New Tumbleweed snapshot 20180201 released!

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

New Tumbleweed snapshot 20180201 released!

Dominique Leuenberger

Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

Please check the known defects of this snapshot before upgrading:

When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.

Packages changed:
  kdeconnect-kde (1.2 -> 1.2.1)
  kernel-source (4.14.15 -> 4.15.0)
  libpng16 (1.6.31 -> 1.6.34)
  multipath-tools (0.7.3+31+suse.6804bb73f72d -> 0.7.3+38+suse.a16beed5280a)
  nano (2.9.1 -> 2.9.3)
  snapper (0.5.3 -> 0.5.4)

=== Details ===

==== kactivitymanagerd ====

- Require libQt5Sql5-sqlite, apparently it crashes without it, and
  even if not it would probably not work properly (boo#1078173)

==== kdeconnect-kde ====
Version update (1.2 -> 1.2.1)
Subpackages: kdeconnect-kde-lang

- Update to 1.2.1
  * Require the latest version of KF5
  * Was getting a double-delete, now it won't crash
  * Get rid of ProcessRunner
  * Add album art to mpris network packets
  * Add title, artist and album to MPRIS network packets
  * Fix information leak via /tmp (kde#383144)
  * Add support for new Android 2.3 (API 9+) cipher
  * Fix kdeconnect-cli device list
  * Fix "error activiting kdeconnectd" for kdeconnect-cli
  * Delay kdeconnectd autostart phase
  * Fix Notifications in Plasmoid
  * Make sure there's not a path within the filename
  * share plugin: fix path display
  * Use pactl instead of KMix in PauseMusic Plugin
- needs KDE Frameworks 5.42 now

==== kernel-source ====
Version update (4.14.15 -> 4.15.0)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms

- Update to 4.15-final.
- Eliminated 5 patches.
- Config changes:
  - Security:
- commit 978c9b0
- Update
  upstream references (add CVE-2018-5332 bsc#1075621).
- commit 510de01
- Update
  upstream references (add CVE-2018-5333 bsc#1075617).
- commit e6cf845

==== libpng16 ====
Version update (1.6.31 -> 1.6.34)
Subpackages: libpng16-16 libpng16-16-32bit libpng16-compat-devel libpng16-devel

- check with -j1
- Fix SRPM group and grammar issues.
- removed obsoleted Obsoletes
- update to 1.6.34:
  * Removed contrib/pngsuite/i*.png; some of these were incorrect
    and caused test failures.
- includes 1.6.33:
  * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
    missing parenthesis in contrib/pngminus/pnm2png.c
  * Fixed off-by-one error in png_do_check_palette_indexes()
  * Initialize png_handler.row_ptr in
    to fix shortlived oss-fuzz issue 3234.
  * Compute a larger limit on IDAT because some applications write
    a deflate buffer for each row
  * Use current date (DATE) instead of release-date (RDATE) in last
    changed date of contrib/oss-fuzz files.
  * Enabled ARM support in CMakeLists.txt
  * Fixed incorrect typecast of some arguments to png_malloc() and
    png_calloc() that were png_uint_32 instead of png_alloc_size_t
  * Use pnglibconf.h.prebuilt when building for ANDROID with cmake
  * Initialize memory allocated by png_inflate to zero, using
    memset, to stop an oss-fuzz "use of uninitialized value"
    detection in png_set_text_2() due to truncated iTXt or zTXt
  * Initialize memory allocated by png_read_buffer to zero, using
    memset, to stop an oss-fuzz "use of uninitialized value"
    detection in png_icc_check_tag_table() due to truncated iCCP
  * Removed redundant tests
  * Added an interlaced version of each file in contrib/pngsuite.
  * Relocate new memset() call in pngrutil.c
  * Add support for loading images with associated alpha in the
    Simplified API
  * Revert contrib/oss-fuzz/ to libpng-1.6.32
  * Initialize png_handler.row_ptr in
  * Add end_info structure and png_read_end() to the libpng fuzzer
- includes 1.6.32:
  * Avoid possible NULL dereference in png_handle_eXIf when
    benign_errors are allowed. Avoid leaking the input buffer
  * Eliminated png_ptr->num_exif member from pngstruct.h and added
    num_exif to arguments for png_get_eXIf() and png_set_eXIf().
  * Added calls to png_handle_eXIf(() in pngread.c and
    png_write_eXIf() in pngwrite.c, and made various other fixes
    to png_write_eXIf().
  * Changed name of png_get_eXIF and png_set_eXIf() to
    png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
    breaking API compatibility with libpng-1.6.31.
  * Updated contrib/libtests/pngunknown.c with eXIf chunk.
  * Initialized btoa[] in pngstest.c
  * Stop memory leak when returning from png_handle_eXIf() with an
  * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
  * Update libpng.3 and libpng-manual.txt about eXIf functions.
  * Restored png_get_eXIf() and png_set_eXIf() to maintain API
  * Removed png_get_eXIf_1() and png_set_eXIf_1().
  * Check length of all chunks except IDAT against user limit to
    fix an OSS-fuzz issue (Fixes CVE-2017-12652)
  * Check length of IDAT against maximum possible IDAT size,
    accounting for height, rowbytes, interlacing and zlib/deflate
  * Restored png_get_eXIf_1() and png_set_eXIf_1(), because
    strlen(eXIf_buf) does not work (the eXIf chunk data can
    contain zeroes).
  * Revised symlink creation, no longer using deprecated cmake
    LOCATION feature
  * Fixed five-byte error in the calculation of IDAT maximum
    possible size.
  * Moved chunk-length check into a png_check_chunk_length()
    private function
  * Moved bad pngs from tests to contrib/libtests/crashers
  * Moved testing of bad pngs into a separate
    tests/pngtest-badpngs script
  * Added the --xfail (expected FAIL) option to pngtest.c. It
    writes XFAIL in the output but PASS for the libpng test.
  * Require cmake-3.0.2 in CMakeLists.txt
  * Fix "const" declaration info_ptr argument to png_get_eXIf_1()
    and the num_exif argument to png_get_eXIf_1()
  * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
  * Added huge_IDAT.png and empty_ancillary_chunks.png to
  * Make pngtest --strict, --relax, --xfail options imply -m
  * Removed unused chunk_name parameter from png_check_chunk_length().
  * Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
  * Initialize profile_header[] in png_handle_iCCP() to fix
    OSS-fuzz issue.
  * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
    OSS-fuzz UMR.
  * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
  * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
    to account for the minimum 'deflate' stream, and relocate the
    test to a point after the keyword has been read.
  * Check that the eXIf chunk has at least 2 bytes and begins with
    "II" or "MM".
  * Added a set of "huge_xxxx_chunk.png" files to
    contrib/testpngs/crashers, one for each known chunk type, with
    length = 2GB-1.
  * Check for 0 return from png_get_rowbytes() and added some
    (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
    issues (162705, 162706, and 162707).
  * Renamed chunks in contrib/testpngs/crashers to avoid having
    files whose names differ only in case; this causes problems with
    some platforms
  * Added contrib/oss-fuzz directory which contains files used by
    the oss-fuzz project
- cleanup with spec-cleaner

==== multipath-tools ====
Version update (0.7.3+31+suse.6804bb73f72d -> 0.7.3+38+suse.a16beed5280a)
Subpackages: kpartx multipath-tools-rbd

- Update to version 0.7.3+38+suse.a16beed5280a:
  * kpartx: don't delete partitions from partitions (bsc#1078362)
  * hwtable: add latest updates (bsc#1078363)
  * multipathd.service: set TasksMax=infinity (bsc#1060616)

==== nano ====
Version update (2.9.1 -> 2.9.3)
Subpackages: nano-lang

- GNU nano 2.9.3:
  * fix a segfault with trimblanks that could occur when a typed
    space caused the word after it to be pushed to the next line
  * make macros work also when your keyboard still emits escape
  * add the options -M and --trimblanks for the command line
  * recognizeskey combos with Shift on a few more terminals
  * no longer show dots in certain prompt texts when visible
    witespace is turned on
  * fix two corner cases when doing replacements in a marked region
  * allow to open a named pipe again when using --noread
  * accurately detect a needed color change when a line contains
    a start match but not a corresponding end match any more
- includes changes gom 2.9.2:
  * correctly display the Modified state when undoing/redoing
    (also when the file was saved somewhere midway)
  * improve the undoing of an automatic linefeed at EOF
  * show the cursor again when compiled with --withslang
  * rename the option 'justifytrim' to 'trimblanks' because it
    will now snip trailing whitespace also while you are typing
    (and hard-wrapping is enabled)
  * continue pushing words to the next line much longer (when
  * make <Tab> and <Shift+Tab> indent and unindent a marked region
  * allow unindenting when not all lines are indented
  * let a region marked with Shift persist when indenting/
    unindenting or commenting/uncommenting it

==== plasma5-openSUSE ====
Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE

- Provide the KDE4 branding and plasma5-desktop-branding-openSUSE
  in version 43 and obsolete (or conflict with) < 43 to prevent
  upgrade problems from Leap 42 to 15, which has a lower version

==== python-base ====
Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-devel python-xml

- Add patch python-fix-shebang.patch to fix bsc#1078326

==== python-pycurl ====
Subpackages: python2-pycurl python3-pycurl

- Since version 7.58.0, curl may be compiled with libssh instead of
  libssh2 which differ in supported functionality (bsc#1078329)
  * add pycurl-libssh.patch
- update license

==== rollback-helper ====

- check if current btrfs snapshot is the production snapshot before
  re-registering (bsc#1068947)
- unified branching versions (Jul 27 2017 vs. May 22 2017)

==== snapper ====
Version update (0.5.3 -> 0.5.4)
Subpackages: libsnapper4 snapper-zypp-plugin

- create subvolume instead of snapshot for initial system
- version 0.5.4
- improved error handling for systemd services

==== spice ====

- Correct RPM group for shared library.
- Split the sle condition again for exact features to allow their
- Enable smartcards on sle15 as the supportlib is available
  * Condition it using name everywhere instead of suse versions
    and join together with lz4
- Format with spec-cleaner
- Convert dependencies to pkgconfig style
- Install documentation and license file
- Add configure arguments to most of the options to not rely on
  autotools automatic behavior
  * Also enable gstreamer and lz4 options
- Drop the not needed python dependencies, they are needed only
  when building from git snapshot

==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles

- even on recent codestreams there is no binutils gold on s390
  only on s390x

To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]