Mailinglist Archive: opensuse-factory (682 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20161118 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20161118

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
aria2 (1.28.0 -> 1.29.0)
libvirt
logrotate
open-iscsi
perl-DBD-mysql (4.037 -> 4.039)
perl-JSON-XS (3.02 -> 3.03)
perl-Log-Dispatch (2.57 -> 2.58)
python-ldap (2.4.27 -> 2.4.28)
python-pyOpenSSL (16.0.0 -> 16.2.0)
python3-cffi (1.8.3 -> 1.9.1)
whois (5.2.12 -> 5.2.13)
wireshark (2.2.1 -> 2.2.2)

=== Details ===

==== aria2 ====
Version update (1.28.0 -> 1.29.0)
Subpackages: aria2-lang libaria2-0

- Update to version 0.29.0:
* WinTLS: Fix busy loop on write error
* Support 1xx non-final response
* Update wslay
* Don't download piece which is filtered out (e.g., --select-file)

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network
libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface
libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage
libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc
libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- spec: explicitly set qemu-bridge-helper path to /usr/lib/
bsc#999070

==== logrotate ====

- Move logrotate.status to /var/lib/misc following FHS/LSB and
making implementing read-only root filesystem much easier.
[FATE#322036]
- Add patch:
* logrotate-var-lib-misc.patch

==== open-iscsi ====
Subpackages: iscsiuio

- Updated to upstream version 2.0-874, but still includes
(very few) SUSE-specific changes. This replaced the 2.0-873
tarball with a 2.0-874 tarball, but still includes the
Factory-latest compressed diff patch file, though it is
now empty. See Changes file for functional change details.

==== perl-DBD-mysql ====
Version update (4.037 -> 4.039)

- updated to 4.039
see /usr/share/doc/packages/perl-DBD-mysql/Changes
2016-11-15 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.039)
* Fix for security issue Out-of-bounds read by DBD::mysql CVE-2016-1249 (pali)
2016-10-30 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038_01)
* Fix compilation of embedded server (pali)
(https://github.com/perl5-dbi/DBD-mysql/pull/68)
* Fix compilation against libmariadbclient. First version by
H.Merijn Brand, improved by Bernt Johnsen @ Oracle.
* For efficiency use newSVpvn() instead newSVpv() where possible (pali)
* Correctly coerce fetched scalar values when mysql_server_prepare is
not used (pali)
* Add support for fetching columns of BIT type with
mysql_server_prepare = 1 (pali)
Fixes https://rt.cpan.org/Public/Bug/Display.html?id=88006
* Use correct format in printf instead of casting variable types (pali)
* Include errno.h for MYSQL_ASYNC because it uses errno variable (pali)
* Travis: also test on perl 5.22 and 5.24.
- updated to 4.038
see /usr/share/doc/packages/perl-DBD-mysql/Changes
2016-10-19 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038)
* Version 4.037_1 had fixes for MySQL 8.0 provided
Bernt Johnsen @ Oracle that were not in the Changelogs
(https://github.com/perl5-dbi/DBD-mysql/pull/56)
* Fixes for compiling against newer libmysqlclient on Windows (kmx)
* Fix unit test for 40server_prepare_crash on Windows (pali)
* Perl's IV in scalar can store 64bit integer when perl was compiled
with 64 bit support (default on 64bit linux with gcc). Use this
feature and stores MYSQL_TYPE_LONGLONG as integers instead of strings
when possible. (pali, https://github.com/perl5-dbi/DBD-mysql/pull/57)
2016-10-14 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037_01)
* Newest versions of libmysqlclient and the MariaDB C connector no longer
export the __WIN__ macro. If this macro is not present we would not
compile in the poll.h-based async-support. Changed to use the _WIN32
macro instead. Thanks to Sergei Golubchik for suggesting the fix.
* Fix from Pali Rohár to not use unsafe sprintf with variable lengt,
changes to bind logic, and added test 40server_prepare_crash.

==== perl-JSON-XS ====
Version update (3.02 -> 3.03)

- updated to 3.03
see /usr/share/doc/packages/perl-JSON-XS/Changes
TODO: rfc7464
TODO: Victor Efimov
3.03 Wed Nov 16 20:20:59 CET 2016
- fix a bug introduced by a perl bug workaround that would cause
incremental parsing to fail with a sv_chop panic.
- json_xs: toformat failure error message fixed.
- json_xs: allow cyclic data structures in CBOR.

==== perl-Log-Dispatch ====
Version update (2.57 -> 2.58)

- updated to 2.58
see /usr/share/doc/packages/perl-Log-Dispatch/Changes
2.58 2016-11-13
- Switched from RT to the GitHub issue tracker.

==== python-ldap ====
Version update (2.4.27 -> 2.4.28)

- Update to upstream release 2.4.28

==== python-pyOpenSSL ====
Version update (16.0.0 -> 16.2.0)

- fix source url
- Change source url to pypi.io
* version 16.2.0 source tarball failed to download from pypi.python.org
- Update to 16.2.0
* Deprecations
* * Dropped support for OpenSSL 0.9.8.
* Changes
* * Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT.
#496
* * Enable use of CRL (and more) in verify context. #483
* * OpenSSL.crypto.PKey can now be constructed from cryptography objects and
also
exported as such. #439
* * Support newer versions of cryptography which use opaque structs for
OpenSSL
1.1.0 compatibility.
* * Fixed compatibility errors with OpenSSL 1.1.0.
* * Fixed an issue that caused failures with subinterpreters and embedded
Pythons.
[#552]

==== python3-cffi ====
Version update (1.8.3 -> 1.9.1)

- update to version 1.9.1:
(no changelog available)
- changes from version 1.9:
* Structs with variable-sized arrays as their last field: now we
track the length of the array after ffi.new() is called, just like
we always tracked the length of ffi.new("int[]", 42). This lets us
detect out-of-range accesses to array items. This also lets us
display a better repr(), and have the total size returned by
ffi.sizeof() and ffi.buffer(). Previously both functions would
return a result based on the size of the declared structure type,
with an assumed empty array. (Thanks andrew for starting this
refactoring.)
* Add support in cdef()/set_source() for unspecified-length arrays
in typedefs: typedef int foo_t[...];. It was already supported for
global variables or structure fields.
* I turned in v1.8 a warning from cffi/model.py into an error: 'enum
xxx' has no values explicitly defined: refusing to guess which
integer type it is meant to be (unsigned/signed, int/long). Now
I?m turning it back to a warning again; it seems that guessing
that the enum has size int is a 99%-safe bet. (But not 100%, so it
stays as a warning.)
* Fix leaks in the code handling FILE * arguments. In CPython 3
there is a remaining issue that is hard to fix: if you pass a
Python file object to a FILE * argument, then os.dup() is used and
the new file descriptor is only closed when the GC reclaims the
Python file object?and not at the earlier time when you call
close(), which only closes the original file descriptor. If this
is an issue, you should avoid this automatic convertion of Python
file objects: instead, explicitly manipulate file descriptors and
call fdopen() from C (...via cffi).

==== whois ====
Version update (5.2.12 -> 5.2.13)

- whois 5.2.13:
* Use "domain" instead of "=" for default verisign-grs queries,
to ignore the name server names spam.
* Fixed make_ip_del_recovered.pl, which generated non-functioningi
data.
* Added the .xn--90ae (??, Bulgaria) TLD server.
* Updated the .bd, .jobs and .mobi TLD servers.
* Added new ASN allocations.
* Added new recovered IPv4 allocations.
* Updated the crsnic.net hiding string to fix hiding for .bi.
* Updated the list of new gTLDs.

==== wireshark ====
Version update (2.2.1 -> 2.2.2)
Subpackages: wireshark-ui-gtk

- Wireshark 2.2.2:
* CVE-2016-9372: Profinet I/O long loop (boo#1010807)
* CVE-2016-9374: AllJoyn crash (boo#1010752)
* CVE-2016-9376: OpenFlow crash (boo#1010735)
* CVE-2016-9373: DCERPC crash (boo#1010754)
* CVE-2016-9375: DTN infinite loop (boo#1010740)
* Further bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups