Packages changed: apparmor apr (1.6.2 -> 1.6.3) autoyast2 (4.0.52 -> 4.0.53) babl gegl geoclue2 grub2 hwdata (0.311 -> 0.312) hylafax+ jemalloc (5.0.1 -> 5.1.0) kauth kernel-source (4.16.7 -> 4.16.8) krita (4.0.2 -> 4.0.3) kwalletmanager5 libdrm (2.4.91 -> 2.4.92) libtool openssl-1_1 ovmf (2018+git1521096615.b3fa393f477a -> 2018+git1525854636.13e3f8c03339) patch permissions (20180125 -> 20180508) php7 plasma-nm5 plasma5-pk-updates postfix python-kiwi (9.14.7 -> 9.15.1) sddm xen (4.10.0_18 -> 4.10.0_20) yast2-installation (4.0.55 -> 4.0.59) yast2-storage-ng (4.0.178 -> 4.0.179) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - add fix-samba-profiles.patch - smbd loads new shared libraries. Allow winbindd to access new kerberos credential cache location (boo#1092099) ==== apr ==== Version update (1.6.2 -> 1.6.3) Subpackages: apr-devel libapr1 - Version 1.6.3: * apr_file_trunc: Truncating a buffered file could add unexpected data after the truncate position. PR 51017. * apr_file_trunc: Fix an issue where reading from a buffered file after truncate could return stale data from the buffer. * apr_ipsubnet_create() now fails for an empty input string. ==== autoyast2 ==== Version update (4.0.52 -> 4.0.53) Subpackages: autoyast2-installation - Handle DASD or zFCP devices even when the profile is not in a remote location (bsc#1089554). - 4.0.53 ==== babl ==== - Add baselibs.conf, build 32-bit support. ==== gegl ==== Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Add gegl-port-ffmpeg4.patch: Fix build with ffmpeg4 (bgo#795625). - Add baselibs.conf, build 32-bit support. ==== geoclue2 ==== Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0 - Add geoclue2-Fix-safety-header-name.patch: public-api: Fix safety header name. It should be based on the filename. - Add geoclue2-Fix-potentially-unused-variable.patch: locator: Fix a potentially unused variable declaration. - Add geoclue2-Fix-duplicate-decl-specifier.patch:Fix compiler warning about duplicate decl specifier. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Add grub2-freetype-pkgconfig.patch to fix build with new freetype use pkgconfig to find Freetype libraries. ==== hwdata ==== Version update (0.311 -> 0.312) - Update to version 0.312: * Updated pci, usb and vendor ids. ==== hylafax+ ==== Subpackages: hylafax+-client libfaxutil5_5_9 - boo#1091476: faxq must always run as real user root ==== jemalloc ==== Version update (5.0.1 -> 5.1.0) - Update to version 5.1.0: * remove patches: 0001-ARM-Don-t-extend-bit-LG_VADDR-to-compute-high-addres.patch and 0001-remove-CPU_SPINWAIT.patch. New features: * Implement transparent huge page support for internal metadata. (@interwq) * Add opt.thp to allow enabling / disabling transparent huge pages for all mappings. (@interwq) * Add maximum background thread count option. (@djwatson) * Allow prof_active to control opt.lg_prof_interval and prof.gdump. (@interwq) * Allow arena index lookup based on allocation addresses via mallctl. (@lionkov) * Allow disabling initial-exec TLS model. (@davidtgoldblatt, @KenMacD) * Add opt.lg_extent_max_active_fit to set the max ratio between the size of the active extent selected (to split off from) and the size of the requested allocation. (@interwq, @davidtgoldblatt) * Add retain_grow_limit to set the max size when growing virtual address space. (@interwq) * Add mallctl interfaces: * arena..retain_grow_limit (@interwq) * arenas.lookup (@lionkov) * max_background_threads (@djwatson) * opt.lg_extent_max_active_fit (@interwq) * opt.max_background_threads (@djwatson) * opt.metadata_thp (@interwq) * opt.thp (@interwq) * stats.metadata_thp (@interwq) Portability improvements: * Support GNU/kFreeBSD configuration. (@paravoid) * Support m68k, nios2 and SH3 architectures. (@paravoid) * Fall back to FD_CLOEXEC when O_CLOEXEC is unavailable. (@zonyitoo) * Fix symbol listing for cross-compiling. (@tamird) * Fix high bits computation on ARM. (@davidtgoldblatt, @paravoid) * Disable the CPU_SPINWAIT macro for Power. (@davidtgoldblatt, @marxin) * Fix MSVC 2015 & 2017 builds. (@rustyx) * Improve RISC-V support. (@EdSchouten) * Set name mangling script in strict mode. (@nicolov) * Avoid MADV_HUGEPAGE on ARM. (@marxin) * Modify configure to determine return value of strerror_r. (@davidtgoldblatt, @cferris1000) * Make sure CXXFLAGS is tested with CPP compiler. (@nehaljwani) * Fix 32-bit build on MSVC. (@rustyx) * Fix external symbol on MSVC. (@maksqwe) * Avoid a printf format specifier warning. (@jasone) * Add configure option --disable-initial-exec-tls which can allow jemalloc to be dynamically loaded after program startup. (@davidtgoldblatt, @KenMacD) * AArch64: Add ILP32 support. (@cmuellner) * Add --with-lg-vaddr configure option to support cross compiling. (@cmuellner, @davidtgoldblatt) Optimizations and refactors: * Improve active extent fit with extent_max_active_fit. This considerably reduces fragmentation over time and improves virtual memory and metadata usage. (@davidtgoldblatt, @interwq) * Eagerly coalesce large extents to reduce fragmentation. (@interwq) * sdallocx: only read size info when page aligned (i.e. possibly sampled), which speeds up the sized deallocation path significantly. (@interwq) * Avoid attempting new mappings for in place expansion with retain, since it rarely succeeds in practice and causes high overhead. (@interwq) * Refactor OOM handling in newImpl. (@wqfish) * Add internal fine-grained logging functionality for debugging use. (@davidtgoldblatt) * Refactor arena / tcache interactions. (@davidtgoldblatt) * Refactor extent management with dumpable flag. (@davidtgoldblatt) * Add runtime detection of lazy purging. (@interwq) * Use pairing heap instead of red-black tree for extents_avail. (@djwatson) * Use sysctl on startup in FreeBSD. (@trasz) * Use thread local prng state instead of atomic. (@djwatson) * Make decay to always purge one more extent than before, because in practice large extents are usually the ones that cross the decay threshold. Purging the additional extent helps save memory as well as reduce VM fragmentation. (@interwq) * Fast division by dynamic values. (@davidtgoldblatt) * Improve the fit for aligned allocation. (@interwq, @edwinsmith) * Refactor extent_t bitpacking. (@rkmisra) * Optimize the generated assembly for ticker operations. (@davidtgoldblatt) * Convert stats printing to use a structured text emitter. (@davidtgoldblatt) * Remove preserve_lru feature for extents management. (@djwatson) * Consolidate two memory loads into one on the fast deallocation path. (@davidtgoldblatt, @interwq) Bug fixes (most of the issues are only relevant to jemalloc 5.0): * Fix deadlock with multithreaded fork in OS X. (@davidtgoldblatt) * Validate returned file descriptor before use. (@zonyitoo) * Fix a few background thread initialization and shutdown issues. (@interwq) * Fix an extent coalesce + decay race by taking both coalescing extents off the LRU list. (@interwq) * Fix potentially unbound increase during decay, caused by one thread keep stashing memory to purge while other threads generating new pages. The number of pages to purge is checked to prevent this. (@interwq) * Fix a FreeBSD bootstrap assertion. (@strejda, @interwq) * Handle 32 bit mutex counters. (@rkmisra) * Fix a indexing bug when creating background threads. (@davidtgoldblatt, @binliu19) * Fix arguments passed to extent_init. (@yuleniwo, @interwq) * Fix addresses used for ordering mutexes. (@rkmisra) * Fix abort_conf processing during bootstrap. (@interwq) * Fix include path order for out-of-tree builds. (@cmuellner) Incompatible changes: * Remove --disable-thp. (@interwq) * Remove mallctl interfaces: * config.thp (@interwq) Documentation: * Add TUNING.md. (@interwq, @davidtgoldblatt, @djwatson) ==== kauth ==== Subpackages: libKF5Auth5 libKF5Auth5-lang - Removed setBadness() from spec file, since it is no longer needed. ==== kernel-source ==== Version update (4.16.7 -> 4.16.8) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.16.8 (bnc#1012628). - ACPI / button: make module loadable when booted in non-ACPI mode (bnc#1012628). - arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bnc#1012628). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bnc#1012628). - ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012628). - ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012628). - ALSA: dice: fix kernel NULL pointer dereference due to invalid calculation for array index (bnc#1012628). - ALSA: aloop: Mark paused device as inactive (bnc#1012628). - ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012628). - errseq: Always report a writeback error once (bnc#1012628). - tracepoint: Do not warn on ENOMEM (bnc#1012628). - scsi: target: Fix fortify_panic kernel exception (bnc#1012628). - Input: leds - fix out of bound access (bnc#1012628). - Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro (bnc#1012628). - swiotlb: fix inversed DMA_ATTR_NO_WARN test (bnc#1012628). - rtlwifi: cleanup 8723be ant_sel definition (bnc#1012628). - xfs: prevent creating negative-sized file via INSERT_RANGE (bnc#1012628). - tools: power/acpi, revert to LD = gcc (bnc#1012628). - RDMA/cxgb4: release hw resources on device removal (bnc#1012628). - RDMA/ucma: Allow resolving address w/o specifying source address (bnc#1012628). - RDMA/mlx5: Fix multiple NULL-ptr deref errors in rereg_mr flow (bnc#1012628). - RDMA/mlx4: Add missed RSS hash inner header flag (bnc#1012628). - RDMA/mlx5: Protect from shift operand overflow (bnc#1012628). - NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 (bnc#1012628). - IB/mlx5: Use unlimited rate when static rate is not supported (bnc#1012628). - infiniband: mlx5: fix build errors when INFINIBAND_USER_ACCESS=m (bnc#1012628). - IB/hfi1: Fix handling of FECN marked multicast packet (bnc#1012628). - IB/hfi1: Fix loss of BECN with AHG (bnc#1012628). - IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used (bnc#1012628). - iw_cxgb4: Atomically flush per QP HW CQEs (bnc#1012628). - btrfs: Take trans lock before access running trans in check_delayed_ref (bnc#1012628). - drm/vc4: Make sure vc4_bo_{inc,dec}_usecnt() calls are balanced (bnc#1012628). - drm/vmwgfx: Fix a buffer object leak (bnc#1012628). - drm/bridge: vga-dac: Fix edid memory leak (bnc#1012628). - test_firmware: fix setting old custom fw path back on exit, second try (bnc#1012628). - xhci: Fix use-after-free in xhci_free_virt_device (bnc#1012628). - USB: serial: visor: handle potential invalid device configuration (bnc#1012628). - usb: dwc3: gadget: Fix list_del corruption in dwc3_ep_dequeue (bnc#1012628). - USB: Accept bulk endpoints with 1024-byte maxpacket (bnc#1012628). - USB: serial: option: reimplement interface masking (bnc#1012628). - USB: serial: option: adding support for ublox R410M (bnc#1012628). - usb: musb: host: fix potential NULL pointer dereference (bnc#1012628). - usb: musb: trace: fix NULL pointer dereference in musb_g_tx() (bnc#1012628). - platform/x86: asus-wireless: Fix NULL pointer dereference (bnc#1012628). - platform/x86: Kconfig: Fix dell-laptop dependency chain (bnc#1012628). - KVM: x86: remove APIC Timer periodic/oneshot spikes (bnc#1012628). - x86/tsc: Always unregister clocksource_tsc_early (bnc#1012628). - x86/tsc: Fix mark_tsc_unstable() (bnc#1012628). - irqchip/qcom: Fix check for spurious interrupts (bnc#1012628). - clocksource: Allow clocksource_mark_unstable() on unregistered clocksources (bnc#1012628). - clocksource: Initialize cs->wd_list (bnc#1012628). - clocksource: Consistent de-rate when marking unstable (bnc#1012628). - tracing: Fix bad use of igrab in trace_uprobe.c (bnc#1012628). - Delete patches.suse/tools-power-acpi-revert-to-LD-gcc.patch. - Update config files. - commit 9269cc1 ==== krita ==== Version update (4.0.2 -> 4.0.3) Subpackages: krita-lang - Update to 4.0.3: * https://krita.org/en/item/krita-4-0-3-released/ * Fix a crash when copy/pasting (kde#394068) * Krita can open .rw2 RAW files * The splash screen is updated to work better on HiDPI or Retina displays (kde#392282) * The OpenEXR export filter will convert images with an integer channel depth before saving, instead of giving an error * The OpenEXR export filter no longer gives export warnings calling itself the TIFF filter * The emtpy error message dialog that would erroneously be shown after running some export filters is no longer shown (kde#393850) * The setBackGroundColor method in the Python API has been renamed to setBackgroundColor for consistency * Fix a crash in KisColorizeMask (kde#393753) ==== kwalletmanager5 ==== Subpackages: kwalletmanager5-lang - Remove setBadness calls (wtf) (boo#1090647) ==== libdrm ==== Version update (2.4.91 -> 2.4.92) Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_intel1 libdrm_nouveau2 libdrm_radeon1 - update to 2.4.92 + drm/atomic: Refuse to add invalid objects to requests + freedreno: add missing symbols to symbol-check + libdrm: Use readdir instead of readdir_r to avoid build warnings + Intel: Add a Kaby Lake PCI ID + amdgpu: Deinitialize vamgr_high{,_32} + intel: add support for ICL 11 + amdgpu:support 16 ibs per submit for PAL/SRIOV + freedreno: add fd_pipe refcounting + drm/amdgpu: Remove IB count checking + intel/intel_chipset.h: Sync Cannonlake IDs. + libdrm: amdgpu: Adding DRM_RDWR flag in amdgpu_bo_export + amdgpu: enlarge the maximum number of cards supported ==== libtool ==== Subpackages: libltdl7 libltdl7-32bit - Add libtool-reproducible-hostname.patch to make package build reproducible (boo#1084909) ==== openssl-1_1 ==== Subpackages: libopenssl-1_1-devel libopenssl1_1 libopenssl1_1-32bit - OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * add openssl-CVE-2018-0737.patch - Fix escaping in c_rehash (boo#1091961, bsc#1091963) * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch ==== ovmf ==== Version update (2018+git1521096615.b3fa393f477a -> 2018+git1525854636.13e3f8c03339) Subpackages: qemu-ovmf-x86_64 - Update to 2018+git1525854636.13e3f8c03339 + BaseTools/VfrCompile: Avoid using uninitialized pointer + MdeModulePkg/PciHostBridge: Count the (mm)io overhead when polling + UefiCpuPkg/SecMain: Add NORETURN decorator to SecStartup() + CryptoPkg/CrtLibSupport: add secure_getenv() stub function + MdeModulePkg/AcpiPlatformDxe: Unload after execution + SecurityPkg/OpalPassword: Add support for pyrite 2.0 devices + NetworkPkg/NetworkPkg.dsc: Add the instance of library class [SafeIntLib] + ArmVirtPkg: use protocol-based DevicePathLib instance for most DXE modules + OvmfPkg/QemuVideoDxe: round up FrameBufferSize to full page + ArmVirtPkg: reinstate timer unmask quirk for Xen + ArmPkg/TimerDxe: remove workaround for KVM timer handling + FatPkg/EnhancedFatDxe: Ensure traverse of subtasks is delete-safe + OvmfPkg/PlatformBootManagerLib: add USB keyboard to ConIn + CryptoPkg/OpensslLib: Update OpenSSL version to 1.1.0h + OvmfPkg/TlsAuthConfigLib: configure trusted cipher suites for HTTPS boot + ArmVirtPkg/ArmVirtQemu: hook NvVarStoreFormattedLib into VariableRuntimeDxe + ArmPlatformPkg/NorFlashDxe: cue the variable driver with NvVarStoreFormatted + ArmPlatformPkg/NorFlashDxe: initialize varstore headers eagerly + OvmfPkg: remove BLOCK_MMIO_PROTOCOL and BlockMmioToBlockIoDxe + OvmfPkg/TlsAuthConfigLib: configure trusted CA certs for HTTPS boot + MdeModulePkg/Variable/RuntimeDxe: introduce PcdMaxVolatileVariableSize + NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate variable attributes + NetworkPkg/HttpDxe: drop misleading comment / status code in cert config + NetworkPkg/HttpDxe: use error handler epilogue in TlsConfigCertificate() + NetworkPkg/HttpBootDxe: fix typo in DHCPv4 packet parsing + OvmfPkg/QemuVideoDxe: handle invalid BltOperation gracefully + NetworkPkg/UefiPxeBcDxe: Configure the ARP Instance/RouteTable with new address + NetworkPkg/HttpDxe: Handle the large data request via HTTPS channel + NetworkPkg/TlsDxe: Handle the multiple TLS record messages encryption/decryption + SecurityPkg Tpm12CommandLib: Fix TPM12 GetCapability response error + SecurityPkg Tpm2CommandLib: Fix TPM2.0 response memory overflow + MdeModulePkg/DxeMain: Fix BSP interrupts reenabled in ExitBootServices + UefiCpuPkg/MpInitLib: Disable interrupt at ExitBootServices AP Mwait + OvmfPkg/PlatformBootManagerLib: process "-kernel" before boot devices + OvmfPkg/PlatformBootManagerLib: hoist PciAcpiInitialization() + ArmVirtPkg/PlatformBootManagerLib: return to "-kernel before boot devices" + MdeModulePkg/Core: allow HeapGuard even before CpuArchProtocol installed + UefiCpuPkg CpuExceptionHandlerLib: use FixedPcdGetSize() as the macro value + remove TrEE + MdeModulePkg/PciBus: return CPU address for GetBarAttributes + MdeModulePkg/PciBus: convert host address to device address + MdeModulePkg/PciHostBridgeDxe: Add support for address translation + OvmfPkg/PciHostBridgeLib: clear PCI aperture vars for (re)init + ArmPkg/TimerDxe: Add ISB for timer compare value reload + BaseTools code refactoring ==== patch ==== - ed-style-07-dont-leak-tmp-file.patch, ed-style-08-dont-leak-tmp-file-multi.patch: Fix temporary file leak when applying ed-style patches (bsc#1092500, savannah#53820). ==== permissions ==== Version update (20180125 -> 20180508) - Update to version 20180508: * Capabilities for usage of Wireshark for non-root (bsc#957624) ==== php7 ==== Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-openssl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zip php7-zlib - better workaround for [bsc#1089487]: build mod_phpN.so instead of libphpN.so - rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch to align with the rest of patch names - Add freetype-pkgconfig.patch to fix build with new Freetype: use pkg-config to find Freetype libraries ==== plasma-nm5 ==== Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Add supplements to avoid hard requires (part of fix for boo#982962) ==== plasma5-pk-updates ==== Subpackages: plasma5-pk-updates-lang - Add patch to fix tooltip text with security or important updates (boo#1090375): * 0001-Use-n-instead-of-br-for-the-extra-part-of-the-summar.patch ==== postfix ==== Subpackages: postfix-doc - remove pre-requirements on sysvinit(network) and sysvinit(syslog). There seems to be no good reason for that other than blowing up the dependencies (bsc#1092408). ==== python-kiwi ==== Version update (9.14.7 -> 9.15.1) - Bump version: 9.15.0 ? 9.15.1 - Add a chapter for uninstall package requests in docs (#726) Add a chapter for uninstall package requests in docs - Update arm integration test Existing panda build was outdated and non functional. Move the test to a more popular target and write the image description to use technology matching the suse arm development effort. Target is now Rpi(64bit) - Use latest version of sphinx Formerly sphinx==1.6.7 was used because travis-sphinx failed with latest sphinx. Now travis-sphinx fails with 1.6.7 and I hope using latest sphinx will fix that - Bump version: 9.14.7 ? 9.15.0 - Add comment in pinch_system calls - Refining the uninstall type implementation ==== sddm ==== Subpackages: sddm-branding-openSUSE - Amend patch to also canonicalize desktop session paths (boo#1092251): * 0003-Leave-duplicate-symlinks-out-of-the-SessionModel.patch - Add patch to fix build with Qt 5.11: * 0001-Fix-build-with-Qt-5.11-1024.patch ==== xen ==== Version update (4.10.0_18 -> 4.10.0_20) Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - bsc#1092543 - GCC 8: xen build fails 5ac72a48-gcc8.patch 5ac72a5f-gcc8.patch 5ac72a64-gcc8.patch 5ac72a69-gcc8.patch 5ac72a6e-gcc8.patch 5ac72a74-gcc8.patch 5ac72a7b-gcc8.patch gcc8-inlining-failed.patch - bsc#1090820 - VUL-0: CVE-2018-8897: xen: x86: mishandling of debug exceptions (XSA-260) xsa260-1.patch xsa260-2.patch xsa260-3.patch xsa260-4.patch - bsc#1090822 - VUL-0: xen: x86 vHPET interrupt injection errors (XSA-261) xsa261.patch - bsc#1090823 - VUL-0: xen: qemu may drive Xen into unbounded loop (XSA-262) xsa262.patch ==== yast2-installation ==== Version update (4.0.55 -> 4.0.59) - Log a warning when umounting a filesystem fails after installation/upgrade (related to bsc#1090018). - 4.0.59 - disable mdadm auto assembly for installation (bsc#1090690) - 4.0.58 - Keep the selected product in the desktop selection dialog (bsc#1088660) - 4.0.57 - Copy new /var/log/YaST2/storage-inst/ subdir to target at the end of the installation (part of fate #318196) - 4.0.56 ==== yast2-storage-ng ==== Version update (4.0.178 -> 4.0.179) - Partitioner: check whether required packages are installed before committing changes to disk (bsc#1089508). - 4.0.179 - Partitioner: fix buttons to abort and to go back (part of fate#318196 and related to bsc#1075443). - Partitioner: fixed detection of reprobed system to avoid unnecessary proposal re-calculation. - Partitioner: allow to select only valid parity algorithms when creating a new MD RAID (bsc#1090182). - Partitioner: "Configure..." button allowing to execute the YaST clients for iSCI, FCoE, DASD, zFCP and XPRAM (bsc#1090753).