[opensuse-factory] New Tumbleweed snapshot 20190905 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190905 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: SDL SDL2 (2.0.9 -> 2.0.10) alpine attr bison dhcp drbd-utils exiv2 (0.27.1 -> 0.27.2) fltk gamin-devel hwinfo iproute2 (5.1 -> 5.2) kdevelop5 (5.4.1 -> 5.4.2) lapack libpcap libtool libyajl libzio lua51 lua53 mozilla-nspr mozilla-nss (3.44.1 -> 3.45) mpc nagios ncurses newt openldap2 opie package-update-indicator (4 -> 5) pcre plasma-browser-integration (5.16.4 -> 5.16.5) postgresql10 (10.9 -> 10.10) postgresql11 (11.4 -> 11.5) postgresql11-libs (11.4 -> 11.5) readline sbc suitesparse sysprof tcpd virt-manager webrtc-audio-processing xdg-desktop-portal-kde (5.16.4 -> 5.16.5) xz === Details === ==== SDL ==== - Actually apply CVE-2019-7637.patch. - Add patches for several heap-based buffer overreads: * CVE-2019-7577.patch (boo#1124800 CVE-2019-7577) * CVE-2019-7575.patch (boo#1124806 CVE-2019-7575) * CVE-2019-7574.patch (boo#1124803 CVE-2019-7574) * CVE-2019-7572.patch (boo#1124806 CVE-2019-7572) * CVE-2019-7637.patch (boo#1124825 CVE-2019-7637) * CVE-2019-7578.patch (boo#1125099 boo#1124799 CVE-2019-7578 CVE-2019-7573) * CVE-2019-7635.patch (boo#1124827 CVE-2019-7635) * CVE-2019-7636.patch (boo#1124826 boo#1124824 CVE-2019-7636 CVE-2019-7638) * CVE-2019-13616.patch (boo#1141844 CVE-2019-13616) - Do not provide an empty static archive. ==== SDL2 ==== Version update (2.0.9 -> 2.0.10) - Update sdl2-symvers.patch for SDL 2.0.9/2.0.10. - Add CVE-2019-13616.patch: fix heap buffer overflow when reading a crafted bmp file (boo#1141844 CVE-2019-13616). - Drop libSDL2main.a from libSDL-2_0-devel. It is only used during build. - Use FAT LTO objects in order to provide proper static library. - Update to version 2.0.10 * The SDL_RW* macros have been turned into functions that are available only in 2.0.10 and onward * Added SDL_SIMDGetAlignment(), SDL_SIMDAlloc(), and SDL_SIMDFree(), to allocate memory aligned for SIMD operations for the current CPU * Added SDL_RenderDrawPointF(), SDL_RenderDrawPointsF(), SDL_RenderDrawLineF(), SDL_RenderDrawLinesF(), SDL_RenderDrawRectF(), SDL_RenderDrawRectsF(), SDL_RenderFillRectF(), SDL_RenderFillRectsF(), SDL_RenderCopyF(), SDL_RenderCopyExF(), to allow floating point precision in the SDL rendering API. * Added SDL_GetTouchDeviceType() to get the type of a touch device, which can be a touch screen or a trackpad in relative or absolute coordinate mode. * The SDL rendering API now uses batched rendering by default, for improved performance * Added SDL_RenderFlush() to force batched render commands to execute, if you're going to mix SDL rendering with native rendering * Added the hint SDL_HINT_RENDER_BATCHING to control whether batching should be used for the rendering API. This defaults to "1" if you don't specify what rendering driver to use when creating the renderer. * Added the hint SDL_HINT_EVENT_LOGGING to enable logging of SDL events for debugging purposes * Added the hint SDL_HINT_GAMECONTROLLERCONFIG_FILE to specify a file that will be loaded at joystick initialization with game controller bindings * Added the hint SDL_HINT_MOUSE_TOUCH_EVENTS to control whether SDL will synthesize touch events from mouse events * Improved handling of malformed WAVE and BMP files, fixing potential security exploits (boo#1142031 CVE-2019-13626) * Removed the Mir video driver in favor of Wayland - Refreshed sdl2-symvers.patch ==== alpine ==== Subpackages: pico - Add return-values.diff to unbreak build. - Use more macros for standard dirs in the build recipe. ==== attr ==== Subpackages: libattr1 - Use FAT LTO objects in order to provide proper static library. ==== bison ==== Subpackages: bison-lang - Use FAT LTO objects in order to provide proper static library. ==== dhcp ==== Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server - dhclient-script: replace host(1) with getent, which is more lightweight (part of glibc and does not pull in bind-utils) - Use FAT LTO objects in order to provide proper static library. ==== drbd-utils ==== - In our effort to make /etc fully admin controlled, move /etc/xen/scripts to libexec/xen/scripts ==== exiv2 ==== Version update (0.27.1 -> 0.27.2) - Use FAT LTO objects in order to provide proper static library. - Update to 0.27.2 * Bug and security fixes * Support for Nikon/AutoFocus and Sony/FocusPosition Metadata * Documentation and man page revisions * Updated Catalan Localisation * Using mergify to sync select PRs between 0.27-maintenance and 0.28 * Monitoring API changes for v0.27 dot releases * Prelinary Dutch Localisation * Prelinary Support for Unix (FreeBSD and NetBSD) * Better Build Bundle Dependency handling - Update exiv2-build-date.patch to new source tarball - Enable testsuite run in %check on x86_64 for Leap >= 15.0, SLE >= 15 and Tumbleweed - Use libcurl for HTTP - Enable webready (webp image support) - Add licenses to %license & add BSD 3 clause license (used for some CMake scripts) ==== fltk ==== - Use FAT LTO objects in order to provide proper static library. ==== gamin-devel ==== Subpackages: libfam0-gamin libfam0-gamin-32bit - Use FAT LTO objects in order to provide proper static library. ==== hwinfo ==== - Use FAT LTO objects in order to provide proper static library. ==== iproute2 ==== Version update (5.1 -> 5.2) - Use FAT LTO objects in order to provide proper static library. - Use %make_build. - Update to new upstream release 5.2 * devlink: increase column size for larger shared buffers * ip: reset netns after each command in batch mode * ip addr: do not set IPv6 specific options for IPv4 addresses * ip fou: support binding FOU ports * ip link: support bridge vlan_stats_per_port * ip link: support vlan bridge binding flag * ip macsec: supporet gcm-aes-256 cipher type * ip monitor: display interfaces from all groups * ip neigh: show neighbor offload indication * rdma: add link add/delete * rdma: update node type strings * ss: add option for single line output * ss: show raw numbers for data rates with --numeric * tc: support for plug qdisc * tc: taprio: support for changing schedules * tc: taprio: support cycle_time and cycle_time_extensions * tipc: support for link broadcast method and ratio * update documentation ==== kdevelop5 ==== Version update (5.4.1 -> 5.4.2) Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform54 - Update to 5.4.2 * All debuggers: fix VariableCollection to unregister as texthinter provider (kde#411371) * Contextbrowser: register as texthint provider to existing views on creation * Fix crash on text hint being triggered after disabling code browser plugin (kde#411371) * Avoid possible dereference of an invalid iterator (kde#411323) * Kdevplatform/shell: fix outdated window title once project of document loaded * Kdevplatform/shell: work-around for Qt 5.9/macOS bug showing modified indicator * Kdevplatform/shell: restore document modified flag in mainwindow title * Kdevplatform/shell: do not repeat query & differently for current document * Indicate appstream the ps desktop file isn't a separate application (kde#410687) * Clang: fix tooltip missing closing bracket with default argument calls * Include more hidden files in projectfilter plugin (CI, Lint configs...) ==== lapack ==== Subpackages: libblas3 liblapack3 - Use FAT LTO objects in order to provide proper static library. ==== libpcap ==== - Use FAT LTO objects in order to provide proper static library. ==== libtool ==== Subpackages: libltdl7 libltdl7-32bit - Use FAT LTO objects in order to provide proper static library. ==== libyajl ==== - Use FAT LTO objects in order to provide proper static library. ==== libzio ==== - Use FAT LTO objects in order to provide proper static library ==== lua51 ==== - Use FAT LTO objects in order to provide proper static library. ==== lua53 ==== Subpackages: liblua5_3-5 - Use FAT LTO objects in order to provide proper static library. ==== mozilla-nspr ==== - Use FAT LTO objects in order to provide proper static library. ==== mozilla-nss ==== Version update (3.44.1 -> 3.45) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.45 (bsc#1141322) * required by Firefox 69.0 New functions * PK11_FindRawCertsWithSubject - Finds all certificates on the given slot with the given subject distinguished name and returns them as DER bytes. If no such certificates can be found, returns SECSuccess and sets *results to NULL. If a failure is encountered while fetching any of the matching certificates, SECFailure is returned and *results will be NULL. Notable changes * bmo#1540403 - Implement Delegated Credentials * bmo#1550579 - Replace ARM32 Curve25519 implementation with one from fiat-crypto * bmo#1551129 - Support static linking on Windows * bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot * bmo#1546229 - Add IPSEC IKE support to softoken * bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23) * bmo#1543874 - Expose an external clock for SSL * bmo#1546477 - Various changes in response to the ongoing FIPS review Certificate Authority Changes * The following CA certificates were Removed: bmo#1552374 - CN = Certinomis - Root CA Bugs fixed * bmo#1540541 - Don't unnecessarily strip leading 0's from key material during PKCS11 import (CVE-2019-11719) * bmo#1515342 - More thorough input checking (CVE-2019-11729) * bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 (CVE-2019-11727) * bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed from lib/freebl/pqg.c (static analysis) * bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams from lib/freebl/pqg.c (static analysis) * bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong * bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where tags could be faked. Only relevant for clients that might have copied the unit test code verbatim * bmo#1550022 - Ensure nssutil3 gets built on Android * bmo#1528174 - ChaCha20Poly1305 should no longer modify output length on failure * bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() returns error * bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures * bmo#1554659 - Add versioning to OpenBSD builds to fix link time errors using NSS * bmo#1553443 - Send session ticket only after handshake is marked as finished * bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so builds * bmo#1554336 - Optimize away unneeded loop in mpi.c * bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism * bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible * bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT * bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey * bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data * bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work * bmo#1561523 - Add a string for the new-ish error SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION - split hmac subpackages to match SLE's packaging - Use -ffat-lto-objects in order to provide assembly for static libs. ==== mpc ==== - Use FAT LTO objects in order to provide proper static library. ==== nagios ==== Subpackages: nagios-www - Add /etc/cron.weekly to filelist, as this is now part of cron, which we don't want to require ==== ncurses ==== Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen - Add ncurses patch 20190810 + fix a few more coverity warnings. - Add ncurses patch 20190803 + improve loop limits in _nc_scroll_window() to handle a case where the scrolled data is a pad which is taller than the window (patch by Rob King). + amend the change to screen, because tmux relies upon that entry and does not support that feature (Debian #933572) -TD + updated ms-terminal entry & notes -TD + updated kitty entry & notes -TD + updated alacritty+common entry & notes -TD + use xterm+sl-twm for consistency -TD - Add ncurses patch 20190728 + fix a few more coverity warnings. + more documentation updates based on tctest. - Add ncurses patch 20190727 + fix a few coverity warnings. + documentation updates based on tctest. - Add ncurses patch 20190720 + fix a few warnings for gcc 4.x + add some portability/historical details to the tic, toe and infocmp manual pages. + correct fix for broken link from terminfo(5) to tabs(1) manpage (report by Sven Joachim). - Use FAT LTO objects in order to provide proper static library. ==== newt ==== - Use FAT LTO objects in order to provide proper static library. ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - Use FAT LTO objects in order to provide proper static library. ==== opie ==== Subpackages: opie-32bit - Use FAT LTO objects in order to provide proper static library. ==== package-update-indicator ==== Version update (4 -> 5) Subpackages: package-update-indicator-lang - update to version 5: * Reduce delay before checking for updates after an "updates- changed" signal * Fix continuos loop of update checks if the refresh cache interval is 0 * Add fallback icons for KDE-based themes ==== pcre ==== Subpackages: libpcre1 libpcre1-32bit libpcreposix0 - Use FAT LTO objects in order to provide proper static library. ==== plasma-browser-integration ==== Version update (5.16.4 -> 5.16.5) Subpackages: plasma-browser-integration-lang - Update to 5.16.5 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.16.5.php - No code changes since 5.16.4 ==== postgresql10 ==== Version update (10.9 -> 10.10) Subpackages: postgresql10-contrib postgresql10-devel postgresql10-server - Update to 10.10: * https://www.postgresql.org/about/news/1960/ * https://www.postgresql.org/docs/10/release-10-10.html * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution. - Use FAT LTO objects in order to provide proper static library. ==== postgresql11 ==== Version update (11.4 -> 11.5) Subpackages: postgresql11-contrib postgresql11-docs postgresql11-server - Update to 11.5: * https://www.postgresql.org/about/news/1960/ * https://www.postgresql.org/docs/11/release-11-5.html * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution. * CVE-2019-10209, bsc#1145091: Memory disclosure in cross-type comparison for hashed subplan. - Use FAT LTO objects in order to provide proper static library. ==== postgresql11-libs ==== Version update (11.4 -> 11.5) Subpackages: libecpg6 libpq5 postgresql11-devel - Update to 11.5: * https://www.postgresql.org/about/news/1960/ * https://www.postgresql.org/docs/11/release-11-5.html * CVE-2019-10208, bsc#1145092: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution. * CVE-2019-10209, bsc#1145091: Memory disclosure in cross-type comparison for hashed subplan. - Use FAT LTO objects in order to provide proper static library. ==== readline ==== Subpackages: libreadline8 readline-devel readline-doc - Rework patch readline-7.0-screen.patch again for bug boo#1143055 * Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm" - Add official patch readline80-001 The history file reading code doesn't close the file descriptor open to the history file when it encounters a zero-length file. - Use FAT LTO objects in order to provide proper static library. ==== sbc ==== Subpackages: libsbc1 - Use FAT LTO objects in order to provide proper static library. ==== suitesparse ==== Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5 - Use FAT LTO objects in order to provide proper static library. ==== sysprof ==== Subpackages: sysprof-lang - Use FAT LTO objects in order to provide proper static library. ==== tcpd ==== - Use FAT LTO objects in order to provide proper static library. ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Upstream bug fixes (bsc#1027942) 0c223ab2-guest-Dont-set-default-uefi-if-firmware-is-set.patch 414ffa5e-virt-install-Use-minutes-instead-of-seconds-on-get_time_string.patch 53245827-urlfetcher-Force-a-flush-after-writing-to-a-file.patch 3009888a-urlfetcher-Dont-override-fullurl-when-its-explicitly-set.patch ==== webrtc-audio-processing ==== - Use FAT LTO objects in order to provide proper static library. ==== xdg-desktop-portal-kde ==== Version update (5.16.4 -> 5.16.5) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.16.5 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.16.5.php - No code changes since 5.16.4 ==== xz ==== Subpackages: liblzma5 liblzma5-32bit xz-devel xz-lang - Use FAT LTO objects in order to provide proper static library. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Dear kts@kock.li, - Please cut your quoting to the necessary part. There is no need for a full quote. - when reporting a glitch, please change the subject accordingly. Thank you Schöne Grüße Axel -- Written from cell phone - excuses for typos
kts skreiv 07.09.2019 10:16:
Can confirm. Is there an easy way to downgrade to the last working version (without a complete rollback)? -- Karl Ove Hufthammer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
субота, 7 вересня 2019 р. 12:26:27 EEST Karl Ove Hufthammer написано:
Can confirm. Is there an easy way to downgrade to the last working version (without a complete rollback)?
Hi, openSUSE:Factory/shaderc is blocked for x86_64 and haven't been recompiled. You may install rebuilt version of `libshaderc_shared1` from [1] — add repository and install as usual (or just download one file and install that rpm if you like). [1] https://download.opensuse.org/repositories/X11:/Wayland/ openSUSE_Tumbleweed/ -- Kind regards, Mykola Krachkovsky -- Найкращі побажання, Микола Крачковський
Mykola Krachkovsky skreiv 07.09.2019 13:12:
Thank you (and to Andrei too). I just added this repo, installed libshaderc_shared1 (including dependencies) and removed the repo again, and everything’s working perfectly. -- Karl Ove Hufthammer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Is there currently a problem with Tumbleweed's release history (https://download.opensuse.org/history/)? It doesn't seem to have the past week's releases, which (I assume) is why "tumbleweed list" doesn't show them. David
On Monday, September 9, 2019 5:05:34 PM CDT David Walker wrote:
Unless I am mistaken someone appears to have uninstalled the tumbleweed- snapshot package from download.o.o machine thus nuking timer and service. Additionally, they appear to have deleted the config. Rather than just restore I'd like to know what the heck happened and why this was not discussed. -- Jimmy -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, September 9, 2019 5:46:39 PM CDT James Berry wrote:
Rather than just restore I'd like to know what the heck happened and why this was not discussed.
Created issue to track https://progress.opensuse.org/issues/56690. -- Jimmy -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Monday, September 9, 2019 5:51:49 PM CDT James Berry wrote:
Re-installed, configured, and started timer. Latest snapshot included in history, but cannot restore the ones that were missed. Still unclear who removed the tumbleweed-snapshot package. -- Jimmy -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
07.09.2019 12:26, Karl Ove Hufthammer пишет:
http://download.opensuse.org/history/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Dear kts@kock.li, - Please cut your quoting to the necessary part. There is no need for a full quote. - when reporting a glitch, please change the subject accordingly. Thank you Schöne Grüße Axel -- Written from cell phone - excuses for typos
kts skreiv 07.09.2019 10:16:
Can confirm. Is there an easy way to downgrade to the last working version (without a complete rollback)? -- Karl Ove Hufthammer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
субота, 7 вересня 2019 р. 12:26:27 EEST Karl Ove Hufthammer написано:
Can confirm. Is there an easy way to downgrade to the last working version (without a complete rollback)?
Hi, openSUSE:Factory/shaderc is blocked for x86_64 and haven't been recompiled. You may install rebuilt version of `libshaderc_shared1` from [1] — add repository and install as usual (or just download one file and install that rpm if you like). [1] https://download.opensuse.org/repositories/X11:/Wayland/ openSUSE_Tumbleweed/ -- Kind regards, Mykola Krachkovsky -- Найкращі побажання, Микола Крачковський
Mykola Krachkovsky skreiv 07.09.2019 13:12:
Thank you (and to Andrei too). I just added this repo, installed libshaderc_shared1 (including dependencies) and removed the repo again, and everything’s working perfectly. -- Karl Ove Hufthammer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Is there currently a problem with Tumbleweed's release history (https://download.opensuse.org/history/)? It doesn't seem to have the past week's releases, which (I assume) is why "tumbleweed list" doesn't show them. David
participants (8)
-
Andrei Borzenkov
-
Axel Braun
-
David Walker
-
Dominique Leuenberger
-
James Berry
-
Karl Ove Hufthammer
-
kts
-
Mykola Krachkovsky