Mailinglist Archive: opensuse-factory (138 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20180704 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180704

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
ImageMagick (7.0.7.34 -> 7.0.8.3)
MozillaFirefox (60.0.1 -> 61.0)
SDL2
bind
boost-base
dhcp
gpsd
gsl (2.4 -> 2.5)
hwinfo (21.55 -> 21.56)
libXaw3d (1.6.2 -> 1.6.3)
libbsd (0.8.7 -> 0.9.1)
libreoffice (6.0.4.2 -> 6.1.0.0.beta2)
libyui-qt-pkg (2.45.16 -> 2.45.18)
mozilla-nss (3.36.4 -> 3.37.3)
mozjs52
netpbm (10.80.1 -> 10.82.2)
patterns-gnome
pciutils-ids (20180306 -> 20180625)
perl-File-ShareDir (1.108 -> 1.112)
php7 (7.2.6 -> 7.2.7)
plasma-nm5
python-pycryptodome (3.6.1 -> 3.6.3)
python-requests (2.18.4 -> 2.19.1)
qpdf (8.0.2 -> 8.1.0)
sddm
spice-gtk (0.34 -> 0.35)
suitesparse
unzip
vim (8.1.0042 -> 8.1.0115)
virtualbox (5.2.12_k4.17.3_1 -> 5.2.14_k4.17.3_1)
vsftpd
xdg-desktop-portal (0.10 -> 0.11)
xdg-desktop-portal-gtk (0.10 -> 0.11)
xmlsec1 (1.2.25 -> 1.2.26)
yast2-mail (4.0.3 -> 4.0.4)
yast2-slp-server (4.0.0 -> 4.0.1)
zstd (1.3.4 -> 1.3.5)

=== Details ===

==== ImageMagick ====
Version update (7.0.7.34 -> 7.0.8.3)
Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6
libMagickWand-7_Q16HDRI6 perl-PerlMagick

- use "BuildRequires: p7zip-full" for TW as 7za binary needed by
ImageMagick was moved to this package (see bsc#899627 for more
details about this change)
- update to 7.0.8-3:
* Apply translate component of SVG transform rotate.
* More robust SVG text handling.
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Fixed an issue with stroke and label
- update to 7.0.8-0:
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Heap buffer overflow fix (reference
https://github.com/ImageMagick/ImageMagick/issues/1156).
* Boundary issues with -gamma option when HDRI is enabled (reference
https://github.com/ImageMagick/ImageMagick/issues/1151).
* Properly initialize SVG color style.
* A SVG rectangle with a width and height of 1 is a point.
* Fixed memory corruption for MVG paths.
- consider test to be completely broken on i586, removing:
- ImageMagick-relax-filter.t.patch
- ImageMagick-tests.tap-attributes.patch

==== MozillaFirefox ====
Version update (60.0.1 -> 61.0)
Subpackages: MozillaFirefox-translations-common

- update to Firefox 61.0
* Performance enhancements
* Various improvements for dark theme support will provide a more
consistent experience across the entire Firefox UI
* OpenSearch plugins offered by web pages can now be added from the
page action menu for easier installation
* Improved support for allowing WebExtensions to manage and hide tabs
MFSA 2018-15 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()
* CVE-2018-12361 (bmo#1463244)
Integer overflow in SwizzleData
* CVE-2018-12358 (bmo#1467852)
Same-origin bypass using service worker and redirection
* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames
* CVE-2018-12371 (bmo#1465686)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations
* CVE-2018-12367 (bmo#1462891)
Timing attack mitigation of PerformanceNavigationTiming
* CVE-2018-12369 (bmo#1454909)
WebExtension security permission checks bypassed by embedded experiments
* CVE-2018-12370 (bmo#1456652)
SameSite cookie protections bypassed when exiting Reader View
* CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
Memory safety bugs fixed in Firefox 61
* CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
bmo#1463884)
Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR
52.9
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
mozilla-i586-DecoderDoctorLogger.patch
mozilla-i586-domPrefs.patch
mozilla-fix-skia-aarch64.patch
mozilla-bmo1375074.patch
mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
conditional --disable-gconf to configure: no longer pull in
obsolete gconf2 for Tumbleweed.
- update to Firefox 60.0.2
* requires NSS 3.36.4
MFSA 2018-14 (bsc#1096449)
* CVE-2018-6126 (bmo#1462682)
Heap buffer overflow rasterizing paths in SVG with Skia
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
workaround:
* mozilla-bmo1375074.patch

==== SDL2 ====

- Add 7babfecee045.patch, fixes launching Firewatch
- SDL2-endian.patch: bring up patch from SDL1, use optimized
byteswap routines from the C library.
- build with --disable-3dnow, do not pass -m3dnow to the compiler
modern cpus do not support this instructions at all.

==== bind ====
Subpackages: bind-chrootenv bind-doc bind-utils libbind9-160 libdns169
libirs160 libisc166 libisccc160 libisccfg160 liblwres160 python3-bind

- Cleanup pre/post install: remove all old code which was needed to
update to SLES8.

==== boost-base ====
Subpackages: boost-license1_67_0 boost_1_67-jam libboost_date_time1_67_0
libboost_filesystem1_67_0 libboost_headers1_67_0-devel libboost_iostreams1_67_0
libboost_locale1_67_0 libboost_program_options1_67_0 libboost_regex1_67_0
libboost_signals1_67_0 libboost_system1_67_0 libboost_thread1_67_0

- Re-enable python2 module build by default. Still too many things
depend on it.

==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server

- Drop doc subpackage as we do not build on < SLE12 anyway so it
evaluated always as true
- Do not condition flags settings for codestreams that we are no
longer building for
- Use %license macro for license as mandated by new TW requirements
- Format with spec-cleaner (automatic, remove FIXMEs)
- Use getent to detect created user prior doing it again
- Drop ldapcasa as it evaluates as false on all current products
- Drop ldap conditional as it is always true
- Kill omc configs wrt fate#301838

==== gpsd ====

- Fix requires for gpsd-clients
- Cleanup spec file a bit
- Require python3 versions for packages importing python modules, all
scripts use python3 as interpreter.

==== gsl ====
Version update (2.4 -> 2.5)
Subpackages: libgsl23 libgslcblas0

- updated license tags in spec file
- gsl 2.5:
* doc bug fix in binomial distribution figure
* added Wishart distribution
* added new module for digital filtering (gsl_filter); current
filters include:
Gaussian filter
median filter
recursive median filter
impulse detection filter
* added new module for moving window statistics (gsl_movstat)
* added statistics functions:
gsl_stats_median()
gsl_stats_select()
gsl_stats_mad()
gsl_stats_mad0()
gsl_stats_Sn_from_sorted_data()
gsl_stats_Qn_from_sorted_data()
gsl_stats_gastwirth_from_sorted_data()
gsl_stats_trmean_from_sorted_data()
* added Romberg integration (gsl_integration_romberg)
* bug fix in deprecated functions gsl_multifit_wlinear_svd and
gsl_multifit_wlinear_usvd (reported by Vlad Koli)
* documention corrected to state that gsl_sf_legendre functions
do not include Condon-Shortley phase by default
* bug fix in exponential fitting example when using larger number
of points
* changed internal workspace inside gsl_spmatrix to a union to
avoid casting
* bug fixes in ode-initval2 for very rare solver crashing cases
* add histogram2d figure to manual
* bug fix in gsl_spmatrix_add for duplicate input arguments
* add support for negative arguments nu in gsl_sf_bessel_Jnu and
gsl_sf_bessel_Ynu (Konrad Griessinger)
* better texinfo documentation for gsl_sf_hyperg functions
* fix vector and matrix fread/fwrite testing on windows systems
when tmpfile() fails
- drop rstat_test.patch, is upstream

==== hwinfo ====
Version update (21.55 -> 21.56)

- merge gh#openSUSE/hwinfo#66
- Add support for RISC-V
- 21.56

==== libXaw3d ====
Version update (1.6.2 -> 1.6.3)

- Update to new upstream release 1.6.3
* Avoid using dead pointer in _XawTextSetSelection
* Fix copied from 2D libXaw commit 11c3a104141e1a4946ad949dfb5514df0b66a031
* autogen: add default patch prefix
* autogen.sh: use quoted string variables
* Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
* autogen.sh: use exec instead of waiting for configure to finish
* Syncs the invocation of configure with the one from the server.
* darwin: Remove incorrect export of vendorShellClassRec and
vendorShellWidgetClass
* Get rid of some extraneous ; at the end of C source lines
* Use SEEK_* names instead of raw numbers for fseek whence argument
* Just use C89 size_t instead of rolling our own Size_t & Off_t
* Fix abs() usage.
* For long arguments, use labs().
* autogen.sh: Honor NOCONFIGURE=1
* configure: Drop AM_MAINTAINER_MODE
* Remove support for pre-C89 headers (unifdef -UX_NOT_STDC_ENV)
* Replace TXT16 with XChar2b inline
* No longer need #define to substitute it now that we no longer set
it to a different type on CRAY systems.
* Remove CRAY/WORD64 support (unifdef -UCRAY -UWORD64)
* Fix --disable-feature options in configure
* Make --disable-feature options passed to configure not enable
the feature but keep it disabled instead.
- Port our patches to new version

==== libbsd ====
Version update (0.8.7 -> 0.9.1)

- Update to version 0.9.1:
* Add __arraycount() macro.
* Add flopenat() function.
* Add strtoi() and strtou() functions.
* Add several new vis and unvis functions.
* Add pidfile_fileno() function, and struct pidfh is now opaque.
* The humanize_number() now understands HN_IEC_PREFIXES.
* The fmtcheck() function supports all standard printf(3)
conversions.
* The getentropy(), and thus arc4random() functions will not
block anymore on Linux on boot when there's not enough entropy
available.
* The arc4random() function handles direct clone() calls better.

==== libreoffice ====
Version update (6.0.4.2 -> 6.1.0.0.beta2)
Subpackages: libreoffice-branding-upstream libreoffice-calc libreoffice-draw
libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3
libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs
libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en
libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it
libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR
libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW
libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer
libreofficekit

- Fix ca_valencia myspell dictionary name
- Expand disk constraints to not fail on arm64
- Enable display of commands in build logs
- Diable header-only Boost:System usage on older Leap
- old-boost.patch: Fix building with older Boost version
- Bumb disk space constraints. We need more than 32GB.
- Add more translations:
* Belarusian
* Bodo
* Dogri
* Frisian
* Gaelic
* Paraguayan_Guaraní
* Upper_Sorbian
* Konkani
* Kashmiri
* Luxembourgish
* Monglolian
* Manipuri
* Burnese
* Occitan
* Kinyarwanda
* Santali
* Sanskrit
* Sindhi
* Sidamo
* Tatar
* Uzbek
* Upper Sorbian
* Venetian
* Amharic
* Asturian
* Tibetian
* Bosnian
* English GB
* English ZA
* Indonesian
* Icelandic
* Georgian
* Khmer
* Lao
* Macedonian
* Nepali
* Oromo
* Albanian
* Tajik
* Uyghur
* Vietnamese
* Kurdish
- The kde integration now properly installed by upstream, no need
to do it in %install phase
- Try to build all languages see bsc#1096360
- Update to 6.1.0.0.beta2:
* Various buildfixes as found by our testing
- Reenable KDE integration on 32bit
- Drop merged patch libreoffice-libxmlsec.patch
- Make sure to install the KDE5/Qt5 UI/filepicker
- Conflict with gnome subpackage on the gtk2 subpkg as it was split
of from there bsc#1096673
- Update to 6.1.0.0.beta1:
* 6.1 series first beta, many fixes and features around
* Notably kde5_gtk3 integration, on by default now
- Remove merged patches:
* 0001-Use-PYTHON_FOR_BUILD-instead-of-calling-python-direc.patch
* libreoffice-icu61.patch
* kde5-configure-checks.patch
* bnc1060128.patch
* bnc1039203.patch
* bnc1094359.patch
- Disable firebird everywhere for now as it causes issues
- Try to implement safeguarding to avoid bsc#1050305
- Disable base-drivers-mysql as it needs mysqlcppcon that is only
for mysql and not mariadb, causes issues bsc#1094779
* Users can still connect using jdbc/odbc
- Fix java detection on machines with too many cpus
* libreoffice-java-sched.patch
- Remove galaxy icon theme replaced by colibri
- Add karasa jaga icon theme

==== libyui-qt-pkg ====
Version update (2.45.16 -> 2.45.18)

- use long long instead of int for free disk space with MiB base
- 2.45.18
- Drop code related to qt solver plugin which is dead for long time
(bsc#1088759)
- 2.45.17

==== mozilla-nss ====
Version update (3.36.4 -> 3.37.3)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools

- update to NSS 3.37.3
* required by Firefox 61.0
Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
following CA certificates:
- CN = S-TRUST Universal Root CA
- CN = TC TrustCenter Class 3 CA II
- CN = T√úRKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
* Fix build on armv6/armv7 and other platforms (bmo#1459739)
- Set USE_64 on riscv64

==== mozjs52 ====

- update _constraints file for ppc64/ppc64le to avoid
"Out of memory" build failure on some PowerPC workers.

==== netpbm ====
Version update (10.80.1 -> 10.82.2)
Subpackages: libnetpbm11

- security update
* CVE-2018-8975 [bsc#1086777]
+ netpbm-CVE-2018-8975.patch
- updated to 10.82.2
* Pngtopam: Fix bogus warning of non-square pixels when image does
not contain pixel resolution information. Introduced in Netpbm
10.48 (September 2009)
* ilbmtoppm: Fix bug: may fail with bogus error message about an
invalid CLUT chunk if image has a CLUT chunk. Introduced after
Netpbm 10.26 (January 2005) and at or before Netpbm 10.35
(August 2006).
* pbmtext: Add -wchar.
* pbmtext: Add -text-dump option.
* ppmhist: Add color summary to top of output, (except with
- noheader).
* pnmremap: Add -randomseed.
* pnmquant: Add -norandom, -randomseed.
* pamtogif: Add -noclear option.
* giftopnm: Check "data width" value from GIF image properly:
can't be bigger than 11, because the minimum code size is one
more than the data width and the maximum code size is 12. (Note
that GIF spec prohibits anything more than 8).
* pnmpsnr: Add -targetX options.
* ppmrainbow: Add "ppmrainbow: " to error messages, like other
programs.
* ppmrainbow: improve error message.
* g3topbm: Fix bug - produces invalid empty PBM image if input
image is empty.
* ppmpat: Fix bug - crash or junk output with -camo or -anticamo
and no -color. Introduced in Netpbm 10.78 (March 2017).
* mrftopbm: Fix bug - wrong error messages or output when input
invalidly short. Always broken (mrftopbm was new in Netpbm
10.18 (September 2003).
* sldtoppm: -lib and -dir don't work - always says slide not
found. Broken in Netpbm 10.63 (June 2013).
* sldtoppm: fix bug: says AutoCAD slide file isn't an AutoCAD
slide file. Broken after Netpbm 10.26 (January 2005), but no
later than 10.35 (August 2006).
* sldtoppm: fix bug: wild memory accesses, weird messages when
invalid input file has unterminated strings.
- refreshed netpbm-security-code.patch
- fixed prepare-src-tarball update script

==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basis
patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games
patterns-gnome-gnome_ide patterns-gnome-gnome_imaging
patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia
patterns-gnome-gnome_office patterns-gnome-gnome_utilities
patterns-gnome-gnome_x11 patterns-gnome-gnome_yast
patterns-gnome-sw_management_gnome

- Drop all traces of gconf:
+ Drop gconf-editor Suggests and Recommends.
+ Drop gconf2-branding-openSUSE Recommends.
+ Replace pulseaudio-module-gconf with
pulseaudio-module-gsettings.

==== pciutils-ids ====
Version update (20180306 -> 20180625)

- Update to 20180625

==== perl-File-ShareDir ====
Version update (1.108 -> 1.112)

- updated to 1.112
see /usr/share/doc/packages/perl-File-ShareDir/Changes
1.112 2018-06-18
- Fix tests that fail when running as root (RT#125602,
thanks Wesley Schwengle <wesley@xxxxxxxxxxxxx>)
- Fix tests fail on MSWin32 for similar reason as the
root failures from RT#125602
- clarify support rules
- improve POD
1.110 2018-06-16
- remove unused/incomplete _dist_packfile
- increase test coverage
- refactor _search_inc_path
- add badges to POD

==== php7 ====
Version update (7.2.6 -> 7.2.7)
Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype
php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd
php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql
php7-odbc php7-openssl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql
php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm
php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl
php7-zip php7-zlib

- updated to 7.2.7: A Bugfix release which includes a segfault fix
for opcache.
http://php.net/ChangeLog-7.php#7.2.7
- actually build against system gd for 42.3, made a bold comment
[bsc#1074025c#5]

==== plasma-nm5 ====
Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn
plasma-nm5-pptp plasma-nm5-vpnc

- Add conditional for NetworkManager-openswan Requires: No longer
available in Tumbleweed and newer.

==== python-pycryptodome ====
Version update (3.6.1 -> 3.6.3)

- Update to 3.6.3 (21 June 2018)
- Resolved issues
* GH#175: Fixed incorrect results for CTR encryption/decryption
with more than 8 blocks.
- Update to 3.6.2 (19 June 2018)
- New features
* ChaCha20 accepts 96 bit nonces (in addition to 64 bit nonces)
as defined in RFC7539.
* Accelerate AES-GCM on x86 using PCLMULQDQ instruction.
* Accelerate AES-ECB and AES-CTR on x86 by pipelining AESNI
instructions.
* As result of the two improvements above, on x86 (Broadwell):
- AES-ECB and AES-CTR are 3x faster
- AES-GCM is 9x faster
- Resolved issues
* On Windows, MPIR library was stilled pulled in if renamed to
``gmp.dll``.
- Breaks in compatibility
* In ``Crypto.Util.number``, functions ``floor_div`` and
``exact_div`` have been removed. Also, ``ceil_div`` is limited
to non-negative terms only.
- suggesting libgmp10 and python-cffi
- add license file tag

==== python-requests ====
Version update (2.18.4 -> 2.19.1)

- update to version 2.19.1:
* Fixed issue where status_codes.py?s init function failed trying
to append to a __doc__ value of None.
- update to version 2.19.0:
* Improvements
+ Warn about possible slowdown with cryptography version < 1.3.4
+ Check host in proxy URL, before forwarding request to adapter.
+ Maintain fragments properly across redirects. (RFC7231 7.1.2)
+ Removed use of cgi module to expedite library load time.
+ Added support for SHA-256 and SHA-512 digest auth algorithms.
+ Minor performance improvement to Request.content.
+ Migrate to using collections.abc for 3.7 compatibility.
* Bugfixes
+ Parsing empty Link headers with parse_header_links() no longer
return one bogus entry.
+ Fixed issue where loading the default certificate bundle from
a zip archive would raise an IOError.
+ Fixed issue with unexpected ImportError on windows system
which do not support winreg module.
+ DNS resolution in proxy bypass no longer includes the username
and password in the request. This also fixes the issue of DNS
queries failing on macOS.
+ Properly normalize adapter prefixes for url comparison.
+ Passing None as a file pointer to the files param no longer
raises an exception.
+ Calling copy on a RequestsCookieJar will now preserve the
cookie policy correctly.
* We now support idna v2.7 and urllib3 v1.23.
- Properly set idna/urllib3 dependency versions, runtime and buildtime
- Spec cleanup, remove conditionals for ancient distro versions
- Remove duplicates with fdupes

==== qpdf ====
Version update (8.0.2 -> 8.1.0)

- Update to version 8.1.0
Usability improvements:
* When splitting files, qpdf detects fonts and images that the
document metadata claims are referenced from a page but are
not actually referenced and omits them from the output file.
* When merging multiple PDF files, qpdf no longer leaves all
the files open.
* The --rotate option's syntax has been extended to make the
page range optional. If you specify --rotate=angle without
specifying a page range, the rotation will be applied to
all pages.
* When merging multiple files, the --verbose option now prints
information about each file as it operates on that file.
* When the --progress option is specified, qpdf will print a
running indicator of its best guess at how far through the
writing process it is.
Bug fixes:
* Properly decrypt files that use revision 3 of the standard
security handler but use 40 bit keys
(even though revision 3 supports 128-bit keys).
* Limit depth of nested data structures to prevent crashes
from certain types of malformed (malicious) PDFs.
* In ?newline before endstream? mode, insert the required
extra newline before the endstream at the end of object streams.
Please see included ChangeLog for complete changelog including
API changes.

==== sddm ====
Subpackages: sddm-branding-openSUSE

- Backport fix for pam_group from develop branch:
* 0007-Honor-PAMs-ambient-supplemental-groups.patch

==== spice-gtk ====
Version update (0.34 -> 0.35)
Subpackages: libspice-client-glib-2_0-8 libspice-client-glib-helper
libspice-client-gtk-3_0-5 typelib-1_0-SpiceClientGlib-2_0
typelib-1_0-SpiceClientGtk-3_0

- Update to version 0.35:
+ New SpiceSession::disconnected signal.
+ Use GstVideoOverlay if possible to render directly on
Gstreamer's sink element.
+ Handling smooth-scroll for scroll events on touchpads in
Wayland.
+ The spice-controller library was removed.
+ Fix migration regression introduced in v0.34 (rhbz#1558043).
+ Introspection: Fixes for SpicePortChannel,
SpiceDisplayChannel, SpiceRecordChannel, SpiceInputsChannel,
SpiceMainChannel.
+ Fix width computation for palette images (rhbz#1508847).
+ Introduction of spice+tls:// URI format to tls all channels.
+ Fix keycodes on Xwayland (rhbz#1479682).
+ Memory leak fixes.
- Drop:
+ Use-scancode-instead-of-keycode-names.patch: fixed upstream.
+ libspice-controller subpackage to follow upstream changes.
+ pkgconfig(celt051) BuildRequires: it is no longer required nor
used.
- Switch python2 packages BuildRequires to python3, the new Python
version default.

==== suitesparse ====
Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2
libsuitesparseconfig5 libumfpack5

- Fix conditional to select the right gcc-c++ package, also for the
devel subpackge

==== unzip ====
Subpackages: unzip-doc

- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
unable to process Windows zip64 archives because Windows
archivers set total_disks field to 0 but per standard, valid
values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
overflow for STORED field data [bnc#914442] [CVE-2014-9636]

==== vim ====
Version update (8.1.0042 -> 8.1.0115)
Subpackages: gvim vim-data vim-data-common

- update to 8.1 revision 0115
- refresh vim-7.4-disable_lang_no.patch
* The matchparen plugin may throw an error.
* Rename new_ts to new_vts_array.
* No error when using bad arguments with searchpair()
* File name not displayed with ":file" when 'F' is in 'shortmess'.
* New po makefile missing from distribution.
* Python: getting buffer option clears message
* Build fails when HAVE_DATE_TIME is undefined.
* All tab stops are the same
* Can't build without the +eval feature.
* Build the string in init_longVersion()
* Cannot build without syntax highlighting.
* Terminal debugger: error when setting a watch point.
* exclamation mark in error message not needed
* Segfault when pattern with \z() is very slow.
* Superfluous space before exclamation mark.
* Dialog for ":browse tabnew" says "new window".
* Cannot interrupt gdb when program is running.
* Set 'nomodified' before closing the window.
* "..." used inconsistently in a message.
* error when ending the terminal debugger
* v:shell_error is always zero when using terminal for "!cmd".
* "is" and "as" have trouble with quoted punctuation.
* in terminal window, typing : at more prompt, inserts ':'
* terminal debugger doesn't adjust to changed 'background'.
* can't see the breakpoint number in the terminal debugger.
* "..." used inconsistently in messages.
* Command getting cleared with CTRL-W : in a terminal window.
* Crash when autocommands call setloclist().
* Use of 'termwinkey' is inconsistent.
* Terminal debugger only works with the terminal feature.
* Cannot handle pressing CTRL-C in a prompt buffer.
* Nasty autocommands can still cause using freed memory.
* Syntax highlighting not working when re-entering a buffer.
* balloon displayed at the wrong position
* Typing CTRL-W in a prompt buffer shows mode "-- --".
* Popup menu broken if a callback changes the window layout.
* Window title is wrong after resetting and setting 'title'.
* crash when autocommands delete the current buffer
* Displayed digraph for "ga" wrong with 'encoding' "cp1251".
* Display problem with margins and scrolling.
* Popup menu displayed wrong when using autocmd.
* Crash when using :hardcopy with illegal byte.
* first argument of 'completefunc' has inconsistent type
* When a mapping to <Nop> times out the next mapping is skipped
* $VIM_TERMINAL is also set when not in a terminal window
* shell cannot tell running in a terminal window
* vim_str2nr() does not handle numbers close to the maximum.
* no completion for :unlet $VAR
* loading a session file fails if 'winheight' is big
* ++bad argument of :edit does not work properly

==== virtualbox ====
Version update (5.2.12_k4.17.3_1 -> 5.2.14_k4.17.3_1)
Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools
virtualbox-guest-x11

- Version update to 5.2.14 (released July 02 2018 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
User interface: fixed a segmentation fault when accessing the interface
through VNC (bug #16348)
User interface: X11: handle repeating keys on the host system correctly (bug
#1296, previously fixed, 5.1.0 regression)
VMM: Fixed emulation of the undocumented SALC instruction
VMM: Fixed emulation of so-called "huge unreal mode" (bug #17744); this in
practice only affected Intel CPUs with VT-x without unrestricted execution.
Keyboard: The PS/2 keyboard emulation has been corrected to not queue partial
scan code sequences (bug #17709); this problem was likely only visible on Linux
hosts due to losing the fix for bug #1296
Storage: Fixed CUE file support to correct REM keyword parsing (bug #17783)
USB: Fixed a problem where the emulated xHCI device under very rare
circumstances failed to report an empty isochronous transfer ring error,
causing the transfers on the corresponding endpoint to stop.
Audio: fixed Linux kernel log flooding (bug #17759)
Apple hosts: make kernel driver load with Mac OS Mojave pre-release (bug
#17805).
Linux guests: made vboxvideo driver build with kernel 4.17 (bug #17801) and
with pre-3.14 and EL 7.1 kernels (bug #17771)
Removed "fixes_for_4.17.patch" - fixes merged upstream.
- Fix typo in host KMP line.
- Add file "fix_32_bit_builds.patch" to fix error in 32-bit builds.
Add file "switch_to_python3.6.patch" to convert to Python3.
Update warning regarding the security hole in USB passthrough. The text no
longer refers
to an old bugzilla entry (bsc#1097248).
Script vboxguestconfig.sh is fixed.
- Use %{?linux_make_arch} when building kernel modules (boo#1098050).

==== vsftpd ====

- Extend "vsftpd-3.0.3-address_space_limit.patch" to mention the
new 'address_space_limit' option in the installed vsftpd.conf(5)
man page. [bsc#1075060]

==== xdg-desktop-portal ====
Version update (0.10 -> 0.11)
Subpackages: xdg-desktop-portal-lang

- Update to version 0.11:
+ OpenURI:
- Fix misleading warning when accessing the permission store
- Don't skip the dialog based on content type if a threshold is
set
+ document-portal:
- Support non-O_PATH fds for adding existing files
- Only give DELETE right if you also get WRITE rights
- Make fd validation stricter wrt /proc/pid/fd symlink
- Rewrite paths in data
- Verify access right on fds
- Add some debug spew
+ XdpAppInfo: Nicer handling of kind
+ Add support for snap packages
+ XdpAppInfo: Centralize handling of xdp_app_info_new_host ()
+ Broaden what are valid app ids to allow snap.$PKGNAME
+ README: Fix docs link
+ Don't register http: uris
+ remote-desktop: Correct device type values
+ utils:
- Generalize XdpAppInfo with a tagged union
- Clarify content of app_infos hash table
- Use more constants for interactions with the dbus-daemon
- Don't leak names whose ownership changed
+ file-chooser: Handle save-file backend failure
+ screen-cast: add missing sync request
+ documents xml: Correct flag value for as-needed-by-app
+ build: Run install-test-data-hook as intended
+ Updated translations.

==== xdg-desktop-portal-gtk ====
Version update (0.10 -> 0.11)
Subpackages: xdg-desktop-portal-gtk-lang

- Update to version 0.11:
+ screenshot:
- Show dialog in the interactive case
- Handle not getting requestor info
+ Add more warnings to the parent handling code
+ README.md: Doesn't actually require Flatpak
+ Add files via upload
+ Add print preview
+ remotedesktop:
- Propagate supported device types
- Pass along axis 'finish' flags
+ configure: Add gio-unix-2.0.pc dependency
+ Add correct msgid-bugs address to Makevars file
+ Updated translations.
- Add pkgconfig(gio-unix-2.0) BuildRequires: New dependency.

==== xmlsec1 ====
Version update (1.2.25 -> 1.2.26)
Subpackages: libxmlsec1-1 libxmlsec1-nss1

- Version update to 1.2.26:
* Added xmlsec-mscng module based on Microsoft Cryptography API: Next
Generation
* Added support for GOST 2012 and fixed CryptoPro CSP provider for GOST R
34.10-2001 in xmlsec-mscrypto
* Added LibreSSL 2.7 support
* Upgraded documentation build process to support the latest gtk-doc

==== yast2-mail ====
Version update (4.0.3 -> 4.0.4)

- Added additional searchkeys to desktop file (fate#321043).
- 4.0.4

==== yast2-slp-server ====
Version update (4.0.0 -> 4.0.1)

- Added additional searchkeys to desktop file (fate#321043).
- 4.0.1

==== zstd ====
Version update (1.3.4 -> 1.3.5)

- update to 1.3.5:
* much faster dictionary compression
* small quality improvement for dictionary generation
* slightly improved performance at high compression levels
* automatic memory release for long duration contexts
* fix overlapLog can be manually set
* fix decoding invalid lz4 frames
* fix performance degradation for dictionary compression when
using advanced API
- add zstd-1.3.5-fix-list-stdin.patch to avoid test issues with
- -list when stdin is not a tty, patch from upstream
- disable failing pzstd tests


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages