Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20181203
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
binutils
checkmedia (4.0 -> 4.1)
cifs-utils (6.5 -> 6.8)
digikam
elfutils (0.174 -> 0.175)
gnutls
grilo (0.3.6 -> 0.3.7)
ibus-pinyin
icecream (1.1 -> 1.2)
kvm_stat (4.19.1 -> 4.19.5)
ldb (1.4.2 -> 1.4.3)
libgcrypt
libzypp (17.9.0 -> 17.10.1)
man (2.7.6 -> 2.8.4)
nautilus (3.30.3 -> 3.30.4)
ncurses
pam
pixman (0.34.0 -> 0.36.0)
polkit-default-privs
ruby2.5
skopeo
syslinux
translation-update (15.0 -> 15.1)
virt-manager
virtualbox (5.2.20_k4.19.5_1 -> 5.2.22_k4.19.5_1)
webkit2gtk3 (2.22.3 -> 2.22.4)
xen
zypper (1.14.16 -> 1.14.17)
=== Details ===
==== binutils ====
Subpackages: binutils-devel
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
PR23919.
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
the support for the X86_ISA_1_* notes. Adds
patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
than Tumbleweed to not break old tools not expecting
PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
* from 2.30:
bnc#1065643 aka CVE-2017-15996 aka PR22361
bnc#1065689 aka CVE-2017-15939 aka PR22205
bnc#1065693 aka CVE-2017-15938 aka PR22209
bnc#1068640 aka CVE-2017-16826 aka PR22376
bnc#1068643 aka CVE-2017-16832 aka PR22373
bnc#1068887 aka CVE-2017-16831 aka PR22385
bnc#1068888 aka CVE-2017-16830 aka PR22384
bnc#1068950 aka CVE-2017-16829 aka PR22307
bnc#1069176 aka CVE-2017-16828 aka PR22386
bnc#1069202 aka CVE-2017-16827 aka PR22306
* from 2.31:
bnc#1077745 aka CVE-2018-6323 aka PR22746
bnc#1079103 aka CVE-2018-6543 aka PR22769
bnc#1079741 aka CVE-2018-6759 aka PR22794
bnc#1080556 aka CVE-2018-6872 aka PR22788
bnc#1081527 aka CVE-2018-7208 aka PR22741
bnc#1083528 aka CVE-2018-7570 aka PR22881
bnc#1083532 aka CVE-2018-7569 aka PR22895
bnc#1086608 aka CVE-2018-8945 aka PR22809
bnc#1086784 aka CVE-2018-7643 aka PR22905
bnc#1086786 aka CVE-2018-7642 aka PR22887
bnc#1086788 aka CVE-2018-7568 aka PR22894
bnc#1090997 aka CVE-2018-10373 aka PR23065
bnc#1091015 aka CVE-2018-10372 aka PR23064
bnc#1091365 aka CVE-2018-10535 aka PR23113
bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
==== checkmedia ====
Version update (4.0 -> 4.1)
Subpackages: libmediacheck4
- merge gh#openSUSE/checkmedia#8
- fix digest calculation in tagmedia (bsc#1117499)
- added testcases
- adjust function descriptions
- 4.1
==== cifs-utils ====
Version update (6.5 -> 6.8)
- Update to cifs-utils 6.8.
+ document more mount options
+ man pages now generated from RST files
+ add python-docutils build dependency
+ update keyring to check tarball signature
+ remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
+ add 0001-docs-cleanup-rst-formating.patch
+ add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
+ add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
+ add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
+ add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
+ add 0006-cifs-utils-support-rst2man-3.patch
+ add 0007-checkopts-report-duplicated-options-in-man-page.patch
+ add 0008-mount.cifs.rst-more-cleanups.patch
+ add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
+ add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
* assume SUSE vendor and SLE >= 11
==== digikam ====
Subpackages: kipi-plugins kipi-plugins-lang
- Add fix-black-Welcome-page-by-clicking-on-a-link.patch to fix
the Welcome page getting black when clicking on a link that opens
a new browser window (with QtWebEngine)
==== elfutils ====
Version update (0.174 -> 0.175)
Subpackages: elfutils-lang libasm1 libdw1 libebl-plugins libelf-devel libelf1
- Update to version 0.175
readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
libdwelf: New function dwelf_elf_begin.
libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
- remove disable-backtrace-dwarf-test.patch patch - the test
works now
==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit
- search for guile-2.2 during configure, part of boo#1117121
add patches:
* gnutls-enbale-guile-2.2.patch: search for guile-2.2
refresh patches:
* disable-psk-file-test.patch: disable psk-file in Makefile.am
==== grilo ====
Version update (0.3.6 -> 0.3.7)
Subpackages: grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3
- Update to version 0.3.7:
+ Fix crash in totem after emitting source-{add remove}.
+ Add grl_related_keys_{get,set}_int64 functions.
+ Support transform GValue on grl_data_*_for_id().
+ Add per Source configs on keyfile.
+ Pattern matching for GRL_PLUGIN_RANKS.
+ Documentation improvements.
+ Removed Autotools supported.
+ Updated translations.
- Add meson BuildRequires and macros, switch to meson buildsystem
following upstreams changes.
==== ibus-pinyin ====
- Update ibus-pinyin.spec: To adapt to tumbleweed's update to
python3.
==== icecream ====
Version update (1.1 -> 1.2)
- update to 1.2
- Add more compiler flags to the list that mean build locally
* -pedantic (preprocessing only)
* -pedantic-errors (preprocessing only)
* -fsyntax-only
- don't force local compile on -include-pch
- Make load calculation better
- Limit amount of data sent at one time for slow networks/remotes
- Many updates to the tests
- Better logs of some error conditions
- Build locally if it is likely that there will not be more compiles
- Support adding gcc and clang to the same environment
- Better handling of icerun
- Cygwin now works as a client
- Don't expose Host endianness to network
- General code cleanup
==== kvm_stat ====
Version update (4.19.1 -> 4.19.5)
* Changed the spec file to build SLE15-SP1 with the s390x patches,
and added logic to the spec file to uniquely build Factory and
SLE-15 as they do not require the first 44 patches, and the code
base is not the same
- Making kvm_stat use python3 for openSUSE (bsc#1116822)
- 0047-tools-kvm_stat-switch-python-reference-to-be-explici.patch
+ 0047-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat2.patch
+ 0048-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat3.patch
+ 0049-tools-kvm_stat-switch-python-reference-to-be-explici.patch
- Make kvm_stat use python3 (bsc#1116822)
+ 0044-tools-kvm_stat-Don-t-use-deprecated-file.patch
+ 0045-tools-kvm_stat-fix-python3-issues.patch
+ 0046-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat.patch
+ 0047-tools-kvm_stat-switch-python-reference-to-be-explici.patch
* Incorporating patches and comments produced by Fei Li for
SLE15-SP1
- Backport 43 kvm_stat patches between kernel v4.16-* and current
v4.12.14 for the kvm_stat package. Actually some of the patches
are s390x specific, and some are noarch. (FATE#325017)
+ 0001-tools-kvm_stat-fix-event-counts-display-for-interrup.patch
+ 0002-tools-kvm_stat-fix-undue-use-of-initial-sleeptime.patch
+ 0003-tools-kvm_stat-remove-unnecessary-header-redraws.patch
+ 0004-tools-kvm_stat-simplify-line-print-logic.patch
+ 0005-tools-kvm_stat-remove-extra-statement.patch
+ 0006-tools-kvm_stat-simplify-initializers.patch
+ 0007-tools-kvm_stat-move-functions-to-corresponding-class.patch
+ 0008-tools-kvm_stat-show-cursor-in-selection-screens.patch
+ 0009-tools-kvm_stat-display-message-indicating-lack-of-ev.patch
+ 0010-tools-kvm_stat-make-heading-look-a-bit-more-like-top.patch
+ 0011-tools-kvm_stat-rename-Current-column-to-CurAvg-s.patch
+ 0012-tools-kvm_stat-add-new-interactive-command-h.patch
+ 0013-tools-kvm_stat-add-new-interactive-command-s.patch
+ 0014-tools-kvm_stat-add-new-interactive-command-o.patch
+ 0015-tools-kvm_stat-display-guest-list-in-pid-guest-selec.patch
+ 0016-tools-kvm_stat-fix-error-on-interactive-command-g.patch
+ 0017-tools-kvm_stat-add-new-command-line-switch-i.patch
+ 0018-tools-kvm_stat-add-new-interactive-command-b.patch
+ 0019-tools-kvm_stat-add-f-help-to-get-the-available-event.patch
+ 0020-tools-kvm_stat-Add-Python-3-support-to-kvm_stat.patch
+ 0021-tools-kvm_stat-fix-command-line-option-g.patch
+ 0022-tools-kvm_stat-fix-drilldown-in-events-by-guests-mod.patch
+ 0023-tools-kvm_stat-fix-missing-field-update-after-filter.patch
+ 0024-tools-kvm_stat-fix-extra-handling-of-help-with-field.patch
+ 0025-tools-kvm_stat-add-hint-on-f-help-to-man-page.patch
+ 0026-tools-kvm_stat-fix-child-trace-events-accounting.patch
+ 0027-tools-kvm_stat-handle-invalid-regular-expressions.patch
+ 0028-tools-kvm_stat-suppress-usage-information-on-command.patch
+ 0029-tools-kvm_stat-stop-ignoring-unhandled-arguments.patch
+ 0030-tools-kvm_stat-add-line-for-totals.patch
+ 0031-tools-kvm_stat-sort-f-help-output.patch
+ 0032-tools-kvm_stat-simplify-the-sortkey-function.patch
+ 0033-tools-kvm_stat-use-a-namedtuple-for-storing-the-valu.patch
+ 0034-tools-kvm_stat-use-a-more-pythonic-way-to-iterate-ov.patch
+ 0035-tools-kvm_stat-avoid-is-for-equality-checks.patch
+ 0036-tools-kvm_stat-fix-crash-when-filtering-out-all-non-.patch
+ 0037-tools-kvm_stat-print-error-on-invalid-regex.patch
+ 0038-tools-kvm_stat-fix-debugfs-handling.patch
+ 0039-tools-kvm_stat-mark-private-methods-as-such.patch
+ 0040-tools-kvm_stat-eliminate-extra-guest-pid-selection-d.patch
+ 0041-tools-kvm_stat-separate-drilldown-and-fields-filteri.patch
+ 0042-tools-kvm_stat-group-child-events-indented-after-par.patch
+ 0043-tools-kvm_stat-print-Total-line-for-multiple-events-.patch
==== ldb ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libldb1 libldb1-32bit
- Update to 1.4.3
+ Python: Ensure ldb.Dn can accept utf8 encoded unicode (bug 13616)
==== libgcrypt ====
Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac
- Fail selftests when checksum file is missing in FIPS mode only
(bsc#1117355)
* add libgcrypt-binary_integrity_in_non-FIPS.patch
==== libzypp ====
Version update (17.9.0 -> 17.10.1)
- Adapt to changes in upcoming Boost 1.69.0
- Do not fail service-refresh on a empty repoindex.xml (bnc#1116840)
- version 17.10.1 (9)
- str: recognize 'always' and 'never' as valid boolean strings
- Fix needreboot code to use SolvableSpec parser (fate#326451)
- SolvableSpec: Define a set of Solvables by ident and provides
- version 17.10.0 (9)
==== man ====
Version update (2.7.6 -> 2.8.4)
- Update to man-db 2.8.4
* Major changes since man-db 2.8.3:
+ Rely on decompressors reading from their standard input rather
than redundantly passing them the input file on their command
line. This works better with downstream AppArmor confinement of
decompressors.
+ Fix invalid syntax in tmpfiles.d/man-db.conf when configured with
- -disable-cache-owner.
+ Make seccomp sandbox allow sched_getaffinity, sometimes used by
xz.
+ Check for mandb_nfmt and mandb_tfmt in the manual page hierarchy
as documented, not in the current directory. This was broken by
the working-directory-handling changes in 2.8.3. Note that this
change means that "man -l" will never use an external formatter
(which was never documented behaviour and was surely a bad idea).
+ Make seccomp sandbox allow some shared memory operations across
the board rather than just when ESET File Security is in use; the
Astrill VPN seems to require something similar, and there are
doubtless other such preload hacks.
+ Some versions of ESET File Security call msgget and msgsnd; if
this program is in use, then allow those.
* Major changes since man-db 2.8.2:
+ Make seccomp sandbox allow madvise, since that's used by lbzip2.
+ Make seccomp sandbox allow kill and tgkill outright, since groff
uses kill to pass on signals to its child processes.
+ Make seccomp sandbox allow sibling architectures on
x86/x86_64/x32, since people sometimes mix and match architectures
there for performance reasons.
+ Fix version check in locale macro loading to tolerate groff
release candidates.
+ man now only changes working directory in child processes, so
never fails due to being unable to change back to its original
working directory.
+ accessdb, apropos, and lexgrog no longer emit spurious gettext
headers in their --help output when localised.
* Major changes since man-db 2.8.1:
+ Make seccomp sandbox allow kill and tgkill when the signal is
directed at the current process or one of its threads; this is
needed by xz.
+ Make seccomp sandbox allow ioctl(fd, TIOCGWINSZ), since that's used
by musl.
+ Work around the proprietary "ESET File Security" antivirus program in
seccomp sandbox: if this is in use then we need to allow some
socket-related system calls.
+ Work around the "snoopy" execve() wrapper and logger in seccomp
sandbox: if this is in use then we need to allow some
socket-related system calls.
+ Interpret EFAULT from seccomp_load as meaning that seccomp is
unavailable, since this can be returned by some versions of
qemu-user.
* Major changes since man-db 2.8.0:
+ Fix seccomp sandbox build on Linux/POWER.
+ Fix manconv execution under seccomp when man is installed setuid.
+ Make seccomp sandbox allow mremap (used by iconv, for example).
+ configure now has a --without-libseccomp option to disable the use
of seccomp even if the library is available.
* Major changes since man-db 2.7.6.1:
+ Fix locale macro loading for Chinese to load the macro file
corresponding to just the language part of the user's locale.
+ Honour --enable-cache-owner in generated systemd tmpfiles snippet
rather than hardcoding "man".
+ If man adds prefixes to a page to handle such things as disabling
hyphenation, then take account of those when looking for a
preprocessor line at the start of the page.
+ Fix a segfault in 'man -D --help'.
+ Treat "\(en" as another synonym for "\-" in NAME sections.
+ Confine most subprocesses that handle untrusted data using
seccomp. This mainly deals with subprocesses that perform
encoding conversions, (de)compressors, groff programs, and a few
other odds and ends. groff programs use a slightly more
permissive filter since they need to create temporary files, so
additional path-based confinement (e.g. using AppArmor) is still
useful.
If this goes wrong, then MAN_DISABLE_SECCOMP=1 can be set in the
environment to disable it, but please report any such problem as a
bug.
+ man now falls back to cat if the compile-time default pager is not
executable.
* Major changes since man-db 2.7.6:
+ Don't chmod CACHEDIR.TAG if it doesn't exist.
+ Correct installation of Swedish manual pages.
- Modify the patches
* man-db-2.6.3-listall.dif
* man-db-2.6.3-man0.dif
* man-db-2.6.3-section.dif
* man-db-2.7.1-firefox.dif
* man-db-2.7.1-security4.dif
* man-db-2.7.1-zio.dif
- Rename patch man-db-2.7.6.dif which is now man-db-2.8.4.dif
- Add systemd timer service and its timer unit to refresh man
data base daily without using cron (bsc#1115406)
==== nautilus ====
Version update (3.30.3 -> 3.30.4)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1 nautilus-lang
- Update to version 3.30.4:
+ Fix crash when opening windows quickly.
+ Show trash action bar when trash status changes.
+ Implement rename file support in dbus for integration with
desktop icons extension.
==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen
- Remove screen.xterm from terminfo data base (boo#1103320) as with
this screen uses fallback TERM=screen
- Add ncurses patch 20181117
+ ignore the hex/b64 $TERMINFO in toe's listing.
+ correct a status-check in _nc_read_tic_entry() so that if reading
a hex/b64 $TERMINFO, and the $TERM does not match, fall-through to
the compiled-in search list.
- For screen.xterm remove also `rep' feature (repeat char) this
might help on boo#1103320
- Add ncurses patch 20181110
+ several workarounds to ensure proper C compiler used in parts of
Ada95 tree.
+ update config.guess, config.sub from
http://git.savannah.gnu.org/cgit/config.git
==== pam ====
Subpackages: pam-32bit pam-devel
- When comparing an incoming IP address with an entry in
access.conf that only specified a single host (ie no netmask),
the incoming IP address was used rather than the IP address from
access.conf, effectively comparing the incoming address with
itself. (Also fixed a small typo while I was at it)
{bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
==== pixman ====
Version update (0.34.0 -> 0.36.0)
Subpackages: libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-devel
- Update to version 0.36.0:
+ Add tests for (a)rgb floating point formats
+ Add support for argb/xrgb float formats, v5
+ Fix stride calculation in stress-test
+ Adjust for clang's removal of __builtin_shuffle
+ Fix vector loads on ppc64le
+ Promote unsigned short to unsigned int explicitly
+ pixman-filter: Made Gaussian a bit wider
+ pixman-filter: Nested polynomial for cubic
+ pixman-filter: Fix several issues related to normalization
+ pixman-filter: Speed up BOX/BOX filter
+ pixman-filter: integral splitting is only needed for triangle
filterdd
+ pixman-filter: Correct Simpsons integration
+ pixman-filter: reduce amount of malloc/free/memcpy to generate
filter
+ pixman-image: Added enable-gnuplot config to view filters in
gnuplot
+ pixman-fast-path.c: Pick NEAREST affine fast paths before
BILINEAR ones
+ pixman-private: include