Packages changed: ImageMagick (7.0.7.21 -> 7.0.7.22) Mesa Mesa-drivers NetworkManager (1.8.4 -> 1.8.6) audacity audit-secondary bind binutils ca-certificates-mozilla (2.11 -> 2.22) fftw3 file gcab (0.7 -> 0.8) gd gegl gnome-contacts (3.26 -> 3.26.1) iso-codes (3.76 -> 3.77) kernel-source (4.14.14 -> 4.14.15) kernel-source (4.14.14 -> 4.14.15) libbsd (0.8.6 -> 0.8.7) libcaca (0.99.beta19 -> 0.99.beta19+git20171002.da28e96) libexif libexttextcat (3.4.4 -> 3.4.5) libgepub (0.5.2 -> 0.5.3) libgpod libraw (0.18.6 -> 0.18.7) libtasn1 (4.12 -> 4.13) llvm llvm5 mpc (1.0.3 -> 1.1.0) nasm (2.13.01 -> 2.13.02) openssl-1_1_0 ovmf patterns-media permissions (20171129 -> 20180125) plasma5-pa protobuf python-keyring python-libvirt-python (3.10.0 -> 4.0.0) python-pyudev python3 python3-base qpdf (7.0.0 -> 7.1.0) qrencode (3.4.4 -> 4.0.0) rpm simple-scan (3.26.2 -> 3.26.3) systemd-rpm-macros totem util-linux util-linux-systemd vala (0.38.4 -> 0.38.5) webkit2gtk3 (2.18.5 -> 2.18.6) wget (1.19.2 -> 1.19.4) wxWidgets-3_0 wxWidgets-3_0-nostl zypper-migration-plugin (0.10.1488806253.1c712c3 -> 0.11.1516874532.fa20262) === Details === ==== ImageMagick ==== Version update (7.0.7.21 -> 7.0.7.22) Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI5 libMagickWand-7_Q16HDRI5 perl-PerlMagick - update to 7.0.7.22 * Support aspect ratio geometry, e.g. -crop 3:2. * Add support for reading the HEIC image format (reference https://github.com/ImageMagick/ImageMagick/issues/507). * Fixed numerous memory leaks, credit to OSS Fuzz. ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libGL-devel Mesa-libGL1 Mesa-libglapi0 libgbm1 libwayland-egl1 - in spec file move %dir %{_libdir}/dri to avoid ppc build failure ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon libxatracker2 - in spec file move %dir %{_libdir}/dri to avoid ppc build failure ==== NetworkManager ==== Version update (1.8.4 -> 1.8.6) Subpackages: NetworkManager-devel NetworkManager-lang libnm-glib-vpn1 libnm-glib4 libnm-util2 libnm0 typelib-1_0-NM-1_0 typelib-1_0-NMClient-1_0 typelib-1_0-NetworkManager-1_0 - Update to version 1.8.6: + Fix a daemon crash on permission check (bgo#787897). + Fix a daemon crash on VPN state change (bgo#787893). + Fix a nmcli crash in interactive mode's describe command (bgo#788104). + Fix termination of the nmcli interactive mode (rh#1517401). + Properly handle route metric of zero in keyfiles. + Add support for DSA switch devices (rh#1371289). + Fix a memory leak of connection D-Bus objects (rh#1461643). + A double close that could potentially race with the D-Bus thread reusing the same file descriptor (rh#1451236). + Connectivity check fixes (bgo#785281) (bgo#784629). + Fix the metered properties handling in libnm. + Avoid dropping agent secrets unnecessarily (bgo#789383). + Fix the asynchronous initialization of a secret agent in libnm. - Drop nm-disconnect-proxy-signals.patch and nm-vpn-remote-connection-disconnect-signals.patch: Fixed upstream. - Minor spec cleaning, tweak spec to silence a few rpm lint warnings. - Replace addFilter("dbus-policy-missing-allow") with addFilter("dbus-policy-allow-without-destination"), filter out the current rpmlint warning. - Add addFilter("suse-branding-unversioned-requires*") to rpmlintrc, we have this unversioned on purpose. - Add addFilter("systemd-service-without-service_add_post NetworkManager-wait-online.service") addFilter("systemd-service-without-service_add_pre NetworkManager-wait-online.service") addFilter("systemd-service-without-service_del_postun NetworkManager-wait-online.service") addFilter("systemd-service-without-service_del_preun NetworkManager-wait-online.service") to rpmlintrc, filter out warnings we do not care about nor want as we do not want to enable this service by default. - "Mark" %%{_sysconfdir}/dbus-1/system.d/org.freedesktop.NetworkManager.conf and %%config %{_sysconfdir}/dbus-1/system.d/nm-dispatcher.conf as config files in spec, silence rpmlint. ==== audacity ==== Subpackages: audacity-lang - Build with gcc7 for Leap:42.3 and -fstack-clash-protection ==== audit-secondary ==== - Add conditions around python plugins to allow us to conditionalize them in enviroment without python2 ==== bind ==== Subpackages: bind-chrootenv bind-doc bind-utils libbind9-160 libdns169 libirs160 libisc166 libisccc160 libisccfg160 liblwres160 python3-bind - Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118) ==== binutils ==== Subpackages: binutils-devel - Add riscv64 to %target_list - Add arm-none-eabi symlinks (bsc#1074741) ==== ca-certificates-mozilla ==== Version update (2.11 -> 2.22) - Updated to 2.22 state of the Mozilla NSS Certificate store. - Removed CAs: * ACEDICOM Root * AddTrust Public CA Root * AddTrust Qualified CA Root * ApplicationCA - Japanese Government * CA Disig Root R1 * CA WoSign ECC Root * Certification Authority of WoSign G2 * Certinomis - Autorité Racine * China Internet Network Information Center EV Certificates Root * CNNIC ROOT * Comodo Secure Certificate Services * Comodo Trusted Certificate Services * ComSign Secured CA * DST ACES CA X6 * GeoTrust Global CA 2 * StartCom Certification Authority * StartCom Certification Authority * StartCom Certification Authority G2 * Swisscom Root CA 1 * TÜB?TAK UEKAE Kök Sertifika Hizmet Sa?lay?c?s? - Sürüm 3 * TÜRKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? * TÜRKTRUST Elektronik Sertifika Hizmet Sa?lay?c?s? H6 * UTN USERFirst Hardware Root CA * UTN USERFirst Object Root CA * VeriSign Class 3 Secure Server CA - G2 * WellsSecure Public Root Certificate Authority * Certification Authority of WoSign * WoSign China - Added CAs: * D-TRUST Root CA 3 2013 * GDCA TrustAUTH R5 ROOT * SSL.com EV Root Certification Authority ECC * SSL.com EV Root Certification Authority RSA R2 * SSL.com Root Certification Authority ECC * SSL.com Root Certification Authority RSA * TrustCor RootCert CA-1 * TrustCor RootCert CA-2 * TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 ==== fftw3 ==== Subpackages: fftw3-devel libfftw3-3 libfftw3_threads3 - Fix typo in flavor gnu7-hpc settings. ==== file ==== Subpackages: file-devel file-magic libmagic1 - Add patch file-5.32-ncurses-6.1.patch to support extend magic format for new ncurses 6.1 ==== gcab ==== Version update (0.7 -> 0.8) Subpackages: gcab-lang libgcab-1_0-0 - Update to version 0.8 (CVE-2018-5345): + This fixes the security bug known as CVE-2018-5345. + Always check the return value when writing to the stream. + Do not crash when ncbytes is larger than the buffer size. + Don't encode timezone in generated files. + Don't use version script if unsupported. + Explicitly enable C99 support. + Fix a few 'Dereference of null pointer' warnings. + Fix buffer overrun when generating Huffman codes. + Fix builddir != srcdir builds. + Fix dependency on generated .h file. + Fix invalid return annotation. + Fix the calculation of the checksum on big endian machines. + Fix -Wimplicit-fallthrough=. + Use glib-mkenum's prefixes to avoid sed. + Updated translations. - Minor spec cleanup, use autosetup macro. ==== gd ==== Subpackages: libgd3 - security update: * CVE-2018-5711 [bsc#1076391] + gd-CVE-2018-5711.patch ==== gegl ==== Subpackages: gegl-0_2 gegl-0_2-lang libgegl-0_2-0 - require liberation-fonts instead of liberation2-fonts, it is dead [bsc#1077375] [rh#856239] ==== gnome-contacts ==== Version update (3.26 -> 3.26.1) Subpackages: gnome-contacts-lang gnome-shell-search-provider-contacts - Update to version 3.26.1: + Makefile.am: add README.md. Fixes bgo#792768. + Updated translations. - Drop gnome-contacts-nb-translations.patch: Fixed upstream. ==== iso-codes ==== Version update (3.76 -> 3.77) Subpackages: iso-codes-lang - Update to version 3.77: + Updated translations for ISO 3166-1, ISO 3166-2, ISO 4217, ISO 3166-3, ISO 639-2, ISO 639-5, ISO 639-3, ISO 15924. - Cleanup with spec-cleaner. ==== kernel-source ==== Version update (4.14.14 -> 4.14.15) Subpackages: kernel-default kernel-default-devel - Revert "futex: Prevent overflow by strengthen input validation" (4.14.15-fix). - commit 5b3d0ce - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715). - asm/nospec, array_ptr: sanitize speculative array de-references (bsc#1068032 CVE-2017-5715). - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715). - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032 CVE-2017-5715). - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032 CVE-2017-5715). - x86, get_user: use pointer masking to limit speculation (bsc#1068032 CVE-2017-5715). - x86: narrow out of bounds syscalls to sys_read under speculation (bsc#1068032 CVE-2017-5715). - vfs, fdtable: prevent bounds-check bypass via speculative execution (bsc#1068032 CVE-2017-5715). - kvm, x86: update spectre-v1 mitigation (bsc#1068032 CVE-2017-5715). - nl80211: sanitize array index in parse_txq_params (bsc#1068032 CVE-2017-5715). - Delete patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch. - Delete patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch. - Delete patches.suse/0006-uvcvideo-prevent-speculative-execution.patch. - Delete patches.suse/0007-carl9170-prevent-speculative-execution.patch. - Delete patches.suse/0008-p54-prevent-speculative-execution.patch. - Delete patches.suse/0009-qla2xxx-prevent-speculative-execution.patch. - Delete patches.suse/0010-cw1200-prevent-speculative-execution.patch. - Delete patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch. - Delete patches.suse/0012-ipv4-prevent-speculative-execution.patch. - Delete patches.suse/0013-ipv6-prevent-speculative-execution.patch. - Delete patches.suse/0014-fs-prevent-speculative-execution.patch. - Delete patches.suse/0015-net-mpls-prevent-speculative-execution.patch. - Delete patches.suse/0016-udf-prevent-speculative-execution.patch. - Delete patches.suse/0017-userns-prevent-speculative-execution.patch. Replace intel's shit by the potential upstream solution for spectre_v1. - commit 6fdb1df - Linux 4.14.15 (bnc#1012628). - tools/objtool/Makefile: don't assume sync-check.sh is executable (bnc#1012628). - objtool: Fix seg fault with clang-compiled objects (bnc#1012628). - objtool: Fix Clang enum conversion warning (bnc#1012628). - objtool: Fix seg fault caused by missing parameter (bnc#1012628). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bnc#1012628). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bnc#1012628). - powerpc/64s: Simple RFI macro conversions (bnc#1012628). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64s: Add support for RFI flush of L1-D cache (bnc#1012628). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bnc#1012628). - powerpc/pseries: Query hypervisor for RFI flush settings (bnc#1012628). - powerpc/powernv: Check device-tree for RFI flush settings (bnc#1012628). - futex: Avoid violating the 10th rule of futex (bnc#1012628). - futex: Prevent overflow by strengthen input validation (bnc#1012628). - ALSA: pcm: Remove yet superfluous WARN_ON() (bnc#1012628). - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bnc#1012628). - ALSA: hda - Apply the existing quirk to iMac 14,1 (bnc#1012628). - IB/hfi1: Prevent a NULL dereference (bnc#1012628). - RDMA/mlx5: Fix out-of-bound access while querying AH (bnc#1012628). - timers: Unconditionally check deferrable base (bnc#1012628). - af_key: fix buffer overread in verify_address_len() (bnc#1012628). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012628). - iser-target: Fix possible use-after-free in connection establishment error (bnc#1012628). - delayacct: Account blkio completion on the correct task (bnc#1012628). - objtool: Fix seg fault with gold linker (bnc#1012628). - mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock (bnc#1012628). - x86/kasan: Panic if there is not enough memory to boot (bnc#1012628). - objtool: Improve error message for bad file argument (bnc#1012628). - x86/cpufeature: Move processor tracing out of scattered features (bnc#1012628). - x86/intel_rdt/cqm: Prevent use after free (bnc#1012628). - x86/mm/pkeys: Fix fill_sig_info_pkey (bnc#1012628). - x86/idt: Mark IDT tables __initconst (bnc#1012628). - x86/tsc: Future-proof native_calibrate_tsc() (bnc#1012628). - x86/tsc: Fix erroneous TSC rate on Skylake Xeon (bnc#1012628). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012628). - x86/apic/vector: Fix off by one in error path (bnc#1012628). - x86/mm: Clean up register saving in the __enc_copy() assembly code (bnc#1012628). - x86/mm: Use a struct to reduce parameters for SME PGD mapping (bnc#1012628). - x86/mm: Centralize PMD flags in sme_encrypt_kernel() (bnc#1012628). - x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption (bnc#1012628). - ARM: OMAP3: hwmod_data: add missing module_offs for MMC3 (bnc#1012628). - x86/mm: Encrypt the initrd earlier for BSP microcode update (bnc#1012628). - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads (bnc#1012628). - Input: synaptics-rmi4 - prevent UAF reported by KASAN (bnc#1012628). - Input: 88pm860x-ts - fix child-node lookup (bnc#1012628). - Input: twl6040-vibra - fix child-node lookup (bnc#1012628). - Input: twl4030-vibra - fix sibling-node lookup (bnc#1012628). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012628). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012628). - ARM64: dts: marvell: armada-cp110: Fix clock resources for various node (bnc#1012628). - ARM: sunxi_defconfig: Enable CMA (bnc#1012628). - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012628). - can: peak: fix potential bug in packet fragmentation (bnc#1012628). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012628). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012628). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012628). - scripts/gdb/linux/tasks.py: fix get_thread_info (bnc#1012628). - proc: fix coredump vs read /proc/*/stat race (bnc#1012628). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012628). - scsi: libsas: Disable asynchronous aborts for SATA devices (bnc#1012628). - workqueue: avoid hard lockups in show_workqueue_state() (bnc#1012628). - drm/vmwgfx: fix memory corruption with legacy/sou connectors (bnc#1012628). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012628). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012628). - dm integrity: don't store cipher request on the stack (bnc#1012628). - dm crypt: fix crash by adding missing check for auth key size (bnc#1012628). - dm crypt: wipe kernel key copy after IV initialization (bnc#1012628). - dm crypt: fix error return code in crypt_ctr() (bnc#1012628). - x86: Use __nostackprotect for sme_encrypt_kernel (bnc#1012628). - alpha/PCI: Fix noname IRQ level detection (bnc#1012628). - MIPS: CM: Drop WARN_ON(vp != 0) (bnc#1012628). - KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 (bnc#1012628). - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012628). - x86/mce: Make machine check speculation protected (bnc#1012628). - retpoline: Introduce start/end markers of indirect thunk (bnc#1012628). - kprobes/x86: Blacklist indirect thunk functions for kprobes (bnc#1012628). - kprobes/x86: Disable optimizing on the function jumps to indirect thunk (bnc#1012628). - x86/pti: Document fix wrong index (bnc#1012628). - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (bnc#1012628). - x86/mm: Rework wbinvd, hlt operation in stop_this_cpu() (bnc#1012628). - mm, page_vma_mapped: Drop faulty pointer arithmetics in check_pte() (bnc#1012628). - net: mvpp2: do not disable GMAC padding (bnc#1012628). - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012628). - Refresh patches.kernel.org/4.14.10-003-objtool-Move-kernel-headers-code-sync-check-t.patch. - Refresh patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch. - Refresh patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch. - commit fe1d712 - x86/cpufeatures: Add Intel feature bits for Speculation Control (bsc#1068032 CVE-2017-5715). - x86/cpufeatures: Add AMD feature bits for Prediction Command (bsc#1068032 CVE-2017-5715). - x86/msr: Add definitions for new speculation control MSRs (bsc#1068032 CVE-2017-5715). - module: Add retpoline tag to VERMAGIC (bsc#1068032 CVE-2017-5715). - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (bsc#1068032 CVE-2017-5715). - x86/retpoline: Fill RSB on context switch for affected CPUs (bsc#1068032 CVE-2017-5715). - Refresh patches.suse/0005-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch. - Refresh patches.suse/0008-x86-spec_ctrl-save-IBRS-MSR-value-in-paranoid_entry.patch. - Refresh patches.suse/0009-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch. - Refresh patches.suse/0010-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch. - Refresh patches.suse/0011-x86-mm-Set-IBPB-upon-context-switch.patch. - Refresh patches.suse/0012-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch. - Refresh patches.suse/0017-x86-kvm-Set-IBPB-when-switching-VM.patch. - Refresh patches.suse/0018-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch. - Refresh patches.suse/0021-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch. - Refresh patches.suse/0023-x86-Move-IBRS-IBPB-feature-detection-to-scattered.c.patch. - Refresh patches.suse/0028-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch. - Refresh patches.suse/0029-kvm-svm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch. - Refresh patches.suse/0030-Use-the-ibrs_inuse-variable.patch. - Refresh patches.suse/0032-kvm-vmx-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch. - Refresh patches.suse/0034-Remove-the-code-that-uses-MSR-save-restore-list.patch. - Refresh patches.suse/0035-Use-the-ibpb_inuse-variable.patch. - Refresh patches.suse/0037-Set-IBPB-when-running-a-different-VCPU.patch. - Delete patches.suse/0001-x86-feature-Enable-the-x86-feature-to-control-Specul.patch. - Delete patches.suse/0002-x86-cpufeature-Add-X86_FEATURE_IA32_ARCH_CAPS-and-X8.patch. - Delete patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch. - commit 5790c9a ==== kernel-source ==== Version update (4.14.14 -> 4.14.15) Subpackages: kernel-devel kernel-docs kernel-macros kernel-syms - Revert "futex: Prevent overflow by strengthen input validation" (4.14.15-fix). - commit 5b3d0ce - Documentation: document array_ptr (bsc#1068032 CVE-2017-5715). - asm/nospec, array_ptr: sanitize speculative array de-references (bsc#1068032 CVE-2017-5715). - x86: implement array_ptr_mask() (bsc#1068032 CVE-2017-5715). - x86: introduce __uaccess_begin_nospec and ifence (bsc#1068032 CVE-2017-5715). - x86, __get_user: use __uaccess_begin_nospec (bsc#1068032 CVE-2017-5715). - x86, get_user: use pointer masking to limit speculation (bsc#1068032 CVE-2017-5715). - x86: narrow out of bounds syscalls to sys_read under speculation (bsc#1068032 CVE-2017-5715). - vfs, fdtable: prevent bounds-check bypass via speculative execution (bsc#1068032 CVE-2017-5715). - kvm, x86: update spectre-v1 mitigation (bsc#1068032 CVE-2017-5715). - nl80211: sanitize array index in parse_txq_params (bsc#1068032 CVE-2017-5715). - Delete patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch. - Delete patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch. - Delete patches.suse/0006-uvcvideo-prevent-speculative-execution.patch. - Delete patches.suse/0007-carl9170-prevent-speculative-execution.patch. - Delete patches.suse/0008-p54-prevent-speculative-execution.patch. - Delete patches.suse/0009-qla2xxx-prevent-speculative-execution.patch. - Delete patches.suse/0010-cw1200-prevent-speculative-execution.patch. - Delete patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch. - Delete patches.suse/0012-ipv4-prevent-speculative-execution.patch. - Delete patches.suse/0013-ipv6-prevent-speculative-execution.patch. - Delete patches.suse/0014-fs-prevent-speculative-execution.patch. - Delete patches.suse/0015-net-mpls-prevent-speculative-execution.patch. - Delete patches.suse/0016-udf-prevent-speculative-execution.patch. - Delete patches.suse/0017-userns-prevent-speculative-execution.patch. Replace intel's shit by the potential upstream solution for spectre_v1. - commit 6fdb1df - Linux 4.14.15 (bnc#1012628). - tools/objtool/Makefile: don't assume sync-check.sh is executable (bnc#1012628). - objtool: Fix seg fault with clang-compiled objects (bnc#1012628). - objtool: Fix Clang enum conversion warning (bnc#1012628). - objtool: Fix seg fault caused by missing parameter (bnc#1012628). - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bnc#1012628). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bnc#1012628). - powerpc/64s: Simple RFI macro conversions (bnc#1012628). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bnc#1012628). - powerpc/64s: Add support for RFI flush of L1-D cache (bnc#1012628). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bnc#1012628). - powerpc/pseries: Query hypervisor for RFI flush settings (bnc#1012628). - powerpc/powernv: Check device-tree for RFI flush settings (bnc#1012628). - futex: Avoid violating the 10th rule of futex (bnc#1012628). - futex: Prevent overflow by strengthen input validation (bnc#1012628). - ALSA: pcm: Remove yet superfluous WARN_ON() (bnc#1012628). - ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bnc#1012628). - ALSA: hda - Apply the existing quirk to iMac 14,1 (bnc#1012628). - IB/hfi1: Prevent a NULL dereference (bnc#1012628). - RDMA/mlx5: Fix out-of-bound access while querying AH (bnc#1012628). - timers: Unconditionally check deferrable base (bnc#1012628). - af_key: fix buffer overread in verify_address_len() (bnc#1012628). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012628). - iser-target: Fix possible use-after-free in connection establishment error (bnc#1012628). - delayacct: Account blkio completion on the correct task (bnc#1012628). - objtool: Fix seg fault with gold linker (bnc#1012628). - mmc: sdhci-esdhc-imx: Fix i.MX53 eSDHCv3 clock (bnc#1012628). - x86/kasan: Panic if there is not enough memory to boot (bnc#1012628). - objtool: Improve error message for bad file argument (bnc#1012628). - x86/cpufeature: Move processor tracing out of scattered features (bnc#1012628). - x86/intel_rdt/cqm: Prevent use after free (bnc#1012628). - x86/mm/pkeys: Fix fill_sig_info_pkey (bnc#1012628). - x86/idt: Mark IDT tables __initconst (bnc#1012628). - x86/tsc: Future-proof native_calibrate_tsc() (bnc#1012628). - x86/tsc: Fix erroneous TSC rate on Skylake Xeon (bnc#1012628). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012628). - x86/apic/vector: Fix off by one in error path (bnc#1012628). - x86/mm: Clean up register saving in the __enc_copy() assembly code (bnc#1012628). - x86/mm: Use a struct to reduce parameters for SME PGD mapping (bnc#1012628). - x86/mm: Centralize PMD flags in sme_encrypt_kernel() (bnc#1012628). - x86/mm: Prepare sme_encrypt_kernel() for PAGE aligned encryption (bnc#1012628). - ARM: OMAP3: hwmod_data: add missing module_offs for MMC3 (bnc#1012628). - x86/mm: Encrypt the initrd earlier for BSP microcode update (bnc#1012628). - Input: ALPS - fix multi-touch decoding on SS4 plus touchpads (bnc#1012628). - Input: synaptics-rmi4 - prevent UAF reported by KASAN (bnc#1012628). - Input: 88pm860x-ts - fix child-node lookup (bnc#1012628). - Input: twl6040-vibra - fix child-node lookup (bnc#1012628). - Input: twl4030-vibra - fix sibling-node lookup (bnc#1012628). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012628). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012628). - ARM64: dts: marvell: armada-cp110: Fix clock resources for various node (bnc#1012628). - ARM: sunxi_defconfig: Enable CMA (bnc#1012628). - ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012628). - can: peak: fix potential bug in packet fragmentation (bnc#1012628). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012628). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012628). - i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (bnc#1012628). - scripts/gdb/linux/tasks.py: fix get_thread_info (bnc#1012628). - proc: fix coredump vs read /proc/*/stat race (bnc#1012628). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012628). - scsi: libsas: Disable asynchronous aborts for SATA devices (bnc#1012628). - workqueue: avoid hard lockups in show_workqueue_state() (bnc#1012628). - drm/vmwgfx: fix memory corruption with legacy/sou connectors (bnc#1012628). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012628). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012628). - dm integrity: don't store cipher request on the stack (bnc#1012628). - dm crypt: fix crash by adding missing check for auth key size (bnc#1012628). - dm crypt: wipe kernel key copy after IV initialization (bnc#1012628). - dm crypt: fix error return code in crypt_ctr() (bnc#1012628). - x86: Use __nostackprotect for sme_encrypt_kernel (bnc#1012628). - alpha/PCI: Fix noname IRQ level detection (bnc#1012628). - MIPS: CM: Drop WARN_ON(vp != 0) (bnc#1012628). - KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 (bnc#1012628). - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls (bnc#1012628). - x86/mce: Make machine check speculation protected (bnc#1012628). - retpoline: Introduce start/end markers of indirect thunk (bnc#1012628). - kprobes/x86: Blacklist indirect thunk functions for kprobes (bnc#1012628). - kprobes/x86: Disable optimizing on the function jumps to indirect thunk (bnc#1012628). - x86/pti: Document fix wrong index (bnc#1012628). - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (bnc#1012628). - x86/mm: Rework wbinvd, hlt operation in stop_this_cpu() (bnc#1012628). - mm, page_vma_mapped: Drop faulty pointer arithmetics in check_pte() (bnc#1012628). - net: mvpp2: do not disable GMAC padding (bnc#1012628). - MIPS: AR7: ensure the port type's FCR value is used (bnc#1012628). - Refresh patches.kernel.org/4.14.10-003-objtool-Move-kernel-headers-code-sync-check-t.patch. - Refresh patches.suse/0001-x86-cpufeatures-Add-Intel-feature-bits-for-Speculati.patch. - Refresh patches.suse/0002-x86-cpufeatures-Add-AMD-feature-bits-for-Prediction-.patch. - commit fe1d712 - x86/cpufeatures: Add Intel feature bits for Speculation Control (bsc#1068032 CVE-2017-5715). - x86/cpufeatures: Add AMD feature bits for Prediction Command (bsc#1068032 CVE-2017-5715). - x86/msr: Add definitions for new speculation control MSRs (bsc#1068032 CVE-2017-5715). - module: Add retpoline tag to VERMAGIC (bsc#1068032 CVE-2017-5715). - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (bsc#1068032 CVE-2017-5715). - x86/retpoline: Fill RSB on context switch for affected CPUs (bsc#1068032 CVE-2017-5715). - Refresh patches.suse/0005-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch. - Refresh patches.suse/0008-x86-spec_ctrl-save-IBRS-MSR-value-in-paranoid_entry.patch. - Refresh patches.suse/0009-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch. - Refresh patches.suse/0010-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch. - Refresh patches.suse/0011-x86-mm-Set-IBPB-upon-context-switch.patch. - Refresh patches.suse/0012-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch. - Refresh patches.suse/0017-x86-kvm-Set-IBPB-when-switching-VM.patch. - Refresh patches.suse/0018-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch. - Refresh patches.suse/0021-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch. - Refresh patches.suse/0023-x86-Move-IBRS-IBPB-feature-detection-to-scattered.c.patch. - Refresh patches.suse/0028-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch. - Refresh patches.suse/0029-kvm-svm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch. - Refresh patches.suse/0030-Use-the-ibrs_inuse-variable.patch. - Refresh patches.suse/0032-kvm-vmx-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch. - Refresh patches.suse/0034-Remove-the-code-that-uses-MSR-save-restore-list.patch. - Refresh patches.suse/0035-Use-the-ibpb_inuse-variable.patch. - Refresh patches.suse/0037-Set-IBPB-when-running-a-different-VCPU.patch. - Delete patches.suse/0001-x86-feature-Enable-the-x86-feature-to-control-Specul.patch. - Delete patches.suse/0002-x86-cpufeature-Add-X86_FEATURE_IA32_ARCH_CAPS-and-X8.patch. - Delete patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch. - commit 5790c9a ==== libbsd ==== Version update (0.8.6 -> 0.8.7) - Update to version 0.8.7: * Fix for gcc with no __has_include or __has_include_next support * man: Document on what other BSDs arc4random(3) is present * Handle several functions now being provided by glibc * test: Fix nlist(3) unit test on IA64 - switch to mirror temporarily, per announce: https://lists.freedesktop.org/archives/libbsd/2018-January/000166.html ==== libcaca ==== Version update (0.99.beta19 -> 0.99.beta19+git20171002.da28e96) - Drop the py2 bindings they fail to build using rpm macros and somehow ingnore LD_LIBRARY_PATH, anyway provide py3 variant and stick with that - Switch to git repack service in order to get all the latest fixes * like python3 porting of the bindings - Update to version 0.99.beta19+git20171002.da28e96: * img2text.c: fix width arg case in example * ruby: require 'caca' instead of 'caca.so' * Only fail the check-copyright test if more than 10 files are affected. * Try to run Coverity from Travis CI. * Add some missing breaks (thanks coverity) * Fix header copyright. * Fix a bug into the autorepeat trigger. - Refresh patches: * libcaca-ruby_am_cflags.patch * libcaca-ruby_vendor_install.patch - Fix URL - Mention github repo containing more changes - Format with spec-cleaner - Remove support for older distros lets stick with latest only - Remove for years disabled mono and java integration code snippets - Use python macros to build python instead of waiting for autotools - Convert to pkgconfig style dependencies ==== libexif ==== Subpackages: libexif-devel libexif12 - Remove %__-type macro indirections. Fix SRPM group. - Use %_smp_mflags for parallel build. - Drop pointless --with-pic (no effect since --disable-static). - Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE entry data of the input file (bnc#1055857) - Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read vulnerability (bnc#1059893) ==== libexttextcat ==== Version update (3.4.4 -> 3.4.5) Subpackages: libexttextcat-2_0-0 - Version bump to 3.4.5 * fixed broken uk.lm langclass * Fix -fsanitize=shift-base errors - use new URL - cleanup with spec-cleaner ==== libgepub ==== Version update (0.5.2 -> 0.5.3) - Update to version 0.5.3: + Fixed SVG image resource replacement. + Rename introspection build option. + Removed autotools. + build: - Conform to build-api expectations. - Remove default warning level. - Remove unused defines. - Improved linker script handling. - Set prefix-relative install_dir for libgepub. - Fix typo in symbol path creation. + tests: - Fix crash on exit. - Replace "100" with a constant. - widget: Don't change LC_NUMERIC at runtime. - Pass introspection=true to meson, ensure we build the features we want. - Minor spec cleanup, use autosetup macro. ==== libgpod ==== Subpackages: libgpod-devel libgpod-lang libgpod-tools libgpod4 - Fix groups of SRPM and documentation. Make doc noarch. Trim bias from description. - Conditionalize python2 module build as it is not compatible with python3 at all and we do not need it by default * This allows to build in python3 only enviroment - Run over a bit with spec-cleaner ==== libraw ==== Version update (0.18.6 -> 0.18.7) Subpackages: libraw-devel libraw16 - updated to 0.18.7: * All legacy (RGB raw) image loaders checks for imgdata.image is not NULL * kodak_radc_load_raw: check image size before processing * legacy memory allocator: allocate max(widh, raw_width) * max(height, raw_height) - partial cleanup with spec-cleaner - other spec fixes: * switch to https site * remove executable bit from copyright * remove outdated comment about build parallelism ==== libtasn1 ==== Version update (4.12 -> 4.13) Subpackages: libtasn1-6 libtasn1-6-32bit libtasn1-devel - update to 4.13 * On indefinite string decoding, set a maximum level of allowed recursions (3) to protect the BER decoder from a stack exhaustion. (CVE-2018-6003 boo#1076832) ==== llvm ==== - Remove clang-devel-static. ==== llvm5 ==== Subpackages: clang5 libLLVM5 libLTO5 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang5 libomp5-devel - n_clang_allow_BUILD_SHARED_LIBRARY.patch * Allow buildling clang with BUILD_SHARED_LIBRARY while the rest is built with LLVM_LINK_LLVM_DYLIB. (bnc#1065464) - Remove clang-devel-static. ==== mpc ==== Version update (1.0.3 -> 1.1.0) - Update to version 1.1.0. - Compatible with mpfr 4.0.0, obsoletes mpc-1.0.3-addsubulp.diff and mpc-1.0.3-fmma.diff. - New functions mpc_cmp_abs and mpc_rootofunity - Rewrite of the testing framework - New mpcbench tool, used with make bench - Fixed handling of over- and underflows with directed rounding in the "other direction" for mpc_cos, mpc_sin, mpc_exp and mpc_pow - Fixed a bug in mpc_atan(0,y) with |y| near 1 - Adjust URLs to tarball and signature. ==== nasm ==== Version update (2.13.01 -> 2.13.02) - New upstream version 2.13.02: * Fix generation of PEXTRW instruction. * Fix smartalign package which could trigger an error during optimization if the alignment code expanded too much due to optimization of the previous code. * Fix a case where negative value in TIMES directive causes panic instead of an error. * Fix the incorrect generation of VEX-encoded instruction when static mode decorators are specified on scalar instructions, losing the decorators as they require EVEX encoding. * Fix generation of dependency lists. * Fixes macro calls that have the wrong number of arguments (bsc#1073796, CVE-2017-17810) * Fixes Heap-based buffer overflow allows related to a strcpy in paste_tokens (bsc#1073798, CVE-2017-17811) * Fixes Heap-based buffer over-read in the function detoken() (bsc#1073799, CVE-2017-17812) * Fixes Use-after-free in the pp_list_one_macro function (bsc#1073803, CVE-2017-17813) * Fixes Use-after-free in do_directive (bsc#1073808, CVE-2017-17814) * Fixes Illegal address access in is_mmacro() (bsc#1073818, CVE-2017-17815) * Fixes Use-after-free in pp_getline (bsc#1073823, CVE-2017-17816) * Fixes Use-after-free in pp_verror (bsc#1073829, CVE-2017-17817) * Fixes Heap-based buffer over-read related to a while loop in paste_tokens (bsc#1073830, CVE-2017-17818) * Fixes Illegal address access in the function find_cc (bsc#1073832, CVE-2017-17819) * Fixes Use-after-free in pp_list_one_macro (bsc#1073846, CVE-2017-17820) * Fixes illegal address access in thefunction paste_tokens() (bsc#1058013, CVE-2017-14228) - memory_fixes.patch: changes upstreamed and removed. ==== openssl-1_1_0 ==== Subpackages: libopenssl-1_1_0-devel libopenssl1_1_0 libopenssl1_1_0-32bit - Don't disable afalgeng on aarch64 ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 - Only use SLES-UEFI-CA-Certificate-2048.crt for the suse flavor to provide the better compatibility (bsc#1077330) ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - No longer require devel_python pattern: pattern has been dropped. ==== permissions ==== Version update (20171129 -> 20180125) - Update to version 20180125: * the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247) * make btmp root:utmp (bsc#1050467) - Update to version 20180115: * - polkit-default-privs: usbauth (bsc#1066877) ==== plasma5-pa ==== Subpackages: plasma5-pa-lang - Add patch to fix channel drag-and-drop: * 0001-Fix-moving-streams-by-drag-and-drop.patch ==== protobuf ==== - Conditionalize python2 and python3 in order to be able to build without python2 present in distribution * Use singlespec macros to simplify the logic - Run fdupes on python modules to avoid duplicates - Remove shebangs from import-only code ==== python-keyring ==== - Fix building in py3 only enviroment - Remove the test conditional which was always on anyway ==== python-libvirt-python ==== Version update (3.10.0 -> 4.0.0) Subpackages: python2-libvirt-python python3-libvirt-python - Update to 4.0.0 - Add all new APIs and constants in libvirt 4.0.0 - BuildRequire matching libvirt version ==== python-pyudev ==== - Require libudev (bsc#1077282) Otherwise, an pyudev import fails with: ImportError: No library named udev ==== python3 ==== Subpackages: python3-curses python3-dbm python3-tk - move XML modules and python3-xml provide to python3-base (fixes bsc#1077230) - move ensurepip to base ==== python3-base ==== Subpackages: libpython3_6m1_0 python3-idle - move XML modules and python3-xml provide to python3-base (fixes bsc#1077230) - move ensurepip to base ==== qpdf ==== Version update (7.0.0 -> 7.1.0) - Update to version 7.1.0 * Allow raw encryption key to be specified in libary and command line with the QPDF::setPasswordIsHexKey method and - -password-is-hex-key option. Allow encryption key to be displayed with --show-encryption-key option. See https://blog.didierstevens.com/2017/12/28/cracking-encrypted-pdfs-part-3/ for a discussion of using this for cracking encrypted PDFs. I hope that a future release of qpdf will include some additional recovery options that may also make use of this capability. * Fix lexical error: the PDF specification allows floating point numbers to end with "." * Fix link order in the build to avoid conflicts when building from source while an older version of qpdf is installed * Add support for TIFF predictor for LZW and Flate streams. Now * Clarify documentation around options that control parsing but not output creation. Two options: --suppress-recovery and - -ignore-xref-streams, were documented in the "Advanced Transformation Options" section of the manual and --help output even though they are not related to output. These are now described in a separate section called "Advanced Parsing Options." * Implement remaining PNG filters for decode. Prior versions could decode only the "up" filter. Now all PNG filters (sub, up, average, Paeth, optimal) are supported for decoding. The implementation of the remaining PNG filters changed the interface to the private Pl_PNGFilter class, but this class's header file is not in the installation, and there is no public interface to the class. Within the library, the class is never allocated on the stack; it is only ever dynamically allocated. As such, this does not actually break binary compatibility of the library. all predictor functions are supported - cleanup with spec-cleaner ==== qrencode ==== Version update (3.4.4 -> 4.0.0) - Update to 4.0.0 * EPS output now supports foreground and background color * XPM and PNG32 support added * CMake support added * Various bugs and performance fixes - Add qrencode-fix-installation.patch. Fixes installation for x86_64 targets. ==== rpm ==== Subpackages: rpm-build rpm-devel - fix debugedit relocation offset computation (boo#1076819) new patch: debugedit-bnc1076819.diff ==== simple-scan ==== Version update (3.26.2 -> 3.26.3) Subpackages: simple-scan-lang - Update to version 3.26.3: + Fix email sending failing with PDF attachments. ==== systemd-rpm-macros ==== - Fix system_user_post macro for usage with RPM 4.14, backport from https://github.com/systemd/systemd/commit/e67ba783. ==== totem ==== Subpackages: nautilus-totem totem-lang totem-plugin-brasero totem-plugins - Drop python-beautifulsoup and python-httplib2 recommends: BBC rewrote the iplayer plugin and as such the recommends do not make sense anymore. ==== util-linux ==== Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang - Combine %service_* calls again. - Provide /usr/sbin/rfkill from rfkill package (boo#1076134) - Add util_linux_bigendian.patch solve two failing tests on ppc64 (sha1, uuid/oids) - Integrate rfkill-block@.service and rfkill-unblock@.service from rfkill package (boo#1074250#c4). - Remove unneeded release based conflicts and obsolescences (boo#1074250#c18). - Remove sysvinit requirement. - Fix Obsoletes for rfkill (boo#1074250). ==== util-linux-systemd ==== - Combine %service_* calls again. - Provide /usr/sbin/rfkill from rfkill package (boo#1076134) - Add util_linux_bigendian.patch solve two failing tests on ppc64 (sha1, uuid/oids) - Integrate rfkill-block@.service and rfkill-unblock@.service from rfkill package (boo#1074250#c4). - Remove unneeded release based conflicts and obsolescences (boo#1074250#c18). - Remove sysvinit requirement. - Fix Obsoletes for rfkill (boo#1074250). ==== vala ==== Version update (0.38.4 -> 0.38.5) Subpackages: libvala-0_38-0 - Update to version 0.38.5: + Various improvements and bug fixes: - codegen: . Only add property-enum and GParamSpec-array for GObject classes . Add destroy param when invoking delegate returned by delegate (bgo#792077). - vala: . Add pkgdatadir and pkglibdir to pkg-config file. . Fix parameter type inference of overridden async methods (bgo#792660). - gidlparser: Update type qualifiers. - libvaladoc: . Allow @link tags to be split over multiple lines (bgo#646982). . Add support for single line documentation comments (bgo#736483). - codewriter: Don't use string.replace() to apply header_to_override (bgo#731322). + Bindings: - glib-2.0: Add GLib.OPTION_REMAINING and GLib.OptionFlags.NONE. - gstreamer-1.0: Update from 1.13+ git master. - gtk+-2.0: Mark MessageDialog constructor parameter, message_format, as nullable (bgo#791570). - gtk+-2.0/3.0: Don't hide user_data in Clipboard.set_with_data() (bgo#792237). - gtk+-3.0: Update to 3.22.26+6f26d0dc. - gtk+-4.0: Update to 3.93.0 and split Gsk.RenderNode into several classes. - libwnck-3.0: Update to 3.24.1. - posix: Add ctime(3) and fix binding of struct hostent and gethostbyname(3). - webkit2gtk-4.0: Update to 2.19.5. - webkit2gtk-web-extension-4.0: Fix DOM.EventTarget interface. - Drop vala-fix-MessageDialog-constructor-parameter.patch: Fixed upstream. - Following the above, drop libtool BuildRequires and autoreconf call, no longer needed as we do not carry any patches anymore. ==== webkit2gtk3 ==== Version update (2.18.5 -> 2.18.6) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.18.6: + Fix deadlock in GStreamer video sink during shutdown when accelerated compositing is disabled. + Several fixes and improvements in WebDriver. + Security fixes: CVE-2018-4088, CVE-2017-13885, CVE-2017-7165, CVE-2017-13884, CVE-2017-7160, CVE-2017-7153, CVE-2017-7153, CVE-2017-7161, CVE-2018-4096. ==== wget ==== Version update (1.19.2 -> 1.19.4) - GNU wget 1.19.4: * Support for Content-Encoding and Transfer-Encoding have been marked as experimental and disabled by default - includes 1.19.3: * Prevent erroneous decompression of .gz and .tgz files with broken servers * Added support for HTTP 308 Permanent Redirect response * Fix segfault in some cases where the Content-Type header is not sent * Support OpenSSL 1.1 builds without using deprecated features * Several minor bug fixes - switch to lz release (smaller) - cleanup with spec-cleaner ==== wxWidgets-3_0 ==== Subpackages: libwx_baseu-suse3 libwx_baseu_net-suse3 libwx_baseu_xml-suse3 libwx_gtk2u_adv-suse3 libwx_gtk2u_aui-suse3 libwx_gtk2u_core-suse3 libwx_gtk2u_gl-suse3 libwx_gtk2u_html-suse3 libwx_gtk2u_qa-suse3 libwx_gtk2u_xrc-suse3 wxWidgets-lang - Rework provides/conflicts between -devel variants. ==== wxWidgets-3_0-nostl ==== Subpackages: libwx_baseu-suse-nostl3 libwx_baseu_net-suse-nostl3 libwx_baseu_xml-suse-nostl3 libwx_gtk2u_adv-suse-nostl3 libwx_gtk2u_core-suse-nostl3 libwx_gtk2u_html-suse-nostl3 libwx_gtk2u_qa-suse-nostl3 - Rework provides/conflicts between -devel variants. ==== zypper-migration-plugin ==== Version update (0.10.1488806253.1c712c3 -> 0.11.1516874532.fa20262) - add --no-snapshots and --root options - version 0.11