Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20170331 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: audacity bind cscope efivar elfutils (0.167 -> 0.168) git (2.12.0 -> 2.12.2) goffice (0.10.33 -> 0.10.34) indent jasper kbd ksystemlog (16.12.3 -> 17.03.80) libQtWebKit4 libgphoto2 (2.5.12 -> 2.5.12.1) nghttp2 (1.18.0 -> 1.20.0) okteta (16.12.3 -> 17.03.80) perl-Config-Crontab (1.43 -> 1.44) poppler (0.52.0 -> 0.53.0) poppler-qt5 (0.52.0 -> 0.53.0) python3 (3.6.0 -> 3.6.1) python3-base (3.6.0 -> 3.6.1) ruby2.2 rubygem-fast_gettext (1.3.0 -> 1.4.0) snapper (0.4.3 -> 0.4.4) vigra vm-install (0.8.61 -> 0.8.63) === Details === ==== audacity ==== Subpackages: audacity-lang - Added requires for flac > 1.3.0. ==== bind ==== Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns165 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141 - Add with_systemd define with default off, since we still use init scripts and no systemd units. ==== cscope ==== - cleanup with spec-cleaner - get rid of %{name} macros in the patch names ==== efivar ==== - RPM group fix ==== elfutils ==== Version update (0.167 -> 0.168) Subpackages: libasm1 libdw1 libelf1 libelf1-32bit - Update to version 0.168: libelf: gelf_newehdr and gelf_newehdr now return void *. libdw: dwarf.h corrected the DW_LANG_PLI constant name (was DW_LANG_PL1). readelf: Add optional --symbols[=SECTION] argument to select section name. - Includes changes from 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch and 0001-ar-Fix-GCC7-Wformat-length-issues.patch. - Remove elfutils-0.137-dwarf-header-check-fix.diff which is no longer required after a debugedit fix. ==== git ==== Version update (2.12.0 -> 2.12.2) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - git 2.12.2: * CLI output fixes * "Dump http" transport fixes * various fixes for internal code paths * Trailer "Cc:" RFC fix - git 2.12.1: * Reduce authentication round-trip over HTTP when the server supports just a single authentication method. * "git add -i" patch subcommand fixed to have a path selection * various path verification fixes * fix "git log -L..." buffer overrun ==== goffice ==== Version update (0.10.33 -> 0.10.34) Subpackages: goffice-lang libgoffice-0_10-10 - Update to version 0.10.34: + Fix rich-text format problem. ==== indent ==== - cleanup with spec-cleaner - get rid of %{name} and %{version} macros in the patch names ==== jasper ==== Subpackages: libjasper-devel libjasper1 libjasper1-32bit - Modified patch: * jasper-CVE-2016-9583.patch + integrate upstream change 99a50593254d1b53002719bbecfc946c84b23d27, which fixed a null pointer dereferencing crash. - Added patches: * jasper-CVE-2016-9583.patch - Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400, CVE-2016-9583) * jasper-CVE-2017-6850.patch - NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) (bsc#1021868, CVE-2017-6850) ==== kbd ==== - Revert dropping of kdb-legacy Requires: There are still packages and installation flows that needs this to be present (boo#1027379). ==== ksystemlog ==== Version update (16.12.3 -> 17.03.80) - Update to 17.03.80 * New feature release * For more details please see: * https://www.kde.org/announcements/announce-applications-17.03.80.php - Changes since 16.12.3: * Fix wording (2): "by KDE", not "for KDE" * Fix wording: Plasma is the desktop environment - Add BuildRequires: pkgconfig(libsystemd) ==== libQtWebKit4 ==== - Disable -Wextra due to noisy -Wexpansion_to_defined which is enabled with -Wextra starting with GCC 7. Otherwise we run into "Logfile got too big, killed job.". ==== libgphoto2 ==== Version update (2.5.12 -> 2.5.12.1) Subpackages: libgphoto2-6 libgphoto2-6-32bit libgphoto2-devel - updated to 2.5.12.1 temporary snapshot ptp2: * iPhone iOS 10.2 storage handling fixed, added dynamic storage handling * Sony Alpha Live View support. * Canon EOS M series capture enabled. (might not fully work yet) * Various crashes and endless loops fixed that were found by the AFL fuzzer. * Various bugfixes in Nikon, Canon capture * New USB Ids: * Sony: SLT A37, DSC-RX100M5 * Nikon KeyMission 360 * Canon PowerShot G16 * Canon EOS M5 * Fuji Fujifilm XT-2 * GoPro Hero 5 Black ==== nghttp2 ==== Version update (1.18.0 -> 1.20.0) - Update to version 1.20.0: * lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814) * lib: Add nghttp2_option_set_no_closed_streams (GH-810) * build: Disable spdylay detection by default * build: Add --with-systemd option to configure * fuzz: Add fuzzer for oss-fuzz (GH-799) * src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816) * src: h2 requires >= TLSv1.2 * asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805) * asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu) * asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794) * asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795) * nghttpx: Strip version number from server header field * nghttpx: Add --single-worker option * nghttpx: Fix bug that send_reply does not participate graceful shutdown * nghttpx: Add --frontend-max-requests option * nghttpx: Enable stream-write-timeout by default * nghttpx: Fix stream write timer handling * nghttpx: Add configrevision API endpoint (GH-820) * nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819) * nghttpx: Update log time stamp in millisecond interval * nghttpx: Better error message when private key and certificate are missing * nghttpx: Fix bug that old config is used during reloading configuration * nghttpx: Specify TLS protocol by version range (GH-809) * nghttpx: Send SIGQUIT to the original master process (GH-807) * nghttpx: Restrict HTTP major and minor in 0 or 1 * nghttpx: Drop privilege of neverbleed daemon first * nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802) * nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801) * nghttpx: Send 1xx non-final response using mruby script (GH-800) * nghttpx: Select certificate by client's supported signature algorithm (GH-792) * nghttpx: Recommend POST for backendconfig API request * nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789) * nghttp: add support for link rel="preload" for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791) * h2load: Fix wrong req_stat updates * h2load: Explicitly count the number of requests left and inflight * integration: Fix deprecation warnings * integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr - Changes for version 1.19.0: * lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object * Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769) * doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768) * build: Compile with Android NDK r13b using clang * src: Fix assertion error with boringssl * nghttp: Take into account scheme and port when parsing HTML links * nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783) * nghttpx: Add --accesslog-write-early option (GH-777) * nghttpx: Fix access.log timestamp (GH-778) * nghttpx: Show default cipher list in -h * nghttpx: Add client-ciphers option * nghttpx: Add client-no-http2-cipher-black-list option * nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections. * nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612) * nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612) * nghttpx: Enable SCT with OpenSSL 1.1.0 * nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765) * h2load: Show default cipher list in -h * h2load: Show custom server temp key such as X25519 * h2load: Fix incorrect return value from spdylay_send_callback - Changes for version 1.18.1: * nghttpx: Fix assertion error in libev ev_io_start (GH-759) * nghttpx: Handle c-ares success without result * nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763) * nghttpx: Fix bug that DNS timeout was ignored (GH-763) ==== okteta ==== Version update (16.12.3 -> 17.03.80) Subpackages: okteta-devel - Update to 17.03.80 * New feature release * For more details please see: * https://www.kde.org/announcements/announce-applications-17.03.80.php - Changes since 16.12.3: * For compared or concatenated strings use QLatin1String, not QStringLiteral * Do not use static QString objects * Add missing emit keyword on signal call * Compose string manually * Remove unused variables/instances * Avoid calling methods on a temporary object * Add missing Q_OBJECT macro to QObject subclasses * Do not exit application if KDBusService fails to initialize. * Fix typo in docs * fix wrong structures directory * replace kf5-config from kdelibs4support with qtpaths * Point to category page on store.kde.org in docs * Replace kde-files.org with store.kde.org in docs * Bump version to 0.21.60 - Add BuildRequires: cmake(Qca-qt5) ==== perl-Config-Crontab ==== Version update (1.43 -> 1.44) - updated to 1.44 see /usr/share/doc/packages/perl-Config-Crontab/Changes Release 1.44 - --------------------------- commit a81b708e1b5b023b6fc70ec7b68ce4cfcd1d5628 Author: Scott Wiersdorf <scott@perlcode.org> Date: Mon Mar 20 14:24:08 2017 -0600 skip crontab writes unless explicitly asked for ==== poppler ==== Version update (0.52.0 -> 0.53.0) Subpackages: libpoppler-cpp0 libpoppler-devel libpoppler-glib8 poppler-tools - Update to version 0.53.0: + core: - Form support improvements. - SplashOutputDev: Fix memory leak when rendering images with colormap and matte color. - Minor fix in GlobalParams documentation. + qt5: - Expose form calculate order. - Expose Form additional actions. + utils: - pdfimages: support 16bpc png and tiff images (fdo#99988). - pdftohtml: fix small memory leak when constructing some filenames. - pdfinfo: fix leak when printing JS. + build system: Compile in C++11 mode. - Bump soversion following upstream changes. - Stop exporting -std=gnu++11 for older versions of gcc, upstream now ensures this happens. ==== poppler-qt5 ==== Version update (0.52.0 -> 0.53.0) Subpackages: libpoppler-qt5-1 libpoppler-qt5-devel - Update to version 0.53.0: + core: - Form support improvements. - SplashOutputDev: Fix memory leak when rendering images with colormap and matte color. - Minor fix in GlobalParams documentation. + qt5: - Expose form calculate order. - Expose Form additional actions. + utils: - pdfimages: support 16bpc png and tiff images (fdo#99988). - pdftohtml: fix small memory leak when constructing some filenames. - pdfinfo: fix leak when printing JS. + build system: Compile in C++11 mode. - Bump soversion following upstream changes. - Stop exporting -std=gnu++11 for older versions of gcc, upstream now ensures this happens. ==== python3 ==== Version update (3.6.0 -> 3.6.1) Subpackages: python3-curses python3-dbm python3-tk - update to 3.6.1 * see python3-base for details ==== python3-base ==== Version update (3.6.0 -> 3.6.1) Subpackages: libpython3_6m1_0 python3-idle - update to 3.6.1 * bugfix release, over a hundred bugs fixed * never add import location's parent directory to sys.path * switch to git for version control, build changes related to that * fix "failed to get random numbers" on old kernels (bsc#1029902) * several crashes and memory leaks corrected * f-string are no longer accepted as docstrings ==== ruby2.2 ==== Subpackages: libruby2_2-2_2 ruby2.2-devel ruby2.2-stdlib - added patch by rguenther@ to fix building with GCC7: 0005-RB_GC_GUARD-stronger-than-gcc7.patch - switched to git branch based patching. we replace all patches in this round: removed: - 0001-GC-Use-__builtin_ppc_get_timebase-for-POWER-arch.patch - make-gem-build-reproducible.patch - ruby-1.9.2p290_tcl_no_stupid_rpaths.patch - ruby2.2.x_rbinstall_gem_buildroot.patch (unused) - rubygems-1.5.0_buildroot.patch (unused) added: - 0001-tcl-no-stupid-rpaths.patch - 0002-make-gem-build-reproducible.patch - 0003-gc.c-tick-for-POWER-arch.patch - added 0004-manual-backport-for-CVE-2016-2339.patch CVE-2016-2339 (boo#1018808) ==== rubygem-fast_gettext ==== Version update (1.3.0 -> 1.4.0) - updated to version 1.4.0 see installed CHANGELOG ==== snapper ==== Version update (0.4.3 -> 0.4.4) Subpackages: libsnapper4 snapper-zypp-plugin - remove read-only mount option for new fstab entry in mksubvolume (bsc#1030257) - version 0.4.4 ==== vigra ==== - Add patch gcc7-Fix-parameter-of-ImagePyramid-swap.patch in order to fix using the library with a GCC 7. ==== vm-install ==== Version update (0.8.61 -> 0.8.63) - bsc#1027106 - ISO based installations of Xen PV guests do not automatically find the installation sources - Version 0.8.63 - Fix initializing the host installation source location - Version 0.8.62 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org