPS coder in default policy.xml [bsc#1105592] [bsc#1109976#c7]
It seems to me that this has been fixed since 24 Jul 2017. Is it still needed to have reading disabled in policy.xml? https://github.com/ImageMagick/ImageMagick/issues/563#issuecomment-317288181 -- /bengan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 22/11/2018 07:23, Bengt Gördén wrote:
On 2018-10-08 19:00, Dominique Leuenberger wrote:
==== ImageMagick ==== Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick
- allow writing PS, PS2, PS3, XPS, EPS and PDF, disable reading only by default security policy [bsc#1105592c#32] - also disable EPS coder in default policy.xml [bsc#1105592] [bsc#1109976#c7]
It seems to me that this has been fixed since 24 Jul 2017. Is it still needed to have reading disabled in policy.xml?
https://github.com/ImageMagick/ImageMagick/issues/563#issuecomment-317288181
I don't believe CVE-2017-11532 is the reason for disabling those coders have a read of https://bugzilla.suse.com/show_bug.cgi?id=1105592 -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 2018-11-21 23:43, Simon Lees wrote:
I don't believe CVE-2017-11532 is the reason for disabling those coders have a read ofhttps://bugzilla.suse.com/show_bug.cgi?id=1105592
Ah. Sorry. My bad. I focused to much on the imagemagick git repo instead of reading the bug-report. -- /bengan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (3)
-
Bengt Gördén
-
Dominique Leuenberger
-
Simon Lees