Packages changed: ImageMagick (7.0.7.4 -> 7.0.7.6) apache2 (2.4.27 -> 2.4.28) apparmor cmake (3.9.2 -> 3.9.4) expat gcc7 (7.2.1+r253221 -> 7.2.1+r253435) gdb (8.0 -> 8.0.1) ghostscript-fonts hplip (3.17.6 -> 3.17.9) installation-images-Kubic (14.335 -> 14.336) jemalloc (4.5.0 -> 5.0.1) libcdio libcroco libusbmuxd libvirt (3.7.0 -> 3.8.0) mozilla-nspr (4.16 -> 4.17) mozilla-nss (3.32.1 -> 3.33) opencc (1.0.3.1 -> 1.0.5) php7 python-cffi (1.10.0 -> 1.11.1) python-ldap (2.4.44 -> 2.4.45) scons (2.5.1 -> 3.0.0) sysdig (0.17.0_k4.13.5_1 -> 0.19.1_k4.13.5_1) systemd xkeyboard-config (2.21 -> 2.22) xml-commons xmlbeans xorg-x11-server (1.19.3 -> 1.19.4) yast2-snapper (4.0.0 -> 4.0.1) zypper (1.13.36 -> 1.13.37) === Details === ==== ImageMagick ==== Version update (7.0.7.4 -> 7.0.7.6) Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-7_Q16HDRI3 libMagickCore-7_Q16HDRI4 libMagickWand-7_Q16HDRI4 perl-PerlMagick - updated to 7.0.7-6 * Reset the magick_list_initialized boolean when needed. * Fixed numerous memory leaks. * Support URW-base35 fonts. * Removed "ping_preserve_iCCP=MagickTrue;" statement that was inadvertently added to coders/png.c. - %make_install only for sle12 and higher - Update package summaries and RPM groups. Make use of %make_install. ==== apache2 ==== Version update (2.4.27 -> 2.4.28) Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils - updated to 2.4.28: * ) SECURITY: CVE-2017-9798 (cve.mitre.org) Corrupted or freed memory access. must now be used in the main configuration file (httpd.conf) to register HTTP methods before the .htaccess files. [Yann Ylavic] * ) event: Avoid possible blocking in the listener thread when shutting down connections. PR 60956. [Yann Ylavic] * ) mod_speling: Don't embed referer data in a link in error page. PR 38923 [Nick Kew] * ) htdigest: prevent a buffer overflow when a string exceeds the allowed max length in a password file. [Luca Toscano, Hanno Böck ] * ) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25). [Jim Jagielski] * ) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically. PR 61142. * ) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond), 's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski] * ) mod_http2: Fix for stalling when more than 32KB are written to a suspended stream. [Stefan Eissing] * ) build: allow configuration without APR sources. [Jacob Champion] * ) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184. [Bernard Spil , Michael Schlenker , Yann Ylavic] * ) core/log: Support use of optional "tag" in syslog entries. PR 60525. [Ben Rubson , Jim Jagielski] * ) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton] * ) core: Disallow multiple Listen on the same IP:port when listener buckets are configured (ListenCoresBucketsRatio > 0), consistently with the single bucket case (default), thus avoiding the leak of the corresponding socket descriptors on graceful restart. [Yann Ylavic] * ) event: Avoid listener periodic wake ups by using the pollset wake-ability when available. PR 57399. [Yann Ylavic, Luca Toscano] * ) mod_proxy_wstunnel: Fix detection of unresponded request which could have led to spurious HTTP 502 error messages sent on upgrade connections. PR 61283. [Yann Ylavic] - suexec binary moved to main package [bsc#1054741] - do not call and do not ship apache-22-24-upgrade [bsc#1042037] - make the package runable on non systemd systems + deprecated-scripts-arch.patch ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - profiles-sockets-temporary-fix.patch to cater to nameservices with the new sockets mediation, until unix rules are upstreamed (boo#1061195) ==== cmake ==== Version update (3.9.2 -> 3.9.4) - update to 3.9.4: * FindBoost: Finish reverting "Simplify search in lists" for 3.9 - includes changes from 3.9.3: * VS: Do not consider MAP_IMPORTED_CONFIG_ on non-imported targets bootstrap: Fix running multiple times in-source * vim: Remove default setting of expandtab * FindBoost: Add support for Boost 1.65.0 and 1.65.1 to CMake 3.9 * CTest: fix crash if source file for coverage cannot be found * Autogen: Backport autogen target dependency as file dependency fix * Autogen: Tests: Backport tests for _autogen target dependencies ==== expat ==== Subpackages: libexpat-devel libexpat1 libexpat1-32bit - Allow building when do_profiling is undefined ==== gcc7 ==== Version update (7.2.1+r253221 -> 7.2.1+r253435) Subpackages: cpp7 gcc7-c++ gcc7-fortran gcc7-info gcc7-locale gcc7-objc libasan4 libatomic1 libcilkrts5 libgcc_s1 libgcc_s1-32bit libgfortran4 libgomp1 libitm1 liblsan0 libmpx2 libmpxwrappers2 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc7 libtsan0 libubsan0 - Update to gcc-7-branch head (r253435). * contains fix for PR82406 which blocks chromium build. - Add gcc7-pr81481.diff to fix a register allocation issue. [bnc#1048861] ==== gdb ==== Version update (8.0 -> 8.0.1) - Link gdb against a bundled libipt (processor trace library) on x86_64 and i686 for improved tracing support on Intel CPUs. [bnc#985550] Adds v1.6.1.tar.gz and patches v1.5-libipt-static.patch and v1.6.1-implicit-fallthrough.patch. - Rebase to 8.0.1 release (fixing PR21886, PR22046) - Updated libstdc++ pretty printers to - Replace gdb-libstdc++-v3-python-6.3.1-20170212.tar.bz2 with gdb-libstdc++-v3-python-7.1.1-20170526.tar.bz2 . - Add patches for s390x z14 feates [fate #321514, fate #322272] gdb-s390x-1b63490.patch gdb-s390x-289e23a.patch gdb-s390x-8fe09d7.patch gdb-s390x-96235dc.patch gdb-s390x-ad33963.patch - Adjust some patches: gdb-ppc-power7-test.patch gdb-rhbz795424-bitpos-20of25.patch gdb-rhbz795424-bitpos-21of25.patch gdb-vla-intel-fortran-vla-strings.patch - Add some patches from Fedora: gdb-rhbz1420304-s390x-01of35.patch gdb-rhbz1420304-s390x-02of35.patch gdb-rhbz1420304-s390x-03of35.patch gdb-rhbz1420304-s390x-04of35.patch gdb-rhbz1420304-s390x-05of35.patch gdb-rhbz1420304-s390x-06of35.patch gdb-rhbz1420304-s390x-07of35.patch gdb-rhbz1420304-s390x-08of35.patch gdb-rhbz1420304-s390x-09of35.patch gdb-rhbz1420304-s390x-10of35.patch gdb-rhbz1420304-s390x-11of35.patch gdb-rhbz1420304-s390x-12of35.patch gdb-rhbz1420304-s390x-13of35.patch gdb-rhbz1420304-s390x-14of35.patch gdb-rhbz1420304-s390x-15of35.patch gdb-rhbz1420304-s390x-16of35.patch gdb-rhbz1420304-s390x-17of35.patch gdb-rhbz1420304-s390x-18of35.patch gdb-rhbz1420304-s390x-19of35.patch gdb-rhbz1420304-s390x-20of35.patch gdb-rhbz1420304-s390x-21of35.patch gdb-rhbz1420304-s390x-22of35.patch gdb-rhbz1420304-s390x-23of35.patch gdb-rhbz1420304-s390x-24of35.patch gdb-rhbz1420304-s390x-25of35.patch gdb-rhbz1420304-s390x-26of35.patch gdb-rhbz1420304-s390x-27of35.patch gdb-rhbz1420304-s390x-28of35.patch gdb-rhbz1420304-s390x-29of35.patch gdb-rhbz1420304-s390x-30of35.patch gdb-rhbz1420304-s390x-31of35.patch gdb-rhbz1420304-s390x-32of35.patch gdb-rhbz1420304-s390x-33of35.patch gdb-rhbz1420304-s390x-34of35.patch gdb-rhbz1420304-s390x-35of35.patch gdb-upstream.patch ==== ghostscript-fonts ==== Subpackages: ghostscript-fonts-other ghostscript-fonts-std - Do no longer mess around with the original fonts: Do no longer try to "improve" the appearance of glyphs in certain fonts in a SUSE-sepcific way. Provide the fonts as originally intended. Now neither the SUSE-sepcific ghostscript-fonts-std-8.11.patch nor special tools like t1ascii and t1binary from the t1utils RPM are needed to build a RPM package that only contains fonts. Cf. the entry below dated "Tue Mar 27 16:57:57 CEST 2012". ==== hplip ==== Version update (3.17.6 -> 3.17.9) Subpackages: hplip-hpijs hplip-sane - Version update to 3.17.9: * Added support for the following new printers: - HP OfficeJet Pro 7720 Wide Format All-in-One - HP DeskJet AMP All-in-One Printer - HP OfficeJet 5220 All-in-One Printer - HP OfficeJet 5230 All-in-One Printer - HP OfficeJet 5232 All-in-One Printer - HP ENVY Photo 6220 All-in-One Printer - HP ENVY Photo 6232 All-in-One Printer - HP ENVY Photo 7120 All-in-One Printer - HP ENVY Photo 7134 All-in-One Printer - HP ENVY Photo 7820 All-in-One Printer - HP ENVY 5020 All-in-One Printer - HP ENVY 5032 All-in-One Printer - HP DeskJet Ink Advantage 3735 All-in-One - HP ENVY Photo 6234 All-in-One Printer - HP ENVY Photo 6230 All-in-One Printer - HP AMP 130 All-in-One Printer - HP OfficeJet Pro 7730 Wide Format All-in-One - HP ENVY Photo 7155 All-in-One Printer - HP ENVY Photo 7164 All-in-One Printer - HP ENVY Photo 7155 All-In-One Printer - HP ENVY Photo 7800 All-In-One Printer - HP ENVY Photo 6200 All-In-One Printer - HP ENVY Photo 7130 All-in-One Printer - HP ENVY Photo 7830 All-in-One Printer - HP ENVY Photo 7120 All-in-One Printer - HP ENVY Photo 7820 All-in-One Printer - HP ENVY Photo 7855 All-in-One Printer - HP DeskJet Ink Advantage 5075 All-in-One Printer - HP PageWide Enterprise Color 765dn - HP PageWide Managed Color E75160dn - HP PageWide Enterprise Color MFP 780dn - HP PageWide Enterprise Color Flow MFP 785f - HP PageWide Enterprise Color Flow MFP 785zs - HP PageWide Enterprise Color Flow MFP 785z+ - HP PageWide Managed Color MFP E77650dn - HP PageWide Managed Color MFP E77650dns - HP PageWide Managed Color MFP E77660dn - HP PageWide Managed Color Flow MFP E77650z - HP PageWide Managed Color Flow MFP E77650zs - HP PageWide Managed Color Flow MFP E77650z+ - HP PageWide Managed Color Flow MFP E77660z - HP PageWide Managed Color Flow MFP E77660zs - HP PageWide Managed Color Flow MFP E77660z+ * from 3.17.7: - HP DeskJet Ink Advantage 2635 All-in-One - HP DeskJet Ink Advantage 2636 All-in-One - HP DeskJet Ink Advantage 2675 All-in-One - HP DeskJet Ink Advantage 2676 All-in-One - HP DeskJet Ink Advantage 2677 All-in-One - HP DeskJet Ink Advantage 2678 All-in-One - HP DeskJet 2620 All-in-One - HP DeskJet 2621 All-in-One - HP DeskJet 2622 All-in-One - HP DeskJet 2623 All-in-One - HP DeskJet Ink Advantage 2200 All-in-One - HP DeskJet 3722 All-in-One - HP DeskJet Ink Advantage 3789 All-in-One - HP DeskJet Ink Advantage 3790 All-in-One ==== installation-images-Kubic ==== Version update (14.335 -> 14.336) - merge gh#openSUSE/installation-images#206 - use the same driver updates for caasp as the dist it is based on - 14.336 ==== jemalloc ==== Version update (4.5.0 -> 5.0.1) - Add 0001-ARM-Don-t-extend-bit-LG_VADDR-to-compute-high-addres.patch: fixes #979. - Add 0001-remove-CPU_SPINWAIT.patch: revert 701daa5298b3befe2aff05ce590533165abb9ba4 in order to fix #761. - Update to version 5.0.1 Bug fixes: * Update decay->nunpurged before purging, in order to avoid potential update races and subsequent incorrect purging volume. ([37]@interwq) * Only abort on dlsym(3) error if the failure impacts an enabled feature (lazy locking and/or background threads). This mitigates an initialization failure bug for which we still do not have a clear reproduction test case. ([38]@interwq) * Modify tsd management so that it neither crashes nor leaks if a thread's only allocation activity is to call free() after TLS destructors have been executed. This behavior was observed when operating with GNU libc, and is unlikely to be an issue with other libc implementations. ([39]@interwq) * Mask signals during background thread creation. This prevents signals from being inadvertently delivered to background threads. ([40]@jasone, [41]@davidtgoldblatt, [42]@interwq) * Avoid inactivity checks within background threads, in order to prevent recursive mutex acquisition. ([43]@interwq) * Fix extent_grow_retained() to use the specified hooks when the arena..extent_hooks mallctl is used to override the default hooks. ([44]@interwq) * Add missing reentrancy support for custom extent hooks which allocate. ([45]@interwq) * Post-fork(2), re-initialize the list of tcaches associated with each arena to contain no tcaches except the forking thread's. ([46]@interwq) * Add missing post-fork(2) mutex reinitialization for extent_grow_mtx. This fixes potential deadlocks after fork(2). ([47]@interwq) * Enforce minimum autoconf version (currently 2.68), since 2.63 is known to generate corrupt configure scripts. ([48]@jasone) * Ensure that the configured page size (--with-lg-page) is no larger than the configured huge page size (--with-lg-hugepage). ([49]@jasone) New features: * Implement optional per-CPU arena support; threads choose which arena to use based on current CPU rather than on fixed thread-->arena associations. ([59]@interwq) * Implement two-phase decay of unused dirty pages. Pages transition from dirty-->muzzy-->clean, where the first phase transition relies on madvise(... MADV_FREE) semantics, and the second phase transition discards pages such that they are replaced with demand-zeroed pages on next access. ([60]@jasone) * Increase decay time resolution from seconds to milliseconds. ([61]@jasone) * Implement opt-in per CPU background threads, and use them for asynchronous decay-driven unused dirty page purging. ([62]@interwq) * Add mutex profiling, which collects a variety of statistics useful for diagnosing overhead/contention issues. ([63]@interwq) * Add C++ new/delete operator bindings. ([64]@djwatson) * Support manually created arena destruction, such that all data and metadata are discarded. Add MALLCTL_ARENAS_DESTROYED for accessing merged stats associated with destroyed arenas. ([65]@jasone) * Add MALLCTL_ARENAS_ALL as a fixed index for use in accessing merged/destroyed arena statistics via mallctl. ([66]@jasone) * Add opt.abort_conf to optionally abort if invalid configuration options are detected during initialization. ([67]@interwq) * Add opt.stats_print_opts, so that e.g. JSON output can be selected for the stats dumped during exit if opt.stats_print is true. ([68]@jasone) * Add --with-version=VERSION for use when embedding jemalloc into another project's git repository. ([69]@jasone) * Add --disable-thp to support cross compiling. ([70]@jasone) * Add --with-lg-hugepage to support cross compiling. ([71]@jasone) * Add mallctl interfaces (various authors): + background_thread + opt.abort_conf + opt.retain + opt.percpu_arena + opt.background_thread + opt.{dirty,muzzy}_decay_ms + opt.stats_print_opts + arena..initialized + arena..destroy + arena..{dirty,muzzy}_decay_ms + arena..extent_hooks + arenas.{dirty,muzzy}_decay_ms + arenas.bin..slab_size + arenas.nlextents + arenas.lextent..size + arenas.create + stats.background_thread.{num_threads,num_runs,run_interval} + stats.mutexes.{ctl,background_thread,prof,reset}.{num_ops,num_ spin_acq,num_wait,max_wait_time,total_wait_time,max_num_thds,n um_owner_switch} + stats.arenas..{dirty,muzzy}_decay_ms + stats.arenas..uptime + stats.arenas..{pmuzzy,base,internal,resident} + stats.arenas..{dirty,muzzy}_{npurge,nmadvise,purged} + stats.arenas..bins..{nslabs,reslabs,curslabs} + stats.arenas..bins..mutex.{num_ops,num_spin_acq,num_wait ,max_wait_time,total_wait_time,max_num_thds,num_owner_switch} + stats.arenas..lextents..{nmalloc,ndalloc,nrequests,curle xtents} + stats.arenas.i.mutexes.{large,extent_avail,extents_dirty,exten ts_muzzy,extents_retained,decay_dirty,decay_muzzy,base,tcache_ list}.{num_ops,num_spin_acq,num_wait,max_wait_time,total_wait_ time,max_num_thds,num_owner_switch} Portability improvements: * Improve reentrant allocation support, such that deadlock is less likely if e.g. a system library call in turn allocates memory. ([72]@davidtgoldblatt, [73]@interwq) * Support static linking of jemalloc with glibc. ([74]@djwatson) Optimizations and refactors: * Organize virtual memory as "extents" of virtual memory pages, rather than as naturally aligned "chunks", and store all metadata in arbitrarily distant locations. This reduces virtual memory external fragmentation, and will interact better with huge pages (not yet explicitly supported). ([75]@jasone) * Fold large and huge size classes together; only small and large size classes remain. ([76]@jasone) * Unify the allocation paths, and merge most fast-path branching decisions. ([77]@davidtgoldblatt, [78]@interwq) * Embed per thread automatic tcache into thread-specific data, which reduces conditional branches and dereferences. Also reorganize tcache to increase fast-path data locality. ([79]@interwq) * Rewrite atomics to closely model the C11 API, convert various synchronization from mutex-based to atomic, and use the explicit memory ordering control to resolve various hypothetical races without increasing synchronization overhead. ([80]@davidtgoldblatt) * Extensively optimize rtree via various methods: + Add multiple layers of rtree lookup caching, since rtree lookups are now part of fast-path deallocation. ([81]@interwq) + Determine rtree layout at compile time. ([82]@jasone) + Make the tree shallower for common configurations. ([83]@jasone) + Embed the root node in the top-level rtree data structure, thus avoiding one level of indirection. ([84]@jasone) + Further specialize leaf elements as compared to internal node elements, and directly embed extent metadata needed for fast-path deallocation. ([85]@jasone) + Ignore leading always-zero address bits (architecture-specific). ([86]@jasone) * Reorganize headers (ongoing work) to make them hermetic, and disentangle various module dependencies. ([87]@davidtgoldblatt) * Convert various internal data structures such as size class metadata from boot-time-initialized to compile-time-initialized. Propagate resulting data structure simplifications, such as making arena metadata fixed-size. ([88]@jasone) * Simplify size class lookups when constrained to size classes that are multiples of the page size. This speeds lookups, but the primary benefit is complexity reduction in code that was the source of numerous regressions. ([89]@jasone) * Lock individual extents when possible for localized extent operations, rather than relying on a top-level arena lock. ([90]@davidtgoldblatt, [91]@jasone) * Use first fit layout policy instead of best fit, in order to improve packing. ([92]@jasone) * If munmap(2) is not in use, use an exponential series to grow each arena's virtual memory, so that the number of disjoint virtual memory mappings remains low. ([93]@jasone) * Implement per arena base allocators, so that arenas never share any virtual memory pages. ([94]@jasone) * Automatically generate private symbol name mangling macros. ([95]@jasone) Incompatible changes: * Replace chunk hooks with an expanded/normalized set of extent hooks. ([96]@jasone) * Remove ratio-based purging. ([97]@jasone) * Remove --disable-tcache. ([98]@jasone) * Remove --disable-tls. ([99]@jasone) * Remove --enable-ivsalloc. ([100]@jasone) * Remove --with-lg-size-class-group. ([101]@jasone) * Remove --with-lg-tiny-min. ([102]@jasone) * Remove --disable-cc-silence. ([103]@jasone) * Remove --enable-code-coverage. ([104]@jasone) * Remove --disable-munmap (replaced by opt.retain). ([105]@jasone) * Remove Valgrind support. ([106]@jasone) * Remove quarantine support. ([107]@jasone) * Remove redzone support. ([108]@jasone) * Remove mallctl interfaces (various authors): + config.munmap + config.tcache + config.tls + config.valgrind + opt.lg_chunk + opt.purge + opt.lg_dirty_mult + opt.decay_time + opt.quarantine + opt.redzone + opt.thp + arena..lg_dirty_mult + arena..decay_time + arena..chunk_hooks + arenas.initialized + arenas.lg_dirty_mult + arenas.decay_time + arenas.bin..run_size + arenas.nlruns + arenas.lrun..size + arenas.nhchunks + arenas.hchunk..size + arenas.extend + stats.cactive + stats.arenas..lg_dirty_mult + stats.arenas..decay_time + stats.arenas..metadata.{mapped,allocated} + stats.arenas..{npurge,nmadvise,purged} + stats.arenas..huge.{allocated,nmalloc,ndalloc,nrequests} + stats.arenas..bins..{nruns,reruns,curruns} + stats.arenas..lruns..{nmalloc,ndalloc,nrequests,curruns} + stats.arenas..hchunks..{nmalloc,ndalloc,nrequests,curhch unks} Bug fixes: * Improve interval-based profile dump triggering to dump only one profile when a single allocation's size exceeds the interval. ([109]@jasone) * Use prefixed function names (as controlled by - -with-jemalloc-prefix) when pruning backtrace frames in jeprof. ([110]@jasone) ==== libcdio ==== Subpackages: libcdio++0 libcdio-devel libcdio16 libiso9660-10 libudf0 - Fix symbol versioning, some symbols where no longer exported with a version, thus the library inadvertently broke ABI between version 0.93 and 0.94. Fixes https://savannah.gnu.org/bugs/index.php?49907 * add 0001-Fix-symbol-versioning-for-exported-symbols.patch ==== libcroco ==== - Remove --with-pic which is useless with --disable-static. - Rectify RPM groups. Remove redundant %clean section. - Drop gtk-doc BuildRequires: Do not build documentation (helps eliminate a build cycle). This is no loss for the package, as we simply install the pre-built doc from the tarball. ==== libusbmuxd ==== Subpackages: libusbmuxd-devel libusbmuxd4 - Rectify RPM groups. ==== libvirt ==== Version update (3.7.0 -> 3.8.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - apparmor: add dnsmasq ptrace rule to libvirtd profile c44b29aa-apparmor-dnsmasq-ptrace.patch bsc#1060860 - spec: Add dependency to UEFI firmwares since paths are specified at build time - Update to libvirt 3.8.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 92bd87a2-ryzen-test-data.patch, 5c83b360-epyc-test-data.patch, a0b62843-epyc-cpu-model.patch, f305d8a1-apparmor-attach_disconnected.patch, b482925c-apparmor-ptrace-support.patch - Enable firewalld support for openSUSE >= 42.2 ==== mozilla-nspr ==== Version update (4.16 -> 4.17) - update to version 4.17 * changes to the Windows implementation of the networking code required for Firefox 57 * a FreeBSD build fix (bmo#1391716) ==== mozilla-nss ==== Version update (3.32.1 -> 3.33) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-tools - update to NSS 3.33 Notable changes * TLS compression is no longer supported. API calls that attempt to enable compression are accepted without failure. However, TLS compression will remain disabled. * This version of NSS uses a formally verified implementation of Curve25519 on 64-bit systems. * The compile time flag DISABLE_ECC has been removed. * When NSS is compiled without NSS_FORCE_FIPS=1 startup checks are not performed anymore. * Various minor improvements and correctness fixes. New functionality * When listing an NSS database using certutil -L, but the database hasn't yet been initialized with any non-empty or empty password, the text "Database needs user init" will be included in the listing. * When using certutil to set an inacceptable password in FIPS mode, a correct explanation of acceptable passwords will be printed. New functions * CERT_FindCertByIssuerAndSNCX - a variation of existing function CERT_FindCertByIssuerAndSN that accepts an additional password context parameter. * CERT_FindCertByNicknameOrEmailAddrCX - a variation of existing function CERT_FindCertByNicknameOrEmailAddr that accepts an additional password context parameter. * CERT_FindCertByNicknameOrEmailAddrForUsageCX - a variation of existing function CERT_FindCertByNicknameOrEmailAddrForUsage that accepts an additional password context parameter. * NSS_SecureMemcmpZero - check if a memory region is all zero in constant time. * PORT_ZAllocAligned - allocate aligned memory. * PORT_ZAllocAlignedOffset - allocate aligned memory for structs. * SSL_GetExperimentalAPI - access experimental APIs in libssl. - add patch to separate hw and sw implementations for AES and GCM to avoid implicit execution of SSE2 methods if compiled for i586 (bmo-1400603.patch, boo#1061204) ==== opencc ==== Version update (1.0.3.1 -> 1.0.5) Subpackages: libopencc2 opencc-data - Update to 1.0.5 * Fix link error for mingw * Try fix error nodejs_version=4; Platform: x86 * Add support for node stable && remove v0.12 * Update artifacts * Artifacts for appveyor ==== php7 ==== Subpackages: apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-dba php7-devel php7-dom php7-exif php7-fastcgi php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-imap php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-openssl php7-pdo php7-pear php7-pear-Archive_Tar php7-pgsql php7-shmop php7-snmp php7-sockets php7-sqlite php7-sysvsem php7-sysvshm php7-tidy php7-tokenizer php7-wddx php7-xmlreader php7-xmlwriter php7-xsl php7-zlib - fixed installation of wrong cli [bsc#1061555] - Update not-so-useful repeated package summaries. Update the descriptions to have a bit more explanation. Replace old tar syntax. ==== python-cffi ==== Version update (1.10.0 -> 1.11.1) Subpackages: python2-cffi python3-cffi - Update pytest in spec to add c directory tests in addition to testing directory. - Omit test_init_once_multithread tests as they rely on multiple threads finishing in a given time. Returns sporadic pass/fail within build. - Update to 1.11.1: * Fix tests, remove deprecated C API usage * Fix (hack) for 3.6.0/3.6.1/3.6.2 giving incompatible binary extensions (cpython issue #29943) * Fix for 3.7.0a1+ - Update to 1.11.0: * Support the modern standard types char16_t and char32_t. These work like wchar_t: they represent one unicode character, or when used as charN_t * or charN_t[] they represent a unicode string. The difference with wchar_t is that they have a known, fixed size. They should work at all places that used to work with wchar_t (please report an issue if I missed something). Note that with set_source(), you need to make sure that these types are actually defined by the C source you provide (if used in cdef()). * Support the C99 types float _Complex and double _Complex. Note that libffi doesn?t support them, which means that in the ABI mode you still cannot call C functions that take complex numbers directly as arguments or return type. * Fixed a rare race condition when creating multiple FFI instances from multiple threads. (Note that you aren?t meant to create many FFI instances: in inline mode, you should write ffi = cffi.FFI() at module level just after import cffi; and in out-of-line mode you don?t instantiate FFI explicitly at all.) * Windows: using callbacks can be messy because the CFFI internal error messages show up to stderr?but stderr goes nowhere in many applications. This makes it particularly hard to get started with the embedding mode. (Once you get started, you can at least use @ffi.def_extern(onerror=...) and send the error logs where it makes sense for your application, or record them in log files, and so on.) So what is new in CFFI is that now, on Windows CFFI will try to open a non-modal MessageBox (in addition to sending raw messages to stderr). The MessageBox is only visible if the process stays alive: typically, console applications that crash close immediately, but that is also the situation where stderr should be visible anyway. * Progress on support for callbacks in NetBSD. * Functions returning booleans would in some case still return 0 or 1 instead of False or True. Fixed. * ffi.gc() now takes an optional third parameter, which gives an estimate of the size (in bytes) of the object. So far, this is only used by PyPy, to make the next GC occur more quickly (issue #320). In the future, this might have an effect on CPython too (provided the CPython issue 31105 is addressed). * Add a note to the documentation: the ABI mode gives function objects that are slower to call than the API mode does. For some reason it is often thought to be faster. It is not! - Update to 1.10.1: * Fixed the line numbers reported in case of cdef() errors. Also, I just noticed, but pycparser always supported the preprocessor directive # 42 "foo.h" to mean ?from the next line, we?re in file foo.h starting from line 42?, which it puts in the error messages. ==== python-ldap ==== Version update (2.4.44 -> 2.4.45) - update to upstream release 2.4.45 * fixed error handling ==== scons ==== Version update (2.5.1 -> 3.0.0) - SCons 3.0.0, a major release: * Some targets may rebuild when upgrading. * Significant changes in some python action signatures * Supports Python version earlier than 2.7 and 3.5+ * Switching between PY 2.7 and PY 3.5, 3.6 will cause rebuilds * Updated language support: D, LaTeX, docbook * Remove deprecated tools CVS, Perforce, BitKeeper, RCS, SCCS, Subversion * Removed deprecated module SCons.Sig - refresh scons-1.2.0-fix-install.patch to scons-3.0.0-fix-install.patch - drop scons-1.2.0-noenv.patch, fix is done in spec - drop rpmlintrc, no longer needed - prevent a regression that would require Python3 syntax for print statements, add scons-3.0.0-support-python-2-prints.patch ==== sysdig ==== Version update (0.17.0_k4.13.5_1 -> 0.19.1_k4.13.5_1) - Update to version 0.19.1: * Fix a compilation issue on old versions of kernels 2.6.32 shipped by RHEL/CentOS - Changes for version 0.19.0: * Add per-cpu counters when a tracepoint is hit [#947] * mq_unlink syscall reports as ptrace [#927] * Fixed copy-paste typo [#946] * expose the event masking/unmasking mechanism at the inspector level [#951] * Fix targetViewFilter for "Accessed Files" in wsysdig_summary chisel [#952] * Various improvements and fixes for Sysdig Inspect - Changes for version 0.18.0: * Changed language of CLA to also cover government contributions [#902] * Support mapped container docker networking mode, currently used by k8s pods [#922] * Allow an external event capture dumper object to be used together with an inspector object [#912] * Handle reading large execve args/env that might otherwise cause a page fault [#920] * Add container events (container start/stop/etc) to capture files. In the future, will also be used for orchestrator information. [#935] * Add the executable path as a filterable/displayable item proc.exepath [#845] [#934] * Small README changes [#936] * Support additional flags to clone() syscall [#909] * Support page faults as events [#904] * Support for upcoming visualization product [#931] * Compilation fixes for sysdig monitor agent [#942] * Fix minor problems found by valgrind [#938] * Fix crash when reading large messages from docker daemon [#932] * Better cleanup of failed installation of the sysdig driver under coreos [#926] * Ensure that a parent's ptid is set when an execve fills in information on a new process [#914] * Fix IN operator so it works with non-string values [#913] * fix compile errors with newer versions of libcurl [#895] [#911] * fix compile errors when O_DIRECTORY not defined [#907] * Use session id, not process group id, for proc.sid [#904] [#905] * Small docs fixes related to container.mount.* [#901] * Update installation script to use latest version of EPEL repository [#897] - Drop no longer needed sysdig-curlbuild.patch ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - Damn forgot to drop 0001-Revert-core-device-Use-JobRunningTimeoutSec-for-devi.patch in the spec file - Import commit 6dea894131d78b20b9e0482f75afa6ee4dec8627 1cdd944b0 unit: when JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too (bsc#1004995) This make 0001-Revert-core-device-Use-JobRunningTimeoutSec-for-devi.patch not needed anymore. - Import commit 93688f8e53b4e482a55a7d4aba2d927ddedebdde c53522be3 compat-rules: allow to specify the generation number through the kernel cmdline - Import commit c1e8af7d1e8b09c2878a5b17f513bfc41ae46dc6 982754275 build-sys: make sure 61-persitent-storage-compat.rules is installed with meson 9ac2e8b9b udev: proc_cmdline_get_key() FTW! (#6925) ==== xkeyboard-config ==== Version update (2.21 -> 2.22) - Update to version 2.22: + typofix tel-sarala key layout + Whitelist Indian keyboard layouts. #101532 + Enable level3 ralt_switch by default in Kazakh (ext) layout. + Extend more keys in Kazakh (ext) layout. + Add "AltGr" back into the description for altgr-intl layouts + Added Old Hungarian layout + ctrl: add missing modifier_map + Add grp:menu_switch + adds the shortDescription for es-cat and es-ast layouts + Added Friulian translation + Missing fur in ALL_LINGUAS added + Add a Arabic version of Jawi keyboard layout and it's own phonetic version + Adding Finnish Dvorak layout + Add Ladin layout for it and de keyboards + Double Russian fixed + Possible typo in word "lever" + Typo for Dell latitude + Choose only one between "behavior" and "behaviour" + Typo in "non-breakable space" + Spelling fix in guillemets + Add Swedish sv_dvorak based on us dvorak-intl + fixed nontranslatable description and shortDescription tags + Prerelease translations sync + Added a bit of explanation for diff, to make it clear + Fixed old Hungarian + Replaced NoSymbol with dead_belowmacron in default German keyboard layout + Added Polyglot and Reactionary Russian layout ==== xml-commons ==== Subpackages: xml-commons-jaxp-1.2-apis xml-commons-jaxp-1.3-apis xml-commons-resolver11 - Don't depend on java-1_5_0-gcj-compat - Depend on java-devel >= 1.6 instead - Added patch: * xml-commons-encoding.patch + Specify file encoding UTF-8 to avoid build breakages with jdk9 ==== xmlbeans ==== - Remove the dependency on java-1_5_0-gcj-compat - Use java source and target level 1.6 also for xmlbeans-mini - Clean spec files ==== xorg-x11-server ==== Version update (1.19.3 -> 1.19.4) Subpackages: xorg-x11-server-sdk - Update to version 1.19.4: A collection of stability fixes from the development branch, including two minor CVEs (CVE-2017-13721, CVE-2017-13723). - Remove upstream patches: + U_Xi-Do-not-try-to-swap-GenericEvent.patch + U_Xi-Verify-all-events-in-ProcXSendExtensionEvent.patch + U_Xi-Zero-target-buffer-in-SProcXSendExtensionEvent.patch + U_dix-Disallow-GenericEvent-in-SendEvent-request.patch - Adapt patches to work with the new release: + u_Use-better-fallbacks-to-generate-cookies-if-arc4rand.patch ==== yast2-snapper ==== Version update (4.0.0 -> 4.0.1) - make dialog caption bigger (bsc#1061498) - 4.0.1 ==== zypper ==== Version update (1.13.36 -> 1.13.37) Subpackages: zypper-aptitude zypper-log - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) - version 1.13.37