Mailinglist Archive: opensuse-factory (421 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20170925 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
NetworkManager-applet (1.8.2 -> 1.8.4)
NetworkManager-openvpn (1.2.10 -> 1.8.0)
emacs (25.2 -> 25.3)
file (5.31 -> 5.32)
gnome-tweak-tool (3.26.0 -> 3.26.1)
gnutls (3.5.15 -> 3.6.0)
gstreamer (1.12.2 -> 1.12.3)
gstreamer-plugins-bad (1.12.2 -> 1.12.3)
gstreamer-plugins-base (1.12.2 -> 1.12.3)
gstreamer-plugins-good (1.12.2 -> 1.12.3)
gstreamer-plugins-ugly (1.12.2 -> 1.12.3)
gstreamer-rtsp-server (1.12.2 -> 1.12.3)
gstreamer-transcoder (1.12.0 -> 1.12.1)
gstreamer-validate (1.12.2 -> 1.12.3)
libzypp (16.17.0 -> 16.17.1)
lightdm (1.22.0 -> 1.24.0)
lightdm-gtk-greeter (2.0.2 -> 2.0.3)
mozilla-nspr (4.15 -> 4.16)
mozilla-nss (3.31.1 -> 3.32.1)
multipath-tools (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439)
mysql-connector-cpp (1.1.8 -> 1.1.9)
obs-service-source_validator (0.6+git20170830.0775ae8 ->
pciutils-ids (20170710 -> 20170917)
perl-IO-Socket-SSL (2.025 -> 2.051)
perl-List-MoreUtils (0.419 -> 0.425)
perl-libwww-perl (6.26 -> 6.27)
permissions (20170913 -> 20170922)
python-M2Crypto (0.26.0 -> 0.26.3)
python-gst (1.12.2 -> 1.12.3)
python-pyasn1 (0.3.5 -> 0.3.6)
samba (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d)
shared-mime-info (1.8 -> 1.9)
squid (3.5.26 -> 3.5.27)
tbb (2017_20170412 -> 2018_20170726)
virtualbox (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1)
wine (2.15 -> 2.17)
yast2-theme (3.3.0 -> 4.0.0)
zypper (1.13.35 -> 1.13.36)

=== Details ===

==== NetworkManager-applet ====
Version update (1.8.2 -> 1.8.4)
Subpackages: NetworkManager-connection-editor libnm-gtk0 libnma0 nma-data

- Update to version 1.8.4:
+ nm-c-e:
- Major rework of the nm-connection-editor UI.
- Add support for MACsec.
- Add support for new PPPoE connections not limited to
- Add support for bridge's group-forward-mask property.
+ applet:
- Fix nm-applet's status icon when a VPN has the default route.
- Always center dialogs on the screen.
+ libnma: Fix handling empty password for certificate chooser.
+ Various bugfixes and minor improvements.
+ Updated translations.
- Only BuildRequire pkgconfig(dbusmenu-gtk3-0.4) when building
with appindicator support.

==== NetworkManager-openvpn ====
Version update (1.2.10 -> 1.8.0)
Subpackages: NetworkManager-openvpn-gnome

- Update to version 1.8.0:
+ Use gresources for ui files.
+ Use NMACertChooser for PKCS#11 support.
+ Support --ifconfig option not only for static key connections
+ Fix import for key-direction to make it independent of the
order (bgo#778154).
+ Extend support for address family specifier for remote protocol
+ Updated translations.
- Drop
Fixed upstream.
- Drop obsolete post(un) handling of icon_theme_cache_post(un), no
longer needed, there is no icon files anymore.
- Run spec-cleaner, modernize spec.

==== PackageKit ====
Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin
PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18

- No longer BuildRequires libqt4-devel, this part is in a separate
project since version 0.8.6.

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser
apparmor-profiles apparmor-utils pam_apparmor pam_apparmor-32bit perl-apparmor

- add apparmor-fix-podsyntax.patch from mailing list to fix
compilation with perl 5.26

==== cups ====
Subpackages: cups-client cups-devel cups-libs cups-libs-32bit

- Pre-require user(lp) in cups-libs

==== emacs ====
Version update (25.2 -> 25.3)
Subpackages: emacs-info emacs-nox emacs-x11 etags

- Update to emacs version 25.2 a security release
* * Security vulnerability related to Enriched Text mode is removed.
- Modified patches
* emacs-24.4-ps-bdf.patch
* emacs-25.2-ImageMagick7.patch
* emacs-25.2-bsc1058425.patch now partly upstream
- Rename emacs-25.2.dif to emacs-25.3.dif

==== file ====
Version update (5.31 -> 5.32)
Subpackages: file-devel file-magic libmagic1 libmagic1-32bit

- Update to file version 5.32
* Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski)
* Fix always true condition (Thomas Jarosch)
* pickier parsing of numeric values in magic files.
* PR/615 add magic_getflags()
- This release fix the bug bsc#1056838 for CVE-2017-1000249
- Remove patch file-5.31-fix-tga.dif as now upstream
- Rename patch file-5.31.dif which now becomes file-5.32.dif
- Modify the patches
* file-5.16-ocloexec.patch
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif

==== gnome-session ====
Subpackages: gnome-session-core gnome-session-default-session gnome-session-lang

- Re-add
gnome-session-logging-to-systemd-journal-configurable.patch (not
yet upstream [bsc#979498], [bgo#768982]).
- Revert "Enable SLE-Classic for wayland": the SLE-Classic session
requires gnome-shell-extensions, which is the reason why the
X-Session is shipped as part of that package. The wayland session
should also be there.
- Register GNOME with u-a handler for default.desktop
implementation, which obsoletes the change in
/etc/sysconfig/windowmanager to pick the 'default window manager'

==== gnome-shell ====
Subpackages: gnome-shell-browser-plugin gnome-shell-calendar gnome-shell-lang

- Add gnome-shell-only-listen-window-created-events-once.patch:
gtk-embed: ensure we only listen for window-created events once

==== gnome-tweak-tool ====
Version update (3.26.0 -> 3.26.1)
Subpackages: gnome-tweak-tool-lang

- Update to version 3.26.1:
+ New bugfix release:
- Fix enabling and disabling GNOME Shell extensions.
- Fix Workspace tweaks in GNOME Shell and "modes".
- Hide Workspaces panel if GNOME Shell isn't running.
- Add "Activities Overview Hot Corner" tweak. This is disabled
by default because it requires a patch from bgo#688320 that
hasn't been committed yet.
+ Updated translations.

==== gnutls ====
Version update (3.5.15 -> 3.6.0)
Subpackages: libgnutls-dane0 libgnutls-devel libgnutls30 libgnutls30-32bit

- Disable flaky dtls_resume test on Power
* add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- GnuTLS 3.6.0:
* Introduce a lock-free random generator which operates per-
thread and eliminates random-generator related bottlenecks in
multi-threaded operation.
* Replace the Salsa20 random generator with one based on CHACHA.
The goal is to reduce code needed in cache (CHACHA is also
used for TLS), and the number of primitives used by the
library. That does not affect the AES-DRBG random generator
used in FIPS140-2 mode.
* Add support for RSA-PSS key type as well as signatures in
certificates, and TLS key exchange
* Add support for Ed25519 signing in certificates and TLS key
exchange following draft-ietf-tls-rfc4492bis-17
* Enable X25519 key exchange by default, following
* Add support for Diffie-Hellman group negotiation following
* Introduce various sanity checks on certificate import
* Introduce gnutls_x509_crt_set_flags(). This function can set
flags in the crt structure. The only flag supported at the
moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the
certificate sanity checks on import.
* PKIX certificates with unknown critical extensions are rejected
on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS
* Refuse to generate a certificate with an illegal version, or an
illegal serial number. That is, gnutls_x509_crt_set_version()
and gnutls_x509_crt_set_serial(), will fail on input considered
to be invalid in RFC5280.
* Call to gnutls_record_send() and gnutls_record_recv() prior to
handshake being complete are now refused
* Add support for PKCS#12 files with no salt (zero length) in
their password encoding, and PKCS#12 files using SHA384 and
SHA512 as MAC.
* libgnutls: Exported functions to encode and decode DSA and ECDSA
r,s values.
* Add new callback setting function to gnutls_privkey_t for
external keys. The new function (gnutls_privkey_import_ext4),
allows signing in addition to previous algorithms (RSA PKCS#1
1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys.
* Introduce the %VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These
allows enabling all broken and SHA1-based signature algorithms
in certificate verification, respectively.
* 3DES-CBC is no longer included in the default priorities list.
It has to be explicitly enabled, e.g., with a string like
* SHA1 was marked as insecure for signing certificates.
Verification of certificates signed with SHA1 is now considered
insecure and will fail, unless flags intended to enable broken
algorithms are set. Other uses of SHA1 are still allowed.
* RIPEMD160 was marked as insecure for certificate signatures.
Verification of certificates signed with RIPEMD160 hash
algorithm is now considered insecure and will fail, unless
flags intended to enable broken algorithms are set.
* No longer enable SECP192R1 and SECP224R1 by default on TLS
handshakes. These curves were rarely used for that purpose,
provide no advantage over x25519 and were deprecated by TLS 1.3.
* Remove support for DEFLATE, or any other compression method.
* OpenPGP authentication was removed; the resulting library is ABI
compatible, with the openpgp related functions being stubs that
fail on invocation.
Drop gnutls-broken-openpgp-tests.patch, no longer required.
* Remove support for libidn (i.e., IDNA2003); gnutls can now be
compiled only with libidn2 which provides IDNA2008.
* certtool: The option '--load-ca-certificate' can now accept
PKCS#11 URLs in addition to files.
* certtool: The option '--load-crl' can now be used when
generating PKCS#12 files (i.e., in conjunction with '--to-p12' option).
* certtool: Keys with provable RSA and DSA parameters are now
only read and exported from PKCS#8 form, following
This removes support for the previous a non-standard key format.
* certtool: Added support for generating, printing and handling
RSA-PSS and Ed25519 keys and certificates.
* certtool: the parameters --rsa, --dsa and --ecdsa to
- -generate-privkey are now deprecated, replaced by the
- -key-type option.
* p11tool: The --generate-rsa, --generate-ecc and --generate-dsa
options were replaced by the --generate-privkey option.
* psktool: Generate 256-bit keys by default.
* gnutls-server: Increase request buffer size to 16kb, and added
the --alpn and --alpn-fatal options, allowing testing of ALPN
* Enables FIPS 140-2 mode during build

==== gstreamer ====
Version update (1.12.2 -> 1.12.3)
Subpackages: gstreamer-devel gstreamer-utils libgstreamer-1_0-0
libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0

- Update to version 1.12.3:
+ Fix for infinite recursion on buffer free in v4l2.
+ Fix for glimagesink crash on macOS when used via autovideosink.
+ Fix for huge overhead in matroskamux caused by writing one
Cluster per audio-frame in audio-only streams. Also use
SimpleBlocks for Opus and other audio codecs, which works
around a bug in VLC that prevented Opus streams to be played
and decreases overhead even more.
+ Fix for flushing seeks in rtpmsrc always causing an error.
+ Fix for timestamp overflows in calculations in audio encoder
base class.
+ Fix for RTP h265 depayloader marking P-frames as I-frames.
+ Fix for long connection delays of clients in RTSP server.
+ Fixes for event handling in queue and queue2 elements, and
updates to buffering levels on NOT_LINKED streams.
+ Various fixes to event and buffering handling in
+ Various fixes for memory leaks, deadlocks and crashes in all
+ Bugs fixed: bgo#778193, bgo#786034, bgo#786056, bgo#786561.

==== gstreamer-plugins-bad ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0
libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0
libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0
libgsturidownloader-1_0-0 libgstwayland-1_0-0

- Update to version 1.12.3:
+ Bugs fixed: bgo#767462, bgo#782379, bgo#784887, bgo#785119,
bgo#785941, bgo#785957, bgo#785987, bgo#786036, bgo#786201,
bgo#786250, bgo#787234, bgo#787309, bgo#787442, bgo#787727.
- Replace pkgconfig(libopenjpeg1) with pkgconfig(libopenjp2)
BuildRequires: Build against the new branch of libopenjpeg.

==== gstreamer-plugins-base ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0
libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0
libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0
libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit
typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0

- Update to version 1.12.3:
+ Bugs fixed: bgo#785011, bgo#771088, bgo#777735, bgo#785065,
bgo#785331, bgo#785341, bgo#785799, bgo#785948, bgo#785951,

==== gstreamer-plugins-good ====
Version update (1.12.2 -> 1.12.3)
Subpackages: gstreamer-plugins-good-extra

- Update to version 1.12.3:
+ Bugs fixed: bgo#759292, bgo#781458, bgo#783086, bgo#784250,
bgo#784971, bgo#785429, bgo#785435, bgo#785990, bgo#785991,
bgo#786268, bgo#786670, bgo#786718, bgo#787160, bgo#787254,

==== gstreamer-plugins-ugly ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
+ Bugs fixed: bgo#784982, bgo#785388, bgo#787398.
- Drop gst-ugly-fix-caps-and-memory-leaks.patch: Fixed upstream.

==== gstreamer-rtsp-server ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
+ Bugs fixed: bgo#784094, bgo#786457.

==== gstreamer-transcoder ====
Version update (1.12.0 -> 1.12.1)
Subpackages: libgsttranscoder-1_0-0 typelib-1_0-GstTranscoder-1_0

- Update to version 1.12.1:
+ No changelog provided, please check upstream git log.

==== gstreamer-validate ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libgstvalidate-1_0-0 typelib-1_0-GstValidate-1_0

- Update to version 1.12.3:
+ launcher: Automatically disable output coloration if not
+ meson: Fix the way we set the testsuite version.
+ validate:launcher: Use the number of failed test as exit code.

==== libffi ====
Subpackages: libffi-devel libffi7 libffi7-32bit

- aarch64-struct-by-value.patch: fix passing struct by value on aarch64

==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network
libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface
libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage
libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical
libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd
libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml
libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu
libvirt-daemon-xen libvirt-libs

- apparmor: add temporary profile fixes to allow starting domains

==== libzypp ====
Version update (16.17.0 -> 16.17.1)

- Default to 'solver.dupAllowVendorChange = false' on SLE15
- Remove unused legacy notify-message script (bsc#1058783)
- version 16.17.1 (0)

==== lightdm ====
Version update (1.22.0 -> 1.24.0)
Subpackages: liblightdm-gobject-1-0 lightdm-lang

- Update to version 1.24.0:
* No changes.

==== lightdm-gtk-greeter ====
Version update (2.0.2 -> 2.0.3)
Subpackages: lightdm-gtk-greeter-lang

- Update to version 2.0.3:
* gnome-common is no longer required or used.
* Build errors with gcc-7 have been resolved.
* Fix enabling Orca screen reader freezes the greeter (lp#1483864).
* Scale user image to fit instead of expanding the greeter window
* Replace usage of deprecated GNOME macros (lp#1599486, deb#829931).
* Disable Alt+F4 shutdown accelerator if power indicator is not
present (lp#1690129).
* Pre-fill logged in username when locked and hide-users is
enabled (lp#1701577).
* Reset xsession to default if selected user is not found
* Fix missing break in switch.
* Fix deference after null check.
* Update translations.

==== mariadb ====
Subpackages: libmysqlclient-devel libmysqlclient18 libmysqlclient_r18
libmysqld18 mariadb-client mariadb-errormessages

- Explicitly require libopenssl-1_0_0-devel, to successfully build
once we switch openssl to 1.1 (bsc#1042632)

==== mozilla-nspr ====
Version update (4.15 -> 4.16)

- update to version 4.16
* contains various correctness fixes
for details

==== mozilla-nss ====
Version update (3.31.1 -> 3.32.1)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.32.1
* no upstream changelog/releasenote provided

==== multipath-tools ====
Version update (0.7.2+44+suse.3a8d750c -> 0.7.3+10+suse.70ccb55b0439)
Subpackages: kpartx

- Update to version 0.7.3+10+suse.70ccb55b0439:
- Rebase to upstream release 0.7.3
* libmultipath: add pthread_cleanup hook for udev monitor
* libmultipath: pull functions into util.c
* libmultipath: change reservation_key to a be64
* libmpathpersist: fix update_prflag code
* multipath: add alternate reservation_key method
* mpathpersist: add support for prkeys file
* multipath-tools: minor edition and corrections in multipath.conf.5
* multipath-tools: fix incorrect length for strncmp in uevent.c
* multipath-tools: clarify how to dump the multipathd config
* multipath-tools: replace "setting: array" with "setting: storage device" at
multipath output
* libmultipath: sanitize fd handling
* multipath-tools: link internal libraries before foreigns
* multipath-tools: remove Sun StorEdge T4(6020,6120,6320) arrays from hwtable
* multipath-tools: add support for all arrays from Sun StorEdge 3000 family
* multipath-tools: add Xiotech iglu blaze arrays to hwtable
* multipath-tools: add Dot Hill/Seagate arrays to hwtable
* libmultipath: update INFINIDAT builtin config
* multipath-tools: add info about adding new hardware
* multipath-tools: Remove the limitation of IPC command reply length.
* multipath-tools: libdmmp: Improve timeout mechanism
* multipath-tools: libdmmp: New function to flush and reconfig
* Bump version to 0.7.3
- minor fixes for upstream 0.7.3
* libmultipath: ensure checker->fd == -1 if not set
* libmpathpersist: add support for prkeys file v3
* multipath: add man page info for my prkey changes
- Patch series for NVMe discovery and failover (bsc#1038865)
* discovery: sanitize NVMe discovery
* libmultipath/discovery: modify NVMe path states
* Add 'none' checker
* hwtable: set 'none' as default checker for NVMe
- Update to version 0.7.2+49+suse.993a29b1188d:
* Revert "11-dm-mpath.rules: Remember DM_ACTIVATION" (boo#1059227)
* Revert "11-dm-mpath.rules: don't set READY->ACTIVATION"
* multipath: delegate using libmpathcmd (bsc#1047639)
- split off rados support into separate multipath-tools-rbd package.
This avoids pulling in the whole rados/ibverbs/rdma stack with
multipath-tools. (bsc#1058504).
- multipath-tools-rbd is Recommended but not Required by multipath-tools.

==== mysql-connector-cpp ====
Version update (1.1.8 -> 1.1.9)

- Update to version 1.1.9:
* release notes:
- Remove installing of ANNOUNCEMENT and CHANGES files that are no
longer present
- Add "Requires: libboost_headers-devel" for libmysqlcppconn-devel
subpackage ("Requires: boost-devel" for the older distros that
don't have libboost_headers-devel available yet) [bsc#838038]

==== obs-service-source_validator ====
Version update (0.6+git20170830.0775ae8 -> 0.6+git20170922.230bbc4)

- Update to version 0.6+git20170922.230bbc4:
* deal with nil, flavor defines in output_versions
* defining flavor in last change was not needed, remove
* 45-stale-changes: use spec_query instead of output_versions
using the specfile parser from the build package

==== openjpeg ====

- Convert to pkgconfig
- Remove fedora conditionals as nothing in opensuse
actually builds against it
- Add patch to fix ffast-math issue bsc#1029609 bsc#1059440:
* openjpeg-fast-math.patch

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client

- added 0012-ITS8051-sockdnpat.patch

==== patterns-devel-base ====
Subpackages: patterns-devel-base-devel_basis patterns-devel-base-devel_kernel
patterns-devel-base-devel_rpm_build patterns-devel-base-devel_web

- Swap web pattern from php5 to php7

==== pciutils-ids ====
Version update (20170710 -> 20170917)

- Rectify package summary.
- Update to 20170917

==== perl-IO-Socket-SSL ====
Version update (2.025 -> 2.051)

- update to 2.051
- syswrite: if SSL_write sets SSL_ERROR_SYSCALL but no $! (as seen with
OpenSSL 1.1.0 on Windows) set $! to EPIPE to propagate a useful error up
- removed unecessary settings of SSL_version and SSL_cipher_list from tests
- protocol_version.t can now deal when TLS 1.0 and/or TLS 1.1 are not
as is the case with openssl versions in latest Debian (buster)
- fixed problem caused by typo in the context of session cache
- update PublicSuffix information from
- fixed small memory leaks during destruction of socket and context, RT#120643
- better fix for problem which 2.046 tried to fix but broke LWP this way
- cleanup everything in DESTROY and make sure to start with a fresh %{*self}
in configure_SSL because it can happen that a GLOB gets used again without
calling DESTROY (
- fixed memory leak caused by not destroying CREATED_IN_THIS_THREAD for SSL
objects -> github pull#55
- optimization: don't track SSL objects and CTX in *CREATED_IN_THIS_THREAD
if perl is compiled w/o thread support
- small fix in t/protocol_version.t to use older versions of Net::SSLeay
with openssl build w/o SSLv3 support
- when setting SSL_keepSocketOnError to true the socket will not be closed
on fatal error. This is a modified version of
- protect various 'eval'-based capability detections at startup with a
__DIE__ handler. This way dynamically requiring IO::Socket::SSL as done by
various third party software should cause less problems even if there is a
global __DIE__ handler which does not properly deal with 'eval'.
- make t/session_ticket.t work with OpenSSL 1.1.0. With this version the
session does not get reused any longer if it was not properly closed which
is now done using an explicit close by the client which causes a
proper SSL_shutdown
- enable session ticket callback with Net::SSLeay>=1.80
- leave session ticket callback off for now until the needed patch is
included in Net::SSLeay. See
- fix detection of default CA path for OpenSSL 1.1.x
- Utils::CERT_asHash now includes the signature algorithm used
- Utils::CERT_asHash can now deal with large serial numbers
- OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on
EOF without proper SSL shutdown. Since it looks like that this behavior will
be kept at least for 1.1.1+ adapt to the changed API by treating errno=NOERR
- restrict session ticket callback to Net::SSLeay 1.79+ since version before
contains bug. Add test for session reuse
- extend SSL fingerprint to pubkey digest, i.e. 'sha1$pub$xxxxxx....'
- fix t/external/ocsp.t to use different server (under my control) to check
OCSP stapling
- fix session cache del_session: it freed the session but did not properly
remove it from the cache. Further reuse causes crash.
- disable OCSP support when Net::SSLeay 1.75..1.77 is used, see RT#116795
- move handling of global SSL arguments into creation of context, so that
get also applied when creating a context only.
- support for session ticket reuse over multiple contexts and processes
(if supported by Net::SSLeay)
- small optimizations, like saving various Net::SSLeay constants into
and access variables instead of calling the constant sub all the time
- make t/dhe.t work with openssl 1.1.0
- Set session id context only on the server side. Even if the documentation
SSL_CTX_set_session_id_context makes clear that this function is server side
only it actually affects hndling of session reuse on the client side too and
can result in error "SSL3_GET_SERVER_HELLO:attempt to reuse session in
different context" at the client.
- Utils::CERT_create - don't add given extensions again if they were already
added. Firefox croaks with sec_error_extension_value_invalid if (specific?)
extensions are given twice.
- assume that Net::SSLeay::P_PKCS12_load_file will return the CA certificates
with the reverse order as in the PKCS12 file, because that's what it does.
- support for creating ECC keys in Utils once supported by Net::SSLeay
- remove internal sub session_cache and access cache directly (faster)
- fix del_session method in case a single item was in the cache
- use SSL_session_key as the real key for the cache and not some derivate of
so that it works to remove the entry using the same key
- add del_session method to session cache
- only added Changes for 2.026
- update default server and client ciphers based on recommendation of
Mozilla and what the current browsers use. Notably this finally disables
RC4 for the client (was disabled for server long ago) and adds CHACHA20.
- drop perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch

==== perl-List-MoreUtils ====
Version update (0.419 -> 0.425)

- updated to 0.425
see /usr/share/doc/packages/perl-List-MoreUtils/Changes
0.425 2017-09-06
- release 0.424_001 as 0.425 with XS is META.* after 136:0 PASS:FAIL
on CPAN Tester Matrix
0.424_001 2017-09-05
- Makefile.PL: modify PREREQ_PM instead of recommend dynamically
0.423 2017-08-22
- sync version with List::MoreUtils::XS
- add examples for binsert/bremove (LMU::XS issue #1, Thanks to shawnlaffan)
- update tests to latest List::MoreUtils::XS
- recommend List::MoreUtils::XS 0.423
0.420_001 2017-08-15
- add some new functions:
* qsort (XS only)
* binsert
* bremove
* listcmp
* arrayify (RT#17230)
* samples (RT#77562)
* minmaxstr (RT#106401)
* lower_bound
* upper_bound
* equal_range
* frequencies
* occurrences
* mode (RT#91991)
* zip6 (RT#42921)
* reduce_0
* reduce_1
* reduce_u
- improve tests
- make List::MoreUtils::XS independent from List::MoreUtils
Note that List::MoreUtils::XS doesn't guarantee API stability - this
feature is only provided through List::MoreUtils as frontend.
- improve Makefile.PL regarding some build artifacts

==== perl-libwww-perl ====
Version update (6.26 -> 6.27)

- updated to 6.27
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.27 2017-09-21
- Switch to Getopt::Long in lwp-download (GH #262)
- Fix lwp-request -C (GH #261)
- Hide LWP::Protocol::http::Socket, LWP::Protocol::http::SocketMethods and
LWP::Debug::TraceHTTP::Socket from PAUSE
- Add tests for the "get" & "head" functions (GH #252)
- Update lwpcook.pod (GH #256)
- Handle undefined values in ->credentials (GH #157)
- Fix lwp-mirror options checks.
- Update bin/ scripts to use $LWP::VERSION instead of ->Version()
- Improve lwp-download --help (GH #262)

==== permissions ====
Version update (20170913 -> 20170922)

- Update to version 20170922:
* Allow setuid root for singularity (group only) bsc#1028304

==== python-M2Crypto ====
Version update (0.26.0 -> 0.26.3)

- Update to 0.26.3 with fix for a syntax error
- Update to 0.26.2
* compatibility with OpenSSL 1.1.0

==== python-chardet ====
Subpackages: python2-chardet python3-chardet

- add update-alternatives post-requires

==== python-gst ====
Version update (1.12.2 -> 1.12.3)

- Update to version 1.12.3:
+ plugin: Always initialize GIL state.
+ Add support for Gst.Bitmask.
+ tests: Stop using deprecated assertion methods.
+ tests: Move all Fundamental types tests in a file.
+ structure: Add a .keys() method and implement __str__.
+ Return a Gst.*Range instead of a python range converting from
GValue to python.
+ structures: Override __new__ to make it more pythonic.
+ overrides: Remove IntRange And Int64Range on Python2.

==== python-pyasn1 ====
Version update (0.3.5 -> 0.3.6)
Subpackages: python2-pyasn1 python3-pyasn1

- updated to upstream release 0.3.6
* End-of-octets encoding optimized at ASN.1 encoders
* The __getitem__/__setitem__ behavior of Set/Sequence and
SetOf/SequenceOf objects aligned with the canonical Mapping
and Sequence protocols in part
* Fixed crash in ASN.1 encoder when encoding an explicitly tagged
component of a Sequence

==== qemu ====
Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster
qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm
qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools
qemu-vgabios qemu-x86

- For SLE15 pre-release testing, add support for the EPYC processor.
This will be officially supported once it is included in the v2.11
release. (bsc#1052825)
- Fix some support statements in our SLE support documents.

==== qemu-linux-user ====

- Patch queue updated from git:// opensuse-2.10
* Patches added:

==== samba ====
Version update (4.6.7+git.38.90b2cdb4f22 -> 4.6.7+git.49.562d44faa9d)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0
libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0
libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit
libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit
libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0
libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit
libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit
libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0
libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0
libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs
samba-libs-32bit samba-winbind samba-winbind-32bit

- CVE-2017-12163: Prevent client short SMB1 write from
writing server memory to file; (bso#13020); (bsc#1058624).
- CVE-2017-12150: Some code path don't enforce smb signing,
when they should; (bso#12997); (bsc#1058622).
- CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects; (bso#12996); (bsc#1058565).

==== shared-mime-info ====
Version update (1.8 -> 1.9)

- Update to version 1.9:
+ Add x-systemd-unit and x-dbus-service MIME types.
+ Fix magic for application/x-java-keystore on little endian.
+ Add mime-type for STL 3D models and GCODE.
+ Add application/x-executable as a supertype of
+ Add shebang magic for gjs JavaScript files.
+ Add a mimetype for Khronos texture files.
+ Add a mime-type for Famicom Disk System images.
+ Add "font" top level type, and use IANA registered type for
+ Add OpenCL mime-type.
+ Add text/x-python3 content type.
+ Add mime type.
+ Add application/x-atari-lynx-rom.
+ Add application/x-wonderswan-rom.
+ Add application/x-virtual-boy-rom.
+ Better JPEG 2000 MIME type support.
+ Add support for GIMP data files (.gbr, .gih, .pat).
+ Add an alias for Adobe Illustrator formats.
+ Add *.mjs glob for Javascript.
+ Rename application/x-trig to application/trig.
+ Rename Panasonic RAW image mime-types to image/x-panasonic-rw*.
+ Change the preferred suffix for image/x-tga from icb to tga.
+ Correct "PostScript" capitalisation.
+ Add mimetype for AppImage Type 2.
+ Remove AppImage glob with different casing.

==== squid ====
Version update (3.5.26 -> 3.5.27)

- Add missing build dependency on libnsl-devel for Factory.
libnsl was split from glibc
- Update Squid to 3.5.27
* bug fix release - for complete list of changes see

==== swig ====

- add swig-perl526.patch from upstream to work with perl 5.26

==== tbb ====
Version update (2017_20170412 -> 2018_20170726)

- Update to version 2018 release
* Now fully supports this_task_arena::isolate() function.
* Parallel STL, an implementation of the C++ standard library
algorithms with support for execution policies, has been
* Fixed a bug preventing use of streaming_node and opencl_node
with Clang.
* Fixed this_task_arena::isolate() function to work correctly
with parallel_invoke and parallel_do algorithms.
* Fixed a memory leak in composite_node.
* Fixed an assertion failure in debug tbbmalloc binaries when

==== virtualbox ====
Version update (5.1.26_k4.13.3_1 -> 5.1.28_k4.13.3_1)
Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools

- Add file "fixes_for_4.14.patch" to handle API change in kernel 4.14.
Remove file "vbox_fix_42.3_api.patch" as that fix is included in upstream
- Version bump to 5.1.28 (released 2017-09-13 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
Audio: fixed accidental crashes when using the AC'97 sound emulation (bug
Audio: fixed crash when default input or output devices have changed (bugs
#16968, #16969, #17004)
Audio: fixed recording when using the ALSA backend
Audio: fixed handle leak when using the OSS backend
E1000: fixed a crash related to VLAN traffic over internal network (5.1.26
regression; bug #16960)
NAT: apply --natbindip1 to TCP connections (bug #16478)
OVF: when importing an appliance with XHCI controller, don't add an OHCI
Linux hosts: fixed creating fixed sized VDI images (bug #17010)
Linux hosts / guests: fixes for Linux 4.4 of openSUSE Leap 42.3 (bug #16966)
Bridged networking: align outgoing packet at word boundary, preventing
Windows host crash in MsLbfoProvider.
Linux Additions: kernel drm driver support for custom EL7 Linux 3.10 kernel

==== wget ====

- Retry http GET when server responds with "416 Requested Range
Not Satisfiable" but file is not complete.
[boo#1058204, wget-416-but-file-not-complete.patch]

==== wine ====
Version update (2.15 -> 2.17)
Subpackages: wine-32bit

- Update to 2.17 development snapshot
- Better support for grayscale mode in DirectWrite.
- Per-application StartupWMClass in desktop files.
- Virtual memory compatibility improvements.
- Palette handling improvements in WindowsCodecs.
- Reply messages improvements in WebServices.
- Various bug fixes.
- updated winetricks
- Update to 2.16 development snapshot
- Support for pasting metafiles in RichEdit.
- Better support for grayscale PNG images.
- Support for safety features in library loading.
- Better handling of transforms in GdiPlus.
- Rendering improvements in DirectWrite.
- Various bug fixes.
- updated winetricks

==== yast2-theme ====
Version update (3.3.0 -> 4.0.0)
Subpackages: yast2-branding-openSUSE yast2-branding-openSUSE-Oxygen

- fix packaging for SLE (bsc#1057838)
- 4.0.0

==== zypper ====
Version update (1.13.35 -> 1.13.36)
Subpackages: zypper-aptitude zypper-log

- Unify '(add|modify)(repo|service)' property related arguments.
Fixed 'add' commands supporting to set only a subset of properties.
Introduced '-f/-F' as preferred short option for --[no-]refresh
in all four commands. (bsc#661410, bsc#1053671)
- version 1.13.36

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages