Packages changed: MozillaThunderbird alsa (1.1.4 -> 1.1.4.1) glu initviocons installation-images-Kubic (14.315 -> 14.317) installation-images-openSUSE (14.315 -> 14.317) lapack libXfont libXrandr libglvnd libvdpau libxfce4ui libzypp (16.11.0 -> 16.12.0) marble openmpi openssh python-kiwi (9.6.2 -> 9.7.0) qemu (2.8.0 -> 2.9.0) qemu-linux-user (2.8.0 -> 2.9.0) qtcurve-kde4 (1.8.19~git20170506 -> 1.9.0) sudo (1.8.19p2 -> 1.8.20p2) tigervnc (1.7.1 -> 1.8.0) wireshark (2.2.6 -> 2.2.7) xen (4.9.0_04 -> 4.9.0_07) xf86-input-evdev xf86-input-synaptics xf86-input-vmmouse xf86-input-void xf86-video-ast xf86-video-cirrus xf86-video-fbdev xf86-video-nv xf86-video-vesa xf86-video-vmware xfce4-vala xorg-x11-driver-video xrandr xtrans zypper (1.13.27 -> 1.13.28) === Details === ==== MozillaThunderbird ==== Subpackages: MozillaThunderbird-translations-common - explicitely optimize with -O2 for openSUSE > 13.2/Leap 42 to work with gcc7 (boo#1040105, boo#1042090) ==== alsa ==== Version update (1.1.4 -> 1.1.4.1) Subpackages: alsa-devel libasound2 libasound2-32bit - Update to alsa-lib 1.1.4.1: it's a bug-fix release, including all previous patches: * pcm: dmix: Fix the inconsistent PCM state * pcm: dshare: Call snd_pcm_dshare_state() directly * pcm: dmix: Workaround for binary incompatibility * test: add a test for list operation to user-defined element sets * conf: Check the availability of PTHREAD_MUTEX_RECURSIVE * build: Define __USE_UNIX98 for old glibc - Obsoleted patches: 0001-build-Define-__USE_UNIX98-for-old-glibc.patch 0098-dmix-Workaround-for-binary-incompatibility.patch ==== glu ==== Subpackages: glu-devel libGLU1 libGLU1-32bit - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041327) ==== initviocons ==== - Actually build with RPM_OPT_FLAGS, will also catch too long -F arguments (bsc#1041840) ==== installation-images-Kubic ==== Version update (14.315 -> 14.317) - merge gh#openSUSE/installation-images#186 - etc: update module.config to match 4.12 - 14.317 - sle15: don't require obsolete sles-release-DVD package (bsc#1041893) - merge gh#openSUSE/installation-images#185 - allow driver updates also to be applied to the rescue system (bsc#1025621) - avoid build problems when different openssl versions exist - new skelcd-control- packages have files in /usr/lib/skelcd - 14.316 - rewrite spec file to simplify building different flavors (bsc#1039285) ==== installation-images-openSUSE ==== Version update (14.315 -> 14.317) - merge gh#openSUSE/installation-images#186 - etc: update module.config to match 4.12 - 14.317 - sle15: don't require obsolete sles-release-DVD package (bsc#1041893) - merge gh#openSUSE/installation-images#185 - allow driver updates also to be applied to the rescue system (bsc#1025621) - avoid build problems when different openssl versions exist - new skelcd-control- packages have files in /usr/lib/skelcd - 14.316 - rewrite spec file to simplify building different flavors (bsc#1039285) ==== lapack ==== Subpackages: libblas3 liblapack3 - Build the man pages in a separate .spec file (lapack-man). The resulting rpm names are kept identical. This allows us to drop doxygen out of lapack's main package buildroot, thus eliminating a build cycle. ==== libXfont ==== - includes everything needed for missing sle issue entries: fate #320388 (bsc#1041641) boo#958383, bnc#921978, bnc#857544 (bsc#1041641) CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 (bsc#1041641) CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 (bsc#1041641) ==== libXrandr ==== Subpackages: libXrandr2 libXrandr2-32bit - includes everything needed for missing sle issue entries: fate #320388, bnc#1003000, CVE-2016-7947, CVE-2016-7948 (bsc#1041366) ==== libglvnd ==== Subpackages: libglvnd-32bit libglvnd-devel - Obsolete libglvnd0 <= %version-%release instead of only older versions in order to fix conflicts on TW. ==== libvdpau ==== - includes everything needed for missing sle issue entries: * fate #315643-315645, 319159-319161, 319618 (bsc#1041623) * bnc#943967, bnc#943968, bnc#943969 (bsc#1041623) * CVE-2015-5198, CVE-2015-5199, CVE-2015-5200 (bsc#1041623) ==== libxfce4ui ==== Subpackages: libxfce4ui-1-0 libxfce4ui-2-0 libxfce4ui-lang libxfce4ui-tools - Add conditional for pkgconfig(gladeui-1.0) BuildRequires and corresponding subpackage glade3-catalog-libxfce4ui. No longer build glade integration for Tumbleweed. ==== libzypp ==== Version update (16.11.0 -> 16.12.0) - Testcase: add missing solver flags (bsc#1041889) - version 16.12.0 (0) ==== marble ==== Subpackages: libastro1 libmarblewidget-qt5-27 marble-devel - Fix libastro1 Provides/Obsoletes ==== openmpi ==== Subpackages: openmpi-devel openmpi-libs - Add openmpi-config package which contains runtime configuration files for OpenMPI 1 and/or 2 - Remove execution rights from NEWS doc file ==== openssh ==== Subpackages: openssh-helpers - Fix preauth seccomp separation on mainframes (bsc#1016709) [openssh-7.2p2-s390_hw_crypto_syscalls.patch] [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch] - enable case-insensitive hostname matching (bsc#1017099) [openssh-7.2p2-ssh_case_insensitive_host_matching.patch] - add CAVS tests [openssh-7.2p2-cavstest-ctr.patch] [openssh-7.2p2-cavstest-kdf.patch] - Adding missing pieces for user matching (bsc#1021626) - Properly verify CIDR masks in configuration (bsc#1005893) [openssh-7.2p2-verify_CIDR_address_ranges.patch] - Remove pre-auth compression support from the server to prevent possible cryptographic attacks. (CVE-2016-10012, bsc#1016370) [openssh-7.2p2-disable_preauth_compression.patch] - limit directories for loading PKCS11 modules (CVE-2016-10009, bsc#1016366) [openssh-7.2p2-restrict_pkcs11-modules.patch] - Prevent possible leaks of host private keys to low-privilege process handling authentication (CVE-2016-10011, bsc#1016369) [openssh-7.2p2-prevent_private_key_leakage.patch] - Do not allow unix socket forwarding when running without privilege separation (CVE-2016-10010, bsc#1016368) [openssh-7.2p2-secure_unix_sockets_forwarding.patch] - prevent resource depletion during key exchange (bsc#1005480, CVE-2016-8858) [openssh-7.2p2-kex_resource_depletion.patch] - fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221) - enable geteuid{,32} syscalls on mainframes, since it may be called from libica/ibmica on machines with hardware crypto accelerator (bsc#1004258) [openssh-7.2p2-seccomp_geteuid.patch] - fix regression of (bsc#823710) [openssh-7.2p2-audit_fixes.patch] - add slogin (removed upstreams) [openssh-7.2p2-keep_slogin.patch] - require OpenSSL < 1.1 where that one is a default ==== python-kiwi ==== Version update (9.6.2 -> 9.7.0) Subpackages: kiwi-pxeboot kiwi-tools - Bump version: 9.6.2 ? 9.7.0 - Make sure all required yum repo options are set enabled and gpgcheck parameters has to be set for any configured yum repository - Fixup repository setup for yum Yum cannot handle spaces between the key and the value. This patch provides a method to tell ConfigParser to use no spaces for the '=' delimiter and thus Fixes #357 - Reactivate warnings report in pytest - Fixup kernel name lookup If multiple abi compatible kernel module packages are installed the kernel version of the boot kernel could be different from the kernel module versions. In order to find the boot kernel all kernel versions found must be checked. Fixes #355 - Fix/workaround invalid xsd pattern translation The data structures are auto generated by the generateDS tool which works nicely except for the arch-name xsd pattern used in the RelaxNG schema. For some reason the used regular expression is translated by generateDS into a python expression not matching the original expression from the schema. The result is an invalid python warning message after the schema has successfully validated the arch string. The problem has been reported to the generateDS developer. As long as their is no fix available in generateDS the following workaround in kiwi applies: The original xs:token pattern validation will be disabled on the generateDS level and applies only to the schema. This Fixes #347 - Some fine tune updates * Updated the docs for system_create command * Reverted dracut image initialization * Updated yum comment about repo_gpgcheck option * Updated variable name in disk builder * Typo correction - Include signing-key feature for boot images This commit extends the behavior of --signing-key options in order to import the provided key file into the boot image, in addition to the regular image root tree. Related to #342 - Fix use of pre requires in spec file - Fixup working dir for editboot scripts editbootconfig and editbootinstall scripts needs to be called from within the correct directory to allow access to the written bootloader config files. For live images the working directory was set to the wrong place. This Fixes #353 - remove duplicated code from dhclient setup IPADDR is assigned within dhclientImportInfo original patch by Dinar Valeev - Fix spelling of 'processor' https://bugzilla.opensuse.org/show_bug.cgi?id=957927 - Fixed pre-req for kiwi-pxeboot subpackage the binaries groupadd and useradd used in the preinstall scriptlet and provided by the shadow package needs a pre requirement on shadow to make sure they exist when the package gets installed. Fixes (bsc#1040256) - Fix existing root check, fixes #349 This commit fixes the validation of an existing root directory for the command 'system build'. System build used to create the root directory before performing the root existance check, thus the check was always failing in any case. The root directory is created inside the RootInit class within the 'create' method. Fixes #349 - Extend --signing-key to Apt package manager This commit extends support for --siging-key to the Apt package manager. However it has only been included for the chrooted operations, as current implementation of the bootstrap procedure does not provide signature check capabilities. Related to #342 - Extend --signing-key option to Yum and Dnf This commit extends the --signing-key options support to Yum and Dnf package managers. In addition, signature check for repositories had to be disabled for Yum and Dnf, as kiwi unrelated issues were found while testing. Nevertheless, package signature checks are fully functional. Related to #342 - Add --signing-key option This commit adds --signing-key option which sets a key file to import into the package manager trusted keys database. This commit adds this flag support only for zypper. Fixes #342 - Don't print warning report The auto generated xml_parse.py uses the python warnings module The unit tests uses the coverage module in py.test to create a report. The latest py.test update now also creates a warnings report which is unwanted because some of the unit tests intentionally causes the creation of a warning as the expected result but we don't want to see that in a py.test warnings report. Therfore this patch switches off the creation of that warnings report - Update manual page of build command Add information for --allow-existing-root option - Fixup default behavior of build command The build command automatically used an existing root tree from a former build attempt. However this could cause an inconsistent image if the former build root was not based on the same image type setup. Thus it is better to allow this only if the --allow-existing-root option is specified along with the build command call - Fixed alpha sorting of options - Complete zypper cache cleanup also the raw and solv cache needs to be deleted - Update manual pages Add information and use case for --clear-cache option - Added --clear-cache option The system prepare and build commands now provides the option --clear-cache which deletes all cache data associated with the repositories to build the image. This Fixes #341 - Let dracut create a compressed initrd dracut was called in a way to create an uncompressed initrd archive and kiwi later runs the xz compression on it. That way the default compression parameters used by dracut get lost. Fixes #335 - Improve rpm-check-signatures support This commit ensures the signatures are checked for both: the repository and the rpm package. It applies for zypper, dnf and yum package managers. - Fixup boot-load-size for efi loader in iso Pass the real boot-load-size of the used loader as number of 512byte blocks to the iso creation call. Related to (bsc#939456) - Update documentation to meet review results - Added GCE image primary setup information - Added Azure image primary setup information - Added EC2 image primary setup information - Map partition ID's from sgdisk to lowercase - rework building virtual disk image chapter Adapt to style as used in the live iso chapter and add references to low level topics regarding the setup of the image to work in the public cloud. Related to #323 ==== qemu ==== Version update (2.8.0 -> 2.9.0) Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Fixes for gcc7 compatability (bsc#1040228) (in behalf of Liang Yan) 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Protect access to metadata in virtio-9pfs (CVE-2017-7493 bsc#1039495) 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Address various security/stability issues * Fix DOS potential in vnc interface (CVE-2017-8379 bsc#1037334) 0051-input-limit-kbd-queue-depth.patch * Fix DOS potential in vnc interface (CVE-2017-8309 bsc#1037242) 0052-audio-release-capture-buffers.patch * Fix OOB access in megasas device emulation (CVE-2017-8380 bsc#1037336) 0053-scsi-avoid-an-off-by-one-error-in-m.patch * Fix DOS in Vmware pv scsi emulation (CVE-2017-8112 bsc#1036211) 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Fix building packages for some older distros. - Further refine our handling of building firmware (or not) for the various arch's and distro versions we build for. Note that if we don't build x86 firmware, (eg: x86 Leap 42.1) the upstream binary blobs are used, which may have migration incompatibilities with previous versions of qemu provided. - Fix issue in shipping qemu v2.9.0, where pci-passthrough for Xen HVM guests got broken (bsc#1034131) 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch - Include experimental, unsupported feature to assist in some performance analysis work. 0050-i386-Allow-cpuid-bit-override.patch - Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for CVE-2017-7471, a virtfs security issue. - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Add empty keyboard queue tracepoint to help openQA testing work better (bsc#1031692) 0048-input-Add-trace-event-for-empty-key.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 - Enable ceph/rbd support for s390x (bsc#1030068) - Enable ceph/rbd support for ppc* as available - Update ARM in-kernel-timers patch (bsc#1033416) * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added (support patch): 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Added additional documentation provided with v2.9.0 - Fix build failure with gcc7 (bsc#1031340) ipxe-build-Avoid-implicit-fallthrough-warnings-on-GCC-7.patch - Made miscellaneous spec file refinements - The support documents included are now fairly accurate for the arm and s390 world, and the x86 version also received a few tweaks. Also included in those docs is a url reference to upstream qemu deprecation plans and discussions. (fate#321146) - Add post v2.9.0-rc2 upstream patches which fix -cpu host and -cpu max feature overrides for libvirt compatability. 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Includes fix for in guest privilege escalation when using TCG (bsc#1030624) * Patches dropped (equivalent included in upstream source archive): 0047-linux-user-exclude-cpu-model-code-w.patch - Fix failure booting SLE12-SP2 Aarch64 guest (bsc#1031384) 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Updated version carries fixes for the following reported issues: CVE-2016-9602 bsc#1020427, CVE-2016-9923 bsc#1014703, CVE-2017-2630 bsc#1025396, CVE-2017-2633 bsc#1026612, CVE-2017-5579 bsc#1021741, CVE-2017-5931 bsc#1024114, CVE-2017-5973 bsc#1025109, CVE-2017-5987 bsc#1025311, CVE-2017-6058 bsc#1025837, CVE-2017-6505 bsc#1028184 * Patches dropped: seabios_128kb.patch (no longer required) * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 ==== qemu-linux-user ==== Version update (2.8.0 -> 2.9.0) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0056-jazz_led-fix-bad-snprintf.patch 0057-slirp-smb-Replace-constant-strings-.patch 0058-altera_timer-fix-incorrect-memset.patch 0059-Hacks-for-building-on-gcc-7-Fedora-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0055-9pfs-local-forbid-client-access-to-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0051-input-limit-kbd-queue-depth.patch 0052-audio-release-capture-buffers.patch 0053-scsi-avoid-an-off-by-one-error-in-m.patch 0054-vmw_pvscsi-check-message-ring-page-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0049-ACPI-don-t-call-acpi_pcihp_device_p.patch 0050-i386-Allow-cpuid-bit-override.patch - Updated to v2.9.0: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc5: See http://wiki.qemu-project.org/ChangeLog/2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0048-input-Add-trace-event-for-empty-key.patch - Updated to v2.9.0-rc4: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches renamed: 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0047-ARM-KVM-Enable-in-kernel-timers-wit.patch 0042-string-input-visitor-Fix-uint64-par.patch -> 0041-string-input-visitor-Fix-uint64-par.patch 0043-test-string-input-visitor-Add-int-t.patch -> 0042-test-string-input-visitor-Add-int-t.patch 0044-test-string-input-visitor-Add-uint6.patch -> 0043-test-string-input-visitor-Add-uint6.patch 0045-tests-Add-QOM-property-unit-tests.patch -> 0044-tests-Add-QOM-property-unit-tests.patch 0046-tests-Add-scsi-disk-test.patch -> 0045-tests-Add-scsi-disk-test.patch * Patches added: 0046-RFC-update-Linux-headers-from-irqs-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc3: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped: 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Made miscellaneous spec file refinements - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0048-i386-Replace-uint32_t-with-FeatureW.patch 0049-i386-Don-t-override-cpu-options-on-.patch - Updated to v2.9.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped: 0047-linux-user-exclude-cpu-model-code-w.patch * Patches added: 0047-hw-intc-arm_gicv3_kvm-Check-KVM_DEV.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (no longer needed based on what we now build for): 0024-virtfs-proxy-helper-Provide-__u64-f.patch * Patches dropped (included in upstream source archive): 0034-dma-rc4030-limit-interval-timer-rel.patch * Patches renamed: 0025-configure-Enable-PIE-for-ppc-and-pp.patch -> 0024-configure-Enable-PIE-for-ppc-and-pp.patch 0026-AIO-Reduce-number-of-threads-for-32.patch -> 0025-AIO-Reduce-number-of-threads-for-32.patch 0027-dictzip-Fix-on-big-endian-systems.patch -> 0026-dictzip-Fix-on-big-endian-systems.patch 0028-xen_disk-Add-suse-specific-flush-di.patch -> 0027-xen_disk-Add-suse-specific-flush-di.patch 0029-qemu-bridge-helper-reduce-security-.patch -> 0028-qemu-bridge-helper-reduce-security-.patch 0030-qemu-binfmt-conf-use-qemu-ARCH-binf.patch -> 0029-qemu-binfmt-conf-use-qemu-ARCH-binf.patch 0031-configure-Fix-detection-of-seccomp-.patch -> 0030-configure-Fix-detection-of-seccomp-.patch 0032-linux-user-properly-test-for-infini.patch -> 0031-linux-user-properly-test-for-infini.patch 0033-linux-user-remove-all-traces-of-qem.patch -> 0032-linux-user-remove-all-traces-of-qem.patch 0035-roms-Makefile-pass-a-packaging-time.patch -> 0033-roms-Makefile-pass-a-packaging-time.patch 0036-Raise-soft-address-space-limit-to-h.patch -> 0034-Raise-soft-address-space-limit-to-h.patch 0037-increase-x86_64-physical-bits-to-42.patch -> 0035-increase-x86_64-physical-bits-to-42.patch 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0036-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0039-i8254-Fix-migration-from-SLE11-SP2.patch -> 0037-i8254-Fix-migration-from-SLE11-SP2.patch 0040-acpi_piix4-Fix-migration-from-SLE11.patch -> 0038-acpi_piix4-Fix-migration-from-SLE11.patch 0041-Fix-tigervnc-long-press-issue.patch -> 0039-Fix-tigervnc-long-press-issue.patch 0042-fix-xen-hvm-direct-kernel-boot.patch -> 0040-fix-xen-hvm-direct-kernel-boot.patch 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0041-ARM-KVM-Enable-in-kernel-timers-wit.patch 0044-string-input-visitor-Fix-uint64-par.patch -> 0042-string-input-visitor-Fix-uint64-par.patch 0045-test-string-input-visitor-Add-int-t.patch -> 0043-test-string-input-visitor-Add-int-t.patch 0046-test-string-input-visitor-Add-uint6.patch -> 0044-test-string-input-visitor-Add-uint6.patch 0047-tests-Add-QOM-property-unit-tests.patch -> 0045-tests-Add-QOM-property-unit-tests.patch 0048-tests-Add-scsi-disk-test.patch -> 0046-tests-Add-scsi-disk-test.patch 0049-linux-user-exclude-cpu-model-code-w.patch -> 0047-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Updated to v2.9.0-rc0: See http://wiki.qemu-project.org/ChangeLog/2.9 * Patches dropped (included in upstream source archive): 0035-net-imx-limit-buffer-descriptor-cou.patch 0045-virtio-gpu-call-cleanup-mapping-fun.patch 0051-virtio-gpu-fix-information-leak-in-.patch 0052-display-cirrus-ignore-source-pitch-.patch 0053-s390x-kvm-fix-small-race-reboot-vs..patch 0054-target-s390x-use-qemu-cpu-model-in-.patch 0056-tests-check-path-to-avoid-a-failing.patch 0057-display-virtio-gpu-3d-check-virgl-c.patch 0058-watchdog-6300esb-add-exit-function.patch 0059-virtio-gpu-3d-fix-memory-leak-in-re.patch 0060-virtio-gpu-fix-memory-leak-in-resou.patch 0061-virtio-fix-vq-inuse-recalc-after-mi.patch 0062-audio-es1370-add-exit-function.patch 0063-audio-ac97-add-exit-function.patch 0064-megasas-fix-guest-triggered-memory-.patch 0065-cirrus-handle-negative-pitch-in-cir.patch 0066-cirrus-fix-blit-address-mask-handli.patch 0067-cirrus-fix-oob-access-issue-CVE-201.patch 0068-usb-ccid-check-ccid-apdu-length.patch 0069-sd-sdhci-check-data-length-during-d.patch 0070-virtio-gpu-fix-resource-leak-in-vir.patch 0071-cirrus-fix-patterncopy-checks.patch 0072-cirrus-add-blit_is_unsafe-call-to-c.patch * Patches renamed: 0036-roms-Makefile-pass-a-packaging-time.patch -> 0035-roms-Makefile-pass-a-packaging-time.patch 0037-Raise-soft-address-space-limit-to-h.patch -> 0036-Raise-soft-address-space-limit-to-h.patch 0038-increase-x86_64-physical-bits-to-42.patch -> 0037-increase-x86_64-physical-bits-to-42.patch 0039-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch -> 0038-vga-Raise-VRAM-to-16-MiB-for-pc-0.1.patch 0040-i8254-Fix-migration-from-SLE11-SP2.patch -> 0039-i8254-Fix-migration-from-SLE11-SP2.patch 0041-acpi_piix4-Fix-migration-from-SLE11.patch -> 0040-acpi_piix4-Fix-migration-from-SLE11.patch 0042-Fix-tigervnc-long-press-issue.patch -> 0041-Fix-tigervnc-long-press-issue.patch 0043-fix-xen-hvm-direct-kernel-boot.patch -> 0042-fix-xen-hvm-direct-kernel-boot.patch 0044-ARM-KVM-Enable-in-kernel-timers-wit.patch -> 0043-ARM-KVM-Enable-in-kernel-timers-wit.patch 0046-string-input-visitor-Fix-uint64-par.patch -> 0044-string-input-visitor-Fix-uint64-par.patch 0047-test-string-input-visitor-Add-int-t.patch -> 0045-test-string-input-visitor-Add-int-t.patch 0048-test-string-input-visitor-Add-uint6.patch -> 0046-test-string-input-visitor-Add-uint6.patch 0049-tests-Add-QOM-property-unit-tests.patch -> 0047-tests-Add-QOM-property-unit-tests.patch 0050-tests-Add-scsi-disk-test.patch -> 0048-tests-Add-scsi-disk-test.patch 0055-linux-user-exclude-cpu-model-code-w.patch -> 0049-linux-user-exclude-cpu-model-code-w.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 ==== qtcurve-kde4 ==== Version update (1.8.19~git20170506 -> 1.9.0) Subpackages: libqtcurve-cairo1 libqtcurve-utils2 qtcurve-gtk2 qtcurve-qt5 - Update to 1.9.0 * Make X11 drop shadow size configurable ==== sudo ==== Version update (1.8.19p2 -> 1.8.20p2) - update to 1.8.20p2 which obsoletes patches: * sudo-1.8.19p2-CVE-2017-1000367.patch * sudo-1.8.19p2-decrement_env_len.patch * sudo-1.8.19p2-dont_overwrite_ret_val.patch Major changes between sudo 1.8.20p2 and 1.8.20p1: * Fixed a bug parsing /proc/pid/stat on Linux when the process name contains newlines. This is not exploitable due to the /dev traversal changes in sudo 1.8.20p1. Major changes between sudo 1.8.20p1 and 1.8.20: * Fixed "make check" when using OpenSSL or GNU crypt. Bug #787. * Fixed CVE-2017-1000367, a bug parsing /proc/pid/stat on Linux when the process name contains spaces. Since the user has control over the command name, this could potentially be used by a user with sudo access to overwrite an arbitrary file on systems with SELinux enabled. Also stop performing a breadth-first traversal of /dev when looking for the device; only a hard-coded list of directories are checked, Major changes between sudo 1.8.20 and 1.8.19p2: * Added support for SASL_MECH in ldap.conf. Bug #764 * Added support for digest matching when the command is a glob-style pattern or a directory. Previously, only explicit path matches supported digest checks. * New "fdexec" Defaults option to control whether a command is executed by path or by open file descriptor. * The embedded copy of zlib has been upgraded to version 1.2.11. * Fixed a bug that prevented sudoers include files with a relative path starting with the letter 'i' from being opened. Bug #776. * Added support for command timeouts in sudoers. The command will be terminated if the timeout expires. * The SELinux role and type are now displayed in the "sudo -l" output for the LDAP and SSSD backends, just as they are in the sudoers backend. * A new command line option, -T, can be used to specify a command timeout as long as the user-specified timeout is not longer than the timeout specified in sudoers. This option may only be used when the "user_command_timeouts" flag is enabled in sudoers. * Added NOTBEFORE and NOTAFTER command options to the sudoers backend similar to what is already available in the LDAP backend. * Sudo can now optionally use the SHA2 functions in OpenSSL or GNU crypt instead of the SHA2 implementation bundled with sudo. * Fixed a compilation error on systems without the stdbool.h header file. Bug #778. * Fixed a compilation error in the standalone Kerberos V authentication module. Bug #777. * Added the iolog_flush flag to sudoers which causes I/O log data to be written immediately to disk instead of being buffered. * I/O log files are now created with group ID 0 by default unless the "iolog_user" or "iolog_group" options are set in sudoers. * It is now possible to store I/O log files on an NFS-mounted file system where uid 0 is remapped to an unprivileged user. The "iolog_user" option must be set to a non-root user and the top-level I/O log directory must exist and be owned by that user. * Added the restricted_env_file setting to sudoers which is similar to env_file but its contents are subject to the same restrictions as variables in the invoking user's environment. * Fixed a use after free bug in the SSSD backend when the fqdn sudoOption is enabled and no hostname value is present in /etc/sssd/sssd.conf. * Fixed a typo that resulted in a compilation error on systems where the killpg() function is not found by configure. * Fixed a compilation error with the included version of zlib when sudo was built outside the source tree. * Fixed the exit value of sudo when the command is terminated by a signal other than SIGINT. This was broken in sudo 1.8.15 by the fix for Bug #722. Bug #784. * Fixed a regression introduced in sudo 1.8.18 where the "lecture" option could not be used in a positive boolean context, only a negative one. * Fixed an issue where sudo would consume stdin if it was not connected to a tty even if log_input is not enabled in sudoers. Bug #786. * Clarify in the sudoers manual that the #includedir directive diverts control to the files in the specified directory and, when parsing of those files is complete, returns control to the original file. Bug #775. ==== tigervnc ==== Version update (1.7.1 -> 1.8.0) - removed unneeded -fPIC flags for CFLAGS, these made it avoid PIE support. - Update to tigervnc 1.8.0 * Overhaul of the Java client to match the look and behaviour of the native client * Initial work for multi-threaded decoding in the Java client * vncconfig no longer needed for clipboard with Xvnc/libvnc.so * vncserver has system wide config support * Full support for alpha cursors in Xvnc/libvnc.so and both viewers - Removed patches: * U_Add-xorg-xserver-1.19-support.patch * U_tigervnc-fix-inetd-not-working-with-xserver-1-19.patch * U_tigervnc-better-check-for-screen-visibility.patch - U_tigervnc-better-check-for-screen-visibility.patch * Crop operations to visible screen. (bnc#1032272) ==== wireshark ==== Version update (2.2.6 -> 2.2.7) Subpackages: libwireshark8 libwiretap6 libwscodecs1 libwsutil7 wireshark-ui-qt - Wireshark 2.2.7 (bsc#1042330): This release fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loopsm or cause excessive use of CPU resources by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-9352: Bazaar dissector infinite loop (bsc#1042304) * CVE-2017-9348: DOF dissector read overflow (bsc#1042303) * CVE-2017-9351: DHCP dissector read overflow (bsc#1042302) * CVE-2017-9346: SoulSeek dissector infinite loop (bsc#1042301) * CVE-2017-9345: DNS dissector infinite loop (bsc#1042300) * CVE-2017-9349: DICOM dissector infinite loop (bsc#1042305) * CVE-2017-9350: openSAFETY dissector memory exhaustion (bsc#1042299) * CVE-2017-9344: BT L2CAP dissector divide by zero (bsc#1042298) * CVE-2017-9343: MSNIP dissector crash (bsc#1042309) * CVE-2017-9347: ROS dissector crash (bsc#1042308) * CVE-2017-9354: RGMP dissector crash (bsc#1042307) * CVE-2017-9353: IPv6 dissector crash (bsc#1042306) ==== xen ==== Version update (4.9.0_04 -> 4.9.0_07) Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop due to incorrect return value CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch - bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory leakage via capture buffer CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch - Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 - Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) xen-4.9.0-testing-src.tar.bz2 ==== xf86-input-evdev ==== - includes everything needed for missing sle issue entries: fate #320263, fate#315643-315645, 319159-319161, 319618 (bsc#1041371) - 50-elotouch.conf: Make sure an 'TouchSystems CarrollTouch 4500U' is an absolute device (bnc#876089, bsc#1041371) ==== xf86-input-synaptics ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041556) ==== xf86-input-vmmouse ==== - includes everything needed for missing sle issue entries: fate #320612, fate #315643-315645, 319159-319161, 319618, bnc#922188 (bsc#1041589) ==== xf86-input-void ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041352) ==== xf86-video-ast ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618, bnc#867165 (bsc#1041346) ==== xf86-video-cirrus ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041347) ==== xf86-video-fbdev ==== - includes everything needed for missing sle issue entries: fate #320388 (bsc#1041351) ==== xf86-video-nv ==== - commented out modalias lines in specfile in order to no longer install xf86-video-nv driver by default (bnc#868732, bsc#1041416) - covers missing SLE entry fate#320388 (bsc#1041416) ==== xf86-video-vesa ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041379) ==== xf86-video-vmware ==== - includes everything needed for missing sle issue entries: fate #315643-315645, 319159-319161, 319618 (bsc#1041651) ==== xfce4-vala ==== - Simplify situation around vala versions: + BuildRequire libvala-devel: this is a virtual symbol provided by the various libvala-*-devel versions. + Programatically find the API version provided by libvala-devel to pass this to configure. - Add 0%{?leap_version} == 420300 to allow build on Leap 42.3. ==== xorg-x11-driver-video ==== - get rid of old and no longer supported drivers xorg-x11-driver-video-{radeonhd,unichrome} (bnc#873443, bsc#1041398) ==== xrandr ==== - includes everything needed for missing sle issue entries: fate #320388 (bsc#1041382) - Add xrandr-print-outputs-per-provider.patch from sle12. This makes the --listproviders option in xrandr(1) also print which outputs are supported by each provider or GPU. (patch by federico@suse.com) ==== xtrans ==== - includes everything needed for missing sle issue entries: fate #320388 (bsc#1041610) ==== zypper ==== Version update (1.13.27 -> 1.13.28) Subpackages: zypper-aptitude zypper-log - Accept --auto-agree-with-product-licenses from SUSEconnect (bsc#1037783) - version 1.13.28