Mailinglist Archive: opensuse-factory (331 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20181107 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20181107

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaThunderbird (60.2.1 -> 60.3.0)
alsa-plugins
apache2
at (3.1.20 -> 3.1.23)
babl (0.1.56 -> 0.1.58)
bash-completion
bluez-qt
cairo (1.15.14 -> 1.16.0)
ccache (3.4.2 -> 3.5)
cryptsetup (2.0.4 -> 2.0.5)
cups
curl (7.61.1 -> 7.62.0)
dmidecode
dnsmasq (2.78 -> 2.80)
dracut
emacs
ffmpegthumbs
frei0r-plugins
fribidi (1.0.1 -> 1.0.5)
gnome-photos
gnome-software (3.30.2 -> 3.30.5)
gptfdisk (1.0.1 -> 1.0.4)
graphite2 (1.3.11 -> 1.3.12)
hdparm (9.56 -> 9.57)
iproute2 (4.18 -> 4.19)
ipset (6.38 -> 7.0)
iptables (1.8.0.g85 -> 1.8.1)
java-11-openjdk
javapackages-tools (5.2.0+git20180620.70fa2258 -> 5.3.0)
jemalloc
jing-trang
kiconthemes
kscreenlocker
ktextwidgets
libburn (1.4.8 -> 1.5.0)
libinput (1.12.1 -> 1.12.2)
libisofs (1.4.8 -> 1.5.0)
libmspack (0.6 -> 0.8)
libndp (1.6 -> 1.7)
libopenmpt (0.3.12 -> 0.3.13)
libreoffice (6.1.3.1 -> 6.1.3.2)
libva (2.2.0 -> 2.3.0)
libva-gl (2.2.0 -> 2.3.0)
libvirt (4.8.0 -> 4.9.0)
lightdm (1.26.0 -> 1.28.0)
lightdm-gtk-greeter (2.0.5 -> 2.0.6)
llvm6
log4j
mozjs60 (60.1.0 -> 60.2.2)
mtools (4.0.18 -> 4.0.19)
myspell-dictionaries (20180704 -> 20181025)
netpbm (10.83.2 -> 10.84.2)
nodejs10 (10.12.0 -> 10.13.0)
opencv (3.4.1 -> 3.4.3)
orca (3.30.0 -> 3.30.1)
os-prober
osinfo-db (20180920 -> 20181011)
pcre2 (10.31 -> 10.32)
pesign-obs-integration
postfix
psmisc (23.0 -> 23.2)
publicsuffix (20181003 -> 20181030)
python-pip (18.0 -> 18.1)
python-qt5 (5.10.1 -> 5.11.3)
python-requests (2.19.1 -> 2.20.0)
python-rpm-macros (2017.12.22.d9968ab -> 2018.08.15.ada6d63)
python-setuptools (40.4.3 -> 40.5.0)
python-sip (4.19.8 -> 4.19.13)
python-urllib3 (1.23 -> 1.24)
qalculate (2.6.2 -> 2.8.0)
rdma-core (18.1 -> 20.1)
ruby2.5 (2.5.0 -> 2.5.1)
rubygem-nokogiri (1.8.4 -> 1.8.5)
samba (4.9.1+git.96.c3bff26bf16 -> 4.9.1+git.101.212e237d8ef)
simple-scan (3.30.1.1 -> 3.30.2)
strace (4.24 -> 4.25)
systemd-presets-branding-transactional-server
systemd-presets-common-SUSE
unbound
unixODBC (2.3.6 -> 2.3.7)
upower
vsftpd
xapian-core (1.4.6 -> 1.4.7)
xdg-user-dirs (0.16 -> 0.17)
xfsprogs (4.16.1 -> 4.18.0)
xmlgraphics-fop
zimg (2.7.5 -> 2.8)
zstd (1.3.5 -> 1.3.7)

=== Details ===

==== MozillaThunderbird ====
Version update (60.2.1 -> 60.3.0)
Subpackages: MozillaThunderbird-translations-common

- update to Thunderbird 60.3.0
* various theme fixes
* Shift+PageUp/PageDown in Write window
* Gloda attachment filtering
* Mailing list address auto-complete enter/return handling
* Thunderbird hung if HTML signature references non-existent image
* Filters not working for headers that appear more than once
- Security fixes for the Mozilla platform picked up from 60.3
(Firefox ESR release). In general, these flaws cannot be exploited
through email in Thunderbird because scripting is disabled when
reading mail, but are potentially risks in browser or browser-like
contexts (MFSA 2018-28) (bsc#1112852)
* CVE-2018-12391 (bmo#1478843) (Android only)
HTTP Live Stream audio data is accessible cross-origin
* CVE-2018-12392 (bmo#1492823)
Crash with nested event loops
* CVE-2018-12393 (bmo#1495011)
Integer overflow during Unicode conversion while loading JavaScript
* CVE-2018-12389 (bmo#1498460, bmo#1499198)
Memory safety bugs fixed in Firefox ESR 60.3
* CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
* mozilla-bmo1463035.patch
- Add memory-constraints to avoid OOM errors

==== alsa-plugins ====
Subpackages: alsa-plugins-pulse alsa-plugins-pulse-32bit

- Backport of yet another regression fixes in upstream:
0005-Revert-jack-Fix-leaks-when-jack_set_hw_constraint-fa.patch
0006-Revert-usb_stream-Fix-leaks-when-us_set_hw_constrain.patch
0007-Revert-oss-Fix-leaks-when-oss_hw_constraint-fails.patch
- Backport upstream commits:
fix memory leaks and other minor issues in usb_stream plugin,
fix a regression (appearins in PulseAudio) with a52 plugin:
0001-pcm_usb_stream-fix-another-leak-in-snd_pcm_us_open.patch
0002-pcm_usb_stream-remove-unused-parameter-in-snd_pcm_us.patch
0003-pcm_usb_stream-fix-signess-issues.patch
0004-a52_close-set-slave-to-NULL-to-avoid-double-pcm-free.patch

==== apache2 ====
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork
apache2-utils

- the "event" MPM is fully supported since 2.4
- configure an OCSP stapling cache by default (still requires enabling
SSLUseStapling in vhost)

==== at ====
Version update (3.1.20 -> 3.1.23)

- Version update to at 3.1.23 [bsc#1112660]
* 832368-Using_of_the_meaningless_fcntl: Fix call of fcntl by
replacing (long) 1 with FD_CLOEXEC
* 892819-at__improvements_to_atd.service: Improve atd.service,
see bug report 892819
* 885891-at__stale_batchjobs_after_reboot: Remove stale at jobs
after a boot.
* 897669-897670-Some_fixes_in_the_manuals: Fix some warnings in
manpages at.1 and atd.8
* 883730-Remove_invalid_email_from_man_page: Remove invalid email
from man pages.
* Draft of a release script
* Finalised script to release software.
- refresh at-atq-timeformat.patch
- refresh at-adjust_load_to_cpu_count.patch

==== babl ====
Version update (0.1.56 -> 0.1.58)

- Update to version 0.1.58:
+ Preserve color of transparent pixels in conversion to premultiplied alpha
+ Added single precision code-paths for faster fallback/reference conversions
+ New BABL_ICC_INTENT_PERFORMANCE bitflag for combing with intent as bitflags

==== bash-completion ====

- Modify patch PS1-completion-boo903362.patch to make it work with
mksh as well (boo#1104531)

==== bluez-qt ====
Subpackages: bluez-qt-imports bluez-qt-udev libKF5BluezQt6

- Use %{_udevrulesdir} macro to specify the install directory for
udev rules instead of a hard-coded path

==== cairo ====
Version update (1.15.14 -> 1.16.0)
Subpackages: libcairo-gobject2 libcairo2 libcairo2-32bit

- Update to version 1.16.0:
+ test: Free resources in pdf2png.
+ Drop skia backend.
+ Revert "Correctly decode Adobe CMYK JPEGs in PDF export".

==== ccache ====
Version update (3.4.2 -> 3.5)

- Make sure bundled zlib is not used
- Make building more verbose
- Update to version 3.5
* Added a boolean debug (CCACHE_DEBUG) configuration option
* Renamed CCACHE_CC to CCACHE_COMPILER
* Added a new command-line option -k/--get-config
* Improved performance substantially when using hash_dir = false
* Renamed "stats zero time" to "stats zeroed"
* Added file_state_matches_ctime option to disable ctime check

==== cryptsetup ====
Version update (2.0.4 -> 2.0.5)
Subpackages: libcryptsetup12 libcryptsetup12-32bit

- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
* Fixes static build for integritysetup if the pwquality library is used.
* Allows passphrase change for unbound keyslots.
* Fixes removed keyslot number in verbose message for luksKillSlot,
luksRemoveKey and erase command.
* Adds blkid scan when attempting to open a plain device and warn the user
about existing device signatures in a ciphertext device.
* Remove LUKS header signature if luksFormat fails to add the first keyslot.
* Remove O_SYNC from device open and use fsync() to speed up
wipe operation considerably.
* Create --master-key-file in luksDump and fail if the file already exists.
* Fixes a bug when LUKS2 authenticated encryption with a detached header
wiped the header device instead of dm-integrity data device area (causing
unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12

==== cups ====
Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupscgi1
libcupsimage2 libcupsmime1 libcupsppdc1

- Add patch let-cupsd-start-after-network.patch
Let cuspd start after possible network connection (boo#1111351)
This let cupsd also stop before a used network connection goes
down, hence the cusp does not lock due waiting on remote printers.

==== curl ====
Version update (7.61.1 -> 7.62.0)
Subpackages: libcurl4

- Update to version 7.62.0
Changes:
* multiplex: enable by default
* url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
* setopt: add CURLOPT_DOH_URL
* curl: --doh-url added
* setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
* imap: change from "FETCH" to "UID FETCH"
* configure: add option to disable automatic OpenSSL config loading
* upkeep: add a connection upkeep API: curl_easy_upkeep()
* URL-API: added five new functions
* vtls: MesaLink is a new TLS backend
Bugfixes:
* CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
* CVE-2018-16840: use-after-free in handle close [bsc#1113029]
* CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
* CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
* Curl_dedotdotify(): always nul terminate returned string
* Curl_follow: Always free the passed new URL
* Curl_http2_done: fix memleak in error path
* Curl_retry_request: fix memory leak
* Curl_saferealloc: Fixed typo in docblock
* FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
* GnutTLS: TLS 1.3 support
* SECURITY-PROCESS: mention the bountygraph program
* VS projects: add USE_IPV6:
* certs: generate tests certs with sha256 digest algorithm
* checksrc: enable strict mode and warnings
* checksrc: handle zero scoped ignore commands
* cmake: Backport to work with CMake 3.0 again
* cmake: Improve config installation
* cmake: add support for transitive ZLIB target
* cmake: disable -Wpedantic-ms-format
* cmake: don't require OpenSSL if USE_OPENSSL=OFF
* cmake: fixed path used in generation of docs/tests
* cmake: remove unused *SOCKLEN_T variables
* cmake: suppress MSVC warning C4127 for libtest
* cmake: test and set missed defines during configuration
* config: Remove unused SIZEOF_VOIDP
* configure: force-use -lpthreads on HPUX
* configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
* cookies: Remove redundant expired check
* cookies: fix leak when writing cookies to file
* curl-config.in: remove dependency on bc
* curl.1: --ipv6 mutexes ipv4 (fixed typo)
* curl: update the documentation of --tlsv1.0
* curl_multi_wait: call getsock before figuring out timeout
* curl_ntlm_wb: check aprintf() return codes
* data-binary.d: clarify default content-type is x-www-form-urlencoded
* docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
* docs/CIPHERS: fix the TLS 1.3 cipher names
* docs/CIPHERS: mention the colon separation for OpenSSL
* docs/examples: URL updates
* docs: add "see also" links for SSL options
* example/asiohiper: insert warning comment about its status
* example/htmltidy: fix include paths of tidy libraries
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
* examples/parseurl.c: show off the URL API
* examples: Fix memory leaks from realloc errors
* examples: do not wait when no transfers are running
* ftp: include command in Curl_ftpsend sendbuffer
* gskit: make sure to terminate version string
* gtls: Values stored to but never read
* hostip: fix check on Curl_shuffle_addr return value
* http2: fix memory leaks on error-path
* http: fix memleak in rewind error path
* krb5: fix memory leak in krb_auth
* memory: add missing curl_printf header
* memory: ensure to check allocation results
* multi: Fix error handling in the SENDPROTOCONNECT state
* multi: fix memory leak in content encoding related error path
* multi: make the closure handle "inherit" CURLOPT_NOSIGNAL
* netrc: free temporary strings if memory allocation fails
* nss: try to connect even if libnssckbi.so fails to load
* ntlm_wb: Fix memory leaks in ntlm_wb_response
* ntlm_wb: bail out if the response gets overly large
* openssl: assume engine support in 0.9.8 or later
* openssl: enable TLS 1.3 post-handshake auth
* openssl: fix gcc8 warning
* openssl: load built-in engines too
* openssl: make 'done' a proper boolean
* openssl: output the correct cipher list on TLS 1.3 error
* openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
* openssl: show "proper" version number for libressl builds
* pipelining: deprecated
* rand: add comment to skip a clang-tidy false positive
* rtmp: fix for compiling with lwIP
* runtests: ignore disabled even when ranges are given
* schannel: unified error code handling
* sendf: Fix whitespace in infof/failf concatenation
* ssh: free the session on init failures
* ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
* system.h: use proper setting with Sun C++ as well
* test1299: use single quotes around asterisk
* test1452: mark as flaky
* test1651: unit test Curl_extract_certinfo()
* test320: strip out more HTML when comparing
* tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
* tests: add unit tests for url.c
* tool_cb_hdr: handle failure of rename()
* travis: add a "make tidy" build that runs clang-tidy
* travis: add build for "configure --disable-verbose"
* travis: bump the Secure Transport build to use xcode
* travis: make distcheck scan for BOM markers
* unit1300: fix stack-use-after-scope AddressSanitizer warning
* urldata: Fix "connecting" comment
* urlglob: improve error message on bad globs
* vtls: fix ssl version "or later" behavior change for many backends
* x509asn1: Fix SAN IP address verification
* x509asn1: always check return code from getASN1Element()
* x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
* x509asn1: suppress left shift on signed value
- Rebased patches after update:
* curl-disabled-redirect-protocol-message.patch
* curl-use_OPENSSL_config.patch

==== dmidecode ====

- dmidecode-fix-redfish-hostname-print-length.patch: Fix Redfish
Hostname print length (bsc#1112755).

==== dnsmasq ====
Version update (2.78 -> 2.80)

- Ensure neutrality of descriptions. / Replace description with
new upstream description.
- Do not hide failures from user/group additions.
- Replace old $RPM_* shell vars by macros.
- Updated to dnsmasq 2.80
* Add support for RFC 4039 DHCP rapid commit
* Alter the default for dnssec-check-unsigned
* Fix DHCP when --no-ping and --dhcp-sequential-ip are set
* Allow zone transfer in authoritative mode if auth-peer is specified
* FIx missing fatal errors with some malformed options
* Fix crash on startup with a --synth-domain which has no prefix
- enabled lua scripting interface

==== dracut ====

- 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask
(bsc#1055834)
* adds 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
- Fixed Patch 581 to apply cleanly
* Updates 0581-kernel-modules-add-nfit.patch
- Mark the DASD udev rules host-only and handle backslashes in paths for
hostonly files (bsc#1090884)
* adds 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
* adds 0584-95dasd_rules-mark-dasd-rules-host_only.patch

==== emacs ====
Subpackages: emacs-info emacs-nox emacs-x11 etags

- Let ispell.el perform even on older systems without default
hunspell dictionary as otherwise this leades to wrong type
error as nil is not a pointer to a string
- Let site-start.el also seek for hunspell to load the ispell
lisp library (boo#1110387)
- Help ispell(.el) to find and provide the usable dictionaries
even for hunspell (boo#1110387)

==== ffmpegthumbs ====

- Add patch to fix crash on video files without a suitable codec installed:
* 0001-Don-t-crash-if-initializeVideo-fails.patch

==== frei0r-plugins ====

- Add frei0r-plugins-openCV-3.4.2-compatibility.patch to fix a
build failure with openCV > 3.4.1
- Run spec-cleaner

==== fribidi ====
Version update (1.0.1 -> 1.0.5)
Subpackages: libfribidi0 libfribidi0-32bit

- Update to version 1.0.5:
+ Updated unicode tables to version 11
+ Bugfix release - character tests were not running previously
+ Small speedup due to small arrays being allocated on the stack

==== gnome-photos ====
Subpackages: gnome-photos-lang gnome-shell-search-provider-gnome-photos

- Add gnome-photos-on-demand-activate-dleyna.patch: Don't activate
dleyna-renderer-service when Photos starts up (bsc#992420,
glgo#GNOME/gnome-photos#75).

==== gnome-software ====
Version update (3.30.2 -> 3.30.5)
Subpackages: gnome-software-lang

- Update to version 3.30.5:
+ Fix build with appstream-glib 0.7.14.
- Changes from version 3.30.4:
+ Add a separate "Download" step for packagekit offline updates,
so that "Restart & Update" is instant.
+ Fix a version comparison issue that led to package updates
sometimes showing as downgrades in the OS Updates section (this
needs latest appstream-glib).
+ Show the refresh button when the updates page is in the failed
state.
+ Notify about offline updates only after they are fully
downloaded.
+ Updated translations.
- Update to version 3.30.3:
+ Fix a memory corruption issue on 32-bit arches that made
gnome-software very crashy.
+ Fix an issue with stuck back button on the details page after
closing and reopening gnome-software.
+ Make distro upgrades to Fedora N+2 release show up correctly.
+ Various flatpak plugin fixes.
+ Allow opening CAB files that include more than one update.
+ Fix critical warnings when quickly switching between category
pages.
+ Small memory leak fixes.
+ Updated translations.

==== gptfdisk ====
Version update (1.0.1 -> 1.0.4)

- Update to 1.0.4
* 74 new type codes added
* Search/filter function to the type code list
* GPT fdisk now reports more details about data structures
* Misc bug fixes

==== graphite2 ====
Version update (1.3.11 -> 1.3.12)
Subpackages: libgraphite2-3 libgraphite2-3-32bit

- Update to 1.3.12:
. Graphite no longer does dumb rendering for fonts with no smarts
. Segment caching code removed. Anything attempting to use the
segment cache gets given a regular face instead
. Add libfuzzer support
. Builds now require C++11
. Improvements to Windows 64 bit builds
. Support different versions of python including 32 bit and python 3
. Various minor bug fixes
- refreshed patch
% link-gcc-shared.diff
- removed patch
- graphite2-CVE-2018-7999.patch (upstreamed)

==== hdparm ====
Version update (9.56 -> 9.57)

- Update to 9.57:
* Added --set-sector-size flag, used to change logical sector
size for drives which support multiple sector sizes.
* Also updated various bits of hdparm to better cope with
non-512 byte sectors.
* Various other minor fixes/enhancements.
- Update hdparm-leak-fix.patch

==== iproute2 ====
Version update (4.18 -> 4.19)

- Update to new upstream release 4.19
* Support new features in Linux 4.19 such as the CAKE qdisc.

==== ipset ====
Version update (6.38 -> 7.0)

- Update to new upstream release 7.0
* A new internal protocol version between the kernel and
userspace is used. This is required in order to support two
new functions and the extendend LIST operation, which makes
possible to run ipset in every case entirely over netlink,
without the need to use getsockopt().
* The userspace library was reworked so it can be embedded
without calling the binary.

==== iptables ====
Version update (1.8.0.g85 -> 1.8.1)
Subpackages: libiptc0 libxtables12 xtables-plugins

- Update to new upstream release 1.8.1
* New cgroup match revision with reduced memory footprint

==== java-11-openjdk ====
Subpackages: java-11-openjdk-headless

- Merge into the JDK following modules from github.com/javaee:
* com.sum.xml.fastinfoset
* org.jvnet.staxex
* com.sun.istack.runtime
* com.sun.xml.txw2
* com.sun.xml.bind
+ This provides a default implementation of JAXB-API that
existed in JDK before Java 11 and that some applications
depend on.

==== javapackages-tools ====
Version update (5.2.0+git20180620.70fa2258 -> 5.3.0)

- Replace the occurences of /usr/lib by libdir in configuration
files too
- Update to version 5.3.0
- Modified patch:
* suse-no-epoch.patch
+ rediff to changed code
- Build the :extras flavour as noarch
- Added patch:
* suse-no-epoch.patch
+ we did not bump epoch of OpenJDK packages in SUSE
+ fix a potential generation of unresolvable requires
+ adapt the tests to not expect the epoch

==== jemalloc ====

- Disable profiling on ppc until boo#1105633 get fixed

==== jing-trang ====

- Change to build against bsh2 instead of the old bsh

==== kiconthemes ====
Subpackages: libKF5IconThemes5 libKF5IconThemes5-lang

- Add Fixing-a-copy-paste-error.patch to fix crashes when opening
the icon dialog (kde#398766)

==== kscreenlocker ====
Subpackages: kscreenlocker-lang libKScreenLocker5

- Mark /etc/pam.d/kscreenlocker as %config(noreplace) so that
modifications don't get lost when installing updates (boo#1114258)

==== ktextwidgets ====
Subpackages: libKF5TextWidgets5 libKF5TextWidgets5-lang

- Add Qt5TextToSpeech BuildRequires to enable text-to-speech support

==== libburn ====
Version update (1.4.8 -> 1.5.0)

- Update to 1.5.0:
* User defined padding was moved after appended partitions
* xorriso and libisoburn make user of the new xattr capability of libisofs
* libburn got some rarely triggered bugs fixed

==== libinput ====
Version update (1.12.1 -> 1.12.2)
Subpackages: libinput-udev libinput10

- Update to new upstream release 1.12.2
* The Lenovo x220t and x60t do not disable the keyboard in
tablet-mode anymore.
* Button debouncing is now disabled on VMware virtual devices.
* The Wacom Intuos Pro PTH-660 palm threshold was restored to
the original value, it was changed accidentally.
* libinput now assumes that you only have one thumb per hand,
which is a statistically well-supported approximation.
* A 2-finger movement out of the software button area now will
no longer trigger spurious pointer motion events if one
finger exits the button area before the other one.
* The Wacom Intuos Pro PTH-660, when connected over Bluetooth,
sometimes caused an invalid event sequence that caused
libinput to lose track of the tap counter which again
triggered an assertion later.

==== libisofs ====
Version update (1.4.8 -> 1.5.0)

- Update to 1.5.0:
* Bug fix: Multi-session emulation was not recognized with non-zero partition
* New bit10 of isoburn_drive_acquire() to accept all xattr namespaces
* New -xattr mode "any" to process all xattr namespaces of local filesystem
* New -as mkisofs option --xattr-any
* New -as mkisofs options -uid and -gid

==== libmspack ====
Version update (0.6 -> 0.8)

- Update to version 0.8:
* New parameter MSCABD_PARAM_SALVAGE which permits salvaging
badly damaged files rather than rejecting them outright.
* Fix the above 38912-byte Quantum CAB block bug.
* Reject blank CHM filenames that are blank because they have
embedded null bytes.
* chmextract: Protect from absolute/relative pathnames in CHM
files.
- Update to version 0.7 (bsc#1103032):
* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
(CVE-2018-14681).
* Fix 1 byte overread by character U+0100 in a CHM filename
(CVE-2018-14682).
* Reject blank CHM filenames (CVE-2018-14680).
* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).

==== libndp ====
Version update (1.6 -> 1.7)

- Update to version 1.7
* fix socket fd missing for O_CLOEXEC
* Fix issue where not sending all IPs to an interface
* typo in ndptool.c fixed

==== libopenmpt ====
Version update (0.3.12 -> 0.3.13)
Subpackages: libmodplug1 libopenmpt0

- Update to version 0.3.13:
* [Sec] Crash with malformed MED files.
* Transposed samples in AMF ASYLUM modules were not played
correctly.
* Notes triggered by libopenmpt_ext play_note could be played
with a panbrello effect if the same virtual channel was
previously used with panbrello.
* Clicks when stopping channels that didn?t end at zero volume.
* XM: Do not import non-standard commands N and M as channel
volume commands.

==== libreoffice ====
Version update (6.1.3.1 -> 6.1.3.2)
Subpackages: libreoffice-branding-upstream libreoffice-calc libreoffice-draw
libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3
libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs
libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en
libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr
libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl
libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN
libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno
libreoffice-qt5 libreoffice-writer libreofficekit

- Honorably mention all the now dropped patches from 6.0 series that
are merged by the 6.1 already and as such never entered TW:
* bnc1088262.patch
* bsc1088263.patch
* bsc1095601.patch
* bsc1095639.patch
* bsc1098891.patch
- Remove libreofficekit files that are not supposed to be
installed when the feature is disabled
- Update to 6.1.3.2:
* 6.1.3 Final
* In this release we have fixes for bsc#1079744 bsc#1088266
bsc#1095755 bsc#1110345 bsc#1107012
- Use turkish spellcheck that is now provided by myspell-dictionaries

==== libva ====
Version update (2.2.0 -> 2.3.0)
Subpackages: libva-drm2 libva-x11-2 libva2

- Update to 2.3.0
* Bump VA-API version to 1.3.0 and libva to 2.3.0
* Add max frame size parameters for multiple pass case in legacy mode
* Add new BRC mode AVBR
* Add new interface for High Dynamic Range tone mapping
* Add missing enum to string conversions
* Add hevc subsets parameters structure
* Add Customized Noise Reduction (HVS) interfaces
* Add new BRC mode definition QVBR
* Add more complete colour properties for use in VPP

==== libva-gl ====
Version update (2.2.0 -> 2.3.0)
Subpackages: libva-glx2 libva-wayland2

- Update to 2.3.0
* Bump VA-API version to 1.3.0 and libva to 2.3.0
* Add max frame size parameters for multiple pass case in legacy mode
* Add new BRC mode AVBR
* Add new interface for High Dynamic Range tone mapping
* Add missing enum to string conversions
* Add hevc subsets parameters structure
* Add Customized Noise Reduction (HVS) interfaces
* Add new BRC mode definition QVBR
* Add more complete colour properties for use in VPP

==== libvirt ====
Version update (4.8.0 -> 4.9.0)
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface
libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage
libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi
libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Update to libvirt 4.9.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- FATE#326371
- Update SLE15 SP1 with openSUSE Factory package
FATE#325848, FATE#326368
- FATE and bug references made in the SLE15 package since the last
Factory update: FATE#325817, bsc#959329, bsc#1074014,
bsc#1106420, bsc#1108395
- Patches in SLE15 package that are dropped by this update:
1b0c42ff-libvirtd-depend-machined.patch,
ac4a12db-libxl-fix-hasManagedSave.patch

==== lightdm ====
Version update (1.26.0 -> 1.28.0)
Subpackages: liblightdm-gobject-1-0 lightdm-lang

- Update to version 1.28.0:
* Continue to shutdown session if removing X authority fails.
* Set XDG_SEAT env variable in script hooks.
* Fix small leak in XDMCP server.
* liblightdm-qt: Mark class PowerInterface as exported.
* Fix one qt5 test being run instead of a qt4 one.
* Remove use of deprecated g_type_class_add_private.
* Modernise private data in objects.
* Document XDG_SEAT_PATH in man page.
* Fix install failing if link already exists.
* Remove bashisms in configure.ac.
- Rebase lightdm-sysconfig-support.patch,
lightdm-xauthlocalhostname-support.patch.
- Use GPG signing.

==== lightdm-gtk-greeter ====
Version update (2.0.5 -> 2.0.6)
Subpackages: lightdm-gtk-greeter-lang

- Update to version 2.0.6:
* Multi seat support: Store state for each seat (lp#1641335).
* Updated translations.

==== llvm6 ====
Subpackages: libLLVM6 libclang6

- opt-viewer-Find-style-css-in-usr-share.patch
* Make sure opt-viewer installed in /usr/bin can find resources
from /usr/share/opt-viewer. (boo#1112730)

==== log4j ====

- Install and package the maven pom and metadata files

==== mozjs60 ====
Version update (60.1.0 -> 60.2.2)

- Update to version 60.2.2:
* Bug fix release.
- Drop mozjs60-fix-memory-leak-in-LCovCompartment-esr60.patch and
mozjs60-prevent-an-internal-gcc-8_0_1-error.patch: Fixed upstream

==== mtools ====
Version update (4.0.18 -> 4.0.19)

- patches unversioned; makes update and reviews easier
* mtools-4.0.18-fat-bits.diff -> mtools-fat-bits.diff
* mtools-4.0.18-conf.diff -> mtools-conf.diff
* mtools-4.0.18-aliasing.diff -> mtools-aliasing.diff
* mtools-4.0.18-prototypes.diff -> mtools-prototypes.diff
* mtools-4.0.18-autoconf.diff -> mtools-autoconf.diff
- Update to 4.0.19:
* Fix for short file names starting with character 0xE5
* mpartition: Partition types closer to what Microsoft uses
* mformat: figure out LBA geometry as last resort if geometry is unspecified
* mformat: use same default cluster size as Microsoft for FAT32
* additional sanity checks
* document how clutser size is picked in mformat.c man page
* document how partition types are picked in mpartition.c man page

==== myspell-dictionaries ====
Version update (20180704 -> 20181025)
Subpackages: myspell-cs_CZ myspell-da_DK myspell-de myspell-de_DE myspell-el_GR
myspell-en myspell-en_GB myspell-en_US myspell-es myspell-es_ES myspell-fr_FR
myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU
myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-pl_PL myspell-pt_BR
myspell-ru_RU

- Update to 20181025:
* Turkish dictionary added
* Updated French dictionary

==== netpbm ====
Version update (10.83.2 -> 10.84.2)
Subpackages: libnetpbm11

- updated to 10.84.02
* libnetpbm: Fix invalid memory reference in color name processing
when trivial memory allocation fails.
pamtojpeg2k: fix incorrect interpretation of -ilyrrates option
when it contains multiple delimiter characters in a row. Always
broken (pamtojpeg2k was new in Netpbm 10.12 (November 2002)).
* pnmtojbig: fix incorrect handling of -x option. Always broken
(pnmtojbig was new in Netpbm 9.2 (May 2000)).
Add pamaltsat. Thanks Anton Shepelev <anton.txt@xxxxxxxxx>.
* Add pamtris. Thanks Lucas Brunno Luna
<lucaslunar32@xxxxxxxxxxx>.
* libpbmfont, pbmtext: fix bugs with BDF file lines with
insufficient number of fields. Unknown effect.
* pbmtext: -wchar works with built-in fonts.
* pbmtext: improved -verbose information about BDF fonts:
include CHARSET_REGISTRY, CHARSET_ENCODING.
* libnetpbm font facilities: built-in fonts work with wide
characters.
* pbmtext; libnetpbm BDF font processing: fix invalid memory
reference when BDF font file has invalid syntax. Broken
in primordial Netpbm, ca 1993.
* pamgetcolor: fix bug: gets color of only the top half of a
region.
* pnmfiasco, fiascotopnm: Fix trivial memory leak. Always broken
(programs were new in Netpbm 9.6, July 2000).

==== nodejs10 ====
Version update (10.12.0 -> 10.13.0)
Subpackages: nodejs10-devel npm10

- New upstream LTS 10.13.0: (bsc#1112438, FATE#326776)
* buffer: fix crash for invalid index types
* deps: fix wrong default for v8 handle zapping
- env_shebang.patch: dropped
- skip_test_on_lowmem.patch: skip some build tests on low-memory
build machines

==== opencv ====
Version update (3.4.1 -> 3.4.3)

- Update to 3.4.3
* Compatibility fixes with python 3.7
* Added a new computational target DNN_TARGET_OPENCL_FP16
* Extended support of Intel's Inference Engine backend
* Enabled import of Intel's OpenVINO pre-trained networks from
intermediate representation (IR).
* tutorials improvements
Check https://github.com/opencv/opencv/wiki/ChangeLog#version343
for the complete changelog.
- Drop fix-build-i386-nosse.patch, build-workaround-issues-with-c.patch
(fixed upstream)
- Refresh patches

==== orca ====
Version update (3.30.0 -> 3.30.1)
Subpackages: orca-lang

- Update to version 3.30.1:
+ General:
- Fix presentation of nameless menu items in certain
gnome-shell extesions.
- Improve presentation of Pluma spell-check dialog.
- Fix bug in sentence echo.
- Fix issue with profile names containing XML special
characters.
+ Web: Fix some chattiness with SayAll in web content.
+ LibreOffice: Work around Writer issue preventing presentation
of selected text.
+ Updated translations.

==== os-prober ====

- Fix missing grub-probe command that caused linux-boot-probe to abort
prematurely. It is a mistake while rebasing patch to 1.76 (bsc#1113615)
* os-prober-1.49-grub2-mount.patch

==== osinfo-db ====
Version update (20180920 -> 20181011)

- Update database to version 20181011
osinfo-db-20181011.tar.xz
- Drop add-caasp-support.patch
- Drop modify-volume-id-for-windows.patch

==== pcre2 ====
Version update (10.31 -> 10.32)
Subpackages: libpcre2-16-0 libpcre2-8-0

- pcre2 10.32:
* pcre2grep now supports the inclusion of binary zeros in
patterns that are read from files via the -f option.
* In pcre2_dfa_match(), internal recursive calls no longer use
the stack for local workspace and local ovectors
* Updated to Unicode version 11.0.0.
* (*ACCEPT:ARG), (*FAIL:ARG), and (*COMMIT:ARG) are now supported.
* Add support for \N{U+dddd}, but only in Unicode mode.
* Addesupport for (?^) to unset all imnsx options

==== pesign-obs-integration ====

- rpm: properly forward dep flags
- Fix new Lintian Error from Debian 10

==== postfix ====
Subpackages: postfix-doc

- update config.postfix
* don't reject mail from authenticated users even if
reject_unknown_client_hostname would match,
add permit_sasl_authenticated to all restrictions
requires smtpd_delay_reject = yes
- update postfix-main.cf.patch
* recover removed setting smtpd_sasl_path and smtpd_sasl_type,
set to default value
config.postfix will not 'enable' (remove #) var, but place
modified (enabled) var at end of file, far away from place
where it should be
- rebase patches
* fix-postfix-script.patch
* postfix-vda-v14-3.0.3.patch
* postfix-linux45.patch
* postfix-master.cf.patch
* pointer_to_literals.patch
* postfix-no-md5.patch

==== psmisc ====
Version update (23.0 -> 23.2)
Subpackages: psmisc-lang

- Modify patch 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
to support older systems with statx kernel support
- Modify patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
to respect autofs as well as afs file system
- Add patch 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch
to use statx(2) system call since kernel 4.12. Now it is possible
to avoid sync with remote file servers as well as trigger autofs
mounts due stat(x) calls.
- Support also btrFS entries in mountinfo, that is use stat(2) to
determine the device of the mounted subvolume (bsc#1098697, bsc#1112780)
- Update to version 23.2
* misc: Command names increased from 16 to 64 characters
* buildsys: signals.c depends on signames.h !16
* docs: Fix fuser.1 groff errors Debian #900225
* killall: look at all namespaces by default
* killall: Fix -INT option parsing #11
* killall: ignore -n 0 #15
* killall: another crack at fixing getopt #12 #13
* peekfd: Attach to all threads option !15
* pslog: Define PATH_MAX if required Debian:#905797
- Modify patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- Remove patches now upstream solved
* psmisc-23.0-killall-signals.patch
* psmisc-23.0-killall.patch
- Modify and rename patch psmisc-23.0.dif which now becomes psmisc-v23.2.dif

==== publicsuffix ====
Version update (20181003 -> 20181030)

- Update to version 20181030:
* Add readthedocs.io (#722)
* Remove trailing whitespace from L11948 (#721)
* Add krasnik.pl, leczna.pl, lubartow.pl, lublin.pl, poniatowa.pl
and swidnik.pl domains to the Public Suffix List (#670)
* Add instantcloud.cn by Redstar Consultants (#696)
* Add Fermax and mydobiss.com domain (#706)
* Add shop.th & online.th (#716)
* Add siteleaf.net (#655)
* Add wpcomstaging.com and go-vip.co to the PSL (#719)

==== python-pip ====
Version update (18.0 -> 18.1)

- specfile:
* remove devel from noarch
- update to version 18.1:
* Features
+ Allow PEP 508 URL requirements to be used as dependencies.
+ As a security measure, pip will raise an exception when
installing packages from PyPI if those packages depend on
packages not also hosted on PyPI. In the future, PyPI will block
uploading packages with such external URL dependencies
directly. (#4187)
+ Upgrade pyparsing to 2.2.1. (#5013)
+ Allows dist options (?abi, ?python-version, ?platform,
?implementation) when installing with ?target (#5355)
+ Support passing svn+ssh URLs with a username to pip install
- e. (#5375)
+ pip now ensures that the RECORD file is sorted when installing
from a wheel file. (#5525)
+ Add support for Python 3.7. (#5561)
+ Malformed configuration files now show helpful error messages,
instead of tracebacks. (#5798)
* Bug Fixes
+ Checkout the correct branch when doing an editable Git
install. (#2037)
+ Run self-version-check only on commands that may access the
index, instead of trying on every run and failing to do so due
to missing options. (#5433)
+ Allow a Git ref to be installed over an existing
installation. (#5624)
+ Show a better error message when a configuration option has an
invalid value. (#5644)
+ Always revalidate cached simple API pages instead of blindly
caching them for up to 10 minutes. (#5670)
+ Avoid caching self-version-check information when cache is
disabled. (#5679)
+ Avoid traceback printing on autocomplete after flags in the
CLI. (#5751)
+ Fix incorrect parsing of egg names if pip needs to guess the
package name. (#5819)
* Vendored Libraries
+ Upgrade certifi to 2018.8.24
+ Upgrade packaging to 18.0
+ Add pep517 version 0.2
+ Upgrade pytoml to 0.1.19
+ Upgrade pkg_resources to 40.4.3 (via setuptools)
* Improved Documentation
+ Fix ?Requirements Files? reference in User Guide
(#user_guide_fix_requirements_file_ref)

==== python-qt5 ====
Version update (5.10.1 -> 5.11.3)
Subpackages: python-qt5-utils python3-qt5

- Make sure python-enum34 is installed when building packages
depending on python-qt5.
- Add fix-sip-detection.patch. Picked from the Fedora package
- Update to 5.11.3
* Fixed a build problem with Python v2.
* Removed the checks for PyQt5.sip
* Fix issues with out of source builds

==== python-requests ====
Version update (2.19.1 -> 2.20.0)
Subpackages: python2-requests python3-requests

- specfile:
* remove devel for noarch
* remove restriction for urllib3 < 1.24
* HISTORY and README changed from .rst to .md
- update to version 2.20.0:
* Bugfixes
+ Content-Type header parsing is now case-insensitive
(e.g. charset=utf8 v Charset=utf8).
+ Fixed exception leak where certain redirect urls would raise
uncaught urllib3 exceptions.
+ Requests removes Authorization header from requests redirected
from https to http on the same hostname. (CVE-2018-18074)
+ should_bypass_proxies now handles URIs without hostnames
(e.g. files).
* Dependencies
+ Requests now supports urllib3 v1.24.
* Deprecations
+ Requests has officially stopped support for Python 2.6.

==== python-rpm-macros ====
Version update (2017.12.22.d9968ab -> 2018.08.15.ada6d63)

- version bump to 2018.08.15.ada6d63

==== python-setuptools ====
Version update (40.4.3 -> 40.5.0)
Subpackages: python2-setuptools python3-setuptools

- update to version 40.5.0:
* #1335: In pkg_resources.normalize_path, fix issue on Cygwin when
cwd contains symlinks.
* #1502: Deprecated support for downloads from Subversion in
package_index/easy_install.
* #1517: Dropped use of six.u in favor of u"" literals.
* #1520: Added support for data_files in setup.cfg.
* #1525: Fixed rendering of the deprecation warning in easy_install
doc.

==== python-sip ====
Version update (4.19.8 -> 4.19.13)
Subpackages: python-sip-common python3-sip

- Add disable-strip.diff to fix the -debuginfo creation.
- Update to 4.19.13:
* Build system fixes
* Removed support in the XML/API export for deprecated features
* Pass the fully qualified Python names of types for arguments and
results.
* Various fixes for the XML export
* Fixed a bug when arguments that were templates could lose their type
hints
- Update to 4.19.12:
* Added the /ScopesStripped/ argument annotation.
* The members of traditional C/C++ enums are now also visible within the
scope of the enum itself. This means that members of scoped and unscoped
enums can be accessed in the same way from Python.
* Private copies of the sip module are now easier to configure and use.
SIP v5 will only support private copies.
* Added the -n option to the sip code generator to support private copies of
the sip module.
See https://www.riverbankcomputing.com/static/Downloads/sip/ChangeLog for
the complete changelog.
- Run spec-cleaner

==== python-urllib3 ====
Version update (1.23 -> 1.24)
Subpackages: python2-urllib3 python3-urllib3

- Update to 1.24:
* Allow key_server_hostname to be specified when initializing a PoolManager
to allow custom SNI to be overridden. (Pull #1449)
* Test against Python 3.7 on AppVeyor. (Pull #1453)
* Early-out ipv6 checks when running on App Engine. (Pull #1450)
* Change ambiguous description of backoff_factor (Pull #1436)
* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull
#1442)
* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue
#1405).
* Add a server_hostname parameter to HTTPSConnection which allows for
overriding the SNI hostname sent in the handshake. (Pull #1397)
* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
* Fixed bug where responses with header Content-Type: message/* erroneously
raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
* Move urllib3 to src/urllib3 (Pull #1409)
- Drop patch 1414.patch merged upstream
- Refresh patches:
* python-urllib3-recent-date.patch
* urllib3-ssl-default-context.patch

==== qalculate ====
Version update (2.6.2 -> 2.8.0)

- Update to 2.8.0
* Equation solved and improved simplification for expressions with
trigonometric functions.
* General improvements to simplification and equation solving.
* Improved factorization.
* New magnitude(), entrywise() and hadamard() functions, and new
n variable (unknown integer).
* Parse |x| and ||x|| as abs(x) and magnitude(x).
* Use kilo as prefix for gram if automatic prefix is off.

==== rdma-core ====
Version update (18.1 -> 20.1)
Subpackages: libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Update to rdma-core v20.1 (fate#325887, fate#325919, fate#326000)
* No release notes available
- Drop patches merged upstream:
* suse-Add-recommends-for-rxe_cfg-requirements.patch
adds recommends for the relevant packages
* rxe-switch-to-iproute2-for-rxe_cfg.patch
switches to iproute2 commands

==== ruby2.5 ====
Version update (2.5.0 -> 2.5.1)
Subpackages: libruby2_5-2_5 ruby2.5-devel ruby2.5-stdlib

- backport 450160263aed8c446ce5b142d71f921ab4118f3a.patch:
Include the alternative malloc header instead of malloc.h
- update to 2.5.1
This release includes some bug fixes and some security fixes.
- CVE-2017-17742: HTTP response splitting in WEBrick
- CVE-2018-6914: Unintentional file and directory creation with
directory traversal in tempfile and tmpdir
- CVE-2018-8777: DoS by large request in WEBrick
- CVE-2018-8778: Buffer under-read in String#unpack
- CVE-2018-8779: Unintentional socket creation by poisoned NUL
byte in UNIXServer and UNIXSocket
- CVE-2018-8780: Unintentional directory traversal by poisoned
NUL byte in Dir
- Multiple vulnerabilities in RubyGems
https://github.com/ruby/ruby/compare/v2_5_0...v2_5_1
- added frozen-pop3.patch:
Net::POPMail methods modify frozen literal when using default arg
https://redmine.ruby-lang.org/issues/14416

==== rubygem-nokogiri ====
Version update (1.8.4 -> 1.8.5)

- updated to version 1.8.5
[#]# Security Notes
[MRI] Pulled in upstream patches from libxml2 that address CVE-2018-14404 and
CVE-2018-14567. Full details are available in
[#1785](https://github.com/sparklemotion/nokogiri/issues/1785). Note that these
patches are not yet (as of 2018-10-04) in an upstream release of libxml2.
[#]# Bug fixes
* [MRI] Fix regression in installation when building against system
libraries, where some systems would not be able to find libxml2 or libxslt when
present. (Regression introduced in v1.8.3.) [#1722]
* [JRuby] Fix node reparenting when the destination doc is empty. [#1773]

==== samba ====
Version update (4.9.1+git.96.c3bff26bf16 -> 4.9.1+git.101.212e237d8ef)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0
libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0
libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit
libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit
libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0
libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit
libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0
libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0
libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client
samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind
samba-winbind-32bit

- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);
- winbind requires latest version of libtevent-util0 to start

==== simple-scan ====
Version update (3.30.1.1 -> 3.30.2)
Subpackages: simple-scan-lang

- Update to version 3.30.2:
+ Updated translations.

==== strace ====
Version update (4.24 -> 4.25)

- Update to strace 4.25
* Improvements
* Implemented decoding of KVM_CHECK_EXTENSION and NBD_* ioctl commands.
* Implemented decoding of SOL_XDP socket option names.
* Implemented decoding of AF_PACKET protocols in socket syscall.
* Implemented decoding of AF_AX25 and AF_X25 addresses, protocols,
and options.
* Implemented stack trace printing on receiving signals.
* Enhanced xlat styles support configured by -X option.
* Enhanced decoding of IFLA_*, NETCONFA_*, and SMC_DIAG_* netlink attributes.
* Wired up io_pgetevents syscall on arm, sparc, and sparc64.
* Updated lists of AF_*, AUDIT_*, BPF_*, IFLA_*, IN_*, IPSTATS_*,
IPV4_DEVCONF_*, NT_*, SCTP_*, SO_*, SOCK_*, SOL_*, and V4L2_* constants.
* Updated lists of ioctl commands from Linux 4.19.
* Bug fixes
* Fixed decoding of bit sets in evdev ioctl commands.
* Fixed decoding of EVIOCGBIT(0, ...) ioctl commands.
* Fixed test suite for the case when mlockall and unimplemented syscalls
are explicitly disabled by a seccomp filter.

==== systemd-presets-branding-transactional-server ====

- enable ca-certificates.service for transactional server. Normal
systems don't need it at boot (boo#1088378).

==== systemd-presets-common-SUSE ====

- disable ca-certificates.service as it needlessly slows down boot
(boo#1088378). update-ca-certificates will still be triggered by
the path when there are actual changes.

==== unbound ====
Subpackages: libunbound2 unbound-anchor

- Drop pre-rollover key 19036 from 2010, only leave 2017/2018 rollover
key 20326 (bsc#1112009, bsc#1004165)
- Removed intermediate certificates from certificate bundle (bsc#1112033)

==== unixODBC ====
Version update (2.3.6 -> 2.3.7)

- Update to 2.3.7:
* Fix for pkg-config file update on no linux platforms
* Add W entry for GUI work
* Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and
SQLSetConnectAttr/W
* Fix buffer overflows in SQLConnect/W and refine behaviour of
SQLGet/WritePrivateProfileString
* SQLBrowseConnect/W allow disconnecting a started browse session after error
* Add --with-stats-ftok-name configure option to allow the selection of a
file name
used to generate the IPC id when collecting stats. Default is the system
odbc.ini file
* Improve diag record handling with the behavior of Windows DM and export
SQLCancelHandle
* bug fix when SQLGetPrivateProfileString() is called to get a list of
sections or a list of keys
* Connection pooling: Fix liveness check for Unicode drivers
- Add unixODBC-2.3.7-warning-cleanup.patch: 2.3.7 a 64bit protability error
See https://github.com/lurcher/unixODBC/issues/18

==== upower ====
Subpackages: libupower-glib3 typelib-1_0-UpowerGlib-1_0 upower-lang

- Add upower-fix-keyboard-backlight.patch: daemon: Fix upower's
keyboard backlight support. Disabling kernel tunables blocked us
from accessing /sys, meaning we couldn't change keyboard
backlight levels.

==== vsftpd ====

- firewall-macros should be BuildRequires, not Requires(post)
(the macro gets expanded during package build)

==== xapian-core ====
Version update (1.4.6 -> 1.4.7)

- Update to 1.4.7:
* API:
+ Database::check(): Fix bogus error reports for documents with length
zero due to a new check added in 1.4.6 that the doclength was between the
stored upper and lower bounds, which failed to allow for the lower bound
ignoring documents with length zero (since documents indexed only by
boolean terms aren't involved in weighted searches).
+ Query: Use of Query::MatchAll in multithreaded code causes problems
because the reference counting gets messed up by concurrent updates.
Document that Query(string()) should be used instead of MatchAll in
multithreaded code, and avoid using it in library code.
* Stem:
+ Stemming algorithms added for Irish, Lithuanian, Nepali and Tamil.
+ Merge Snowball compiler changes which improve code generation.
+ Merge optimisations to the Arabic and Turkish stemmers.
* testsuite:
+ Fix duplicate test in apitest closedb10 testcase.
* See also https://xapian.org/docs/xapian-core-1.4.7/NEWS

==== xdg-user-dirs ====
Version update (0.16 -> 0.17)
Subpackages: xdg-user-dirs-lang

- update to 0.17:
+ Respect $HOME in favor of getpwuid()
+ Updated translations
+ Documentation spelling fixes

==== xfsprogs ====
Version update (4.16.1 -> 4.18.0)
Subpackages: libhandle1

- Update to v4.18.0
* xfs_repair: notify user if free inodes are corrupt
* xfs_repair: use extent size validation helpers
* xfs_quota: don't stop the directory tree walk at DEPTH
* xfs_scrub: ongoing updates
* xfs_io: document shutdown -f
* xfs_io: wire up online repair ioctls
* misc: adddebian initramfs hook to package
* misc: remove unused macros
* misc: remove many XFS_BUF macros
* Majority of 4.18 libxfs changes merged from kernel
- Update to v4.17.0
* mkfs.xfs: only stat block devices during mkfs init
* xfs_repair: multiple fixes and improvements
* xfs_repair: check and repair quota metadata
* xfs_repair: fix shortform root inode parent
* xfs_db: don't ASSERT on unrecognized metadata
* xfs_db: add superblock info command ala xfs_info
* xfs_spaceman: add superblock info command ala xfs_info
* xfs_info: call xfs_db for unmounted devices
* xfs_io: add online label command
* xfs_io: add O_PATH and O_NOFOLLOW options
* xfs_io: recognize *iB units in copy_range
- Removed now-obsolete patches:
* xfsprogs-mkfs-avoid-divide-by-zero-when-hardware-reports-opti.patch

==== xmlgraphics-fop ====

- Add reproducible-build-manifest.patch: Remove custom "Build-Id"
from manifests. It contains date and other information making the
build unreproducible (boo#1110024).

==== zimg ====
Version update (2.7.5 -> 2.8)

- Update to version 2.8:
* api: rename colorspace enum values
* colorspace: AVX-512 code paths for commonly used transfer
functions
* colorspace: optimize SSE2 LUT-based transfer functions
* common: reduce execution overhead
* depth: increase ordered dither pattern from 8x8 to 16x16
* depth: use blue noise instead of white for random dither
* depth: use different dither pattern on each color component
* resize: optimize x86 SIMD horizontal downsampling with >8 taps
* x86: cache detection on AMD processors
* x86: optimizations for AMD Excavator processors

==== zstd ====
Version update (1.3.5 -> 1.3.7)

- zstd 1.3.7:
* fix ratio for dictionary compression at levels 9 and 10
* add man pages for zstdless and zstdgrep
- includes changes from zstd 1.3.6:
* faster dictionary builder, also the new default for --train
* previous (slower, slightly higher quality) dictionary builder
to be selected via --train-cover
* Faster dictionary decompression and compression under memory
limits with many dictionaries used simultaneously
* New command --adapt for compressed network piping of data
adjusted to the perceived network conditions
- drop zstd-1.3.5-fix-list-stdin.patch, upstream
- switch from git tag snaphshot to bootstrapped tarball


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages