Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180224 When you reply to report some issues, make sure to change the subject. It is not helpful to keep the release announcement subject in a thread while discussing a specific problem. Packages changed: audacity (2.2.1 -> 2.2.2) autoyast2 (4.0.31 -> 4.0.32) filesystem git hostname (3.16 -> 3.20) kernel-source (4.15.4 -> 4.15.5) libcap-ng (0.7.8 -> 0.7.9) libguestfs libnss_nis libreoffice libstorage-ng (3.3.164 -> 3.3.173) libunwind libyui-qt-pkg (2.45.14 -> 2.45.15) linphone mozilla-nspr (4.17 -> 4.18) mozilla-nss (3.34.1 -> 3.35) open-iscsi perl-Image-ExifTool (10.55 -> 10.80) pesign-obs-integration qemu (2.11.0 -> 2.11.1) qemu-linux-user (2.11.0 -> 2.11.1) rpm shadow unar util-linux util-linux-systemd valgrind xdg-desktop-portal-kde (5.12.1 -> 5.12.2) yast2 (4.0.53 -> 4.0.54) yast2-bootloader (4.0.18 -> 4.0.19) yast2-control-center (4.0.0 -> 4.0.1) yast2-firewall (4.0.14 -> 4.0.16) yast2-network (4.0.14 -> 4.0.16) yast2-nfs-client (4.0.1 -> 4.0.2) yast2-ntp-client (4.0.7 -> 4.0.8) yast2-packager (4.0.39 -> 4.0.41) yast2-storage-ng (4.0.97 -> 4.0.110) ypbind ypserv === Details === ==== audacity ==== Version update (2.2.1 -> 2.2.2) Subpackages: audacity-lang - Update to release version 2.2.2. - Rebase audacity-no_buildstamp.patch. - Removed incorporated audacity-fix-nonsense.patch. - Added audacity-misc-errors.patch to fix various errors picked up by rpmlint. - Added to audacity-no_return_in_nonvoid.patch. - Upstream changes: * Easier zooming in and out with mousewheel, new Zoom Toggle command, and context menu for vertical rulers. * Easy access to change keyboard bindings of menu commands by holding Shift key. * Detection of dropout errors while recording with overburdened CPU. * Improved contrasts in Light and Dark themes * Half-wave display option * Several bugs/annoyances in 2.2.1 are now fixed ==== autoyast2 ==== Version update (4.0.31 -> 4.0.32) Subpackages: autoyast2-installation - Remove calls to the old yast2-storage layer (bsc#1071978) - Fix AutoYaST UI to to show partitions properly - 4.0.32 ==== filesystem ==== - Use lib64 filelist on riscv64 ==== git ==== Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - Create subpackage for libsecret credential helper. ==== hostname ==== Version update (3.16 -> 3.20) - Update to 3.20 * debian-specific change only - includes 3.19 * Fix lintian warnings. - includes 3.18 * Make sure memory is initialized to zero before attempting to read hostname. - includes 3.17 * Use _GNU_SOURCE feature test macro, instead of glibc internal __USE_GNU. * Use getdomainname instead of yp_get_default_domain because it is more widely available and avoids the -lnsl dependency. * localnisdomain is kept, even though it should be the same as localdomain, so the behaviour is not changed in case of an error. * Replace 'dh-clean -k' with 'dh-prep' - cleanup with spec-cleaner ==== kernel-source ==== Version update (4.15.4 -> 4.15.5) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n (git-fixes). - commit 4a82466 - Linux 4.15.5 (bnc#1012628). - scsi: smartpqi: allow static build ("built-in") (bnc#1012628). - IB/umad: Fix use of unprotected device pointer (bnc#1012628). - IB/qib: Fix comparison error with qperf compare/swap test (bnc#1012628). - IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports (bnc#1012628). - IB/core: Fix two kernel warnings triggered by rxe registration (bnc#1012628). - IB/core: Fix ib_wc structure size to remain in 64 bytes boundary (bnc#1012628). - IB/core: Avoid a potential OOPs for an unused optional parameter (bnc#1012628). - selftests: seccomp: fix compile error seccomp_bpf (bnc#1012628). - kselftest: fix OOM in memory compaction test (bnc#1012628). - RDMA/rxe: Fix a race condition related to the QP error state (bnc#1012628). - RDMA/rxe: Fix a race condition in rxe_requester() (bnc#1012628). - RDMA/rxe: Fix rxe_qp_cleanup() (bnc#1012628). - cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin (bnc#1012628). - swiotlb: suppress warning when __GFP_NOWARN is set (bnc#1012628). - PM / devfreq: Propagate error from devfreq_add_device() (bnc#1012628). - mwifiex: resolve reset vs. remove()/shutdown() deadlocks (bnc#1012628). - ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE (bnc#1012628). - trace_uprobe: Display correct offset in uprobe_events (bnc#1012628). - powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all (bnc#1012628). - powerpc/kernel: Block interrupts when updating TIDR (bnc#1012628). - powerpc/vas: Don't set uses_vas for kernel windows (bnc#1012628). - powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (bnc#1012628). - powerpc/mm: Flush radix process translations when setting MMU type (bnc#1012628). - powerpc/xive: Use hw CPU ids when configuring the CPU queues (bnc#1012628). - dma-buf: fix reservation_object_wait_timeout_rcu once more v2 (bnc#1012628). - s390: fix handling of -1 in set{,fs}[gu]id16 syscalls (bnc#1012628). - arm64: dts: msm8916: Correct ipc references for smsm (bnc#1012628). - ARM: lpc3250: fix uda1380 gpio numbers (bnc#1012628). - ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property (bnc#1012628). - ARM: dts: nomadik: add interrupt-parent for clcd (bnc#1012628). - arm: dts: mt7623: fix card detection issue on bananapi-r2 (bnc#1012628). - arm: spear600: Add missing interrupt-parent of rtc (bnc#1012628). - arm: spear13xx: Fix dmas cells (bnc#1012628). - arm: spear13xx: Fix spics gpio controller's warning (bnc#1012628). - x86/gpu: add CFL to early quirks (bnc#1012628). - x86/kexec: Make kexec (mostly) work in 5-level paging mode (bnc#1012628). - x86/xen: init %gs very early to avoid page faults with stack protector (bnc#1012628). - x86: PM: Make APM idle driver initialize polling state (bnc#1012628). - mm, memory_hotplug: fix memmap initialization (bnc#1012628). - x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface (bnc#1012628). - x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface (bnc#1012628). - compiler-gcc.h: Introduce __optimize function attribute (bnc#1012628). - compiler-gcc.h: __nostackprotector needs gcc-4.4 and up (bnc#1012628). - crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate (bnc#1012628). - crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate (bnc#1012628). - powerpc/mm/radix: Split linear mapping on hot-unplug (bnc#1012628). - x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() (bnc#1012628). - x86/speculation: Update Speculation Control microcode blacklist (bnc#1012628). - x86/speculation: Correct Speculation Control microcode blacklist again (bnc#1012628). - Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()" (bnc#1012628). - KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods (bnc#1012628). - X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs (bnc#1012628). - KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap (bnc#1012628). - x86/speculation: Clean up various Spectre related details (bnc#1012628). - PM / runtime: Update links_count also if !CONFIG_SRCU (bnc#1012628). - PM: cpuidle: Fix cpuidle_poll_state_init() prototype (bnc#1012628). - platform/x86: wmi: fix off-by-one write in wmi_dev_probe() (bnc#1012628). - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bnc#1012628). - x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions (bnc#1012628). - x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro (bnc#1012628). - x86/entry/64: Interleave XOR register clearing with PUSH instructions (bnc#1012628). - x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro (bnc#1012628). - x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases (bnc#1012628). - x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros (bnc#1012628). - x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly (bnc#1012628). - x86/entry/64: Fix paranoid_entry() frame pointer warning (bnc#1012628). - x86/entry/64: Remove the unused 'icebp' macro (bnc#1012628). - selftests/x86: Fix vDSO selftest segfault for vsyscall=none (bnc#1012628). - selftests/x86: Clean up and document sscanf() usage (bnc#1012628). - selftests/x86/pkeys: Remove unused functions (bnc#1012628). - selftests/x86: Fix build bug caused by the 5lvl test which has been moved to the VM directory (bnc#1012628). - selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c (bnc#1012628). - gfs2: Fixes to "Implement iomap for block_map" (bnc#1012628). - selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c (bnc#1012628). - selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems (bnc#1012628). - objtool: Fix segfault in ignore_unreachable_insn() (bnc#1012628). - x86/debug, objtool: Annotate WARN()-related UD2 as reachable (bnc#1012628). - x86/debug: Use UD2 for WARN() (bnc#1012628). - x86/speculation: Fix up array_index_nospec_mask() asm constraint (bnc#1012628). - nospec: Move array_index_nospec() parameter checking into separate macro (bnc#1012628). - x86/speculation: Add <asm/msr-index.h> dependency (bnc#1012628). - x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]() (bnc#1012628). - selftests/x86/mpx: Fix incorrect bounds with old _sigfault (bnc#1012628). - x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping (bnc#1012628). - x86/spectre: Fix an error message (bnc#1012628). - x86/cpu: Change type of x86_cache_size variable to unsigned int (bnc#1012628). - x86/entry/64: Fix CR3 restore in paranoid_exit() (bnc#1012628). - drm/ttm: Don't add swapped BOs to swap-LRU list (bnc#1012628). - drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2) (bnc#1012628). - drm/qxl: unref cursor bo when finished with it (bnc#1012628). - drm/qxl: reapply cursor after resetting primary (bnc#1012628). - drm/amd/powerplay: Fix smu_table_entry.handle type (bnc#1012628). - drm/ast: Load lut in crtc_commit (bnc#1012628). - drm: Check for lessee in DROP_MASTER ioctl (bnc#1012628). - arm64: Add missing Falkor part number for branch predictor hardening (bnc#1012628). - drm/radeon: Add dpm quirk for Jet PRO (v2) (bnc#1012628). - drm/radeon: adjust tested variable (bnc#1012628). - x86/smpboot: Fix uncore_pci_remove() indexing bug when hot-removing a physical CPU (bnc#1012628). - rtc-opal: Fix handling of firmware error codes, prevent busy loops (bnc#1012628). - mbcache: initialize entry->e_referenced in mb_cache_entry_create() (bnc#1012628). - mmc: sdhci: Implement an SDHCI-specific bounce buffer (bnc#1012628). - mmc: bcm2835: Don't overwrite max frequency unconditionally (bnc#1012628). - Revert "mmc: meson-gx: include tx phase in the tuning process" (bnc#1012628). - mlx5: fix mlx5_get_vector_affinity to start from completion vector 0 (bnc#1012628). - Revert "apple-gmux: lock iGP IO to protect from vgaarb changes" (bnc#1012628). - jbd2: fix sphinx kernel-doc build warnings (bnc#1012628). - ext4: fix a race in the ext4 shutdown path (bnc#1012628). - ext4: save error to disk in __ext4_grp_locked_error() (bnc#1012628). - ext4: correct documentation for grpid mount option (bnc#1012628). - mm: hide a #warning for COMPILE_TEST (bnc#1012628). - mm: Fix memory size alignment in devm_memremap_pages_release() (bnc#1012628). - MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN (bnc#1012628). - MIPS: CPS: Fix MIPS_ISA_LEVEL_RAW fallout (bnc#1012628). - MIPS: Fix incorrect mem=X@Y handling (bnc#1012628). - PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode (bnc#1012628). - PCI: iproc: Fix NULL pointer dereference for BCMA (bnc#1012628). - PCI: pciehp: Assume NoCompl+ for Thunderbolt ports (bnc#1012628). - PCI: keystone: Fix interrupt-controller-node lookup (bnc#1012628). - video: fbdev: atmel_lcdfb: fix display-timings lookup (bnc#1012628). - console/dummy: leave .con_font_get set to NULL (bnc#1012628). - rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (bnc#1012628). - xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests (bnc#1012628). - xenbus: track caller request id (bnc#1012628). - seq_file: fix incomplete reset on read from zero offset (bnc#1012628). - tracing: Fix parsing of globs with a wildcard at the beginning (bnc#1012628). - mpls, nospec: Sanitize array index in mpls_label_ok() (bnc#1012628). - rtlwifi: rtl8821ae: Fix connection lost problem correctly (bnc#1012628). - arm64: proc: Set PTE_NG for table entries to avoid traversing them twice (bnc#1012628). - xprtrdma: Fix calculation of ri_max_send_sges (bnc#1012628). - xprtrdma: Fix BUG after a device removal (bnc#1012628). - blk-wbt: account flush requests correctly (bnc#1012628). - target/iscsi: avoid NULL dereference in CHAP auth error path (bnc#1012628). - iscsi-target: make sure to wake up sleeping login worker (bnc#1012628). - dm: correctly handle chained bios in dec_pending() (bnc#1012628). - Btrfs: fix deadlock in run_delalloc_nocow (bnc#1012628). - Btrfs: fix crash due to not cleaning up tree log block's dirty bits (bnc#1012628). - Btrfs: fix extent state leak from tree log (bnc#1012628). - Btrfs: fix use-after-free on root->orphan_block_rsv (bnc#1012628). - Btrfs: fix unexpected -EEXIST when creating new inode (bnc#1012628). - 9p/trans_virtio: discard zero-length reply (bnc#1012628). - mtd: nand: vf610: set correct ooblayout (bnc#1012628). - ALSA: hda - Fix headset mic detection problem for two Dell machines (bnc#1012628). - ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute (bnc#1012628). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bnc#1012628). - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bnc#1012628). - ALSA: hda/realtek: PCI quirk for Fujitsu U7x7 (bnc#1012628). - ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204 (bnc#1012628). - ALSA: usb: add more device quirks for USB DSD devices (bnc#1012628). - ALSA: seq: Fix racy pool initializations (bnc#1012628). - mvpp2: fix multicast address filter (bnc#1012628). - usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT (bnc#1012628). - x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages (bnc#1012628). - ARM: dts: exynos: fix RTC interrupt for exynos5410 (bnc#1012628). - ARM: pxa/tosa-bt: add MODULE_LICENSE tag (bnc#1012628). - arm64: dts: msm8916: Add missing #phy-cells (bnc#1012628). - ARM: dts: s5pv210: add interrupt-parent for ohci (bnc#1012628). - arm: dts: mt7623: Update ethsys binding (bnc#1012628). - arm: dts: mt2701: Add reset-cells (bnc#1012628). - ARM: dts: Delete bogus reference to the charlcd (bnc#1012628). - media: r820t: fix r820t_write_reg for KASAN (bnc#1012628). - mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec (bnc#1012628). - mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb (bnc#1012628). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Refresh patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch. - Refresh patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch. - commit 078aac5 - config: enable IMA and EVM - commit 8c97198 - config: arm64: Enable MAX77620 for Nvidia Jetson TX1 (boo#1081473) - commit 5cbffaf ==== libcap-ng ==== Version update (0.7.8 -> 0.7.9) Subpackages: libcap-ng-devel libcap-ng0 - Move %doc to %license for licenses - Remove ineffective --with-pic. Fix SRPM group. Redo descriptions. - Rename %soname to %sover to better reflect its use. - Update to version 0.7.9: * Detect and output a couple errors in filecap * Use pthread_atfork to optionally reset the pid and related info on fork - cleanup with spec-cleaner - use https urls ==== libguestfs ==== Subpackages: guestfs-data libguestfs0 python3-libguestfs - Remove dependency on wodim for openSUSE:Factory and use cdrtools (bnc#1081739) ==== libnss_nis ==== Subpackages: libnss_nis2 libnss_nis2-32bit - Use %license [bsc#1082318] ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit - Add patch to build properly with orcus-0.13.3: * orcus-0.13.3.patch - boost_string_fixes.patch: Boost in Leap 42.3 and SLE-12 is lacking some functionality found in newer versions. Workaround the problem. ==== libstorage-ng ==== Version update (3.3.164 -> 3.3.173) Subpackages: libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#476 - improved integration tests - added documentation - 3.3.173 - Translated using Weblate (Ukrainian) - Translated using Weblate (Finnish) - 3.3.172 - merge gh#openSUSE/libstorage-ng#475 - allow SystemCmd to verify program exit code - added base class for callbacks - added callbacks for probing (bsc#1070459 and many others) - use callbacks base class - use new verify feature of SystemCmd - improved error handling - work on handling errors during probe - updated pot file - use callbacks base class - coding style - extended documentation - 3.3.171 - merge gh#openSUSE/libstorage-ng#474 - fixed device existence check (bsc#1082143) - 3.3.170 - merge gh#openSUSE/libstorage-ng#473 - Default to GPT for creating partition tables (fate#323457) - 3.3.169 - merge gh#openSUSE/libstorage-ng#472 - insert mount and unmount actions for resize - added unit tests - 3.3.168 - merge gh#openSUSE/libstorage-ng#471 - fixed parsing /proc/mounts for ntfs - fixed error handling when ntfsresize fails - 3.3.167 - merge gh#openSUSE/libstorage-ng#470 - consistent names - remove duplicate actions - added helper functions - fixed integration test - adjust existing unit test to so far supported setup - coding style - renamed function to reflect recent changes - 3.3.166 - merge gh#openSUSE/libstorage-ng#469 - added possible_mount_bys() - 3.3.165 ==== libunwind ==== Subpackages: libunwind-devel - Add patch `fix_versioning_libunwind_1.2.1.patch`. * This patch fixes the upstream bug gh#libunwind/libunwind#30. This bug was causing the julia build process to fail. NOTE: This patch shall be removed in the next version of libunwind. ==== libyui-qt-pkg ==== Version update (2.45.14 -> 2.45.15) - Contribution by LelCP: Add support for icon themes (boo#1081517) - 2.45.15 ==== linphone ==== Subpackages: liblinphone++9 liblinphone-data liblinphone-devel liblinphone-lang liblinphone9 - Add linphone-build-readline.patch: Add the ability to compile with readline to the build system. - Build with the readline support. ==== mozilla-nspr ==== Version update (4.17 -> 4.18) - update to version 4.18 * removed HP-UX DCE threads support * improvements for the Windows implementation of PR_SetCurrentThreadName * fixes for the Windows implementation of TCP Fast Open ==== mozilla-nss ==== Version update (3.34.1 -> 3.35) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.35 New functionality * TLS 1.3 support has been updated to draft -23. This includes a large number of changes since 3.34, which supported only draft - 18. See below for details. New Types * SSLHandshakeType - The type of a TLS handshake message. * For the SSLSignatureScheme enum, the enumerated values ssl_sig_rsa_pss_sha* are deprecated in response to a change in TLS 1.3. Please use the equivalent ssl_sig_rsa_pss_rsae_sha* for rsaEncryption keys, or ssl_sig_rsa_pss_pss_sha* for PSS keys. Note that this release does not include support for the latter. Notable Changes * Previously, NSS used the DBM file format by default. Starting with version 3.35, NSS uses the SQL file format by default. Additional information can be found on this Fedora Linux project page: https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql * Added formally verified implementations of non-vectorized Chacha20 and non-vectorized Poly1305 64-bit. * For stronger security, when creating encrypted PKCS#7 or PKCS#12 data, the iteration count for the password based encryption algorithm has been increased to one million iterations. Note that debug builds will use a lower count, for better performance in test environments. * NSS 3.30 had introduced a regression, preventing NSS from reading some AES encrypted data, produced by older versions of NSS. NSS 3.35 fixes this regression and restores the ability to read affected data. * The following CA certificates were Removed: OU = Security Communication EV RootCA1 CN = CA Disig Root R1 CN = DST ACES CA X6 Subject CN = VeriSign Class 3 Secure Server CA - G2 * The Websites (TLS/SSL) trust bit was turned off for the following CA certificates: CN = Chambers of Commerce Root CN = Global Chambersign Root * TLS servers are able to handle a ClientHello statelessly, if the client supports TLS 1.3. If the server sends a HelloRetryRequest, it is possible to discard the server socket, and make a new socket to handle any subsequent ClientHello. This better enables stateless server operation. (This feature is added in support of QUIC, but it also has utility for DTLS 1.3 servers.) * The tstclnt utility now supports DTLS, using the -P option. Note that a DTLS server is also provided in tstclnt. * TLS compression is no longer possible with NSS. The option can be enabled, but NSS will no longer negotiate compression. * The signatures of functions SSL_OptionSet, SSL_OptionGet, SSL_OptionSetDefault and SSL_OptionGetDefault have been modified, to take a PRIntn argument rather than PRBool. This makes it clearer, that options can have values other than 0 or 1. Note this does not affect ABI compatibility, because PRBool is a typedef for PRIntn. ==== open-iscsi ==== Subpackages: iscsiuio - Ensure correct dependencies: main package must depend on (new) libopeniscsiusr package, and devel package must depend on main package (updating spec file) - Fix ARP booting issue with different subnets (bsc#1058463), updating: * open-iscsi-SUSE-latest.diff.bz2 - Trim filler wording from description. Update old commands/RPM variables to macros. - Implement shared library packaging guideline. - Do not let fdupes run across partitions. ==== perl-Image-ExifTool ==== Version update (10.55 -> 10.80) Subpackages: exiftool perl-File-RandomAccess - Update to version 10.80 (changes since 10.55): * See /usr/share/doc/packages/perl-Image-ExifTool/Changes ==== pesign-obs-integration ==== - Provide password file for 'certutil -A' due to the change in mozilla-nss 3.35 (boo#1082235) ==== qemu ==== Version update (2.11.0 -> 2.11.1) Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Update to v2.11.1, a stable, (mostly) bug-fix-only release In addition to bug fixes, of necessity fixes are needed to address the Spectre v2 vulnerability by passing along to the guest new hardware features introduced by host microcode updates. A January 2018 release of qemu initially addressed this issue by exposing the feature for all x86 vcpu types, which was the quick and dirty approach, but not the proper solution. We remove that initial patch and now rely on the upstream solution. This update instead defines spec_ctrl and ibpb cpu feature flags as well as new cpu models which are clones of existing models with either -IBRS or -IBPB added to the end of the model name. These new vcpu models explicitly include the new feature(s), whereas the feature flags can be added to the cpu parameter as with other features. In short, for continued Spectre v2 protection, ensure that either the appropriate cpu feature flag is added to the QEMU command-line, or one of the new cpu models is used. Although migration from older versions is supported, the new cpu features won't be properly exposed to the guest until it is restarted with the cpu features explicitly added. A reboot is insufficient. A warning patch is added which attempts to detect a migration from a qemu version which had the quick and dirty fix (it only detects certain cases, but hopefully is helpful.) s390x guest vulnerability to Spectre v2 is also addressed in this update by including support for bpb and ppa/stfle.81 features. (CVE-2017-5715 bsc#1068032) For additional information on Spectre v2 as it relates to QEMU, see: https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/ - Unfortunately, it was found that our current KVM isn't correctly indicating support for the spec-ctrl feature, so I've added a patch to still detect that support within QEMU. This is of course a temporary kludge until KVM gets fixed. (bsc#1082276) - The SEV support patches are updated to the v9 series. - Fix incompatibility with recent glibc (boo#1081154) - Add Supplements tags for the guest agent package in an attempt to auto-install for QEMU and Xen SUSE Linux guests (fate#323570) * Patches dropped (subsumed by stable update, or reworked in v9): 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 ==== qemu-linux-user ==== Version update (2.11.0 -> 2.11.1) - Update to v2.11.1, a stable, (mostly) bug-fix-only release * Patches dropped: 0033-i386-kvm-MSR_IA32_SPEC_CTRL-and-MSR.patch 0050-target-i386-add-memory-encryption-f.patch 0054-accel-add-Secure-Encrypted-Virtuliz.patch 0072-sev-Fix-build-for-non-x86-hosts.patch * Patches added: 0033-memfd-fix-configure-test.patch 0053-target-i386-add-Secure-Encrypted-Vi.patch 0056-qmp-populate-SevInfo-fields-with-SE.patch 0072-tests-qmp-test-blacklist-query-sev-.patch 0073-sev-i386-add-migration-blocker.patch 0074-cpu-i386-populate-CPUID-0x8000_001F.patch 0075-migration-warn-about-inconsistent-s.patch 0076-i386-Compensate-for-KVM-SPEC_CTRL-f.patch * Patches renamed (plus some minor code changes): 0051-machine-add-memory-encryption-prope.patch - > 0050-machine-add-memory-encryption-prope.patch 0052-kvm-update-kvm.h-to-include-memory-.patch - > 0051-kvm-update-kvm.h-to-include-memory-.patch 0053-docs-add-AMD-Secure-Encrypted-Virtu.patch - > 0052-docs-add-AMD-Secure-Encrypted-Virtu.patch 0055-sev-add-command-to-initialize-the-m.patch - > 0055-sev-i386-add-command-to-initialize-.patch 0056-sev-register-the-guest-memory-range.patch - > 0057-sev-i386-register-the-guest-memory-.patch 0057-kvm-introduce-memory-encryption-API.patch - > 0058-kvm-introduce-memory-encryption-API.patch 0058-qmp-add-query-sev-command.patch - > 0054-qmp-add-query-sev-command.patch 0060-sev-add-command-to-create-launch-me.patch - > 0060-sev-i386-add-command-to-create-laun.patch 0061-sev-add-command-to-encrypt-guest-me.patch - > 0061-sev-i386-add-command-to-encrypt-gue.patch 0063-sev-add-support-to-LAUNCH_MEASURE-c.patch - > 0063-sev-i386-add-support-to-LAUNCH_MEAS.patch 0064-sev-Finalize-the-SEV-guest-launch-f.patch - > 0064-sev-i386-finalize-the-SEV-guest-lau.patch 0066-sev-add-debug-encrypt-and-decrypt-c.patch - > 0066-sev-i386-add-debug-encrypt-and-decr.patch 0069-sev-add-support-to-query-PLATFORM_S.patch - > 0069-sev-i386-add-support-to-query-PLATF.patch 0070-sev-add-support-to-KVM_SEV_GUEST_ST.patch - > 0070-sev-i386-add-support-to-KVM_SEV_GUE.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.11 ==== rpm ==== Subpackages: rpm-build rpm-devel - split riscv64 part from auto-config-update-aarch64-ppc64le.diff to make the change rust-proof. new patch: auto-config-update-riscv64.diff - auto-config-update-aarch64-ppc64le.diff: Update for riscv64 and enable it there - change disk usage handling to take hardlinks into account [bnc#720150] new patch: hardlinks.diff ==== shadow ==== - Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294) ==== unar ==== - add unrar_wrapper.py (https://github.com/openSUSE/unrar_wrapper) that provides the basic backwards compatibility with unrar [fate#323896] - unar now obsoletes non-free unrar - run spec-cleaner ==== util-linux ==== Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang - Fix lsblk on NVMe (bsc#1078662, util-linux-sysfs-nvme-devno.patch). ==== util-linux-systemd ==== - Fix lsblk on NVMe (bsc#1078662, util-linux-sysfs-nvme-devno.patch). ==== valgrind ==== - add valgrind.xen.patch to handle Xen 4.10 (fate#321394, fate#322686) ==== xdg-desktop-portal-kde ==== Version update (5.12.1 -> 5.12.2) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.12.2 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.12.2.php - Changes since 5.12.1: * Fix build with Qt dev branch, where QCUPSSupport::cupsOptionsList was removed - Dropped patches, now upstream: * 0001-Fix-build-with-Qt-dev-branch-where-QCUPSSupport-cups.patch ==== yast2 ==== Version update (4.0.53 -> 4.0.54) - Added missing textdomain to firewalld zone class for translations (bsc#1082246). - 4.0.54 ==== yast2-bootloader ==== Version update (4.0.18 -> 4.0.19) - Remove calls to the old yast2-storage layer (bsc#1071978) - 4.0.19 ==== yast2-control-center ==== Version update (4.0.0 -> 4.0.1) Subpackages: yast2-control-center-qt - Fixes to way icons are displayed (boo#1081517) - 4.0.1 ==== yast2-firewall ==== Version update (4.0.14 -> 4.0.16) - Added textdomain for translation (bnc#1081458) - 4.0.16 - Fixed "default_zone" in rnc file. (bnc#1013047) - 4.0.15 ==== yast2-network ==== Version update (4.0.14 -> 4.0.16) - Really translate firewalld zones (bsc#1082246) - 4.0.16 - Virtualization Bridge Proposal: Do not propose network interfaces without link as bridgeable (bsc#1062596, bsc#1072951). - 4.0.15 ==== yast2-nfs-client ==== Version update (4.0.1 -> 4.0.2) - During installation do not check whether the portmapper package is installed, fixed error handling when scanning the NFS exports fails (bsc#1079624) - 4.0.2 ==== yast2-ntp-client ==== Version update (4.0.7 -> 4.0.8) - Inform user when client cannot sync with NTP server after the user clik on "sync time now" (bsc#1081000) - 4.0.8 ==== yast2-packager ==== Version update (4.0.39 -> 4.0.41) - Added textdomain in order to activate translation (bnc#1081365). - 4.0.41 - Added product renames for the SDK and the Toolchain module (bsc#1080913) - 4.0.40 ==== yast2-storage-ng ==== Version update (4.0.97 -> 4.0.110) - Partitioner: prevent to modify devices used in LVM or MD RAID (bsc#1079827). - 4.0.110 - Better handling of errors during hardware probing (bsc#1070459, bsc#1079228, bsc#1079817, bsc#1063059, bsc#1080554, bsc#1076776, bsc#1070459 and some others). - 4.0.109 - Avoid to write files in tests (SCR.Write) (fate#323457). - adapted to callback improvements in libstorage-ng (bsc#1070459 and many others) - 4.0.108 - Added missing textdomain calls (bsc#1081454) - 4.0.107 - AutoYaST: fix support to create multiple volume groups (bsc#1081633). - 4.0.106 - Added missing ptable type conversion (fate#323457) - 4.0.105 - Changed default partition table from MSDOS to GPT (fate#323457) - 4.0.104 - ensure partition name changes during the proposal process are taken properly into account (bsc#1078691) - 4.0.103 - Use sysconfig storage file to read the default value for mount_by (bsc#1081198). - Partitioner: allow to configure default value for mount_by. - 4.0.102 - Do not take into account unformatted DASDs as a possible target for installation (bsc#1071798). - Partitioner: do not show unformatted DASDs, since they cannot be partitioned or used in any other way. - AutoYaST: guess which filesystem type should be used for a given partition/logical volume when it is not specified in the profile (bsc#1075203). - Special handling for mount options for / and /boot/* in the partitioner (bsc#1080731) - 4.0.101 - Partitioner: bring back traditional list of mount points for both installation and installed system (bsc#1076167 and bsc#1081200). - Partitioner: bring back traditional behavior of the "Operating System" and "Data" roles during installation (bsc#1078975 and bsc#1073854). - 4.0.100 - Special handling for mount options for / and /boot/* (bsc#1080731, bsc#1061867, bsc#1077859) - 4.0.99 - Ensure that there is always selected item in table, if it is not empty (bsc#1076318) - 4.0.98 ==== ypbind ==== - Use %license instead of %doc [bsc#1082318] ==== ypserv ==== - Use %license instead of %doc [bsc#1082318] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org