Packages changed:
binutils
checkmedia (4.0 -> 4.1)
cifs-utils (6.5 -> 6.8)
digikam
elfutils (0.174 -> 0.175)
gnutls
grilo (0.3.6 -> 0.3.7)
ibus-pinyin
icecream (1.1 -> 1.2)
kvm_stat (4.19.1 -> 4.19.5)
ldb (1.4.2 -> 1.4.3)
libgcrypt
libzypp (17.9.0 -> 17.10.1)
man (2.7.6 -> 2.8.4)
nautilus (3.30.3 -> 3.30.4)
ncurses
pam
pixman (0.34.0 -> 0.36.0)
polkit-default-privs
ruby2.5
skopeo
syslinux
translation-update (15.0 -> 15.1)
virt-manager
virtualbox (5.2.20_k4.19.5_1 -> 5.2.22_k4.19.5_1)
webkit2gtk3 (2.22.3 -> 2.22.4)
xen
zypper (1.14.16 -> 1.14.17)
=== Details ===
==== binutils ====
Subpackages: binutils-devel
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
PR23919.
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
the support for the X86_ISA_1_* notes. Adds
patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
than Tumbleweed to not break old tools not expecting
PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
* from 2.30:
bnc#1065643 aka CVE-2017-15996 aka PR22361
bnc#1065689 aka CVE-2017-15939 aka PR22205
bnc#1065693 aka CVE-2017-15938 aka PR22209
bnc#1068640 aka CVE-2017-16826 aka PR22376
bnc#1068643 aka CVE-2017-16832 aka PR22373
bnc#1068887 aka CVE-2017-16831 aka PR22385
bnc#1068888 aka CVE-2017-16830 aka PR22384
bnc#1068950 aka CVE-2017-16829 aka PR22307
bnc#1069176 aka CVE-2017-16828 aka PR22386
bnc#1069202 aka CVE-2017-16827 aka PR22306
* from 2.31:
bnc#1077745 aka CVE-2018-6323 aka PR22746
bnc#1079103 aka CVE-2018-6543 aka PR22769
bnc#1079741 aka CVE-2018-6759 aka PR22794
bnc#1080556 aka CVE-2018-6872 aka PR22788
bnc#1081527 aka CVE-2018-7208 aka PR22741
bnc#1083528 aka CVE-2018-7570 aka PR22881
bnc#1083532 aka CVE-2018-7569 aka PR22895
bnc#1086608 aka CVE-2018-8945 aka PR22809
bnc#1086784 aka CVE-2018-7643 aka PR22905
bnc#1086786 aka CVE-2018-7642 aka PR22887
bnc#1086788 aka CVE-2018-7568 aka PR22894
bnc#1090997 aka CVE-2018-10373 aka PR23065
bnc#1091015 aka CVE-2018-10372 aka PR23064
bnc#1091365 aka CVE-2018-10535 aka PR23113
bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
==== checkmedia ====
Version update (4.0 -> 4.1)
Subpackages: libmediacheck4
- merge gh#openSUSE/checkmedia#8
- fix digest calculation in tagmedia (bsc#1117499)
- added testcases
- adjust function descriptions
- 4.1
==== cifs-utils ====
Version update (6.5 -> 6.8)
- Update to cifs-utils 6.8.
+ document more mount options
+ man pages now generated from RST files
+ add python-docutils build dependency
+ update keyring to check tarball signature
+ remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
+ add 0001-docs-cleanup-rst-formating.patch
+ add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
+ add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
+ add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
+ add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
+ add 0006-cifs-utils-support-rst2man-3.patch
+ add 0007-checkopts-report-duplicated-options-in-man-page.patch
+ add 0008-mount.cifs.rst-more-cleanups.patch
+ add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
+ add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
* assume SUSE vendor and SLE >= 11
==== digikam ====
Subpackages: kipi-plugins kipi-plugins-lang
- Add fix-black-Welcome-page-by-clicking-on-a-link.patch to fix
the Welcome page getting black when clicking on a link that opens
a new browser window (with QtWebEngine)
==== elfutils ====
Version update (0.174 -> 0.175)
Subpackages: elfutils-lang libasm1 libdw1 libebl-plugins libelf-devel libelf1
- Update to version 0.175
readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
libdwelf: New function dwelf_elf_begin.
libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
- remove disable-backtrace-dwarf-test.patch patch - the test
works now
==== gnutls ====
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit
- search for guile-2.2 during configure, part of boo#1117121
add patches:
* gnutls-enbale-guile-2.2.patch: search for guile-2.2
refresh patches:
* disable-psk-file-test.patch: disable psk-file in Makefile.am
==== grilo ====
Version update (0.3.6 -> 0.3.7)
Subpackages: grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3
- Update to version 0.3.7:
+ Fix crash in totem after emitting source-{add remove}.
+ Add grl_related_keys_{get,set}_int64 functions.
+ Support transform GValue on grl_data_*_for_id().
+ Add per Source configs on keyfile.
+ Pattern matching for GRL_PLUGIN_RANKS.
+ Documentation improvements.
+ Removed Autotools supported.
+ Updated translations.
- Add meson BuildRequires and macros, switch to meson buildsystem
following upstreams changes.
==== ibus-pinyin ====
- Update ibus-pinyin.spec: To adapt to tumbleweed's update to
python3.
==== icecream ====
Version update (1.1 -> 1.2)
- update to 1.2
- Add more compiler flags to the list that mean build locally
* -pedantic (preprocessing only)
* -pedantic-errors (preprocessing only)
* -fsyntax-only
- don't force local compile on -include-pch
- Make load calculation better
- Limit amount of data sent at one time for slow networks/remotes
- Many updates to the tests
- Better logs of some error conditions
- Build locally if it is likely that there will not be more compiles
- Support adding gcc and clang to the same environment
- Better handling of icerun
- Cygwin now works as a client
- Don't expose Host endianness to network
- General code cleanup
==== kvm_stat ====
Version update (4.19.1 -> 4.19.5)
* Changed the spec file to build SLE15-SP1 with the s390x patches,
and added logic to the spec file to uniquely build Factory and
SLE-15 as they do not require the first 44 patches, and the code
base is not the same
- Making kvm_stat use python3 for openSUSE (bsc#1116822)
- 0047-tools-kvm_stat-switch-python-reference-to-be-explici.patch
+ 0047-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat2.patch
+ 0048-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat3.patch
+ 0049-tools-kvm_stat-switch-python-reference-to-be-explici.patch
- Make kvm_stat use python3 (bsc#1116822)
+ 0044-tools-kvm_stat-Don-t-use-deprecated-file.patch
+ 0045-tools-kvm_stat-fix-python3-issues.patch
+ 0046-tools-kvm_stat-apply-python-2to3-fixes-to-kvm_stat.patch
+ 0047-tools-kvm_stat-switch-python-reference-to-be-explici.patch
* Incorporating patches and comments produced by Fei Li for
SLE15-SP1
- Backport 43 kvm_stat patches between kernel v4.16-* and current
v4.12.14 for the kvm_stat package. Actually some of the patches
are s390x specific, and some are noarch. (FATE#325017)
+ 0001-tools-kvm_stat-fix-event-counts-display-for-interrup.patch
+ 0002-tools-kvm_stat-fix-undue-use-of-initial-sleeptime.patch
+ 0003-tools-kvm_stat-remove-unnecessary-header-redraws.patch
+ 0004-tools-kvm_stat-simplify-line-print-logic.patch
+ 0005-tools-kvm_stat-remove-extra-statement.patch
+ 0006-tools-kvm_stat-simplify-initializers.patch
+ 0007-tools-kvm_stat-move-functions-to-corresponding-class.patch
+ 0008-tools-kvm_stat-show-cursor-in-selection-screens.patch
+ 0009-tools-kvm_stat-display-message-indicating-lack-of-ev.patch
+ 0010-tools-kvm_stat-make-heading-look-a-bit-more-like-top.patch
+ 0011-tools-kvm_stat-rename-Current-column-to-CurAvg-s.patch
+ 0012-tools-kvm_stat-add-new-interactive-command-h.patch
+ 0013-tools-kvm_stat-add-new-interactive-command-s.patch
+ 0014-tools-kvm_stat-add-new-interactive-command-o.patch
+ 0015-tools-kvm_stat-display-guest-list-in-pid-guest-selec.patch
+ 0016-tools-kvm_stat-fix-error-on-interactive-command-g.patch
+ 0017-tools-kvm_stat-add-new-command-line-switch-i.patch
+ 0018-tools-kvm_stat-add-new-interactive-command-b.patch
+ 0019-tools-kvm_stat-add-f-help-to-get-the-available-event.patch
+ 0020-tools-kvm_stat-Add-Python-3-support-to-kvm_stat.patch
+ 0021-tools-kvm_stat-fix-command-line-option-g.patch
+ 0022-tools-kvm_stat-fix-drilldown-in-events-by-guests-mod.patch
+ 0023-tools-kvm_stat-fix-missing-field-update-after-filter.patch
+ 0024-tools-kvm_stat-fix-extra-handling-of-help-with-field.patch
+ 0025-tools-kvm_stat-add-hint-on-f-help-to-man-page.patch
+ 0026-tools-kvm_stat-fix-child-trace-events-accounting.patch
+ 0027-tools-kvm_stat-handle-invalid-regular-expressions.patch
+ 0028-tools-kvm_stat-suppress-usage-information-on-command.patch
+ 0029-tools-kvm_stat-stop-ignoring-unhandled-arguments.patch
+ 0030-tools-kvm_stat-add-line-for-totals.patch
+ 0031-tools-kvm_stat-sort-f-help-output.patch
+ 0032-tools-kvm_stat-simplify-the-sortkey-function.patch
+ 0033-tools-kvm_stat-use-a-namedtuple-for-storing-the-valu.patch
+ 0034-tools-kvm_stat-use-a-more-pythonic-way-to-iterate-ov.patch
+ 0035-tools-kvm_stat-avoid-is-for-equality-checks.patch
+ 0036-tools-kvm_stat-fix-crash-when-filtering-out-all-non-.patch
+ 0037-tools-kvm_stat-print-error-on-invalid-regex.patch
+ 0038-tools-kvm_stat-fix-debugfs-handling.patch
+ 0039-tools-kvm_stat-mark-private-methods-as-such.patch
+ 0040-tools-kvm_stat-eliminate-extra-guest-pid-selection-d.patch
+ 0041-tools-kvm_stat-separate-drilldown-and-fields-filteri.patch
+ 0042-tools-kvm_stat-group-child-events-indented-after-par.patch
+ 0043-tools-kvm_stat-print-Total-line-for-multiple-events-.patch
==== ldb ====
Version update (1.4.2 -> 1.4.3)
Subpackages: libldb1 libldb1-32bit
- Update to 1.4.3
+ Python: Ensure ldb.Dn can accept utf8 encoded unicode (bug 13616)
==== libgcrypt ====
Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac
- Fail selftests when checksum file is missing in FIPS mode only
(bsc#1117355)
* add libgcrypt-binary_integrity_in_non-FIPS.patch
==== libzypp ====
Version update (17.9.0 -> 17.10.1)
- Adapt to changes in upcoming Boost 1.69.0
- Do not fail service-refresh on a empty repoindex.xml (bnc#1116840)
- version 17.10.1 (9)
- str: recognize 'always' and 'never' as valid boolean strings
- Fix needreboot code to use SolvableSpec parser (fate#326451)
- SolvableSpec: Define a set of Solvables by ident and provides
- version 17.10.0 (9)
==== man ====
Version update (2.7.6 -> 2.8.4)
- Update to man-db 2.8.4
* Major changes since man-db 2.8.3:
+ Rely on decompressors reading from their standard input rather
than redundantly passing them the input file on their command
line. This works better with downstream AppArmor confinement of
decompressors.
+ Fix invalid syntax in tmpfiles.d/man-db.conf when configured with
- -disable-cache-owner.
+ Make seccomp sandbox allow sched_getaffinity, sometimes used by
xz.
+ Check for mandb_nfmt and mandb_tfmt in the manual page hierarchy
as documented, not in the current directory. This was broken by
the working-directory-handling changes in 2.8.3. Note that this
change means that "man -l" will never use an external formatter
(which was never documented behaviour and was surely a bad idea).
+ Make seccomp sandbox allow some shared memory operations across
the board rather than just when ESET File Security is in use; the
Astrill VPN seems to require something similar, and there are
doubtless other such preload hacks.
+ Some versions of ESET File Security call msgget and msgsnd; if
this program is in use, then allow those.
* Major changes since man-db 2.8.2:
+ Make seccomp sandbox allow madvise, since that's used by lbzip2.
+ Make seccomp sandbox allow kill and tgkill outright, since groff
uses kill to pass on signals to its child processes.
+ Make seccomp sandbox allow sibling architectures on
x86/x86_64/x32, since people sometimes mix and match architectures
there for performance reasons.
+ Fix version check in locale macro loading to tolerate groff
release candidates.
+ man now only changes working directory in child processes, so
never fails due to being unable to change back to its original
working directory.
+ accessdb, apropos, and lexgrog no longer emit spurious gettext
headers in their --help output when localised.
* Major changes since man-db 2.8.1:
+ Make seccomp sandbox allow kill and tgkill when the signal is
directed at the current process or one of its threads; this is
needed by xz.
+ Make seccomp sandbox allow ioctl(fd, TIOCGWINSZ), since that's used
by musl.
+ Work around the proprietary "ESET File Security" antivirus program in
seccomp sandbox: if this is in use then we need to allow some
socket-related system calls.
+ Work around the "snoopy" execve() wrapper and logger in seccomp
sandbox: if this is in use then we need to allow some
socket-related system calls.
+ Interpret EFAULT from seccomp_load as meaning that seccomp is
unavailable, since this can be returned by some versions of
qemu-user.
* Major changes since man-db 2.8.0:
+ Fix seccomp sandbox build on Linux/POWER.
+ Fix manconv execution under seccomp when man is installed setuid.
+ Make seccomp sandbox allow mremap (used by iconv, for example).
+ configure now has a --without-libseccomp option to disable the use
of seccomp even if the library is available.
* Major changes since man-db 2.7.6.1:
+ Fix locale macro loading for Chinese to load the macro file
corresponding to just the language part of the user's locale.
+ Honour --enable-cache-owner in generated systemd tmpfiles snippet
rather than hardcoding "man".
+ If man adds prefixes to a page to handle such things as disabling
hyphenation, then take account of those when looking for a
preprocessor line at the start of the page.
+ Fix a segfault in 'man -D --help'.
+ Treat "\(en" as another synonym for "\-" in NAME sections.
+ Confine most subprocesses that handle untrusted data using
seccomp. This mainly deals with subprocesses that perform
encoding conversions, (de)compressors, groff programs, and a few
other odds and ends. groff programs use a slightly more
permissive filter since they need to create temporary files, so
additional path-based confinement (e.g. using AppArmor) is still
useful.
If this goes wrong, then MAN_DISABLE_SECCOMP=1 can be set in the
environment to disable it, but please report any such problem as a
bug.
+ man now falls back to cat if the compile-time default pager is not
executable.
* Major changes since man-db 2.7.6:
+ Don't chmod CACHEDIR.TAG if it doesn't exist.
+ Correct installation of Swedish manual pages.
- Modify the patches
* man-db-2.6.3-listall.dif
* man-db-2.6.3-man0.dif
* man-db-2.6.3-section.dif
* man-db-2.7.1-firefox.dif
* man-db-2.7.1-security4.dif
* man-db-2.7.1-zio.dif
- Rename patch man-db-2.7.6.dif which is now man-db-2.8.4.dif
- Add systemd timer service and its timer unit to refresh man
data base daily without using cron (bsc#1115406)
==== nautilus ====
Version update (3.30.3 -> 3.30.4)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1 nautilus-lang
- Update to version 3.30.4:
+ Fix crash when opening windows quickly.
+ Show trash action bar when trash status changes.
+ Implement rename file support in dbus for integration with
desktop icons extension.
==== ncurses ====
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-screen
- Remove screen.xterm from terminfo data base (boo#1103320) as with
this screen uses fallback TERM=screen
- Add ncurses patch 20181117
+ ignore the hex/b64 $TERMINFO in toe's listing.
+ correct a status-check in _nc_read_tic_entry() so that if reading
a hex/b64 $TERMINFO, and the $TERM does not match, fall-through to
the compiled-in search list.
- For screen.xterm remove also `rep' feature (repeat char) this
might help on boo#1103320
- Add ncurses patch 20181110
+ several workarounds to ensure proper C compiler used in parts of
Ada95 tree.
+ update config.guess, config.sub from
http://git.savannah.gnu.org/cgit/config.git
==== pam ====
Subpackages: pam-32bit pam-devel
- When comparing an incoming IP address with an entry in
access.conf that only specified a single host (ie no netmask),
the incoming IP address was used rather than the IP address from
access.conf, effectively comparing the incoming address with
itself. (Also fixed a small typo while I was at it)
{bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953]
==== pixman ====
Version update (0.34.0 -> 0.36.0)
Subpackages: libpixman-1-0 libpixman-1-0-32bit libpixman-1-0-devel
- Update to version 0.36.0:
+ Add tests for (a)rgb floating point formats
+ Add support for argb/xrgb float formats, v5
+ Fix stride calculation in stress-test
+ Adjust for clang's removal of __builtin_shuffle
+ Fix vector loads on ppc64le
+ Promote unsigned short to unsigned int explicitly
+ pixman-filter: Made Gaussian a bit wider
+ pixman-filter: Nested polynomial for cubic
+ pixman-filter: Fix several issues related to normalization
+ pixman-filter: Speed up BOX/BOX filter
+ pixman-filter: integral splitting is only needed for triangle
filterdd
+ pixman-filter: Correct Simpsons integration
+ pixman-filter: reduce amount of malloc/free/memcpy to generate
filter
+ pixman-image: Added enable-gnuplot config to view filters in
gnuplot
+ pixman-fast-path.c: Pick NEAREST affine fast paths before
BILINEAR ones
+ pixman-private: include <float.h> only in C code
- Remove pixman-private-correct-include.patch: upstreamed
==== polkit-default-privs ====
- chkstat: adjust DO NOT EDIT banner in generated rules file (bsc#1099754)
==== ruby2.5 ====
Subpackages: libruby2_5-2_5 ruby2.5-devel ruby2.5-stdlib
- Use parallel make.
- Disable compressed sections as they are not supported by rpm
(https://bugs.ruby-lang.org/issues/12934).
==== skopeo ====
- Disable ostree repository types for SLE, as this feature requires libostree
that is not yet available in the Server Application module where skopeo is
located.
==== syslinux ====
- Add remove-note-gnu-section.patch: strip a newly added section
in order to fulfil ELF size limits expected.
==== translation-update ====
Version update (15.0 -> 15.1)
Subpackages: translation-update-cs translation-update-da translation-update-de translation-update-el translation-update-en_GB translation-update-es translation-update-fr translation-update-hu translation-update-it translation-update-ja translation-update-pl translation-update-pt translation-update-pt_BR translation-update-ru translation-update-zh_CN translation-update-zh_TW
- Update to Factory specific version 20181128 that contains only
abandoned packages in static.tlst (bsc#1100398).
- Obsolete all language packages that are no longer distributed
(boo#952855#c41) and add support for it in supplementary scripts
- translation-update-spec-generate-lang-list.sh: Fix Obsoletes
generator.
- Drop many unneeded subpackages.
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1117846 - virt-manager: Checking for virtualization packages
error
virtman-load-stored-uris.patch
==== virtualbox ====
Version update (5.2.20_k4.19.5_1 -> 5.2.22_k4.19.5_1)
Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11
- Fix the changes for kernel 4.20 API differences. The previous version compiled but had an error in logic.
- Version bump to 5.2.22 (released November 09 2018 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
Audio: fixed a regression in the Core Audio backend causing a hang when returning from host sleep when processing input buffers
Audio: fixed a potential crash in the HDA emulation if a stream has no valid mixer sink attached -- thanks to Rink Springer (rink@?)
Linux Additions: disable 3D for recent guests using Wayland (bug #18116)
Linux Additions: fix for rebuilding kernel modules for new kernels on RPM guests
Linux Additions: further fixes for Linux 4.19
Linux Additions: fixed errors rebuilding initrd files with dracut on EL 6 (bug 18055#)
Linux Additions: fixed 5.2.20 regression: guests not remembering the screen size after shutdown and restart (bug #18078)
Patch file "gcc8-configure.patch" removed. The issue is fixed upstream.
Patch file "fixes_for_4.19.patch" removed. The issue is fixed upstream.
Add file "change_default_net_adapter.patch" to set PCnet-FAST III as the default adapter. This helps with the vulnerability listed in bsc#1115041.
- Update "fixes_for_4.20.patch" for one additional API change so that
Kernel_HEAD_standard will build.
The description of VB was modified as suggested by Jan Engelhardt.
==== webkit2gtk3 ====
Version update (2.22.3 -> 2.22.4)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles
- Reduce memory constraints for riscv64
- Update to version 2.22.4:
+ Expose ENABLE_MEDIA_SOURCE as a public build option.
+ Fix a crash when using Cairo versions between 1.15 and 1.16.0
+ Fix the build with -DLOG_DISABLED=0.
+ Fix the build with ENABLE_VIDEO=OFF and ENABLE_WEB_AUDIO=OFF.
+ Fix debug builds of JavaScriptCore.
+ Fix several crashes and rendering issues.
==== xen ====
Subpackages: xen-libs xen-tools xen-tools-domU
- bsc#1116524 - Package xen-tools-4.11.0_09-2.1.x86_64 broken:
Missing /bin/domu-xenstore. This was broken because "make
package build reproducible" change. (boo#1047218, boo#1062303)
This fix reverses the change to this patch.
tmp_build.patch
- bsc#1115040 - VUL-0: xen: insufficient TLB flushing / improper
large page mappings with AMD IOMMUs (XSA-275)
xsa275-1.patch
xsa275-2.patch
- bsc#1115043 - VUL-0: xen: resource accounting issues in x86 IOREQ
server handling (XSA-276)
xsa276-1.patch
xsa276-2.patch
- bsc#1115044 - VUL-0: xen: x86: incorrect error handling for guest
p2m page removals (XSA-277)
xsa277.patch
- bsc#1114405 - VUL-0: CVE-2018-18883: xen: Nested VT-x usable even
when disabled (XSA-278)
5bd0e11b-x86-disallow-VT-x-insns-without-nested-virt.patch
- bsc#1115045 - VUL-0: xen: x86: DoS from attempting to use INVPCID
with a non-canonical addresses (XSA-279)
xsa279.patch
- bsc#1115047 - VUL-0: xen: Fix for XSA-240 conflicts with shadow
paging (XSA-280)
xsa280-1.patch
xsa280-2.patch
- bsc#1114988 - VUL-0: xen: guest use of HLE constructs may lock up
host (XSA-282)
5be2a308-x86-extend-get_platform_badpages.patch
5be2a354-x86-work-around-HLE-host-lockup-erratum.patch
- bsc#1108940 - L3: XEN SLE12-SP1 domU hang on SLE12-SP3 HV
5bdc31d5-VMX-fix-vmx_handle_eoi.patch
- Upstream bug fixes (bsc#1027519)
5b752762-x86-hvm-emul-rep-IO-should-not-cross-GFN-boundaries.patch
5ba11ed4-credit2-fix-moving-CPUs-between-cpupools.patch
5bacae4b-x86-boot-allocate-extra-module-slot.patch
5bae44ce-x86-silence-false-log-messages.patch
5bb60c12-x86-split-opt_xpti.patch
5bb60c4f-x86-split-opt_pv_l1tf.patch
5bb60c74-x86-fix-xpti-and-pv-l1tf.patch
5bcf0722-x86-boot-enable-NMIs.patch
5bd076e9-dombuilder-init-vcpu-debug-regs-correctly.patch
5bd076e9-x86-boot-init-debug-regs-correctly.patch
5bd076e9-x86-init-vcpu-debug-regs-correctly.patch
5bd85bfd-x86-fix-crash-on-xl-set-parameter-pcid.patch
==== zypper ====
Version update (1.14.16 -> 1.14.17)
Subpackages: zypper-aptitude zypper-log
- Optionally run "zypper search-packages" after "search" (FATE#325599)
- zypper.conf: Add [search]runSearchPackages config variable.
- BuildRequires: libzypp-devel >= 17.10.0
- version 1.14.17