Packages changed: apache2 bind calligra digikam installation-images-Kubic (14.342 -> 14.343) kiwi (7.04.38 -> 7.04.40) kmod libfabric (1.5.1 -> 1.5.2) liblogging libnettle (3.3 -> 3.4) libpsm2 (10.2.260 -> 10.3.17) libyui (3.3.3 -> 3.4.0) libyui-ncurses (2.48.4 -> 2.49.0) lynx (2.8.9~dev.14 -> 2.8.9~dev.16) ovmf (2017+git1505340320.5afa5b8159 -> 2017+git1510945757.b2662641d5) perl-Devel-StackTrace (2.02 -> 2.03) perl-JSON (2.94 -> 2.97000) pidgin python-numpy python3 python3-base ruby2.4 (2.4.1 -> 2.4.2) spamassassin time (1.7 -> 1.8) unison (2.48.3 -> 2.48.4) xkbcomp xkeyboard-config xrandr xset ypserv === Details === ==== apache2 ==== Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils - APACHE_MODULES now contains authn_core in default configuration [bsc#1066661] ==== bind ==== Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns165 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141 - Use python3 by default (fate#323526) ==== calligra ==== Subpackages: calligra-doc calligra-extras-dolphin calligra-extras-okular calligra-lang calligra-sheets calligra-stage calligra-words - Add fix-build-with-newer-kcalcore.patch to make it build with KDE Applications 17.12 ==== digikam ==== Subpackages: kipi-plugins kipi-plugins-lang - Add Adapt-to-KCalCore-API-changes.patch to make it build with KDE Applications 17.12 ==== installation-images-Kubic ==== Version update (14.342 -> 14.343) - merge gh#openSUSE/installation-images#216 - adjust to ruby2.5 - 14.343 ==== kiwi ==== Version update (7.04.38 -> 7.04.40) Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-templates - v7.04.40 released - Tumbleweed templates: drop pam-modules dependency - kiwi.spec: Prepare for Tumbleweed moving to suse_version 1550 - v7.04.39 released - KIWIImage: add grub2-mkimage prefix option grub2-mkimage on openSUSE Leap 42.3 now requires "-p" option. See also ece8cb9e - Keep Melanox and hyperv kernel modules in the initrd + Due to jitters in boot on Azure the drivers are not always found, keeping then in the initrd avoids the issue in the virtualized environment - Fixed blocksize setup in losetup The -L option was used to set the blocksize value for losetup However there is an option name clash between suse util-linux and upstream which now leads to the problem that option -L has changed its meaning and actually means --nooverlap which completely breaks the call in kiwi. This patch changes the call to use the long form --logical-blocksize. This Fixes bsc#1066873 ==== kmod ==== Subpackages: kmod-compat libkmod2 - Move dependency on suse-module-tools to kmod-compat (bsc#1047911). ==== libfabric ==== Version update (1.5.1 -> 1.5.2) - Update to v1.5.2 - Core - Fix Power PC 32-bit build - Sockets - Fix incorrect reporting of counter attributes - Verbs - Fix reporting attributes based on device limits - Fix incorrect CQ size reported for iWarp NICs - Update man page with known issues for specific NICs - Fix FI_RX_CQ_DATA mode check - Disable on-demand paging by default (can cause data corruption) - Disable loopback (localhost) addressing (causing failures in MPI) ==== liblogging ==== - fix SLE 12 build ==== libnettle ==== Version update (3.3 -> 3.4) Subpackages: libhogweed4 libhogweed4-32bit libnettle-devel libnettle6 libnettle6-32bit - libnettle 3.4: * Fixed an improper use of GMP mpn_mul, breaking curve2559 and eddsa on certain platforms * Fixed memory leak when handling invalid signatures in ecdsa_verify. Fix contributed by Nikos Mavrogiannopoulos. * Reorganized the way certain data items are made available: Nettle header files now define the symbols nettle_hashes, nettle_ciphers, and nettle_aeads, as preprocessor macros invoking a corresponding accessor function. For backwards ABI compatibility, the symbols are still present in the compiled libraries, and with the same sizes as in nettle-3.3. * Support for RSA-PSS signatures * Support for the HKDF key derivation function, defined by RFC 5869 * Support for the Cipher Feedback Mode (CFB) * New accessor functions: nettle_get_hashes, nettle_get_ciphers, nettle_get_aeads, nettle_get_secp_192r1, nettle_get_secp_224r1, nettle_get_secp_256r1, nettle_get_secp_384r1, nettle_get_secp_521r1. Direct access to data items is deprecated going forward. * The base16 and base64 functions now use the type char * for ascii data, rather than uint8_t *. This eliminates the last pointer-signedness warnings when building Nettle * The contents of the header file nettle/version.h is now architecture independent, except in --enable-mini-gmp * Prevent data sizes from leaking into the ABI - Fixes previously carried as patches: * Fix compilation error with --enable-fat om ARM Drop nettle-3.3-fix-fat-arm.patch ==== libpsm2 ==== Version update (10.2.260 -> 10.3.17) Subpackages: libpsm2-2 libpsm2-compat - Updated to version 10.3.17: - Small bug fixes and some enhanced debugging. - Assigned context is not freed on close() which could lead to context starvation. Therefore release hfi1 mappings when closing a context. - Close receive thread only while closing last endpoint - Rebase libpsm2-include-ioctl_h.patch, libpsm2-use_RPM_OPT_FLAGS.patch and libpsm2-use-exported-variable-for-version-and-release.patch to the latest sources. ==== libyui ==== Version update (3.3.3 -> 3.4.0) - Support for sending a widget ID with Shift-F6 for automated testing (fate#324098) - 3.4.0 ==== libyui-ncurses ==== Version update (2.48.4 -> 2.49.0) - Send a widget ID with Shift-F6 for automated testing (fate#324098) - 2.49.0 ==== lynx ==== Version update (2.8.9~dev.14 -> 2.8.9~dev.16) - update to 2.8.9dev.16: * add a note in the comments for INCLUDE in lynx.cfg regarding the default directory searches LYOpenCFG(), added in 2.8.4dev.20 (Debian #818047) -TD * add a check to ensure that HTML_put_string() will not append a chunk onto itself (report by Ned Williamson) -TD * add note in lynx.cfg about default values (Debian #408448) -TD * amended Backes' change to the COLLAPSE_BR_TAGS feature for compatibility -TD + use ENABLE_LYNXRC to determine whether it is written to the .lynxrc file. + add command-line option, etc., for controlling whether blank lines are trimmed, e.g., trailing lines as well as the special case for collapsing br-tags. Leading blank lines at the top of the document are untouched. + modify limit for trimmed lines to retain as little as 1 line; previously the trimming would go no smaller than 2 lines. * add command-line option and options-menu item for COLLAPSE_BR_TAGS (patch by Peter Backes). * correct logic in HTCopy() when re-reading a page (Debian #863008) -TD ==== ovmf ==== Version update (2017+git1505340320.5afa5b8159 -> 2017+git1510945757.b2662641d5) Subpackages: qemu-ovmf-x86_64 - Update to 2017+git1510945757.b2662641d5 + ArmPlatformPkg/ArmPlatformLibNull: remove bogus PCD dependencies + MdeModulePkg/UsbMassStorageDxe: Enhance Request Sense Handling + OvmfPkg: save on I/O port accesses when the debug port is not in use + OvmfPkg: create a separate PlatformDebugLibIoPort instance for SEC + OvmfPkg: make PlatformDebugLibIoPort a proper BASE library + OvmfPkg: restore temporary SEC/PEI RAM size to 64KB + OvmfPkg/Sec/X64: seed the temporary RAM with PcdInitValueInTempStack + ArmVirtPkg: switch to new PL011UartLib implementation + OvmfPkg/XenHypercallLib: enable virt extensions for ARM + MdeModulePkg/PiSmmCore: Implement heap guard feature for SMM mode + MdeModulePkg/DxeCore: Implement heap guard feature for UEFI + ArmVirtPkg/ArmVirtQemu: use non-accelerated CopyMem for VariableRuntimeDxe + NetworkPkg: Fix incorrect SizeofHeaders returned from HttpTcpReceiveHeader() + NetworkPkg: Print error message to screen if error occurs during HTTP boot + MdeModulePkg/PartitionDxe: Fix UDF fs access on certain CD/DVD medias + MdeModulePkg/UsbMassStorageDxe: Fix USB Mass Storage detection + MdeModulePkg SerialDxe: Handle Timeout change more robustly + CryptoPkg/BaseCryptLib: Fix mismatched memory allocation/free + CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper + ArmPlatformPkg/PlatformPeim: allow PlatformPeiLib to set the boot mode + Deprecate EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + SecurityPkg: Remove Counter Based AuthVariable support + BaseTools/tools_def AARCH64 ARM: disable PIE linking + NetworkPkg/TlsAuthConfigDxe: Remove the extra FreePool + NetworkPkg/HttpBootDxe: Add IPv6 support condition check + NetworkPkg/IScsiDxe: Fix the incorrect/needless DHCP process + MdeModulePkg/PciBus: Fix bug that PCI BUS claims too much resource + UefiCpuPkg/MtrrLib: Use SetMem instead of SetMem64 to fix hang + NetworkPkg: Remove ping6 and ifconfig shell application + OvmfPkg: fix dynamic default for oprom verification policy PCD without SB + OvmfPkg/PlatformPei: DENY_EXECUTE_ON_SECURITY_VIOLATION when SEV is active + SecurityPkg\Tcg2Pei: FV measure performance enhancement + SecurityPkg:AuthVariableLib:Implement ECR1707 for Private Auth Variable + ArmPlatformPkg: Store initial timer value + ArmVirtPkg ArmVirtDxeHobLib: Implement BuildFv3Hob + MdeModulePkg/Variable/RuntimeDxe: delete and lock OS-created MOR variable + ArmPkg/PlatformBootManagerLib: fix bug in ESRT invocation + OvmfPkg/PciHotPlugInitDxe: translate QEMU's resource reservation hints + OvmfPkg/PciHotPlugInitDxe: generalize RESOURCE_PADDING composition + OvmfPkg/IndustryStandard: define PCI Capabilities for QEMU's PCI Bridges + MdeModulePkg/BdsDxe: Don't delete "BootNext" until booting it + Clarify the usage of HttpConfigData in HTTP protocol + SecurityPkg/SecureBootConfigImpl.c: Secure Boot DBX UI Enhancement + MdeModulePkg/UDF: Fix creation of UDF logical partition + CryptoPkg: Add new API to retrieve commonName of X.509 certificate + OvmfPkg/VirtioNetDxe: log debug message in VirtioNetExitBoot() + OvmfPkg/QemuBootOrderLib: recognize "usb-storage" devices in XHCI ports + MdeModulePkg/Core: Fix out-of-sync issue in GCD + UefiCpuPkg/CpuDxe: Fix out-of-sync issue in page attributes + OvmfPkg/QemuVideoDxe/VbeShim: handle PAM1 register on Q35 correctly + OvmfPkg/QemuVideoDxe/VbeShim: rename Status to Segment0AllocationStatus + OvmfPkg/CsmSupportLib: move PAM register addresses to IndustryStandard + NetworkPkg/IScsiDxe: Remove redundant call to StrLen + BaseTools/tools_def AARCH64: enable frame pointers for RELEASE builds + ArmPkg/PlatformBootManagerLib: process pending capsules + MdeModulePkg/Udf: Avoid declaring and initializing local GUID variable + MdeModulePkg/UdfDxe: Avoid short (single character) variable name + MdeModulePkg/UdfDxe: Use compare operator for non-boolean comparisons + MdeModulePkg/UdfDxe: Fix operands of different size in bitwise OP + MdeModulePkg/UdfDxe: Add checks to ensure no possible NULL ptr deref + MdeModulePkg/SerialDxe: Fix not able to change serial attributes + NetworkPkg: Remove the redundant '/' in the end of returned ISCSIMacAddr keyword + MdeModulePkg/UdfDxe: Fix NULL pointer dereference + OvmfPkg/VirtioNetDxe: negotiate VIRTIO_F_IOMMU_PLATFORM + OvmfPkg/VirtioNetDxe: map caller-supplied Tx packet to device-address + OvmfPkg/VirtioNetDxe: add Tx packet map/unmap helper functions + OvmfPkg/VirtioNetDxe: update TechNotes + OvmfPkg/VirtioNetDxe: dynamically alloc transmit header + OvmfPkg/VirtioNetDxe: alloc RxBuf using AllocateSharedPages() + OvmfPkg/VirtioNetDxe: map VRINGs using VirtioRingMap() + OvmfPkg/VirtioNetDxe: add helper VirtioNetUninitRing() - Update openssl to 1.1.0g ==== perl-Devel-StackTrace ==== Version update (2.02 -> 2.03) - updated to 2.03 see /usr/share/doc/packages/perl-Devel-StackTrace/Changes 2.03 2017-11-18 - If all frames in the trace were skipped (via skip_frames, frame_filter, ignore_*, etc.), then the stringified stack trace would be an empty string. Now this has been changed to always return the message given to the constructor or the string "Trace begun". Fixes GH #15, reported by Karen Etheridge. ==== perl-JSON ==== Version update (2.94 -> 2.97000) - updated to 2.97000 see /usr/share/doc/packages/perl-JSON/Changes 2.97000 2017-11-21 - updated backportPP with JSON::PP 2.97000 - use 5 digit minor version number for a while to avoid confusion - fixed is_bool to use blessed() instead of ref() - updated to 2.96 see /usr/share/doc/packages/perl-JSON/Changes 2.96 2017-11-20 - fixed packaging issue - updated backportPP with JSON::PP 2.96 - not to use newer Test::More features (RT-122421; ilmari++) 2.95 2017-11-20 - updated backportPP with JSON::PP 2.95 ==== pidgin ==== Subpackages: libpurple libpurple-lang libpurple-plugin-sametime libpurple-tcl - Add purple-import-empathy Recommends for SLE15 (FATE#322984). ==== python-numpy ==== Subpackages: python2-numpy python3-numpy - Add 'family "NumPy"' to modules file to avoid that different versions of this get loaded. ==== python3 ==== Subpackages: python3-curses python3-dbm python3-tk - move 2to3 to python3-tools package ==== python3-base ==== Subpackages: libpython3_6m1_0 python3-idle - move 2to3 to python3-tools package ==== ruby2.4 ==== Version update (2.4.1 -> 2.4.2) Subpackages: libruby2_4-2_4 ruby2.4-devel ruby2.4-stdlib - disable jemalloc again because of: (boo#1068883) https://github.com/jemalloc/jemalloc/issues/937 - Add conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072.) - devel package needs to require jemalloc-devel when building with it - only use jemalloc on opensuse and sle >= 15 - update to 2.4.2 - CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf (boo#1058755) - CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick (boo#1058754) - CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode (boo#1058757) - CVE-2017-14064: Heap exposure in generating JSON (boo#1056782) - Multiple vulnerabilities in RubyGems (boo#1056286) CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 - Update bundled libyaml to version 0.1.7. - There are also many bug-fixes. For more details see: https://github.com/ruby/ruby/compare/v2_4_1...v2_4_2 - added https://bugs.ruby-lang.org/attachments/download/6735/configure-2.4.2.diff to allow building with libgmp and libjemalloc again - provide a ruby-default symbol and conflict with other providers of that symbol so we can uninstall older default ruby versions during zypper dup. ==== spamassassin ==== Subpackages: perl-Mail-SpamAssassin - Update umask in cronjob (boo#861539) - Make sure that spamd can start (boo#961291) ==== time ==== Version update (1.7 -> 1.8) - time 1.8: * license changed to GPL-3.0+ - incorporate functionality previously carried as patches: * -q/--quiet option to suppresses abnormal program terminal (non-exit codes or signals). Drop time-debian-quiet.patch Drop time-fedora-verbose.patch * use the following exit codes (same as GNU coreutils' env): 125 = Wrong usage or internal error prior to exec attempt. 126 = Program located, but not usable. 127 = Could not find program to exec. * exit with code '128 + Signal number' when the program is terminated by a signal. Drop time-debian-non-normal-exit.patch * report MAX-RSS values correctly on modern systems Drop time-fedora-ru_maxrss-is-in-kilobytes-on-Linux.patch Drop time-fedora-Recompute-CPU-usage-at-microsecond-level.patch * Use gnulib modules and build infrastructure. * New tests infrastructure (make check). - drop unneeded patches: * time-debian-bug-address.patch * time-alpha.patch * time-debian-configure.patch * time-debian-info-direntry.patch * time-debian-info-nav.patch * time-debian-rusage-portability.patch * time-fsf-address.patch - add upstream keyring and verify source signature ==== unison ==== Version update (2.48.3 -> 2.48.4) - Update to 2.48.4 * Fix build for OCaml 4.03 (and add Makefile improvements for exporting under git) * Better reporting for OCaml compiler version mismatch - drop patch unison-ocaml-4.03.patch: Change included in upstream sources ==== xkbcomp ==== - Add U_xkbcomp_pkgconfig-add-bindir.patch: pkgconfig: Add our bindir to xkbcomp.pc. ==== xkeyboard-config ==== Subpackages: xkeyboard-config-lang - Add U_xkeyboard-config_fix-typo-hungarian.patch: Fix typo in hungarian (fdo#103123). ==== xrandr ==== - Add U_xrandr_suppress-misleading-indentation-warning.patch: When printing out rotations, we print a space before any item other than the first, and set `first = False` in each block where we print. However, this is done in the same line as the conditional that checks if first is set, which may give the impression that the assignment is also under the conditional. This is not the case, and recent GCC warns about this. - Add U_xrandr_add-filter-flag.patch: Flag can be set to "nearest" or "bilinear". ==== xset ==== - Add U_xset_fix-warning-about-usage-format-string.patch: Fix one last warning about usage() format string. ==== ypserv ==== - Prepare for new fillup location - Remove check for transactional-update, done in systemd macros now