Mailinglist Archive: opensuse-factory (330 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20181128 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20181128

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaFirefox (62.0.3 -> 63.0.3)
adwaita-icon-theme (3.30.0 -> 3.30.1)
autogen (5.18.14 -> 5.18.16)
edict (20180305 -> 20181125)
elilo
git (2.19.1 -> 2.19.2)
grub2
kde-l10n
libpipeline (1.4.1 -> 1.5.0)
libpt2
lirc
mariadb (10.2.18 -> 10.2.19)
metis
mokutil
nut
open-iscsi
openldap2
openssh (7.8p1 -> 7.9p1)
plymouth (0.9.4+git20181111.118c5ca -> 0.9.4+git20181122.aaa140b)
postfix (3.3.1 -> 3.3.2)
python-requests (2.20.0 -> 2.20.1)
rubygem-parallel_tests (2.22.1 -> 2.27.0)
rubygem-yast-rake (0.2.28 -> 0.2.29)
tmux
valgrind (3.13.0 -> 3.14.0)
virt-manager
wayland
yast2-apparmor (4.1.0 -> 4.1.1)
yast2-network (4.1.17 -> 4.1.18)
yast2-nfs-server (4.0.1 -> 4.0.2)

=== Details ===

==== MozillaFirefox ====
Version update (62.0.3 -> 63.0.3)
Subpackages: MozillaFirefox-translations-common

- Clean-up %arm build
- update to Firefox 63.0.3
* Games using WebGL (created in Unity) get stuck after very short
time of gameplay (bmo#1502748)
* Slow page loading for some users with specific proxy configurations
(bmo#1495024)
* Disable HTTP response throttling by default for causing bugs with
videos in background tabs (bmo#1503354)
* Opening magnet links no longer works (bmo#1498934)
* Crash fixes (bmo#1498510, bmo#1503424)
- removed mozilla-newer-cbindgen.patch; no longer needed
- update to Firefox 63.0.1
* Snippets are not loaded due to missing element (bmo#1503047)
* Print preview always shows 30& scale when it is actually
Shrink To Fit (bmo#1501952)
* Dialog displayed when closing multiple windows shows unreplaced
%1$S placeholder in Japanese and potentially other locales
(bmo#1500823)
- update to Firefox 63.0
* WebExtensions now run in their own process on Linux
* The Ctrl+Tab shortcut now displays thumbnail previews of your
tabs and cycles through tabs in recently used order. This new
default behavior is activated only in new profiles and can be
changed in preferences.
* Added support for Web Components custom elements and shadow DOM
MFSA 2018-26 (bsc#1112852)
* CVE-2018-12391 (bmo#1478843) (Android-only)
HTTP Live Stream audio data is accessible cross-origin
* CVE-2018-12392 (bmo#1492823)
Crash with nested event loops
* CVE-2018-12393 (bmo#1495011) (only affects non-64-bit archs)
Integer overflow during Unicode conversion while loading JavaScript
* CVE-2018-12395 (bmo#1467523)
WebExtension bypass of domain restrictions through header rewriting
* CVE-2018-12396 (bmo#1483602)
WebExtension content scripts can execute in disallowed contexts
* CVE-2018-12397 (bmo#1487478)
Missing warning prompt when WebExtension requests local file access
* CVE-2018-12398 (bmo#1460538, bmo#1488061)
CSP bypass through stylesheet injection in resource URIs
* CVE-2018-12399 (bmo#1490276)
Spoofing of protocol registration notification bar
* CVE-2018-12400 (bmo#1448305) (Android only)
Favicons are cached in private browsing mode on Firefox for Android
* CVE-2018-12401 (bmo#1422456)
DOS attack through special resource URI parsing
* CVE-2018-12402 (bmo#1469916)
SameSite cookies leak when pages are explicitly saved
* CVE-2018-12403 (bmo#1484753)
Mixed content warning is not displayed when HTTPS page loads a favicon over
HTTP
* CVE-2018-12388 (bmo#1472639, bmo#1485698, bmo#1301547, bmo#1471427,
bmo#1379411, bmo#1482122, bmo#1486314, bmo#1487167)
Memory safety bugs fixed in Firefox 63
* CVE-2018-12390 (bmo#1487098, bmo#1487660, bmo#1490234, bmo#1496159,
bmo#1443748, bmo#1496340, bmo#1483905, bmo#1493347, bmo#1488803,
bmo#1498701, bmo#1498482, bmo#1442010, bmo#1495245, bmo#1483699,
bmo#1469486, bmo#1484905, bmo#1490561, bmo#1492524, bmo#1481844)
Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
- requires NSPR 4.20, NSS 3.39 and Rust 1.28
- latest rust does not provide rust-std so stop requiring it
- requires rust-cbindgen >= 0.6.2 to build
- requires nodejs >= 8.11 to build
- added mozilla-bmo1491289.patch to fix system NSS build (bmo#1491289)
- added mozilla-cubeb-noreturn.patch to fix non-return function
- added mozilla-newer-cbindgen.patch to fix build with cbindgen 0.6.7
- disable elfhack for TW and newer due to build errors
- removed obsolete patches
* mozilla-no-return.patch
* mozilla-no-stdcxx-check.patch
- Update _constraints for armv6/7
- Add patch to fix build on armv7:
* mozilla-bmo1463035.patch

==== adwaita-icon-theme ====
Version update (3.30.0 -> 3.30.1)

- Update to version 3.30.1:
+ Fix nasty misrendering of inode-directory-symbolic.

==== autogen ====
Version update (5.18.14 -> 5.18.16)
Subpackages: libopts25

- Remove invalid signature file and keyring
- BuildRequire guile-devel to make transistion to Guile 2.2 smooth
- Update to version 5.8.16
- Enable compiling with Guile 2.2
- autogen-guile-2.2.patch: removed
- installable-programs.patch: don't make programs uninstallable
- Rediff remaining patches

==== edict ====
Version update (20180305 -> 20181125)

- Update to snapshot 20181125
* No changelog recorded.
- Split package into: edict, edict2, jmdict. This way, one need not
install the rather large XML variant (jmdict) if not needed.
- Added JIS X 0213-2012 Kanji dictionary ("kanjd213").
- Remove the computer terminology dictionary "compdic", as it is
already included in the word dictionary.

==== elilo ====

- elilo.efi
* Try to properly allocate high_base_mem. (bsc#1000769)
(elilo-high_base_mem.diff)
- elilo.spec
* Work around glitches introduced by gnu-efi.
* Add '-mno-red-zone' to work around Microsoft/SystemV AMD64 ABI
discrepancies. (bsc#953502)
- elilo.pl
* Support 'ucode=' for XEN. (bsc#1102567)
* SecureBoot: Support detached configuration template.
* Add support for 'UUID='/'LABEL=' to specify EFI system partition
and fix bug introduced by NVMe device handling. (bsc#917195)
* Handle NVMe device names. (fate#317591)
* Don't abort, when "skip" is announced. (bsc#917130)
- elilo.efi
* Remove special handling for '?' in textmenu-mode. (bsc#928546)
(elilo-textmenu-disable-print-devices.diff)

==== git ====
Version update (2.19.1 -> 2.19.2)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk

- git 2.19.2:
* various bug fixes for multiple subcommands and operations

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin
grub2-x86_64-efi grub2-x86_64-xen

- Change default tsc calibration method to pmtimer on EFI (bsc#1114754)
* 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch
- ieee1275: Fix double free in CAS reboot (bsc#1111955)
* grub2-ppc64-cas-fix-double-free.patch

==== kde-l10n ====
Subpackages: kde-l10n-cs kde-l10n-da kde-l10n-da-data kde-l10n-da-doc
kde-l10n-de kde-l10n-de-data kde-l10n-de-doc kde-l10n-el kde-l10n-en_GB
kde-l10n-en_GB-data kde-l10n-en_GB-doc kde-l10n-es kde-l10n-es-data
kde-l10n-es-doc kde-l10n-fr kde-l10n-fr-data kde-l10n-hu kde-l10n-it
kde-l10n-it-data kde-l10n-it-doc kde-l10n-ja kde-l10n-pl kde-l10n-pl-data
kde-l10n-pt kde-l10n-pt_BR kde-l10n-pt_BR-data kde-l10n-ru kde-l10n-ru-data
kde-l10n-zh_CN kde-l10n-zh_TW

- Fix "Summary: summary"

==== libpipeline ====
Version update (1.4.1 -> 1.5.0)

- Update to version 1.5.0
* Add `pipecmd_pre_exec' to install a pre-exec handler for a single command.
* Fix EOF detection in get_line.

==== libpt2 ====

- Add reproducible.patch to not store build system kernel
version (boo#1101107)

==== lirc ====

- Add reproducible.patch to drop build date, kernel version,
sort python glob to make build reproducible (boo#1047218, boo#1101107)

==== mariadb ====
Version update (10.2.18 -> 10.2.19)
Subpackages: libmysqld19 mariadb-client mariadb-errormessages

- update to 10.2.19 GA [bsc#1116686]
* notable changes:
* innodb_safe_truncate system variable for a backup-safe
TRUNCATE TABLE implementation that is based on RENAME,
CREATE, DROP (MDEV-14717, MDEV-14585, MDEV-13564). Default
value for this variable is ON. If you absolutely must use
XtraBackup instead of Mariabackup, you can set it to OFF and
restart the server
* MDEV-17289: Multi-pass recovery fails to apply some redo
log records
* MDEV-17073: INSERT?ON DUPLICATE KEY UPDATE became more
deadlock-prone
* MDEV-17491: micro optimize page_id_t
* MDEV-13671: InnoDB should use case-insensitive column name
comparisons like the rest of the server
* Fixes for indexed virtual columns: MDEV-17215, MDEV-16980
* MDEV-17433: Allow InnoDB start up with empty ib_logfile0
from mariabackup --prepare
* MDEV-12547: InnoDB FULLTEXT index has too strict
innodb_ft_result_cache_limit max limit
* MDEV-17541: KILL QUERY during lock wait in FOREIGN KEY
check causes hang
* MDEV-17531: Crash in RENAME TABLE with FOREIGN KEY and
FULLTEXT INDEX
* MDEV-17532: Performance_schema reports wrong directory for
the temporary files of ALTER TABLE?ALGORITHM=INPLACE
* MDEV-17545: Predicate lock for SPATIAL INDEX should lock
non-matching record
* MDEV-17546: SPATIAL INDEX should not be allowed for
FOREIGN KEY
* MDEV-17548: Incorrect access to off-page column for
indexed virtual column
* MDEV-12023: Assertion failure sym_node->table != NULL
on startup
* MDEV-17230: encryption_key_id from alter is ignored by
encryption threads
* fixes for the following security vulnerabilities:
CVE-2018-3282 [bsc#1112432], CVE-2016-9843 [bsc#1013882],
CVE-2018-3174 [bsc#1112368], CVE-2018-3143 [bsc#1112421],
CVE-2018-3156 [bsc#1112417], CVE-2018-3251 [bsc#1112397],
CVE-2018-3185 [bsc#1112384], CVE-2018-3277 [bsc#1112391],
CVE-2018-3162 [bsc#1112415], CVE-2018-3173 [bsc#1112386],
CVE-2018-3200 [bsc#1112404], CVE-2018-3284 [bsc#1112377]
* release notes and changelog:
https://mariadb.com/kb/en/library/mariadb-10219-release-notes
https://mariadb.com/kb/en/library/mariadb-10219-changelog
- do not pack libmariadb.pc (packed in mariadb-connector-c)
- add "Requires: libmariadb_plugins" to the mariadb-test subpackage
in order to be able to test client plugins successfuly
[bsc#1111859]
- don't remove debug_key_management.so anymore [bsc#1111858]

==== metis ====

- Edit description to put time-sensitive wording into context.
- General spec file clean up.
- Touch-up to the HPC build.
- Implemented suse-hpc packaging
- Added metis-makefile-c-directives.patch
- Provides cflags option to help provide metis native build process

==== mokutil ====

- Enable AArch64 build (fate#326541)

==== nut ====
Subpackages: libupsclient1 nut-cgi

- Give up on packaging the tex docu as it fails to build with
latest texlive
- Add missing tex dependencies so we can generate the pdf with
newer releases of texlive
- Drop patch docs-destination-dir.patch which is quite pointless
- Remove invalid option 'destination-dir' when generating PDF
files (docs-destination-dir.patch)

==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0

- Updated to latest upstream, with fixes:
* Use pkg-config in Makefiles for newer libraries.
* Merge pull request #145 from gonzoleeman/fix-i586-build-warnings
* Fix i586 build issues with string length overflow.
* iscsistart is not installed
* iscsiuio: Do not flush tx queue on each uio interrupt.
updating:
* open-iscsi-SUSE-latest.diff.bz2
Also, update the SPEC file: no more need to specify libkmod
or libsystemd, since upstream handles that now.

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client
openldap2-devel

- Replace old $RPM_* shell vars
- Fix CVE-2017-17740: when both the nops module and the memberof
overlay are enabled, attempts to free a buffer that was allocated
on the stack
* patch: 0017-Fix-segfault-in-nops.patch
(bsc#1073313)

==== openssh ====
Version update (7.8p1 -> 7.9p1)
Subpackages: openssh-helpers

- Fix build with openssl < 1.1.0
* add openssh-openssl-1_0_0-compatibility.patch
- openssh-7.7p1-audit.patch: fix sshd fatal error in
mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]
- Version update to 7.9p1
* ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
option (see below) bans the use of DSA keys as certificate
authorities.
* sshd(8): the authentication success/failure log message has
changed format slightly. It now includes the certificate
fingerprint (previously it included only key ID and CA key
fingerprint).
* ssh(1), sshd(8): allow most port numbers to be specified using
service names from getservbyname(3) (typically /etc/services).
* sshd(8): support signalling sessions via the SSH protocol.
A limited subset of signals is supported and only for login or
command sessions (i.e. not subsystems) that were not subject to
a forced command via authorized_keys or sshd_config. bz#1424
* ssh(1): support "ssh -Q sig" to list supported signature options.
Also "ssh -Q help" to show the full set of supported queries.
* ssh(1), sshd(8): add a CASignatureAlgorithms option for the
client and server configs to allow control over which signature
formats are allowed for CAs to sign certificates. For example,
this allows banning CAs that sign certificates using the RSA-SHA1
signature algorithm.
* sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
revoke keys specified by SHA256 hash.
* ssh-keygen(1): allow creation of key revocation lists directly
from base64-encoded SHA256 fingerprints. This supports revoking
keys using only the information contained in sshd(8)
authentication log messages.
- Removed obsolete configuration option --with-tcp-wrappers, and
- -with-opensc for s390 and s390x.
- Removed patch merged upstream
* openssh-7.7p1-openssl_1.1.0.patch
- Refreshed patches
* openssh-7.7p1-audit.patch
* openssh-7.7p1-disable_short_DH_parameters.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-gssapi_key_exchange.patch
* openssh-7.7p1-seccomp_ipc_flock.patch
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-ldap.patch
- Mention upstream bugs on multiple local patches
- Adjust service to not spam restart and reload only on fails
- Update openssh-7.7p1-sftp_force_permissions.patch from the
upstream bug, and mention the bug in the spec
- Drop patch openssh-7.7p1-allow_root_password_login.patch
* There is no reason to set less secure default value, if
users need the behaviour they can still set it up themselves
- Drop patch openssh-7.7p1-blocksigalrm.patch
* We had a bug way in past about this but it was never reproduced
or even confirmed in the ticket, thus rather drop the patch

==== plymouth ====
Version update (0.9.4+git20181111.118c5ca -> 0.9.4+git20181122.aaa140b)
Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4
libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft
plymouth-plugin-script plymouth-plugin-two-step plymouth-scripts

- Update to version 0.9.4+git20181122.aaa140b:
Add a separator between different boot logs
Fix race causing undesired creation of non-gfx devs
Fix animation not starting on later added heads

==== postfix ====
Version update (3.3.1 -> 3.3.2)
Subpackages: postfix-doc

- Update to 3.3.2
* Support for OpenSSL 1.1.1 and TLSv1.3.
* Bugfixes:
- smtpd_discard_ehlo_keywords could not disable "SMTPUTF8", because
some lookup table was using "EHLO_MASK_SMTPUTF8" instead.
- minor memory leak in DANE support when minting issuer certs.
- The Postfix build did not abort if the m4 command was not installed,
resulting in a broken postconf command.
- add POSTFIX_RELAY_DOMAINS
* more flexibility to add to relay_domains without breaking
config.postfix
* rework restriction examples in sysconf.postfix
based on postfix-buch.com (2. edtion by Hildebrandt, Koetter)
- disable weak cipher: RC4
after check with https://ssl-tools.net/mailservers

==== python-requests ====
Version update (2.20.0 -> 2.20.1)
Subpackages: python2-requests python3-requests

- update to version 2.20.1:
* Bugfixes
+ Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).

==== rubygem-parallel_tests ====
Version update (2.22.1 -> 2.27.0)

- updated to version 2.27.0
no changelog found

==== rubygem-yast-rake ====
Version update (0.2.28 -> 0.2.29)

- Fix base dir for icons (boo#1109378)
- 0.2.29

==== tmux ====

- add fix-cve201819387.patch fixes CVE-2018-19387 boo#1116887

==== valgrind ====
Version update (3.13.0 -> 3.14.0)

- update valgrind.xen.patch to branch bug390553-20181125-ddfc274b2
- build against Toolchain module for SLE12
- add 0001-Bug-397187-s390x-Add-vector-register-support-for-vgd.patch
0001-Bug-400490-s390x-Fix-register-allocation-for-VRs-vs-.patch,
0001-Bug-400491-s390x-Sign-extend-immediate-operand-of-LO.patch,
0001-s390x-more-fixes.patch,
Implement-emulated-system-registers.-Fixes-392146.patch (FATE#326355)
- enable check (poo#36751)
- update to 3.14.0 (bsc#1114575, FATE#326355):
see http://www.valgrind.org/docs/manual/dist.news.html
* The new option --keep-debuginfo=no|yes (default no) can be used to retain
debug info for unloaded code. This allows saved stack traces (e.g. for
memory leaks) to include file/line info for code that has been dlclose'd (or
similar). See the user manual for more information and known limitations.
* Ability to specify suppressions based on source file name and line number.
* Majorly overhauled register allocator. No end-user changes, but the JIT
generates code a bit more quickly now.
* Preliminary support for macOS 10.13 has been added.
* mips: support for MIPS32/MIPS64 Revision 6 has been added.
* mips: support for MIPS SIMD architecture (MSA) has been added.
* mips: support for MIPS N32 ABI has been added.
* s390: partial support for vector instructions (integer and string) has been
added.
* Helgrind: Addition of a flag
- -delta-stacktrace=no|yes [yes on linux amd64/x86]
which specifies how full history stack traces should be computed.
Setting this to =yes can speed up Helgrind by 25% when using
- -history-level=full.
* Memcheck: reduced false positive rate for optimised code created by Clang 6
/ LLVM 6 on x86, amd64 and arm64. In particular, Memcheck analyses code
blocks more carefully to determine where it can avoid expensive definedness
checks without loss of precision. This is controlled by the flag
- -expensive-definedness-checks=no|auto|yes [auto].
* Valgrind is now buildable with link-time optimisation (LTO). A new
configure option --enable-lto=yes allows building Valgrind with LTO. If the
toolchain supports it, this produces a smaller/faster Valgrind (up to 10%).
Note that if you are doing Valgrind development, --enable-lto=yes massively
slows down the build process.
- remove epoll-wait-fix.patch,
Fix-access-to-time-base-register-to-return-64-bits.patch,
0001-Accept-read-only-PT_LOAD-segments-and-.rodata.patch (upstream),

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- bsc#1116990 - [virt-install] internal error: libxenlight failed
to create new domain 'sles-11-sp4-64-pv-def-net'. Fix reversed
logic when testing for i386.
virtinst-use-xenpae-kernel-for-32bit.patch

==== wayland ====
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1
libwayland-server0

- Downgrades do not work in SLES service packs, because the SP0
repo remains enabled for SP1. (This is unlike Leap, where a 15.1
system will have no 15.0 directories.) As such, to force the
upgrade from Mesa:libwayland-egl1 to wayland:libwayland-egl1,
the number in wayland is bumped to >18 for those distros.

==== yast2-apparmor ====
Version update (4.1.0 -> 4.1.1)

- Provide icon with module (boo#1109310)
- Added license file to spec.

==== yast2-network ====
Version update (4.1.17 -> 4.1.18)

- bnc#709176
- keep original hostnames untouched in /etc/hosts when only IP
changed
- 4.1.18
- bnc#1107470
- this bug is fixed since 4.0.14 (3.2.47)

==== yast2-nfs-server ====
Version update (4.0.1 -> 4.0.2)
Subpackages: yast2-nfs-common

- Use the real name for nfs-server service instead an alias
(bsc#1116779).
- 4.0.2
- Added license file to spec.
- Switched license in spec file from SPDX2 to SPDX3 format.


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages