Mailinglist Archive: opensuse-factory (138 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180702 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180702

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
brotli (1.0.3 -> 1.0.5)
checkmedia (3.8 -> 4.0)
efivar (31 -> 36)
ffmpeg (4.0 -> 4.0.1)
fwupdate (9+git21.gcd8f7d7 -> 11)
glibc
glibc
grub2
libiscsi
libqt5-qtwebengine
linux-glibc-devel (4.16 -> 4.17)
lz4 (1.8.1.2 -> 1.8.2)
mariadb-connector-c
opal
openldap2
p11-kit (0.23.2 -> 0.23.12)
python-pytz (2018.3 -> 2018.5)
rdma-core (16.4 -> 18.1)
spec-cleaner (1.0.9 -> 1.1.0)
sqlite3
srt
sssd (1.16.1 -> 1.16.2)
xen (4.10.1_02 -> 4.10.1_08)

=== Details ===

==== brotli ====
Version update (1.0.3 -> 1.0.5)
Subpackages: libbrotlicommon1 libbrotlidec1 libbrotlienc1

- Update to version 1.0.5:
* improve q=1 compression on small files
* inverse Bazel workspace tree
* add rolling-composite-hasher for large-window mode
* add tools to download and transform static dictionary data
- Changes for version 1.0.4:
* fix unaligned access for aarch64-cross-armhf build
* fix aarch64 target detection
* allow CLI to compress with enabled "large window" feature
* add NPOSTFIX / NDIRECT encoder parameters
* automatic NDIRECT/NPOSTFIX tuning (better compression)
* fix "memory leak" in python tests
* fix bug in durchschlag
* fix source file lists (add params.h)
* fix Bazel/MSVC compilator options
* fix "fall though" warnings

==== checkmedia ====
Version update (3.8 -> 4.0)

- merge gh#openSUSE/checkmedia#6
- change tagmedia to also store checksum over partition
(bsc#1000947)
- update Makefile
- update documentation
- rewrite checkmedia to use new mediacheck library
- digestdemo: add simple demo tool for libmediacheck usage
- mediacheck library header file
- mediacheck library code
- add test tool for mediachecks
- test data
- enhance code
- fix typo in tagmedia
- 4.0

==== efivar ====
Version update (31 -> 36)

- Update to version 36
- adjust libefiboot-export-disk_get_partition_info.patch to fit
new version

==== ffmpeg ====
Version update (4.0 -> 4.0.1)
Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58
libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5

- Enable ffnvcodec when building with NVIDIA support
- Add pkgconfig(srt) BuildRequires and pass --enable-libsrt to
configure, enable srt support.
- Refresh patches with quilt:
* cve-2017-17555.diff
* ffmpeg-codec-choice.diff
* ffmpeg-libcdio_cdda-pkgconfig.patch
* ffmpeg-new-coder-errors.diff
- Enable libxml2 (used by MPEG DASH demuxer)
- Update to new upstream release 4.0.1
* Fixed some integer overflows, undefined shifts, negative
shifts, division by 0, and a null pointer deref.
- Enable pkgconfig(vidstab) BuildRequires unconditionally, now
available in openSUSE.

==== fwupdate ====
Version update (9+git21.gcd8f7d7 -> 11)

- Correct the requirement of efivar-devel version
- Update to version 11
+ lots of fixes from cov-scan and clang analyzer
+ support for Lenovo machines
+ experimental support for UI Capsules
+ Dell WMI support
+ lots of bugfixes
+ configurable EFI ESP location by setting ESPMOUNTPOINT or the git
config property fwupdate.espmountdir during the build.
+ Lots of coverity work
+ ABI compatibility checking during the release process
+ Make subdirectory builds work
- removed fwupdate-list-firmware-types.patch

==== glibc ====
Subpackages: glibc-32bit glibc-locale-32bit

- Use python3-pexpect instead of python-pexpect
- riscv-kernel-sigaction.patch: fix struct kernel_sigaction to match the
kernel version (BZ #23069)
- glibc-2.3.90-langpackdir.diff: No longer search in /usr/share/locale-bundle

==== glibc ====
Subpackages: glibc-devel glibc-extra glibc-info glibc-locale nscd

- Use python3-pexpect instead of python-pexpect
- riscv-kernel-sigaction.patch: fix struct kernel_sigaction to match the
kernel version (BZ #23069)
- glibc-2.3.90-langpackdir.diff: No longer search in /usr/share/locale-bundle

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin
grub2-x86_64-efi grub2-x86_64-xen

- Replace "GRUB_DISABLE_LINUX_RECOVERY" by "GRUB_DISABLE_RECOVERY"
in /etc/default/grub and remove test from s390x install
section in upec file.
[bsc#1042433, grub.default, grub2.spec]

==== libiscsi ====

- Fix building of recent rdma (boo#1098749):
* libiscsi-rdma.patch

==== libqt5-qtwebengine ====

- Enable building against the system ICU again
- Add physicalmemory >= 5GiB to _constraints in the hope to speed up
builds

==== linux-glibc-devel ====
Version update (4.16 -> 4.17)

- Update to kernel headers 4.17

==== lz4 ====
Version update (1.8.1.2 -> 1.8.2)
Subpackages: liblz4-1 liblz4-1-32bit

- lz4 1.8.2:
* speed inprovemtns for compression and decompression
* fix compression compatible with low memory addresses
* fix decompression segfault when provided with NULL input
* cli: new command --favor-decSpeed
* cli: benchmark mode more accurate for small inputs

==== mariadb-connector-c ====

- Drop libmysqlclient_r Provides from the -devel package.
(bsc#1097938)

==== opal ====

- Pass --disable-ixj to configure instead of --enable-ixj: Linux
4.17 no longer brings the public telephony headers and future
versions of opal (starting with 3.14) would not support xJACK
neither (addresses boo#1098764).

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client
openldap2-devel

- fixed shee-bang in openldap_update_modules_path.sh (bsc#1099705)

==== p11-kit ====
Version update (0.23.2 -> 0.23.12)
Subpackages: libp11-kit0 libp11-kit0-32bit p11-kit-tools

- New version 0.23.12
* Fix compile error when PKCS#11 GNU calling convention enabled
- Changelog from version 0.23.11
* trust: Add extractor for edk2/cacerts.bin
* modules: Add option to control module visibility from proxy
* trust: Prevent trust module being loaded by proxy module
* library: Use dedicated locale object for printing error
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly
* Improve const correctness for P11KitUri
* PKCS#11 URI scheme comparison is now case insensitive
- Drop p11-kit-biarch.patch: Obsolete since 0.23.10
- New version 0.23.10
* New p11-kit server command
* The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY attribute
* New trust dump command
* New envvar P11_KIT_NO_USER_CONFIG to stop looking at user configurations
* trust: Respect anyExtendedKeyUsage in CA certificates
* Support x-init-reserved argument of C_Initialize() in remote modules
* install private executables in libexecdir, obsoletes p11-kit-biarch.patch
- new server subpackage
- change keyring to new maintainer Daiki Ueno

==== python-pytz ====
Version update (2018.3 -> 2018.5)

- update to 2018.5:
* various python compatibility fixes
- fix upstream signing key

==== rdma-core ====
Version update (16.4 -> 18.1)
Subpackages: libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Remove pandoc BuildRequires
* Add prebuilt-pandoc.sh to pre-generate the man pages
* Add prebuilt-pandoc.tgz containing pre-generated man pages
* Extract man pages in the appropriate directory during build
- Update to rdma-core v18.1
* Fix compilation issue with recent glibc
- Drop Remove-the-obsolete-libibcm-library.patch and
umad-Do-not-check-for-umad-sysfs-files-in-umad_init.patch as they were
fixed upstream.
- Update to rdma-core v16.5
* Backport fixes:
* buildilb: Fix -msse breakage on ARM builds
* buildlib: Use -msse if the compiler does not support target(sse)
(bsc#1086910)
* suse: do not call %service rules on a template file (bsc#1093170)
* mlx5: Convert ah_attr static rate to mlx5 static rate
* ccan: Add array_size.h file
* iwpmd: Initialize address of sockaddr
* mlx5: Fix need_uuar_lock when there are no medium bfregs
* verbs: Fix wrong clean up flow in ibv_rc_pingpong
* Match kernel ABI to for 4.17 for 32 bit
* librdmacm: Set errno correctly if status is positive
* verbs: Remove bogus cq_fd
* verbs: Fix typo in copying IBV_FLOW_SPEC_UDP/TCP 'val'

==== spec-cleaner ====
Version update (1.0.9 -> 1.1.0)

- Version update to 1.1.0 bsc#1099674:
* Fix issue with previous release not finding datadirs

==== sqlite3 ====
Subpackages: libsqlite3-0 libsqlite3-0-32bit

- Run tests during build

==== srt ====

- Add baselibs.conf: build 32bit support libs.
- Update Summary and Descriptions fields.

==== sssd ====
Version update (1.16.1 -> 1.16.2)
Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0
libsss_simpleifp0 sssd-32bit sssd-krb5-common sssd-ldap

- Fixed patch name.
- Introduce patches:
* Create sockets with right permissions:
0001-SUDO-Create-the-socket-with-stricter-permissions.patch
(bsc#1098377, CVE-2018-10852)
* Fix for sssd upstream integration tests
0002-intg-Do-not-hardcode-nsslibdir.patch
(bsc#1098163)
- Update to new minor upstream release 1.16.2
New Features:
* The smart card authentication, or in more general certificate
authentication code now supports OpenSSL in addition to previously
supported NSS (#3489). In addition, the SSH responder can now
return public SSH keys derived from the public keys stored in a
X.509 certificate. Please refer to the ssh_use_certificate_keys
option in the man pages.
* The files provider now supports mirroring multiple passwd or
group files. This enhancement can be used to use the SSSD files
provider instead of the nss_altfiles module
Bugfixes:
* A memory handling issue in the nss_ex interface was fixed. This
bug would manifest in IPA environments with a trusted AD domain
as a crash of the ns-slapd process, because a ns-slapd plugin
loads the nss_ex interface (#3715)
* Several fixes for the KCM deamon were merged (see #3687, #3671, #3633)
* The ad_site override is now honored in GPO code as well (#3646)
* Several potential crashes in the NSS responder?s netgroup code
were fixed (#3679, #3731)
* A potential crash in the autofs responder?s code was fixed (#3752)
* The LDAP provider now supports group renaming (#2653)
* The GPO access control code no longer returns an error if one
of the relevant GPO rules contained no SIDs at all (#3680)
* A memory leak in the IPA provider related to resolving external
AD groups was fixed (#3719)
* Setups that used multiple domains where one of the domains had
its ID space limited using the min_id/max_id options did not
resolve requests by ID properly (#3728)
* Overriding IDs or names did not work correctly when the domain
resolution order was set as well (#3595)
* A version mismatch between certain newer Samba versions (e.g.
those shipped in RHEL-7.5) and the Winbind interface provided
by SSSD was fixed. To further prevent issues like this in the
future, the correct interface is now detected at build time (#3741)
* The files provider no longer returns a qualified name in case
domain resolution order is used (#3743)
* A race condition between evaluating IPA group memberships and
AD group memberships in setups with IPA-AD trusts that would
have manifested as randomly losing IPA group memberships assigned
to an AD user was fixed (#3744)
* Setting an SELinux login label was broken in setups where the
domain resolution order was used (#3740)
* SSSD start up issue on systems that use the libldb library
with version 1.4.0 or newer was fixed.
Introduce a patch:
* Fix build of sssd of 1.16.2 version:
0003-Fix-build-for-1-16-2-version.patch
(back then called fix-build.patch)

==== xen ====
Version update (4.10.1_02 -> 4.10.1_08)
Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU

- Upstream patches from Jan (bsc#1027519)
5b02c786-x86-AMD-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-1.patch)
5b02c786-x86-Intel-mitigations-for-GPZ-SP4.patch (Replaces Spectre-v4-2.patch)
5b02c786-x86-msr-virtualise-SPEC_CTRL-SSBD.patch (Replaces Spectre-v4-3.patch)
5b0bc9da-x86-XPTI-fix-S3-resume.patch
5b0d2286-libxc-x86-PV-dont-hand-through-CPUID-leaf-0x80000008.patch
5b0d2d91-x86-suppress-sync-when-XPTI-off.patch
5b0d2dbc-x86-correct-default_xen_spec_ctrl.patch
5b0d2ddc-x86-CPUID-dont-override-tool-stack-hidden-STIBP.patch
5b150ef9-x86-fix-error-handling-of-pv-dr7-shadow.patch
5b21825d-1-x86-support-fully-eager-FPU-context-switching.patch (Replaces
xsa267-1.patch)
5b21825d-2-x86-spec-ctrl-mitigations-for-LazyFPU.patch (Replaces
xsa267-2.patch)
5b238b92-x86-HVM-account-for-fully-eager-FPU.patch
5b2b7172-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b31e004-x86-HVM-emul-attempts-FPU-set-fpu_initialised.patch
5b323e3c-x86-EFI-fix-FPU-state-handling-around-runtime-calls.patch
5b34882d-x86-mm-dont-bypass-preemption-checks.patch (Replaces xsa264.patch)
5b348874-x86-refine-checks-in-DB-handler.patch (Replaces xsa265.patch)
5b348897-libxl-qemu_disk_scsi_drive_string-break-out-common.patch (Replaces
xsa266-1-<>.patch)
5b3488a2-libxl-restore-passing-ro-to-qemu-for-SCSI-disks.patch (Replaces
xsa266-2-<>.patch)
5b34891a-x86-HVM-dont-cause-NM-to-be-raised.patch
5b348954-x86-guard-against-NM.patch
- Fix more build gcc8 related failures with xen.fuzz-_FORTIFY_SOURCE.patch
- bsc#1098403 - fix regression introduced by changes for bsc#1079730
a PV domU without qcow2 and/or vfb has no qemu attached.
Ignore QMP errors for PV domUs to handle PV domUs with and without
an attached qemu-xen.
xen.bug1079730.patch
- bsc#1097521 - VUL-0: CVE-2018-12891: xen: preemption checks
bypassed in x86 PV MM handling (XSA-264)
xsa264.patch
- bsc#1097522 - VUL-0: CVE-2018-12893: xen: x86: #DB exception
safety check can be triggered by a guest (XSA-265)
xsa265.patch
- bsc#1097523 - VUL-0: CVE-2018-12892: xen: libxl fails to honour
readonly flag on HVM emulated SCSI disks (XSA-266)
xsa266-1-libxl-qemu_disk_scsi_drive_string-Break-out-common-p.patch
xsa266-2-libxl-restore-passing-readonly-to-qemu-for-SCSI-disk.patch
- bsc#1095242 - VUL-0: CVE-2018-3665: xen: Lazy FP Save/Restore
(XSA-267)
xsa267-1.patch
xsa267-2.patch


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages