Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20180704
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
Packages changed:
ImageMagick (7.0.7.34 -> 7.0.8.3)
MozillaFirefox (60.0.1 -> 61.0)
SDL2
bind
boost-base
dhcp
gpsd
gsl (2.4 -> 2.5)
hwinfo (21.55 -> 21.56)
libXaw3d (1.6.2 -> 1.6.3)
libbsd (0.8.7 -> 0.9.1)
libreoffice (6.0.4.2 -> 6.1.0.0.beta2)
libyui-qt-pkg (2.45.16 -> 2.45.18)
mozilla-nss (3.36.4 -> 3.37.3)
mozjs52
netpbm (10.80.1 -> 10.82.2)
patterns-gnome
pciutils-ids (20180306 -> 20180625)
perl-File-ShareDir (1.108 -> 1.112)
php7 (7.2.6 -> 7.2.7)
plasma-nm5
python-pycryptodome (3.6.1 -> 3.6.3)
python-requests (2.18.4 -> 2.19.1)
qpdf (8.0.2 -> 8.1.0)
sddm
spice-gtk (0.34 -> 0.35)
suitesparse
unzip
vim (8.1.0042 -> 8.1.0115)
virtualbox (5.2.12_k4.17.3_1 -> 5.2.14_k4.17.3_1)
vsftpd
xdg-desktop-portal (0.10 -> 0.11)
xdg-desktop-portal-gtk (0.10 -> 0.11)
xmlsec1 (1.2.25 -> 1.2.26)
yast2-mail (4.0.3 -> 4.0.4)
yast2-slp-server (4.0.0 -> 4.0.1)
zstd (1.3.4 -> 1.3.5)
=== Details ===
==== ImageMagick ====
Version update (7.0.7.34 -> 7.0.8.3)
Subpackages: ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick
- use "BuildRequires: p7zip-full" for TW as 7za binary needed by
ImageMagick was moved to this package (see bsc#899627 for more
details about this change)
- update to 7.0.8-3:
* Apply translate component of SVG transform rotate.
* More robust SVG text handling.
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Fixed an issue with stroke and label
- update to 7.0.8-0:
* Fixed numerous use of uninitialized values, integer overflow, memory
exceeded, and timeouts (credit to OSS Fuzz).
* Heap buffer overflow fix (reference
https://github.com/ImageMagick/ImageMagick/issues/1156).
* Boundary issues with -gamma option when HDRI is enabled (reference
https://github.com/ImageMagick/ImageMagick/issues/1151).
* Properly initialize SVG color style.
* A SVG rectangle with a width and height of 1 is a point.
* Fixed memory corruption for MVG paths.
- consider test to be completely broken on i586, removing:
- ImageMagick-relax-filter.t.patch
- ImageMagick-tests.tap-attributes.patch
==== MozillaFirefox ====
Version update (60.0.1 -> 61.0)
Subpackages: MozillaFirefox-translations-common
- update to Firefox 61.0
* Performance enhancements
* Various improvements for dark theme support will provide a more
consistent experience across the entire Firefox UI
* OpenSearch plugins offered by web pages can now be added from the
page action menu for easier installation
* Improved support for allowing WebExtensions to manage and hide tabs
MFSA 2018-15 (bsc#1098998)
* CVE-2018-12359 (bmo#1459162)
Buffer overflow using computed size of canvas element
* CVE-2018-12360 (bmo#1459693)
Use-after-free when using focus()
* CVE-2018-12361 (bmo#1463244)
Integer overflow in SwizzleData
* CVE-2018-12358 (bmo#1467852)
Same-origin bypass using service worker and redirection
* CVE-2018-12362 (bmo#1452375)
Integer overflow in SSSE3 scaler
* CVE-2018-5156 (bmo#1453127)
Media recorder segmentation fault when track type is changed during capture
* CVE-2018-12363 (bmo#1464784)
Use-after-free when appending DOM nodes
* CVE-2018-12364 (bmo#1436241)
CSRF attacks through 307 redirects and NPAPI plugins
* CVE-2018-12365 (bmo#1459206)
Compromised IPC child process can list local filenames
* CVE-2018-12371 (bmo#1465686)
Integer overflow in Skia library during edge builder allocation
* CVE-2018-12366 (bmo#1464039)
Invalid data handling during QCMS transformations
* CVE-2018-12367 (bmo#1462891)
Timing attack mitigation of PerformanceNavigationTiming
* CVE-2018-12369 (bmo#1454909)
WebExtension security permission checks bypassed by embedded experiments
* CVE-2018-12370 (bmo#1456652)
SameSite cookie protections bypassed when exiting Reader View
* CVE-2018-5186 (bmo#1464872,bmo#1463329,bmo#1419373,bmo#1412882,
bmo#1413033,bmo#1444673,bmo#1454448,bmo#1453505,bmo#1438671)
Memory safety bugs fixed in Firefox 61
* CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938,
bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568,
bmo#1463884)
Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
* CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739,
bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576,
bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829,
bmo#1464079,bmo#1463494,bmo#1458048)
Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
- requires NSS 3.37.3
- requires python >= 3.5 to build
- removed obsolete patches
mozilla-i586-DecoderDoctorLogger.patch
mozilla-i586-domPrefs.patch
mozilla-fix-skia-aarch64.patch
mozilla-bmo1375074.patch
mozilla-enable-csd.patch
- patch for new no-return warnings (mozilla-no-return.patch)
- do not disable system installed locales (mozilla-bmo1464766.patch)
- Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass
conditional --disable-gconf to configure: no longer pull in
obsolete gconf2 for Tumbleweed.
- update to Firefox 60.0.2
* requires NSS 3.36.4
MFSA 2018-14 (bsc#1096449)
* CVE-2018-6126 (bmo#1462682)
Heap buffer overflow rasterizing paths in SVG with Skia
- Add upstream patch to fix boo#1093059 instead of '-ffixed-x28'
workaround:
* mozilla-bmo1375074.patch
==== SDL2 ====
- Add 7babfecee045.patch, fixes launching Firewatch
- SDL2-endian.patch: bring up patch from SDL1, use optimized
byteswap routines from the C library.
- build with --disable-3dnow, do not pass -m3dnow to the compiler
modern cpus do not support this instructions at all.
==== bind ====
Subpackages: bind-chrootenv bind-doc bind-utils libbind9-160 libdns169 libirs160 libisc166 libisccc160 libisccfg160 liblwres160 python3-bind
- Cleanup pre/post install: remove all old code which was needed to
update to SLES8.
==== boost-base ====
Subpackages: boost-license1_67_0 boost_1_67-jam libboost_date_time1_67_0 libboost_filesystem1_67_0 libboost_headers1_67_0-devel libboost_iostreams1_67_0 libboost_locale1_67_0 libboost_program_options1_67_0 libboost_regex1_67_0 libboost_signals1_67_0 libboost_system1_67_0 libboost_thread1_67_0
- Re-enable python2 module build by default. Still too many things
depend on it.
==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server
- Drop doc subpackage as we do not build on < SLE12 anyway so it
evaluated always as true
- Do not condition flags settings for codestreams that we are no
longer building for
- Use %license macro for license as mandated by new TW requirements
- Format with spec-cleaner (automatic, remove FIXMEs)
- Use getent to detect created user prior doing it again
- Drop ldapcasa as it evaluates as false on all current products
- Drop ldap conditional as it is always true
- Kill omc configs wrt fate#301838
==== gpsd ====
- Fix requires for gpsd-clients
- Cleanup spec file a bit
- Require python3 versions for packages importing python modules, all
scripts use python3 as interpreter.
==== gsl ====
Version update (2.4 -> 2.5)
Subpackages: libgsl23 libgslcblas0
- updated license tags in spec file
- gsl 2.5:
* doc bug fix in binomial distribution figure
* added Wishart distribution
* added new module for digital filtering (gsl_filter); current
filters include:
Gaussian filter
median filter
recursive median filter
impulse detection filter
* added new module for moving window statistics (gsl_movstat)
* added statistics functions:
gsl_stats_median()
gsl_stats_select()
gsl_stats_mad()
gsl_stats_mad0()
gsl_stats_Sn_from_sorted_data()
gsl_stats_Qn_from_sorted_data()
gsl_stats_gastwirth_from_sorted_data()
gsl_stats_trmean_from_sorted_data()
* added Romberg integration (gsl_integration_romberg)
* bug fix in deprecated functions gsl_multifit_wlinear_svd and
gsl_multifit_wlinear_usvd (reported by Vlad Koli)
* documention corrected to state that gsl_sf_legendre functions
do not include Condon-Shortley phase by default
* bug fix in exponential fitting example when using larger number
of points
* changed internal workspace inside gsl_spmatrix to a union to
avoid casting
* bug fixes in ode-initval2 for very rare solver crashing cases
* add histogram2d figure to manual
* bug fix in gsl_spmatrix_add for duplicate input arguments
* add support for negative arguments nu in gsl_sf_bessel_Jnu and
gsl_sf_bessel_Ynu (Konrad Griessinger)
* better texinfo documentation for gsl_sf_hyperg functions
* fix vector and matrix fread/fwrite testing on windows systems
when tmpfile() fails
- drop rstat_test.patch, is upstream
==== hwinfo ====
Version update (21.55 -> 21.56)
- merge gh#openSUSE/hwinfo#66
- Add support for RISC-V
- 21.56
==== libXaw3d ====
Version update (1.6.2 -> 1.6.3)
- Update to new upstream release 1.6.3
* Avoid using dead pointer in _XawTextSetSelection
* Fix copied from 2D libXaw commit 11c3a104141e1a4946ad949dfb5514df0b66a031
* autogen: add default patch prefix
* autogen.sh: use quoted string variables
* Place quotes around the $srcdir, $ORIGDIR and $0 variables to prevent
fall-outs, when they contain space.
* autogen.sh: use exec instead of waiting for configure to finish
* Syncs the invocation of configure with the one from the server.
* darwin: Remove incorrect export of vendorShellClassRec and vendorShellWidgetClass
* Get rid of some extraneous ; at the end of C source lines
* Use SEEK_* names instead of raw numbers for fseek whence argument
* Just use C89 size_t instead of rolling our own Size_t & Off_t
* Fix abs() usage.
* For long arguments, use labs().
* autogen.sh: Honor NOCONFIGURE=1
* configure: Drop AM_MAINTAINER_MODE
* Remove support for pre-C89 headers (unifdef -UX_NOT_STDC_ENV)
* Replace TXT16 with XChar2b inline
* No longer need #define to substitute it now that we no longer set
it to a different type on CRAY systems.
* Remove CRAY/WORD64 support (unifdef -UCRAY -UWORD64)
* Fix --disable-feature options in configure
* Make --disable-feature options passed to configure not enable
the feature but keep it disabled instead.
- Port our patches to new version
==== libbsd ====
Version update (0.8.7 -> 0.9.1)
- Update to version 0.9.1:
* Add __arraycount() macro.
* Add flopenat() function.
* Add strtoi() and strtou() functions.
* Add several new vis and unvis functions.
* Add pidfile_fileno() function, and struct pidfh is now opaque.
* The humanize_number() now understands HN_IEC_PREFIXES.
* The fmtcheck() function supports all standard printf(3)
conversions.
* The getentropy(), and thus arc4random() functions will not
block anymore on Linux on boot when there's not enough entropy
available.
* The arc4random() function handles direct clone() calls better.
==== libreoffice ====
Version update (6.0.4.2 -> 6.1.0.0.beta2)
Subpackages: libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit
- Fix ca_valencia myspell dictionary name
- Expand disk constraints to not fail on arm64
- Enable display of commands in build logs
- Diable header-only Boost:System usage on older Leap
- old-boost.patch: Fix building with older Boost version
- Bumb disk space constraints. We need more than 32GB.
- Add more translations:
* Belarusian
* Bodo
* Dogri
* Frisian
* Gaelic
* Paraguayan_Guaran�
* Upper_Sorbian
* Konkani
* Kashmiri
* Luxembourgish
* Monglolian
* Manipuri
* Burnese
* Occitan
* Kinyarwanda
* Santali
* Sanskrit
* Sindhi
* Sidamo
* Tatar
* Uzbek
* Upper Sorbian
* Venetian
* Amharic
* Asturian
* Tibetian
* Bosnian
* English GB
* English ZA
* Indonesian
* Icelandic
* Georgian
* Khmer
* Lao
* Macedonian
* Nepali
* Oromo
* Albanian
* Tajik
* Uyghur
* Vietnamese
* Kurdish
- The kde integration now properly installed by upstream, no need
to do it in %install phase
- Try to build all languages see bsc#1096360
- Update to 6.1.0.0.beta2:
* Various buildfixes as found by our testing
- Reenable KDE integration on 32bit
- Drop merged patch libreoffice-libxmlsec.patch
- Make sure to install the KDE5/Qt5 UI/filepicker
- Conflict with gnome subpackage on the gtk2 subpkg as it was split
of from there bsc#1096673
- Update to 6.1.0.0.beta1:
* 6.1 series first beta, many fixes and features around
* Notably kde5_gtk3 integration, on by default now
- Remove merged patches:
* 0001-Use-PYTHON_FOR_BUILD-instead-of-calling-python-direc.patch
* libreoffice-icu61.patch
* kde5-configure-checks.patch
* bnc1060128.patch
* bnc1039203.patch
* bnc1094359.patch
- Disable firebird everywhere for now as it causes issues
- Try to implement safeguarding to avoid bsc#1050305
- Disable base-drivers-mysql as it needs mysqlcppcon that is only
for mysql and not mariadb, causes issues bsc#1094779
* Users can still connect using jdbc/odbc
- Fix java detection on machines with too many cpus
* libreoffice-java-sched.patch
- Remove galaxy icon theme replaced by colibri
- Add karasa jaga icon theme
==== libyui-qt-pkg ====
Version update (2.45.16 -> 2.45.18)
- use long long instead of int for free disk space with MiB base
- 2.45.18
- Drop code related to qt solver plugin which is dead for long time
(bsc#1088759)
- 2.45.17
==== mozilla-nss ====
Version update (3.36.4 -> 3.37.3)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools
- update to NSS 3.37.3
* required by Firefox 61.0
Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
* Added HACL* Poly1305 32-bit
* The code to support the NPN protocol has been fully removed.
* NSS allows servers now to register ALPN handling callbacks to
select a protocol.
* NSS supports opening SQL databases in read-only mode.
* On Linux, some build configurations can use glibc's function
getentropy(), which uses the kernel's getrandom() function.
* The CA list was updated to version 2.24, which removed the
following CA certificates:
- CN = S-TRUST Universal Root CA
- CN = TC TrustCenter Class 3 CA II
- CN = T�RKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H5
* Fix build on armv6/armv7 and other platforms (bmo#1459739)
- Set USE_64 on riscv64
==== mozjs52 ====
- update _constraints file for ppc64/ppc64le to avoid
"Out of memory" build failure on some PowerPC workers.
==== netpbm ====
Version update (10.80.1 -> 10.82.2)
Subpackages: libnetpbm11
- security update
* CVE-2018-8975 [bsc#1086777]
+ netpbm-CVE-2018-8975.patch
- updated to 10.82.2
* Pngtopam: Fix bogus warning of non-square pixels when image does
not contain pixel resolution information. Introduced in Netpbm
10.48 (September 2009)
* ilbmtoppm: Fix bug: may fail with bogus error message about an
invalid CLUT chunk if image has a CLUT chunk. Introduced after
Netpbm 10.26 (January 2005) and at or before Netpbm 10.35
(August 2006).
* pbmtext: Add -wchar.
* pbmtext: Add -text-dump option.
* ppmhist: Add color summary to top of output, (except with
- noheader).
* pnmremap: Add -randomseed.
* pnmquant: Add -norandom, -randomseed.
* pamtogif: Add -noclear option.
* giftopnm: Check "data width" value from GIF image properly:
can't be bigger than 11, because the minimum code size is one
more than the data width and the maximum code size is 12. (Note
that GIF spec prohibits anything more than 8).
* pnmpsnr: Add -targetX options.
* ppmrainbow: Add "ppmrainbow: " to error messages, like other
programs.
* ppmrainbow: improve error message.
* g3topbm: Fix bug - produces invalid empty PBM image if input
image is empty.
* ppmpat: Fix bug - crash or junk output with -camo or -anticamo
and no -color. Introduced in Netpbm 10.78 (March 2017).
* mrftopbm: Fix bug - wrong error messages or output when input
invalidly short. Always broken (mrftopbm was new in Netpbm
10.18 (September 2003).
* sldtoppm: -lib and -dir don't work - always says slide not
found. Broken in Netpbm 10.63 (June 2013).
* sldtoppm: fix bug: says AutoCAD slide file isn't an AutoCAD
slide file. Broken after Netpbm 10.26 (January 2005), but no
later than 10.35 (August 2006).
* sldtoppm: fix bug: wild memory accesses, weird messages when
invalid input file has unterminated strings.
- refreshed netpbm-security-code.patch
- fixed prepare-src-tarball update script
==== patterns-gnome ====
Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_ide patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome
- Drop all traces of gconf:
+ Drop gconf-editor Suggests and Recommends.
+ Drop gconf2-branding-openSUSE Recommends.
+ Replace pulseaudio-module-gconf with
pulseaudio-module-gsettings.
==== pciutils-ids ====
Version update (20180306 -> 20180625)
- Update to 20180625
==== perl-File-ShareDir ====
Version update (1.108 -> 1.112)
- updated to 1.112
see /usr/share/doc/packages/perl-File-ShareDir/Changes
1.112 2018-06-18
- Fix tests that fail when running as root (RT#125602,
thanks Wesley Schwengle