Mailinglist Archive: opensuse-factory (1193 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180215 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
ffmpeg (3.4.1 -> 3.4.2)
gnome-software (3.26.5 -> 3.26.6)
ilmbase (2.2.0 -> 2.2.1)
libreoffice ( ->
mbedtls (2.6.0 -> 2.7.0)
openexr (2.2.0 -> 2.2.1)
perl-DBD-Pg (3.5.3 -> 3.7.4)
perl-IO-Socket-SSL (2.052 -> 2.054)
speech-dispatcher (0.8.7 -> 0.8.8)

=== Details ===

==== clucene-core ====
Subpackages: clucene-core-devel libclucene-contribs-lib1 libclucene-core1

- Add patch clucene-new-gcc.patch to fix visibility issues
- Use %cmake macros
- Remove few obsolete codepaths

==== cmake ====

- c17-default.patch: Add support for C17 default in GCC 8

==== ffmpeg ====
Version update (3.4.1 -> 3.4.2)
Subpackages: libavcodec-devel libavcodec57 libavdevice57 libavfilter6
libavformat57 libavresample-devel libavresample3 libavutil-devel libavutil55
libpostproc54 libswresample-devel libswresample2 libswscale-devel libswscale4

- Update to new bugfix release 3.4.2
* Fix integer overflows, multiplication overflows, undefined
shifts, and verify buffer lengths.
* avfilter/vf_transpose: Fix used plane count
[boo#1078488, CVE-2018-6392]
* avcodec/utvideodec: Fix bytes left check in decode_frame()
[boo#1079368, CVE-2018-6621]
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swri_audio_convert(), added cve-2017-17555.diff
[boo#1072366, CVE-2017-17555].

==== gnome-software ====
Version update (3.26.5 -> 3.26.6)
Subpackages: gnome-software-lang

- Update to version 3.26.6:
+ Improve alignment on the updates page.
+ Do not show missing screenshot error for fonts that have
+ Fixes for third party repository handling in the sources
+ Fix various issues on Ubuntu when purchasing apps.
+ Fix building with gtkspell support.
+ Fix an issue that led to duplicate categories appearing on the
overview page.
+ Various memory leak and correctness fixes.
+ Show package descriptions when installing packages through the
dbus API.
+ Revert a commit that broke repo package install.
+ Updated translations.
- Pass enable-gtkspell=true to meson, ensure we build gtkspell

==== ilmbase ====
Version update (2.2.0 -> 2.2.1)

- fix license of halfExport.h [bsc#774408]
+ ilmbase-halfExport.h-license.patch
- Update keyring and set keyring URL
- Update to version 2.2.1
* Bumped version to track OpenEXR
- bump sonum and macroify it
- cleanup with spec-cleaner

==== libreoffice ====
Version update ( ->
Subpackages: libreoffice-base libreoffice-base-drivers-mysql
libreoffice-branding-upstream libreoffice-calc libreoffice-draw
libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3
libreoffice-icon-themes libreoffice-impress libreoffice-kde4
libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el
libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu
libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl
libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN
libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno
libreoffice-writer libreofficekit

- Make sure we execute everything with python3
* 0001-Use-PYTHON_FOR_BUILD-instead-of-calling-python-direc.patch
- Bump version of bundled gpgme to 1.9.0
- Version update to
* various fixes all around
* Fixes data exposure bsc#1080249 CVE-2018-1055 CVE-2018-6871
- Bump the version of libgpg-error
- Drop the libreoffice-poppler-0.62.patch merged upstream

==== mbedtls ====
Version update (2.6.0 -> 2.7.0)
Subpackages: libmbedtls10 libmbedx509-0 mbedtls-devel

- Update to version 2.7.0:
- Security
* Fix a heap corruption issue in the implementation of the truncated HMAC
extension. When the truncated HMAC extension is enabled and CBC is used,
sending a malicious application packet could be used to selectively corrupt
6 bytes on the peer's heap, which could potentially lead to crash or remote
code execution. The issue could be triggered remotely from either side in
both TLS and DTLS. (CVE-2018-0488 boo#1080828)
* Fix a buffer overflow in RSA-PSS verification when the hash was too large
for the key size, which could potentially lead to crash or remote code
execution. Found by Seth Terashima, Qualcomm Product Security Initiative,
Qualcomm Technologies Inc. (CVE-2018-0487 boo#1080826)
* Fix buffer overflow in RSA-PSS verification when the unmasked data is all
* Fix an unsafe bounds check in ssl_parse_client_psk_identity() when adding
64 KiB to the address of the SSL buffer and causing a wrap around.
* Fix a potential heap buffer overflow in mbedtls_ssl_write(). When the (by
default enabled) maximum fragment length extension is disabled in the
config and the application data buffer passed to mbedtls_ssl_write
is larger than the internal message buffer (16384 bytes by default), the
latter overflows.
* Add a provision to prevent compiler optimizations breaking the time
constancy of mbedtls_ssl_safer_memcmp().
* Ensure that buffers are cleared after use if they contain sensitive data.
Changes were introduced in multiple places in the library.
* Set PEM buffer to zero before freeing it, to avoid decoded private keys
being leaked to memory after release.
* Fix dhm_check_range() failing to detect trivial subgroups and potentially
leaking 1 bit of the private key. Reported by prashantkspatil.
* Make mbedtls_mpi_read_binary() constant-time with respect to the input
data. Previously, trailing zero bytes were detected and omitted for the
sake of saving memory, but potentially leading to slight timing
differences. Reported by Marco Macchetti, Kudelski Group.
* Wipe stack buffer temporarily holding EC private exponent
after keypair generation.
* Fix a potential heap buffer over-read in ALPN extension parsing
(server-side). Could result in application crash, but only if an ALPN
name larger than 16 bytes had been configured on the server.
* Change default choice of DHE parameters from untrustworthy RFC 5114
to RFC 3526 containing parameters generated in a nothing-up-my-sleeve
- Features
* Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT,
MBEDTLS_CMAC_ALT). Submitted by Steven Cooreman, Silicon Labs.
* Add support for alternative implementations of GCM, selected by the
configuration flag MBEDTLS_GCM_ALT.
* Add support for alternative implementations for ECDSA, controlled by new
The following functions from the ECDSA module can be replaced
with alternative implementation:
mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
* Add support for alternative implementation of ECDH, controlled by the
new configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and
The following functions from the ECDH module can be replaced
with an alternative implementation:
mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared().
* Add support for alternative implementation of ECJPAKE, controlled by
the new configuration flag MBEDTLS_ECJPAKE_ALT.
* Add mechanism to provide alternative implementation of the DHM module.
- API changes
* Extend RSA interface by multiple functions allowing structure-
independent setup and export of RSA contexts. Most notably,
mbedtls_rsa_import() and mbedtls_rsa_complete() are introduced for setting
up RSA contexts from partial key material and having them completed to the
needs of the implementation automatically. This allows to setup private RSA
contexts from keys consisting of N,D,E only, even if P,Q are needed for the
purpose or CRT and/or blinding.
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
implementations of the RSA interface declared in rsa.h.
* The following functions in the message digest modules (MD2, MD4, MD5,
SHA1, SHA256, SHA512) have been deprecated and replaced as shown below.
The new functions change the return type from void to int to allow
returning error codes when using MBEDTLS_<MODULE>_ALT.
mbedtls_<MODULE>_starts() -> mbedtls_<MODULE>_starts_ret()
mbedtls_<MODULE>_update() -> mbedtls_<MODULE>_update_ret()
mbedtls_<MODULE>_finish() -> mbedtls_<MODULE>_finish_ret()
mbedtls_<MODULE>_process() -> mbedtls_internal_<MODULE>_process()
- Deprecations
* Deprecate usage of RSA primitives with non-matching key-type
(e.g. signing with a public key).
* Direct manipulation of structure fields of RSA contexts is deprecated.
Users are advised to use the extended RSA API instead.
* Deprecate usage of message digest functions that return void
(mbedtls_<MODULE>_starts, mbedtls_<MODULE>_update,
mbedtls_<MODULE>_finish and mbedtls_<MODULE>_process where <MODULE> is
any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions
that can return an error code.
* Deprecate untrustworthy DHE parameters from RFC 5114. Superseded by
parameters from RFC 3526 or the newly added parameters from RFC 7919.
* Deprecate hex string DHE constants MBEDTLS_DHM_RFC3526_MODP_2048_P etc.
Supserseded by binary encoded constants MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN
* Deprecate mbedtls_ssl_conf_dh_param() for setting default DHE parameters
from hex strings. Superseded by mbedtls_ssl_conf_dh_param_bin()
accepting DHM parameters in binary form, matching the new constants.
- Several bug fixes

==== multipath-tools ====
Subpackages: kpartx multipath-tools-rbd

- Fix whitespace in dracut conf file (bsc#1080562)

==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base

- Add ncurses patch 6.1-20180203
+ minor fixes to test/*.h to make them idempotent.
+ add/use test/parse_rgb.h to show how the "RGB" capability works.
+ add a clarification in user_caps.5 regarding "RGB" capability.
+ add extended_slk_color{,_sp} symbols to the appropriate
package/*.{map,sym} files (report by Sven Joachim, cf: 20170401).

==== openexr ====
Version update (2.2.0 -> 2.2.1)

- Update to 2.2.1
* Fix reported OpenEXR security vulnerabilities: CVE-2017-9110,
CVE-2017-9111, CVE-2017-9112, CVE-2017-9113, CVE-2017-9114,
CVE-2017-9115 and CVE-2017-9116
- pgajdos@xxxxxxxx: but really seem to fix only:
CVE-2017-9110 [bsc#1040107], CVE-2017-9114 [bsc#1040114],
CVE-2017-9116 [bsc#1040116], CVE-2017-12596 [bsc#1052522]; for
the rest of issues see [bsc#1040109], [bsc#1040112],
[bsc#1040113], [bsc#1040114], [bsc#1040115], and [bsc#1061305]

==== patterns-server ====
Subpackages: patterns-server-dhcp_dns_server patterns-server-directory_server
patterns-server-file_server patterns-server-gateway_server
patterns-server-kvm_server patterns-server-lamp_server
patterns-server-mail_server patterns-server-print_server

- Recommend php7 variants by the lamp pattern (boo#1081072).

==== perl-DBD-Pg ====
Version update (3.5.3 -> 3.7.4)

- updated to 3.7.4
see /usr/share/doc/packages/perl-DBD-Pg/Changes
- updated to 3.7.1
see /usr/share/doc/packages/perl-DBD-Pg/Changes
Version 3.7.1 Released February 11, 2017 (git tag 3.7.1)
- Fixed problem when using placeholders and escaped question marks, the
recopied string
was not terminated correctly.
[Greg Sabino Mullane]
(Github issue #33)
- Make sure nulls in our self-generated arrays are not set as read-only in
some Perls.
[Greg Sabino Mullane]
(CPAN ticket #107556)
- If the server returns no error message, and an "unknown" code from libpq,
supply a custom
message mentioning client_min_messages may be to blame.
[Greg Sabino Mullane]
(CPAN ticket #109591)
- Declare VERSION with 'our' in seldom-used Bundle module
(CPAN ticket #123218)
- updated to 3.7.0
see /usr/share/doc/packages/perl-DBD-Pg/Changes
Version 3.7.0 Released September 24, 2017 (git tag 3.7.0)
- If no placeholders, use PQexec instead of PQexecParams
[Greg Sabino Mullane]
- Fix running tests with non-UTF8 server_encoding
[Dagfinn Ilmari Mannsåker]
(Github issue #26)
- Fix crash with missing client_encoding
[David Christensen, reported by Marko Tiikkaja]
(Github issue #29)
- Fix crash with missing server_version
[David Christensen]
- Fix leak in ->state methods
[Dagfinn Ilmari Mannsåker]
(Github issue #30)
- Add $sth->{pg_async_status} to determine async status of a statement handle.
Values can be 0 (no async), 1 (async), or -1 (cancelled)
[Greg Sabino Mullane, as requested by Dmytro Zagashev (ZDM)]
(CPAN ticket #116172)
Version 3.6.2 Released May 23, 2017 (git tag 3.6.2)
- Remove errant debugging aid from test suite
Version 3.6.1 Released May 22, 2017 (git tag 3.6.1)
- Various fixes to support testing against Postgres 10beta
[David Christensen]
Version 3.6.0 Released April 17, 2017 (git tag 3.6.0)
- Make sure we do not inadvertently modify the string passed to prepare() when
doing the new backslash escape manipulation.
[Greg Sabino Mullane]
(CPAN ticket #114000)
- Fix bug where $DBD::Pg::DBDPG_DEFAULT not picked up as a magic
string first time it is used in a script.
[Greg Sabino Mullane]
(CPAN ticket #112309)
- Fix UTF8 flag handling in pg_(get|put)copydata
[Dagfinn Ilmari Mannsåker]
- Fix UTF8 double-encoding with pg_enable_utf8 = 0
[Serge Pushkin]
(CPAN ticket #103137)
- Fix bug in quote_name which would fail to quote in some circumstances
(Github Issue #22)
- Allow clean parsing of new Postgres X.Y version format
[Erik Rijkers er at]
- Add pg_canonical_ids() and pg_canonical_names(), which returns information
about each column in the result set.
[Warstone warstone at]
(CPAN ticket #106858)
- Map SQL_NUMERIC to PG_NUMERIC (instead of PG_FLOAT8)
[Alice Maz alice at]
(CPAN ticket #120358)
- Force real, float, and double precision into SvNVs
[Greg Sabino Mullane]
(CPAN ticket #113683 and other places)
- Support for number of rows greater than an "int". Requires support for same
from a future version of libpq before it will work completely.
[Greg Sabino Mullane]
(CPAN ticket #102444)
- Fix skipped test counts in Win32 builds
[Andy Grundman]
- Allow tests to work against Postgres 8.4 by tweaking client_encoding calls.
[Pavel Raiskup praiskup at]
(CPAN ticket #116179)
- Silence warnings in t/02attribs.t and t/04misc.t
[Dagfinn Ilmari Mannsåker]
- Support binary COPY format
[Dagfinn Ilmari Mannsåker]
- Ensure tests do not use $ENV{PGSERVICE} or $ENV{PGDATABASE}
[Erik Rijkers]
- Switched canonical repo to git://

==== perl-IO-Socket-SSL ====
Version update (2.052 -> 2.054)

- ignore Mozilla::CA
- updated to 2.054
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.054 2018/01/22
- added missing test certificates to MANIFEST
2.053 2018/01/21
- small behavior fixes
- if SSL_fingerprint is used and matches don't check for OCSP
- Utils::CERT_create - small fixes to properly specific purpose, ability to
use predefined complex purpose but disable some features
- update PublicSuffix
- updates for documentation, especially regarding pitfalls with forking or
non-blocking sockets. Spelling fixes.
- test fixes and improvements
- stability improvements for live tests
- regenerate certificate in certs/ and make sure they are limited to the
correct purpose. Checkin program used to generate certificates.
- adjust tests since certificates have changed and some tests used
certificates intended for client authentication as server certificates,
which now no longer works

==== python-urllib3 ====

- disable more flaky tests specifically for PowerPC

==== rdesktop ====

- Added rdesktop-Fix-key-caching.patch
backport of

==== ripit ====

- use wikipedia URL, as the original domain is no longer valid
- added ripit-4.0.0-undefined_variables.patch to avoid errors if the
user is using an old config file which does not define some variables
- added ripit-man-spellfix.patch from Debian which contains some
spell fixes for the man page
- rebased ripit-3.9.0-ogg.patch
- use Productivity/Multimedia/CD/Grabbers as RPM group

==== sg3_utils ====
Subpackages: libsgutils2-1_43-2

- dracut.conf: add whitespace at end of line (bsc#1080562)

==== skopeo ====

- Add requirement on libcontainers-common, which now provides the
/etc/containers/policy.json config.

==== speech-dispatcher ====
Version update (0.8.7 -> 0.8.8)
Subpackages: libspeechd-devel libspeechd2 python3-speechd
speech-dispatcher-configure speech-dispatcher-module-espeak

- Update to version 0.8.8
* Add German translation, thanks to Chris Leick for the patch
* Fix some spelling mistakes, thanks to Paul Gevers for the patch
* Some slight code improvements

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages