Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=15.1&build=448.1&groupid=50 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2015.1 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: SDL chrony flac gcc libvirt patterns-yast (20190228 -> 20190409) yast2-trans (84.87.20190330.92a2062d5c -> 84.87.20190406.98502195be) === Details === ==== SDL ==== - Add CVE-2019-7636.patch to fix a heap-based buffer over-read issue (CVE-2019-7636, boo#1124826, CVE-2019-7638, boo#1124824). - Add CVE-2019-7635.patch to fix a heap-based buffer over-read issue (CVE-2019-7635, boo#1124827). - Add CVE-2019-7578.patch to fix a heap-based buffer over-read issue (CVE-2019-7578, boo#1125099, CVE-2019-7576, boo#1124799 CVE-2019-7573, boo#1124805). - Add CVE-2019-7572.patch to fix a buffer over-read issue (CVE-2019-7572, boo#1124806). - Add CVE-2019-7574.patch to fix a heap-based buffer over-read issue (CVE-2019-7574, boo#1124803). - Add CVE-2019-7575.patch to fix a heap-based buffer overflow issue (CVE-2019-7575, boo#1124802). - Add CVE-2019-7577.patch to fix a buffer over-read issue (CVE-2019-7577, boo#1124800). - Add CVE-2019-7637.patch to fix a heap-based buffer overflow issue (CVE-2019-7637, boo#1124825). ==== chrony ==== - Fix ordering and dependencies of chronyd.service, so that it is started after name resolution is up (bsc#1129914). - Add chrony-service-ordering.patch ==== flac ==== - Fix memory leak in read_metadata_vorbiscomment_() function (CVE-2017-6888, bsc#1091045): flac-CVE-2017-6888.patch ==== gcc ==== - Fix gcc-PIE spec to properly honor -no-pie at link time. [bnc#1096008] ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-libs - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 ==== patterns-yast ==== Version update (20190228 -> 20190409) Subpackages: patterns-yast-x11_yast patterns-yast-yast2_basis - Reintroduced the following change done by lnussel directly in OBS and overwritten by an automatic submission (bsc#1131492): * Recommend chrony instead of ntp (bsc#936378) - 20190409 ==== yast2-trans ==== Version update (84.87.20190330.92a2062d5c -> 84.87.20190406.98502195be) Subpackages: yast2-trans-ar yast2-trans-bg yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en yast2-trans-en_GB yast2-trans-en_US yast2-trans-eo yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-ko yast2-trans-lt yast2-trans-nb yast2-trans-nl yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-sk yast2-trans-sl yast2-trans-sv yast2-trans-uk yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20190406.98502195be: * New POT for text domain 'update'. * New POT for text domain 'samba-client'. * New POT for text domain 's390'. * New POT for text domain 'network'. * New POT for text domain 'control'. * Fix storage path displays in Arabic text, part 2 * Fix storage path displays in Arabic text * Fix alignment in Partitioner/Add NFS Client/Error pop-up (bsc#1128141) * New POT for text domain 'authserver'. * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Catalan) - Update to version 84.87.20190404.a060a423f4: * New POT for text domain 'add-on'. * New POT for text domain 'autoinst'. * New POT for text domain 'control'. * New POT for text domain 'gtk'. * New POT for text domain 'installation'. * New POT for text domain 'packager'. * New POT for text domain 'registration'. * Translated using Weblate (Albanian) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Hungarian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Korean) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org