Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20171005 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: atftp build (20170804 -> 20170918) dnsmasq iagno (3.22.0 -> 3.26.1) installation-images-Kubic krb5 libgphoto2 (2.5.14 -> 2.5.15) libkolabxml libqca2 (2.1.1 -> 2.1.3) libsamplerate mutt newt openvpn (2.4.2 -> 2.4.3) osc pesign-obs-integration python-certifi (2017.4.17 -> 2017.7.27.1) python-kiwi (9.11.2 -> 9.11.8) radvd snapper (0.5.1 -> 0.5.2) tftp === Details === ==== atftp ==== - Changed permissions of /srv/tftpboot to be readable [bsc#940608] ==== build ==== Version update (20170804 -> 20170918) Subpackages: build-mkbaselibs build-mkdrpms - Support getting the container tags from the Dockerfile - Put the disturl in the .buildenv file - Support rpm-buildroot-override buildflag - Support kvm builds on Debian - Support with/without/unless rich deps - Added obs-docker-support script for docker images - Initial SLE 15 config ==== dnsmasq ==== - Fix /srv/tftpboot permissions wrt bsc#940608 - reload system dbus to pick up policy change on install (bsc#1054429) ==== iagno ==== Version update (3.22.0 -> 3.26.1) - Update to version 3.26.1: + Some now-unused files removed. + Updated translations. - Drop %glib2_gsettings_schema_requires, %glib2_gsettings_schema_*, %desktop_database_* and %icon_theme_cache_* post/postun macros: functionality now covered by file triggers. ==== installation-images-Kubic ==== - Changed permissions of /srv/tftpboot to be readable (bsc#940608). ==== krb5 ==== Subpackages: krb5-32bit krb5-devel - Update package descriptions. ==== libgphoto2 ==== Version update (2.5.14 -> 2.5.15) Subpackages: libgphoto2-6 libgphoto2-devel - updated to 2.5.15 release - ptp2: * fuji: Fix cameras without new capture properties. * Canon EOS: config aspectratio, highisonr * Canon EOS: emit CAPTURECOMPLETE event * Canon EOS: whitebalanaceadjustment is 32bit signed, not 16bit signed * usb: better error feedback * fixed some bugs found by AFL fuzzing * Added USB ids: * Sony: A6500, HX400V * Nikon: D500, D7500 * Olympus: VR360 * Canon PowerShot: ELPH 350 HS * Canon EOS: 200D, Rebel T7i * Fuji: GFX 50 S * Ricoh Theta S, Theta SC - libgphoto2_port/vusb: * now default disabled as it confused people, enable with --enable-vusb - libgphoto2-fix-fuji.patch: upstreamed ==== libkolabxml ==== - Don't require gcc-java for the java bindings, since gcc-java will be removed ==== libqca2 ==== Version update (2.1.1 -> 2.1.3) - updated to version 2.1.3 * no changelog provided - update Url ==== libsamplerate ==== Subpackages: libsamplerate-devel libsamplerate0 - Rectify RPM groups. ==== mutt ==== Subpackages: mutt-doc mutt-lang - Add patch neomutt-c030a8b.patch from upstream commit to fix boo#1061343 ==== newt ==== - Rectify RPM groups. ==== openvpn ==== Version update (2.4.2 -> 2.4.3) - Do not package empty /usr/lib64/tmpfiles.d - Update to 2.4.3 (bsc#1045489) - Ignore auth-nocache for auth-user-pass if auth-token is pushed - crypto: Enable SHA256 fingerprint checking in --verify-hash - copyright: Update GPLv2 license texts - auth-token with auth-nocache fix broke --disable-crypto builds - OpenSSL: don't use direct access to the internal of X509 - OpenSSL: don't use direct access to the internal of EVP_PKEY - OpenSSL: don't use direct access to the internal of RSA - OpenSSL: don't use direct access to the internal of DSA - OpenSSL: force meth->name as non-const when we free() it - OpenSSL: don't use direct access to the internal of EVP_MD_CTX - OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX - OpenSSL: don't use direct access to the internal of HMAC_CTX - Fix NCP behaviour on TLS reconnect. - Remove erroneous limitation on max number of args for --plugin - Fix edge case with clients failing to set up cipher on empty PUSH_REPLY. - Fix potential 1-byte overread in TCP option parsing. - Fix remotely-triggerable ASSERT() on malformed IPv6 packet. - Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst) - refactor my_strupr - Fix 2 memory leaks in proxy authentication routine - Fix memory leak in add_option() for option 'connection' - Ensure option array p[] is always NULL-terminated - Fix a null-pointer dereference in establish_http_proxy_passthru() - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data - Fix an unaligned access on OpenBSD/sparc64 - Missing include for socket-flags TCP_NODELAY on OpenBSD - Make openvpn-plugin.h self-contained again. - Pass correct buffer size to GetModuleFileNameW() - Log the negotiated (NCP) cipher - Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c) - Skip tls-crypt unit tests if required crypto mode not supported - openssl: fix overflow check for long --tls-cipher option - Add a DSA test key/cert pair to sample-keys - Fix mbedtls fingerprint calculation - mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522) - mbedtls: require C-string compatible types for --x509-username-field - Fix remote-triggerable memory leaks (CVE-2017-7521) - Restrict --x509-alt-username extension types - Fix potential double-free in --x509-alt-username (CVE-2017-7521) - Fix gateway detection with OpenBSD routing domains ==== osc ==== - add Recommends: ca-certificates to enable TLS verification without manually installint them. [bnc#1061500] ==== pesign-obs-integration ==== - Michael Schr�der improved the original kernel-sign-file script to support PKCS#7 kernel module signing. Replacing sign-file.c with new kernel-sign-file script. (bsc#1049122) ==== python-certifi ==== Version update (2017.4.17 -> 2017.7.27.1) Subpackages: python2-certifi python3-certifi - updated patch - update to version 2017.7.27.1: * Use a more expressive API for getting the dir a path is in * set zip_safe=False to help out setuptools (#63) * Change license from ISC to MPL-2.0 in setup.py * Add trove classifiers for missing supported Python versions * Rename [wheel] section to [bdist_wheel] as the former is legacy ==== python-kiwi ==== Version update (9.11.2 -> 9.11.8) Subpackages: kiwi-pxeboot kiwi-tools - Bump version: 9.11.7 ? 9.11.8 - Changed permissions of /srv/tftpboot to be readable (bsc#940608) - Bump version: 9.11.6 ? 9.11.7 - Also handle multiple error conditions - Allow to ignore certain isohybrid warnings kiwi treates warning from isohybrid as fatal errors becuase in most cases they are fatal. However some of them are kind of historical and should be ignored like the one described here: http://www.syslinux.org/archives/2015-March/023306.html - Bump version: 9.11.5 ? 9.11.6 - Make sure xz options are used with pxe tarball The tar command used in the pxe builder did not utilize threading and/or the xz options provided by an optional kiwi config file. This Fixes #507 - Move depmod into baseUpdateModuleDependencies Kernel module dependencies should be resolved after kiwi has called all the stripping functions and not as part of the baseCreateCommonKernelFile which runs before. This Fixes #508 - Fixed order of volume mount list re-order mount_list by mountpoint hierarchy. This is needed because the handling of the fullsize volume and all other volumes is outside of the canonical order. If the fullsize volume forms a nested structure together with another volume the volume mount list must be re-ordered to avoid mounting the volumes in the wrong order - Update issue template - Bump version: 9.11.4 ? 9.11.5 - Rebuild schema documentation - Show results in a dialog - Improve display of runMediaCheck results The splash screen should be switched off in order to let the user see the mediacheck results as well as a delay timeout before the boot continues or stops is useful - Call plymouth default theme setup in build command Make sure plymouth-set-default-theme is called as part of the system build command and not only as part of the system prepare command - Fixed package requires for dracut-kiwi-live On Fedora/RHEL cdrkit is only a source package building other packages. The package dracut-kiwi-live really needs is genisoimage - Fix trailing pipe character in .packages file In addition make sure the field layout is consistent across the .packages files no matter which package manager was used to create the information. This Fixes #501 - Bump version: 9.11.3 ? 9.11.4 - Update documentation Link to the obs overview page to show build test results - Added Fedora integration test build to obs status - Limit the characters set for volid attribute This commit fixes #493 - Revert "Fixed package requires" This reverts commit a8d50a593911725965e09b0e8c2f3b9bc742202b. - Fixed package requires On Fedora xattr is provided by python[3]-pyxattr - kiwi-boot-requires only required for suse(obs) - Update project intro page - Update project intro layout - Update project intro page - Bump version: 9.11.2 ? 9.11.3 - Added disk format="vhdx" support Support dynamic VHDX (gen2) image format for Hyper-V. This Fixes #490 - Added additional required attr schematron rule The new rule allows to check for required attributes for a specific image type and is used for the filesystem attribute which is required for the image type oem, vmx and pxe. This Fixes #476 ==== radvd ==== - Clear assumptions from description. ==== snapper ==== Version update (0.5.1 -> 0.5.2) Subpackages: libsnapper4 snapper-zypp-plugin - fix compilation with boost 1.65.0 (gh#openSUSE/snapper#354) (bsc#1061262) - version 0.5.2 ==== tftp ==== - Changed permissions of /srv/tftpboot to be readable [bsc#940608] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org