Mailinglist Archive: opensuse-factory (439 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20190415 released!

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190415

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
MozillaFirefox (66.0.2 -> 66.0.3)
apparmor
bzr
curl (7.64.0 -> 7.64.1)
glassfish-servlet-api
grantlee5
javamail
libosinfo
libstorage-ng (4.1.106 -> 4.1.107)
libvirt (5.1.0 -> 5.2.0)
mercurial
multipath-tools (0.7.9+139+suse.ed9d450 -> 0.8.0+17+suse.a28893f)
osinfo-db (20190301 -> 20190319)
plasma5-workspace
python-base (2.7.15 -> 2.7.16)
python-gevent
python-libvirt-python (5.1.0 -> 5.2.0)
relaxngDatatype
salt (2018.3.2 -> 2019.2.0)
systemd
unbound
vym (2.6.0 -> 2.7.0)
xml-commons-apis
xml-commons-resolver

=== Details ===

==== MozillaFirefox ====
Version update (66.0.2 -> 66.0.3)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 66.0.3
* Fixed: Address bar on tablets running Windows 10 now behaves
correctly (bmo#1498973)
* Fixed: Performance issues with some HTML5 games (bmo#1537609)
* Fixed a bug with keypress events in IBM cloud applications
(bmo#1538970)
* Fix for keypress events in some Microsoft cloud applications
(bmo#1539618)
* Changed: Updated Baidu search plugin

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser
apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang
pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor

- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)

==== bzr ====
Subpackages: bzr-lang

- Ensure neutrality of descriptions.

==== curl ====
Version update (7.64.0 -> 7.64.1)
Subpackages: libcurl4

- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
* Changes:
- alt-svc: experiemental support added
- configure: add --with-amissl
* Bugfixes:
- AppVeyor: switch VS 2015 builds to VS 2017 image
- CURLU: fix NULL dereference when used over proxy
- Curl_easy: remove req.maxfd - never used!
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
- DoH: inherit some SSL options from user's easy handle
- Secure Transport: no more "darwinssl"
- Secure Transport: tvOS 11 is required for ALPN support
- cirrus: Added FreeBSD builds using Cirrus CI
- cleanup: make local functions static
- cli tool: do not use mime.h private structures
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
- configure: add additional libraries to check for LDAP support
- configure: remove the unused fdopen macro
- configure: show features as well in the final summary
- conncache: use conn->data to know if a transfer owns it
- connection: never reuse CONNECT_ONLY connections
- connection_check: restore original conn->data after the check
- connection_check: set ->data to the transfer doing the check
- cookie: Add support for cookie prefixes
- cookies: dotless names can set cookies again
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
- curl.1: --user and --proxy-user are hidden from ps output
- curl.1: mark the argument to --cookie as
- curl.h: use __has_declspec_attribute for shared builds
- curl: display --version features sorted alphabetically
- curl: fix FreeBSD compiler warning in the --xattr code
- curl: remove MANUAL from -M output
- curl_easy_duphandle.3: clarify that a duped handle has no shares
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
- curl_url.3: this API is not experimental anymore
- dns: release sharelock as soon as possible
- docs: update max-redirs.d phrasing
- examples/10-at-a-time.c: improve readability and simplify
- examples/cacertinmem.c: use multiple certificates for loading CA-chain
- examples/crawler: Fix the Accept-Encoding setting
- examples/ephiperfifo.c: various fixes
- examples/externalsocket: add missing close socket calls
- examples/http2-download: cleaned up
- examples/http2-serverpush: add some sensible error checks
- examples/http2-upload: cleaned up
- examples/httpcustomheader: Value stored to 'res' is never read
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
- examples/sftpuploadresume: Value stored to 'result' is never read
- examples: only include
- examples: remove recursive calls to curl_multi_socket_action
- examples: remove superfluous null-pointer checks
- file: fix "Checking if unsigned variable 'readcount' is less than zero."
- fnmatch: disable if FTP is disabled
- gnutls: remove call to deprecated gnutls_compression_get_name
- gopher: remove check for path == NULL
- gssapi: fix deprecated header warnings
- hostip: make create_hostcache_id avoid alloc + free
- http2: multi_connchanged() moved from multi.c, only used for h2
- http2: verify :athority in push promise requests
- http: make adding a blank header thread-safe
- http: send payload when (proxy) authentication is done
- http: set state.infilesize when sending multipart formposts
- makefile: make checksrc and hugefile commands "silent"
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
- mbedtls: release sessionid resources on error
- memdebug: log pointer before freeing its data
- memdebug: make debug-specific functions use curl_dbg_ prefix
- mime: put the boundary buffer into the curl_mime struct
- multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
- multi: remove verbose "Expire in" ... messages
- multi: removed unused code for request retries
- multi: support verbose conncache closure handle
- negotiate: fix for HTTP POST with Negotiate
- openssl: add support for TLS ASYNC state
- openssl: if cert type is ENG and no key specified, key is ENG too
- pretransfer: don't strlen() POSTFIELDS set for GET requests
- rand: Fix a mismatch between comments in source and header
- runtests: detect "schannel" as an alias for "winssl"
- schannel: be quiet - remove verbose output
- schannel: close TLS before removing conn from cache
- schannel: support CALG_ECDH_EPHEM algorithm
- scripts/completion.pl: also generate fish completion file
- singlesocket: fix the 'sincebefore' placement
- source: fix two 'nread' may be used uninitialized warnings
- ssh: fix Condition '!status' is always true
- ssh: loop the state machine if not done and not blocking
- strerror: make the strerror function use local buffers
- test578: make it read data from the correct test
- tests: Fixed XML validation errors in some test files
- tests: add stderr comparison to the test suite
- tests: fix multiple may be used uninitialized warnings
- threaded-resolver: shutdown the resolver thread without error message
- tool_cb_wrt: fix writing to Windows null device NUL
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
- tool_operate: build on AmigaOS
- tool_operate: fix typecheck warning
- transfer.c: do not compute length of undefined hex buffer
- travis: add build using gnutls
- travis: add scan-build
- travis: bump the used wolfSSL version to 4.0.0
- travis: enable valgrind for the iconv tests
- travis: use updated compiler versions: clang 7 and gcc 8
- unit1307: require FTP support
- unit1651: survive curl_easy_init() fails
- url/idnconvert: remove scan for <= 32 ascii values
- url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
- urlapi: reduce variable scope, remove unreachable 'break'
- urldata: convert bools to bitfields and move to end
- urldata: simplify bytecounters
- urlglob: Argument with 'nonnull' attribute passed null
- version.c: silent scan-build even when librtmp is not enabled
- vtls: rename some of the SSL functions
- wolfssl: stop custom-adding curves
- x509asn1: "Dereference of null pointer"
- x509asn1: cleanup and unify code layout
- zsh.pl: escape ':' character
- zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
* curl-singlesocket-sincebefore-placement.patch

