Mailinglist Archive: opensuse-kubic (24 mails)

< Previous Next >
[opensuse-kubic] New Kubic snapshot 20190905 released!
  • From: Richard Brown <rbrown@xxxxxxx>
  • Date: Sat, 07 Sep 2019 05:07:37 +0000
  • Message-id: <156783285738.24180.6359779401397169045@go-agent-stagingbot-5>

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20190905
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=---

Please do not reply to this email to report issues, rather file a bug on
bugzilla.opensuse.org.
For more information on filing bugs please see
https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
attr
dhcp
gperftools
hwinfo
iproute2 (5.1 -> 5.2)
leveldb
libtool
libyajl
libzio
lua53
mozilla-nspr
mozilla-nss (3.44.1 -> 3.45)
ncurses
openldap2
pcre
readline
tcpd
xz

=== Details ===

==== attr ====
Subpackages: libattr1

- Use FAT LTO objects in order to provide proper static library.

==== dhcp ====
Subpackages: dhcp-client

- dhclient-script: replace host(1) with getent, which is more
lightweight (part of glibc and does not pull in bind-utils)
- Use FAT LTO objects in order to provide proper static library.

==== gperftools ====

- Use FAT LTO objects in order to provide proper static library.

==== hwinfo ====

- Use FAT LTO objects in order to provide proper static library.

==== iproute2 ====
Version update (5.1 -> 5.2)

- Use FAT LTO objects in order to provide proper static library.
- Use %make_build.
- Update to new upstream release 5.2
* devlink: increase column size for larger shared buffers
* ip: reset netns after each command in batch mode
* ip addr: do not set IPv6 specific options for IPv4 addresses
* ip fou: support binding FOU ports
* ip link: support bridge vlan_stats_per_port
* ip link: support vlan bridge binding flag
* ip macsec: supporet gcm-aes-256 cipher type
* ip monitor: display interfaces from all groups
* ip neigh: show neighbor offload indication
* rdma: add link add/delete
* rdma: update node type strings
* ss: add option for single line output
* ss: show raw numbers for data rates with --numeric
* tc: support for plug qdisc
* tc: taprio: support for changing schedules
* tc: taprio: support cycle_time and cycle_time_extensions
* tipc: support for link broadcast method and ratio
* update documentation

==== leveldb ====

- Use FAT LTO objects in order to provide proper static library.

==== libtool ====

- Use FAT LTO objects in order to provide proper static library.

==== libyajl ====

- Use FAT LTO objects in order to provide proper static library.

==== libzio ====

- Use FAT LTO objects in order to provide proper static library

==== lua53 ====

- Use FAT LTO objects in order to provide proper static library.

==== mozilla-nspr ====

- Use FAT LTO objects in order to provide proper static library.

==== mozilla-nss ====
Version update (3.44.1 -> 3.45)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.45 (bsc#1141322)
* required by Firefox 69.0
New functions
* PK11_FindRawCertsWithSubject - Finds all certificates on the
given slot with the given subject distinguished name and returns
them as DER bytes. If no such certificates can be found, returns
SECSuccess and sets *results to NULL. If a failure is encountered
while fetching any of the matching certificates, SECFailure is
returned and *results will be NULL.
Notable changes
* bmo#1540403 - Implement Delegated Credentials
* bmo#1550579 - Replace ARM32 Curve25519 implementation with one
from fiat-crypto
* bmo#1551129 - Support static linking on Windows
* bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for
finding certificates with a given subject on a given slot
* bmo#1546229 - Add IPSEC IKE support to softoken
* bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23)
* bmo#1543874 - Expose an external clock for SSL
* bmo#1546477 - Various changes in response to the ongoing FIPS review
Certificate Authority Changes
* The following CA certificates were Removed:
bmo#1552374 - CN = Certinomis - Root CA
Bugs fixed
* bmo#1540541 - Don't unnecessarily strip leading 0's from key material
during PKCS11 import (CVE-2019-11719)
* bmo#1515342 - More thorough input checking (CVE-2019-11729)
* bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in
TLS 1.3 (CVE-2019-11727)
* bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed
from lib/freebl/pqg.c (static analysis)
* bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams
from lib/freebl/pqg.c (static analysis)
* bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong
* bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where
tags could be faked. Only relevant for clients that might have copied
the unit test code verbatim
* bmo#1550022 - Ensure nssutil3 gets built on Android
* bmo#1528174 - ChaCha20Poly1305 should no longer modify output
length on failure
* bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo()
returns error
* bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures
* bmo#1554659 - Add versioning to OpenBSD builds to fix link time
errors using NSS
* bmo#1553443 - Send session ticket only after handshake is marked
as finished
* bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so
builds
* bmo#1554336 - Optimize away unneeded loop in mpi.c
* bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor
specific mechanism
* bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible
* bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT
* bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey
* bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data
* bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work
* bmo#1561523 - Add a string for the new-ish error
SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION
- split hmac subpackages to match SLE's packaging
- Use -ffat-lto-objects in order to provide assembly for static libs.

==== ncurses ====
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base

- Add ncurses patch 20190810
+ fix a few more coverity warnings.
- Add ncurses patch 20190803
+ improve loop limits in _nc_scroll_window() to handle a case where
the scrolled data is a pad which is taller than the window (patch
by Rob King).
+ amend the change to screen, because tmux relies upon that entry
and does not support that feature (Debian #933572) -TD
+ updated ms-terminal entry & notes -TD
+ updated kitty entry & notes -TD
+ updated alacritty+common entry & notes -TD
+ use xterm+sl-twm for consistency -TD
- Add ncurses patch 20190728
+ fix a few more coverity warnings.
+ more documentation updates based on tctest.
- Add ncurses patch 20190727
+ fix a few coverity warnings.
+ documentation updates based on tctest.
- Add ncurses patch 20190720
+ fix a few warnings for gcc 4.x
+ add some portability/historical details to the tic, toe and infocmp
manual pages.
+ correct fix for broken link from terminfo(5) to tabs(1) manpage
(report by Sven Joachim).
- Use FAT LTO objects in order to provide proper static library.

==== openldap2 ====

- Use FAT LTO objects in order to provide proper static library.

==== pcre ====

- Use FAT LTO objects in order to provide proper static library.

==== readline ====

- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as
map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm"
- Add official patch readline80-001
The history file reading code doesn't close the file descriptor open to
the history file when it encounters a zero-length file.
- Use FAT LTO objects in order to provide proper static library.

==== tcpd ====

- Use FAT LTO objects in order to provide proper static library.

==== xz ====
Subpackages: liblzma5

- Use FAT LTO objects in order to provide proper static library.


--
To unsubscribe, e-mail: opensuse-kubic+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kubic+owner@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages