Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190112 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa Mesa-drivers libarchive libidn2 (2.0.5 -> 2.1.0) ltrace man-pages nodejs10 (10.13.0 -> 10.15.0) openssh osinfo-db publicsuffix (20181030 -> 20181227) qemu qemu-linux-user re2 (20181001 -> 20190101) vim (8.1.0565 -> 8.1.0687) xf86-video-neomagic (1.2.9 -> 1.3.0) yast2-schema (4.0.6 -> 4.1.0) zstd (1.3.7 -> 1.3.8) === Details === ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - redisabled support for tegra, since it just got disabled upstream in git master ... - Enable the surfaceless platform, which is needed by KDE CI environment for testing (https://phabricator.kde.org/T10245) - Add etnaviv, imx and tegra supports for %arm and arch64 ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - redisabled support for tegra, since it just got disabled upstream in git master ... - Enable the surfaceless platform, which is needed by KDE CI environment for testing (https://phabricator.kde.org/T10245) - Add etnaviv, imx and tegra supports for %arm and arch64 ==== libarchive ==== Subpackages: bsdtar libarchive13 - Added patches: * CVE-2018-1000877.patch, which fixes a double free vulnerability in RAR decoder (CVE-2018-1000877 bsc#1120653) * CVE-2018-1000878.patch, which fixes a Use-After-Free vulnerability in RAR decoder (CVE-2018-1000878 bsc#1120654) * CVE-2018-1000879.patch, which fixes a NULL Pointer Dereference vulnerability in ACL parser (CVE-2018-1000879 bsc#1120656) * CVE-2018-1000880.patch, which fixes an improper input validation vulnerability in WARC parser (CVE-2018-1000880 bsc#1120659) - Make use of %license macro - Applied spec-cleaner ==== libidn2 ==== Version update (2.0.5 -> 2.1.0) - update to 2.1.0: * Two internal functions are no longer exposed, soname bump * Fix label length check for idn2_register_u8() * Add missing error messages to idn2_strerror_name() ==== ltrace ==== - Add gcc9-printf-s-null-argument.patch: boo#1120789. ==== man-pages ==== - supplements man [bsc#1116987] ==== nodejs10 ==== Version update (10.13.0 -> 10.15.0) Subpackages: nodejs10-devel npm10 - New upstream LTS version 10.15.0 (still bsc#1112438, FATE#326776): * cli: add --max-http-header-size flag * http: add maxHeaderSize property - Changes in version 10.14.2 * deps: upgrade to c-ares v1.15.0 * child_process: handle undefined/null for fork() args * http2: make Http2Settings constructors delegate * os: fix memory leak in userInfo() - fix_ci_tests.patch: refreshed - New upstream LTS version 10.14.1 (still bsc#1112438, FATE#326776): * deps: Upgrade to OpenSSL 1.1.0j, fixing + Timing vulnerability in DSA signature generation (bsc#1113652, CVE-2018-0734) + Timing vulnerability in ECDSA signature generation (bsc#1113651, CVE-2018-0735) * http: + Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. (bsc#1117626, CVE-2018-12121) + A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (bsc#1117627, CVE-2018-12122) * url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (bsc#1117629, CVE-2018-12123) ==== openssh ==== Subpackages: openssh-helpers - Added compatibility with SuSEfirewall2 [bsc#1118044] ==== osinfo-db ==== - Fix volume ID for SLE15-SP1 (bsc#1086715) add-sle15sp1-support.patch add-opensuse-leap-15.1-support.patch ==== publicsuffix ==== Version update (20181030 -> 20181227) - Update to version 20181227: * Add run.app and a.run.app to the psl (#681) * Add telebit.io .app .xyz (#726) * Add Leadpages domains (#731) * Add public suffix entries for dapps.earth (#708) * Add Bytemark Hosting domains (#620) * Remove .STATOIL * linter: Expect rules to be in NFKC (#725) * Convert list data from NFKD to NFKC (#720) * Update LS (#718) ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-extra qemu-guest-agent qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-sdl qemu-vgabios qemu-x86 - include post v3.1.0 patches marked for next stable release: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch - Address various security/stability issues * Fix host access vulnerability in usb-mtp infrastructure (CVE-2018-16872 bsc#1119493) 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch * Fix DoS in pvrdma interface (CVE-2018-20123 bsc#1119437) 0047-pvrdma-release-device-resources-in-.patch * Fix OOB access issue in rdma backend (CVE-2018-20124 bsc#1119840) 0048-rdma-check-num_sge-does-not-exceed-.patch * Fix NULL pointer reference in pvrdma emulation (CVE-2018-20191 bsc#1119979) 0049-pvrdma-add-uar_read-routine.patch * Fix DoS in pvrdma interface (CVE-2018-20125 bsc#1119989) 0050-pvrdma-check-number-of-pages-when-c.patch * Fix DoS in pvrdma interface (CVE-2018-20216 bsc#1119984) 0051-pvrdma-check-return-value-from-pvrd.patch * Fix DoS in pvrdma interface (CVE-2018-20126 bsc#1119991) 0052-pvrdma-release-ring-object-in-case-.patch - one more post v3.1.0 patches marked for next stable release: 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993) - Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh - Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead ==== qemu-linux-user ==== - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0041-vfio-ap-flag-as-compatible-with-bal.patch 0042-hw-s390x-Fix-bad-mask-in-time2tod.patch 0043-pcie-set-link-state-inactive-active.patch 0044-pc-piix4-Update-smbus-I-O-space-aft.patch 0045-hw-usb-fix-mistaken-de-initializati.patch 0046-usb-mtp-use-O_NOFOLLOW-and-O_CLOEXE.patch 0047-pvrdma-release-device-resources-in-.patch 0048-rdma-check-num_sge-does-not-exceed-.patch 0049-pvrdma-add-uar_read-routine.patch 0050-pvrdma-check-number-of-pages-when-c.patch 0051-pvrdma-check-return-value-from-pvrd.patch 0052-pvrdma-release-ring-object-in-case-.patch 0053-block-Fix-hangs-in-synchronous-APIs.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1 * Patches added: 0040-xen-ignore-live-parameter-from-xen-.patch (bsc#1079730, bsc#1101982, bsc#1063993) - Follow up on ideas prompted by last change: clean up the patches generated by git workflow. There is no value to the first line (mbox From line), or [PATCH] on subject line. Get rid of those - Other minor fixes and improvements to update_git.sh - Modify update_git.sh script: pass --zero-commit to format-patch This removes needless noise in the buildservice when the same set of patches is imported/exported at different times by different users. pass --no-signature to format-patch Remove sed call which used to remove the signature, use mv instead ==== re2 ==== Version update (20181001 -> 20190101) - update to 2019-01-01: * developer visible changes, performance tweaks and bug fixes ==== vim ==== Version update (8.1.0565 -> 8.1.0687) Subpackages: gvim vim-data vim-data-common - Updated to version 8.1.0687 , fixes the following problems + refreshed disable-unreliable-tests.patch * Asan complains about reading before allocated block. * SGR not enabled for mintty because $TERM is "xterm". * Error for NUL byte in ScreenLines goes unnoticed. * Error message for NUL byte in ScreenLines breaks Travis CI. * Execute() always resets display column to zero. (Sha Liu) * 'commentstring' not used when adding fold marker. (Maxim Kim) * Non-silent execute() resets display column to zero. * Stopping a job does not work properly on OpenBSD. * Cannot redefine user command without ! in same script * 'commentstring' not used when adding fold marker in C. * Termdebug: clearing multi-breakpoint does not work. * Indent script tests pick up installed scripts. * Tabpage right-click menu never shows "Close tab". * Cannot disable arabic, rightleft and farsi in configure. * Cannot attach properties to text. * Invalid memory access when using text properties. * Double free without the text properties feature. * Text properties are not enabled. * Using illogical name for get_dict_number()/get_dict_string(). * With search CTRL-L does not pick up composing characters. * Undo test may fail on MS-Windows. * :digraph output is not easy to read. * GvimExt: realloc() failing is not handled properly. * Cannot define a sign with space in the text. * Compilation error in gvimext.cpp. * When a job ends the closed channels are not handled. * Channel sort test is flaky. * The libvterm tests are not run as part of Vim tests. * Illegal memory access in libvterm test. * Libvterm tests are not run with coverage. * Not all parts of printf() are tested. * Cannot run test_libvterm from the top directory. * Indent tests may use the wrong Vim binary. * Without the +eval feature the indent tests don't work. * Channel test is flaky. * A few compiler warnings. * DirChanged is also triggered when the directory didn't change * The :stop command is not tested. * Running make in the top directory echoes a comment. * 'cryptmethod' defaults to a very old method. * Proto files are not in sync with the source code. * Coverals is not updating. * Crash when using terminal with long composing characters. * Cannot use two global runtime dirs with configure. * When executing an insecure function the secure flag is stuck. * Placing signs can be complicated. * Get_tv function names are not consistent. * term_getjob() does not return v:null as documented. * :echomsg and :echoerr do not handle List and Dict like :echo does. * Overuling CONF_ARGS from the environment no longer works. * Terminal debugger does not handle unexpected debugger exit. * Adding quickfix items marks items as valid errors. (Daniel Hahler) * Iterating through window frames is repeated. * Overuling CONF_ARGS from the environment still does not work. * Python cannot handle function name of script-local function. * Compiler warning on MS-Windows. * "gn" selects the wrong text with a multi-line match. * "wincmd p" does not work after using an autocmd window. * Test for :stop fails on Arch. * Using sign group names is inefficient. * Crash when out of memory while opening a terminal window. * Text properties cannot cross line boundaries. * Coverity complains about null pointer use. * line2byte() gives wrong values with text properties. * Text property highlighting is off by one column. * text properties test fails on MS-Windows * Get E14 while typing command :tab with 'incsearch' set. * No check for out-of-memory when converting regexp. * swapinfo() leaks memory. * Computing byte offset wrong. * Finding next sign ID is inefficient. * Coverity warns for possible use of NULL pointer. * Cannot build with Ruby 2.6.0. * Custom operators can't act upon a forced motion. * setjmp() variables defined globally are used in one file. * Command line argument -q [errorfile] is not tested. * :args \"foo works like :args without argument. * Freeing memory for balloon eval too early. * Arglist test fails on MS-windows. * When deleting a line text property flags are not adjusted. * When appending a line text property flags are not added. * Trying to reconnect to X server may cause problems. * Get error for using regexp recursively. * Deleting signs and completion for :sign is insufficient. * Build failure without the sign feature. * sign_unplace() may leak memory. * Clipboard regexp might be used recursively. * Needlessly searching for tilde in string. * Text property display wrong when 'number' is set. * Configure "fail-if-missing" does not apply to the enable-gui argument. * Text property display wrong when 'spell' is set. * Text property test fails. * Textprop test leaves file behind. * No test for overstrike mode in the command line. * The ex_sign() function is too long. * Macro for popup menu width is unused. * Cursor in the wrong column after auto-formatting. * The Lua interface doesn't know about v:null. * Functionality for signs is spread out over several files. * Leaking memory when updating a single line. * Text property column is screen columns is not practical. * Textprop screendump test fails. * Look-behind match may use the wrong line number. (Dominique Pelle) * Text properties as not adjusted for inserted text. * Sign functions do not take buffer argument as documented. * Not easy to see what features are unavailable. * Text properties as not adjusted for deleted text. * Text properties are not adjusted when backspacing replaced text. * Spell highlighting does not always end. * Warnings from 64-bit compiler. ==== xf86-video-neomagic ==== Version update (1.2.9 -> 1.3.0) - Update to version 1.3.0 * This is a maintenance release of NeoMagic DDX for X.Org X Server. No testing has been done due to the lack of equipment availability. ==== yast2-schema ==== Version update (4.0.6 -> 4.1.0) - AutoYaST schema changed in yast2-firewall (4.1.4). - Allowed the new 'forward_ports', 'rich_rules' and 'source_ports' elements in zone entries (bsc#1108199) - 4.1.0 - Added new schema of yast2-tftp-server module (bsc#1108199). - 4.0.7 ==== zstd ==== Version update (1.3.7 -> 1.3.8) - zstd 1.3.8: * better decompression speed on large files (+7%) and cold dictionaries (+15%) * slightly better compression ratio at high compression modes * new --rsyncable mode * support decompression of empty frames into NULL (used to be an error) * support ZSTD_CLEVEL environment variable * --no-progress flag, preserving final summary * various CLI fixes -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org