Mailinglist Archive: opensuse-factory (378 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20191111 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Tue, 12 Nov 2019 20:01:45 +0000
  • Message-id: <157358890527.25681.1013894841946722419@go-agent-stagingbot-1>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

Please do not reply to this email to report issues, rather file a bug
on For more information on filing bugs please

Packages changed:
curl (7.66.0 -> 7.67.0)
kernel-source (5.3.8 -> 5.3.9)
libmbim (1.20.0 -> 1.20.2)
libvirt (5.8.0 -> 5.9.0)
libyui-qt-pkg (2.46.7 -> 2.46.9)
obs-service-format_spec_file (20190411 -> 20191106)
perl-Convert-UUlib (1.5 -> 1.6)
perl-HTML-Clean (1.2 -> 1.4)
python-libvirt-python (5.8.0 -> 5.9.0)
rpm-config-SUSE (0.g42 -> 0.g44)
snapper (0.8.5 -> 0.8.6)
spec-cleaner (1.1.5 -> 1.1.6)
tiff (4.0.10 -> 4.1.0)
wpa_supplicant (2.6 -> 2.9)
zstd (1.4.3 -> 1.4.4)

=== Details ===

==== cpio ====
Subpackages: cpio-lang cpio-mt

- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
cpio does not properly validate the values written in the header
of a TAR file through the to_oct() function [bsc#1155199]

==== curl ====
Version update (7.66.0 -> 7.67.0)
Subpackages: libcurl4

- Update spec file with spec-cleaner
- Update to 7.67.0
* Changes:
- curl: added --no-progress-meter
- urlapi: CURLU_NO_AUTHORITY allows empty authority/host part
* Bugfixes:
- BINDINGS: five new bindings addded
- CURLOPT_TIMEOUT.3: Clarify transfer timeout time includes queue time
- CURLOPT_TIMEOUT.3: remove the mention of "minutes"
- ESNI: initial build/setup support
- FTP: FTPFILE_NOCWD: avoid redundant CWDs
- FTP: allow "rubbish" prepended to the SIZE response
- FTP: remove trailing slash from path for LIST/MLSD
- FTP: skip CWD to entry dir when target is absolute
- FTP: url-decode path before evaluation
- move -p for mkdir, remove -j for make
- HTTP3: fix invalid use of sendto for connected UDP socket
- HTTP3: fix prefix parameter for ngtcp2 build
- HTTP3: show an --alt-svc using example too
- INSTALL: add missing space for configure commands
- INSTALL: add vcpkg installation instructions
- altsvc: accept quoted ma and persist values
- altsvc: both backends run h3-23 now
- appveyor: Add MSVC ARM64 build
- appveyor: Use two parallel compilation on appveyor with CMake
- appveyor: add --disable-proxy autotools build
- appveyor: publish artifacts on appveyor
- appveyor: upgrade VS2017 to VS2019
- asyn-thread: make use of Curl_socketpair() where available
- asyn-thread: s/AF_LOCAL/AF_UNIX for Solaris
- build: Remove unused HAVE_LIBSSL and HAVE_LIBCRYPTO defines
- checksrc: fix uninitialized variable warning
- chunked-encoding: stop hiding the CURLE_BAD_CONTENT_ENCODING error
- cirrus: Switch the FreeBSD 11.x build to 11.3 and add a 13.0 build
- cirrus: switch off blackhole status on the freebsd CI machines
- cleanups: 21 various PVS-Studio warnings
- configure: only say ipv6 enabled when the variable is set
- configure: remove all cyassl references
- conn-reuse: requests wanting NTLM can reuse non-NTLM connections
- connect: return CURLE_OPERATION_TIMEDOUT for errno == ETIMEDOUT
- connect: silence sign-compare warning
- cookie: avoid harmless use after free
- cookie: pass in the correct cookie amount to qsort()
- cookies: change argument type for Curl_flush_cookies
- cookies: using a share with cookies shouldn't enable the cookie engine
- copyrights: update copyright notices to 2019
- curl: create easy handles on-demand and not ahead of time
- curl: ensure HTTP 429 triggers --retry
- curl: exit the create_transfers loop on errors
- curl: fix memory leaked by parse_metalink()
- curl: load large files with -d @ much faster
- docs/HTTP3: fix `--with-ssl` ngtcp2 configure flag
- docs: added multi-event.c example
- docs: disambiguate CURLUPART_HOST is for host name (ie no port)
- docs: note on failed handles not being counted by curl_multi_perform
- doh: allow only http and https in debug mode
- doh: avoid truncating DNS QTYPE to lower octet
- doh: clean up dangling DOH memory on easy close
- doh: fix (harmless) buffer overrun
- doh: fix undefined behaviour and open up for gcc and clang optimization
- doh: return early if there is no time left
- examples/sslbackend: fix -Wchar-subscripts warning
- gnutls: make gnutls_bye() not wait for response on shutdown
- http2: expire a timeout at end of stream
- http2: prevent dup'ed handles to send dummy PRIORITY frames
- http2: relax verification of :authority in push promise requests
- http2_recv: a closed stream trumps pause state
- http: lowercase headernames for HTTP/2 and HTTP/3
- ldap: Stop using wide char version of ldapp_err2string
- ldap: fix OOM error on missing query string
- mbedtls: add error message for cert validity starting in the future
- mime: when disabled, avoid C99 macro
- ngtcp2: adapt to API change
- ngtcp2: compile with latest ngtcp2 + nghttp3 draft-23
- ngtcp2: remove fprintf() calls
- openssl: close_notify on the FTP data connection doesn't mean closure
- openssl: use strerror on SSL_ERROR_SYSCALL
- os400: getpeername() and getsockname() return ebcdic AF_UNIX sockaddr
- parsedate: fix date parsing disabled builds
- quiche: don't close connection at end of stream
- quiche: persist connection details (fixes -I with --http3)
- quiche: set 'drain' when returning without having drained the queues
- quiche: update HTTP/3 config creation to new API
- redirect: handle redirects to absolute URLs containing spaces
- runtests: get textaware info from curl instead of perl
- schannel: reverse the order of certinfo insertions
- schannel_verify: Fix concurrent openings of CA file
- security: silence conversion warning
- setopt: handle ALTSVC set to NULL
- setopt: make it easier to add new enum values
- setopt: store CURLOPT_RTSP_SERVER_CSEQ correctly
- smb: check for full size message before reading message details
- smbserver: fix Python 3 compatibility
- socks: Fix destination host shown on SOCKS5 error
- test1162: disable MSYS2's POSIX path conversion
- test1591: fix spelling of http feature
- tests: add 'connect to non-listen' keywords
- tests: fix narrowing conversion warnings
- tests: fix the test 3001 cert failures
- tests: makes tests succeed when using --disable-proxy
- tests: use %FILE_PWD for file:// URLs
- tests: use port 2 instead of 60000 for a safer non-listening port
- tool_operate: Fix retry sleep time shown to user when Retry-After
- url: Curl_free_request_state() should also free doh handles
- url: don't set appconnect time for non-ssl/non-ssh connections
- url: fix the NULL hostname compiler warning
- url: only reuse TLS connections with matching pinning
- urlapi: avoid index underflow for short ipv6 hostnames
- urlapi: fix URL encoding when setting a full URL
- urlapi: question mark within fragment is still fragment
- urldata: use 'bool' for the bit type on MSVC compilers
- vtls: fix narrowing conversion warnings

==== dwz ====

- Fix die_no_multifile propagation [swo#25109].
* dwz-fix-die-no-multifile-propagation.patch

==== gdb ====

- Fix for bsc#1146475 [bsc#1146475, swo#24971 ]
* gdb-symtab-prefer-var-def-over-decl.patch
- Fix for bsc#1146167 [bsc#1146167, swo#24956]

==== kernel-source ====
Version update (5.3.8 -> 5.3.9)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs
kernel-macros kernel-syms

- Linux 5.3.9 (bnc#11519).
- io_uring: fix up O_NONBLOCK handling for sockets (bnc#1151927).
- dm snapshot: introduce account_start_copy() and
account_end_copy() (bnc#1151927).
- dm snapshot: rework COW throttling to fix deadlock
- Btrfs: fix inode cache block reserve leak on failure to allocate
data space (bnc#1151927).
- btrfs: qgroup: Always free PREALLOC META reserve in
btrfs_delalloc_release_extents() (bnc#1151927).
- iio: adc: meson_saradc: Fix memory allocation order
- iio: fix center temperature of bmc150-accel-core (bnc#1151927).
- libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
- perf tests: Avoid raising SEGV using an obvious NULL dereference
- perf map: Fix overlapped map handling (bnc#1151927).
- perf script brstackinsn: Fix recovery from LBR/binary mismatch
- perf jevents: Fix period for Intel fixed counters (bnc#1151927).
- perf tools: Propagate get_cpuid() error (bnc#1151927).
- perf annotate: Propagate perf_env__arch() error (bnc#1151927).
- perf annotate: Fix the signedness of failure returns
- perf annotate: Propagate the symbol__annotate() error return
- perf annotate: Fix arch specific ->init() failure errors
- perf annotate: Return appropriate error code for allocation
failures (bnc#1151927).
- perf annotate: Don't return -1 for error when doing BPF
disassembly (bnc#1151927).
- staging: rtl8188eu: fix null dereference when kzalloc fails
- RDMA/siw: Fix serialization issue in write_space()
- RDMA/hfi1: Prevent memory leak in sdma_init (bnc#1151927).
- RDMA/iw_cxgb4: fix SRQ access from dump_qp() (bnc#1151927).
- RDMA/iwcm: Fix a lock inversion issue (bnc#1151927).
- HID: hyperv: Use in-place iterator API in the channel callback
- kselftest: exclude failed TARGETS from runlist (bnc#1151927).
- selftests/kselftest/ Add 45 second timeout per test
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
- arm64: cpufeature: Effectively expose FRINT capability to
userspace (bnc#1151927).
- arm64: Fix incorrect irqflag restore for priority masking for
compat (bnc#1151927).
- arm64: ftrace: Ensure synchronisation in PLT setup for
Neoverse-N1 #1542419 (bnc#1151927).
- tty: serial: owl: Fix the link time qualifier of
'owl_uart_exit()' (bnc#1151927).
- tty: serial: rda: Fix the link time qualifier of
'rda_uart_exit()' (bnc#1151927).
- serial/sifive: select SERIAL_EARLYCON (bnc#1151927).
- tty: n_hdlc: fix build on SPARC (bnc#1151927).
- misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
- RDMA/core: Fix an error handling path in 'res_get_common_doit()'
- RDMA/cm: Fix memory leak in cm_add/remove_one (bnc#1151927).
- RDMA/nldev: Reshuffle the code to avoid need to rebind QP in
error path (bnc#1151927).
- RDMA/mlx5: Do not allow rereg of a ODP MR (bnc#1151927).
- RDMA/mlx5: Order num_pending_prefetch properly with
synchronize_srcu (bnc#1151927).
- RDMA/mlx5: Add missing synchronize_srcu() for MW cases
- gpio: max77620: Use correct unit for debounce times
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927).
- arm64: vdso32: Fix broken compat vDSO build warnings
- arm64: vdso32: Detect binutils support for dmb ishld
- serial: mctrl_gpio: Check for NULL pointer (bnc#1151927).
- serial: 8250_omap: Fix gpio check for auto RTS/CTS
- arm64: Default to building compat vDSO with clang when
CONFIG_CC_IS_CLANG (bnc#1151927).
- arm64: vdso32: Don't use KBUILD_CPPFLAGS unconditionally
- efi/cper: Fix endianness of PCIe class code (bnc#1151927).
- efi/x86: Do not clean dummy variable in kexec path
- MIPS: include: Mark __cmpxchg as __always_inline (bnc#1151927).
- riscv: avoid kernel hangs when trapped in BUG() (bnc#1151927).
- riscv: avoid sending a SIGTRAP to a user thread trapped in
WARN() (bnc#1151927).
- riscv: Correct the handling of unexpected ebreak in
do_trap_break() (bnc#1151927).
- x86/xen: Return from panic notifier (bnc#1151927).
- ocfs2: clear zero in unaligned direct IO (bnc#1151927).
- fs: ocfs2: fix possible null-pointer dereferences in
ocfs2_xa_prepare_entry() (bnc#1151927).
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_write_end_nolock() (bnc#1151927).
- fs: ocfs2: fix a possible null-pointer dereference in
ocfs2_info_scan_inode_alloc() (bnc#1151927).
- btrfs: silence maybe-uninitialized warning in clone_range
- arm64: armv8_deprecated: Checking return value for memory
allocation (bnc#1151927).
- x86/cpu: Add Comet Lake to the Intel CPU models header
- sched/fair: Scale bandwidth quota and period without losing
quota/period ratio precision (bnc#1151927).
- sched/vtime: Fix guest/system mis-accounting on task switch
- perf/core: Rework memory accounting in perf_mmap()
- perf/core: Fix corner case in perf_rotate_context()
- perf/x86/amd: Change/fix NMI latency mitigation to use a
timestamp (bnc#1151927).
- drm/amdgpu: fix memory leak (bnc#1151927).
- iio: imu: adis16400: release allocated memory on failure
- iio: imu: adis16400: fix memory leak (bnc#1151927).
- iio: imu: st_lsm6dsx: fix waitime for st_lsm6dsx i2c controller
- MIPS: include: Mark __xchg as __always_inline (bnc#1151927).
- MIPS: fw: sni: Fix out of bounds init of o32 stack
- s390/cio: fix virtio-ccw DMA without PV (bnc#1151927).
- virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
- nbd: fix possible sysfs duplicate warning (bnc#1151927).
- NFSv4: Fix leak of clp->cl_acceptor string (bnc#1151927).
- SUNRPC: fix race to sk_err after xs_error_report (bnc#1151927).
- s390/uaccess: avoid (false positive) compiler warnings
- tracing: Initialize iter->seq after zeroing in
tracing_read_pipe() (bnc#1151927).
- perf annotate: Fix multiple memory and file descriptor leaks
- perf/aux: Fix tracking of auxiliary trace buffer allocation
- USB: legousbtower: fix a signedness bug in tower_probe()
- nbd: verify socket is supported during setup (bnc#1151927).
- arm64: dts: qcom: Add Lenovo Miix 630 (bnc#1151927).
- arm64: dts: qcom: Add HP Envy x2 (bnc#1151927).
- arm64: dts: qcom: Add Asus NovaGo TP370QL (bnc#1151927).
- rtw88: Fix misuse of GENMASK macro (bnc#1151927).
- s390/pci: fix MSI message data (bnc#1151927).
- thunderbolt: Correct path indices for PCIe tunnel (bnc#1151927).
- thunderbolt: Use 32-bit writes when writing ring
producer/consumer (bnc#1151927).
- fuse: flush dirty data/metadata before non-truncate setattr
- fuse: truncate pending writes on O_TRUNC (bnc#1151927).
- ALSA: bebob: Fix prototype of helper function to return negative
value (bnc#1151927).
- ALSA: timer: Fix mutex deadlock at releasing card (bnc#1151927).
- ALSA: hda/realtek - Fix 2 front mics of codec 0x623
- ALSA: hda/realtek - Add support for ALC623 (bnc#1151927).
- ath10k: fix latency issue for QCA988x (bnc#1151927).
- UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of
scatter/gather segments") (bnc#1151927).
- nl80211: fix validation of mesh path nexthop (bnc#1151927).
- USB: gadget: Reject endpoints with 0 maxpacket value
- usb-storage: Revert commit 747668dbc061 ("usb-storage: Set
virt_boundary_mask to avoid SG overflows") (bnc#1151927).
- USB: ldusb: fix ring-buffer locking (bnc#1151927).
- USB: ldusb: fix control-message timeout (bnc#1151927).
- usb: xhci: fix Immediate Data Transfer endianness (bnc#1151927).
- usb: xhci: fix __le32/__le64 accessors in debugfs code
- USB: serial: whiteheat: fix potential slab corruption
- USB: serial: whiteheat: fix line-speed endianness (bnc#1151927).
- xhci: Fix use-after-free regression in xhci clear hub TT
implementation (bnc#1151927).
- scsi: qla2xxx: Fix partial flash write of MBI (bnc#1151927).
- scsi: target: cxgbit: Fix cxgbit_fw4_ack() (bnc#1151927).
- HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
- HID: Fix assumption that devices have inputs (bnc#1151927).
- HID: fix error message in hid_open_report() (bnc#1151927).
- HID: logitech-hidpp: split g920_get_config() (bnc#1151927).
- HID: logitech-hidpp: rework device validation (bnc#1151927).
- HID: logitech-hidpp: do all FF cleanup in hidpp_ff_destroy()
- um-ubd: Entrust re-queue to the upper layers (bnc#1151927).
- s390/unwind: fix mixing regs and sp (bnc#1151927).
- s390/cmm: fix information leak in cmm_timeout_handler()
- s390/idle: fix cpu idle time calculation (bnc#1151927).
- ARC: perf: Accommodate big-endian CPU (bnc#1151927).
- IB/hfi1: Avoid excessive retry for TID RDMA READ request
- arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
- arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003
- virtio_ring: fix stalls for packed rings (bnc#1151927).
- rtlwifi: rtl_pci: Fix problem of too small skb->len
- KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging
is active (bnc#1151927).
- dmaengine: qcom: bam_dma: Fix resource leak (bnc#1151927).
- dmaengine: tegra210-adma: fix transfer failure (bnc#1151927).
- dmaengine: imx-sdma: fix size check for sdma script_number
- dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
- drm/amdgpu/gmc10: properly set BANK_SELECT and FRAGMENT_SIZE
- drm/i915: Fix PCH reference clock for FDI on HSW/BDW
- drm/amdgpu/gfx10: update gfx golden settings (bnc#1151927).
- drm/amdgpu/powerplay/vega10: allow undervolting in p7
- drm/amdgpu: Fix SDMA hang when performing VKexample test
- NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid()
- io_uring: ensure we clear io_kiocb->result before each issue
- iommu/vt-d: Fix panic after kexec -p for kdump (bnc#1151927).
- batman-adv: Avoid free/alloc race when handling OGM buffer
- llc: fix sk_buff leak in llc_sap_state_process() (bnc#1151927).
- llc: fix sk_buff leak in llc_conn_service() (bnc#1151927).
- rxrpc: Fix call ref leak (bnc#1151927).
- rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
- rxrpc: Fix trace-after-put looking at the put peer record
- NFC: pn533: fix use-after-free and memleaks (bnc#1151927).
- bonding: fix potential NULL deref in bond_update_slave_arr
- netfilter: conntrack: avoid possible false sharing
- net: usb: sr9800: fix uninitialized local variable
- sch_netem: fix rcu splat in netem_enqueue() (bnc#1151927).
- net: sched: sch_sfb: don't call qdisc_put() while holding tree
lock (bnc#1151927).
- iwlwifi: exclude GEO SAR support for 3168 (bnc#1151927).
- sched/fair: Fix low cpu usage with high throttling by removing
expiration of cpu-local slices (bnc#1151927).
- ALSA: usb-audio: DSD auto-detection for Playback Designs
- ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel
- ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB
Interface (bnc#1151927).
- RDMA/mlx5: Use irq xarray locking for mkey_table (bnc#1151927).
- sched/fair: Fix -Wunused-but-set-variable warnings
- powerpc/powernv: Fix CPU idle to be called with IRQs disabled
- Revert "nvme: allow 64-bit results in passthru commands"
- Revert "ALSA: hda: Flush interrupts on disabling" (bnc#1151927).
- commit b0d4923
- rpm/ add COMPRESS_VMLINUX (bnc#1155921)
Let COMPRESS_VMLINUX determine the compression used for vmlinux. By
default (historically), it is gz.
- commit c8b2d9f
- ALSA: hda/ca0132 - Fix possible workqueue stall (bsc#1155836).
- commit 98ead79
- stacktrace: Don't skip first entry on noncurrent tasks
Update upstream status.
- commit f4d9b5e
- rpm/kernel-subpackage-spec: Mention debuginfo in the subpackage
description (bsc#1149119).
- commit 525ec92
- ata: make qc_prep return ata_completion_errors (bnc#1110252).
- ata: define AC_ERR_OK (bnc#1110252).
- ata: sata_mv, avoid trigerrable BUG_ON (bnc#1110252).
- commit 8bf663b

==== libmbim ====
Version update (1.20.0 -> 1.20.2)
Subpackages: libmbim-glib4 mbimcli-bash-completion

- Update to version 1.20.2:
+ mbim-proxy:
- Fixed device control port management when using symlinks.
+ libmbim-glib:
- Fixed handling of fragmented indication messages.
+ Several other minor improvements and fixes.

==== libvirt ====
Version update (5.8.0 -> 5.9.0)
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon
libvirt-daemon-driver-interface libvirt-daemon-driver-libxl
libvirt-daemon-driver-lxc libvirt-daemon-driver-network
libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter
libvirt-daemon-driver-qemu libvirt-daemon-driver-secret
libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core
libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster
libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct
libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath
libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi
libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs

- Update to libvirt 5.9.0
- jsc#SLE-7440
- Many incremental improvements and bug fixes, see

==== libyui-qt-pkg ====
Version update (2.46.7 -> 2.46.9)

- do not complain about vendor change when switching repo
- 2.46.9
- 2.46.8
- Try to sort out a bit the package using spec-cleaner
- Use the distribution %cmake macros that define all the various
compilation flags/etc.
- Use %cmake_build that will allow us later to switch from make
to ninja on distribution level
- Remove Group view pane as it is based on the rpm group tag
indirectly via packagekit (fate#326485).

==== man ====

- Avoid racy bash code on waiting on find in do_mandb (boo#1155879)
- Use %{_prefix}/lib for tmpfiles.d directory to avoud to get this
nonexecutable location below new location of %{_libexecdir}

==== nodejs12 ====
Subpackages: nodejs12-devel npm12

- skip_no_console.patch: skip tests with dumb console
- versioned.patch: fix symlinks

==== obs-service-format_spec_file ====
Version update (20190411 -> 20191106)

- Update to version 20191106:
* treat %global like %define (handle issue#17) (#38)
* change copyright entry to SUSE LLC (handle issue#35) (#36)
* reformat url as uppercase URL (handle issue#24) (#37)

==== perl-Convert-UUlib ====
Version update (1.5 -> 1.6)

- Add manual license GPL-1.0-or-later to cpanspec.yml (see COPYING file in
the source)
- Regenerate spec with newest cpanspec
* Add manual dependencies to cpanspec.yml
- updated to 1.6
see /usr/share/doc/packages/perl-Convert-UUlib/Changes
1.6 Thu Oct 24 17:11:54 CEST 2019
- fix heap overflow (testcase by Noel Duffy, reported
by Robert Scheck). The defense-in-depth mechanism based
on mmap should make this unexploitable for other than denial
of service, on systems supporting mmap/mprotect.

==== perl-HTML-Clean ====
Version update (1.2 -> 1.4)

- Manually fix typos (PR is still
- updated to 1.4
see /usr/share/doc/packages/perl-HTML-Clean/Changes

==== pesign-obs-integration ====

- 0001-brp-99-compress-vmlinux-support-xz-compressed-vmlinu.patch
to support xz-compressed vmlinux (bnc#1155921)
- 0001-Keep-the-files-in-the-OTHER-directory.patch to keep the
files in the OTHER directory (boo#1155474)

==== python-libvirt-python ====
Version update (5.8.0 -> 5.9.0)

- Update to 5.9.0
- Add all new APIs and constants in libvirt 5.9.0

==== rpm-config-SUSE ====
Version update (0.g42 -> 0.g44)

- Update to version 0.g44:
* Sync specfile changes
* Add _lto_cflags to suse_macros for now

==== snapper ====
Version update (0.8.5 -> 0.8.6)
Subpackages: libsnapper4 snapper-zypp-plugin

- add --machine-readable option for CSV and JSON outputs.
- add --columns option for selecting columns in the commands list,
list-configs and get-config.
- bsc#1149322
- version 0.8.6

==== spec-cleaner ====
Version update (1.1.5 -> 1.1.6)

- Update to 1.1.6 bsc#1099674:
* Do not remove groups by default. Now, groups are kept untouched
by default. Introduce a new option '--remove-groups' that
removes Group tags from the specfile. Remove '--preserve_groups'
* Say goodbye to test usage as it is deprecated
* Update the copyring and SUSE header string wrt #264
* Ignore hpc_configure macro from bracketing

==== suitesparse ====
Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2
libsuitesparseconfig5 libumfpack5

- Update URL and Source to use GitHub.
- Update to SuiteSparse 5.6.0
* GraphBlas 3.1.1: with OpenMP parallelism, and MATLAB interface

==== tiff ====
Version update (4.0.10 -> 4.1.0)
Subpackages: libtiff5 libtiff5-32bit

- version update to 4.1.0
* fixes several CVEs mentioned below and more,
see ChangeLog
- deleted patches
- tiff-CVE-2018-12900.patch (upstreamed)
- tiff-CVE-2018-17000,19210.patch (upstreamed)
- tiff-CVE-2019-6128.patch (upstreamed)
- tiff-CVE-2019-7663.patch (upstreamed)

==== wpa_supplicant ====
Version update (2.6 -> 2.9)
Subpackages: wpa_supplicant-gui

- Update to 2.9 release:
* SAE changes
- disable use of groups using Brainpool curves
- improved protection against side channel attacks
* EAP-pwd changes
- disable use of groups using Brainpool curves
- allow the set of groups to be configured (eap_pwd_groups)
- improved protection against side channel attacks
* fixed FT-EAP initial mobility domain association using PMKSA caching
(disabled by default for backwards compatibility; can be enabled
with ft_eap_pmksa_caching=1)
* fixed a regression in OpenSSL 1.1+ engine loading
* added validation of RSNE in (Re)Association Response frames
* fixed DPP bootstrapping URI parser of channel list
* extended EAP-SIM/AKA fast re-authentication to allow use with FILS
* extended ca_cert_blob to support PEM format
* improved robustness of P2P Action frame scheduling
* added support for EAP-SIM/AKA using anonymous@realm identity
* fixed Hotspot 2.0 credential selection based on roaming consortium
to ignore credentials without a specific EAP method
* added experimental support for EAP-TEAP peer (RFC 7170)
* added experimental support for EAP-TLS peer with TLS v1.3
* fixed a regression in WMM parameter configuration for a TDLS peer
* fixed a regression in operation with drivers that offload 802.1X
4-way handshake
* fixed an ECDH operation corner case with OpenSSL
* SAE changes
- added support for SAE Password Identifier
- changed default configuration to enable only groups 19, 20, 21
(i.e., disable groups 25 and 26) and disable all unsuitable groups
completely based on REVmd changes
- do not regenerate PWE unnecessarily when the AP uses the
anti-clogging token mechanisms
- fixed some association cases where both SAE and FT-SAE were enabled
on both the station and the selected AP
- started to prefer FT-SAE over SAE AKM if both are enabled
- started to prefer FT-SAE over FT-PSK if both are enabled
- fixed FT-SAE when SAE PMKSA caching is used
- reject use of unsuitable groups based on new implementation guidance
in REVmd (allow only FFC groups with prime >= 3072 bits and ECC
groups with prime >= 256)
- minimize timing and memory use differences in PWE derivation
[] (CVE-2019-9494)
* EAP-pwd changes
- minimize timing and memory use differences in PWE derivation
[] (CVE-2019-9495)
- verify server scalar/element
[] (CVE-2019-9499)
- fix message reassembly issue with unexpected fragment
- enforce rand,mask generation rules more strictly
- fix a memory leak in PWE derivation
- disallow ECC groups with a prime under 256 bits (groups 25, 26, and
* fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y
* Hotspot 2.0 changes
- do not indicate release number that is higher than the one
AP supports
- added support for release number 3
- enable PMF automatically for network profiles created from
* fixed OWE network profile saving
* fixed DPP network profile saving
* added support for RSN operating channel validation
(CONFIG_OCV=y and network profile parameter ocv=1)
* added Multi-AP backhaul STA support
* fixed build with LibreSSL
* number of MKA/MACsec fixes and extensions
* extended domain_match and domain_suffix_match to allow list of values
* fixed dNSName matching in domain_match and domain_suffix_match when
using wolfSSL
* started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both
are enabled
* extended nl80211 Connect and external authentication to support
* fixed KEK2 derivation for FILS+FT
* extended client_cert file to allow loading of a chain of PEM
encoded certificates
* extended beacon reporting functionality
* extended D-Bus interface with number of new properties
* fixed a regression in FT-over-DS with mac80211-based drivers
* OpenSSL: allow systemwide policies to be overridden
* extended driver flags indication for separate 802.1X and PSK
4-way handshake offload capability
* added support for random P2P Device/Interface Address use
* extended PEAP to derive EMSK to enable use with ERP/FILS
* extended WPS to allow SAE configuration to be added automatically
for PSK (wps_cred_add_sae=1)
* removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS)
* extended domain_match and domain_suffix_match to allow list of values
* added a RSN workaround for misbehaving PMF APs that advertise
IGTK/BIP KeyID using incorrect byte order
* fixed PTK rekeying with FILS and FT
* fixed WPA packet number reuse with replayed messages and key
[] (CVE-2017-13077, CVE-2017-13078,
CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082,
CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
* fixed unauthenticated EAPOL-Key decryption in wpa_supplicant
[] (CVE-2018-14526)
* added support for FILS (IEEE 802.11ai) shared key authentication
* added support for OWE (Opportunistic Wireless Encryption, RFC 8110;
and transition mode defined by WFA)
* added support for DPP (Wi-Fi Device Provisioning Protocol)
* added support for RSA 3k key case with Suite B 192-bit level
* fixed Suite B PMKSA caching not to update PMKID during each 4-way
* fixed EAP-pwd pre-processing with PasswordHashHash
* added EAP-pwd client support for salted passwords
* fixed a regression in TDLS prohibited bit validation
* started to use estimated throughput to avoid undesired signal
strength based roaming decision
* MACsec/MKA:
- new macsec_linux driver interface support for the Linux
kernel macsec module
- number of fixes and extensions
* added support for external persistent storage of PMKSA cache
(PMKSA_GET/PMKSA_ADD control interface commands; and
MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case)
* fixed mesh channel configuration pri/sec switch case
* added support for beacon report
* large number of other fixes, cleanup, and extensions
* added support for randomizing local address for GAS queries
(gas_rand_mac_addr parameter)
* fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel
* added option for using random WPS UUID (auto_uuid=1)
* added SHA256-hash support for OCSP certificate matching
* fixed EAP-AKA' to add AT_KDF into Synchronization-Failure
* fixed a regression in RSN pre-authentication candidate selection
* added option to configure allowed group management cipher suites
(group_mgmt network profile parameter)
* removed all PeerKey functionality
* fixed nl80211 AP and mesh mode configuration regression with
Linux 4.15 and newer
* added ap_isolate configuration option for AP mode
* added support for nl80211 to offload 4-way handshake into the driver
* added support for using wolfSSL cryptographic library
- added support for configuring SAE password separately of the
WPA2 PSK/passphrase
- fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection
for SAE;
note: this is not backwards compatible, i.e., both the AP and
station side implementations will need to be update at the same
time to maintain interoperability
- added support for Password Identifier
- fixed FT-SAE PMKID matching
* Hotspot 2.0
- added support for fetching of Operator Icon Metadata ANQP-element
- added support for Roaming Consortium Selection element
- added support for Terms and Conditions
- added support for OSEN connection in a shared RSN BSS
- added support for fetching Venue URL information
* added support for using OpenSSL 1.1.1
* FT
- disabled PMKSA caching with FT since it is not fully functional
- added support for SHA384 based AKM
- added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128,
BIP-GMAC-256 in addition to previously supported BIP-CMAC-128
- fixed additional IE inclusion in Reassociation Request frame when
using FT protocol
- Drop merged patches:
* rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
* rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
* rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
* rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
* rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
* rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
* rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
* rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
* rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
* wpa_supplicant-bnc-1099835-fix-private-key-password.patch
* wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch
* wpa_supplicant-log-file-permission.patch
* wpa_supplicant-log-file-cloexec.patch
* wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch
* wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch
- Rebase patches:
* wpa_supplicant-getrandom.patch

==== zstd ====
Version update (1.4.3 -> 1.4.4)
Subpackages: libzstd-devel libzstd1

- Update to version 1.4.4
* perf: Improved decompression speed, by > 10%
* perf: Better compression speed when re-using a context
* perf: Fix compression ratio when compressing large files with
small dictionary
* perf: zstd reference encoder can generate RLE blocks
* perf: minor generic speed optimization
* api: new ability to extract sequences from the parser for analysis
* api: fixed decoding of magic-less frames
* api: fixed ZSTD_initCStream_advanced() performance with fast modes
* cli: Named pipes support
* cli: short tar's extension support
* cli: command --output-dir-flat=DIE , generates target files into
requested directory
* cli: commands --stream-size=# and --size-hint=#
* cli: command --exclude-compressed
* cli: faster -t test mode
* cli: improved some error messages
* cli: fix rare deadlock condition within dictionary builder
* misc: Improved documentation : ZSTD_CLEVEL, DYNAMIC_BMI2,
ZSTD_CDict, function deprecation, zstd format
* misc: fixed educational decoder : accept larger literals section,
and removed UNALIGNED() macro
- Refresh pzstd.1.patch

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages