Mailinglist Archive: opensuse-factory (269 mails)

< Previous Next >
[opensuse-factory] Leap 15.2 Build 498.2 released!
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Fri, 27 Sep 2019 16:05:43 +0000
  • Message-id: <156960034369.28629.17736839851322385307@go-agent-stagingbot-3>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to discuss some issues, make sure to change the subject.
Please use the test plan at
to record your testing efforts and use bugzilla to report bugs.

Packages changed:
MozillaFirefox (60.6.2 -> 60.8.0)
ceph ( ->
chromium (76.0.3809.132 -> 77.0.3865.75)
cups-filters (1.20.3 -> 1.25.0)
curl (7.60.0 -> 7.66.0)
kernel-source (5.3.rc7 -> 5.3.0)
libreoffice ( ->
libstorage-ng (4.2.3 -> 4.2.11)
libvirt (5.1.0 -> 5.7.0)
makedumpfile (1.6.3 -> 1.6.6)
python-libvirt-python (5.1.0 -> 5.7.0)
samba (4.9.5+git.176.375e1f05788 -> 4.9.5+git.187.71edee57d5a)
yast2 (4.2.20 -> 4.2.21)
yast2-control-center (4.1.7 -> 4.2.2)
yast2-installation (4.2.12 -> 4.2.13)
yast2-network (4.2.11 -> 4.2.12)
yast2-packager (4.2.24 -> 4.2.25)
yast2-schema (4.2.2 -> 4.2.3)
yast2-security (4.2.1 -> 4.2.2)
yast2-services-manager (4.2.4 -> 4.2.5)
yast2-storage-ng (4.2.36 -> 4.2.38)
yast2-ycp-ui-bindings (4.1.0 -> 4.2.1)

=== Details ===

==== Mesa ====
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1

- U_intel-Add-support-for-Comet-Lake.patch
* adds support for Cometlake (jira #SLE-4983, bsc#1137515)

==== Mesa-drivers ====
Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau
libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon

- U_intel-Add-support-for-Comet-Lake.patch
* adds support for Cometlake (jira #SLE-4983, bsc#1137515)

==== MozillaFirefox ====
Version update (60.6.2 -> 60.8.0)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox Firefox ESR 60.8
MFSA 2019-22 (bsc#1140868)
* CVE-2019-9811 (bmo#1538007, bmo#1539598, bmo#1563327)
Sandbox escape via installation of malicious language pack
* CVE-2019-11711 (bmo#1552541)
Script injection within domain through inner window reuse
* CVE-2019-11712 (bmo#1543804)
Cross-origin POST requests can be made with NPAPI plugins by
following 308 redirects
* CVE-2019-11713 (bmo#1528481)
Use-after-free with HTTP/2 cached stream
* CVE-2019-11729 (bmo#1515342)
Empty or malformed p256-ECDH public keys may trigger a
segmentation fault
* CVE-2019-11715 (bmo#1555523)
HTML parsing error can contribute to content XSS
* CVE-2019-11717 (bmo#1548306)
Caret character improperly escaped in origins
* CVE-2019-11719 (bmo#1540541)
Out-of-bounds read when importing curve25519 private key
* CVE-2019-11730 (bmo#1558299)
Same-origin policy treats all files in a directory as having
the same-origin
* CVE-2019-11709 (bmo#1515052, bmo#1533522, bmo#1539219,
bmo#1540759, bmo#1547266, bmo#1547757, bmo#1548822,
bmo#1550498, bmo#1550498)
Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
- Mozilla Firefox Firefox 60.7.2
MFSA 2019-19 (bsc#1138872)
* CVE-2019-11708 (bmo#1559858)
sandbox escape using Prompt:Open
- Mozilla Firefox Firefox 60.7.1
MFSA 2019-18 (bsc#1138614)
* CVE-2019-11707 (bmo#1544386)
Type confusion in Array.pop
- Added the new Mozilla's GPG key with subkey fingerprint
097B 3130 77AE 62A0 2F84 DA4D F1A6 668F BB7D 572E, expiring on
2021-05-29 to the mozilla.keyring file
- Fix broken language plugins (bsc#1137792)
- update to Firefox ESR 60.7 (bsc#1135824)
* Font and date adjustments to accommodate the new Reiwa era
in Japan
* MFSA 2019-14/CVE-2019-9817
Stealing of cross-domain images using canvas
* MFSA 2019-14/CVE-2019-9800
(bmo#1499108, bmo#1499719, bmo#1516325, bmo#1532465,
bmo#1533554, bmo#1534593, bmo#1535194, bmo#1535612,
bmo#1538042, bmo#1538619, bmo#1538736, bmo#1540136,
bmo#1540166, bmo#1541580, bmo#1542097, bmo#1542324,
Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
* MFSA 2019-14/CVE-2019-9816
Type confusion with object groups and UnboxedObjects
* MFSA 2019-14/CVE-2019-9815
(bmo#1546544, bmo#
Disable hyperthreading on content JavaScript threads on macOS
* MFSA 2019-14/CVE-2019-11698
Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
* MFSA 2019-14/CVE-2019-11692
Use-after-free removing listeners in the event listener
* MFSA 2019-14/CVE-2019-11693
Buffer overflow in WebGL bufferdata on Linux
* MFSA 2019-14/CVE-2019-7317
Use-after-free in png_image_free of libpng library
* MFSA 2019-14/CVE-2019-9820
Use-after-free of ChromeEventHandler by DocShell
* MFSA 2019-14/CVE-2019-9818
Use-after-free in crash generation server
* MFSA 2019-14/CVE-2019-11691
Use-after-free in XMLHttpRequest
* MFSA 2019-14/CVE-2019-9819
Compartment mismatch with fetch API
* MFSA 2019-14/CVE-2019-11694
Uninitialized memory memory leakage in Windows sandbox
- Sync with Devel:Desktop:Mozilla:*:next
- Enable Firefox to build with Rust >= 1.30 with fix. See below.
- update to 60.6.3 (bmo#1549249)
* Further improvements to re-enable web extensions which had been
disabled for users with a master password set.

==== MozillaFirefox-branding-openSUSE ====

- layout.word_select.stop_at_punctuation -> true (boo#1133163)

==== aaa_base ====
Subpackages: aaa_base-extras aaa_base-malloccheck

- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)

==== bash ====
Subpackages: bash-doc bash-lang libreadline7 readline-doc

- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as
map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm"
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
5.0 to perform better with large numbers of sub processes (bsc#1133773)

==== ceph ====
Version update ( ->
Subpackages: librados2 librbd1

- Update to 14.2.2-354-g8878cf2360:
+ rgw: Move upload_info declaration out of conditional (bsc#1137189,

==== chromium ====
Version update (76.0.3809.132 -> 77.0.3865.75)

- Add patch from Fedora for cert transparency:
* chromium-77.0.3865.75-certificate-transparency.patch
- Add patches from gentoo:
* chromium-77-clang.patch
* chromium-77-gcc-no-opt-safe-math.patch
* chromium-77-no-cups.patch
* chromium-77-std-string.patch
- Update patch old-libva.patch to build on openSUSE Leap 15.0
- Update to chromium 77.0.3865.75 bsc#1150425:
* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers
* CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy
* CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass
* CVE-2019-13666: Side channel using storage size estimate
* CVE-2019-13667: URI bar spoof when using external app URIs
* CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools
* CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash
* CVE-2019-13676: Google URI shown for certificate warning
* CVE-2019-13677: Chrome web store origin needs to be isolated
* CVE-2019-13678: Download dialog spoofing
* CVE-2019-13679: User gesture needed for printing
* CVE-2019-13680: IP address spoofing to servers
* CVE-2019-13681: Bypass on download restrictions
* CVE-2019-13682: Site isolation bypass
* CVE-2019-13683: Exceptions leaked by devtools
- Added patches:
* chromium-77-blink-include.patch
* chromium-77-fix-gn-gen.patch
* chromium-77-gcc-abstract.patch
* chromium-77-gcc-include.patch
* chromium-77-system-hb.patch
* chromium-unbundle-zlib.patch
- Removed merged patches:
* chromium-76-gcc-ambiguous-nodestructor.patch
* chromium-76-gcc-blink-constexpr.patch
* chromium-76-gcc-blink-namespace1.patch
* chromium-76-gcc-blink-namespace2.patch
* chromium-76-gcc-gl-init.patch
* chromium-76-gcc-include.patch
* chromium-76-gcc-noexcept.patch
* chromium-76-gcc-private.patch
* chromium-76-gcc-pure-virtual.patch
* chromium-76-gcc-uint32.patch
* chromium-76-gcc-vulkan.patch
* chromium-76-quiche.patch
* chromium-angle-inline.patch
* chromium-fix-char_traits.patch
* chromium-skia-aarch64-buildfix.patch
* chromium-vaapi-fix.patch
* gcc-lto-rsp-clobber.patch
- Refreshed patches:
* chromium-prop-codecs.patch
* chromium-system-icu.patch
* chromium-vaapi.patch
* old-libva.patch

==== cups-filters ====
Version update (1.20.3 -> 1.25.0)

- Add add-cstring-include.patch to include cstring for memcpy
and strcmp
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini
- Update to version 1.25.0:
* pdftoijs, pdftoopvp: Removed these deprecated filters
completely as there is no demand for them any more. They also
used unstable, undocumented APIs of Poppler.
* pdftoraster: Changed from using unstable, undocumented APIs of
Poppler to stable, documented ones, to improve maintainability
of this filter, and with it of the cups-filters package.
* libcupsfilters: Added support for color spaces CMY and RGBW
when using filters without PPD file (mainly for development and
debugging, option "print-color-mode" with values "cmy-XX" and
"rgbw-XX" with XX being the number of bits per color).
- Changes from version 1.24.0:
* cups-browsed: Integration of Deepak Patankar's Google Summer of
Code 2018 project with the main goal of clustering different
printers and automatically selecting the destination printers
by job content and option/attribute settings.
* cups-browsed, implicitclass: Support for mixed clusters of
remote CUPS queues and IPP network printers. For this PPD files
of remote CUPS queues are generated by cups-browsed based on
IPP queries, as for native IPP printers, the number of jobs for
load balancing is polled in a way that it works also with
native IPP printers, the implicitclass backend sends jobs
directly to the printer instead of re-queueing them via CUPS.
* cups-browsed: Merge IPP attributes of several printers to
combined attributes for the cluster to generate the cluster's
PPD file, including PPD constraints for option combinations not
fulfillable by any of the member printers, and finding
reasonable, non-conflicting default settings.
* cups-browsed: Selection algorithm for the destination printer
for a job sent to the cluster. Based on the job settings
requested such as page size, media type, print quality, the
best most suitable printer in the cluster for the job will be
* cups-browsed, implicitclass: Filter jobs to clusters already
locally. Due to the fact that a cluster's member printers are
not exclusively non-raw CUPS queues with the complete filtering
framework on the remote server, but also native IPP printers,
we need to support generic driverless printers as destination.
So we cannot pass on the input data unfiltered but need to
filter locally. We let the cluster's PPD file emulate a PDF
printer, letting the local CUPS queue of the cluster run
pdftopdf and any pre-filters to turn the input into PDF and we
let the implicitclass backend turn PDF into a format understood
by the destination printer, supporting the 4 formats of
driverless IPP printing: PDF, PWG Raster, Apple Raster, PCLm.
- Drop libpoppler-cpp0, libpoppler-devel and libpoppler-glib-devel
- Add pkgconfig(poppler-cpp) BuildRequires following upstream
- Update to version 1.23.0:
* This release adds support for the "print-scaling" IPP attribute
and has the code for the support of MuPDF as PDF renderer
vastly simplified.
* pdftops, mupdftoraster: Let pdftops call mutool directly and so
that it directly outputs PostScript, eliminating the need to
call the mupdftoraster and rastertops filters.
* mupdftoraster: Reduced the use of temporary files from 3 to
just one.
* imagetopdf, imagetoraster, pdftopdf: Add support for
print-scaling option.
- Changes from version 1.22.6:
* Bug fix release, to address a further issue of cups-browsed
removing user-created print queues, to make
grayscale/monochrome PostScript jobs of colored input file
actually output grayscale/monochrome files, to fix several bugs
when using MuPDF as PDF renderer, and to silence compiler
- Version upgrade to 1.22.5
* foomatic-rip: Changed Ghostscript call to count pages in a
PDF file to use "runpdfbegin" and not the undocumented
Ghostscript internal "pdfdict", so that it works with
Ghostscript 9.27 and later (Debian bug #926576,
Arch Linux bug #62251, openSUSE boo#1131771,
cups@xxxxxxxx mailing list thread
- Version upgrade to 1.22.4
* cups-browsed: Fix broken trailing space removal on
"NickName" (Pull request #103).
* pdftops: Emit PostScript Level 2 instead of Level 3 for
Brother PostScript printers as at least some of them
report to support level 3 but ontly work with Level 2
(Ubuntu bug #1306849, comment #42).
* bannertopdf: When multiplying the page for N-up or Duplex
printing one page too much was generated (Issue #102).
- Version upgrade to 1.22.3
* libcupsfilters: Added error checks for processing GIF, to
avoid crashes or hangs on broken GIF files (Issues #81, #82,
Pull request #100).
* cups-browsed: Added hint to the man page and configuration
file that with "DebugLogging stderr" the logging output goes
to journal or syslog if cups-browsed is running as system
service (Issue #28).
- Version upgrade to 1.22.2
* cups-browsed: Let distribution of jobs sent to queues with
"implicitclass" backend (usually clusters) be done by a
"job-state" CUPS notification and not by
"printer-state-changed" any more. The "job-state"
notification already contains the job ID. Before we had to
poll the job ID from CUPS via IPP which was sometimes
unreliable (Issue #97).
* imagetopdf, imagetoraster, pdftopdf, libcupsfilters: Added
new page scaling options: "fill" scales the input page
(typically a photo) so that the output page (typically with
different aspect ratio) gets completely filled, aloowing for
some content of the input page getting lost. "crop-to-fit"
allows for easy printing of documents on slightly different
output page sizes (A4 <-> Letter) maintaining the size and
centering and cropping into the destination page. Thanks to
Dheeraj Yadav (dhirajyadav135 at gmail dot com) for the
patch (Pull request #92).
* cups-browsed: Do not do IPP request for printer-is-shared
option for remote cups queues with CUPS 2.2.x and newer
(Pull request #91).
* cups-browsed: Fix crash bug when reading "Cluster"
directive from configuration file (Issue #94).
* driverless: Updated man page as now also Mopria and
Wi-Fi Direct printers are supported. Mentioned also
- Update to version 1.22.1:
* braille: Use sort command with LC_ALL=C for reproducibility
of the genrated files, needed for distribution packaging.
* cups-browsed, driverless: When polling the printer's
capabilities via get-printer-attributes IPP request for
driverless printing, use the attributes "all" and
"media-col-database". Without "all" some printers do not report
"urf-supported" and without "media-col-database" not all paper
size and marging info gets reported.
* braille: Document how to rework output before embossing.
- Update to version 1.22.0:
* From this release on the pdftopdf filter flattens interactive
PDF forms and annotations internally, using QPDF, instead of
calling external utilities. This especially eliminates slowing
factors as additional piping of the data and unneeded use of
PDF interpreters. Using external utilities for flattening is
still possible in case of problems. In addition, a crash bug in
cups-browsed got fixed and compatibility of the filters with
Poppler 0.72 assured.
- Drop upstream fixed patches:
* 0001-Raise-minimum-poppler-version-from-0.18-to-0.19.patch
* 0002-Adapt-code-for-SplashXPathScanner-state-handling-sin.patch
* 0003-Support-some-more-methods-returning-const.patch
* 0004-Support-GooString-c_str-introduced-by-poppler-0.72.patch
- Fix building with Poppler 0.72
Add 0001-Raise-minimum-poppler-version-from-0.18-to-0.19.patch
Add 0002-Adapt-code-for-SplashXPathScanner-state-handling-sin.patch
Add 0003-Support-some-more-methods-returning-const.patch
Add 0004-Support-GooString-c_str-introduced-by-poppler-0.72.patch
- Update to version 1.21.6:
* Bug fix release, mainly for cups-browsed to avoid crashes and
infinite printer removal/re-creation loops and spurious local
queues for local CUPS printers. Also expanded PostScript
interpreter bug workaround to more Apple LaserWriter models.
* cups-browsed: To find out whether a DNS-SD-discovered printer
is from the local machine, use not only the flags in the Avahi
lookup result but also check the host name.
* cups-browsed: When a local CUPS queue pointing to a remote CUPS
printer was removed and re-created to make it a permanent
queue, on_printer_deleted() was triggered by cupsd's
notification to re-create a lost queue. Now
on_printer_deleted() checks whether the queue is really gone
and only re-creates then.
* cups-browsed: When updating the CUPS queues, also removed and
unregistered queues and not only created queues got checked for
HTTP timeouts, which caused crashes on shutdown.
* pdftops: Use the PS interpreter of Poppler for all Apple
LaserWriter 16/600, 4/600, 12/640, 12/600, 12/660 as they all
seem to not work with Ghostscript's PS output.
* cups-browsed: On shutdown queues got removed even if they still
had jobs.
- Changes from version 1.21.5:
* Bug fix release, to build with Poppler 0.71 and with
cups-browsed converting temporary CUPS queues reliably to
permanent queues.
* cups-browsed: We cannot reliably determine whether a CUPS queue
is temporary, so we apply the procedure to make a temporary
queue permanent to any unshared queue.
* pdftoraster, pdftopdf, pdftoijs, pdftoopvp: Do not use the
Poppler-specific "GBool", "gFalse", "gTrue" any more, as
Poppler has switched to standard "bool", "false", "true" in
version 0.71.0.
- Update to version 1.21.4:
* cups-browsed: cups-browsed: Limit the number of retries for
creating a print queue when it comes to HTTP timeouts. Number
of retries given by HttpMaxRetries directive in
* cups-browsed: Read out current time right before setting the
* libcupsfilters: In the PPD generator for driverless IPP
printing let "*cupsManualCopies: true" lines get added to
the PPD if printing is done in a raster format as then
pdftopdf needs to generate the copies.
* pdftoraster, pdftoopvp, pdftoijs: Fix build with
Poppler >= 0.70
* pdftopdf: Fixed printing multiple copies on driverless IPP
printers. When printing collated copies the multiple copies
got applied twice, resulting in n*n instead of n copies.
* pdftoraster, pdftoopvp, pdftoijs: Poppler removed memCheck
and gMemReport functions, remove appropriate calls.
- Changes from version 1.21.3:
* foomatic-rip: Reset stdin after replacing the underlying file
- Changes from version 1.21.2:
* cups-browsed: Fixed freeing of literal string caused by
Coverity Scan issue fix.
- Do not diferentiate for service location, it is in sbindir
on all systems we support now
- Use license for license install
- Version update to 1.21.1:
- foomatic-rip: Fixed segmentation fault caused by wrong
Coverity Scan issue fix (Issue #57, Debian bug #907026).
- Build system: Require QPDF 8.1.0 or later as it is needed by
bannertopdf (Issue #56).
- libcupsfilters, cups-browsed, driverless, foomatic-rip,
parallel: Silenced warnings from newest gcc.
- libcupsfilters: When generating a PPD for driverless
printing on a remote IPP printer, make pdftopdf not being
run by the local queue if the remote queue is a CUPS queue
to avoid running pdftopdf twice (CUPS Issue #5361).
- libcupsfilters, cups-browsed, driverless, bannertopdf,
foomatic-rip, pdftops, pdftoraster, rastertops,
rastertoescpx, sys5ippprinter, beh: Fixed Coverity Scan
issues. Thanks to Zdenek Dohnal (zdohnal at redhat dot com)
for the tests and the patches.
- bannertopdf: Switched over from using Poppler to using QPDF
for generating the PDF pages. With Poppler unstable APIs
were used which were subject to change. Thanks to Sahil
Arora for this project in the Google Summer of Code 2018
(Pull request #25).
- cups-browsed: Manually defined clusters ("Cluster" directive
in cups-browsed.conf) caused cups-browsed to crash.
- Version upgrade to 1.20.4
- gstoraster: Removed unneeded "if"s (Ghostscript bug #692705).
- cups-browsed: When checking whether there is already a local
print queue with the same URI as the one of the discovered
printer, consider also as equal URI if the URIs only differ
by use of IPP or IPPS and/or use of HTTPS port 443 instead
of IPP port 631.
- cups-browsed: Also upgrade from ipp: to ipps: when the ipps:
URI is on HTTPS port 443 instead of IPP port 631. This is
common on IPP network printers.
- pdftopdf: Removed support for hardware-implemented reversing
of page order in PostScript printers. It was once not
correctly implemented in cups-filters and second, such
printers are extremely rare, and on Gutenprint PPDs with
pseudo OutputOrder option hardware reversing was even
wrongly assumed (Issue #47).
- pdftopdf: Accept option "output-order=normal/reverse" for
reversing page order (Issue #47) and also "page-delivery=
same-order/reverse-order" (CUPS Issue #5340).
- libcupsfilters: Let the PPD generator add "*PageStackOrder
..." lines to the choices of the "OutputBin" option, to
mark which output bins need the pages printed in reverse
order (Issue #47).
- libcupsfilters: Let the PPD generator correctly create a
"*DefaultOutputOrder: ..." entry, depending on whether the
paper is put out face-up or face-down in the default output
bin (Issue #47).
- libcupsfilters: Fixed human-readable name of the OutputBin
option in the PPD generator.
- pdftoopvp: Silence compiler warning (Issue #42).
- cups-browsed: If the user modifies/overwrites a print queue
created by cups-browsed, it will now not only be
automatically released from the control of cups-browsed, but
we also create a replacement for our generated local queue
under a new name.
- cups-browsed: Make URIS for using the implicitclass backend
correctly working also with queue names containing an '@'
- braille: Strengthen error checking (Pull request #41).
- braille: Index: Replace bogus characters with space (Pull
request #41).
- braille: Add print and braille page number options (Pull
request #41).
- braille: Index: Use standard duplex cups option (Pull
request #41).
- cups-browsed: Moved auto-generation of PPD file for IPP
network printers from create_remote_printer_entry()
function to update_cups_queues(). This allows re-creating
accidentally removed or overwritten local queues without
losing the PPD file.
- braille: Add option to pick hyphenation rule according to
current locale and make it the default for second
translation table. (Pull request #38 and #39).
- braille: Remove generated defs on "make clean". (Pull request #38).
- braille: Turn non-breakable spaces to spaces. (Pull request
[#38] and #39).
- braille: Fix character encoding when extracting text. When
extracing text from a zip file or a pdf, the resulting text
is always utf-8 independently of the original locale, so we
need to force that. (Pull request #38).
- braille: Warn when no text translation was selected in case
the user didn't notice. (Pull request #37).
- braille: Fix spurious spacing after last Form-Feed (Pull
request #45).
- Drop pdftoopvp_Silence-compiler-warning.patch
- Add pdftoopvp_Silence-compiler-warning.patch: pdftoopvp: Silence
compiler warning.

==== curl ====
Version update (7.60.0 -> 7.66.0)
Subpackages: libcurl4 libcurl4-32bit

- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
[bsc#1149604, bsc#1149572, jsc#SLE-9295]
* Changes:
- CURLINFO_RETRY_AFTER: parse the Retry-After header value
- HTTP3: initial (experimental still not working) support
- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
- curl: support parallel transfers with -Z
- curl_multi_poll: a sister to curl_multi_wait() that waits more
- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
* Bugfixes:
- CVE-2019-5481: FTP-KRB double-free
- CVE-2019-5482: TFTP small blocksize heap buffer overflow
- CMake: remove needless newlines at end of gss variables
- CMake: use platform dependent name for dlopen() library
- CURLINFO docs: mention that in redirects times are added
- CURLOPT_ALTSVC.3: use a "" file name to not load from a file
- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
- CURLOPT_READFUNCTION.3: provide inline example
- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
- Curl_addr2string: take an addrlen argument too
- Curl_fillreadbuffer: avoid double-free trailer buf on error
- HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
- alt-svc: add protocol version selection masking
- alt-svc: fix removal of expired cache entry
- alt-svc: make it use h3-22 with ngtcp2 as well
- alt-svc: more liberal ALPN name parsing
- alt-svc: send Alt-Used: in redirected requests
- alt-svc: with quiche, use the quiche h3 alpn string
- asyn-thread: create a socketpair to wait on
- cleanup: move functions out of url.c and make them static
- cleanup: remove the 'numsocks' argument used in many places
- configure: avoid undefined check_for_ca_bundle
- curl.h: add CURL_HTTP_VERSION_3 to the version enum
- curl: cap the maximum allowed values for retry time arguments
- curl: handle a libcurl build without netrc support
- curl: make use of CURLINFO_RETRY_AFTER when retrying
- curl: use CURLINFO_PROTOCOL to check for HTTP(s)
- curl_global_init_mem.3: mention it was added in 7.12.0
- curl_version: bump string buffer size to 250
- curl_version_info.3: mentioned ALTSVC and HTTP3
- curl_version_info: offer quic (and h3) library info
- curl_version_info: provide nghttp2 details
- defines: avoid underscore-prefixed defines
- docs/ALTSVC: remove what works and the experimental explanation
- docs/EXPERIMENTAL: explain what it means and what's experimental now
- docs/ converted to markdown from plain text
- docs/examples/curlx: fix errors
- docs: s/curl_debug/curl_dbg_debug in comments and docs
- easy: resize receive buffer on easy handle reset
- examples: Avoid reserved names in hiperfifo examples
- examples: add http3.c, altsvc.c and http3-present.c
- http09: disable HTTP/0.9 by default in both tool and library
- http2: when marked for closure and wanted to close == OK
- http2_recv: trigger another read when the last data is returned
- http: fix use of credentials from URL when using HTTP proxy
- http_negotiate: improve handling of gss_init_sec_context() failures
- md4: Use our own MD4 when no crypto libraries are available
- multi: call detach_connection before Curl_disconnect
- nss: use TLSv1.3 as default if supported
- openssl: build warning free with boringssl
- openssl: use SSL_CTX_set__proto_version() when available
- plan9: add support for running on Plan 9
- progress: reset download/uploaded counter between transfers
- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
- scp: fix directory name length used in memcpy
- smb: init *msg to NULL in smb_send_and_recv()
- smtp: check for and bail out on too short EHLO response
- source: remove names from source comments
- spnego_sspi: add typecast to fix build warning
- src/makefile: fix uncompressed hugehelp.c generation
- ssh-libssh: do not specify O_APPEND when not in append mode
- ssh: move code into vssh for SSH backends
- sspi: fix memory leaks
- tests: Replace outdated test case numbering documentation
- tftp: return error when packet is too small for options
- timediff: make it 64 bit (if possible) even with 32 bit time_t
- travis: reduce number of torture tests in 'coverage'
- url: make use of new HTTP version if alt-svc has one
- urlapi: verify the IPv6 numerical address
- urldata: avoid 'generic', use dedicated pointers
- vauth: Use CURLE_AUTH_ERROR for auth function errors
* Removed patches:
- curl-CVE-2018-0500.patch
- curl-CVE-2018-14618.patch
- curl-CVE-2018-16839.patch
- curl-CVE-2018-16840.patch
- curl-CVE-2018-16842.patch
- curl-CVE-2018-16890.patch
- curl-CVE-2019-3822.patch
- curl-CVE-2019-3823.patch
- curl-CVE-2019-5436.patch
- curl-CVE-2019-5481.patch
- curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
* TFTP small blocksize heap buffer overflow
* Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
* FTP-KRB: double-free during kerberos FTP data transfer
* Added curl-CVE-2019-5481.patch
- Update to 7.65.3
* progress: make the progress meter appear again
- Update to 7.65.2
* Bugfixes:
- Explain Schannel error SEC_E_ALGORITHM_MISMATCH
- CMake: Fix finding Brotli on case-sensitive file systems
- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
- CURLOPT_SEEKDATA.3: fix variable name
- bindlocal: detect and avoid IP version mismatches in bind()
- build: fix Codacy warnings
- c-ares: honor port numbers in CURLOPT_DNS_SERVERS
- config-os400: add getpeername and getsockname defines
- configure: --disable-progress-meter
- configure: fix --disable-code-coverage
- configure: more --disable switches to toggle off individual features
- configure: remove CURL_DISABLE_TLS_SRP
- conn_maxage: move the check to prune_dead_connections()
- curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
- docs: Explain behavior change in --tlsv1. options since 7.54
- docs: Fix links to OpenSSL docs
- docs: fix string suggesting HTTP/2 is not the default
- headers: Remove no longer exported functions
- http2: call done_sending on end of upload
- http2: don't call stream-close on already closed streams
- http2: remove CURL_DISABLE_TYPECHECK define
- http: allow overriding timecond with custom header
- http: clarify header buffer size calculation
- krb5: fix compiler warning
- lib: Use UTF-8 encoding in comments
- libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
- multi: enable multiplexing by default (again)
- multi: fix the transfer hashes in the socket hash entries
- multi: make sure 'data' can present in several sockhash entries
- netrc: Return the correct error code when out of memory
- nss: don't set unused parameter
- nss: inspect returnvalue of token check
- nss: only cache valid CRL entries
- openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
- openssl: fix pubkey/signature algorithm detection in certinfo
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
- quote.d: asterisk prefix works for SFTP as well
- runtests: keep logfiles around by default
- runtests: report single test time + total duration
- test1165: verify that CURL_DISABLE_ symbols are in sync
- test1521: adapt to SLISTPOINT
- test1523: test CURLOPT_LOW_SPEED_LIMIT
- test153: fix content-length to avoid occasional hang
- test188/189: fix Content-Length
- tests: have runtests figure out disabled features
- tests: support non-localhost HOSTIP for dict/smb servers
- tests: update fixed IP for hostip/clientip split
- tool_cb_prg: Fix integer overflow in progress bar
- typecheck: CURLOPT_CONNECT_TO takes an slist too
- typecheck: add 3 missing strings and a callback data pointer
- unit1654: cleanup on memory failure
- unpause: trigger a timeout for event-based transfers
- url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
* Bugfixes:
- CURLOPT_LOW_SPEED_* repaired
- NTLM: reset proxy "multipass" state when CONNECT request is done
- PolarSSL: deprecate support step 1. Removed from configure
- cmake: check for if_nametoindex()
- cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
- conncache: Remove the DEBUGASSERT on length check
- conncache: make "bundles" per host name when doing proxy tunnels
- curl_share_setopt.3: improve wording
- dump-header.d: spell out that no headers == empty file
- example/http2-download: fix format specifier
- examples: cleanups and compiler warning fixes
- http2: Stop drain from being permanently set
- http: don't parse body-related headers in bodyless responses
- md4: build correctly with openssl without MD4
- md4: include the mbedtls config.h to get the MD4 info
- multi: track users of a socket better
- nss: allow to specify TLS 1.3 ciphers if supported by NSS
- parse_proxy: make sure portptr is initialized
- parse_proxy: use the IPv6 zone id if given
- sectransp: handle errSSLPeerAuthCompleted from SSLRead()
- singlesocket: use separate variable for inner loop
- ssl: Update outdated "openssl-only" comments for supported backends
- tests: add HAProxy keywords
- tests: make test 1420 and 1406 work with rtsp-disabled libcurl
- tls13-docs: mention it is only for OpenSSL >= 1.1.1
- tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
- url: fix bad feature-disable #ifdef
- url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
* Changes:
- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
- pipelining: removed
* Bugfixes:
- CVE-2019-5435: Integer overflows in curl_url_set
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
- --config: clarify that initial : and = might need quoting
- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
- CURLOPT_ADDRESS_SCOPE: fix range check and more
- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
- Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
- OS400/ccsidcurl: replace use of Curl_vsetopt
- OpenSSL: Report -fips in version if OpenSSL is built with FIPS
- WRITEFUNCTION: add missing set_in_callback around callback
- altsvc: Fix building with cookies disabled
- auth: Rename the various authentication clean up functions
- base64: build conditionally if there are users
- cmake: avoid linking executable for some tests with cmake 3.6+
- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
- cmake: set SSL_BACKENDS
- configure: avoid unportable '==' test(1) operator
- configure: error out if OpenSSL wasn't detected when asked for
- configure: fix default location for fish completions
- cookie: Guard against possible NULL ptr deref
- curl: make code work with protocol-disabled libcurl
- curl: report error for "--no-" on non-boolean options
- curlver.h: use parenthesis in CURL_VERSION_BITS macro
- docs/INSTALL: fix broken link
- doh: acknowledge CURL_DISABLE_DOH
- doh: disable DOH for the cases it doesn't work
- examples: remove unused variables
- ftplistparser: fix LGTM alert "Empty block without comment"
- hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
- http: acknowledge CURL_DISABLE_HTTP_AUTH
- http: mark bundle as not for multiuse on < HTTP/2 response
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
- http_ntlm: Corrected the name of the include guard
- http_ntlm_wb: Handle auth for only a single request
- http_ntlm_wb: Return the correct error on receiving an empty auth message
- lib509: add missing include for strdup
- lib557: initialize variables
- mbedtls: enable use of EC keys
- mime: acknowledge CURL_DISABLE_MIME
- multi: improved HTTP_1_1_REQUIRED handling
- netrc: acknowledge CURL_DISABLE_NETRC
- nss: allow fifos and character devices for certificates
- nss: provide more specific error messages on failed init
- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- openssl: mark connection for close on TLS close_notify
- openvms: Remove pre-processor for SecureTransport
- parse_proxy: use the URL parser API
- parsedate: disabled on CURL_DISABLE_PARSEDATE
- pingpong: disable more when no pingpong protocols are enabled
- polarssl_threadlock: remove conditionally unused code
- progress: acknowledge CURL_DISABLE_PROGRESS_METER
- proxy: acknowledge DISABLE_PROXY more
- resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
- revert "multi: support verbose conncache closure handle"
- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- sasl: only enable if there's a protocol enabled using it
- singleipconnect: show port in the verbose "Trying ..." message
- socks5: user name and passwords must be shorter than 256
- socks: fix error message
- socksd: new SOCKS 4+5 server for tests
- spnego_gssapi: fix return code on gss_init_sec_context() failure
- ssh-libssh: remove unused variable
- ssh: define USE_SSH if SSH is enabled (any backend)
- ssh: move variable declaration to where it's used
- test1002: correct the name
- test2100: Fix typos in test description
- tests: Run global cleanup at end of tests
- tests: make Impacket (SMB server) Python 3 compatible
- tool_cb_wrt: fix bad-function-cast warning
- tool_formparse: remove redundant assignment
- tool_help: Warn if curl and libcurl versions do not match
- tool_help: include for strcasecmp
- url: always clone the CUROPT_CURLU handle
- url: convert the zone id from a IPv6 URL to correct scope id
- urlapi: add CURLUPART_ZONEID to set and get
- urlapi: increase supported scheme length to 40 bytes
- urlapi: require a non-zero host name length when parsing URL
- urlapi: stricter CURLUPART_PORT parsing
- urlapi: strip off zone id from numerical IPv6 addresses
- urlapi: urlencode characters above 0x7f correctly
- vauth/cleartext: update the PLAIN login to match RFC 4616
- vauth/oauth2: Fix OAUTHBEARER token generation
- vauth: Fix incorrect function description for Curl_auth_user_contains_domain
- vtls: fix potential ssl_buffer stack overflow
- wildcard: disable from build when FTP isn't present
- xattr: skip unittest on unsupported platforms

==== desktop-file-utils ====

- Add 0001-add-font-as-valid-media-type.patch from upstream to let
update-desktop-database recognize font media types (bsc#1148080)
- Revert pkconfig package name change back to correct pkg-config.
- Add desktop-file-utils-add-Pantheon.patch: Backporting upstream
patch to Add Pantheon to desktop env list(fdo#105785 bnc#1094774).
- Move RPM macros to %_rpmmacrodir.
- suse-update-mime-defaults requires coreutils and awk
add both to package requires

==== device-mapper ====
Subpackages: libdevmapper-event1_03 libdevmapper1_03 libdevmapper1_03-32bit

- Fix unknown feature in status message (bsc#1135984)
+ bug-1135984_cache-support-no_discard_passdown.patch
- Fix using device aliases with lvmetad (bsc#1137296)
+ bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
- Fix devices drop open error message (bsc#1122666)
+ bug-1122666_devices-drop-open-error-message.patch
- Use %make_build in order to provide verbose output.

==== expat ====
Subpackages: libexpat1 libexpat1-32bit

- Security fix (CVE-2019-15903, bsc#1149429)
* Crafted XML input results in heap-based buffer over-read by fooling
the parser into changing from DTD parsing to document parsing
* Added patches:
- expat-CVE-2019-15903.patch
- expat-CVE-2019-15903-tests.patch

==== ghostscript ====
Subpackages: ghostscript-x11

- CVE-2019-10216.patch fixes CVE-2019-10216
forceput/superexec in .buildfont1 is still accessible bsc#1144621

==== ibus ====
Subpackages: ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0

- Add ibus-CVE-2019-14822.patch: Fix misconfiguration of the DBus
server allows to unprivileged user could monitor and send method
calls to the ibus bus of another user(CVE-2019-14822 bnc#1150011).

==== kernel-source ====
Version update (5.3.rc7 -> 5.3.0)
Subpackages: kernel-default kernel-vanilla

- Update config files.
ready for this yet, so enabling this config option causes regressions.
See bsc#1150577 for an example.
- commit 76ac02e
- Delete patches.suse/0001-iommu-vt-d-Fix-race-condition-in-add_unmap.patch.
- commit b0363d2
- Update to 5.3 final
- Eliminated 3 patches
- Refresh configs
- commit 6baef36
- Move guarded patch into it's own out of tree section
- commit 081b55b
- powerpc/pseries: correctly track irq state in default idle
(bsc#1150727 ltc#178925).
- commit 97a4665
- series.conf: Add note on why pcc-cpufreq patch is being held for evaluation
- commit a514b48
- Delete patches.suse/netfilter-ip_conntrack_slp.patch (FATE#324143
jsc#SLE-8944 bsc#1127886).
This veteran out of tree patch is no longer needed since the userspace
conntrack helper (in conntrack-tools / conntrackd) has reached Factory.
- commit d6f0b71
- Update and reenable
(FATE#324143 jsc#SLE-8944 bsc#1127886).
- commit 029452e
- powerpc: dump kernel log before carrying out fadump or kdump
(bsc#1149940 ltc#179958).
- commit 4b365d2
- Refresh patches.suse/net-ibmvnic-Fix-missing-in-__ibmvnic_reset.patch.
- commit 0ebba63
- series.conf: update sorted section banner
Make the commit above sorted section less ambiguous. In particular, state
clearly that patches without Git-commit which cannot be handled by git-sort
do not belong in it.
- commit 1506bb8
- series.conf: move unsortable patch out of sorted section
Patch without Git-commit cannot be sorted so that there is no point having
it into the sorted section.
- commit f18376e
- net/ibmvnic: Fix missing { in __ibmvnic_reset (bsc#1149652
- commit a3cd2bf
- net/ibmvnic: free reset work of removed device from queue
(bsc#1149652 ltc#179635).
- commit e64984b
- Refresh
- commit cbb6da0
- config: enable SLAB_FREELIST_HARDENED (bsc#1127808)
Enable SLAB_FREELIST_HARDENED on all architectures. This obscures the
free object pointer on a per-cache basis making it more difficult to
locate kernel objects via exploits probing the cache metadata.
This change was requested by the upstream openSUSE community to make
the kernel more resistent to slab freelist attacks. Tests conducted
by the kernel performance teams confirmed that the performance impact
is detectable but negligible.
- commit 39e9013
- rpm/ lower disk space required for ARM
With a requirement of 35GB, only 2 slow workers are usable for ARM.
Current aarch64 build requires 27G and armv6/7 requires 14G.
Set requirements respectively to 30GB and 20GB.
- commit f84c163
- Update to 5.3-rc8
- refresh armv6hl configs (IXP4xx drivers no longer visible)
- commit 3dea797
- config: enable STACKPROTECTOR_STRONG also on armv6hl
Recently reenabled armv6hl architecture has STACKPROTECTOR_STRONG disabled,
enable it here as well.
- commit 8c0677d
- powerpc/tm: Fix restoring FP/VMX facility incorrectly on
interrupts (CVE-2019-15031 bsc#1149713).
- powerpc/tm: Fix FP/VMX unavailable exceptions inside a
transaction (CVE-2019-15030 bsc#1149713).
- commit ca72e89
- series.conf: move unsortable patch out of sorted section
- commit 8a360b5
- powerpc/xmon: Add a dump of all XIVE interrupts (bsc#1142019).
- powerpc/xive: Fix dump of XIVE interrupt under pseries
- powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
- commit 68e4d5a
- Enable klp-convert patches
Enable patches.suse/livepatch-create-and-include-UAPI-headers.patch
Enable and refresh
Still not in upstream. Submitted though. It seems the final upstream
version will be a bit different, but we need these two patches for our
use case.
- commit f385ff2
- Enable patches.suse/livepatch-mark-the-kernel-unsupported-when-disabling.patch
Still SUSE-specific and still needed.
- commit cd16e71

==== kpat ====
Subpackages: kpat-lang

- Add FcSolveSolver-cleanup-ressources.patch to fix crashes due to
resource exhaustion (boo#1146622, kde#395624)

==== krb5 ====
Subpackages: krb5-32bit

- Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947);

==== libdrm ====
Subpackages: libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1

- U_intel-sync-i915_pciids.h-with-kernel-aml.patch
* adds support for Amberlake (jira #SLE-4989, bsc#1137515)
- U_intel-sync-i915_pciids.h-with-kernel-cml.patch
* adds support for Cometalke (jira #SLE-4983, bsc#1137515)

==== libreoffice ====
Version update ( ->
Subpackages: libreoffice-base libreoffice-base-drivers-firebird
libreoffice-branding-upstream libreoffice-calc libreoffice-draw
libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3
libreoffice-icon-themes libreoffice-impress libreoffice-l10n-ar
libreoffice-l10n-bg libreoffice-l10n-bs libreoffice-l10n-ca libreoffice-l10n-cs
libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en
libreoffice-l10n-en_GB libreoffice-l10n-eo libreoffice-l10n-es
libreoffice-l10n-et libreoffice-l10n-fa libreoffice-l10n-fi libreoffice-l10n-fr
libreoffice-l10n-hu libreoffice-l10n-id libreoffice-l10n-it libreoffice-l10n-ja
libreoffice-l10n-ko libreoffice-l10n-lt libreoffice-l10n-nb libreoffice-l10n-nl
libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru
libreoffice-l10n-sk libreoffice-l10n-sl libreoffice-l10n-sv libreoffice-l10n-uk
libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge
libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-write
r libreofficekit

- Update to
bsc#1149944 VUL-0: CVE-2019-9854 Unsafe URL assembly flaw
bsc#1149943 VUL-0: CVE-2019-9855 path equivalence handling flaw
- Drop merged patch:
* 0001-Fix-buidling-with-older-boost.patch
- Add patch to fix build with SLE12 boost:
* 0001-Fix-buidling-with-older-boost.patch
- Update to bsc#1146098 CVE-2019-9850
bsc#1146105 CVE-2019-9851 bsc#1146107 CVE-2019-9852:
* Various bugfixes of 6.2 branch
- Fix bsc#1133534 LO-L3: [PPTX] SmartArt: Basic rendering of Trapezoid List
* bsc1133534.patch

==== libstorage-ng ====
Version update (4.2.3 -> 4.2.11)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- Translated using Weblate (Catalan) (bsc#1149754)
- 4.2.11
- merge gh#openSUSE/libstorage-ng#671
- added integration test
- 4.2.10
- merge gh#openSUSE/libstorage-ng#670
- added notes
- 4.2.9
- merge gh#openSUSE/libstorage-ng#668
- removed unneeded code
- cleanup integration tests
- code cleanup
- 4.2.8
- Translated using Weblate (Japanese)
- 4.2.7
- Translated using Weblate (Slovak)
- 4.2.6
- Translated using Weblate (Portuguese (Brazil))
- Translated using Weblate (Dutch)
- Translated using Weblate (Czech)
- merge gh#openSUSE/libstorage-ng#667
- update pot and po files
- 4.2.5
- merge gh#openSUSE/libstorage-ng#666
- added note
- use dev_t to save major and minor numbers
- improved unit test
- coding style
- consistent function name
- added support for plain encryption (bsc#1088641)
- added unit test
- added integration tests
- 4.2.4

==== libvirt ====
Version update (5.1.0 -> 5.7.0)
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon
libvirt-daemon-config-network libvirt-daemon-driver-interface
libvirt-daemon-driver-network libvirt-daemon-driver-nodedev
libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu
libvirt-daemon-driver-secret libvirt-daemon-driver-storage
libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk
libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi
libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi
libvirt-daemon-qemu libvirt-libs

- Update to libvirt 5.7.0
- Experimental split of libvirtd into separate daemons
- bsc#1145440, bsc#1145586
- Many incremental improvements and bug fixes, see
- Dropped patches:
- virsh: use upstream name for migration precopy bandwidth parameter
- virsh: support for setting precopy bandwidth in migrate
- Rename patches to include commit ID
revert-d00c77ae.patch -> 18d47d61-revert-d00c77ae.patch
libxl-pmsuspend-event.patch -> d6943eab-libxl-pmsuspend-event.patch
- libxl: fix domain state following successful suspend operation
revert-d00c77ae.patch, libxl-pmsuspend-event.patch
- logging: ensure virtlogd rollover takes priority over logrotate
- qemu: fix default value of security_default_confined
Updated suse-qemu-conf.patch
- qemu: Change owner of temp directories under /var/lib/libvirt/qemu
- Add apparmor-abstractions as a required package for daemon
- qemu: Add support for overriding max threads per process limit
- cpu_map: Add Cascadelake-Server CPU model
- util: fix copying bitmap to larger data buffer

==== lmdb ====

- Fix occasional crash when freed pages landed on the dirty list twice
* Add 0001-ITS-8756-remove-loose-pg-from-dirty-list-in-freelist.patch

==== lvm2 ====
Subpackages: liblvm2app2_2 liblvm2cmd2_02

- Fix unknown feature in status message (bsc#1135984)
+ bug-1135984_cache-support-no_discard_passdown.patch
- Fix using device aliases with lvmetad (bsc#1137296)
+ bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
- Fix devices drop open error message (bsc#1122666)
+ bug-1122666_devices-drop-open-error-message.patch
- Use %make_build in order to provide verbose output.

==== makedumpfile ====
Version update (1.6.3 -> 1.6.6)

- makedumpfile-Increase-SECTION_MAP_LAST_BIT-to-4.patch: Increase
SECTION_MAP_LAST_BIT to 4 (bsc#1144708).
- Update to 1.6.6
* Support for AMD Secure Memory Encryption
* Exclude pages that are logically offline
* Support kernels up to 5.1.9
- Drop makedumpfile-coptflags.diff.
- Also support extended address space with SLE 12 SP5 (bsc#1138451)
* refresh makedumpfile-ppc64-VA-range-SUSE.patch
- makedumpfile-ppc64-VA-range-SUSE.patch: Use correct l3 index size
with SLE15-SP1 ppc64le kernels (bsc#1123015).
- Update to 1.6.5
* Improve support for arm64 system with KASLR
* Support kernels up to 4.19.4
- Update to 1.6.4
* 5-level paging support on x86_64
* --mem-usage support for arm64
* Support larger VA size with newer ppc64 kernels (bsc#1118445).
* Support kernels up to 4.17.0
- Drop upstreamed patches:
* makedumpfile-always-use-bigger-SECTION_MAP_MASK.patch
* makedumpfile-sadump-fix-PTI-enabled-kernels.patch
* makedumpfile-do-not-print-ETA-if-progress-is-0.patch
* makedumpfile-is_cache_page-helper.patch
* makedumpfile-check-PG_swapbacked.patch
- Fix %license destination for older distributions.
- Merge SLE12 changelog.
- Patches that were never actually applied to Factory:
* makedumpfile-x86_64-xen-vtop.patch (included in 1.6.2)
* makedumpfile-Fix-elf_info-file_size-if-segment-excluded.patch
(included in 1.6.2)
- makedumpfile-Fix-elf_info-file_size-if-segment-excluded.patch:
elf_info: Fix file_size if segment is excluded (bsc#1068925).
- makedumpfile-x86_64-xen-vtop.patch: Fix the use of Xen physical
and machine addresses (bsc#1014136, bsc#1068694).
- makedumpfile-is_cache_page-helper.patch: Add is_cache_page()
helper to check if a page belongs to the cache (bsc#1088354).
- makedumpfile-check-PG_swapbacked.patch: Check PG_swapbacked for
swap cache pages (bsc#1088354).
- makedumpfile-do-not-print-ETA-if-progress-is-0.patch: Do not
print ETA value if current progress is 0 (bsc#1084936).
- Use %license instead of %doc [bsc#1082318]
- makedumpfile-sadump-fix-PTI-enabled-kernels.patch: sadump: Fix a
problem of PTI enabled kernel (bsc#1085826).
- makedumpfile-always-use-bigger-SECTION_MAP_MASK.patch: Always use
bigger SECTION_MAP_MASK (bsc#1066811, bsc#1067703).
- Update to 1.6.3
* Support kernels up to 4.14.8 (bsc#1068864).
* 86_64: handle renamed init_level4_pgt -> init_top_pgt
* Fix SECTION_MAP_MASK for kernel >= v.13
* book3s/ppc64: Lower the max real address to 53 bits for
kernels >= v4.11
* Support symbol __cpu_online_mask
* ppc64: update hash page table geometry
- Drop upstreamed patches:
* makedumpfile-Fix-SECTION_MAP_MASK-for-kernel-v.13.patch
* makedumpfile-handle-renamed-init_level4_pgt-init_top_pgt.patch
* makedumpfile-ppc64-update-hash-page-table-geometry.patch
* makedumpfile-book3s-ppc64-Lower-the-max-real-address-to-53-bits.patch
* makedumpfile-__cpu_online_mask-symbol.patch
* makedumpfile-vtop4_x86_64_pagetable.patch
* makedumpfile-fix-KASLR-for-sadump.patch
* makedumpfile-fix-KASLR-for-sadump-while-kdump.patch
* makedumpfile-support-4.12.patch
- Drop SLE12-specific patches:
* makedumpfile-ppc64-update-hash-page-table-geometry.patch
* makedumpfile-Revert-Clean-up-unused-KERNEL_IMAGE_SIZE.patch
* makedumpfile-Revert-x86_64-kill-some-unused-init.patch
* makedumpfile-Revert-kill-is_vmalloc_addr_x86_64.patch
* makedumpfile-Revert-x86_64-translate-all-VA-to-PA-using-pgt.patch
* makedumpfile-Revert-Calculate-page_offset-from-pt_load.patch
- makedumpfile-__cpu_online_mask-symbol.patch: Support symbol
__cpu_online_mask (FATE#323473, bsc#1070291).
- makedumpfile-vtop4_x86_64_pagetable.patch: Introduce
vtop4_x86_64_pagetable (FATE#323473, bsc#1070291).
- makedumpfile-fix-KASLR-for-sadump.patch: Fix a KASLR problem of
sadump (FATE#323473, bsc#1070291).
- makedumpfile-fix-KASLR-for-sadump-while-kdump.patch: sadump: Fix
a KASLR problem of sadump while kdump is working (FATE#323473,
- makedumpfile-Revert-Clean-up-unused-KERNEL_IMAGE_SIZE.patch:
Revert "Clean up unused KERNEL_IMAGE_SIZE" (bsc#1068925,
- makedumpfile-Revert-x86_64-kill-some-unused-init.patch: Revert
"x86_64: kill some unused initialization" (bsc#1068925,
- makedumpfile-Revert-kill-is_vmalloc_addr_x86_64.patch: Revert
"x86_64: kill is_vmalloc_addr_x86_64()" (bsc#1068925,
- makedumpfile-Revert-x86_64-translate-all-VA-to-PA-using-pgt.patch:
Revert "x86_64: translate all VA to PA using page table values"
(bsc#1068925, bsc#1099121).
- makedumpfile-Revert-Calculate-page_offset-from-pt_load.patch:
Revert "x86_64: Calculate page_offset from pt_load"
(bsc#1068925, bsc#1040469, bsc#1099121).
- makedumpfile-ppc64-update-hash-page-table-geometry.patch:
Kernel commit f6eedbba7a26 ("powerpc/mm/hash: Increase VA range to 128TB")
updated hash page table geometry. A modified version of this commit is
included in SLES12 SP3. Make the corresponding changes in makedumpfile tool
for filtering dump appropriately (bsc#1068485)
- ppc64 Can't convert a virtual address (bsc#1067703)
* Added patches: makedumpfile-ppc64-update-hash-page-table-geometry.patch
* Refresh makedumpfile-Fix-SECTION_MAP_MASK-for-kernel-v.13.patch to also
apply to SLE15 (4.12 kernel) due to backport of 2d070eab2e82 (bsc#1067703)
- Handled renaming of init_level4_pgt to init_top_pgt (bsc#1066770).
* Added patch: makedumpfile-handle-renamed-init_level4_pgt-init_top_pgt.patch
- add makedumpfile-Fix-SECTION_MAP_MASK-for-kernel-v.13.patch (bnc#1066811)
- Update to 1.6.2
* Fix the use of Xen physical and machine addresses (bsc#1014136)
* Fix memory leak in get_kcore_dump_loads()
* Support kernels up to 4.11.7
* Consider not page-size aligned phys_end for paddr_to_pfn()
* Add runtime kaslr offset if it exists
- Update to 1.6.1 (FATE#322011).
* Enhance support for aarch64
* Enhance support for ppc64
* Support kernels up to 4.8
- Drop upstreamed patch
* makedumpfile-_count-_refcount-rename.patch
- Merge with updates on SLE12 SP2 (FATE#318012, bsc#992885,
- Rename Support-_count-_refcount-rename-in-struct-p.patch to
- Silence rpmlint errors about devel files in non-devel package;
despite their .c suffix, the provided eppic scripts are intended
for production, not development.
- Build and install the eppic extension.
- makedumpfile-override-libtinfo.patch: Allow to override the tinfo
library used for eppic.
- Update to 1.6.0 (FATE#320955).
* Exclude page structures of non-dumped pages.
- Drop upstreamed patch
* Looking-for-page.compound_order-compound_dtor-.patch
* Skip-examining-compound-tail-pages.patch
- Looking-for-page.compound_order-compound_dtor-.patch:
fix excluding hugepages (kernel 4.4 compatibility)
- Skip-examining-compound-tail-pages.patch
fix excluding compound tail pages (kernel 4.5 compatibility)
- Support-_count-_refcount-rename-in-struct-p.patch:
support 4.7 kernel (page._count renamed to page._refcount)
- Update to 1.5.9
* support for aarch64 (FATE#318444)
* Support kernels up to 4.1
* Enable compressed dump formats for Xen (FATE#316467).
- Drop upstreamed patch
* makedumpfile-add-aarch64.diff
- Use url for source
- Cleanup spec file with spec-cleaner
- Adjust usage of install (-c is ignored)
- makedumpfile-add-aarch64.diff: Add support for aarch64
This patch should be oboslet when switching to 1.5.9
- upgrade to makedumpfile-1.5.8
o Fair I/O workload assignment for --split
o Make incomplete dumpfile readable
o Support kernels up to 3.19

==== openldap2 ====
Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client

- bsc#1143194 (CVE-2019-13565) - ssf memory reuse leads to incorrect
authorisation of another connection, granting excess connection rights (ssf).
* patch: 0201-ITS-9052-zero-out-sasl_ssf-in-connection_init.patch
- bsc#1143273 (CVE-2019-13057) - rootDN of a backend may proxyauth
incorrectly to another backend, violating multi-tenant isolation.
* patch: 0202-ITS-9038-restrict-rootDN-proxyauthz-to-its-own-DBs.patch
* patch: 0203-ITS-9038-Update-test028-to-test-this-is-enforced.patch
* patch: 0204-ITS-9038-Another-test028-typo.patch
- bsc#1111388 - incorrect post script call causes tmpfiles create not to
be run.
- bsc#1114845 - broken shebang line in
- fix the script
- Emergency fix: move tmpfiles_create post from the library package
to the main package's post script, which ships the tmpfiles.d
configuration. Fixes the post script of the library (-p
/sbin/ldconfig does not allow more statements in the script).
- bsc#1111388 openldap and /var/lib/ldap/DB_CONFIG* (transactional-update)
* source: openldap2.conf
- Added a patch to let slapd return the uniqueness check filter
used before constraint violation to the client.
Fixed broken memory handling in affecting error response of slapo-unique
ITS#8866 slapo-unique to return filter used in diagnostic message
* patch: 0001-ITS-8866-slapo-unique-to-return-filter-used-in-diagn.patch
- Don't require systemd explicit, spec file can handle both cases
correct and in containers we don't have systemd.
- Fix CVE-2017-17740: when both the nops module and the memberof
overlay are enabled, attempts to free a buffer that was allocated
on the stack
* patch: 0017-Fix-segfault-in-nops.patch

==== python-Werkzeug ====

- Add 0001-unique-debugger-pin-in-Docker-containers.patch (bsc#1145383,
When running the development server in Docker, the debugger security pin is
now unique per container.

==== python-cairo ====
Subpackages: python2-cairo python3-cairo

- Provide python-pycairo symbol to play nice with backporting
python stack as new TW contains just this as a proper package
name bsc#1142582

==== python-libvirt-python ====
Version update (5.1.0 -> 5.7.0)

- Update to 5.7.0
- Add all new APIs and constants in libvirt 5.7.0
- Update to 5.6.0
- Add all new APIs and constants in libvirt 5.6.0
- Update to 5.5.0
- Add all new APIs and constants in libvirt 5.5.0
- Update to 5.4.0
- Add all new APIs and constants in libvirt 5.4.0
- Update to 5.3.0
- Add all new APIs and constants in libvirt 5.3.0
- Update to 5.2.0
- Add all new APIs and constants in libvirt 5.2.0

==== python-urllib3 ====

- Add missing dependency on python-six (bsc#1150895)
- Update python-urllib3-recent-date.patch to have RECENT_DATE within
the needed boundaries for the test suite.
- Add urllib3-disallow-control-chars-in-http-urls.patch (bsc#1132663,
CVE-2019-11236, bsc#1129071, CVE-2019-9740)
- Skip test_source_address_error as we raise different error with
fixes that we provide in new python2/3
- Add urllib3-cve-2019-11324.patch. Don't load system certs unless
there were no CA certs or SSLContext object specified manually.

==== samba ====
Version update (4.9.5+git.176.375e1f05788 -> 4.9.5+git.187.71edee57d5a)
Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0
libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0
libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit
libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit
libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0
libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit
libsamba-policy0-python3 libsamba-util0 libsamba-util0-32bit libsamdb0
libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2
libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0
libwbclient0-32bit samba-client samba-client-32bit samba-libs samba-libs-32bit
samba-libs-python samba-libs-python3 samba-python3 samba-winbind

- CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267).
- Prepare for use future use of kernel keyrings, modify
/etc/pam.d/samba to include; (bsc#1144059).

==== yast2 ====
Version update (4.2.20 -> 4.2.21)
Subpackages: yast2-logs

- support reading licenses from tar archive (jsc#SLE-7214)
- 4.2.21

==== yast2-control-center ====
Version update (4.1.7 -> 4.2.2)
Subpackages: yast2-control-center-qt

- Fix appdata for new spec (fate#319035)
- 4.2.2
- Display GenericName and Comment, not Name (boo#1084864)
- 4.2.1
- Change location of appdataa and fix it up (fate#319035)
- 4.2.0
- Require libQt5Svg5 to support SVG icons (bsc#1127245)
- 4.1.8

==== yast2-installation ====
Version update (4.2.12 -> 4.2.13)

- do NOT remove /mnt/run, it's a mounted directory (bsc#1149011)
- 4.2.13

==== yast2-network ====
Version update (4.2.11 -> 4.2.12)

- bnc#1149234
- apply udev rule from AY profile according to device's mac
value when permanent_mac is missing in list of the device's
- bsc#1133442
- Increased the DHCP timeout when NetworkManager is in use to
its default (45 seconds).
- 4.2.12

==== yast2-packager ====
Version update (4.2.24 -> 4.2.25)

- Added Y2Packager::MediumType class for detecting the installation
medium type (related to jsc#SLE-7214)
- 4.2.25

==== yast2-schema ====
Version update (4.2.2 -> 4.2.3)

- Ignoring X-SuSE-YaST-AutoInstResourceAliases entries in desktop
files while evaluating resources (bsc#1144894).
- 4.2.3

==== yast2-security ====
Version update (4.2.1 -> 4.2.2)

- AY: Supporting user defined permission files like
"/etc/permissions.ultra". (bsc#1147173)
- 4.2.2

==== yast2-services-manager ====
Version update (4.2.4 -> 4.2.5)

- Set BaseTargets::GRAPHICAL and Target::GRAPHICAL if package "xdm"
will be installed (instead of xorg-x11-server) (bsc#1140735).
- 4.2.5

==== yast2-storage-ng ====
Version update (4.2.36 -> 4.2.38)

- Partitioner: better handling of existing encryptions, including
the possibility of reusing them (related to jsc#SLE-7376).
- added translation for new EncryptionType::PLAIN (bsc#1088641)
- 4.2.38
- bind-mount /run from inst-sys to target system during install (bsc#1136463)
- 4.2.37

==== yast2-ycp-ui-bindings ====
Version update (4.1.0 -> 4.2.1)

- added example using scrollbar positions of RichText widget with
hyperlinks (bsc#1150498)
- 4.2.1
- added example using scrollbar positions of RichText widget
- 4.2.0

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages