Packages changed: caribou curl (7.56.1 -> 7.57.0) ffmpeg giflib git (2.15.0 -> 2.15.1) gwenhywfar iputils kernel-firmware (20171009 -> 20171125) libXcursor libXfont (1.5.3 -> 1.5.4) libXfont2 (2.0.2 -> 2.0.3) libmwaw (0.3.11 -> 0.3.13) libquicktime libstaroffice (0.0.3 -> 0.0.5) libva libva-gl libwps (0.4.6 -> 0.4.7) manufacturer-PPDs obs-service-source_validator (0.6+git20170922.230bbc4 -> 0.7) openblas_pthreads opencv openslp openssl-1_0_0 patterns-media python-keyring (10.4.0 -> 10.5.0) python-kiwi (9.11.22 -> 9.11.24) qemu qemu-linux-user rdma-core (15 -> 15.1) reiserfs (3.6.26 -> 3.6.27) samba (4.7.1+git.26.1ac2944c965 -> 4.7.3+git.30.54c196e5d35) sddm tevent (0.9.33 -> 0.9.34) vim (8.0.627 -> 8.0.1358) xmlsec1 (1.2.24 -> 1.2.25) zip === Details === ==== caribou ==== Subpackages: caribou-common caribou-gtk-module-common caribou-gtk2-module caribou-gtk3-module caribou-lang libcaribou0 typelib-1_0-Caribou-1_0 - Drop %py_requires: this is a python2 dependency, but the package was already migrated to python3. ==== curl ==== Version update (7.56.1 -> 7.57.0) Subpackages: libcurl-devel libcurl4 - Update to version 7.57.0 [bsc#1069226, CVE-2017-8816] [bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818] Changes: * auth: add support for RFC7616 - HTTP Digest access authentication * share: add support for sharing the connection cache * HTTP: implement Brotli content encoding Bugfixes: * CVE-2017-8816: NTLM buffer overflow via integer overflow * CVE-2017-8817: FTP wildcard out of bounds read * CVE-2017-8818: SSL out of buffer access * curl_mime_filedata.3: fix typos * libtest: Add required test libraries for lib1552 and lib1553 * fix time diffs for systems using unsigned time_t * ftplistparser: memory leak fix: free temporary memory always * multi: allow table handle sizes to be overridden * wildcards: don't use with non-supported protocols * curl_fnmatch: return error on illegal wildcard pattern * transfer: Fix chunked-encoding upload too early exit * resolvers: only include anything if needed * setopt: fix CURLOPT_SSH_AUTH_TYPES option read * Curl_timeleft: change return type to timediff_t * cmake: Export libcurl and curl targets to use by other cmake projects * curl: in -F option arg, comma is a delimiter for files only * curl: improved ";type=" handling in -F option arguments * timeval: use mach_absolute_time() on MacOS * curlx: the timeval functions are no longer provided as curlx_* * mkhelp.pl: do not generate comment with current date * memdebug: use send/recv signature for curl_dosend/curl_dorecv * cookie: avoid NULL dereference * url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1 * include: remove conncache.h inclusion from where its not needed * CURLOPT_MAXREDIRS: allow -1 as a value * tests: Fixed torture tests on tests 556 and 650 * http2: Fixed OOM handling in upgrade request * url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1 * CURLOPT_INFILESIZE: accept -1 * curl: pass through [] in URLs instead of calling globbing error * curl: speed up handling of many URLs * ntlm: avoid malloc(0) for zero length passwords * url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES * HTTP: support multiple Content-Encodings * travis: add a job with brotli enabled * url: remove unncessary NULL-check * fnmatch: remove dead code * connect: store IPv6 connection status after valid connection * imap: deal with commands case insensitively * --interface: add support for Linux VRF * content_encoding: fix inflate_stream for no bytes available * cmake: Add missing setmode check * connect.c: remove executable bit on file * SMB: fix uninitialized local variable * zlib/brotli: only include header files in modules needing them * URL: return error on malformed URLs with junk after IPv6 bracket * openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY * macOS: Fix missing connectx function with Xcode version older than 9.0 * --resolve: allow IP address within [] brackets * examples/curlx: Fix code style * ntlm: remove unnecessary NULL-check to please scan-build * Curl_llist_remove: fix potential NULL pointer deref * mime: fix "Value stored to 'sz' is never read" scan-build error * openssl: fix "Value stored to 'rc' is never read" scan-build error * http2: fix "Value stored to 'hdbuf' is never read" scan-build error * http2: fix "Value stored to 'end' is never read" scan-build error * Curl_open: fix OOM return error correctly * url: reject ASCII control characters and space in host names * examples/rtsp: clear RANGE again after use * connect: improve the bind error message * make: fix "make distclean" * connect: add support for new TCP Fast Open API on Linux * metalink: fix memory-leak and NULL pointer dereference * URL: update "file:" URL handling * ssh: remove check for a NULL pointer * global_init: ignore CURL_GLOBAL_SSL's absense ==== ffmpeg ==== Subpackages: libavcodec-devel libavcodec57 libavdevice57 libavfilter6 libavformat57 libavresample-devel libavresample3 libavutil-devel libavutil55 libpostproc54 libswresample-devel libswresample2 libswscale-devel libswscale4 - install also doc/ffserver.conf ==== giflib ==== Subpackages: giflib-devel libgif7 - Keep timestamps before patch updates them to fix build-compare - Added fix-autoconf11.patch for fixing build with older autoconf, requires for SLE11. ==== git ==== Version update (2.15.0 -> 2.15.1) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - git 2.15.1: * fix "auto" column output * fixes to moved lines diffing * documentation updates * fix use of repositories immediately under the root directory * improve usage of libsecret * fixes to various error conditions in git commands - Rewrite from sysv init to systemd unit file for git-daemon (bsc#1069803) ==== gwenhywfar ==== Subpackages: gwenhywfar-devel gwenhywfar-lang libgwengui-cpp0 libgwengui-fox16-0 libgwengui-gtk2-0 libgwengui-qt5-0 libgwenhywfar60 libgwenhywfar60-plugins - Conditionalize usage of qt4 libs ==== iputils ==== Subpackages: rarpd - mark ping also verify not caps, as these are changed by the permissions package. (bsc#1065835) - Reintroduce rarpd as subpackage - Explicitly list content in filelist as we have two subpackages now ==== kernel-firmware ==== Version update (20171009 -> 20171125) Subpackages: ucode-amd - Change the shebang of check_whence.py (installed as a non-executable) to point to python3. - Update to version 20171125: * brcm: update firmware for bcm4358 * brcm: update firmware for bcm4356 * brcm: update firmware for bcm4354 * brcm: introduce firmware for bcm43430 revision 0 * brcm: update firmware for bcm4339 * Mellanox: Add new mlxsw_spectrum firmware 13.1530.152 * WHENCE: Add missing entry for mlxsw_spectrum firmware * WHENCE: Fix typo in entry for iwlwifi-8265-34.ucode * s2255drv: f2255usb: firmware version 1.2.8 * amdgpu: add new CP firmware for polaris chips * qed: Add firmware 8.33.1.0 * qcom: add venus firmware files for v4.2 * qcom: add firmware files for Adreno a530 * iwlwifi: add firmware version 34 for new 9000 series * linux-firmware: liquidio: update firmware to v1.7.0 * linux-firmware: intel: Update Geminilake audio firmware * iwlwifi: add firmware version 33 for new 9000 series * iwlwifi: add new firmware version 34 for 8000C and 8265 * iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D * iwlwifi: update firmwares for 3160, 3168, 7265D, 8000C and 8265 * linux-firmware: DMC firmware for kabylake v1.04 * linux-firmware: update Marvell PCIe-USB8997 firmware image * linux-firmware: GuC firmware for kabylake v9.39 * linux-firmware: GuC firmware for Broxton v9.29 * linux-firmware: GuC firmware for Skylake v9.33 * linux-firmware/i915: Add Cannonlake DMC version 1.06 * linux-firmware/i915: Add Geminilake DMC version 1.04 * WHENCE: Add new qed firmware * WHENCE: Add new radeon firmware * WHENCE: Fix syntax error for iwlwifi-8265-31.ucode entry * Revert "ath10k: QCA988X hw2.0: update firmware to 10.2.4.70.63-2" * ath10k: QCA6174 hw3.0: update board-2.bin * ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00051-QCARMSWP-1 * cxgb4: update firmware to revision 1.16.63.0 * linux-firmware: update Marvell PCIe-USB8997 firmware image * linux-firmware: update Marvell PCIe-USB8897-A2 firmware image * Drop intel wifi firmwares and WHENCE-iwlwifi-update.patch as they are upstreamed ==== libXcursor ==== Subpackages: libXcursor1 libXcursor1-32bit - U_Avoid-heap-overflows-due-to-integer-overflow-signedn.patch * It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. [CVE-2017-16612] (bsc#1065386) ==== libXfont ==== Version update (1.5.3 -> 1.5.4) - Update to release 1.5.4 * Open files with O_NOFOLLOW. (CVE-2017-16611) ==== libXfont2 ==== Version update (2.0.2 -> 2.0.3) - Update to version 2.0.3 * Open files with O_NOFOLLOW. (CVE-2017-16611) ==== libmwaw ==== Version update (0.3.11 -> 0.3.13) - Version update to 0.3.13: * Remove merged CVE-2017-9433.patch * Many fuzzing fixes ==== libquicktime ==== - Add %%{name} Requires to orig-addon sub-package, installing the addon-package does not make sense without the main package. ==== libstaroffice ==== Version update (0.0.3 -> 0.0.5) - Version update to 0.0.5: * Various bugs found by fuzzing * Switched to C++11 * Remove merged patch CVE-2017-9432.patch ==== libva ==== Subpackages: libva-drm2 libva-x11-2 libva2 - Drop erroneous --disable-wayland configure call passed when building gl part. - Drop vaapi-wayland-tools sub-package, it does not contain any files. - Clean up spec, explicitly list .pc files, ensure they go into the correct devel package, stop rm'ing binaries that no longer exist. ==== libva-gl ==== - Drop erroneous --disable-wayland configure call passed when building gl part. - Drop vaapi-wayland-tools sub-package, it does not contain any files. - Clean up spec, explicitly list .pc files, ensure they go into the correct devel package, stop rm'ing binaries that no longer exist. ==== libwps ==== Version update (0.4.6 -> 0.4.7) - Version update to 0.4.7: * Many fixes found by fuzzing ==== manufacturer-PPDs ==== - Removed all recode remainders in spec file: Since a long time calling 'recode ibmpc..lat1 $PPD' does not work and fails with 'recode: $PPD failed: Ambiguous output in step CR-LF..data' so that it had no effect since a long time (boo#1053646). - Drop broken recode support (FATE#323644). ==== obs-service-source_validator ==== Version update (0.6+git20170922.230bbc4 -> 0.7) - Update to version 0.7: * Do not ignore conditionals of the form "%if ... %{name} ..." * Add --keep-name-conditionals option to helpers/spec_query * Do not fail in case of ambiguous source tags * Use priviate --homedir when calling gpg ==== openblas_pthreads ==== - Add -mvsx option for ppc64 archi (not required for ppc64le) to avoid ./kernel/power/sasum_microk_power8.c:41:3: error: '__vector' undeclared (first use in this function); ... ==== opencv ==== Subpackages: libopencv3_3 opencv-devel - Readd opencv-gles.patch, it is *not* included upstream; otherwise build breaks on all GLES Qt5 platforms (armv6l, armv7l, aarch64) - add fix_processor_detection_for_32bit_on_64bit.patch - Correctly set optimizations and dynamic dispatch on ARM, use OpenCV 3.3 syntax on x86. ==== openslp ==== Subpackages: openslp-devel openslp-server - add separate source openslp.logrotate.systemd to use systemctl reload for logrotate configuration ==== openssl-1_0_0 ==== Subpackages: libopenssl1_0_0 libopenssl1_0_0-32bit - Do not filter out pkgconfig() provides/require. ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Recommend notification-daemon by rest_dvd_core. This is to ensure notification-daemon ends up on the medium so that installations can 'cheaply' provide dbus(org.freedesktop.Notifications). Otherwise only KDE and GNOME provide this, which would result in them being installed into a minimal-X system. ==== python-keyring ==== Version update (10.4.0 -> 10.5.0) - update to 10.5.0: * Added --list-backends option to command-line interface. * Removed logger from keyring * Set the appid for SecretService & KWallet to something meaningful ==== python-kiwi ==== Version update (9.11.22 -> 9.11.24) - Bump version: 9.11.23 ? 9.11.24 - Fixed URL to semver.org in development guide - Bump version: 9.11.22 ? 9.11.23 - Fixed module setup for dracut-kiwi-lib lsblk tool used in code but missing in dependencies - Fixed test-image-azure build test azurectl does not resolve because of missing AppScheduler but for the integration test image we also don't need azurectl Thus it was just deleted from the list - Fixed test-image-azure build test pam-modules package doesn't exist anymore ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Avoid ref to /usr/bin/python in vmstate-static-checker.py script 0043-scripts-avoid-usr-bin-python-refere.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10 - For SLE15, it's been decided to stop providing SDL based graphics due to packaging constraints. Long ago GTK became the default, and there is little benefit to providing both. For now, keep it enabled for openSUSE (Tumblweed and Leap), but consider it marked deprecated there and if no one complains it will be removed for openSUSE as well in the near future. (fate#324465) - Fix problem building skiboot.lid skiboot-build-LDFLAGS-pass-pie-flag-explicitly-to-ld.patch ==== qemu-linux-user ==== - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.10 * Patches added: 0043-scripts-avoid-usr-bin-python-refere.patch ==== rdma-core ==== Version update (15 -> 15.1) Subpackages: libibcm1 libibumad3 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 rdma-core-devel rsocket - Update to rdma-core v15.1 * Backport CI checks on centos/SUSE from master * Stable ABI auto checks * Backport fixes: * verbs: Do not block QP attr_masks used by older kernels * libibumad/umad.c: In get_port, ignore sysfs rate file errors * bnxt_re/lib: fix the memory barrier call during poll-cq * bnxt_re/lib: increment psn in case of 0 length packets * libqedr: fix inline data copy * verbs: Fix declaration of C++ include file in C-block * verbs: Fix C++ compilation break * verbs: fix compilation error with ICC * hns: Fix create QP structure layout * ibacm: Incorrect list used for subnet list causes a segfault * ibacm: Incorrect usage of BE byte order of MLID attach/detach_mcast() - Remove patches that were merged to v15.1: * bnxt_re-lib-fix-the-memory-barrier-call-during-poll-cq.patch * bnxt_re-lib-increment-psn-in-case-of-0-length-packets.patch * ibacm-Incorrect-list-used-for-subnet-list-causes-a-segfault.patch * ibacm-Incorrect-usage-of-BE-byte-order-of-MLID-attach-detach_mcast.patch * libibumad-umad.c-In-get_port-ignore-sysfs-rate-file-errors.patch * libqedr-fix-inline-data-copy.patch * verbs-Do-not-block-QP-attr_masks-used-by-older-kernels.patch ==== reiserfs ==== Version update (3.6.26 -> 3.6.27) Subpackages: libreiserfscore0 - Added COPYING to %doc - Add conflicts for libreiserfscore0 and earlier reiserfs package. - Update with respun 3.6.27. - Update to 3.6.27 - build: use @PACKAGE_VERSION@ instead of @REISERFSCORE_VERSION@ in .pc file - xattrs: handle both hash forms in reiserfs_check_xattr - misc: include - reiserfs package now depends on libreiserfscore0 ==== samba ==== Version update (4.7.1+git.26.1ac2944c965 -> 4.7.3+git.30.54c196e5d35) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-policy0 libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-dsdb-modules samba-kdc samba-kdc-32bit samba-libs samba-libs-32bit samba-python samba-winbind samba-winbind-32bit - smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868). - Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE. - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ==== sddm ==== Subpackages: sddm-branding-openSUSE - Add patch to add back Xauthority truncation in a way that does not break ssh -X (boo#1043221, boo#1069498): * 0001-Move-Xauthority-to-a-different-location-and-truncate.patch - Amend patch toremove elogind from sddm-greeter.pam: * proper_pam.diff ==== tevent ==== Version update (0.9.33 -> 0.9.34) Subpackages: libtevent0 libtevent0-32bit python-tevent - Update to version 0.9.34; (bsc#1069666); + Remove unused select backend + Fix a race condition in tevent_threaded_schedule_immediate(); (bso#13130); ==== vim ==== Version update (8.0.627 -> 8.0.1358) Subpackages: gvim vim-data - Update to revision 1358 * Too many changes to list - Fixes CVE-2017-1000382 bsc#1065958 - Refresh patches: * disable-unreliable-tests.patch * vim-7.3-filetype_spec.patch * vim-7.4-disable_lang_no.patch * vim-7.4-highlight_fstab.patch * vim-8.0-ttytype-test.patch ==== xmlsec1 ==== Version update (1.2.24 -> 1.2.25) Subpackages: libxmlsec1-1 libxmlsec1-gcrypt1 libxmlsec1-gnutls1 libxmlsec1-nss1 libxmlsec1-openssl1 xmlsec1-devel xmlsec1-gnutls-devel xmlsec1-openssl-devel - Version update to 1.2.25: * Various small fixes * Coverity cleanups * Removed support for old openssl ==== zip ==== - add zip-3.0-fix-memory_leaks.patch to fix memory leaks in zip.c, zipfile.c and fileio.c files [bsc#1068346]