Mailinglist Archive: opensuse-factory (269 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20190907 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Mon, 09 Sep 2019 10:05:14 +0000
  • Message-id: <156802351444.20921.13144053884220545376@go-agent-stagingbot-3>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190907

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
ImageMagick (7.0.8.61 -> 7.0.8.63)
MozillaFirefox (68.0.2 -> 68.1.0)
aaa_base (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
apache2
awesfx
bash
bluedevil5 (5.16.4 -> 5.16.5)
breeze (5.16.4 -> 5.16.5)
breeze-gtk (5.16.4 -> 5.16.5)
busybox
cronie
discover (5.16.4 -> 5.16.5)
djvulibre
dmidecode
drkonqi5 (5.16.4 -> 5.16.5)
filesystem
flac (1.3.2 -> 1.3.3)
fwupd
gzip
ibus (1.5.20 -> 1.5.21)
kactivitymanagerd (5.16.4 -> 5.16.5)
kcm_sddm (5.16.4 -> 5.16.5)
kde-gtk-config5 (5.16.4 -> 5.16.5)
kde-user-manager (5.16.4 -> 5.16.5)
kgamma5 (5.16.4 -> 5.16.5)
khotkeys5 (5.16.4 -> 5.16.5)
kinfocenter5 (5.16.4 -> 5.16.5)
kmenuedit5 (5.16.4 -> 5.16.5)
kscreen5 (5.16.4 -> 5.16.5)
kscreenlocker (5.16.4 -> 5.16.5)
ksshaskpass5 (5.16.4 -> 5.16.5)
ksysguard5 (5.16.4 -> 5.16.5)
kwayland-integration (5.16.4 -> 5.16.5)
kwin5 (5.16.4 -> 5.16.5)
ldb (1.5.4 -> 1.5.5)
libcue (2.2.0 -> 2.2.1)
libdb-4_8
libgcrypt (1.8.4 -> 1.8.5)
libkdecoration2 (5.16.4 -> 5.16.5)
libkscreen2 (5.16.4 -> 5.16.5)
libksysguard5 (5.16.4 -> 5.16.5)
libmbim
libogg (1.3.3 -> 1.3.4)
libqt5-qtbase
libqt5-qtimageformats
libqt5-qttools
libsodium
libwebp (1.0.2 -> 1.0.3)
libyui-qt (2.50.4 -> 2.50.5)
milou5 (5.16.4 -> 5.16.5)
nodejs12 (12.4.0 -> 12.10.0)
os-prober
ovmf (201905 -> 201908)
oxygen5 (5.16.4 -> 5.16.5)
perl-Date-Manip (6.77 -> 6.78)
perl-HTTP-Daemon (6.05 -> 6.06)
perl-Net-DNS (1.20 -> 1.21)
phonon4qt5 (4.10.3 -> 4.11.0)
phonon4qt5-backend-gstreamer (4.9.1 -> 4.10.0)
php7 (7.3.8 -> 7.3.9)
plasma5-addons (5.16.4 -> 5.16.5)
plasma5-integration (5.16.4 -> 5.16.5)
plasma5-pa (5.16.4 -> 5.16.5)
polkit-kde-agent-5 (5.16.4 -> 5.16.5)
python-jedi (0.14.1 -> 0.15.1)
rubygem-libyui-rake (0.1.14 -> 0.1.19)
shadow
sharutils
slang
snapper
speexdsp (1.2~rc3 -> 1.2.0)
yast2-hardware-detection (4.1.0 -> 4.1.1)
yast2-nfs-client (4.2.0 -> 4.2.2)
yast2-ntp-client (4.2.2 -> 4.2.3)
yast2-trans (84.87.20190825.25c7d8a3aa -> 84.87.20190901.3784ecca69)
zstd (1.4.2 -> 1.4.3)

=== Details ===

==== ImageMagick ====
Version update (7.0.8.61 -> 7.0.8.63)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4
libMagickCore-7_Q16HDRI6 libMagickWand-7_Q16HDRI6 perl-PerlMagick

- version update to 7.0.8.63
* Properly identify the DNG and AI image format (reference
https://imagemagick.org/discourse-server/viewtopic.php?f=3&t=36581).
* Added option to limit the maximum point size with -define
caption:max-pointsize=pointsize.
* Corrected JP2 numresolution calculation (reference:
https://github.com/ImageMagick/ImageMagick/issues/1673)

==== MozillaFirefox ====
Version update (68.0.2 -> 68.1.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 68.1.0
MFSA 2019-26
* CVE-2019-11751 (bmo#1572838; Windows only)
Malicious code execution through command line parameters
* CVE-2019-11746 (bmo#1564449)
Use-after-free while manipulating video
* CVE-2019-11744 (bmo#1562033)
XSS by breaking out of title and textarea elements using innerHTML
* CVE-2019-11742 (bmo#1559715)
Same-origin policy violation with SVG filters and canvas to steal
cross-origin images
* CVE-2019-11736 (bmo#1551913, bmo#1552206; Windows only))
File manipulation and privilege escalation in Mozilla Maintenance Service
* CVE-2019-11753 (bmo#1574980; Windows only)
Privilege escalation with Mozilla Maintenance Service in custom
Firefox installation location
* CVE-2019-11752 (bmo#1501152)
Use-after-free while extracting a key value in IndexedDB
* CVE-2019-9812 (bmo#1538008, bmo#1538015)
Sandbox escape through Firefox Sync
* CVE-2019-11743 (bmo#1560495)
Cross-origin access to unload event attributes
* CVE-2019-11748 (bmo#1564588)
Persistence of WebRTC permissions in a third party context
* CVE-2019-11749 (bmo#1565374)
Camera information available without prompting using getUserMedia
* CVE-2019-11750 (bmo#1568397)
Type confusion in Spidermonkey
* CVE-2019-11738 (bmo#1452037)
Content security policy bypass through hash-based sources in directives
* CVE-2019-11747 (bmo#1564481)
'Forget about this site' removes sites from pre-loaded HSTS list
* CVE-2019-11735i (bmo#1561404,bmo#1561484,bmo#1568047,bmo#1561912,
bmo#1565744,bmo#1568858,bmo#1570358)
Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
* CVE-2019-11740 (bmo#1563133,bmo#1573160)
Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR
60.9
- switched package to ESR branch
- added mozilla-bmo1568145.patch to make builds reproducible
- removed upstreamed patch mozilla-gcc-internal-compiler-error.patch

==== aaa_base ====
Version update (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1)
Subpackages: aaa_base-extras

- Update to version 84.87+git20190822.82a17f1:
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)

==== apache2 ====
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork
apache2-utils

- Remove redundant metadata from summary.

==== awesfx ====

- Fix the build error and warning:
Fix-the-bogus-return-in-seq_set_gus_bank.patch
Fix-unused-variable-prev-in-strtoken.patch

==== bash ====
Subpackages: bash-doc bash-lang

- Add official patch bash50-008
When HISTSIZE is set to 0, history expansion can leave the history length
set to an incorrect value, leading to subsequent attempts to access invalid
memory.
- Add official patch bash50-009
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.

==== bluedevil5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: bluedevil5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== breeze ====
Version update (5.16.4 -> 5.16.5)
Subpackages: breeze5-cursors breeze5-decoration breeze5-style
breeze5-style-lang breeze5-wallpapers libbreezecommon5-5

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* [SplitterProxy] Don't manually mapToGlobal

==== breeze-gtk ====
Version update (5.16.4 -> 5.16.5)
Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== busybox ====

- Drop busybox-rpm-E.patch, not needed anymore
- Create new "container" subpackage with special stripped down
version for container images (8MB instead of 15MB).

==== cronie ====
Subpackages: cron

- refresh cronie-pam_config.diff to integrate pam_keyinit pam
module [bsc#1144044]

==== discover ====
Version update (5.16.4 -> 5.16.5)
Subpackages: discover-backend-flatpak discover-backend-packagekit discover-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* odrs: fix fetching reviews (kde#411034)
* odrs: don't leak qnam instances

==== djvulibre ====
Subpackages: libdjvulibre21

- Trim conjecture, bias, and metadata repetitions from description.
- Trim descriptions in subpackages for length. (Main package keeps
the bigger one.)
- Use some more macros and limit fdupes to the /usr volume.
- security update
- added patches
CVE-2019-15142 [bsc#1146702]
+ djvulibre-CVE-2019-15142.patch
CVE-2019-15143 [bsc#1146569]
+ djvulibre-CVE-2019-15143.patch
CVE-2019-15144 [bsc#1146571]
+ djvulibre-CVE-2019-15144.patch
CVE-2019-15145 [bsc#1146572]
+ djvulibre-CVE-2019-15145.patch
do not segfault when libtiff encounters corrupted TIFF (upstream issue #295)
+ djvulibre-invalid-tiff.patch

==== dmidecode ====

2 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
formatting of TPM table output (missing newlines).

==== drkonqi5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: drkonqi5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* make fixture file name windows-safe

==== filesystem ====

- Move /etc.cron.* directories to cron package
- Add /usr/etc

==== flac ====
Version update (1.3.2 -> 1.3.3)
Subpackages: libFLAC++6 libFLAC8

- Update to release 1.3.3
* Improve SIMD decoding of 24 bit files
- Drop flac-CVE-2017-6888.patch (merged upstream)

==== fwupd ====
Subpackages: fwupd-lang libfwupd2

- Add fwupd-bsc1143905-hash-the-source-files.patch to hash the
source files instead of libfwupdprivate.a to avoid the checksum
change due to the random naming LTO profile sections
(bsc#1143905)

==== gzip ====

- refresh gzip-1.10-ibm_dfltcc_support.patch to fix three data
corruption issues [bsc#1145276] [jsc#SLE-5818] [jsc#SLE-8914]

==== ibus ====
Version update (1.5.20 -> 1.5.21)
Subpackages: ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5
libibus-1_0-5-32bit typelib-1_0-IBus-1_0

- Upstream update to 1.5.21
* Enable to run ibus-setup with a different python
* Update ibusunicodegen.h for Unicode UCD 12.0
* Add ibus.its for IME's component files
* Make ISO 639 language names with title
* Keep preedit cursor_pos and visible in clearing preedit text
* Support long sequences and multiple output characters for
compose table
- fix boo#1138123
* Exit ibus-daemon with parent's death
* Update Wayland input-method protocol to unstable v1
* Indistinguishable address of ibus-daemon
* Update LOCALES_STRING
* Fix typos
- Drop ibus-fix-check-abs-icon-path-support.patch
* not necessary anymore since the current Qt is enough new
- Stop exporting OOO_FORCE_DESKTOP (boo#1042136)
* KDE4 LibreOffice VCL plugin was removed from upstream
* New KDE5/Qt5 VCL plugin supporting Qt IM Module will be
available

==== kactivitymanagerd ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kactivitymanagerd-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kcm_sddm ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kcm_sddm-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kde-gtk-config5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kde-gtk-config5-gtk2 kde-gtk-config5-gtk3 kde-gtk-config5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Fix build with pango 1.44

==== kde-user-manager ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kde-user-manager-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kgamma5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kgamma5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== khotkeys5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: khotkeys5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kinfocenter5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kinfocenter5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kmenuedit5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kmenuedit5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kscreen5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kscreen5-lang kscreen5-plasmoid

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Add missing includes

==== kscreenlocker ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kscreenlocker-lang libKScreenLocker5

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Port away from deprecated KWindowSystem API

==== ksshaskpass5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: ksshaskpass5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== ksysguard5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: ksysguard5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== kwayland-integration ====
Version update (5.16.4 -> 5.16.5)

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Remove slideWindow(QWidget*) overload with recent KWindowSystem
* Fix build with recent frameworks and Qt 5.13

==== kwin5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: kwin5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* [effects/desktopgrid] Don't change activities (kde#301447)
* Remove slideWindow(QWidget*) overload with recent KWindowSystem

==== ldb ====
Version update (1.5.4 -> 1.5.5)
Subpackages: libldb1 libldb1-32bit python3-ldb

- Update to 1.5.5
+ LDAP_REFERRAL_SCHEME_OPAQUE was added to ldb_module.h; (bso#12478);
+ Skip @ records early in a search full scan; (bso#13893);

==== libcue ====
Version update (2.2.0 -> 2.2.1)

- Update to release 2.2.1
* Updates to the build procedure only

==== libdb-4_8 ====
Subpackages: db48-utils libdb-4_8-32bit libdb-4_8-devel

- Add opd deadlock patch as found and documented by Red Hat.
(bsc#1148244)
* 0001-OPD-deadlock-RH-BZ-1349779.patch
- Remove the getpatches as it does not work at all, oracle
removed the pages
- Use spec-cleaner
- Fix stripped debuginfo to make sure we can debug with libdb

==== libgcrypt ====
Version update (1.8.4 -> 1.8.5)
Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac

- libgcrypt 1.8.5:
* CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987)
* Improve ECDSA unblinding
* Provide a pkg-config file

==== libkdecoration2 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private6

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== libkscreen2 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: libKF5Screen7 libkscreen2-plugin

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== libksysguard5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: libksysguard5-helper libksysguard5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== libmbim ====
Subpackages: libmbim-glib4 mbimcli-bash-completion

- Add libmbim-fix-build-commits.patch: Fix build with new glib2.
- Follwing the above patch, add libtool BuildRequires and pass
autoreconf as the patch touches the buildsystem.
- Use modern macros and url's.

==== libogg ====
Version update (1.3.3 -> 1.3.4)
Subpackages: libogg0 libogg0-32bit

- Update to release 1.3.4
* Faster slice-by-8 CRC32 implementation.
See https://lwn.net/Articles/453931/ for motivation.

==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5
libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql
libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5
libqt5-qtbase-platformtheme-gtk3

- Add patch to fix crash during Drag-and-Drop:
* 0001-Fix-crash-with-drag-cursor-handling.patch

==== libqt5-qtimageformats ====

- bsc#1144249 - Drop jasper dependency from libqt5-qtimageformats:
Removes JPEG2000 support
- Remove jas_version.patch

==== libqt5-qttools ====
Subpackages: libQt5Designer5 libQt5Help5 libqt5-qdbus libqt5-qtpaths

- Split qcollectiongenerator and qhelpgenerator into a subpackage
which is required by the Qt5Help cmake module
- Remove the accidental dependency from the devel package on the
Qt Designer example plugins, referenced in the cmake files.
- Move the example plugins to a separate subpackage.
- Require libqt5-qttools again. This is causing multiple build issues.
- Clean the spec file.
- Drop some not unnecessary library runtime Requires: libQt5Designer5,
libQt5DesignerComponents5, libQt5Help5, pulled in automatically.
- Change libqt5-qttools and libqt5-qttools-doc Requires in devel
subpackage to Recommends, as the tools are not required for building.
- Make some Summaries and Descriptions more useful.
- Correct requires for matching Clang headers, the headers are part
of the libclang package for current Clang versions

==== libsodium ====

- Revert previous change about cpuid as previous change rejected
in https://build.opensuse.org/request/show/724809
- Disable LTO as bypass boo#1148184
- Add libsodium_configure_cpuid_chg.patch and call autoconf
to regenerate configure script with proper CPUID checking.
Required at least for PowerPC and ARM now that LTO enabled.

==== libwebp ====
Version update (1.0.2 -> 1.0.3)
Subpackages: libwebp7 libwebpdemux2 libwebpmux3

- Update to new upstream release 1.0.3
* Resize fixes for Nx1 sizes and the addition of non-opaque
alpha values for odd sizes.
* Lossless encode/decode performance improvements.
* Lossy compression performance improvement at low quality
levels with flat content.
* vwebp will now preserve the aspect ratio of images that
exceed monitor resolution by scaling the image to fit.

==== libyui-qt ====
Version update (2.50.4 -> 2.50.5)

- pollEventInternal/UI.PollInput would produce no events (bsc#1139967)
- 2.50.5

==== milou5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: milou5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== nodejs12 ====
Version update (12.4.0 -> 12.10.0)
Subpackages: nodejs12-devel npm12

- Update to 12.10.0:
* deps:
+ update npm to 6.10.3
* fs:
+ Add recursive option to rmdir()
+ Allow passing true to emitClose option
+ Add *timeNs properties to BigInt Stats objects
* net:
+ Allow reading data into a static buffer
- versioned.patch: refreshed
- Update to 12.9.0:
* crypto: Added an oaepHash option to asymmetric encryption which
allows users to specify a hash function when using OAEP padding
* deps: Updated V8 to 7.6.303.29
+ Improves the performance of various APIs such as JSON.parse
and methods called on frozen arrays.
+ Adds the Promise.allSettled method.
+ Improves support of BigInt in Intl methods.
+ For more information: https://v8.dev/blog/v8-release-76
* fs: Added fs.writev, fs.writevSync and filehandle.writev
(promise version) methods.
* http: Added three properties to OutgoingMessage.prototype:
writableObjectMode, writableLength and writableHighWaterMark
* stream:
+ Added an new property 'readableEnded' to readable streams.
+ Added an new property 'writableEnded' to writable streams.
- fix_ci_tests.patch: refreshed
- Update to 12.8.1:
Security update regarding HTTP/2 Denial of Service vulnerabilities
For details see,

https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V12.md#12.8.1

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
(CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514,
bsc#1146091, bsc#1146099, bsc#1146094, bsc#1146095,
CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518,
bsc#1146100, bsc#1146090, bsc#1146097, bsc#1146093)
- Minimum ICU version is 64. Use in-tree ICU copy for older
distributions
- dont_return_garbage.patch: dropped and turn off unnecessary
errors about it during compilation
- Update to 12.8.0:
* crypto:
+ The outputLength option is added to crypto.createHash
+ The maxmem range is increased from 32 to 53 bits
* n-api: Added APIs for per-instance state management
* report: Network interfaces get included in the report
* src: v8.getHeapCodeStatistics() is now exported
- Update to 12.7.0:
* deps:
+ Updated nghttp2 to 1.39.1
+ Updated npm to 6.10.0 (bsc#1140290, CVE-2019-13173)
* esm: Implemented experimental "pkg-exports" proposal.
* http:
+ Added response.writableFinished
+ Exposed headers, rawHeaders and other fields on an
http.ClientRequest "information" event
* inspector: Added inspector.waitForDebugger()
* policy: Added --policy-integrity=sri CLI option to mitigate
policy tampering
* readline,tty: Exposed stream API
* src: Use cgroups to get memory limits.
- Changes in version 12.6.0:
* child_process: The promisified versions of child_process.exec
and child_process.execFile now both return a Promise which
has the child instance attached to their child property
* deps: Updated libuv to 1.30.1
* process: A new method, process.resourceUsage() was added
* stream: Added a writableFinished property to writable streams.
* worker: Fixed an issue that prevented worker threads to listen
for data on stdin
- Changes in version 12.5.0:
* build: Improve startup time by enabling V8 snapshots by default
* deps: Updated V8 to 7.5.288.22
* inspector: The --inspect-publish-uid flag was added to specify
ways of the inspector web socket url exposure
* n-api: Accessors on napi_define_* are now ECMAScript-compliant
* report: The cpu info got added to the report output
* src: Restore the original state of the stdio file descriptors
on exit to prevent leaving stdio in raw or non-blocking mode
* worker: worker.terminate() now returns a promise
- refreshed patches: dont_return_garbage.patch, fix_ci_tests.patch,
nodejs-libpath.patch, versioned.patch

==== os-prober ====

- Fix duplicated distro detected on btrfs multiple device (bsc#1142858)
* os-prober-btrfs-multiple-device.patch
- Update URL for downloading source archive from Debain Salsa server
* os-prober.spec
- Added
* os-prober-1.76.tar.bz2
- Removed
* os-prober_1.76.tar.xz

==== ovmf ====
Version update (201905 -> 201908)
Subpackages: qemu-ovmf-x86_64

- Update to edk2-stable201908
+ OvmfPkg: Introduce platform OvmfXen
+ OvmfPkg/ResetSystemLib: Add missing dependency on PciLib
+ MdeModulePkg DxeCore: Fix for missing Memory Attributes Table
(MAT) update
+ BaseTools: Fixed issue of incorrect Module Unique Name
+ CryptoPkg/OpensslLib: Add missing header files in INF file
+ SecurityPkg/SecurityPkg.uni: Add missing strings for new PCDs
+ MdeModulePkg/DxeIplPeim: Initialize pointer PageMapLevel5Entry
+ MdeModulePkg/MdeModulePkg.dec: Remove gEfiDpcProtocolGuid
+ Readme.md: add submodule policy and clone commands
+ MdeModulePkg/DxeIplPeim: Relocate operation of
PageMapLevel5Entry++
+ MdeModulePkg: Add missing header files in INF files
+ MdePkg: Add MmAccess and MmControl definition.
+ CryptoPkg/BaseCryptLib: Wrap OpenSSL HKDF algorithm
+ MdeModulePkg/DxeIpl: Create 5-level page table for long mode
+ MdeModulePkg/DxeIpl: Introduce PCD PcdUse5LevelPageTable
+ UefiCpuPkg/CpuDxe: Support parsing 5-level page table
+ UefiCpuPkg/MpInitLib: Enable 5-level paging for AP when BSP's
enabled
+ OvmfPkg/PlatformPei: Change referenced MSR name.
+ UefiCpuPkg/PiSmmCpuDxeSmm: Add check for pointer Pml5Entry
+ SecurityPkg/SecurityPkg.dec: Remove trailing white space
+ MdeModulePkg/PiSmmCore: Use unique structure signatures
+ UefiCpuPkg/MpInitLib: don't shadow the microcode patch twice.
+ ShellPkg: improve acpiview
+ MdePkg: Add PI 1.5 SmramMemoryReserve HOB file
+ MdePkg/PciExpress21.h: Fix the PCI industry standard register
defines
+ CryptoPkg/BaseCryptLib: Use cmp-operator for non-Boolean
comparisons
+ ArmPkg: DebugPeCoffExtraActionLib: fix trivial comment typos
+ ArmPkg: DebugPeCoffExtraActionLib: debugger commands are not
errors
+ UefiCpuPkg/RegisterCpuFeaturesLib: Start all processors
simultaneously.
+ UefiCpuPkg: Add new EDKII_PEI_MP_SERVICES2_PPI
+ list module-internal header files in INF [Sources]
+ SecurityPkg: introduce the SM3 digest algorithm
+ BaseTools: Fix python3.8 SyntaxWarning
+ BaseTools: Add HOST_APPLICATION module type.
+ UefiCpuPkg/PiSmmCpu: Enable 5 level paging when CPU supports
+ MdePkg/BaseLib.h: Update IA32_CR4 structure for 5-level paging
+ UefiCpuPkg RegisterCpuFeaturesLib: Fix an ASSERTION issue
+ ArmPlatformPkg: Actually disable PL031 interrupts
+ UefiCpuPkg/PiSmmCpu: Change variable names and comments to follow
SDM
+ OvmfPkg: use DxeTpmMeasurementLib if and only if TPM2_ENABLE
+ ArmPlatformPkg: Fix various typos
+ ArmPkg: Fix various typos
+ Remove IntelFrameworkPkg
+ Remove IntelFrameworkModulePkg
+ MdeModulePkg/BdsDxe: Use a pcd to control PlatformRecovery
+ MdeModulePkg: Add a pcd to set the OS indications bit
+ SecurityPkg: Remove DxeDeferImageLoadLib in DSC
+ BaseTools:Linux changes the way the latest version is judged
+ Fix indentation in edksetup.sh SetupPython3
+ MdeModulePkg/SdMmcHcDxe: Implement revision 3 of
SdMmcOverrideProtocol
+ MdeModulePkg/SdMmcOverride: Add GetOperatingParam notify phase
+ MdeModulePkg/UfsPassThruDxe: Fix unaligned data transfer
handling
+ ArmVirtPkg: handle NETWORK_TLS_ENABLE in ArmVirtQemu*
+ UefiCpuPkg/MpInitLib: MicrocodeDetect: Ensure checked range is
valid
+ MdeModulePkg/UfsPassThruDxe: Refactor UFS device presence
detection
+ PcAtChipsetPkg: Remove framework modules
+ SecurityPkg: add FvReportPei.inf in dsc for build validation
+ SecurityPkg/FvReportPei: implement a common FV verifier and
reporter
+ SecurityPkg: add definitions for OBB verification
+ OvmfPkg: don't assign PCI BARs above 4GiB when CSM enabled
+ OvmfPkg: Don't build in QemuVideoDxe when we have CSM
+ OvmfPkg/LegacyBbs: Add boot entries for VirtIO and NVME
devices
+ OvmfPkg/LegacyBios: set NumberBbsEntries to the size of
BbsTable
+ SecurityPkg: Add missing instances for build only
+ BaseTools: Move Build Cache related function out of
CreateAsBuiltInf
+ BaseTools: refine CreateAsBuiltInf function
+ BaseTools:Add DetectNotUsedItem.py to Edk2\BaseTools\Scripts
+ BaseTools:Add import in FvImageSection
+ MdeModulePkg/PeiMain: PeiAllocatePool: output NULL if HOB
creation fails
+ MdePkg: Add Generic Initiator Affinity Structure definitions
to SRAT
+ BaseTools:Introduce CopyFileOnChange() function to copy cache
files
+ MdeModulePkg: Add missing instances for build only
+ SourceLevelDebugPkg: Add missing instances for build only
+ CryptoPkg: Add missing instance for build only
+ MdeModulePkg: Introduce EDKII_SERIAL_PORT_LIB_VENDOR_GUID
+ MdeModulePkg/GraphicsConsoleDxe: Initialize the output mode
+ MdeModulePkg/ConSplitterDxe: Optimize the
ConSplitterTextOutSetMode
+ BaseTools: add script to configure local git options
+ BaseTools: add centralized location for git config files
+ OvmfPkg/QemuVideoDxe: Shouldn't assume system in VGA alias
mode.
- Refresh ovmf-gdb-symbols.patch
- Enable NETWORK_TLS_ENABLE for AArch64

==== oxygen5 ====
Version update (5.16.4 -> 5.16.5)

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* [SplitterProxy] Don't manually mapToGlobal

==== perl-Date-Manip ====
Version update (6.77 -> 6.78)

- updated to 6.78
see /usr/share/doc/packages/perl-Date-Manip/Changes
6.78 2019-08-29
- Time zone fixes
Newest zoneinfo data (tzdata 2019b).
- Documentation fixes
Fixed a broken link. Mohammad S Anwar (GitHub #29)

==== perl-HTTP-Daemon ====
Version update (6.05 -> 6.06)

- updated to 6.06
see /usr/share/doc/packages/perl-HTTP-Daemon/Changes
6.06 2019-08-29 14:23:17Z
- Delimit IPv6 numeric address with brackets and URI-quote an IPv6 zone
separator in url() method output (GH#32) (Petr Pisar)
- Handle undef and empty LocalAddr value in new() constructor as an
unspecified address (GH#24, RT#123069) (Petr Pisar)
- Use IO::Socket::IP for IPv6 support. (GH#31) (Chase Whitener)

==== perl-Net-DNS ====
Version update (1.20 -> 1.21)

- updated to 1.21
see /usr/share/doc/packages/perl-Net-DNS/Changes

==== phonon4qt5 ====
Version update (4.10.3 -> 4.11.0)
Subpackages: libphonon4qt5 phonon4qt5-lang

- Add designer plugin directory to directories owned by the devel
package, as libqt5-qttools is no longer pulled in.
- Update to 4.11.0:
* Features
+ New phononsettings application for advanced users to control
PulseAudio device preference by-category and Phonon backend
selection. This application is an advanced utility and you
shouldn't need to visit it if you aren't very certain that
something needs changing. This replaces the previously
available System Settings module for Phonon.
* Changes
+ The backends Phonon VLC 0.11+ or Phonon GStreamer 4.10+ are
required to build with this version of libphonon! Older
versions will no longer build because of aggressive clean up
of legacy compatibility code in the build system.
+ Qt4 support has been removed. Qt5 is now the default. If you
still need the Qt4 version for whatever reason it's
recommended that you port to Qt5 quickly seeing as Qt4 is
getting really long in the tooth. Since the Qt4 and Qt5
version are fully co-installable you can continue to use
4.10 for Qt4 while using 4.11 for Qt5 should it be necessary.
+ CMake 3.5 is now required for building
+ Installation paths are now controlled by the KDEInstallDirs
CMake include instead of the GNUInstallDirs one
+ CCFlag and CMake settings are now shared with other KDE
software as per the extra-cmake-modules framework
+ PHONON_BUILD_DESCRIPTOR option no longer supported.
+ PHONON_BUILD_DECLARATIVE_PLUGIN option no longer supported.
It made little to no sense on Qt5.
+ PHONON_INSTALL_QT_COMPAT_HEADERS option no longer supported.
It made no sense on Qt5.
+ PHONON_NO_DBUS option no longer supported. The DBus interface
was only used to communicate with the settings interface in
Plasma, but hasn't been used in many years. This effectively
removes QtDBus as dependency.
+ PHONON_ASSERT_STATES option no longer supported. The state
machine is now always enabled unless Q_ASSERTs as a whole are
disabled (i.e. the build is not a Debug-ish build).
+ PHONON_INSTALL_QT_EXTENSIONS_INTO_SYSTEM_QT option no longer
supported. Replaced by ECM's KDE_USE_QT_SYS_PATHS.
* Bug Fixes
+ The default preference of backends is now properly
implemented. This was previously reversed.

==== phonon4qt5-backend-gstreamer ====
Version update (4.9.1 -> 4.10.0)
Subpackages: phonon4qt5-backend-gstreamer-lang

- Update to 4.10.0
* Changes
+ This version of Phonon GStreamer is compatible with Phonon
4.11+ and its revised build systems. Older versions of Phonon
GStreamer no longer build against newer Phonon releases.
Conversely this version no longer builds with older Phonon
releases.
+ Qt4 support has been removed. Qt5 is now the default.
* Bug Fixes
+ Subtitles no longer outlive the media they were associated
with.

==== php7 ====
Version update (7.3.8 -> 7.3.9)
Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype
php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd
php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql
php7-odbc php7-openssl php7-pdo php7-pear php7-pgsql php7-shmop php7-snmp
php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer
php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zlib

- updated to 7.3.9: This is a security release which also contains
several bug fixes. See https://www.php.net/ChangeLog-7.php#7.3.9

==== plasma5-addons ====
Version update (5.16.4 -> 5.16.5)
Subpackages: plasma5-addons-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Fix build
* Fix #410744: Duplicate results when a 2nd unit is partially written in
krunner (kde#410744)
* Remove colon (:) prefix when looking up dictionary word (kde#376905)

==== plasma5-integration ====
Version update (5.16.4 -> 5.16.5)
Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== plasma5-pa ====
Version update (5.16.4 -> 5.16.5)
Subpackages: plasma5-pa-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- Changes since 5.16.4:
* Fix speaker test not showing sinks/buttons
* [Microphone Indicator] Don't show if there are no microphones

==== polkit-kde-agent-5 ====
Version update (5.16.4 -> 5.16.5)
Subpackages: polkit-kde-agent-5-lang

- Update to 5.16.5
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.16.5.php
- No code changes since 5.16.4

==== python-jedi ====
Version update (0.14.1 -> 0.15.1)

- update to version 0.15.1:
* Small bugfix and removal of a print statement
- changes from version 0.15.0:
* Added file path completions, there's a new "Completion.type" path,
now. Example: '/ho -> '/home/
* *args/**kwargs resolving. If possible Jedi replaces the parameters
with the actual alternatives.
* Better support for enums/dataclasses
* When using Interpreter, properties are now executed, since a lot
of people have complained about this. Discussion in #1299, #1347.
* New APIs:
+ Definition.get_signatures() -> List[Signature]. Signatures are
similar to CallSignature. Definition.params is therefore
deprecated.
+ Signature.to_string() to format call signatures.
+ Signature.params -> List[ParamDefinition], ParamDefinition has
the following additional attributes infer_default(),
infer_annotation(), to_string(), and kind.
+ Definition.execute() -> List[Definition], makes it possible to
infer return values of functions.

==== rubygem-libyui-rake ====
Version update (0.1.14 -> 0.1.19)

- Unified spec_version (bsc#1149618)
- 0.1.19
- Fix libyui/tasks.rb permissions (bsc#1145602)
- 0.1.18
- Added SLE-12-SP5 target (bsc#1145480)
- 0.1.17
- :sle_latest is SLE15-SP2 now (bsc#1138835)
- 0.1.16
- Added version:tag task (bsc#1133435)
- 0.1.15

==== shadow ====

- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files
to support kernel keyring feature
- Update pamd.tar.bz2 with pam configuration files accordingly
- encryption_method_nis.patch: drop, DES should really not be used
anymore anywhere, even with NIS
- shadow-login_defs-suse.patch: remove encryption NIS entry

==== sharutils ====
Subpackages: sharutils-lang

- Drop mailx BuildRequires. The "sync directories over mail" feature
has been removed in 4.11.1.

==== slang ====
Subpackages: libslang2 slang-slsh

- Use FAT LTO objects in order to provide proper static library.

==== snapper ====
Subpackages: libsnapper4 snapper-zypp-plugin

- reusing existing subvolumes on mksubvolume run
(bsc#1138725, bsc#1126900, gh#openSUSE/snapper#236)

==== speexdsp ====
Version update (1.2~rc3 -> 1.2.0)

- Update to release 1.2.0
* No changelog provided
- Drop speexdsp-fixbuilds-774c87d.patch (merged)

==== yast2-hardware-detection ====
Version update (4.1.0 -> 4.1.1)

- add bug number (bsc#1148310)
- Handle arch_riscv
- 4.1.1

==== yast2-nfs-client ====
Version update (4.2.0 -> 4.2.2)

- Set X-SuSE-YaST-AutoInstResource in desktop file (bsc#144894).
- 4.2.2
- Using rb_default_ruby_abi tag in the spec file in order to
handle several ruby versions (bsc#1146403).
- 4.2.1

==== yast2-ntp-client ====
Version update (4.2.2 -> 4.2.3)

- Add cron BuildRequires: needed for /etc/cron.* ownership. As
those directories have special permissions it is easier/cheaper
to buildrequire cron (boo#1148950).
- 4.2.3

==== yast2-trans ====
Version update (84.87.20190825.25c7d8a3aa -> 84.87.20190901.3784ecca69)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn
yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da
yast2-trans-de yast2-trans-el yast2-trans-en yast2-trans-en_GB
yast2-trans-en_US yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi
yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr
yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv
yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt
yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa
yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru
yast2-trans-si yast2-trans-sk yast2-trans-sr yast2-trans-sv yast2-trans-ta
yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa
yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu

- Update to version 84.87.20190901.3784ecca69:
* Translated using Weblate (Danish)
* Translated using Weblate (Danish)
* Translated using Weblate (German)
* Translated using Weblate (Slovak)
* Translated using Weblate (Catalan)
* Translated using Weblate (Portuguese (Brazil))
* Translated using Weblate (Dutch)
* Translated using Weblate (Japanese)
* Translated using Weblate (Czech)
* New POT for text domain 'storage'.
* Translated using Weblate (Albanian)
* Translated using Weblate (Albanian)
* Translated using Weblate (German)
* Translated using Weblate (Galician)

==== zstd ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libzstd-devel libzstd1

- Update to version 1.4.3
* bug: Fix Dictionary Compression Ratio Regression (#1709)
* bug: Fix Buffer Overflow in v0.3 Decompression (#1722)
* build: Add support for IAR C/C++ Compiler for Arm (#1705)
* misc: Add NULL pointer check in util.c (#1706)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups