Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20171001 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: binutils (2.29 -> 2.29.1) gcc7 (7.2.1+r251579 -> 7.2.1+r253221) kmail krb5 (1.15.1 -> 1.15.2) libqt5-qtbase libsodium (1.0.12 -> 1.0.14) permissions (20170922 -> 20170928) === Details === ==== binutils ==== Version update (2.29 -> 2.29.1) Subpackages: binutils-devel - Update to 2.29.1 release, accumulating bugfixes. - Update binutils-2.29-branch.diff to @a38a1d80 and to be relative to the 2.29.1 release fixing PRs 22199, 22170 and 22163. ==== gcc7 ==== Version update (7.2.1+r251579 -> 7.2.1+r253221) Subpackages: cpp7 gcc7-c++ gcc7-fortran gcc7-info gcc7-locale gcc7-objc libasan4 libatomic1 libcilkrts5 libgcc_s1 libgcc_s1-32bit libgfortran4 libgomp1 libitm1 liblsan0 libmpx2 libmpxwrappers2 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc7 libtsan0 libubsan0 - Update to gcc-7-branch head (r253221). * Includes similar fix to gcc41-ppc32-retaddr.patch, disable the patch but keep the testcase. - Add support for zero-sized VLAs and allocas with - fstack-clash-protection. [bnc #1059075] Changes gcc7-stack-probe.diff. ==== kmail ==== Subpackages: kmail-application-icons ktnef - Recommend akonadi-search to make index-related functionality work out of the box (boo#1053540, boo#1013687) ==== krb5 ==== Version update (1.15.1 -> 1.15.2) Subpackages: krb5-32bit krb5-devel - Upgrade to 1.15.2 * Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368] * Preserve GSS contexts on init/accept failure [CVE-2017-11462] * Fix kadm5 setkey operation with LDAP KDB module * Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests * Fix client null dereference when KDC offers encrypted challenge without FAST * Ignore dotfiles when processing profile includedir directive * Improve documentation ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent-devel libQt5Concurrent5 libQt5Core-devel libQt5Core-private-headers-devel libQt5Core5 libQt5DBus-devel libQt5DBus5 libQt5Gui-devel libQt5Gui-private-headers-devel libQt5Gui5 libQt5Network-devel libQt5Network5 libQt5OpenGL-devel libQt5OpenGL5 libQt5PlatformHeaders-devel libQt5PrintSupport-devel libQt5PrintSupport5 libQt5Sql-devel libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-postgresql libQt5Sql5-sqlite libQt5Sql5-unixODBC libQt5Test-devel libQt5Test5 libQt5Widgets-devel libQt5Widgets5 libQt5Xml-devel libQt5Xml5 libqt5-qtbase-common-devel libqt5-qtbase-devel libqt5-qtbase-platformtheme-gtk3 - Update package descriptions and grouping. - Use find -exec's "+" strategy ==== libsodium ==== Version update (1.0.12 -> 1.0.14) - Update to version 1.0.14 * Internal consistency checks failing and primitives used with dangerous/out-of-bounds/invalid parameters used to call abort(3). Now, a custom handler that doesn't return can be set with the set_sodium_misuse() function. It still aborts by default or if the handler ever returns. This is not a replacement for non-fatal, expected runtime errors. This handler will be only called in unexpected situations due to potential bugs in the library or in language bindings. * *_MESSAGEBYTES_MAX macros (and the corresponding _messagebytes_max() symbols) have been added to represent the maximum message size that can be safely handled by a primitive. Language bindings are encouraged to check user inputs against these maximum lengths. * The test suite has been extended to cover more edge cases. * crypto_sign_ed25519_pk_to_curve25519() now rejects points that are not on the curve, or not in the main subgroup. * Further changes have been made to ensure that smart compilers will not optimize out code that we don't want to be optimized. * The sodium_runtime_has_* symbols for CPU features detection are now defined as weak symbols, i.e. they can be replaced with an application-defined implementation. This can be useful to disable AVX* when temperature/power consumption is a concern. * crypto_kx_*() now aborts if called with no non-NULL pointers to store keys to. * SSE2 implementations of crypto_verify_*() have been added. * Passwords can be hashed using a specific algorithm with the new crypto_pwhash_str_alg() function. * Due to popular demand, base64 encoding (sodium_bin2base64()) and decoding (sodium_base642bin()) have been implemented. * A new crypto_secretstream_*() API was added to safely encrypt files and multi-part messages. * The sodium_pad() and sodium_unpad() helper functions have been added in order to add & remove padding. * An AVX512 optimized implementation of Argon2 has been added. * The crypto_pwhash_str_needs_rehash() function was added to check if a password hash string matches the given parameters, or if it needs an update. Updates from 1.0.13 * An AVX2 optimized implementation of the Argon2 round function was added. * The Argon2id variant of Argon2 has been implemented. The high-level crypto_pwhash_str_verify() function automatically detects the algorithm and can verify both Argon2i and Argon2id hashed passwords. The default algorithm for newly hashed passwords remains Argon2i in this version to avoid breaking compatibility with verifiers running libsodium <= 1.0.12. * A crypto_box_curve25519xchacha20poly1305_seal*() function set was implemented. ==== permissions ==== Version update (20170922 -> 20170928) - Update to version 20170928: * Fix invalid syntax bsc#1048645 bsc#1060738 - Update to version 20170927: * fix typos in manpages -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org