Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&version=42.3&build=0321&groupid=28 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&query_format=advanced&resolution=---&version=Leap%2042.3 When you reply to discuss some issues, make sure to change the subject. Please use the test plan at https://docs.google.com/spreadsheets/d/1AGKijKpKiJCB616-bHVoNQuhWHpQLHPWCb3m... to record your testing efforts and use bugzilla to report bugs. Packages changed: khtml mpg123 (1.24.0 -> 1.25.1) plasma-framework plasma-nm5 sddm xorg-x11-server === Details === ==== khtml ==== Subpackages: khtml-devel libKF5KHtml5 libKF5KHtml5-lang - Add 0001-Support-SVG-too.patch to make Konqueror's startup page show icons with the breeze theme (boo#1011092, kde#355872) - Add patch to fix build with Qt 5.9: * fix-build-qt59.patch ==== mpg123 ==== Version update (1.24.0 -> 1.25.1) Subpackages: libmpg123-0 mpg123-esound mpg123-openal mpg123-pulse - Update to version 1.25.1 * libmpg123: + Avoid memset(NULL, 0, 0) to calm down the paranoid. + Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes (unnoticed in practice for a long time). Fuzzers are in the house again. This one got CVE-2017-10683. + Avoid a mostly harmless conditional jump depending on uninitialised fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet. + Fix undefined shifts on signed long mask in layer3.c (worked in practice, never right in theory). Code might be a bit faster now, even. Thanks to Agostino Sarubbo for reporting. 1.25.0: * Silence test for artsc-config if it is not there. * Make sure -static-libgcc from LDFLAGS gets through libtool, fixing 32 bit Windows builds (depend on libgcc DLL otherwise). * Fix build with non-GNU make by using plain rm -f instead of silly $(RM) in libout123/modules makefile fragment. * Make build work on iOS, including coreaudio backend. * libmpg123: + Finally provide position-independent code for x86 with assembly optimisations.The textrels are gone thanks to Won Kyu Park and Taihei Momma. + Clarify some license language in files descending from the original MMX optimisation. + Fix return value overflow check for MPG123_BUFFERFILL. + Introduced mpg123_getformat2() to enable the FORMAT command for the generic control not stealing MPG123_NEW_FORMAT from the main playback loop. The sequence LOADPAUSED-FORMAT-PAUSE (play) is supposed to work now. + Enable aarch64 optimisations on *BSD by default, too. You can always override that stupid OS whitelist using - -with-optimization, anyway. + Use of the i486 decoder is now discouraged more prominently, in configure output. * out123: Fix stupid crash with verbose mode and tone generation (print the string if the pointer is non-null, not if it is null). * libout123: More consistent error messages for dynamic and legacy (built-in) modules. Namely, you get a hint how if you choose a different module than the built-in ones for a static libout123. - Fixes (boo#1046766) ==== plasma-framework ==== Subpackages: plasma-framework-components plasma-framework-devel plasma-framework-lang plasma-framework-private - Add upstream patch to fix favorite applications' icons being unintentionally taken from the desktop theme instead of the icon theme in the default application menu (boo#1047849): * reload-icon-when-usesPlasmaTheme-changes.patch ==== plasma-nm5 ==== Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Backport upstream patches to introduce configuration for modem pin input (boo#1037917): * 0001-Add-option-to-disable-unlocking-modem-on-detection.patch * 0002-Add-missing-file-with-UI-for-configuration.patch ==== sddm ==== Subpackages: sddm-branding-openSUSE - Replace patch with version merged upstream, to avoid potentially killing the X server: * 0001-Also-theme-the-default-cursor-for-the-root-window.patch ==== xorg-x11-server ==== Subpackages: xorg-x11-server-extra xorg-x11-server-sdk - U_Xi-Do-not-try-to-swap-GenericEvent.patch, U_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch, U_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch, U_dix-Disallow-GenericEvent-in-SendEvent-request.patch * Fix security issues in event handling. (bnc#1035283, CVE-2017-10971, CVE-2017-10972) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org