Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20160406
Packages changed:
curl (7.47.1 -> 7.48.0)
hexchat
iproute2 (4.4 -> 4.5)
kernel-firmware (20160112git -> 20160330)
kernel-source
krb5 (1.14 -> 1.14.1)
libabw
libodfgen
optipng (0.7.5 -> 0.7.6)
pam-config (0.88 -> 0.89)
php5 (5.6.19 -> 5.6.20)
squid (3.5.15 -> 3.5.16)
virtualbox (5.0.16 -> 5.0.17)
xinit
yast2-samba-server (3.1.13 -> 3.1.14)
yast2-storage (3.1.84 -> 3.1.86)
=== Details ===
==== curl ====
Version update (7.47.1 -> 7.48.0)
Subpackages: libcurl-devel libcurl4
- Update to 7.48.0
* configure: --with-ca-fallback: use built-in TLS CA fallback
* TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
* getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
* Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
superseded by --with-ca-fallback configure option.
==== hexchat ====
Subpackages: hexchat-lang
- Provide/Obsolete xchat to ensure those that do not have patterns
containing hexchat to migrate to it.
==== iproute2 ====
Version update (4.4 -> 4.5)
- Update to new upstream release 4.5
* {f,m}_bpf: allow for sharing maps
* geneve: add support for IPv6 link partners
* geneve: add support for lwt tunnel creation and dst port selection
* route: allow routes to be configured with expire values
* iplink: support setting addrgenmode stable_secret
* tipc: add peer remove functionality
* tc, clsact: add clsact frontend
* ss: support closing inet sockets via SOCK_DESTROY.
* bridge: support for static and dynamic fdb entries
* iplink: Support VF Trust
==== kernel-firmware ====
Version update (20160112git -> 20160330)
Subpackages: ucode-amd
- Update to version 20160330:
* wl18xx: update firmware file
* linux-firmware: intel: Update Skylake audio firmware
* linux-firmware/i915: Major GuC release for Skylake - ver 6.1
* linux-firmware: Update AMD microcode patch firmware
* Update radeon ucode images
* Update amdgpu ucode images
* Add amdgpu ucode images for Polaris family asics
* radeon: revert last kaveri mec ucode update
- Add _service to make updating more easy
==== kernel-source ====
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms
- intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
(bsc#969870,boo#970968,boo#969098).
- commit 8cf0ce6
==== krb5 ====
Version update (1.14 -> 1.14.1)
Subpackages: krb5-32bit krb5-client krb5-devel
- Upgrade from 1.14 to 1.14.1:
* Remove expired patches:
0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
krbdev.mit.edu-8301.patch
* Replace source archives:
krb5-1.14.tar.gz ->
krb5-1.14.1.tar.gz
krb5-1.14.tar.gz.asc ->
krb5-1.14.1.tar.gz.asc
* Adjust line numbers in:
krb5-fix_interposer.patch
==== libabw ====
- Add copying also to the library shipped
==== libodfgen ====
- Do not use boost but stick with c++11
==== optipng ====
Version update (0.7.5 -> 0.7.6)
- updated to 0.7.6, fixes CVE-2016-2191
==== pam-config ====
Version update (0.88 -> 0.89)
- Update to version 0.89
- Includes pam_google_authenticator.patch
- Better check for dual-arch PAM stack
- fix bashism in postun script
- Added pam_google_authenticator.patch: support google authentiator
[bnc#888149]
- Update to pam-config 0.88
- Add pam_ecryptfs to password section [bnc#895096]
- Update to pam-config 0.87
- Add support for pam_access.so
- Rervert last change, it will break manually adjusted config
files as documented
- "pam-config --debug --update" in the %post section fails if any
/etc/pam.d/common-$TYPE file is not a symlink to /etc/pam.d/common-$TYPE-pc.
Fix that by adding '--force'. This is mainly an update issue since
fresh configs are created appropriatly
- Remove last change regarding sha512, is now solved directly by
pam_unix.so.
- Add sha512 and shadow to pam_unix.so when creating common-passwd-pc
by default, did somehow got lost [bnc#801970]
- Use --create --force for new installation
- Update to pam-config 0.84
- Add pam_env per default
- Don't print wrong error messages
- Update to pam-config 0.83:
- Fix stacking of pam_unix
- Add new pam_unix options
- Use pam_unix and pam_cracklib as default on fresh installations.
- make pam_ssh a sufficient auth module (bnc#730851)
- Update to pam-config 0.81:
- pam_ssh: fix try_first_pass bug fixed [bnc#773560]
- pam_ecryptfs: fix order, still does not work with
krb5 [bnc#740110]
- Add support for pam_ecryptfs [bnc#752851]
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %_smp_mflags for parallel building
- add automake as buildrequire to avoid implicit dependency
- Add pam_systemd.patch: Add pam_systemd support
- Version 0.79
* Make pam_lastlog optional [bnc#686034].
* Document that if symlinks don't point to *-pc files config is
ignored [FATE#310739].
- Version 0.78
* Add pam_fprintd support [bnc#644168]
* Move pam_env at the end of session stack
- Version 0.77
* Fix check for lib64 [bnc#635098]
* Add pam_sss support
- Version 0.76
* Add pam_fprint (patch from ro@suse.de)
- Version 0.75
* Update translations
* Add pam_exec support
* Rewrite pam_make rules to use pam_exec
- Version 0.74
* Fix typo in warning
* Update translations
- enable parallel building
- Version 0.73
* Add support for pam_passwdqc
* Print warning if cracklib-minlen <= 5 is used (bnc#539053)
- Version 0.72
* src/mod_pam_gnome_keyring.c: enable use_authtok and support
new option only_if. (bnc#523379)
- Version 0.71
* re-add lost query option [bnc#501341]
- Version 0.70
* Fix try_first_pass handling for pam_ssh [bnc#499711]
- Version 0.69
* Add --verify option.
* pam_cracklib is now default instead of pam_pwcheck
[FATE#305468].
==== php5 ====
Version update (5.6.19 -> 5.6.20)
Subpackages: apache2-mod_php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-json php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pdo php5-pear php5-pear-Archive_Tar php5-pgsql php5-shmop php5-snmp php5-sockets php5-sqlite php5-suhosin php5-sysvsem php5-sysvshm php5-tidy php5-tokenizer php5-wddx php5-xmlreader php5-xmlwriter php5-xsl php5-zip php5-zlib
- updated to 5.6.20: This is a security release. Several security
bugs were fixed in this release.
==== squid ====
Version update (3.5.15 -> 3.5.16)
- Update to 3.5.16 (boo#973771)
* Bug 4476: Removed duplicated #include lines
* Bug 4452: squid -z segfaults with ufs
* Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion
* Bug 4423: adding stdio: prefix to cache_log directive produces
FATAL error
* Bug 4409: compile error when two Heimdal libraries are
installed
* Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304
* pinger: Fix buffer overflow in Icmp6::Recv
* pinger: Fix select(2) to actually use max_fd
* pinger: drop capabilities on Linux
* Fix memory leak of HttpRequest objects
* Fix memory leak when the cache of sslcrtvalidator_program is
disabled via ttl=0
* Fix assertion failed: Write.cc:41: "!ccb->active()"
* Fix crash on shutdown while cleaning up idle ICAP connections
* RFC 7725: Add registry entry for 451 status text
* ... and some build issues
- Refresh all patches
==== virtualbox ====
Version update (5.0.16 -> 5.0.17)
Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11 virtualbox-host-kmp-default virtualbox-qt
- Fix problem with SONAME for VBoxOGL.so. With the Oracle code, it is libGL.so.1 rather than VBoxOGL.so.1.
Thanks to Max Lin