==== glassfish-servlet-api ====

- Do not depend at all on the parent pom, since we are not building
with maven.

==== grantlee5 ====

- Add fix-build-with-Qt-5.13.patch
- Run spec-cleaner

==== javamail ====

- Do not depend on the jvnet-parent pom since we are not building
with maven

==== libosinfo ====
Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0

- Upstream bug fixes from Fabiano FidĂȘncio <fabiano@xxxxxxxxxxxx>
0001-media-Fix-usage-of-application-id.patch
0002-loader-Properly-load-the-arch-value-for-images.patch

==== libstorage-ng ====
Version update (4.1.106 -> 4.1.107)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#634
- added parser for 'btrfs filesystem df'
- probe btrfs with multiple devices
- updated unit test
- added unit test
- added integration tests
- extended documentation
- added pre-check for btrfs
- added checks for nullptr
- renamed variable (that really ties the function together)
- simplyfied interface
- coding style and cleanup
- work on btrfs with multiple devices
- 4.1.107

==== libvirt ====
Version update (5.1.0 -> 5.2.0)
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon
libvirt-daemon-driver-interface libvirt-daemon-driver-libxl
libvirt-daemon-driver-lxc libvirt-daemon-driver-network
libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-qemu libvirt-daemon-driver-secret
libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core
libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi
libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Fix and re-enable snapshot tests
f66f70ac-snapshot-fix-use-after-free.patch
- CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime
for read-only connections and users
2a07c990-api-CVE-2019-3886.patch,
ae076bb4-remote-CVE-2019-3886.patch
bsc#1131595
- spec: BuildRequires rpcgen since ae076bb4-remote-CVE-2019-3886.patch
touches remote_protocol.x
- Update to libvirt 5.2.0
- Many incremental improvements and bug fixes, see
http://libvirt.org/news.html
- Dropped patches:
4ec3cf9a-apparmor-rules.patch,
f38ef0fa-no-RDMA-check.patch,
411cdaf8-apparmor-check-profile-name.patch,
696239ba-qemu-fix-query-cpus-fast.patch,
09eb1ae0-conf-add-xenbus-controller.patch,
fb059757-libxl-add-xenbus-controller.patch,
ec5a1191-libxl-support-max-grant-frames.patch,
5a64c202-xenconfig-support-max-grant-frames.patch
- Added patches:
ff376c62-tests-fix-mocking-stat-lstat.patch,
ebe9c6ea-qemu-firmware-dirent.patch

==== mercurial ====
Subpackages: mercurial-lang

- require openssl python module for runtime (not only build)
(boo#1132347)

==== multipath-tools ====
Version update (0.7.9+139+suse.ed9d450 -> 0.8.0+17+suse.a28893f)
Subpackages: kpartx

- Re-enable kmod-style dependencies for multipath-tools package
(bsc#1119414)
- Separate out libmpath0 (bsc#1119414)
- Spec file improvements
* Add Conflicts: for older multipath-tools to libmpath0
* Move license files to the libmpath0 package, which contains the
code with complex licensing. The executables are GPL-2.0 anyway.
* Remove bogus dependency of -devel package on device-mapper
* -devel package depends on libmpath0, not multipath-tools
* Remove %dir %{_defaultlicensedir} for SLE12-SP3 and newer
(John Vandenberg <jayvdb@xxxxxxxxx>)
* Remove unused /var/cache/multipath directory
* Remove check for multipath maps in %pre and %post
* Remove SLE11-specific multipathd service stop / start from
%pre / %post
* Remove obsolete tools from package description (bsc#1129827)
* Add -n to %service_del_{pre,post}un for multipathd.socket
- Update to version 0.8.0+17+suse.a28893f:
* Code-identical to 0.7.9+139+suse.ed9d450, except for new
version number
- Disable kmod() style dependencies for now, as they are causing
problems with image builds (bsc#1119414). They'd been active
for SLE15-SP1 only, anyway.
- _service: determine "tag offset" manually, the patch count
determined by git is far too high.

==== osinfo-db ====
Version update (20190301 -> 20190319)

- Update database to version 20190319
osinfo-db-20190319.tar.xz

==== plasma5-workspace ====
Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland
plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy

- Fix typos in Groups.

==== python-base ====
Version update (2.7.15 -> 2.7.16)
Subpackages: libpython2_7-1_0 python-xml

- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
removing unnecessary (and potentially harmful) URL scheme
local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
Characters in the netloc attribute that decompose under NFKC
normalization (as used by the IDNA encoding) into any of ``/``,
``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
URL is decomposed before parsing, or is not a Unicode string,
no error will be raised.
Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
* bugfix-only release: complete list of changes on
https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
* Removed openssl-111.patch and
CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
which are fully included in the tarball.
* Updated patches to apply cleanly:
CVE-2019-5010-null-defer-x509-cert-DOS.patch
bpo36160-init-sysconfig_vars.patch
do-not-use-non-ascii-in-test_ssl.patch
openssl-111-middlebox-compat.patch
openssl-111-ssl_options.patch
python-2.5.1-sqlite.patch
python-2.6-gettext-plurals.patch
python-2.7-dirs.patch
python-2.7.2-fix_date_time_compiler.patch
python-2.7.4-canonicalize2.patch
python-2.7.5-multilib.patch
python-2.7.9-ssl_ca_path.patch
python-bsddb6.diff
remove-static-libpython.diff
* Update python-2.7.5-multilib.patch to pass with new platlib
regime.

==== python-gevent ====

- Switch off type_https test as it fails with new Python 2.7.16
- Clean up the SPEC file.

==== python-libvirt-python ====
Version update (5.1.0 -> 5.2.0)

- Update to 5.2.0
- Add all new APIs and constants in libvirt 5.2.0

==== relaxngDatatype ====

- Do not depend on the parent pom and remove its reference from the
pom.xml files, since we are not building using Maven.
- Install unversioned jar/pom files

==== salt ====
Version update (2018.3.2 -> 2019.2.0)
Subpackages: python3-salt salt-master salt-minion

- No longer limiting Python3 version to <3.7
- Async batch implementation
- Added:
* async-batch-implementation.patch
- Update to Salt 2019.2.0 release
For further information see:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html
- Added:
* add-virt.all_capabilities.patch
* add-virt.volume_infos-and-virt.volume_delete.patch
* don-t-call-zypper-with-more-than-one-no-refresh.patch
* include-aliases-in-the-fqdns-grains.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
- Removed:
* accounting-for-when-files-in-an-archive-contain-non-.patch
* add-engine-relaying-libvirt-events.patch
* add-other-attribute-to-gecos-fields-to-avoid-inconsi.patch
* add-support-for-python-3.7.patch
* align-suse-salt-master.service-limitnofiles-limit-wi.patch
* avoid-incomprehensive-message-if-crashes.patch
* change-stringio-import-in-python2-to-import-the-clas.patch
* decode-file-contents-for-python2-bsc-1102013.patch
* do-not-override-jid-on-returners-only-sending-back-t.patch
* don-t-error-on-retcode-0-in-libcrypto.openssl_init_c.patch
* feat-add-grain-for-all-fqdns.patch
* fix-async-call-to-process-manager.patch
* fix-decrease-loglevel-when-unable-to-resolve-addr.patch
* fix-deprecation-warning-bsc-1095507.patch
* fix-diffing-binary-files-in-file.get_diff-bsc-109839.patch
* fix-for-ec2-rate-limit-failures.patch
* fix-for-errno-0-resolver-error-0-no-error-bsc-108758.patch
* fix-for-sorting-of-multi-version-packages-bsc-109717.patch
* fix-index-error-when-running-on-python-3.patch
* fix-latin1-encoding-problems-on-file-module-bsc-1116.patch
* fix-mine.get-not-returning-data-workaround-for-48020.patch
* fix-unboundlocalerror-in-file.get_diff.patch
* fixed-usage-of-ipaddress.patch
* fixing-issue-when-a-valid-token-is-generated-even-wh.patch
* get-os_family-for-rpm-distros-from-the-rpm-macros.-u.patch
* improved-handling-of-ldap-group-id.patch
* only-do-reverse-dns-lookup-on-ips-for-salt-ssh.patch
* option-to-merge-current-pillar-with-opts-pillar-duri.patch
* prepend-current-directory-when-path-is-just-filename.patch
* prevent-zypper-from-parsing-repo-configuration-from-.patch
* remove-old-hack-when-reporting-multiversion-packages.patch
* retire-md5-checksum-for-pkg-mgmt-plugins.patch
* show-recommendations-for-salt-ssh-cross-version-pyth.patch
* strip-trailing-commas-on-linux-user-gecos-fields.patch
* support-use-of-gce-instance-credentials-109.patch
* update-error-list-for-zypper.patch
* x509-fixes-for-remote-signing-106.patch
- Modified:
* add-all_versions-parameter-to-include-all-installed-.patch
* add-cpe_name-for-osversion-grain-parsing-u-49946.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* add-hold-unhold-functions.patch
* add-saltssh-multi-version-support-across-python-inte.patch
* azurefs-gracefully-handle-attributeerror.patch
* bugfix-any-unicode-string-of-length-16-will-raise-ty.patch
* debian-info_installed-compatibility-50453.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* fall-back-to-pymysql.patch
* fix-for-suse-expanded-support-detection.patch
* fix-git_pillar-merging-across-multiple-__env__-repos.patch
* fix-ipv6-scope-bsc-1108557.patch
* fix-issue-2068-test.patch
* fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
* fixes-cve-2018-15750-cve-2018-15751.patch
* get-os_arch-also-without-rpm-package-installed.patch
* integration-of-msi-authentication-with-azurearm-clou.patch
* loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
* remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* x509-fixes-111.patch
* zypper-add-root-configuration-parameter.patch
- Add root parameter to Zypper module
- Added:
* zypper-add-root-configuration-parameter.patch

==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1
libudev1-32bit systemd-32bit systemd-logger systemd-sysvinit udev

- Import commit 4e6e66ea94cf5125f9044f0869939a86801ed2d8
430877e794 pam-systemd: use secure_getenv() rather than getenv() (bsc#1132348
CVE-2019-3842)
3cff2e6514 man: document that if the main process exits after SIGTERM we go
directly to SIGKILL
26c4f7191c bus: fix memleak on invalid message
- systemd-coredump: generate a stack trace of all core dumps (bsc#1128832)
This stack trace is logged to the journal.

==== unbound ====
Subpackages: libunbound2 unbound-anchor

- build python2 and python3 packages with proper name

==== vym ====
Version update (2.6.0 -> 2.7.0)

- Update to upstream 2.7.0 (bugfix and features)

==== xml-commons-apis ====

- Do not depend on the apache-parent, since we are not building
using Maven.

==== xml-commons-resolver ====

- Do not depend on the parent pom since we are not building using
Maven.


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages