Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190314
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
apparmor
augeas
binutils
chrony
coreutils (8.30 -> 8.31)
dhcp
drbd
drbd-utils (9.6.0 -> 9.8.0)
ftgl
gnu-unifont-bitmap-fonts (11.0.03 -> 12.0.01)
gvfs (1.38.1 -> 1.38.2)
hplip
installation-images-Kubic (14.411 -> 14.415)
jasper
kernel-source (4.20.13 -> 5.0.1)
krusader
kvm_stat (4.20.4 -> 5.0.1)
libXdamage (1.1.4 -> 1.1.5)
libaio
libreoffice (6.2.1.2 -> 6.2.2.1)
libstorage-ng (4.1.96 -> 4.1.98)
libvoikko (4.1.1 -> 4.2)
multipath-tools (0.7.9+111+suse.b4232b7 -> 0.7.9+139+suse.ed9d450)
nasm (2.13.03 -> 2.14.02)
ntp (4.2.8p12 -> 4.2.8p13)
obs-service-tar_scm (0.10.5.1551309990.79898c7 -> 0.10.6.1551887937.e42c270)
okteta (0.25.5 -> 0.26.0)
openblas_pthreads
openssh
os-prober
ovmf (2019+git1550452308.c417c1b33d06 -> 2019+git1552059899.89910a39dcfd)
perl-Encode (3.00 -> 3.01)
perl-IO-Socket-SSL (2.062 -> 2.066)
perl-Net-SSLeay (1.85 -> 1.86_07)
plasma-browser-integration (5.15.2 -> 5.15.3)
plymouth (0.9.4+git20181219.c8f1256 -> 0.9.4+git20190304.ed9f201)
polkit-default-privs (13.2+20190226.f884108 -> 13.2+20190306.b56445c)
postfix
python-M2Crypto (0.31.0 -> 0.32.0)
re2c (1.0.3 -> 1.1.1)
remmina (1.3.3 -> 1.3.4)
rubygem-actioncable-5.2 (5.2.2 -> 5.2.2.1)
rubygem-actionmailer-5.2 (5.2.2 -> 5.2.2.1)
rubygem-actionpack-5.2 (5.2.2 -> 5.2.2.1)
rubygem-actionview-5.2 (5.2.2 -> 5.2.2.1)
rubygem-activejob-5.2 (5.2.2 -> 5.2.2.1)
rubygem-activemodel-5.2 (5.2.2 -> 5.2.2.1)
rubygem-activerecord-5.2 (5.2.2 -> 5.2.2.1)
rubygem-activestorage-5.2 (5.2.2 -> 5.2.2.1)
rubygem-activesupport-5.2 (5.2.2 -> 5.2.2.1)
rubygem-lightbox2 (2.10.0 -> 2.10.0.2)
rubygem-rails-5.2 (5.2.2 -> 5.2.2.1)
rubygem-railties-5.2 (5.2.2 -> 5.2.2.1)
samba (4.9.4+git.126.aa8e79e6e87 -> 4.9.4+git.138.e50f45d83ad)
sqlite3 (3.26.0 -> 3.27.2)
strace
systemd (239 -> 241)
systemd-rpm-macros
tlp (1.1 -> 1.2)
totem-pl-parser (3.26.2 -> 3.26.3)
vim (8.1.0892 -> 8.1.1005)
xdg-desktop-portal-kde (5.15.2 -> 5.15.3)
xen (4.12.0_02 -> 4.12.0_04)
xmlto
yast2 (4.1.61 -> 4.1.65)
yast2-bootloader (4.1.21 -> 4.1.22)
yast2-http-server (4.1.3 -> 4.1.4)
yast2-installation (4.1.41 -> 4.1.43)
yast2-nis-client (4.1.0 -> 4.1.1)
yast2-trans (84.87.20190302.e4560c38a8 -> 84.87.20190309.125b762b7d)
yast2-users (4.1.10 -> 4.1.11)
ypserv (4.0 -> 4.1)
=== Details ===
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
update-alternatives (boo#1127877)
==== augeas ====
Subpackages: augeas-lenses libaugeas0
- Add gcc9-disable-broken-test.patch in order to address bsc#1120894.
==== binutils ====
Subpackages: binutils-devel
- Add binutils.keyring and verify signature.
==== chrony ====
- Update testsuite to version 58c5e8b
==== coreutils ====
Version update (8.30 -> 8.31)
Subpackages: coreutils-lang
- Update to 8.31:
* Noteworthy changes in release 8.31 (2019-03-10) [stable]
* * Bug fixes
'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
[bug introduced in coreutils-5.3.0]
When B already exists, 'cp -il A B' no longer immediately fails
after asking the user whether to proceed.
[This bug was present in "the beginning".]
df no longer corrupts displayed multibyte characters on macOS.
[bug introduced with coreutils-8.18]
seq no longer outputs inconsistent decimal point characters
for the last number, when locales are misconfigured.
[bug introduced in coreutils-7.0]
shred, sort, and split no longer falsely report ftruncate errors
when outputting to less-common file types. For example, the shell
command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
an "error truncating" diagnostic.
[bug was introduced with coreutils-8.18 for sort and split, and
(for shared memory objects only) with fileutils-4.1 for shred]
sync no longer fails for write-only file arguments.
[bug introduced with argument support to sync in coreutils-8.24]
'tail -f file | filter' no longer exits immediately on AIX.
[bug introduced in coreutils-8.28]
'tail -f file | filter' no longer goes into an infinite loop
if filter exits and SIGPIPE is ignored.
[bug introduced in coreutils-8.28]
* * Changes in behavior
cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
uptime, users, whoami, yes: now always process --help and --version options,
regardless of any other arguments present before any optional '--'
end-of-options marker.
nohup now processes --help and --version as first options even if other
parameters follow.
'yes a -- b' now outputs 'a b' instead of including the end-of-options
marker as before: 'a -- b'.
echo now always processes backslash escapes when the POSIXLY_CORRECT
environment variable is set.
When possible 'ln A B' now merely links A to B and reports an error
if this fails, instead of statting A and B before linking. This
uses fewer system calls and avoids some races. The old statting
approach is still used in situations where hard links to directories
are allowed (e.g., NetBSD when superuser).
ls --group-directories-first will also group symlinks to directories.
'test -a FILE' is not supported anymore. Long ago, there were concerns about
the high probability of humans confusing the -a primary with the -a binary
operator, so POSIX changed this to 'test -e FILE'. Scripts using it were
already broken and non-portable; the -a unary operator was never documented.
wc now treats non breaking space characters as word delimiters
unless the POSIXLY_CORRECT environment variable is set.
* * New features
id now supports specifying multiple users.
'date' now supports the '+' conversion specification flag,
introduced in POSIX.1-2017.
printf, seq, sleep, tail, and timeout now accept floating point
numbers in either the current or the C locale. For example, if the
current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
now mean the same thing. Previously, these commands accepted only
C-locale syntax with '.' as the decimal point. The new behavior is
more compatible with other implementations in non-C locales.
test now supports the '-N FILE' unary operator (like e.g. bash) to check
whether FILE exists and has been modified since it was last read.
env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
'--block-signal[=SIG], to setup signal handling before executing a program.
env now supports '--list-signal-handling' to indicate non-default
signal handling before executing a program.
* * New commands
basenc is added to complement existing base64,base32 commands,
and encodes and decodes printable text using various common encodings:
base64,base64url,base32,base32hex,base16,base2,z85.
* * Improvements
ls -l now better aligns abbreviated months containing digits,
which is common in Asian locales.
stat and tail now know about the "sdcardfs" file system on Android.
stat -f -c%T now reports the file system type, and tail -f uses inotify.
stat now prints file creation time when supported by the file system,
on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-misc.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
* Version: bump version.
* URL: Use https scheme.
* %description: Add 'basenc' tool.
* Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
* Update for added section headers ('GPG keys of <MAINTAINER>').
==== dhcp ====
Subpackages: dhcp-client dhcp-doc dhcp-relay dhcp-server
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
==== drbd ====
- bsc#1118732, split brain handles malfunction when 2 primaries.
- Add patch rely-on-sb-handlers.patch
==== drbd-utils ====
Version update (9.6.0 -> 9.8.0)
- Update to 9.8.0
* i18n: use propper po files
* v9,stacked: allow node-id in stacked section
but one should not use stacked with v9 anyways
* dry run: remove trailing white space
This eases test integration.
Mentioned here because strictly speaking output changed.
* regression tests: if at ./configure time "clitest" is detected,
one can run tests via "make test". Target is a noop otherwise.
* drbdsetup,v9: fix wait-for (same patch as in 9.7.1)
* doc,v9: require-drbd-module-version-*, events2 --now --poll
* drbdadm,v9: allow stacked-on-top-of sections without address
* drbdadm,v9: bring up only the correct paths in multi-site scenaios.
* drbdadm,v9: fix parser segfault if node-id is missing.
* tests: require that they pass on release.
* drbdsetup,v9: fix key collision in show --json.
- bsc#1121794, use drbd9 man pages.
- Update to 9.7.0
* drbdadm,v9,v84: fix resync-after
* drbd.ocf: connect_only_after_promote, require kernel version
* drbdmon: display resync progress
* parser,v9: require-drbd-module-version
* windrbd: add WinDRBD support
==== ftgl ====
- Add conditional for html docs, SLE_12 has no epstopdf
==== gnu-unifont-bitmap-fonts ====
Version update (11.0.03 -> 12.0.01)
- unifont 12.0.01:
* Support for Unicode 12.0.0
* Upper font has now reached 11,000 Unicode Plane 1 glyphs
* Add new Unicode script ranges from Unicode 12.0.0
==== gvfs ====
Version update (1.38.1 -> 1.38.2)
Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse gvfs-lang
- Update to version 1.38.2:
+ mtp: Don't retry reading an event after failure.
+ admin: Prevent access if any authentication agent isn't
available (CVE-2019-3827).
+ udisks2: Restore support of comment=x-gvfs-* option.
+ common: Prevent crashes on invalid autorun file.
+ Several smaller bugfixes.
+ Updated translations.
- Drop gvfs-CVE-2019-3827.patch: Fixed upstream.
==== hplip ====
Subpackages: hplip-hpijs hplip-sane
- don't mark /usr/lib/udev/rules.d/56-hpmud.rules as config file,
fixes rpmlint warning (override it by copying it to
/etc/udev/rules.d).
- Fix hp-toolbox exiting after 10s under GNOME (bsc#1112331)
* removed ui5-systemtray.py-make-children-exit-if-no-systray-f.patch
Patch "ui5-systemtray-wait-only-10s-for-system-tray.patch" is
sufficient to fix the logout problem (bsc#1112331, lp#1721534)
==== installation-images-Kubic ====
Version update (14.411 -> 14.415)
- merge gh#openSUSE/installation-images#300
- adjust EFI boot setup to also include RPi firmware files
(jsc:SLE-4394)
- 14.415
- add raspberry pi firmware files
- merge gh#openSUSE/installation-images#299
- bash is really in /usr/bin, do not rely in symlink in /bin
- 14.414
- do not build for s390 (32 bit)
- merge gh#openSUSE/installation-images#298
- bash has been moved to /usr/bin
- systemd branding for Kubic is now MicroOS
- 14.413
- Kubic: replace CAASP systemd branding with MicroOS
- merge gh#openSUSE/installation-images#297
- Add nvme-cli package (bsc#1127815)
- 14.412
==== jasper ====
- bsc#1117511 CVE-2018-19539:
* Add jasper-CVE-2018-19539.patch
==== kernel-source ====
Version update (4.20.13 -> 5.0.1)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms kernel-vanilla
- Linux 5.0.1 (bnc#1012628).
- exec: Fix mem leak in kernel_read_file (bnc#1012628).
- Bluetooth: Fix locking in bt_accept_enqueue() for BH context
(bnc#1012628).
- Bluetooth: btrtl: Restore old logic to assume firmware is
already loaded (bnc#1012628).
- selftests: firmware: fix verify_reqs() return value
(bnc#1012628).
- Revert "selftests: firmware: remove use of non-standard diff
- Z option" (bnc#1012628).
- Revert "selftests: firmware: add
CONFIG_FW_LOADER_USER_HELPER_FALLBACK to config" (bnc#1012628).
- USB: serial: cp210x: fix GPIO in autosuspend (bnc#1012628).
- gnss: sirf: fix premature wakeup interrupt enable (bnc#1012628).
- xtensa: fix get_wchan (bnc#1012628).
- aio: Fix locking in aio_poll() (bnc#1012628).
- MIPS: irq: Allocate accurate order pages for irq stack
(bnc#1012628).
- alpha: wire up io_pgetevents system call (bnc#1012628).
- applicom: Fix potential Spectre v1 vulnerabilities
(bnc#1012628).
- usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on
INTEL_SUNRISEPOINT_LP_XHCI (bnc#1012628).
- xhci: tegra: Prevent error pointer dereference (bnc#1012628).
- tracing: Fix event filters and triggers to handle negative
numbers (bnc#1012628).
- x86/boot/compressed/64: Do not read legacy ROM on EFI system
(bnc#1012628).
- x86/CPU/AMD: Set the CPB bit unconditionally on F17h
(bnc#1012628).
- tipc: fix RDM/DGRAM connect() regression (bnc#1012628).
- team: Free BPF filter when unregistering netdev (bnc#1012628).
- sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
(bnc#1012628).
- sctp: call iov_iter_revert() after sending ABORT (bnc#1012628).
- qmi_wwan: Add support for Quectel EG12/EM12 (bnc#1012628).
- net-sysfs: Fix mem leak in netdev_register_kobject
(bnc#1012628).
- net: sched: put back q.qlen into a single location
(bnc#1012628).
- net: mscc: Enable all ports in QSGMII (bnc#1012628).
- net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90
family (bnc#1012628).
- net: dsa: mv88e6xxx: handle unknown duplex modes gracefully
in mv88e6xxx_port_set_duplex (bnc#1012628).
- net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init
to probe for new DSA framework (bnc#1012628).
- ip6mr: Do not call __IP6_INC_STATS() from preemptible context
(bnc#1012628).
- staging: android: ashmem: Avoid range_alloc() allocation with
ashmem_mutex held (bnc#1012628).
- staging: android: ashmem: Don't call fallocate() with
ashmem_mutex held (bnc#1012628).
- staging: android: ion: fix sys heap pool's gfp_flags
(bnc#1012628).
- staging: wilc1000: fix to set correct value for 'vif_num'
(bnc#1012628).
- staging: comedi: ni_660x: fix missing break in switch statement
(bnc#1012628).
- staging: erofs: fix illegal address access under memory pressure
(bnc#1012628).
- staging: erofs: fix race of initializing xattrs of a inode at
the same time (bnc#1012628).
- staging: erofs: fix memleak of inode's shared xattr array
(bnc#1012628).
- staging: erofs: fix fast symlink w/o xattr when fs xattr is on
(bnc#1012628).
- driver core: Postpone DMA tear-down until after devres release
(bnc#1012628).
- USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
(bnc#1012628).
- USB: serial: cp210x: add ID for Ingenico 3070 (bnc#1012628).
- USB: serial: option: add Telit ME910 ECM composition
(bnc#1012628).
- binder: create node flag to request sender's security context
(bnc#1012628).
- staging: erofs: fix mis-acted TAIL merging behavior
(bnc#1012628).
- cpufreq: Use struct kobj_attribute instead of struct global_attr
(bnc#1012628).
- commit 47a2a02
- KMPs: provide and conflict a kernel version specific KMP name
(bsc#1127155, bsc#1109137).
- commit 5568093
- Revert "Drop multiversion(kernel) from the KMP template (fate#323189)"
(bsc#1109137).
This reverts commit 71504d805c1340f68715ad41958e5ef35da2c351.
- commit adade9f
- config: disable BPFILTER_UMH on non-x86 architectures (bsc#1127188)
CONFIG_BPFILTER_UMH depends on ability to compile and link a userspace
binary so that it currently doesn't work in our kbuild check setups using
a cross compiler. Disable the option on architectures where cross compiler
is used (i.e. all except x86_64 and i386).
- commit cfb8371
- KMPs: obsolete older KMPs of the same flavour (bsc#1127155, bsc#1109137).
- commit 821419f
- Update to 5.0 final
- Refresh configs
- commit 8f71df2
==== krusader ====
Subpackages: kio_iso
- Add Prefer-to-find-oktetapart-by-desktop-file.patch to make it
compatible with the upcoming okteta 0.26 release
==== kvm_stat ====
Version update (4.20.4 -> 5.0.1)
- Add python3 tweak to be compatible with v5.0 kernel source
(bsc#1116822)
+ 0050-tools-kvm_stat-switch-python-reference-again.patch
==== libXdamage ====
Version update (1.1.4 -> 1.1.5)
Subpackages: libXdamage1 libXdamage1-32bit
- Update to version 1.1.5:
* autogen: add default patch prefix
* autogen.sh: Implement GNOME Build API
* autogen.sh: use quoted string variables
* autogen.sh: use exec instead of waiting for configure to finish
* Replace deprecated Automake INCLUDES variable with AM_CPPFLAGS
* configure: Remove AM_MAINTAINER_MODE
* Use Xfree rather than XFree for consistency
* Update README for gitlab migration
==== libaio ====
Subpackages: libaio-devel libaio1
- riscv-support.patch: Add support for RISC-V
==== libreoffice ====
Version update (6.2.1.2 -> 6.2.2.1)
Subpackages: libreoffice-base libreoffice-base-drivers-firebird libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit
- Update to 6.2.2.1 bsc#1128845:
* bundle of 6.2 series fixes
- Remove merged patches:
* 0001-Speed-up-languagepack-installation.patch
* kde5-32bit-build-fix.patch
==== libstorage-ng ====
Version update (4.1.96 -> 4.1.98)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#628
- handle topology for Partition and Luks
- added unit test for bsc#1121129
- improved calculation of usable size for LVM PVs (bsc#1121129)
- 4.1.98
- merge gh#openSUSE/libstorage-ng#625
- moved topology from PartitionableImpl to BlkDeviceImpl
- added get_sysfs_file to BlkDeviceImpl
- use new get_sysfs_file
- added save_to_string to XmlFile (for debugging)
- read pe_start from pvs command
- coding style
- enable logging
- added pe_start to LvmPvImpl
- added get_usable_size() to LvmPv
- added unit test for LvmPv::get_usable_size()
- updated hyper link
- added documentation
- preparations for bsc#1121129
- 4.1.97
==== libvoikko ====
Version update (4.1.1 -> 4.2)
- Update to version 4.2
* Support for Malaga dictionary format removed
* hfst-ospell dependency updated
* Java, Python, Javascript wrapper improvements
- Drop libvoikko-hfst-namespace.patch
==== multipath-tools ====
Version update (0.7.9+111+suse.b4232b7 -> 0.7.9+139+suse.ed9d450)
Subpackages: kpartx
- Update to version 0.7.9+139+suse.ed9d450:
* multipath-tools: Build: properly parse systemd's version
- Add kmod(xyz) style dependencies for SLE15-SP1
(jsc#SLE-3853, fate#326579, bsc#1119414)
- Update to version 0.7.9+138+suse.0edd0a2:
- Include reviewed fixes from upstream
* libmutipath: continue to use old state on PATH_PENDING
* libmultipath: disable user_friendly_names for NetApp
* multipath: blacklist zram devices
* various fixes for martinal path code
- Bug fixes:
* multipathd: Fix miscounting active paths (bsc#1125043)
* multipathd: avoid null pointer dereference in LOG_MSG
(bsc#1127873)
* minor fixes suggested by coverity (bsc#1127879)
==== nasm ====
Version update (2.13.03 -> 2.14.02)
- Update to version 2.14.02:
* Fix crash due to multiple errors or warnings during the code generation pass if a list file is specified.
* Create all system-defined macros defore processing command-line given preprocessing directives (-p, -d, -u, --pragma, --before).
* If debugging is enabled, define a __DEBUG_FORMAT__ predefined macro. See section 4.11.7.
* Fix an assert for the case in the obj format when a SEG operator refers to an EXTERN symbol declared further down in the code.
* Fix a corner case in the floating-point code where a binary, octal or hexadecimal floating-point having at least 32, 11, or 8 mantissa digits could produce slightly incorrect results under very specific conditions.
* Support -MD without a filename, for gcc compatibility. -MF can be used to set the dependencies output filename. See section 2.1.7.
* Fix -E in combination with -MD. See section 2.1.21.
* Fix missing errors on redefined labels; would cause convergence failure instead which is very slow and not easy to debug.
* Duplicate definitions of the same label with the same value is now explicitly permitted (2.14 would allow it in some circumstances.)
* Add the option --no-line to ignore %line directives in the source. See section 2.1.33 and section 4.10.1.
* Changed -I option semantics by adding a trailing path separator unconditionally.
* Fixed null dereference in corrupted invalid single line macros.
* Fixed division by zero which may happen if source code is malformed.
* Fixed out of bound access in processing of malformed segment override.
* Fixed out of bound access in certain EQU parsing.
* Fixed buffer underflow in float parsing.
* Added SGX (Intel Software Guard Extensions) instructions.
* Added +n syntax for multiple contiguous registers.
* Fixed subsections_via_symbols for macho object format.
* Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. See section 2.1.28.
* Allow label renaming to be specified by %pragma in addition to from the command line. See section 6.9.
* Supported generic %pragma namespaces, output and debug. See section 6.10.
* Added the --pragma command line option to inject a %pragma directive. See section 2.1.29.
* Added the --before command line option to accept preprocess statement before input. See section 2.1.30.
* Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions.
* Added the STATIC directive for local symbols that should be renamed using global-symbol rules. See section 6.8.
* Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. See section 6.5.
* The GLOBAL directive no longer is required to precede the definition of the symbol.
* Support private_extern as macho specific extension to the GLOBAL directive. See section 7.8.5.
* Updated UD0 encoding to match with the specification
* Added the --limit-X command line option to set execution limits. See section 2.1.31.
* Updated the Codeview version number to be aligned with MASM.
* Added the --keep-all command line option to preserve output files. See section 2.1.32.
* Added the --include command line option, an alias to -P (section 2.1.18).
* Added the --help command line option as an alias to -h (section 3.1).
* Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64.
- Drop no longer needed 9f45a77f4.patch
- Enable LTO
- Cleanup spec file
==== ntp ====
Version update (4.2.8p12 -> 4.2.8p13)
Subpackages: ntp-doc
- Update ro 4.2.8p13
* CVE-2019-8936, bsc#1128525: Crafted null dereference attack in
authenticated mode 6 packet.
* Fix several bugs in the BANCOMM reclock driver.
* Fix ntp_loopfilter.c snprintf compilation warnings.
* Fix spurious initgroups() error message.
* Fix STA_NANO struct timex units.
* Fix GPS week rollover in libparse.
* Fix incorrect poll interval in packet.
* Add a missing check for ENABLE_CMAC.
- Drop use of $FIRST_ARG in ntp.spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks on the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
==== obs-service-tar_scm ====
Version update (0.10.5.1551309990.79898c7 -> 0.10.6.1551887937.e42c270)
Subpackages: obs-service-obs_scm obs-service-obs_scm-common
- Update to version 0.10.6.1551887937.e42c270:
* Require packages to get the en_US.UTF-8 locales
- Update to version 0.10.6.1551448746.2759df2:
* enforce bytes for cpio file list
* fixes boo#1127907
==== okteta ====
Version update (0.25.5 -> 0.26.0)
Subpackages: okteta-lang
- Update to 0.26.0
* New: context menu available in byte array views, in the
program, in the KParts plugin and and in the hex editing
widgets from LibOktetaGui
* New: qmake pri files and pkg-config pc files installed for the
OktetaCore & OktetaGui libraries (_not_ for any Kasten ones)
* Changed: ABI-breaking and software-incompatible clean-up of API
and installed headers of the Okteta & Kasten libraries
* Fixed: the metadata desktop file for the KParts plugin
oktetapart is installed again, so it can be found and selected
as viewer via its metadata
- Split out the libs and KParts plugin to separate packages as
upstream recommends, move designer plugin to the devel package
==== openblas_pthreads ====
- Reduce _constraints to a reasonable size, the old constraints
were probably necessary pre multibuild.
- Enable DYNAMIC_ARCH for aarch64, available since 0.3.4
==== openssh ====
Subpackages: openssh-helpers
- Minor clean-up of the fips patches, modified
openssh-7.7p1-fips.patch
openssh-7.7p1-fips_checks.patch
- Fix two race conditions in sshd relating to SIGHUP (bsc#1119183)
* 0001-upstream-Fix-two-race-conditions-in-sshd-relating-to.patch
==== os-prober ====
- Update URL to current development project in Debian Salsa server.
- Update the Source0 to use local compressed archive since the remote URL is
not reliable to access, causing trouble to the factory-auto checker reporting
error as not valid one.
* os-prober.spec
- os-prober isn't compatible with transactional update (boo#1125729)
* os-prober-use-tmp-over-var-lib-for-transient-files.patch
==== ovmf ====
Version update (2019+git1550452308.c417c1b33d06 -> 2019+git1552059899.89910a39dcfd)
Subpackages: qemu-ovmf-x86_64
- Update to 2019+git1552059899.89910a39dcfd (edk2-stable201903)
+ MdeModulePkg/HiiImage: Fix stack overflow when corrupted BMP
is parsed (bsc#1128503, CVE-2018-12181)
+ MdeModulePkg/HiiDatabase: Fix potential integer overflow
(bsc#1128503, CVE-2018-12181)
+ UefiCpuPkg/Microcode.c: Add verification before calculate
CheckSum32
+ UefiCpuPkg/Microcode: Fix InComplete CheckSum32 issue
+ UefiCpuPkg: restore strict page attributes via #DB in nonstop
mode only
+ IntelFrameworkModulePkg/FwVolDxe: Ensure FfsFileHeader 8 bytes
aligned (bsc#1127822, CVE-2018-3630)
+ MdeModulePkg/DxeCore: Ensure FfsFileHeader 8 bytes aligned
(bsc#1127822, CVE-2018-3630)
+ MdeModulePkg/PeiCore: Ensure FfsFileHeader 8 bytes aligned
(bsc#1127822, CVE-2018-3630)
+ NetworkPkg: Add WiFi Connection Manager to NetworkPkg
+ UefiCpuPkg/PiSmmCpu: Add Shadow Stack Support for X86 SMM
+ MdePkg/BaseLib: Add Shadow Stack Support for X86
+ NetworkPkg/DnsDxe: Check the received packet size before
parsing the message (bsc#1127821, CVE-2018-12178)
+ MdeModulePkg/RamDiskDxe: Restrict on RAM disk size
(bsc#1127820, CVE-2018-12180)
+ MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR
(bsc#1127820, CVE-2018-12180)
+ ArmVirtPkg/PlatformBootManagerLib: display boot option
loading/starting
+ ArmVirtPkg/ArmVirtQemu*: enable minimal Status Code Routing
in DXE
+ OvmfPkg/PlatformBootManagerLib: display boot option
loading/starting
+ OvmfPkg: add library to track boot option loading/starting on
the console
+ MdeModulePkg/UefiBootManagerLib: fix LoadImage/StartImage
status code rep
+ MdeModulePkg/AhciPei: Add AHCI mode ATA device support in PEI
+ MdeModulePkg: Add definitions for EDKII PEI ATA PassThru PPI
+ MdeModulePkg: Add definitions for ATA AHCI host controller PPI
+ MdePkg/UefiDevicePathLib: Add sanity check for FilePath device
path
+ UefiCpuPkg/Microcode: Fix incorrect checksum issue for
extended table
+ SecurityPkg/TcgConfigDxe: Allow enabling TPM 1.2 device from
disabled state
+ UefiCpuPkg/SecCore: Wrong Debug Information for SecCore
+ Various bug fixes in BaseTools
+ DynamicTablesPkg: Dynamic Tables Framework
+ MdeModulePkg: Remove EmuVariableRuntimeDxe
+ UefiCpuPkg/MtrrLib: Fix a bug that may wrongly set memory <1MB
to UC
+ MdeModulePkg/BmBoot: Report status when fail to load/start
boot option
+ MdeModulePkg/ReportStatusCodeLib: Avoid using AllocatePool if
possible
+ NetworkPkg/Ip6Dxe: Clean the invalid IPv6 configuration during
driver start
==== perl-Encode ====
Version update (3.00 -> 3.01)
- updated to 3.01
see /usr/share/doc/packages/perl-Encode/Changes
==== perl-IO-Socket-SSL ====
Version update (2.062 -> 2.066)
- updated to 2.066
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.066
- fix test t/verify_partial_chain.t by using the newly exposed function
can_partial_chain instead of guessing (wrongly) if the functionality is
available
- updated to 2.065
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.065
- make sure that Net::SSLeay::CTX_get0_param is defined before using
X509_V_FLAG_PARTIAL_CHAIN. Net::SSLeay 1.85 defined only the second with
LibreSSL 2.7.4 but not the first
https://rt.cpan.org/Ticket/Display.html?id=128716
- prefer AES for server side cipher default since it is usually
hardware-accelerated
- updated to 2.064
see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
2.064
- make algorithm for fingerprint optional, i.e. detect based on length of
fingerprint - https://rt.cpan.org/Ticket/Display.html?id=127773
- fix t/sessions.t and improve stability of t/verify_hostname.t on windows
- use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- update fingerprints for live tests
2.063
- support for both RSA and ECDSA certificate on same domain
- update PublicSuffix
- Refuse to build if Net::SSLeay is compiled with one version of OpenSSL but
then linked against another API-incompatible version (ie. more than just the
patchlevel differs).
==== perl-Net-SSLeay ====
Version update (1.85 -> 1.86_07)
- Update to 1.86_07
1.86_07 2018-12-13
- Net::SSLeay::RSA_generate_key() now prefers using
RSA_generate_key_ex. This avois deprecated RSA_generate_key
and allows removing the only Android specific code in
SSLeay.xs. Fixes RT#127593. Thanks to Rouven Weiler.
- SSL_CTX_get0_param, SSL_CTX_get0_param,
X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_add1_host,
X509_VERIFY_PARAM_set_hostflags,
X509_VERIFY_PARAM_get0_peername,
X509_VERIFY_PARAM_set1_email, X509_VERIFY_PARAM_set1_ip and
X509_VERIFY_PARAM_set1_ip_asc added in 1.83 for OpenSSL
1.0.2 and later are now available with LibreSSL 2.7.0 and
later.
- get_keyblock_size() now gets the MAC secret size from the
cipher on LibreSSL 2.7.0 and later, rather than reaching
into libssl internals. This effectively takes the OpenSSL
1.1 code path for LibreSSL 2.7.0 instead of the OpenSSL 1.0
code path. Thanks to Alexander Bluhm.
- get_client_random and get_server_random now use API
functions supported by LibreSSL 2.7.0 and later. Thanks to
Alexander Bluhm.
- Add X509_check_host(), X509_check_email(), X509_check_ip(),
and X509_check_ip_asc() for LibreSSL 2.5.0 and later. Thanks
to Alexander Bluhm.
- OpenSSL_version() and OpenSSL_version_num() are available
with LibreSSL 2.7.0 and later. Thanks to Alexander Bluhm.
- Use OPENSSL_cleanse() instead of memset(). Fixes
RT#116599. Thanks to A. Sinan Unur.
1.86_06 2018-09-29
- Net::SSLeay::read() and SSL_peek() now check SSL_get_error()
for SSL_ERROR_ZERO_RETURN for return values <= 0 to make
Net::SSLeay::read() behave more like underlying OpenSSL
function SSL_read().
Convenience function ssl_read_all() now does an automatic
retry when ERROR_WANT_READ or ERROR_WANT_WRITE is returned
with Net::SSLeay::read().
Convenience function ssl_read_until() now uses
Net::SSLeay::ssl_read_all() instead of
Net::SSLeay::read(). Tests 07_sslecho.t and 36_verify.t were
also updated to use ssl_read_all() and ssl_write_all(). The
tests now also disable TLSv1.3 session tickets and ignore
SIGPIPE to avoid this signal when the client has finished
before server has sent session tickets and called
Net::SSLeay::accept().
Thanks to Petr Pisar and Sebastian Andrzej Siewior for the
patches (in #RT125218).
- Fix a memory leak in cb_data_advanced_put. Fixes
RT#127131. Noticed, investigated and patched by Paul
Evans. Thanks!
- Enable OpenSSL 1.1.1-pre9 with Travis CI.
- Add SSL_CTX_set_num_tickets, SSL_CTX_get_num_tickets,
SSL_set_num_ticket and SSL_get_num_tickets for controlling
the number of TLSv1.3 session tickets that are issued. Add
tests in 44_sess.t. Parts taken from a larger patch by Petr
Pisar of RedHat.
- Add SSL_CTX_set_ciphersuites and SSL_set_ciphersuites for
configuring the available TLSv1.3 ciphersuites. Add tests in
43_misc_functions.t and clarify SSL_client_version tests.
- Add SSL_CTX_set_security_level, SSL_CTX_get_security_level,
SSL_set_security_level and SSL_get_security_level.
Add new test file 65_security_level.t.
All courtesy of Damyan Ivanov of Debian project.
- Fix export_keying_material return value check and context
handling. SSL_export_keying_material use_context is now
correctly set to non-zero value when context is an empty
string. This affects values exported with TLSv1.2 and earlier.
Update documentation in NetSSLeay.pod and add tests
in t/local/45_export.t.
- Add RAND_priv_bytes. Add new test file t/local/10_rand.t for
RAND_bytes, RAND_pseudo_bytes, RAND_priv_bytes, RAND_status,
RAND_poll, RAND_file_name and RAND_load_file.
- Update documentation for RAND_*bytes return values and
RAND_file_name behaviour with LibreSSL.
- Add SSL_SESSION_is_resumable. Add and update tests in 44_sess.t.
- Set OpenSSL security level to 1 in tests that use the test suite's
(1024-bit) RSA keys, which allows the test suite to pass when
Net-SSLeay is built against an OpenSSL with a higher default
security level. Fixes RT#126987. Thanks to Petr Pisar (in
RT#126270) and Damyan Ivanov (in RT#126987) for the reports and
patches, and to Damyan Ivanov for the preferred patch.
- Add SSL_CTX_sess_set_new_cb and SSL_CTX_sess_set_remove_cb.
Add new test file 44_sess.t for these and future session
related tests for which no specific test file is needed.
- Add SSL_get_version, SSL_client_version and SSL_is_dtls.
- Add SSL_peek_ex, SSL_read_ex, SSL_write_ex and SSL_has_pending.
Add tests in t/local/11_read.t
- Add SSL_CTX_set_post_handshake_auth contributed by Paul
Howarth. Add SSL_set_post_handshake_auth,
SSL_verify_client_post_handshake and constant
SSL_VERIFY_POST_HANDSHAKE.
- Applied a patch to set_cert_and_key() from Damyan Ivanov,
Debian Perl Group. This function now returns errors from
library's error stack only when an underlying routine
fails. Unrelated errors are now skipped. Fixes RT#126988.
- Add support for TLSv1.3 via $Net::SSLeay::ssl_version.
- Enhance t/local/43_misc_functions.t get_keyblock_size test
to work better with AEAD ciphers.
- Add constants SSL_OP_ENABLE_MIDDLEBOX_COMPAT and
SSL_OP_NO_ANTI_REPLAY for TLSv1.3
- Fix compile time DEFINE=-DSHOW_XS_DEBUG to work with
non-threaded Perls. Fixes RT#127027. Thanks to SREZIC for
the report. Also fix other minor compile warnings.
1.86_05 2018-08-22
- Net-SSLeay now requires at least Perl 5.8.1. This is a
formalisation of what has been the de facto case for some time,
as the distribution hasn't compiled and passed its tests on Perl
5.005 for several years.
- Increment Net::SSLeay::Handle's version number to keep it in sync
with Net::SSLeay's, thus satisfying Kwalitee's consistent_version
metric.
- Re-enable the d2i_X509_bio() test in t/local/33_x509_create_cert.t
for LibreSSL. Thanks to Alexander Bluhm.
- Automatically detect new library names on Windows for OpenSSL
1.1.0 onwards (libcrypto, libssl). Fixes part of RT#121084. Thanks
to Jean-Damien Durand.
- Fix a typo preventing OpenSSL libraries built with the VC compiler
(i.e. ones with a ".lib" suffix) from being automatically detected
on Windows. Fixes part of RT#121084. Thanks to Jean-Damien Durand.
- Add missing call to va_end() following va_start() in TRACE().
Fixes RT#126028. Thanks to Jitka Plesnikova.
- Added SSL_in_init() and the related functions for all
libraries and their versions. All return 0 or 1 as
documented by OpenSSL 1.1.1. Use of these functions is
recommended over using constants returned by get_state() and
state(). New constants TLS_ST_*, used by OpenSSL 1.1.0 and
later, will not be made available by Net::SSLeay.
1.86_04 2018-07-30
- Re-add SSLv3_method() for OpenSSL 1.0.2 and above. Fixes
RT#101484.
- Don't expose ENGINE-related functions when building against
OpenSSL builds without ENGINE support. Fixes RT#121538. Thanks to
Paul Green.
- Automatically detect OpenSSL 1.0.x on VMS, and update VMS
installation instructions to reflect removal of Module::Install
from the build system. Fixes RT#124388. Thanks to Craig A. Berry.
- Prevent memory leak in OCSP_cert2ids() and OCSP_response_verify().
Fixes RT#125273. Thanks to Steffen Ullrich.
1.86_03 2018-07-19
- Convert packaging to ExtUtils::MakeMaker. Thanks to mohawk2.
- Module::Install is no longer a prerequisite when building
from the reposistory.
- Re-apply patch from ETJ permitting configure and build in
places with a space in the name.
1.86_02 2018-07-06
- Removed inc/ from repository. Module::Install is now a
prerequisite when building from the repository. This allowed
also removing "." from Makefile.PL lib path which was added
in version 1.81. These updates require no changes when
building from release packages. They also help AppVeyor
builds to work better with old Perls.
- Added CONTRIBUTING.md, reformatted the previous Changes
entry to use CPAN::Changes::Spec guidelines and removed
unused version control tags from comments.
1.86_01 2018-07-04
[Version control system change]
- Chris Novakovic did a full conversion from the old Debian
hosted SVN repository to git.
- Fixes to commit metadata, branches and tags that git-svn
couldn't handle or had no way of handling, were done
manually or semi-automatically afterwards. For instance, the
"git-svn-id:" lines that git-svn appends to commit messages
were kept because Mike used SVN revision numbers in RT
replies to indicate when bugs had been fixed/patches applied
(which may be useful for future reference).
- All commits were replayed onto a single master branch rather
than having separate dead-end branches for the old SVN
version tags (as this seems more "git-like").
- New lightweight tags were created for each public release
going back as far as the start of the SVN repository using
data from MetaCPAN (cross-referencing with the changelog
when it wasn't clear when a release was cut from the SVN
repo).
- Florian's and Mike's email addresses were mapped to git
author/committer IDs
[Continuous integration]
- Travis CI configuration was added for automated testing on
Linux using 64 bit Ubuntu Trusty. Build matrix dimensions
are: Perl 5.8 - 5.26 x OpenSSL 0.9.8zh - 1.1.0h. Only the
currently latest version for each major Perl and OpenSSL
release is chosen.
- AppVeyor configuration was added for automated testing on
Windows. Build matrix dimensions are: Perl 5.8 - 5.26 x
32bit and 64bit Perl environment x Windows Server 2012R2 and
Windows Server 2016. The Perl environment is Strawberry Perl
and its OpenSSL is used with builds. Only the latest major
versions are used, similarly to Travis CI. Net-SSLeay PPM
and PPD files are made available as artifacts.
- Added README.md with link to master branch build and test
status. Did minor updates to README and other misc files.
[Release packaging]
- Files t/local/43_misc_functions.t and
t/local/65_ticket_sharing_2.t were missing from MANIFEST.
- Updated inc/ directory with Module::Install 1.19. Updated
Makefile.PL author and resource information. Synced
SSLeay.pm under ext/ with the latest changes under
inc/. Reordered use imports so that META.yml gets correctly
regenerated. More Module::Install related changes will
follow.
[Repository amd maintainer change]
- Net::SSLeay functionality was not changed in this
release. Work was done to switch version contorol systems,
add automated testing, update module packaging and change
the primary maintainer. This coincided with the decommission
of previous code repository service on alioth.debian.org.
- The module is now primarily maintained by Tuure Vartiainen
and Heikki Vatiainen of Radiator Software. The new
repository location is
https://github.com/radiator-software/p5-net-ssleay
- Dropped patches merged upstream:
* Net-SSLeay-1.85-Adapt-to-OpenSSL-1.1.1.patch
* Net-SSLeay-1.85-Expose_SSL_CTX_set_post_handshake_auth.patch
* Net-SSLeay-1.85-Avoid-SIGPIPE-in-t-local-36_verify.t.patch
* Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-.patch
* Net-SSLeay-1.85-Move-SSL_ERROR_WANT_READ-SSL_ERROR_WANT_WRITE-retry-from_write_partial.patch
==== plasma-browser-integration ====
Version update (5.15.2 -> 5.15.3)
Subpackages: plasma-browser-integration-lang
- Update to 5.15.3
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.15.3.php
- No code changes since 5.15.2
==== plymouth ====
Version update (0.9.4+git20181219.c8f1256 -> 0.9.4+git20190304.ed9f201)
Subpackages: libply-boot-client4 libply-splash-core4 libply-splash-graphics4 libply4 plymouth-dracut plymouth-plugin-label plymouth-plugin-label-ft plymouth-plugin-script plymouth-plugin-two-step plymouth-scripts
- Update to version 0.9.4+git20181219.c8f1256:
* ply-pixel-buffer: Fix right and bottom edge rendering of
scaled buffers.
* Add support for translating the user visible strings in some
themes
* Prefix Title and Subtitle theme config keywords with an
underscore
* Add new reboot and system-upgrade modes
* main: Remove private ply_mode_t
* two-step: Make ProgressBarShowPercentComplete a per mode
setting
* plymouthd.defaults: Change default ShowDelay to 0
* ply-boot-splash: Do not add ply_boot_splash_update_progress
timeout multiple times
* logging: Minor log-message fixes.
Improve logging format.
* themes: Update spinner and bgrt theme offline updates mode
* two-step: Add a per mode setting to suppress messages.
Add progress-bar support.
Add MessageBelowAnimation option.
Add per mode settings.
Drop background_is_bgrt view_t member
* ply-progress-bar: Allow caller to specify the widgets width and
height.
Allow choosing fore- and back-ground color.
Redraw on percentage update.
* boot-server: fix type confusion when allocating connection object
* ply-device-manager: Handle change events for monitor hotplugging.
Consume all events in one go.
* drm: Stop limiting preferred-mode picking to UEFI systems.
Reset mode on display-port connected outputs with a bad
link-status.
Implement handle_change_event.
Ensure heads are mapped before flushing them.
Allow calling create_heads_for_active_connectors multiple
times.
Allow calling ply_renderer_head_add_connector with existing
connector_id.
Limit backend->resources lifetime to within query_device.
Store and keep all the outputs in the backend.
Add get_output_info helper function
Stop storing a pointer to drmModeConnector in ply_output_t
Stop keeing a drmModeConnector instance around.
Refactor ply_renderer_head_add_connector and
ply_renderer_head_new
- Rebase 0002-Install-label-ft-plugin-into-initrd-if-available.patch
==== polkit-default-privs ====
Version update (13.2+20190226.f884108 -> 13.2+20190306.b56445c)
- Update to version 13.2+20190306.b56445c:
* whitelisting: systemd org.freedesktop.hostname1.get-product-uuid
==== postfix ====
Subpackages: postfix-doc
- postfix-linux45.patch: support also newer kernels -- pretend
we are still at kernel 3. Note that there are no conditionals for
LINUX3 or LINUX4. And LINUX5 was generated, but not tested in the
code which caused build failures.
==== python-M2Crypto ====
Version update (0.31.0 -> 0.32.0)
Subpackages: python2-M2Crypto python3-M2Crypto
- Fix for compatibility with OpenSSL 1.1.0h by adding the patch
0001-tests-test_ssl-use-ciphercuites-for-TLS1.3-cipher-in.patch
- Update to 0.32.0:
* 471582f - setup.py: use ${CPP} as path to cpp <Duncan Macleod>
* efb1580 - Bump pipeline OpenSSL from 1.1.0i to 1.1.0j
* 35bb71b - Stub wchar_t helpers and ignore unused WCHAR defs
* effc7be - Add type comment to setup.py