Packages changed: cdrdao cyrus-sasl ffmpeg gd (2.2.4 -> 2.2.5) gstreamer-plugins-bad kdelibs4support kdesu kscreenlocker libfabric libktorrent (2.0.1 -> 2.1) libpsm2 (10.2.235 -> 10.2.260) libqca-qt5 libqca2 pulseaudio (10.99.1 -> 11.0) python-qt5 (5.8.2 -> 5.9) sddm (0.14.0 -> 0.15.0) strace (4.18 -> 4.19) yast2-tune (3.3.0 -> 4.0.0) === Details === ==== cdrdao ==== - Remove conditionals for lame and mad ==== cyrus-sasl ==== Subpackages: cyrus-sasl-crammd5 cyrus-sasl-devel cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 libsasl2-3-32bit - OpenSSL 1.1 support (bsc#1055463) * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora ==== ffmpeg ==== Subpackages: libavcodec57 libavdevice57 libavfilter6 libavformat57 libavresample3 libavutil55 libpostproc54 libswresample2 libswscale4 - Add 0001-avformat-nsvdec-Fix-DoS-due-to-lack-of-eof-check-in-.patch [CVE-2017-14171] [boo#1057539], 0002-avformat-mxfdec-Fix-DoS-issues-in-mxf_read_index_ent.patch [CVE-2017-14170] [boo#1057537], 0003-avformat-mxfdec-Fix-Sign-error-in-mxf_read_primer_pa.patch [CVE-2017-14169] [boo#1057536] - Add 0001-avformat-hls-Fix-DoS-due-to-infinite-loop.patch [CVE-2017-14058] [boo#1056762], 0002-avformat-asfdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14057] [boo#1056761], 0003-avformat-cinedec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14059] [boo#1056763], 0004-avformat-rmdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14054] [boo#1056765], 0005-avformat-rl2-Fix-DoS-due-to-lack-of-eof-check.patch (code not enabled in openSUSE, though in packman) [CVE-2017-14056] [boo#1056760], 0006-avformat-mvdec-Fix-DoS-due-to-lack-of-eof-check.patch [CVE-2017-14055] [boo#1056766] - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau. ==== gd ==== Version update (2.2.4 -> 2.2.5) Subpackages: libgd3 libgd3-32bit - Version update to 2.2.5: [#]## Security - Double-free in gdImagePngPtr(). (CVE-2017-6362) - Buffer over-read into uninitialized memory. (CVE-2017-7890) [#]## Fixed - Fix #109: XBM reading fails with printed error - Fix #338: Fatal and normal libjpeg/ibpng errors not distinguishable - Fix #357: 2.2.4: Segfault in test suite - Fix #386: gdImageGrayScale() may produce colors - Fix #406: webpng -i removes the transparent color - Fix Coverity #155475: Failure to restore alphaBlendingFlag - Fix Coverity #155476: potential resource leak - Fix several build issues and test failures - Fix and reenable optimized support for reading 1 bps TIFFs [#]## Added - The native MSVC buildchain now supports libtiff and most executables - removed patches (upstreamed): . gd-freetype.patch . gd-rounding.patch ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Fix file list on SLE, libgstteletext.so is only built on openSUSE. ==== kdelibs4support ==== Subpackages: kdelibs4support-devel libKF5KDELibs4Support5 - Add patch to allow build with Qt5 built against openSSL 1.1 (boo#1055489): * 0001-Make-kssl-compile-against-OpenSSL-1.1.0.patch ==== kdesu ==== Subpackages: kdesu-devel libKF5Su5 - Pre-require group(nogroup) ==== kscreenlocker ==== Subpackages: libKScreenLocker5 - Add patch to allow the NVIDIA driver to poke through seccomp and thus not crashing (kde#384005): * 0001-Don-t-dissallow-open-with-write-flag-syscall-on-NVID.patch ==== libfabric ==== - Update _service to allow auto updates from github ==== libktorrent ==== Version update (2.0.1 -> 2.1) - Update to version 2.1.0 - Update build requirements - Add fix-build-with-qt5.6.patch to fix build with Qt 5.6 or lower - Drop Fix-logging-framework-spamming.patch, merged upstream ==== libpsm2 ==== Version update (10.2.235 -> 10.2.260) Subpackages: libpsm2-2 libpsm2-compat - Update to version 10.2.260: - Fixed support for SLE12-SP2 - V2 EPID - Initialize CUDA support only if env variable is switched on - Add PSM_PERF functionality (for measuring number of instructions retired between two points in code) - Bug Fixes - Include commits from GitHub PR's #13, #14, #16 - Fix SLES build issue - Allow psm2_ep_connect to be called multiple times with 'self' epid - Fix issue with psm2_mq_ipeek2 and psm2_mq_test2 when used with multi-threaded OMPI - Fix performance related bugs for PSM2_CUDA builds - Remove libpsm2-fix-compilation-for-hfi1-v5.patch and libpsm2-compat-dependency-to-libpsm2.patch as they were merged upstream. - Update _service to allow auto updates from github ==== libqca-qt5 ==== Subpackages: libqca-qt5-devel libqca-qt5-plugins - Force building against openSSL 1.0 (boo#1055310) - Disable PKCS11 on TW to avoid openssl conflicts ==== libqca2 ==== - Force building against openSSL 1.0 (boo#1055310) - Disable PKCS11 on TW to avoid openssl conflicts ==== pulseaudio ==== Version update (10.99.1 -> 11.0) Subpackages: libpulse-devel libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-esound-compat pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils - Update to 11 (11.0) * The default sink and source configuration is remembered better * https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/11.0/ ==== python-qt5 ==== Version update (5.8.2 -> 5.9) Subpackages: python-qt5-utils python2-qt5 - Disable WebKit and WebEngine on SLE15. - Fix shebangs - Update to 5.9 * Added support for Qt v5.9.0 and v5.9.1. * Improved detection of the destruction of QObject-based instances by C++. * QFlags instances are now hashable. * pyrcc5 now supports v2 of the resource file format. * Added the interview.py, frozencolumn.py and storageview.py examples from Hans-Peter Jansen. * SIP v4.19.3 is required. - Remove reproducible.patch Implemented upstream. ==== sddm ==== Version update (0.14.0 -> 0.15.0) Subpackages: sddm-branding-openSUSE - Update to 0.15.0: * Fix loading of some avatars * CONFIG: add option EnableHiDPI to allow opt out of auto scaling * Theme cursor * Support optional kwallet PAM opening * Autologin, used last used session if not explicitly set in config * Ignore session desktop files with hidden=true * Support elogind * Many new and improved translations - Remove patches, now upstream: * 0001-Also-set-QT_IM_MODULE-in-non-testing-mode.patch * 0001-Also-theme-the-default-cursor-for-the-root-window.patch * 0001-Fix-display-of-user-avatars.-684.patch * 0001-Make-the-default-cursor-themed.patch * 0001-Parse-desktop-file-sections.patch * 0002-Add-a-config-option-to-enable-high-DPI-scaling-701.patch * 0002-Ignore-session-desktop-files-with-the-Hidden-propert.patch * 0003-elarun-Update-date-and-time.patch * 0004-Support-Non-Latin-characters-in-theme-settings-708.patch * 0005-Cleanup-dangling-pointer-in-SocketServer-725.patch - Refresh patches: * 0001-Revert-Rename-XDisplay-and-WaylandDisplay-config-sec.patch * proper_pam.diff ==== strace ==== Version update (4.18 -> 4.19) - Update to strace 4.19 * Changes in behaviour * Changed formatting of personality names on tile architecture in order to make it in line with other multi-personality architectures. * Changed field output order in struct v4l2_requestbuffers to improve in/out field formatting. * Changed handling of multiple signal= specifications in an injection expression: multiple specification now leads to error instead of implicit usage the last specification. * Improvements * Enhanced decoding of optlen argument of getsockopt syscall. * Enhanced decoding of SO_LINGER option of getsockopt and setsockopt syscalls. * Enhanced decoding of SO_PEERCRED option of getsockopt syscall. * Enhanced decoding of IP_ADD_MEMBERSHIP, IP_DROP_MEMBERSHIP, IPV6_ADD_MEMBERSHIP, IPV6_DROP_MEMBERSHIP, IPV6_JOIN_ANYCAST, IPV6_LEAVE_ANYCAST, MCAST_JOIN_GROUP, and MCAST_LEAVE_GROUP options of setsockopt syscall. * Enhanced decoding of KEYCTL_DH_COMPUTE operation of keyctl syscall (KDF parameters decoding). * Implemented decoding of KEYCTL_RESTRICT_KEYRING operation of keyctl syscall. * Enhanced decoding of UFFDIO_API ioctl command. * Enhanced decoding of BPF_PROG_LOAD, BPF_MAP_CREATE, BPF_MAP_LOOKUP_ELEM, and BPF_MAP_GET_NEXT_KEY commands of bpf syscall. * Implemented decoding of linux socket filter programs specified for SO_ATTACH_FILTER and SO_ATTACH_REUSEPORT_CBPF socket options. * Implemented decoding of inet_diag_req_v2, inet_diag_req_compat, packet_diag_msg, and smc_diag_msg netlink attributes of NETLINK_SOCK_DIAG. * Implemented NETLINK_SELINUX protocol specific decoding. * Implemented decoding of netlink message ack flags. * Implemented decoding of nlmsgerr netlink attributes. * Implemented basic protocol specific decoding of NETLINK_CRYPTO. * Implemented decoding of crypto_user_alg netlink attributes of NETLINK_CRYPTO. * Implemented basic protocol specific decoding of addr, addrlabel, dcb, link, mdb, neigh, neightbl, netconf, nsid, route, rule, tc, and tca messages of NETLINK_ROUTE. * Implemented decoding of NETLINK_KOBJECT_UEVENT messages. * Improved handling of unexpected tracees (the ones that cloned with CLONE_PARENT/CLONE_PTRACE or called PTRACE_TRACEME on themselves): they are now PTRACE_DETACH'ed instead of PTRACE_CONT'ed. * Updated lists of BPF_*, KEY_*, RWF_*, SCM_*, SO_*, and *_MAGIC constants. * Added decoding of arch_prctl syscall on x86. * Added decoding of seccomp, bpf, userfaultfd, membarrier, mlock2, copy_file_range, preadv2, pwritev2, and statx on alpha. * Added decoding of statx syscall on microblaze. * Added decoding of s390_guarded_storage syscall on s390. * Updated lists of ioctl commands from Linux 4.13. * Enhanced manual page. * Bug fixes * Fixed printing of group_req structure on non-native personalities. * Fixed output formatting of blkpg_ioctl_arg, dm_name_list, and iocb structures. * Fixed formatting of nul-terminated strings which have kernel-imposed size limit. * Fixed printing of paths that hit PATM_MAX limit in order to match kernel's behaviour. * Fixed build warnings on Android mips64. * Fixed unused function "is_negated_errno" build warning when built with clang. * Fixed syscall number and arguments retrieval behaviour on sparc64 and mips o32 after prctl(PR_SET_DUMPABLE, 0) makes PTRACE_PEEKTEXT impossible to use if Linux kernel has commit v4.10-rc1~114^2~2. * Fixed path tracing for execveat, symlink, symlinkat, inotify_add_watch, and inotify_init syscalls. * Fixed personality switch printing on sparc64 and risc-v. ==== yast2-tune ==== Version update (3.3.0 -> 4.0.0) - Removed duplicate keys (bsc#1054898) - 4.0.0