Changed packages: ==== libdirectfb-1_7-7 ==== - Update baselibs.conf: we build libdirectfb-1_7-7. ==== MozillaFirefox ==== Version update (36.0.4 -> 37.0) Subpackages: MozillaFirefox-translations-common - update to Firefox 37.0 (bnc#925368) * Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc * some more behaviour changes for TLS security fixes: * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only) * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) Use-after-free due to type confusion flaws * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 PRNG weakness allows for DNS poisoning on Android (only) * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) Windows can retain access to privileged content on navigation to unprivileged pages - removed obsolete patches * mozilla-bmo1088588.patch * mozilla-bmo1108834.patch - requires NSPR 4.10.8 - Fix builds with skia on Power mozilla-skia-be-le.patch (patch from #bmo1136958) mozilla-bmo1108834.patch mozilla-bmo1005535.patch ==== MozillaThunderbird ==== Version update (31.5.0 -> 31.6.0) Subpackages: MozillaThunderbird-translations-common - update to Thunderbird 31.6.0 (bnc#925368) * MFSA 2015-30/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation ==== cmake ==== - Let CMake produces automatic RPM provides (added cmake.attr and cmake.prov as sources) ==== cscope ==== - Use url for source ==== cups ==== Subpackages: cups-client cups-devel cups-libs cups-libs-32bit - Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605 ==== ed ==== Version update (1.10 -> 1.11) - Cleanup spec file with spec-cleaner - Update to 1.11 * main_loop.c (exec_command): Fixed 'z' command. (zN printed N + 1 lines). * ed.texi: Documented the window size used by the 'z' command. * Makefile.in: Added new targets 'install*-compress'. * Restored original copyright notices in the code. I assigned to the FSF the copyright on changes made to the part of ed already copyrighted by the FSF, which seems to be just the manual. ==== fcitx ==== Version update (4.2.8.5 -> 4.2.8.6) Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-qt4 fcitx-table libfcitx-4_2_8 - update version 4.2.8.6 * add kf5 kcm support ==== gnutls ==== Version update (3.3.13 -> 3.3.14) Subpackages: libgnutls-devel libgnutls-openssl27 libgnutls28 libgnutls28-32bit - updated to 3.3.13 (released 2015-03-30) * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. * * libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. * * libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert ?wi?cki. * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). * * libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. * * libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ==== intltool ==== Version update (0.50.2 -> 0.51.0) - Update to version 0.51.0: + Don't write $SRCDIR to the pot file. + Fixed incorrect handling of spaces around = in .ini files. + Add support for QT designer .UI files. + Add missing files to Makefile.am EXTRA_DIST definitions. + Use plain localedir to install mo files to, rather than trying to guess one. + Fix makefile rule to build .pox files properly. + Fix incorrect usage of hyphens and dashes in man pages. + Update .bzrignore with some new generated files. + Use autoreconf instead of gnome-autogen scripts. + Remove obsolete AM_GNU_GETTEXT information from docs. + Support single quotes in glade/gtkuibuilder files (lp#1034153). ==== libpng16-16 ==== Version update (1.6.16 -> 1.6.17) Subpackages: libpng16-16-32bit libpng16-devel - Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c. + libpng-rgb_to_gray-checks.patch - updated to 1.6.17: Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to png_read_row to skip the unnecessary row de-interlace stuff. Implement previously untested cases of libpng transforms in pngvalid.c Fixed byte order in 2-byte filler, in png_do_read_filler(). Made the check for out-of-range values in png_set_tRNS() detect values that are exactly 2^bit_depth, and work on 16-bit platforms. Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and pngset.c to avoid warnings about dead code. Do not build png_product2() when it is unused. Display user limits in the output from pngtest. Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column and 1-million-row default limits in pnglibconf.dfa, that can be reset by the user at build time or run time. This provides a more robust defense against DOS and as-yet undiscovered overflows. Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default. Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block of png.h. Free the unknown_chunks structure even when it contains no data. Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha value was wrong. It's not clear if this affected the final stored value; in the obvious code path the upper and lower 8-bits of the alpha value were identical and the alpha was truncated to 8-bits rather than dividing by 257 (John Bowler). ==== libfreebl3 ==== Version update (3.17.4 -> 3.18) Subpackages: libsoftokn3 mozilla-nss mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools - update to 3.18 * Firefox target release 38 New functionality: * When importing certificates and keys from a PKCS#12 source, it's now possible to override the nicknames, prior to importing them into the NSS database, using new API SEC_PKCS12DecoderRenameCertNicknames. * The tstclnt test utility program has new command-line options - C, -D, -b and -R. Use -C one, two or three times to print information about the certificates received from a server, and information about the locally found and trusted issuer certificates, to diagnose server side configuration issues. It is possible to run tstclnt without providing a database (-D). A PKCS#11 library that contains root CA certificates can be loaded by tstclnt, which may either be the nssckbi library provided by NSS (-b) or another compatible library (-R). New Functions: * SEC_CheckCrlTimes * SEC_GetCrlTimes * SEC_PKCS12DecoderRenameCertNicknames New Types: * SEC_PKCS12NicknameRenameCallback Notable Changes: * The highest TLS protocol version enabled by default has been increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS protocol version enabled by default has been increased from DTLS 1.0 to DTLS 1.2. * The default key size used by certutil when creating an RSA key pair has been increased from 1024 bits to 2048 bits. * The following CA certificates had the Websites and Code Signing trust bits turned off: - Equifax Secure Certificate Authority - Equifax Secure Global eBusiness CA-1 - TC TrustCenter Class 3 CA II * The following CA certificates were added: - Staat der Nederlanden Root CA - G3 - Staat der Nederlanden EV Root CA - IdenTrust Commercial Root CA 1 - IdenTrust Public Sector Root CA 1 - S-TRUST Universal Root CA - Entrust Root Certification Authority - G2 - Entrust Root Certification Authority - EC1 - CFCA EV ROOT * The version number of the updated root CA list has been set to 2.3 - add the changes file as source so the .src.rpm builds (used for fake build time) ==== python-kde4 ==== Subpackages: python-kde4-akonadi python-kde4-devel python-kde4-khtml python-kde4-knewstuff python-kde4-phonon python-kde4-plasma - add arm-qreal-float.patch, arm-avoid-return-type-confusion.patch to fix build on ARM ==== python3-setuptools ==== Version update (14.3.1 -> 15.0) - update to version 15.0: * Pull Request #126: DistributionNotFound message now lists the package or packages that required it. ==== libspeexdsp1 ==== - disable unchecked use of NEON extension ==== libamd-2_4_1 ==== Subpackages: libcamd-2_4_1 libccolamd-2_9_1 libcholmod-3_0_5 libcolamd-2_9_1 libumfpack-5_7_1 - Update to version 4.4.4 + CHOLMOD version number corrected. In 4.4.3, the CHOLMOD_SUBSUB_VERSION string was left at '4' (it should have been '5', for CHOLMOD 3.0.5). This version of SuiteSparse corrects this glitch. + Minor changes to comments in SuiteSparse_config. + SPQR version 2.0.1 released (minor update to documentation) ==== tigervnc ==== Subpackages: xorg-x11-Xvnc - u_terminate_instead_of_ignoring_restart.patch * Terminate instead of ignoring restart. (bnc#920969) ==== update-alternatives ==== Version update (1.17.23 -> 1.17.24) - Cleanup with spec-cleaner - Update to 1.11.24: * Translation updates * Various small fixes ==== vsftpd ==== - bnc#925963 stat is sometimes run on wrong path and results with ENOENT, ensure we sent both dir+file to filter verification: * vsftpd-path-normalize.patch - Update patch bit more for sanity checks. Done by rsassu@suse.de: * vsftpd-path-normalize.patch - Add back patch attempting to fix bnc#900326 bnc#915522 and bnc#922538: * vsftpd-path-normalize.patch - Reset filter patch to match fedora, my work will be restarted in one-off patch to make the changes stand out. Add rest of RH filtering patches: * vsftpd-2.2.0-wildchar.patch * vsftpd-2.3.4-sqb.patch * vsftpd-2.1.0-filter.patch - Work on the filter patch and split out the normalisation of the path to separate str function, currently commented out so I avoid huge diffing. * vsftpd-2.1.0-filter.patch ==== wine ==== Version update (1.7.39 -> 1.7.40) Subpackages: wine-32bit - Updated to 1.7.40 development snapshot - Support for kernel job objects. - Various fixes to the ListView control. - Better support for OOB data in Windows Sockets. - Support for DIB images in the OLE data cache. - Improved support for MSI patches. - Some fixes for ACL file permissions. - Various bug fixes. ==== yast2-installation ==== Version update (3.1.135 -> 3.1.138) - avoid endless loop when confirm update in proposal runner (FATE#315161) - 3.1.138 - fix method missing error in proposal_runner (FATE#315161) - 3.1.137 - fix dependencies in proposal_store (FATE#315161) - 3.1.136 Removed packages: libsuitesparseconfig-4_4_3 Added packages: libsuitesparseconfig-4_4_4