Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20170925 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: NetworkManager-applet (1.8.2 -> 1.8.4) NetworkManager-openvpn (1.2.10 -> 1.8.0) PackageKit apparmor cups emacs (25.2 -> 25.3) file (5.31 -> 5.32) gnome-session gnome-shell gnome-tweak-tool (3.26.0 -> 3.26.1) gnutls (3.5.15 -> 3.6.0) gstreamer (1.12.2 -> 1.12.3) gstreamer-plugins-bad (1.12.2 -> 1.12.3) gstreamer-plugins-base (1.12.2 -> 1.12.3) gstreamer-plugins-good (1.12.2 -> 1.12.3) gstreamer-plugins-ugly (1.12.2 -> 1.12.3) gstreamer-rtsp-server (1.12.2 -> 1.12.3) gstreamer-transcoder (1.12.0 -> 1.12.1) gstreamer-validate (1.12.2 -> 1.12.3) libffi libvirt libzypp (16.17.0 -> 16.17.1) lightdm (1.22.0 -> 1.24.0) lightdm-gtk-greeter (2.0.2 -> 2.0.3) mariadb mozilla-nspr (4.15 -> 4.16) mozilla-nss (3.31.1 -> 3.32.1) multipath-tools (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439) mysql-connector-cpp (1.1.8 -> 1.1.9) obs-service-source_validator (0.6+git20170830.0775ae8 -> 0.6+git20170922.230bbc4) openjpeg openldap2 patterns-devel-base pciutils-ids (20170710 -> 20170917) perl-IO-Socket-SSL (2.025 -> 2.051) perl-List-MoreUtils (0.419 -> 0.425) perl-libwww-perl (6.26 -> 6.27) permissions (20170913 -> 20170922) python-M2Crypto (0.26.0 -> 0.26.3) python-chardet python-gst (1.12.2 -> 1.12.3) python-pyasn1 (0.3.5 -> 0.3.6) qemu qemu-linux-user samba (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d) shared-mime-info (1.8 -> 1.9) squid (3.5.26 -> 3.5.27) swig tbb (2017_20170412 -> 2018_20170726) virtualbox (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1) wget wine (2.15 -> 2.17) yast2-theme (3.3.0 -> 4.0.0) zypper (1.13.35 -> 1.13.36) === Details === ==== NetworkManager-applet ==== Version update (1.8.2 -> 1.8.4) Subpackages: NetworkManager-connection-editor libnm-gtk0 libnma0 nma-data typelib-1_0-NMGtk-1_0 - Update to version 1.8.4: + nm-c-e: - Major rework of the nm-connection-editor UI. - Add support for MACsec. - Add support for new PPPoE connections not limited to ethernet. - Add support for bridge's group-forward-mask property. + applet: - Fix nm-applet's status icon when a VPN has the default route. - Always center dialogs on the screen. + libnma: Fix handling empty password for certificate chooser. + Various bugfixes and minor improvements. + Updated translations. - Only BuildRequire pkgconfig(dbusmenu-gtk3-0.4) when building with appindicator support. ==== NetworkManager-openvpn ==== Version update (1.2.10 -> 1.8.0) Subpackages: NetworkManager-openvpn-gnome - Update to version 1.8.0: + Use gresources for ui files. + Use NMACertChooser for PKCS#11 support. + Support --ifconfig option not only for static key connections (bgo#774727). + Fix import for key-direction to make it independent of the order (bgo#778154). + Extend support for address family specifier for remote protocol (bgo#731620). + Updated translations. - Drop add-support-for-IP-address-family-specifier-for-remote.patch: Fixed upstream. - Drop obsolete post(un) handling of icon_theme_cache_post(un), no longer needed, there is no icon files anymore. - Run spec-cleaner, modernize spec. ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - No longer BuildRequires libqt4-devel, this part is in a separate project since version 0.8.6. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - add apparmor-fix-podsyntax.patch from mailing list to fix compilation with perl 5.26 ==== cups ==== Subpackages: cups-client cups-devel cups-libs cups-libs-32bit - Pre-require user(lp) in cups-libs ==== emacs ==== Version update (25.2 -> 25.3) Subpackages: emacs-info emacs-nox emacs-x11 etags - Update to emacs version 25.2 a security release * * Security vulnerability related to Enriched Text mode is removed. - Modified patches * emacs-24.4-ps-bdf.patch * emacs-25.2-ImageMagick7.patch * emacs-25.2-bsc1058425.patch now partly upstream - Rename emacs-25.2.dif to emacs-25.3.dif ==== file ==== Version update (5.31 -> 5.32) Subpackages: file-devel file-magic libmagic1 libmagic1-32bit - Update to file version 5.32 * Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski) * Fix always true condition (Thomas Jarosch) * pickier parsing of numeric values in magic files. * PR/615 add magic_getflags() - This release fix the bug bsc#1056838 for CVE-2017-1000249 - Remove patch file-5.31-fix-tga.dif as now upstream - Rename patch file-5.31.dif which now becomes file-5.32.dif - Modify the patches * file-5.16-ocloexec.patch * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.23-endian.patch * file-5.28-btrfs-image.dif ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-default-session gnome-session-lang - Re-add gnome-session-logging-to-systemd-journal-configurable.patch (not yet upstream [bsc#979498], [bgo#768982]). - Revert "Enable SLE-Classic for wayland": the SLE-Classic session requires gnome-shell-extensions, which is the reason why the X-Session is shipped as part of that package. The wayland session should also be there. - Register GNOME with u-a handler for default.desktop implementation, which obsoletes the change in /etc/sysconfig/windowmanager to pick the 'default window manager' (boo#1039756). ==== gnome-shell ==== Subpackages: gnome-shell-browser-plugin gnome-shell-calendar gnome-shell-lang - Add gnome-shell-only-listen-window-created-events-once.patch: gtk-embed: ensure we only listen for window-created events once (bgo#787361). ==== gnome-tweak-tool ==== Version update (3.26.0 -> 3.26.1) Subpackages: gnome-tweak-tool-lang - Update to version 3.26.1: + New bugfix release: - Fix enabling and disabling GNOME Shell extensions. - Fix Workspace tweaks in GNOME Shell and "modes". - Hide Workspaces panel if GNOME Shell isn't running. - Add "Activities Overview Hot Corner" tweak. This is disabled by default because it requires a patch from bgo#688320 that hasn't been committed yet. + Updated translations. ==== gnutls ==== Version update (3.5.15 -> 3.6.0) Subpackages: libgnutls-dane0 libgnutls-devel libgnutls30 libgnutls30-32bit - Disable flaky dtls_resume test on Power * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - GnuTLS 3.6.0: * Introduce a lock-free random generator which operates per- thread and eliminates random-generator related bottlenecks in multi-threaded operation. * Replace the Salsa20 random generator with one based on CHACHA. The goal is to reduce code needed in cache (CHACHA is also used for TLS), and the number of primitives used by the library. That does not affect the AES-DRBG random generator used in FIPS140-2 mode. * Add support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange * Add support for Ed25519 signing in certificates and TLS key exchange following draft-ietf-tls-rfc4492bis-17 * Enable X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. * Add support for Diffie-Hellman group negotiation following RFC7919. * Introduce various sanity checks on certificate import * Introduce gnutls_x509_crt_set_flags(). This function can set flags in the crt structure. The only flag supported at the moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity checks on import. * PKIX certificates with unknown critical extensions are rejected on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS * Refuse to generate a certificate with an illegal version, or an illegal serial number. That is, gnutls_x509_crt_set_version() and gnutls_x509_crt_set_serial(), will fail on input considered to be invalid in RFC5280. * Call to gnutls_record_send() and gnutls_record_recv() prior to handshake being complete are now refused * Add support for PKCS#12 files with no salt (zero length) in their password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. * libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. * Add new callback setting function to gnutls_privkey_t for external keys. The new function (gnutls_privkey_import_ext4), allows signing in addition to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. * Introduce the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These allows enabling all broken and SHA1-based signature algorithms in certificate verification, respectively. * 3DES-CBC is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+3DES-CBC". * SHA1 was marked as insecure for signing certificates. Verification of certificates signed with SHA1 is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. Other uses of SHA1 are still allowed. * RIPEMD160 was marked as insecure for certificate signatures. Verification of certificates signed with RIPEMD160 hash algorithm is now considered insecure and will fail, unless flags intended to enable broken algorithms are set. * No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. These curves were rarely used for that purpose, provide no advantage over x25519 and were deprecated by TLS 1.3. * Remove support for DEFLATE, or any other compression method. * OpenPGP authentication was removed; the resulting library is ABI compatible, with the openpgp related functions being stubs that fail on invocation. Drop gnutls-broken-openpgp-tests.patch, no longer required. * Remove support for libidn (i.e., IDNA2003); gnutls can now be compiled only with libidn2 which provides IDNA2008. * certtool: The option '--load-ca-certificate' can now accept PKCS#11 URLs in addition to files. * certtool: The option '--load-crl' can now be used when generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). * certtool: Keys with provable RSA and DSA parameters are now only read and exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. This removes support for the previous a non-standard key format. * certtool: Added support for generating, printing and handling RSA-PSS and Ed25519 keys and certificates. * certtool: the parameters --rsa, --dsa and --ecdsa to - -generate-privkey are now deprecated, replaced by the - -key-type option. * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were replaced by the --generate-privkey option. * psktool: Generate 256-bit keys by default. * gnutls-server: Increase request buffer size to 16kb, and added the --alpn and --alpn-fatal options, allowing testing of ALPN negotiation. * Enables FIPS 140-2 mode during build ==== gstreamer ==== Version update (1.12.2 -> 1.12.3) Subpackages: gstreamer-devel gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0 - Update to version 1.12.3: + Fix for infinite recursion on buffer free in v4l2. + Fix for glimagesink crash on macOS when used via autovideosink. + Fix for huge overhead in matroskamux caused by writing one Cluster per audio-frame in audio-only streams. Also use SimpleBlocks for Opus and other audio codecs, which works around a bug in VLC that prevented Opus streams to be played and decreases overhead even more. + Fix for flushing seeks in rtpmsrc always causing an error. + Fix for timestamp overflows in calculations in audio encoder base class. + Fix for RTP h265 depayloader marking P-frames as I-frames. + Fix for long connection delays of clients in RTSP server. + Fixes for event handling in queue and queue2 elements, and updates to buffering levels on NOT_LINKED streams. + Various fixes to event and buffering handling in decodebin3/playbin3. + Various fixes for memory leaks, deadlocks and crashes in all modules. + Bugs fixed: bgo#778193, bgo#786034, bgo#786056, bgo#786561. ==== gstreamer-plugins-bad ==== Version update (1.12.2 -> 1.12.3) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Update to version 1.12.3: + Bugs fixed: bgo#767462, bgo#782379, bgo#784887, bgo#785119, bgo#785941, bgo#785957, bgo#785987, bgo#786036, bgo#786201, bgo#786250, bgo#787234, bgo#787309, bgo#787442, bgo#787727. - Replace pkgconfig(libopenjpeg1) with pkgconfig(libopenjp2) BuildRequires: Build against the new branch of libopenjpeg. ==== gstreamer-plugins-base ==== Version update (1.12.2 -> 1.12.3) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.12.3: + Bugs fixed: bgo#785011, bgo#771088, bgo#777735, bgo#785065, bgo#785331, bgo#785341, bgo#785799, bgo#785948, bgo#785951, bgo#786200. ==== gstreamer-plugins-good ==== Version update (1.12.2 -> 1.12.3) Subpackages: gstreamer-plugins-good-extra - Update to version 1.12.3: + Bugs fixed: bgo#759292, bgo#781458, bgo#783086, bgo#784250, bgo#784971, bgo#785429, bgo#785435, bgo#785990, bgo#785991, bgo#786268, bgo#786670, bgo#786718, bgo#787160, bgo#787254, bgo#787313. ==== gstreamer-plugins-ugly ==== Version update (1.12.2 -> 1.12.3) - Update to version 1.12.3: + Bugs fixed: bgo#784982, bgo#785388, bgo#787398. - Drop gst-ugly-fix-caps-and-memory-leaks.patch: Fixed upstream. ==== gstreamer-rtsp-server ==== Version update (1.12.2 -> 1.12.3) - Update to version 1.12.3: + Bugs fixed: bgo#784094, bgo#786457. ==== gstreamer-transcoder ==== Version update (1.12.0 -> 1.12.1) Subpackages: libgsttranscoder-1_0-0 typelib-1_0-GstTranscoder-1_0 - Update to version 1.12.1: + No changelog provided, please check upstream git log. ==== gstreamer-validate ==== Version update (1.12.2 -> 1.12.3) Subpackages: libgstvalidate-1_0-0 typelib-1_0-GstValidate-1_0 - Update to version 1.12.3: + launcher: Automatically disable output coloration if not supported. + meson: Fix the way we set the testsuite version. + validate:launcher: Use the number of failed test as exit code. ==== libffi ==== Subpackages: libffi-devel libffi7 libffi7-32bit - aarch64-struct-by-value.patch: fix passing struct by value on aarch64 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - apparmor: add temporary profile fixes to allow starting domains apparmor-ptrace-support.patch bsc#1058847 ==== libzypp ==== Version update (16.17.0 -> 16.17.1) - Default to 'solver.dupAllowVendorChange = false' on SLE15 (FATE#323478) - Remove unused legacy notify-message script (bsc#1058783) - version 16.17.1 (0) ==== lightdm ==== Version update (1.22.0 -> 1.24.0) Subpackages: liblightdm-gobject-1-0 lightdm-lang - Update to version 1.24.0: * No changes. ==== lightdm-gtk-greeter ==== Version update (2.0.2 -> 2.0.3) Subpackages: lightdm-gtk-greeter-lang - Update to version 2.0.3: * gnome-common is no longer required or used. * Build errors with gcc-7 have been resolved. * Fix enabling Orca screen reader freezes the greeter (lp#1483864). * Scale user image to fit instead of expanding the greeter window (lp#1512963). * Replace usage of deprecated GNOME macros (lp#1599486, deb#829931). * Disable Alt+F4 shutdown accelerator if power indicator is not present (lp#1690129). * Pre-fill logged in username when locked and hide-users is enabled (lp#1701577). * Reset xsession to default if selected user is not found (lp#1701745). * Fix missing break in switch. * Fix deference after null check. * Update translations. ==== mariadb ==== Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18 libmysqld18 mariadb-client mariadb-errormessages - Explicitly require libopenssl-1_0_0-devel, to successfully build once we switch openssl to 1.1 (bsc#1042632) ==== mozilla-nspr ==== Version update (4.15 -> 4.16) - update to version 4.16 * contains various correctness fixes see https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&query_format=advanced&product=NSPR&target_milestone=4.16 for details ==== mozilla-nss ==== Version update (3.31.1 -> 3.32.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.32.1 * no upstream changelog/releasenote provided ==== multipath-tools ==== Version update (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439) Subpackages: kpartx - Update to version 0.7.3+10+suse.70ccb55b0439: - Rebase to upstream release 0.7.3 * libmultipath: add pthread_cleanup hook for udev monitor * libmultipath: pull functions into util.c * libmultipath: change reservation_key to a be64 * libmpathpersist: fix update_prflag code * multipath: add alternate reservation_key method * mpathpersist: add support for prkeys file * multipath-tools: minor edition and corrections in multipath.conf.5 * multipath-tools: fix incorrect length for strncmp in uevent.c * multipath-tools: clarify how to dump the multipathd config * multipath-tools: replace "setting: array" with "setting: storage device" at multipath output * libmultipath: sanitize fd handling * multipath-tools: link internal libraries before foreigns * multipath-tools: remove Sun StorEdge T4(6020,6120,6320) arrays from hwtable * multipath-tools: add support for all arrays from Sun StorEdge 3000 family * multipath-tools: add Xiotech iglu blaze arrays to hwtable * multipath-tools: add Dot Hill/Seagate arrays to hwtable * libmultipath: update INFINIDAT builtin config * multipath-tools: add info about adding new hardware * multipath-tools: Remove the limitation of IPC command reply length. * multipath-tools: libdmmp: Improve timeout mechanism * multipath-tools: libdmmp: New function to flush and reconfig * Bump version to 0.7.3 - minor fixes for upstream 0.7.3 * libmultipath: ensure checker->fd == -1 if not set * libmpathpersist: add support for prkeys file v3 * multipath: add man page info for my prkey changes - Patch series for NVMe discovery and failover (bsc#1038865) * discovery: sanitize NVMe discovery * libmultipath/discovery: modify NVMe path states * Add 'none' checker * hwtable: set 'none' as default checker for NVMe - Update to version 0.7.2+49+suse.993a29b1188d: * Revert "11-dm-mpath.rules: Remember DM_ACTIVATION" (boo#1059227) * Revert "11-dm-mpath.rules: don't set READY->ACTIVATION" (boo#1059227) * multipath: delegate using libmpathcmd (bsc#1047639) - split off rados support into separate multipath-tools-rbd package. This avoids pulling in the whole rados/ibverbs/rdma stack with multipath-tools. (bsc#1058504). - multipath-tools-rbd is Recommended but not Required by multipath-tools. ==== mysql-connector-cpp ==== Version update (1.1.8 -> 1.1.9) - Update to version 1.1.9: * release notes: https://dev.mysql.com/doc/relnotes/connector-cpp/en/news-1-1-9.html - Remove installing of ANNOUNCEMENT and CHANGES files that are no longer present - Add "Requires: libboost_headers-devel" for libmysqlcppconn-devel subpackage ("Requires: boost-devel" for the older distros that don't have libboost_headers-devel available yet) [bsc#838038] ==== obs-service-source_validator ==== Version update (0.6+git20170830.0775ae8 -> 0.6+git20170922.230bbc4) - Update to version 0.6+git20170922.230bbc4: * deal with nil, flavor defines in output_versions * defining flavor in last change was not needed, remove * 45-stale-changes: use spec_query instead of output_versions using the specfile parser from the build package (boo#1059858) ==== openjpeg ==== - Convert to pkgconfig - Remove fedora conditionals as nothing in opensuse actually builds against it - Add patch to fix ffast-math issue bsc#1029609 bsc#1059440: * openjpeg-fast-math.patch ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - added 0012-ITS8051-sockdnpat.patch ==== patterns-devel-base ==== Subpackages: patterns-devel-base-devel_basis patterns-devel-base-devel_kernel patterns-devel-base-devel_rpm_build patterns-devel-base-devel_web - Swap web pattern from php5 to php7 ==== pciutils-ids ==== Version update (20170710 -> 20170917) - Rectify package summary. - Update to 20170917 ==== perl-IO-Socket-SSL ==== Version update (2.025 -> 2.051) - update to 2.051 - syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up https://github.com/noxxi/p5-io-socket-ssl/issues/62 - removed unecessary settings of SSL_version and SSL_cipher_list from tests - protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not supported as is the case with openssl versions in latest Debian (buster) - fixed problem caused by typo in the context of session cache https://github.com/noxxi/p5-io-socket-ssl/issues/60 - update PublicSuffix information from publicsuffix.org - fixed small memory leaks during destruction of socket and context, RT#120643 - better fix for problem which 2.046 tried to fix but broke LWP this way - cleanup everything in DESTROY and make sure to start with a fresh %{*self} in configure_SSL because it can happen that a GLOB gets used again without calling DESTROY (https://github.com/noxxi/p5-io-socket-ssl/issues/56) - fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL objects -> github pull#55 - optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD if perl is compiled w/o thread support - small fix in t/protocol_version.t to use older versions of Net::SSLeay with openssl build w/o SSLv3 support - when setting SSL_keepSocketOnError to true the socket will not be closed on fatal error. This is a modified version of https://github.com/noxxi/p5-io-socket-ssl/pull/53/ - protect various 'eval'-based capability detections at startup with a localized __DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by various third party software should cause less problems even if there is a global __DIE__ handler which does not properly deal with 'eval'. - make t/session_ticket.t work with OpenSSL 1.1.0. With this version the session does not get reused any longer if it was not properly closed which is now done using an explicit close by the client which causes a proper SSL_shutdown - enable session ticket callback with Net::SSLeay>=1.80 - leave session ticket callback off for now until the needed patch is included in Net::SSLeay. See https://rt.cpan.org/Ticket/Display.html?id=116118#txn-1696146 - fix detection of default CA path for OpenSSL 1.1.x - Utils::CERT_asHash now includes the signature algorithm used - Utils::CERT_asHash can now deal with large serial numbers - OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on EOF without proper SSL shutdown. Since it looks like that this behavior will be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR on SSL_ERROR_SYSCALL as EOF. - restrict session ticket callback to Net::SSLeay 1.79+ since version before contains bug. Add test for session reuse - extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....' - fix t/external/ocsp.t to use different server (under my control) to check OCSP stapling - fix session cache del_session: it freed the session but did not properly remove it from the cache. Further reuse causes crash. - disable OCSP support when Net::SSLeay 1.75..1.77 is used, see RT#116795 - move handling of global SSL arguments into creation of context, so that these get also applied when creating a context only. - support for session ticket reuse over multiple contexts and processes (if supported by Net::SSLeay) - small optimizations, like saving various Net::SSLeay constants into variables and access variables instead of calling the constant sub all the time - make t/dhe.t work with openssl 1.1.0 - Set session id context only on the server side. Even if the documentation for SSL_CTX_set_session_id_context makes clear that this function is server side only it actually affects hndling of session reuse on the client side too and can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session in different context" at the client. - Utils::CERT_create - don't add given extensions again if they were already added. Firefox croaks with sec_error_extension_value_invalid if (specific?) extensions are given twice. - assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates with the reverse order as in the PKCS12 file, because that's what it does. - support for creating ECC keys in Utils once supported by Net::SSLeay - remove internal sub session_cache and access cache directly (faster) - fix del_session method in case a single item was in the cache - use SSL_session_key as the real key for the cache and not some derivate of it, so that it works to remove the entry using the same key - add del_session method to session cache - only added Changes for 2.026 - update default server and client ciphers based on recommendation of Mozilla and what the current browsers use. Notably this finally disables RC4 for the client (was disabled for server long ago) and adds CHACHA20. - drop perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch (upstream) ==== perl-List-MoreUtils ==== Version update (0.419 -> 0.425) - updated to 0.425 see /usr/share/doc/packages/perl-List-MoreUtils/Changes 0.425 2017-09-06 - release 0.424_001 as 0.425 with XS is META.* after 136:0 PASS:FAIL on CPAN Tester Matrix 0.424_001 2017-09-05 - Makefile.PL: modify PREREQ_PM instead of recommend dynamically 0.423 2017-08-22 - sync version with List::MoreUtils::XS - add examples for binsert/bremove (LMU::XS issue #1, Thanks to shawnlaffan) - update tests to latest List::MoreUtils::XS - recommend List::MoreUtils::XS 0.423 0.420_001 2017-08-15 - add some new functions: * qsort (XS only) * binsert * bremove * listcmp * arrayify (RT#17230) * samples (RT#77562) * minmaxstr (RT#106401) * lower_bound * upper_bound * equal_range * frequencies * occurrences * mode (RT#91991) * zip6 (RT#42921) * reduce_0 * reduce_1 * reduce_u - improve tests - make List::MoreUtils::XS independent from List::MoreUtils Note that List::MoreUtils::XS doesn't guarantee API stability - this feature is only provided through List::MoreUtils as frontend. - improve Makefile.PL regarding some build artifacts ==== perl-libwww-perl ==== Version update (6.26 -> 6.27) - updated to 6.27 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.27 2017-09-21 - Switch to Getopt::Long in lwp-download (GH #262) - Fix lwp-request -C (GH #261) - Hide LWP::Protocol::http::Socket, LWP::Protocol::http::SocketMethods and LWP::Debug::TraceHTTP::Socket from PAUSE - Add tests for the "get" & "head" functions (GH #252) - Update lwpcook.pod (GH #256) - Handle undefined values in ->credentials (GH #157) - Fix lwp-mirror options checks. - Update bin/ scripts to use $LWP::VERSION instead of ->Version() - Improve lwp-download --help (GH #262) ==== permissions ==== Version update (20170913 -> 20170922) - Update to version 20170922: * Allow setuid root for singularity (group only) bsc#1028304 ==== python-M2Crypto ==== Version update (0.26.0 -> 0.26.3) - Update to 0.26.3 with fix for a syntax error - Update to 0.26.2 * compatibility with OpenSSL 1.1.0 ==== python-chardet ==== Subpackages: python2-chardet python3-chardet - add update-alternatives post-requires ==== python-gst ==== Version update (1.12.2 -> 1.12.3) - Update to version 1.12.3: + plugin: Always initialize GIL state. + Add support for Gst.Bitmask. + tests: Stop using deprecated assertion methods. + tests: Move all Fundamental types tests in a file. + structure: Add a .keys() method and implement __str__. + Return a Gst.*Range instead of a python range converting from GValue to python. + structures: Override __new__ to make it more pythonic. + overrides: Remove IntRange And Int64Range on Python2. ==== python-pyasn1 ==== Version update (0.3.5 -> 0.3.6) Subpackages: python2-pyasn1 python3-pyasn1 - updated to upstream release 0.3.6 * End-of-octets encoding optimized at ASN.1 encoders * The __getitem__/__setitem__ behavior of Set/Sequence and SetOf/SequenceOf objects aligned with the canonical Mapping and Sequence protocols in part * Fixed crash in ASN.1 encoder when encoding an explicitly tagged component of a Sequence ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - For SLE15 pre-release testing, add support for the EPYC processor. This will be officially supported once it is included in the v2.11 release. (bsc#1052825) 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch - Fix some support statements in our SLE support documents. ==== qemu-linux-user ==== - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10 * Patches added: 0036-target-i386-cpu-Add-new-EPYC-CPU-mo.patch ==== samba ==== Version update (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624). - CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622). - CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565). ==== shared-mime-info ==== Version update (1.8 -> 1.9) - Update to version 1.9: + Add x-systemd-unit and x-dbus-service MIME types. + Fix magic for application/x-java-keystore on little endian. + Add mime-type for STL 3D models and GCODE. + Add application/x-executable as a supertype of application/ecmascript. + Add shebang magic for gjs JavaScript files. + Add a mimetype for Khronos texture files. + Add a mime-type for Famicom Disk System images. + Add "font" top level type, and use IANA registered type for TTF, OTF, WOFF, TTC and WOFF2. + Add OpenCL mime-type. + Add text/x-python3 content type. + Add Audible.com mime type. + Add application/x-atari-lynx-rom. + Add application/x-wonderswan-rom. + Add application/x-virtual-boy-rom. + Better JPEG 2000 MIME type support. + Add support for GIMP data files (.gbr, .gih, .pat). + Add an alias for Adobe Illustrator formats. + Add *.mjs glob for Javascript. + Rename application/x-trig to application/trig. + Rename Panasonic RAW image mime-types to image/x-panasonic-rw*. + Change the preferred suffix for image/x-tga from icb to tga. + Correct "PostScript" capitalisation. + Add mimetype for AppImage Type 2. + Remove AppImage glob with different casing. ==== squid ==== Version update (3.5.26 -> 3.5.27) - Add missing build dependency on libnsl-devel for Factory. libnsl was split from glibc - Update Squid to 3.5.27 * bug fix release - for complete list of changes see http://www.squid-cache.org/Versions/v3/3.5/changesets/ ==== swig ==== - add swig-perl526.patch from upstream to work with perl 5.26 ==== tbb ==== Version update (2017_20170412 -> 2018_20170726) - Update to version 2018 release * Now fully supports this_task_arena::isolate() function. * Parallel STL, an implementation of the C++ standard library algorithms with support for execution policies, has been introduced. * Fixed a bug preventing use of streaming_node and opencl_node with Clang. * Fixed this_task_arena::isolate() function to work correctly with parallel_invoke and parallel_do algorithms. * Fixed a memory leak in composite_node. * Fixed an assertion failure in debug tbbmalloc binaries when TBBMALLOC_CLEAN_ALL_BUFFERS is used. ==== virtualbox ==== Version update (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1) Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11 - Add file "fixes_for_4.14.patch" to handle API change in kernel 4.14. Remove file "vbox_fix_42.3_api.patch" as that fix is included in upstream code. - Version bump to 5.1.28 (released 2017-09-13 by Oracle) This is a maintenance release. The following items were fixed and/or added: Audio: fixed accidental crashes when using the AC'97 sound emulation (bug #16959) Audio: fixed crash when default input or output devices have changed (bugs #16968, #16969, #17004) Audio: fixed recording when using the ALSA backend Audio: fixed handle leak when using the OSS backend E1000: fixed a crash related to VLAN traffic over internal network (5.1.26 regression; bug #16960) NAT: apply --natbindip1 to TCP connections (bug #16478) OVF: when importing an appliance with XHCI controller, don't add an OHCI controller. Linux hosts: fixed creating fixed sized VDI images (bug #17010) Linux hosts / guests: fixes for Linux 4.4 of openSUSE Leap 42.3 (bug #16966) Bridged networking: align outgoing packet at word boundary, preventing Windows host crash in MsLbfoProvider. Linux Additions: kernel drm driver support for custom EL7 Linux 3.10 kernel ==== wget ==== - Retry http GET when server responds with "416 Requested Range Not Satisfiable" but file is not complete. [boo#1058204, wget-416-but-file-not-complete.patch] ==== wine ==== Version update (2.15 -> 2.17) Subpackages: wine-32bit - Update to 2.17 development snapshot - Better support for grayscale mode in DirectWrite. - Per-application StartupWMClass in desktop files. - Virtual memory compatibility improvements. - Palette handling improvements in WindowsCodecs. - Reply messages improvements in WebServices. - Various bug fixes. - updated winetricks - Update to 2.16 development snapshot - Support for pasting metafiles in RichEdit. - Better support for grayscale PNG images. - Support for safety features in library loading. - Better handling of transforms in GdiPlus. - Rendering improvements in DirectWrite. - Various bug fixes. - updated winetricks ==== yast2-theme ==== Version update (3.3.0 -> 4.0.0) Subpackages: yast2-branding-openSUSE yast2-branding-openSUSE-Oxygen - fix packaging for SLE (bsc#1057838) - 4.0.0 ==== zypper ==== Version update (1.13.35 -> 1.13.36) Subpackages: zypper-aptitude zypper-log - Unify '(add|modify)(repo|service)' property related arguments. Fixed 'add' commands supporting to set only a subset of properties. Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) - version 1.13.36 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org