Packages changed: apulse autogen bluez (5.48 -> 5.49) chrony colord (1.4.1 -> 1.4.2) curl (7.58.0 -> 7.59.0) dbus-1 dbus-1-x11 elfutils (0.168 -> 0.170) exempi (2.2.2 -> 2.4.5) firewalld (0.5.1 -> 0.5.2) freerdp gnome-contacts (3.27.92 -> 3.28.0) grub2 gtk3 (3.22.28 -> 3.22.29) gucharmap kernel-firmware (20180222 -> 20180312) kernel-source (4.15.9 -> 4.15.10) lftp libgit2 (0.26.0 -> 0.26.3) libiscsi libvirt libxml2 (2.9.7 -> 2.9.8) lightsoff (3.27.92 -> 3.28.0) ntp (4.2.8p10 -> 4.2.8p11) osinfo-db (20170813 -> 20180311) perl-GD-Graph3d perl-GDTextUtil perl-HTTP-Message (6.14 -> 6.15) polkit-default-privs python-libxml2-python (2.9.7 -> 2.9.8) sharutils swell-foop (3.27.92 -> 3.28.0) systemd-presets-branding-openSUSE thin-provisioning-tools time (1.8 -> 1.9) xmlto (0.0.26 -> 0.0.28) === Details === ==== apulse ==== Subpackages: apulse-32bit - Refresh spec-file via spec-cleaner. * Add %license macro. * Add cmake -LA option for print local variables. ==== autogen ==== Subpackages: libopts-devel libopts25 - Add autogen-reproducible-tar.patch to make .tar.gz build reproducible ( https://sourceforge.net/p/autogen/bugs/182/ ) - Add autogen-constant-timeout.patch to make build reproducible (boo#1041534) - Set MAN_PAGE_DATE to not include build date into man pages (boo#1047218) ==== bluez ==== Version update (5.48 -> 5.49) Subpackages: bluez-cups bluez-devel libbluetooth3 - update to version 5.49: This is mostly a bug fix release, with fixes to features such as AVCTP, OBEX, GATT and Mesh. There are however some notable new features also, such as improved heartbeat management support in meshctl as well as a new experimental ConnectDevice D-Bus method on the Adapter interface, which can be used for quick device object creation for testing purpose or when information about the device has been received over some Out-of-Band channel. - remove 0001-core-Fixes-order-InterfaceAdded.patch (upstream) ==== chrony ==== - Fix name of fillup template (was never installed before) - Fix Requires for fillup, it's used in post, not pre. ==== colord ==== Version update (1.4.1 -> 1.4.2) Subpackages: colord-color-profiles colord-lang libcolord2 libcolorhug2 - Update to version 1.4.2: + New Features: - Add cd_icc_set_created. - Add --enable-timestamps option for CREATED header. + Bugfixes: - Avoid buffer overflow when reading profile_id. - Fix the detection of duplicate EDIDs. - Make udev hwdb optional by using pnp.ids as fallback. - Raise _XOPEN_SOURCE to 700 to enable C99 on FreeBSD. - Refactor build directory selection. - Set cd-create-profile date to SOURCE_DATE_EPOCH. - Pass new option enable-udev-rules=true to meson. ==== curl ==== Version update (7.58.0 -> 7.59.0) Subpackages: libcurl-devel libcurl4 - Added message about protocol redirection not supported or disabled to the function findprotocol() [bsc#1076446] * Added curl-disabled-redirect-protocol-message.patch - Update to version 7.59.0 [bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121] [bsc#1084532, CVE-2018-1000122] Changes: * curl: add --proxy-pinnedpubkey * added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T * CURLOPT_RESOLVE: Add support for multiple IP addresses per entry * Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS * Add new tool option --happy-eyeballs-timeout-ms * Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA Bugfixes: * openldap: check ldap_get_attribute_ber() results for NULL before using * FTP: reject path components with control codes * readwrite: make sure excess reads don't go beyond buffer end * lib555: drop text conversion and encode data as ascii codes * lib517: make variable static to avoid compiler warning * lib544: sync ascii code data with textual data * GSKit: restore pinnedpubkey functionality * darwinssl: Don't import client certificates into Keychain on macOS * parsedate: fix date parsing for systems with 32 bit long * openssl: fix pinned public key build error in FIPS mode * SChannel/WinSSL: Implement public key pinning * cookies: remove verbose "cookie size:" output * progress-bar: don't use stderr explicitly, use bar->out * build: open VC15 projects with VS 2017 * curl_ctype: private is*() type macros and functions * configure: set PATH_SEPARATOR to colon for PATH w/o separator * curl_easy_reset: clear digest auth state * curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6 * range: commonize FTP and FILE range handling * progress-bar docs: update to match implementation * fnmatch: do not match the empty string with a character set * fnmatch: accept an alphanum to be followed by a non-alphanum in char set * build: fix termios issue on android cross-compile * getdate: return -1 for out of range * formdata: use the mime-content type function * openssl: Don't add verify locations when verifypeer==0 * fnmatch: optimize processing of consecutive *s and ?s pattern characters * schannel: fix compiler warnings * content_encoding: Add "none" alias to "identity" * get_posix_time: only check for overflows if they can happen * http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING * README: language fix * sha256: build with OpenSSL < 0.9.8 * smtp: fix processing of initial dot in data * --tlsauthtype: works only if libcurl is built with TLS-SRP support * tests: new tests for http raw mode * libcurl-security.3: man page discussion security concerns when using libcurl * curl_gssapi: make sure this file too uses our *printf() * BINDINGS: fix curb link (and remove ruby-curl-multi) * nss: use PK11_CreateManagedGenericObject() if available * travis: add build with iconv enabled * ssh: add two missing state names * CURLOPT_HEADERFUNCTION.3: mention folded headers * http: fix the max header length detection logic * header callback: don't chop headers into smaller pieces * CURLOPT_HEADER.3: clarify problems with different data sizes * curl --version: show PSL if the run-time lib has it enabled * examples/sftpuploadresume: resume upload via CURLOPT_APPEND * Return error if called recursively from within callbacks * sasl: prefer PLAIN mechanism over LOGIN * winbuild: Use CALL to run batch scripts * curl_share_setopt.3: connection cache is shared within multi handles * projects/README: remove reference to dead IDN link/package * lib655: silence compiler warning * configure: Fix version check for OpenSSL 1.1.1 * docs/MANUAL: formfind.pl is not accessible on the site anymore * unit1307: proper cleanup on OOM to fix torture tests * curl_ctype: fix macro redefinition warnings * build: get CFLAGS (including -werror) used for examples and tests * NO_PROXY: fix for IPv6 numericals in the URL * krb5: use nondeprecated functions * http2: mark the connection for close on GOAWAY * limit-rate: kick in even before "limit" data has been received * HTTP: allow "header;" to replace an internal header with a blank one * http2: verbose output new MAX_CONCURRENT_STREAMS values * SECURITY: distros' max embargo time is 14 days * curl tool: accept --compressed also if Brotli is enabled and zlib is not * WolfSSL: adding TLSv1.3 * checksrc.pl: add -i and -m options * CURLOPT_COOKIEFILE.3: "-" as file name means stdin - Refreshed patch libcurl-ocloexec.patch ==== dbus-1 ==== Subpackages: dbus-1-devel libdbus-1-3 libdbus-1-3-32bit - Don't spit out a warning if /usr/bin/dbus-daemon does not exist when we run the pre-script. ==== dbus-1-x11 ==== - Don't spit out a warning if /usr/bin/dbus-daemon does not exist when we run the pre-script. ==== elfutils ==== Version update (0.168 -> 0.170) Subpackages: elfutils-lang libasm1 libdw1 libebl-plugins libelf-devel libelf1 - Update to version 0.170 libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. backends: The bpf disassembler is now always build on all platforms. - Includes changes in 0.169 backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. translations: Update Polish translation. - Remove obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch and ppc-machine-flags.patch - Add elfutils-0.170-stripnothing.patch to robustify test and avoid a FAIL. - Add elfutils-0.170-Wpackednotaligned.patch to fix build with GCC 8. (boo#1084637) ==== exempi ==== Version update (2.2.2 -> 2.4.5) Subpackages: libexempi-devel libexempi3 - Extend descriptions. - Update to 2.4.5: * Fix a buffer overflow in the PSD parser. (CVE-2018-7730 bnc#1085295) * Fix a buffer overflow in the TIFF parser. (CVE-2018-7728 bnc#1085297) * Fix a buffer overflow in PostScript parser. (CVE-2018-7729 bnc#1085296) * Fix a null dereference in WEBP parser. (CVE-2018-7731 bnc#1085294) * Properly initialize pointers in WEBP. * Fix an infinite loop in RIFF parser. * Fix an infinite loop in QuickTime parser. * Fix an infinite loop in ASF parser. * Adjust minimum version for gcc in documentation. * Fix a buffer overrun, memcpy() on overlapping regions, use after free in the exception handling. Fix a fatal assert with corrupt WEBP. * Fix a crash on a corrupt file. * Upgrade XMPCore to Adobe XMP CC 2014.12. * New flag to optimize layout on MPEG4 files. * GoPro MPEG4 video files support. * Improved JPEG support. * iXML support in WAVE files. * Several bugs and memory leaks fixes. * Changes from Adobe XMP CC 2013.06. * Pluggable file handlers (not exposed yet in Exempi) * Support for Exif 2.3 properties * New RIFF file handler * Better Postscript support. * Lot of bug fixes. * Now require (partial) C++11 support to compile (gcc 4.4.7 tested) * WebP format handler (contributed: Frankie Dintino, The Atlantic) * Several API improvements * Fix potential crash with corrupt TIFF file. * Fix header to pass -Wstrict-prototypes ==== firewalld ==== Version update (0.5.1 -> 0.5.2) Subpackages: firewalld-lang python3-firewall - Update to 0.5.2 * fix rule deduplication causing accidental removal of rules * log failure to parse direct rules xml as an error * firewall-config: Break infinite loop when firewalld is not running * fix set-log-denied not taking effect * po: update translations ==== freerdp ==== Subpackages: libfreerdp2 libwinpr2 - Added no_connection_to_windows_10_17101.patch to fix Windows-connection-problem after Windows march 2018 updates. This fix is related to boo#1085416 - Do not use xorg-x11-devel, instead buildrequire individual x components. - Only attempt to ge rid of __DATE__ and __TIME__ if SOURCE_DATE_EPOCH is not set. ==== gnome-contacts ==== Version update (3.27.92 -> 3.28.0) Subpackages: gnome-contacts-lang gnome-shell-search-provider-contacts - Update to version 3.28.0: + Favorite contacts, which are shown at the top of the contact list. + Sort contacts by their first name or surname. + Small tweaks to the UI, such as a more welcoming setup screen and rounded avatars. + Performance improvements to the GNOME Shell search provider. + A slightly decreased memory usage. + Updated translations. - Update: + URL tag to https://wiki.gnome.org/Apps/Contacts: currently the Contacts' web page. + Package description to be a bit more verbose. - Add geocode-glib-1.0 and gmodule-export-2.0 pkgconfig modules BuildRequires to avoid implicit dependencies. - Drop: + pkgconfig(champlain-0.12) BuildRequires: it is not a requirement anymore. + update-desktop-files BuildRequires and its macro: they are no longer required. + glib2_gsettings_schema_requires macro: it is not used anymore since RPM file triggers. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix UEFI HTTPS Boot from ISO installation image (bsc#1076132) * 0001-add-support-for-UEFI-network-protocols.patch - fix wrong command output when default subvolume is toplevel tree with id 5 (bsc#1078775) * grub2-btrfs-09-get-default-subvolume.patch - insert mdraid modules to support software RAID (bsc#1078775) * grub2-xen-pv-firmware.cfg - Rename grub2-btrfs-workaround-grub2-once.patch to grub2-grubenv-in-btrfs-header.patch - Store GRUB environment variable health_checker_flag in Btrfs header ==== gtk3 ==== Version update (3.22.28 -> 3.22.29) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.22.29: + Wayland: add an input method based on the text protocol. + File chooser: Stop activating without double-click. + Bugs fixed: bgo#710888, bgo#743975, bgo#775546, bgo#794008. + Updated translations. - Drop gtk3-restore-filechooser-click-behavior.patch: fixed upstream. ==== gucharmap ==== Subpackages: gucharmap-lang libgucharmap_2_90-7 - Drop ineffective --with-pic. Replace fragile LDFLAGS=-ldl. ==== kernel-firmware ==== Version update (20180222 -> 20180312) Subpackages: ucode-amd - Update to version 20180312: * Mellanox: Add new mlxsw_spectrum firmware 13.1620.192 * qed: Add firmware 8.33.11.0 * BCM-0bb4-0306: Cypress Bluetooth firmware for HTC Vive * linux-firmware:Update firmware patch for Intel Bluetooth 7265 (D1) * qed: Add firmwares 8.20.0.0 8.18.9.0 and 8.14.6.0 * iwlwifi: update firmware version 34 for 9000 series ==== kernel-source ==== Version update (4.15.9 -> 4.15.10) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.15.10 (bnc#1012628). - RDMA/ucma: Limit possible option size (bnc#1012628). - RDMA/ucma: Check that user doesn't overflow QP state (bnc#1012628). - RDMA/mlx5: Fix integer overflow while resizing CQ (bnc#1012628). - IB/uverbs: Improve lockdep_check (bnc#1012628). - mac80211_hwsim: don't use WQ_MEM_RECLAIM (bnc#1012628). - net/smc: fix NULL pointer dereference on sock_create_kern() error path (bnc#1012628). - regulator: stm32-vrefbuf: fix check on ready flag (bnc#1012628). - drm/i915: Check for fused or unused pipes (bnc#1012628). - drm/i915/audio: fix check for av_enc_map overflow (bnc#1012628). - drm/i915: Fix rsvd2 mask when out-fence is returned (bnc#1012628). - drm/i915: Clear the in-use marker on execbuf failure (bnc#1012628). - drm/i915: Disable DC states around GMBUS on GLK (bnc#1012628). - drm/i915: Update watermark state correctly in sanitize_watermarks (bnc#1012628). - drm/i915: Try EDID bitbanging on HDMI after failed read (bnc#1012628). - drm/i915/perf: fix perf stream opening lock (bnc#1012628). - scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops (bnc#1012628). - scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (bnc#1012628). - drm/i915: Always call to intel_display_set_init_power() in resume_early (bnc#1012628). - workqueue: Allow retrieval of current task's work struct (bnc#1012628). - drm: Allow determining if current task is output poll worker (bnc#1012628). - drm/nouveau: Fix deadlock on runtime suspend (bnc#1012628). - drm/radeon: Fix deadlock on runtime suspend (bnc#1012628). - drm/amdgpu: Fix deadlock on runtime suspend (bnc#1012628). - drm/nouveau: prefer XBGR2101010 for addfb ioctl (bnc#1012628). - drm/amd/powerplay/smu7: allow mclk switching with no displays (bnc#1012628). - drm/amd/powerplay/vega10: allow mclk switching with no displays (bnc#1012628). - Revert "drm/radeon/pm: autoswitch power state when in balanced mode" (bnc#1012628). - drm/amd/display: check for ipp before calling cursor operations (bnc#1012628). - drm/radeon: insist on 32-bit DMA for Cedar on PPC64/PPC64LE (bnc#1012628). - drm/amd/powerplay: fix power over limit on Fiji (bnc#1012628). - drm/amd/display: Default HDMI6G support to true. Log VBIOS table error (bnc#1012628). - drm/amdgpu: used cached pcie gen info for SI (v2) (bnc#1012628). - drm/amdgpu: Notify sbios device ready before send request (bnc#1012628). - drm/radeon: fix KV harvesting (bnc#1012628). - drm/amdgpu: fix KV harvesting (bnc#1012628). - drm/amdgpu:Correct max uvd handles (bnc#1012628). - drm/amdgpu:Always save uvd vcpu_bo in VM Mode (bnc#1012628). - ovl: redirect_dir=nofollow should not follow redirect for opaque lower (bnc#1012628). - MIPS: BMIPS: Do not mask IPIs during suspend (bnc#1012628). - MIPS: ath25: Check for kzalloc allocation failure (bnc#1012628). - MIPS: OCTEON: irq: Check for null return on kzalloc allocation (bnc#1012628). - PCI: dwc: Fix enumeration end when reaching root subordinate (bnc#1012628). - Input: matrix_keypad - fix race when disabling interrupts (bnc#1012628). - Revert "Input: synaptics - Lenovo Thinkpad T460p devices should use RMI" (bnc#1012628). - bug: use %pB in BUG and stack protector failure (bnc#1012628). - lib/bug.c: exclude non-BUG/WARN exceptions from report_bug() (bnc#1012628). - mm/memblock.c: hardcode the end_pfn being -1 (bnc#1012628). - loop: Fix lost writes caused by missing flag (bnc#1012628). - virtio_ring: fix num_free handling in error case (bnc#1012628). - KVM: s390: fix memory overwrites when not using SCA entries (bnc#1012628). - arm64: mm: fix thinko in non-global page table attribute check (bnc#1012628). - IB/core: Fix missing RDMA cgroups release in case of failure to register device (bnc#1012628). - Revert "nvme: create 'slaves' and 'holders' entries for hidden controllers" (bnc#1012628). - kbuild: Handle builtin dtb file names containing hyphens (bnc#1012628). - dm bufio: avoid false-positive Wmaybe-uninitialized warning (bnc#1012628). - IB/mlx5: Fix incorrect size of klms in the memory region (bnc#1012628). - bcache: fix crashes in duplicate cache device register (bnc#1012628). - bcache: don't attach backing with duplicate UUID (bnc#1012628). - x86/MCE: Save microcode revision in machine check records (bnc#1012628). - x86/MCE: Serialize sysfs changes (bnc#1012628). - perf tools: Fix trigger class trigger_on() (bnc#1012628). - x86/spectre_v2: Don't check microcode versions when running under hypervisors (bnc#1012628). - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bnc#1012628). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bnc#1012628). - ALSA: hda/realtek: Limit mic boost on T480 (bnc#1012628). - ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 (bnc#1012628). - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bnc#1012628). - ALSA: seq: Don't allow resizing pool in use (bnc#1012628). - ALSA: seq: More protection for concurrent write and ioctl races (bnc#1012628). - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bnc#1012628). - ALSA: hda: add dock and led support for HP EliteBook 820 G3 (bnc#1012628). - ALSA: hda: add dock and led support for HP ProBook 640 G2 (bnc#1012628). - scsi: qla2xxx: Fix NULL pointer crash due to probe failure (bnc#1012628). - scsi: qla2xxx: Fix recursion while sending terminate exchange (bnc#1012628). - dt-bindings: Document mti,mips-cpc binding (bnc#1012628). - MIPS: CPC: Map registers using DT in mips_cpc_default_phys_base() (bnc#1012628). - nospec: Kill array_index_nospec_mask_check() (bnc#1012628). - nospec: Include dependency (bnc#1012628). - x86/entry: Reduce the code footprint of the 'idtentry' macro (bnc#1012628). - x86/entry/64: Use 'xorl' for faster register clearing (bnc#1012628). - x86/mm: Remove stale comment about KMEMCHECK (bnc#1012628). - x86/asm: Improve how GEN_*_SUFFIXED_RMWcc() specify clobbers (bnc#1012628). - x86/IO-APIC: Avoid warning in 32-bit builds (bnc#1012628). - x86/LDT: Avoid warning in 32-bit builds with older gcc (bnc#1012628). - x86-64/realmode: Add instruction suffix (bnc#1012628). - Revert "x86/retpoline: Simplify vmexit_fill_RSB()" (bnc#1012628). - x86/speculation: Use IBRS if available before calling into firmware (bnc#1012628). - x86/retpoline: Support retpoline builds with Clang (bnc#1012628). - x86/speculation, objtool: Annotate indirect calls/jumps for objtool (bnc#1012628). - x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP (bnc#1012628). - x86/paravirt, objtool: Annotate indirect calls (bnc#1012628). - x86/boot, objtool: Annotate indirect jump in secondary_startup_64() (bnc#1012628). - x86/mm/sme, objtool: Annotate indirect call in sme_encrypt_execute() (bnc#1012628). - objtool: Use existing global variables for options (bnc#1012628). - objtool: Add retpoline validation (bnc#1012628). - objtool: Add module specific retpoline rules (bnc#1012628). - objtool, retpolines: Integrate objtool with retpoline support more closely (bnc#1012628). - objtool: Fix another switch table detection issue (bnc#1012628). - objtool: Fix 32-bit build (bnc#1012628). - x86/kprobes: Fix kernel crash when probing .entry_trampoline code (bnc#1012628). - watchdog: hpwdt: SMBIOS check (bnc#1012628). - watchdog: hpwdt: Check source of NMI (bnc#1012628). - watchdog: hpwdt: fix unused variable warning (bnc#1012628). - watchdog: hpwdt: Remove legacy NMI sourcing (bnc#1012628). - netfilter: add back stackpointer size checks (bnc#1012628). - netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation (bnc#1012628). - netfilter: xt_hashlimit: fix lock imbalance (bnc#1012628). - netfilter: x_tables: fix missing timer initialization in xt_LED (bnc#1012628). - netfilter: nat: cope with negative port range (bnc#1012628). - netfilter: IDLETIMER: be syzkaller friendly (bnc#1012628). - netfilter: bridge: ebt_among: add missing match size checks (bnc#1012628). - netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt (bnc#1012628). - netfilter: use skb_to_full_sk in ip6_route_me_harder (bnc#1012628). - tpm_tis: Move ilb_base_addr to tpm_tis_data (bnc#1012628). - tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd() (bnc#1012628). - tpm: delete the TPM_TIS_CLK_ENABLE flag (bnc#1012628). - tpm: remove unused variables (bnc#1012628). - tpm: only attempt to disable the LPC CLKRUN if is already enabled (bnc#1012628). - x86/xen: Calculate __max_logical_packages on PV domains (bnc#1012628). - scsi: qla2xxx: Fix system crash for Notify ack timeout handling (bnc#1012628). - scsi: qla2xxx: Fix gpnid error processing (bnc#1012628). - scsi: qla2xxx: Move session delete to driver work queue (bnc#1012628). - scsi: qla2xxx: Skip IRQ affinity for Target QPairs (bnc#1012628). - scsi: qla2xxx: Fix re-login for Nport Handle in use (bnc#1012628). - scsi: qla2xxx: Retry switch command on time out (bnc#1012628). - scsi: qla2xxx: Serialize GPNID for multiple RSCN (bnc#1012628). - scsi: qla2xxx: Fix login state machine stuck at GPDB (bnc#1012628). - scsi: qla2xxx: Fix NPIV host cleanup in target mode (bnc#1012628). - scsi: qla2xxx: Relogin to target port on a cable swap (bnc#1012628). - scsi: qla2xxx: Fix Relogin being triggered too fast (bnc#1012628). - scsi: qla2xxx: Fix PRLI state check (bnc#1012628). - scsi: qla2xxx: Fix abort command deadlock due to spinlock (bnc#1012628). - scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport (bnc#1012628). - scsi: qla2xxx: Fix scan state field for fcport (bnc#1012628). - scsi: qla2xxx: Clear loop id after delete (bnc#1012628). - scsi: qla2xxx: Defer processing of GS IOCB calls (bnc#1012628). - scsi: qla2xxx: Remove aborting ELS IOCB call issued as part of timeout (bnc#1012628). - scsi: qla2xxx: Fix system crash in qlt_plogi_ack_unref (bnc#1012628). - scsi: qla2xxx: Fix memory leak in dual/target mode (bnc#1012628). - NFS: Fix an incorrect type in struct nfs_direct_req (bnc#1012628). - pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (bnc#1012628). - NFS: Fix unstable write completion (bnc#1012628). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Refresh patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch. - Refresh patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch. - commit 5e4329c - Bluebooth: btusb: Fix quirk for Atheros 1525/QCA6174 (bsc#1082504). - commit e8a80ec - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107). - netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets (bsc#1085107). - commit bfb5701 - brcmsmac: allocate ucode with GFP_KERNEL (bsc#1085174). - commit 8e06b20 - mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl() (CVE-2018-8087,bsc#1085053). - commit cddf6d5 ==== lftp ==== - Added openSUSE-specific patches that implement a wrapper script called "ftp" on top of the lftp command that is compatible to lukemftp. Those patches are maintained in a fork of the upstream project at https://github.com/opensuse/lftp. [bsc#1083331] * 0001-Add-content-of-the-SUSE-lftp-vi-1.1-archive.patch * 0002-Add-content-of-lftp-compat-addfiles.patch.patch * 0003-Add-content-of-lftp-completion.patch.patch * 0004-Include-config.h-to-detect-gnulib-macros.patch * 0005-Add-the-wrapper-code-to-the-Makefile-in-order-to-bui.patch ==== libgit2 ==== Version update (0.26.0 -> 0.26.3) - Update to 0.26.3: * Fix cloning of the libgit2 project with git clone --recursive by removing an invalid submodule from our testing data. * Fix endianness of the port in p_getaddrinfo(). * Fix handling of negative gitignore rules with wildcards. * Fix handling of case-insensitive negative gitignore rules. * Fix resolving references to a tag if the reference is stored with its fully resolved OID in the packed-refs file. * Fix checkout not treating worktree files as modified when only their mode has changed. * Fix rename detection with GIT_DIFF_FIND_RENAMES_FROM_REWRITES. * Fixes memory handling issues when reading crafted repository index files. The issues allow for possible denial of service due to allocation of large memory and out-of-bound reads. (CVE-2018-8098 bnc#1085257 CVE-2018-8099 bnc#1085256) * Updates the bundled zlib to 1.2.11. Users who build the bundled zlib are vulnerable to security issues in the prior version. ==== libiscsi ==== - Morernise spec file with spec-clener ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - lockd: fix typo in virtlockd-admin.socket fb327ac2-virtlockd-admin-socket.patch bsc#1085386 - Install correct firewall service file depending on availability of firewalld vs SuSEfirewall2 libvirtd-relocation-server.xml bsc#1083455 - qemu: avoid denial of service reading from QEMU guest agent CVE-2018-1064 fbf31e1a-CVE-2018-1064.patch bsc#1083625 - virtlockd: fix loosing lock on re-exec 464889ff-rpc-aquire-ref-dispatch.patch, c6f1d519-rpc-simplify-dispatch.patch, 06e7ebb6-rpc-invoke-dispatch-unlocked.patch, 86cae503-rpc-fix-pre-exec.patch, eefabb38-rpc-virtlockd-virtlogd-single-thread.patch bsc#1076861 - libvirtd: fix potential deadlock when reloading 33c6eb96-fix-libvirtd-reload-deadlock.patch bsc#1079150 ==== libxml2 ==== Version update (2.9.7 -> 2.9.8) Subpackages: libxml2-2 libxml2-2-32bit libxml2-devel libxml2-tools - Version update to 2.9.8: * Various -Werror fixes and compilation updates as travis is now used by upstream * Few additional tests added for ICU operations ==== lightsoff ==== Version update (3.27.92 -> 3.28.0) Subpackages: lightsoff-lang - Fix some dangling symlinks in lang subpackage if doc subpackage is not installed: revert doc subpackage split and obsolete it and package it into the main package instead. - Update to version 3.28.0: + Updated translations. ==== ntp ==== Version update (4.2.8p10 -> 4.2.8p11) Subpackages: ntp-doc - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral associations. * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot recover from bad state. * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset authenticated interleaved association. * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond its buffer limit. * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch - Remove dead code from conf.start-ntpd (bsc#1082063). - Don't use libevent's cached time stamps in sntp. (bsc#1077445, ntp-sntp-libevent.patch) ==== osinfo-db ==== Version update (20170813 -> 20180311) - bsc#1085757 - Leap 15 patch for osinfo-db has wrong information in it add-opensuse-leap-15-support.patch - fate#322156 - Update database to version 20180311 osinfo-db-20180311.tar.xz - Drop add-opensuse-leap-42.3-support.patch add-sle12sp3-support.patch add-win2k16-support.patch ==== perl-GD-Graph3d ==== - Remove buildrequires on jpeg and xorg-x11-devel ==== perl-GDTextUtil ==== - remove buildrequires on jpeg and xorg-x11-devel, both unused. ==== perl-HTTP-Message ==== Version update (6.14 -> 6.15) - updated to 6.15 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.15 2018-03-13 13:02:56Z - Whenever possible, use an absolute four digit year for Time::Local (GH#97) - Add is_cacheable_by_default() (GH#98) (Theo van Hoesel) ==== polkit-default-privs ==== - polkit-default-privs: mass amnesty whitelisting of untracked privileges. See https://lists.opensuse.org/opensuse-factory/2018-02/msg01044.html for rationale. This allows existing packages in Factory to continue building after the tighter rpmlint-Factory checks become effective. Following packages are affected: - blueman (bsc#1083066) - cinnamon settings-daemon (bnc#1083067) - connman (bsc#1083069) - flatpak (bsc#984817) - fwupd (bsc#1083022) - gsmartcontrol (bsc#1084693) - gvfs (bsc#1073214) - laptop-mode-tools (bsc#1084695) - mate-system-monitor (bsc#1084701) - nemo (bsc#1084702) - nemo-extensions (bsc#1084703) - PackageKit (bnc#993505) - pantheon-files (bsc#1084704) - scap-workbench (bsc#1084706) - spice-gtk (bsc#1083025) - sysprof (bsc#1083055) ==== python-libxml2-python ==== Version update (2.9.7 -> 2.9.8) - Version update to 2.9.8: * Various -Werror fixes and compilation updates as travis is now used by upstream * Few additional tests added for ICU operations - Drop patch python3.6-verify_fd.patch merged upstream ==== sharutils ==== Subpackages: sharutils-lang - Add sharutils-CVE-2018-1000097-fix_buffer_overflow.patch to fix a possibility to overflow the stack (bsc#1085004, CVE-2018-1000097). ==== swell-foop ==== Version update (3.27.92 -> 3.28.0) Subpackages: swell-foop-lang - Update to version 3.28.0: + Updated translations. ==== systemd-presets-branding-openSUSE ==== - Enable hostinfo.service as well - Enable hostinfo.timer ==== thin-provisioning-tools ==== - Modernise spec file with spec-cleaner ==== time ==== Version update (1.8 -> 1.9) - time 1.9: * reports percent CPU usage for programs lasting less then 1s * "time -p" no longers adds the "Command exited with non-zero status" message (POSIX compliance) - Use %license (boo#1082318) ==== xmlto ==== Version update (0.0.26 -> 0.0.28) - update to 0.0.28: - fix broken temp files removal - do not detect links browser as elinks - includes 0.0.27: - remove several bashisms in scripts - new option --profile for preprocessing documents with profiling stylesheet - fix several potential crashes in xmlif - cleanup with spec-cleaner - switch urls to new fedora upstream - patches: * rebase xmlto-xsltopts.patch * format xmlto-codecleanup.patch for -p1 * format xmlto-nonvoid.patch for -p1 * drop xmlto-overflow.patch (xmlif.c is regenerated anyway) * drop xmlto-lynx-empty-file.patch (obsolete) * renumber patches