Mailinglist Archive: opensuse-factory (295 mails)

< Previous Next >
[opensuse-factory] New Tumbleweed snapshot 20200929 released!
  • From: Dominique Leuenberger <dimstar@xxxxxxx>
  • Date: Thu, 01 Oct 2020 10:00:57 +0000
  • Message-id: <160154645781.29575.1178922824478570942@go-agent-stagingbot-1>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20200929

Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports

Packages changed:
bluez
dpdk
eekboard
icewm-theme-branding (1.2.4 -> 1.2.5)
kcm5-fcitx (0.5.5 -> 0.5.6)
libfprint (1.90.1 -> 1.90.3)
libzypp (17.25.0 -> 17.25.1)
nodejs14 (14.9.0 -> 14.12.0)
perl-Mojolicious (8.59 -> 8.60)
procps
python-attrs (19.3.0 -> 20.2.0)
python-pyzmq
tigervnc
virt-manager
wireshark (3.2.6 -> 3.2.7)
zypper (1.14.39 -> 1.14.40)
zypper-lifecycle-plugin (0.6.1596796104.87bdab7 -> 0.6.1601367426.843fe7a)

=== Details ===

==== bluez ====
Subpackages: libbluetooth3

- Packaging: remove _service and accompanying README.md,
maintenance in git did not work out as well as intended.

==== dpdk ====

- Add patches to fix vulnerability where malicious guest can harm the host
using vhost crypto, this includes executing code in host (VM Escape),
reading host application memory space to guest and causing partially
denial of service in the host (bsc#1176590).
* 0001-vhost-crypto-fix-pool-allocation.patch
* 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch
* 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch
* 0004-vhost-crypto-fix-incorrect-write-back-source.patch
* 0005-vhost-crypto-fix-data-length-check.patch
* 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch

==== eekboard ====

- fix libexecdir

==== icewm-theme-branding ====
Version update (1.2.4 -> 1.2.5)

- Improve spec:
* Conditionally define icewm_version to the version number used
in Leap/SLE 15 code stream and Tumbleweed.
- Version update to 1.2.5
* Update the format of SLE backgound image to png (bsc#1176835).
* Drop upstreamed add-adwaita-legacy-iconpath-to-preference.patch.
- Update spec
* Keep the format of Leap background image to jpg.
- fixed obsoletion of icemwm-upstream-config (bsc#1173441 bsc#1170420)
- Improve spec:
* Make a more explict summary since this package is not used by
openSUSE Tumbleweed.
* Introduce %{icewm_version} to make the provided capability had a
consistent version number with icewm-config-upstream.
* Explicitly obsoletes icewm-config-upstream to fix the "zypper
dup" issue on Leap (bsc#1170420).

==== kcm5-fcitx ====
Version update (0.5.5 -> 0.5.6)
Subpackages: kf5-kcm-fcitx kf5-kcm-fcitx-icons

- update version 0.5.6
* [kcm] try qt5 wrapper before qt4
* [kcm] use non neg value as role
- drop kcm5-fcitx-po.patch, no more kcm-fcitx

==== libfprint ====
Version update (1.90.1 -> 1.90.3)

- update to 1.90.3:
* New goodixmoc driver supporting Goodix USB devices: 27C6:5840 27C6:6496
27C6:60A2
* Newly added support for Synaptics device: 06CB:00E9 06CB:00DF
* Fixed an issue with Synaptics devices sometimes not working at boot
* Fix issue with aes3k driver (#306)
* A patch for nbis required for some sensors was accidentally dropped in an
earlier release
Users of these sensors/drivers need to re-enroll

==== libzypp ====
Version update (17.25.0 -> 17.25.1)

- Fix bsc#1176902: When kernel-rt has been installed, the
purge-kernels service fails during boot.
- Use package name provides as group key in purge-kernel
(bsc#1176740 bsc#1176192)
kernel-default-base has new packaging, where the kernel uname -r
does not reflect the full package version anymore. This patch
adds additional logic to use the most generic/shortest edition
each package provides with %{packagename}=<version> to group the
kernel packages instead of the rpm versions.
This also changes how the keep-spec for specific versions is
applied, instead of matching the package versions, each of the
package name provides will be matched.
- version 17.25.1 (22)

==== nodejs14 ====
Version update (14.9.0 -> 14.12.0)
Subpackages: npm14

- Update to version 14.12.0:
* n-api:
+ create N-API version 7
+ add more property defaults
- Changes since version 14.9.0
* deps:
+ update llhttp to 2.1.2 (bsc#1176605, CVE-2020-8201)
+ http: add requestTimeout. Fixes Denial of Service by
resource exhaustion due to unfinished HTTP/1.1 requests
(bsc#1176604, CVE-2020-8251)
+ buffer: also alias BigUInt methods
+ crypto: add randomInt function
+ perf_hooks: add idleTime and event loop util
+ stream: simpler and faster Readable async iterator
+ stream: save error in state

==== perl-Mojolicious ====
Version update (8.59 -> 8.60)

- updated to 8.60
see /usr/share/doc/packages/perl-Mojolicious/Changes
8.60 2020-09-27
- Improved reset method in Mojo::IOLoop to prevent close event to be emitted
in affected streams. (kiwiroy)
- Improved cookbook with Envoy deployment recipe. (zakame)

==== procps ====
Subpackages: libprocps8

- Replace patch procps-ng-3.3.16-comm_len.patch with upstream
commitment patch procps-ng-3e1c00d0.patch (bsc#1158830)

==== python-attrs ====
Version update (19.3.0 -> 20.2.0)

- update to 20.2.0:
- Python 3.4 is not supported anymore.
- ``attr.define()``, ``attr.frozen()``, ``attr.mutable()``, and
``attr.field()`` remain **provisional**.
This release fixes a bunch of bugs and ergonomics but they remain mostly
unchanged.
Further changes see included CHANGELOG.rst

==== python-pyzmq ====

- raise test timeout limit to 5m and define an console encoding

==== tigervnc ====
Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module

- U_0001-Properly-store-certificate-exceptions.patch,
U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
* Properly store certificate exceptions (boo#1176733)
- adjusted u_tigervnc-add-autoaccept-parameter.patch

==== virt-manager ====
Subpackages: virt-install virt-manager-common

- Upstream bug fixes (bsc#1027942)
ba08f84b-addstorage-Return-to-using-qcow2-sparse-by-default.patch
a010c49b-cli-Fix-os-variant-help-introspection.patch
79ebcbcb-viewers-Fix-spice-audio.patch
e5a51f63-details-Change-Close-accelerator-to-ctrl+shift+w.patch
9c13d2f8-Remove-use-of-problematic-terminology.patch

==== wireshark ====
Version update (3.2.6 -> 3.2.7)
Subpackages: libwireshark13 libwiretap10 libwsutil11 wireshark-ui-qt

- wireshark 3.2.7:
* CVE-2020-25863: MIME Multipart dissector crash (boo#1176908)
* CVE-2020-25862: TCP dissector crash (boo#1176909)
* CVE-2020-25866: BLIP dissector crash (boo#1176910)
- Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html

==== zypper ====
Version update (1.14.39 -> 1.14.40)
Subpackages: zypper-log zypper-needs-restarting

- info: Assume descriptions starting with '<p>' are richtext
(bsc#935885)
- version 1.14.40

==== zypper-lifecycle-plugin ====
Version update (0.6.1596796104.87bdab7 -> 0.6.1601367426.843fe7a)

- Version 0.6.1601367426.843fe7a
- Allow wildcard matching (jsc#SLE-14168)
- Implement successor handling (jsc#SLE-16251)


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages