Packages changed: MozillaThunderbird (52.9.1 -> 60.0) autoyast2 (4.0.60 -> 4.0.61) babl (0.1.52 -> 0.1.56) claws-mail (3.16.0 -> 3.17.1) cups-filters (1.20.4 -> 1.21.1) curl (7.61.0 -> 7.61.1) epiphany (3.28.3.1 -> 3.28.4) gegl (0.4.4 -> 0.4.8) gimp (2.10.4 -> 2.10.6) kernel-source (4.18.5 -> 4.18.6) libstorage-ng (4.1.22 -> 4.1.24) mercurial (4.7 -> 4.7.1) miniupnpc nano (2.9.8 -> 3.0) obs-service-download_files (0.6.1.git.1529965817.d9a3ff4 -> 0.6.2) osinfo-db (20180720 -> 20180903) perl-File-Path (2.150000 -> 2.160000) polkit-default-privs poppler (0.66.0 -> 0.68.0) poppler-qt5 (0.66.0 -> 0.68.0) python-pycryptodome (3.6.3 -> 3.6.6) python-pyparsing rubygem-autoprefixer-rails (9.1.3 -> 9.1.4) rubygem-rubyzip (1.2.1 -> 1.2.2) rubygem-yard (0.9.14 -> 0.9.16) webkit2gtk3 (2.20.5 -> 2.22.0) yast2-services-manager (4.1.5 -> 4.1.7) yast2-support (4.0.0 -> 4.0.1) zsh (5.5.1 -> 5.6) === Details === ==== MozillaThunderbird ==== Version update (52.9.1 -> 60.0) Subpackages: MozillaThunderbird-translations-common - remove non-free untar licenced code from distributed tarball - Add conditional for pkgconfig(gconf-2.0) BuildRequires, and pass conditional --disable-gconf to configure: no longer pull in obsolete gconf2 for Tumbleweed. - update to Thunderbird 60.0: https://www.thunderbird.net/en-US/thunderbird/60.0/releasenotes/ * Improved message handling and composing * Improved handling of message templates * Support for OAuth2 and FIDO U2F * Various Calendar improvements * Various fixes and changes to e-mail workflow * Various IMAP fixes * Native desktop notifications - Security fixes which can not, in general, be exploited through email, but are potential risks in browser or browser-like contexts: MFSA 2018-19 (bsc#1098998) * CVE-2018-12359 (bmo#1459162) Buffer overflow using computed size of canvas element * CVE-2018-12360 (bmo#1459693) Use-after-free when using focus() * CVE-2018-12361 (bmo#1463244) Integer overflow in SwizzleData * CVE-2018-12362 (bmo#1452375) Integer overflow in SSSE3 scaler * CVE-2018-5156 (bmo#1453127) Media recorder segmentation fault when track type is changed during capture * CVE-2018-12363 (bmo#1464784) Use-after-free when appending DOM nodes * CVE-2018-12364 (bmo#1436241) CSRF attacks through 307 redirects and NPAPI plugins * CVE-2018-12365 (bmo#1459206) Compromised IPC child process can list local filenames * CVE-2018-12371 (bmo#1465686) Integer overflow in Skia library during edge builder allocation * CVE-2018-12366 (bmo#1464039) Invalid data handling during QCMS transformations * CVE-2018-12367 (bmo#1462891) Timing attack mitigation of PerformanceNavigationTiming * CVE-2018-5187 (bmo#1461324,bmo#1414829,bmo#1395246,bmo#1467938, bmo#1461619,bmo#1425930,bmo#1438556,bmo#1454285,bmo#1459568, bmo#1463884) Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Thunderbird 60 * CVE-2018-5188 (bmo#1456189,bmo#1456975,bmo#1465898,bmo#1392739, bmo#1451297,bmo#1464063,bmo#1437842,bmo#1442722,bmo#1452576, bmo#1450688,bmo#1458264,bmo#1458270,bmo#1465108,bmo#1464829, bmo#1464079,bmo#1463494,bmo#1458048) Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, Firefox ESR 52.9, and Thunderbird 60 - requires NSPR 4.19 and NSS 3.36.4 - source archives are now signed directly (removed checksum signature check) - imported patches from Firefox 60 * mozilla-bmo1375074.patch * mozilla-bmo1464766.patch * mozilla-i586-DecoderDoctorLogger.patch * mozilla-i586-domPrefs.patch - removed obsolete patches * mozilla-language.patch * tb-ssldap.patch * mozilla-develdirs.patch - removed -devel subpackage as old-style extensions are mainly gone - storing of remote content settings fixed (boo#1084603) ==== autoyast2 ==== Version update (4.0.60 -> 4.0.61) Subpackages: autoyast2-installation - AutoInstallRules: Fixed crash while merging profiles. (bsc#1105711) - 4.0.61 ==== babl ==== Version update (0.1.52 -> 0.1.56) - Update license to LGPL-3.0-or-later AND GPL-3.0-or-later per the feedback from legal. - Update to version 0.1.56: + Improvements to the caching of profiled conversion chains between invocations by ignoring unknown bits in cache file and remember which conversions yielded reference fishes. - Changes from version 0.1.54: + Export babl_space_get_icc, babl_space_get, babl_model_with_space, babl_space_with_trc, babl_format_get_encoding, babl_model_is, SSE2 versions of YA float and Y float to CIE L float. ==== claws-mail ==== Version update (3.16.0 -> 3.17.1) Subpackages: claws-mail-lang - Update to 3.17.1: bug fixes: o bug 4072, 'Crash when clicking 'reply' or 'reply with quote'' o Account signature: Warn and fail rather than crashing when format string is faulty. - Add texlive-* dependencies for creation of manual - bsc#1105222: Remove Do-not-use-msginfo_list-for-compose.patch Faulty behaviour - Update to 3.17.0: * SOCKS proxy support has been added. * Accounts can now have their own auto-check intervals, or follow the global interval. * in the options for 'default selection when entering a folder', 'first [...]' has been renamed to 'oldest [...]', and 'newest [...]' items have been added. * Message List: when changing sort key by clicking column header, the sort direction is now preserved * Message View: keypress handling for scrolling, (PgUp/Down, Space, Backspace), has been improved. * the Network Log now displays output from LDAP operations. * "Go to last error" has been added to the Log Window context menu. * Filtering/Processing: "mark_as_spam" is no longer a final action, since it does not move the marked message. * Filtering/Processing: Resent-From and Resent-To have been added in Any/All header(s) (in Address Book) matcher rules. * when a Return-Receipt request is received by an unknown address, the user is now required to choose which Account to send it from. * Colour Labels: confirmation is asked for when clearing or overriding existing colour labels. * Address Book: basic contact merging has been added. * NetworkManager support: ported from libnm-util/libnm-glib to libnm. * Dillo plugin: this HTML rendering plugin is now once again available. * RSSyl plugin: the modified time is no longer considered when matching deleted items. * RSSyl plugin: Handle 404 and other fetch failures better. * Attachment Remover plugin: the user is now notified about what has been done when processing multiple selections. * SpamAssassin plugin: added support for compression (the server must have compression enabled, and the local spamc too). * SpamAssassin plugin: disabled SSLv3. * when using the hidden preference, hide_timezone, the time in the Date header is converted to UTC. * various other UI improvements. * many behind-the-scenes improvements. * bug fixes: o bug 3754, 'interactive auth dialogs pops endlessly' o bug 3919, 'manual filtering does not move spam' o bug 3936, 'LDAP StartTLS does not work for addressbooks' o bug 3947, 'Build break with --disable-libsm - -enable-crash-dialog' o bug 3957, 'Claws-Mail 64bit crashes when saving a draft' o bug 3960, 'Sends unencrypted emails when encryption fails' o bug 3971, 'Deleted rss feed item reappears as unread on feed refreshing' o bug 3973, ''select all' in summaryview does not automatically focus the summaryview' o bug 3978, '"From" column displays both name and email address for Outbox' o bug 3984, 'Copy-paste in find/filter field works incorrectly' o bug 3985, 'an empty progress bar remains after POP mail check completes' o bug 3986, 'IMAP quick search using non-ASCII characters creates an infinite loop' o bug 3993, 'Claws Mail connects to IMAP server when it should not' o bug 4014, '"Work offline" doesn't seem to affect RSS' o bug 4022, 'Closing "Account Preferences" window opens "Edit Accounts" window if "Edit Accounts" window has been opened before at least once' o bug 4023, 'Fix some small issues' o bug 4033, 'Claws Mail crashes [malloc(): memory corruption] while trying to save account password greater than 136 chars' o bug 4056, 'Impossible to disable overriding of offline mode' o bug 4058, '# in extended search description window should not be translated' o bug 4068, 'Claws Mail hangs when getting news from a certain feed' o actionsrc was not updated after mailbox name change o two crashes caused by bad GtkListStore management in editaddress.c o wrong malloc of clamd_socket struct, (CID 1220477) o vCalendar: possible access to uninitilized folder pointer (CID 1402515) o vCalendar: mismatch and unneeded display of unavailable folder class in warning (CID 1434197) o vCalendar: Skip whitespace chars at the beginning of ics stream o buffer overrun, always writing at buffer size + 1. (CID 1434188) o wrong use of pointer-to-array as an array CID 1434191) o sensitivity of few preferences widgets of the SA plug-in o compilation using --enable-generic-umpc o crash in quicksearch keypress handling o quoting in reply to format=flowed message o HTML header handling o 'sort_type' is lost when changing 'sort_key' from /View/sort the bug was apparent with a descending sort o Return-Receipts: MDN mail-accountname leak o auth retry in Managesieve - wrong state variable was being set o memory leaks ==== cups-filters ==== Version update (1.20.4 -> 1.21.1) - Do not diferentiate for service location, it is in sbindir on all systems we support now - Use license for license install - Version update to 1.21.1: - foomatic-rip: Fixed segmentation fault caused by wrong Coverity Scan issue fix (Issue #57, Debian bug #907026). - Build system: Require QPDF 8.1.0 or later as it is needed by bannertopdf (Issue #56). - libcupsfilters, cups-browsed, driverless, foomatic-rip, parallel: Silenced warnings from newest gcc. - libcupsfilters: When generating a PPD for driverless printing on a remote IPP printer, make pdftopdf not being run by the local queue if the remote queue is a CUPS queue to avoid running pdftopdf twice (CUPS Issue #5361). - libcupsfilters, cups-browsed, driverless, bannertopdf, foomatic-rip, pdftops, pdftoraster, rastertops, rastertoescpx, sys5ippprinter, beh: Fixed Coverity Scan issues. Thanks to Zdenek Dohnal (zdohnal at redhat dot com) for the tests and the patches. - bannertopdf: Switched over from using Poppler to using QPDF for generating the PDF pages. With Poppler unstable APIs were used which were subject to change. Thanks to Sahil Arora for this project in the Google Summer of Code 2018 (Pull request #25). - cups-browsed: Manually defined clusters ("Cluster" directive in cups-browsed.conf) caused cups-browsed to crash. ==== curl ==== Version update (7.61.0 -> 7.61.1) Subpackages: libcurl4 - Update to version 7.61.1 Bugfixes: * CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019) * CURLINFO_SIZE_UPLOAD: fix missing counter update * CURLOPT_ACCEPT_ENCODING.3: list them comma-separated * CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse * Curl_getoff_all_pipelines: improved for multiplexed * DEPRECATE: remove release date from 7.62.0 * HTTP: Don't attempt to needlessly decompress redirect body * INTERNALS: require GnuTLS >= 2.11.3 * README.md: add LGTM.com code quality grade for C/C++ * SSLCERTS: improve the openssl command line * Silence GCC 8 cast-function-type warnings * ares: check for NULL in completed-callback * asyn-thread: Remove unused macro * auth: only pick CURLAUTH_BEARER if we *have* a Bearer token * auth: pick Bearer authentication whenever a token is available * cmake: CMake config files are defining CURL_STATICLIB for static builds * cmake: Respect BUILD_SHARED_LIBS * cmake: Update scripts to use consistent style * cmake: bumped minimum version to 3.4 * cmake: link curl to the OpenSSL targets instead of lib absolute paths * configure: conditionally enable pedantic-errors * configure: fix for -lpthread detection with OpenSSL and pkg-config * conn: remove the boolean 'inuse' field * content_encoding: accept up to 4 unknown trailer bytes after raw deflate data * cookie tests: treat files as text * cookies: support creation-time attribute for cookies * curl: Fix segfault when -H @headerfile is empty * curl: add http code 408 to transient list for --retry * curl: fix time-of-check, time-of-use race in dir creation * curl: use Content-Disposition before the "URL end" for -OJ * curl: warn the user if a given file name looks like an option * curl_threads: silence bad-function-cast warning * darwinssl: add support for ALPN negotiation * docs/CURLOPT_URL: fix indentation * docs/CURLOPT_WRITEFUNCTION: size is always 1 * docs/SECURITY-PROCESS: mention bounty, drop pre-notify * docs/examples: add hiperfifo example using linux epoll/timerfd * docs: add disallow-username-in-url.d and haproxy-protocol.d to dist * docs: clarify NO_PROXY env variable functionality * docs: improved the manual pages of some callbacks * docs: mention NULL is fine input to several functions * formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT * gopher: Do not translate `?' to `%09' * header output: switch off all styles, not just unbold * hostip: fix unused variable warning * http2: Use correct format identifier for stream_id * http2: abort the send_callback if not setup yet * http2: avoid set_stream_user_data() before stream is assigned * http2: check nghttp2_session_set_stream_user_data return code * http2: clear the drain counter in Curl_http2_done * http2: make sure to send after RST_STREAM * http2: separate easy handle from connections better * http: fix for tiny "HTTP/0.9" response * http_proxy: Remove unused macro SELECT_TIMEOUT * lib/Makefile: only do symbol hiding if told to * lib1502: fix memory leak in torture test * lib1522: fix curl_easy_setopt argument type * libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation * mime: check Curl_rand_hex's return code * multi: always do the COMPLETED procedure/state * openssl: assume engine support in 1.0.0 or later * openssl: fix debug messages * projects: Improve Windows perl detection in batch scripts * retry: return error if rewind was necessary but didn't happen * reuse_conn(): memory leak - free old_conn->options * schannel: client certificate store opening fix * schannel: enable CALG_TLS1PRF for w32api >= 5.1 * schannel: fix MinGW compile break * sftp: don't send post-qoute sequence when retrying a connection * smb: fix memory leak on early failure * smb: fix memory-leak in URL parse error path * smb_getsock: always wait for write socket too * ssh-libssh: fix infinite connect loop on invalid private key * ssh-libssh: reduce excessive verbose output about pubkey auth * ssh-libssh: use FALLTHROUGH to silence gcc8 * ssl: set engine implicitly when a PKCS#11 URI is provided * sws: handle EINTR when calling select() * system_win32: fix version checking * telnet: Remove unused macros TELOPTS and TELCMDS * test1143: disable MSYS2's POSIX path conversion * test1148: disable if decimal separator is not point * test1307: (fnmatch testing) disabled * test1422: add required file feature * test1531: Add timeout * test1540: Remove unused macro TEST_HANG_TIMEOUT * test214: disable MSYS2's POSIX path conversion for URL * test320: treat curl320.out file as binary * tests/http_pipe.py: Use /usr/bin/env to find python * tests: Don't use Windows path %PWD for SSH tests * tests: fixes for Windows line endlings * tool_operate: Fix setting proxy TLS 1.3 ciphers * travis: build darwinssl on macos 10.12 to fix linker errors * travis: execute "set -eo pipefail" for coverage build * travis: run a 'make checksrc' too * travis: update to GCC-8 * travis: verify that man pages can be regenerated * upload: allocate upload buffer on-demand * upload: change default UPLOAD_BUFSIZE to 64KB * urldata: remove unused pipe_broke struct field * vtls: reinstantiate engine on duplicated handles * windows: implement send buffer tuning * wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random - Remove patch included upstream: * curl-switch-off-all-styles.patch ==== epiphany ==== Version update (3.28.3.1 -> 3.28.4) Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Update to version 3.28.4: + Improve performance of adblocker. + Ensure correct address is displayed in security popover when starting loads. + Fix crash on homedepot.com. + Improve use of Safe Browsing threat lists. + Fix miscellaneous memory leaks. - Drop upstream fixed patches: + epiphany-uri-tester-fixes.patch. + epip-revert-gsb-storage-dont-hardcode-Linux-threat-lists.patch. + epiphany-leak-fixes.patch. ==== gegl ==== Version update (0.4.4 -> 0.4.8) Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Update to version 0.4.8: + Core/GeglBuffer: Fixes to races during buffer/tile storage destruction, improve swap usage for stored empty tiles. + Operations - motion-blur-circular - improve/clarify property ui - median-blur - added abyss-policy property - long-shadow - new operation - little-planet - adapt reference composition - Changes from version 0.4.6: + Up until now GEGL has been using a color space corresponding to scRGB as an unbounded device independent/possibly scene-referred HDR color space - with a similar approach to to how ACEScg works but with a worse set of RGB primaries. babl formats, represented by a pointer and a corresponding encoding/format string have been used to specify the specific encoding of pixel values. The encoding including component order, data type and TRC encoding. Where "RGBA float" means 32bit float data and "R'G'B' u8" the ' indicates non-linear, and thus this is sRGB. "RaGaBaA half" gives premultiplied linear half data. Other encodings and conversions are also provided through these formats including "CIE Lab float" and "HSV float". + As a color management workflow for scene-referred imaging the above could be sufficient, but GIMP needs data in the 0.0-1.0 range for some display referred blending modes to work properly. As a consequence of this recognized short-coming GIMP has been passing the pixels of for instance ProPhoto "R'G'B'A float" off as "R'G'B'A float" and linear ProPhoto "RGBA float" as "RGBA float" this works for single operations, but falls apart when the colors are converted to CIE Lab. This is the good enough state where the other benefits of having a stable release powered by GEGL outweighed not being entirely correct. + Since babl 0.1.32 of october 2017, all babl formats have an associated unchangable space associated with them, and since then GeglBuffer has worked correctly with it - since GeglBuffers use of babl API did not change. GIMP is already using these parts of babl for ICC matrix based conversions since using babl for ICC profile transforms is an order of magnitude faster than using the lcms2 library. It took time to come up with the above scheme of integrating arbitrary primaries and curves for spaces with babl in a maintainable manner, and it has taken until the last month to come up with a full plan for the rest of GEGL to be aware of and handling arbirary parametric ICC v2/v4 based color spaces for operations; without limiting the ability to extend and use the code for a wide range of scenarios. + A space can be constructed from a preferenced name/specification, loaded/saved from ICC matrix profiles or constructed and serialized to whitepoint + rgb chromaticities / xyz matrix. More recently an additional trc mark has been added '~', giving this vocabulary for RGB formats, in addition to variants with alpha and pre-multiplied alpha variants of the same: - "RGB" linear primaries from space, linear data - "R'G'B'" non-linear primaries from space, TRCs from space - "R~G~B~" perceptual primaries from space, sRGB TRC + When creating device independent CIE based spaces they also get passed a space, this means that we can convert CIE Lab to RGB float, keeping track of which space / ICC profile the data correspond to. + GEGL operations now construct their desired encodings of formats by taking the space of buffers on input pads into account. By default, for composers "input" wins over "aux" to determine ops space. If an operation is not ported, data will be converted to sRGB on input and sRGB will come out of the node. + Buffer loaders PNG, JPG, TIFF and EXR generate custom spaces based on ICC profiles/primaries. The corresponding savers saves color space information. A new save handler for the .icc extension, acts like an image storer but only saves the ICC profile of the buffer it gets on input. + With no additional operations inserted, this now means that GEGL graphs operate on linear / non-linear variants of the color space used in the input images without conversion. The new operations gegl:cast-space and gegl:convert-space provide means of overriding this behavior, see the new section about color management in the gegl-chain syntax documentation at http://gegl.org/gegl-chain.html + Initial work has started on making GIMP also use of and propagate color space information along with encoding in babl formats, changes which also will be integrated in the 2.10 branch. + Other changes to operations: vignette: fixes to gamma property + New operations: - cast-space: assign/override color space - convert-space: convert to a different color space - litte-planet: stereographic-mapping split out of the panorama-projection + New operation in workshop: acrs-rrt: ACES RRT based HDR to SDR proof/preview point-filter tonemapping op. ==== gimp ==== Version update (2.10.4 -> 2.10.6) Subpackages: gimp-lang gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0 - Update to version 2.10.6: + Core: - Render drawable previews asynchronously. - Merge the file view filter and file format lists in GimpFileDialog. The presence of 2 lists was very confusing. - DLL search priority is now updated before running a plug-in on Windows, depending on the executable bitness. This gets rid of one of the last remnant of DLL hell in GIMP, which was when running 32-bit plug-ins from a 64-bit build of GIMP. + Filters: - New "Little Planet" (gegl:stereographic-projection) filter. - New "Long Shadow" (gegl:long-shadow) filter. + Tools: - Halt the Measure tool after straightening. - Add an "orientation" option to the measure tool, corresponding to the "orientation" property of GimpToolCompass (i.e., it controls the orientation against which the angle is measured, when not in 3-point mode.) The orientation is "auto" by default, so that the angle is always <= 45 deg. Note that the "orientation" option affects the tool's "straighten" function, so that the layer is rotated toward the current orientation. - Text layers can now represent vertical texts, with 4 variants: left-to-right and right-to-left lines, and forcing all characters to be upright or following Unicode's vertical orientation property. See also: https://www.unicode.org/reports/tr50/ http://www.unicode.org/Public/UCD/latest/ucd/VerticalOrientation.txt + User Interface: - The Dashboard dockable dialog now has an "async" field to the dashboard's "misc" group, showing the number of async operations currently in the "running" state. - New Preferences option to enable/disable layer-group previews, since these can get quite time-expensive. + Updated translations. ==== kernel-source ==== Version update (4.18.5 -> 4.18.6) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.18.6 (bnc#1012628). - PATCH scripts/kernel-doc (bnc#1012628). - scripts/kernel-doc: Escape all literal braces in regexes (bnc#1012628). - scsi: libsas: dynamically allocate and free ata host (bnc#1012628). - xprtrdma: Fix disconnect regression (bnc#1012628). - mei: don't update offset in write (bnc#1012628). - cifs: add missing support for ACLs in SMB 3.11 (bnc#1012628). - CIFS: fix uninitialized ptr deref in smb2 signing (bnc#1012628). - cifs: add missing debug entries for kconfig options (bnc#1012628). - cifs: use a refcount to protect open/closing the cached file handle (bnc#1012628). - cifs: check kmalloc before use (bnc#1012628). - smb3: enumerating snapshots was leaving part of the data off end (bnc#1012628). - smb3: Do not send SMB3 SET_INFO if nothing changed (bnc#1012628). - smb3: don't request leases in symlink creation and query (bnc#1012628). - smb3: fill in statfs fsid and correct namelen (bnc#1012628). - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012628). - btrfs: don't leak ret from do_chunk_alloc (bnc#1012628). - Btrfs: fix mount failure after fsync due to hard link recreation (bnc#1012628). - Btrfs: fix btrfs_write_inode vs delayed iput deadlock (bnc#1012628). - Btrfs: fix send failure when root has deleted files still open (bnc#1012628). - Btrfs: send, fix incorrect file layout after hole punching beyond eof (bnc#1012628). - hwmon: (k10temp) 27C Offset needed for Threadripper2 (bnc#1012628). - bpf, arm32: fix stack var offset in jit (bnc#1012628). - regulator: arizona-ldo1: Use correct device to get enable GPIO (bnc#1012628). - iommu/arm-smmu: Error out only if not enough context interrupts (bnc#1012628). - printk: Split the code for storing a message into the log buffer (bnc#1012628). - printk: Create helper function to queue deferred console handling (bnc#1012628). - printk/nmi: Prevent deadlock when accessing the main log buffer in NMI (bnc#1012628). - kprobes/arm64: Fix %p uses in error messages (bnc#1012628). - arm64: Fix mismatched cache line size detection (bnc#1012628). - arm64: Handle mismatched cache type (bnc#1012628). - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bnc#1012628). - arm64: dts: rockchip: corrected uart1 clock-names for rk3328 (bnc#1012628). - KVM: arm/arm64: Fix potential loss of ptimer interrupts (bnc#1012628). - KVM: arm/arm64: Fix lost IRQs from emulated physcial timer when blocked (bnc#1012628). - KVM: arm/arm64: Skip updating PMD entry if no change (bnc#1012628). - KVM: arm/arm64: Skip updating PTE entry if no change (bnc#1012628). - s390/kvm: fix deadlock when killed by oom (bnc#1012628). - perf kvm: Fix subcommands on s390 (bnc#1012628). - stop_machine: Reflow cpu_stop_queue_two_works() (bnc#1012628). - stop_machine: Atomically queue and wake stopper threads (bnc#1012628). - ext4: check for NUL characters in extended attribute's name (bnc#1012628). - ext4: use ext4_warning() for sb_getblk failure (bnc#1012628). - ext4: sysfs: print ext4_super_block fields as little-endian (bnc#1012628). - ext4: reset error code in ext4_find_entry in fallback (bnc#1012628). - ext4: fix race when setting the bitmap corrupted flag (bnc#1012628). - nvme-pci: add a memory barrier to nvme_dbbuf_update_and_check_event (bnc#1012628). - x86/gpu: reserve ICL's graphics stolen memory (bnc#1012628). - platform/x86: wmi: Do not mix pages and kmalloc (bnc#1012628). - mm: move tlb_table_flush to tlb_flush_mmu_free (bnc#1012628). - mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE (bnc#1012628). - x86/vdso: Fix vDSO build if a retpoline is emitted (bnc#1012628). - x86/process: Re-export start_thread() (bnc#1012628). - KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bnc#1012628). - KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (bnc#1012628). - fuse: Don't access pipe->buffers without pipe_lock() (bnc#1012628). - fuse: fix initial parallel dirops (bnc#1012628). - fuse: fix double request_end() (bnc#1012628). - fuse: fix unlocked access to processing queue (bnc#1012628). - fuse: umount should wait for all requests (bnc#1012628). - fuse: Fix oops at process_init_reply() (bnc#1012628). - fuse: Add missed unlock_page() to fuse_readpages_fill() (bnc#1012628). - lib/vsprintf: Do not handle %pO[^F] as %px (bnc#1012628). - udl-kms: change down_interruptible to down (bnc#1012628). - udl-kms: handle allocation failure (bnc#1012628). - udl-kms: fix crash due to uninitialized memory (bnc#1012628). - udl-kms: avoid division (bnc#1012628). - b43legacy/leds: Ensure NUL-termination of LED name string (bnc#1012628). - b43/leds: Ensure NUL-termination of LED name string (bnc#1012628). - ASoC: dpcm: don't merge format from invalid codec dai (bnc#1012628). - ASoC: zte: Fix incorrect PCM format bit usages (bnc#1012628). - ASoC: sirf: Fix potential NULL pointer dereference (bnc#1012628). - ASoC: wm_adsp: Correct DSP pointer for preloader control (bnc#1012628). - soc: qcom: rmtfs-mem: fix memleak in probe error paths (bnc#1012628). - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show() (bnc#1012628). - scsi: qla2xxx: Fix stalled relogin (bnc#1012628). - x86/vdso: Fix lsl operand order (bnc#1012628). - x86/nmi: Fix NMI uaccess race against CR3 switching (bnc#1012628). - x86/irqflags: Mark native_restore_fl extern inline (bnc#1012628). - x86/spectre: Add missing family 6 check to microcode check (bnc#1012628). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bnc#1012628). - hwmon: (nct6775) Fix potential Spectre v1 (bnc#1012628). - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit() (bnc#1012628). - x86: Allow generating user-space headers without a compiler (bnc#1012628). - s390/mm: fix addressing exception after suspend/resume (bnc#1012628). - s390/lib: use expoline for all bcr instructions (bnc#1012628). - s390: fix br_r1_trampoline for machines without exrl (bnc#1012628). - s390/qdio: reset old sbal_state flags (bnc#1012628). - s390/numa: move initial setup of node_to_cpumask_map (bnc#1012628). - s390/pci: fix out of bounds access during irq setup (bnc#1012628). - s390/purgatory: Fix crash with expoline enabled (bnc#1012628). - s390/purgatory: Add missing FORCE to Makefile targets (bnc#1012628). - kprobes: Show blacklist addresses as same as kallsyms does (bnc#1012628). - kprobes: Replace %p with other pointer types (bnc#1012628). - kprobes/arm: Fix %p uses in error messages (bnc#1012628). - kprobes: Make list and blacklist root user read only (bnc#1012628). - MIPS: Correct the 64-bit DSP accumulator register size (bnc#1012628). - MIPS: memset.S: Fix byte_fixup for MIPSr6 (bnc#1012628). - MIPS: Always use -march=, not - shortcuts (bnc#1012628). - MIPS: Change definition of cpu_relax() for Loongson-3 (bnc#1012628). - MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7 (bnc#1012628). - tpm: Return the actual size when receiving an unsupported command (bnc#1012628). - tpm: separate cmd_ready/go_idle from runtime_pm (bnc#1012628). - scsi: mpt3sas: Fix calltrace observed while running IO & reset (bnc#1012628). - scsi: mpt3sas: Fix _transport_smp_handler() error path (bnc#1012628). - scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bnc#1012628). - scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bnc#1012628). - iscsi target: fix session creation failure handling (bnc#1012628). - mtd: rawnand: hynix: Use ->exec_op() in hynix_nand_reg_write_op() (bnc#1012628). - mtd: rawnand: fsmc: Stop using chip->read_buf() (bnc#1012628). - mtd: rawnand: marvell: add suspend and resume hooks (bnc#1012628). - mtd: rawnand: qcom: wait for desc completion in all BAM channels (bnc#1012628). - clk: rockchip: fix clk_i2sout parent selection bits on rk3399 (bnc#1012628). - clk: npcm7xx: fix memory allocation (bnc#1012628). - PM / clk: signedness bug in of_pm_clk_add_clks() (bnc#1012628). - power: generic-adc-battery: fix out-of-bounds write when copying channel properties (bnc#1012628). - power: generic-adc-battery: check for duplicate properties copied from iio channels (bnc#1012628). - watchdog: Mark watchdog touch functions as notrace (bnc#1012628). - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bnc#1012628). - x86/dumpstack: Don't dump kernel memory based on usermode RIP (bnc#1012628). - Refresh patches.suse/0006-x86-stacktrace-Enable-HAVE_RELIABLE_STACKTRACE-for-t.patch. - Update config files. - commit 70ab8ae - arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD (bsc#1106841). - commit dd0155c - config: arm64: Increase SERIAL_8250_RUNTIME_UARTS to 32 (boo#1073193) - commit 0dbc49b - config: Enable SERIAL_SC16IS7XX_SPI on arm and x86 (bsc#1105672, fate#326668) - commit cdc9ece - config: Consistently increase SERIAL_8250_NR_UARTS to 32 (boo#1073193) - commit acb36ab - config: armv7hl: Update to 4.18.5 (bsc#1012628) - commit fa0ebc5 - config: armv6hl: Update to 4.18.5 (bsc#1012628) - commit e907106 ==== libstorage-ng ==== Version update (4.1.22 -> 4.1.24) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#568 - avoid setenv after fork (bsc#1107403) - added unit test - 4.1.24 - merge gh#openSUSE/libstorage-ng#567 - added luks label to blkid parser - added unit test - 4.1.23 ==== mercurial ==== Version update (4.7 -> 4.7.1) Subpackages: mercurial-lang - Mercurial 4.7.1 This is a regularly-scheduled bugfix release containing following fixes: * commands + merge: do not delete untracked files silently (issue5962) * core + revlog: fix descendant deprecated method * hgweb + hgweb: load revcount + 1 entries to fill nextentry in log page (issue5972) * performance + remotephase: avoid full changelog iteration (issue5964) + remotephase: fast path newheads computation in simple case (issue5964) + scmutil: avoid quadratic membership testing (issue5969) + sparse-revlog: fix delta validity computation ==== miniupnpc ==== - Version 2.1 solved: * CVE-2017-1000494: https://github.com/miniupnp/miniupnp/issues/268 https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a * bnc#1075137 - (CVE-2017-1000494) VUL-1: CVE-2017-1000494 miniupnpc: Multiple vulnerabilities can allow a remote attacker to cause a denial of service or potentially execute code ==== nano ==== Version update (2.9.8 -> 3.0) Subpackages: nano-lang - GNU nano 3.0: * speed improvements * changes, updates and renames to commands and bindings * external spell check can now be undone ==== obs-service-download_files ==== Version update (0.6.1.git.1529965817.d9a3ff4 -> 0.6.2) - Update to version 0.6.2: * support appimage.yml parsing ==== osinfo-db ==== Version update (20180720 -> 20180903) - Update database to version 20180903 osinfo-db-20180903.tar.xz ==== perl-File-Path ==== Version update (2.150000 -> 2.160000) - updated to 2.16 see /usr/share/doc/packages/perl-File-Path/Changes 2.16 2018-08-31 - Correct inadequate method of generating names for dummy users and groups during testing (RTC 121967). No change in functionality from 2.15. ==== polkit-default-privs ==== - polkit-default-privs: add renamed libvirt rules (bsc#1106813) ==== poppler ==== Version update (0.66.0 -> 0.68.0) Subpackages: libpoppler-glib8 poppler-tools - Update to version 0.68.0: + core: - Add Reason and Location to SignatureInfo (fdo#107299). - Fix memory misuse on signature handling - Fix security issues found by oss-fuzz - Don't give a warning when Marked value is false (fdo#107430). + qt5: Add Reason and Location to SignatureInfo (fdo#107299). + cpp: - Add rotation() to text_box (fdo#106562). - Fix build with MSVC + utils: - pdftoppm: Add -jpegopt optimize option support - pdftocairo: Add -jpegopt optimize option support - pdftohtml: . Add option to not round coordinates . Fix possible crash (fdo#107316). + build system: - Use OpenJpeg cmake config file instead of pkgconfig - Remove wchar_t- on MSVC - Changes from version 0.67.0: + core: - Fix lots of security/leak issues found by oss-fuzz - Splash: . Optimize some files, making them 20% faster . Correctly manipulate spot colors if SPOT_NCOMPS != 4 - Fix compilation with some strict compilers. - Bump poppler_sover following upstream changes. - Add openjpeg2 BuildRequires: New dependency. ==== poppler-qt5 ==== Version update (0.66.0 -> 0.68.0) - Update to version 0.68.0: + core: - Add Reason and Location to SignatureInfo (fdo#107299). - Fix memory misuse on signature handling - Fix security issues found by oss-fuzz - Don't give a warning when Marked value is false (fdo#107430). + qt5: Add Reason and Location to SignatureInfo (fdo#107299). + cpp: - Add rotation() to text_box (fdo#106562). - Fix build with MSVC + utils: - pdftoppm: Add -jpegopt optimize option support - pdftocairo: Add -jpegopt optimize option support - pdftohtml: . Add option to not round coordinates . Fix possible crash (fdo#107316). + build system: - Use OpenJpeg cmake config file instead of pkgconfig - Remove wchar_t- on MSVC - Changes from version 0.67.0: + core: - Fix lots of security/leak issues found by oss-fuzz - Splash: . Optimize some files, making them 20% faster . Correctly manipulate spot colors if SPOT_NCOMPS != 4 - Fix compilation with some strict compilers. - Bump poppler_sover following upstream changes. - Add openjpeg2 BuildRequires: New dependency. ==== python-pycryptodome ==== Version update (3.6.3 -> 3.6.6) - Update to 3.6.6 - Resolved issues: * Fix vulnerability on AESNI ECB with payloads smaller than 16 bytes. - Update to 3.5.5 - Resolved issues * Fixed incorrect AES encryption/decryption with AES acceleration on x86 due to gcc?s optimization and strict aliasing rules. * More prime number candidates than necessary where discarded as composite due to the limited way D values were searched in the Lucas test. * Fixed ResouceWarnings and DeprecationWarnings. - Update to 3.5.4 - New features: * Build Python 3.7 wheels on Linux, Windows and Mac. - Resolved issues: * More meaningful exceptions in case of mismatch in IV length (CBC/OFB/CFB modes). ==== python-pyparsing ==== Subpackages: python2-pyparsing python3-pyparsing - Clean up SPEC file. ==== rubygem-autoprefixer-rails ==== Version update (9.1.3 -> 9.1.4) - updated to version 9.1.4 see installed CHANGELOG.md [#]# 9.1.4 * Fix `ExecJS` runtime test (by Patrice Chalin). ==== rubygem-rubyzip ==== Version update (1.2.1 -> 1.2.2) - updated to version 1.2.2 no changelog found ==== rubygem-yard ==== Version update (0.9.14 -> 0.9.16) - updated to version 0.9.16 see installed CHANGELOG.md [#] master [#] [0.9.16] - August 11th, 2018 [0.9.16]: https://github.com/lsegal/yard/compare/v0.9.15...v0.9.16 - Documentation fixes (#1175, #1178). - Fixed stack overflow issue when parsing extremely large lists (#1176). [#] [0.9.15] - July 17th, 2018 [0.9.15]: https://github.com/lsegal/yard/compare/v0.9.14...v0.9.15 - Fixed security issue in parsing of Ruby code that could allow for arbitrary execution. Credit to Nelson Elhage for discovering this issue. - updated to version 0.9.14 see installed CHANGELOG.md ==== webkit2gtk3 ==== Version update (2.20.5 -> 2.22.0) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.22.0: + New JavaScriptCore GLib API. + Switched to use complex text code path unconditionally. + Added playbin3 support to GStreamer media backend. + Support for WebDriver advance user insteraction commands. + Default option menu implementation now uses a GtkTreeView. - Update to version 2.21.92: + Add new API to inject/register user content in isolated worlds. + Add more API to JSCException to handle column number, convert exception to string, get the exception backtrace, create exceptions with a custom error name and report exception message with full details. + Fix excessive CPU usage when getting the process memory footprint. + Fix several crashes and rendering issues. + Updated translations. - Update to version 2.21.91: + Add enable-media-capabilities setting. + Stop pushing buffers when seeking status changes in media player. + Fix rendering of theme styled buttons. + Fix several crashes and rendering issues. + Updated translations. - Add explict pkgconfig(gstreamer-app-1.0), pkgconfig(gstreamer-audio-1.0), pkgconfig(gstreamer-codecparsers-1.0), pkgconfig(gstreamer-fft-1.0), pkgconfig(gstreamer-mpegts-1.0), pkgconfig(gstreamer-pbutils-1.0), pkgconfig(gstreamer-tag-1.0) and pkgconfig(gstreamer-video-1.0) BuildRequires: align with what configure checks for. - Disable webkit2gtk3-python3.patch via bcond_with: Patch currently breaks the build. ==== yast2-services-manager ==== Version update (4.1.5 -> 4.1.7) - Bring back the ServicesManagerTargetClass#modified= method (bsc#1107240). - 4.1.7 - Add help for buttons in the dialog (related to bsc#1089999 and fate#319428). - 4.1.6 ==== yast2-support ==== Version update (4.0.0 -> 4.0.1) - In ncurses the "Next" button to submit the gathered information was not visible (bsc#1093358) - Made the Contact Information screen fit in a 80x24 terminal - 4.0.1 ==== zsh ==== Version update (5.5.1 -> 5.6) - Update to version 5.6 * Fixes CVE-2018-0502 (bsc#1107296) and CVE-2018-13259 (bsc#1107294) * Switch to -fstack-protector-strong * See included NEWS file for complete changes. - No longer manually install help files, make install handles it. - Workaround a regression upstream with help file generation by removing Doc/help.txt before build.