Changed packages:
==== libdirectfb-1_7-7 ====
- Update baselibs.conf: we build libdirectfb-1_7-7.
==== MozillaFirefox ====
Version update (36.0.4 -> 37.0)
Subpackages: MozillaFirefox-translations-common
- update to Firefox 37.0 (bnc#925368)
* Heartbeat user rating system
* Yandex set as default search provider for the Turkish locale
* Bing search now uses HTTPS for secure searching
* Improved protection against site impersonation via OneCRL
centralized certificate revocation
* Opportunistically encrypt HTTP traffic where the server supports
HTTP/2 AltSvc
* some more behaviour changes for TLS
security fixes:
* MFSA 2015-30/CVE-2015-0814/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-32/CVE-2015-0812 (bmo#1128126)
Add-on lightweight theme installation approval bypassed through
MITM attack
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-34/CVE-2015-0811 (bmo#1132468)
Out of bounds read in QCMS library
* MFSA-2015-35/CVE-2015-0810 (bmo#1125013)
Cursor clickjacking with flash and images (OS X only)
* MFSA-2015-36/CVE-2015-0808 (bmo#1109552)
Incorrect memory management for simple-type arrays in WebRTC
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437)
Memory corruption crashes in Off Main Thread Compositing
* MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560)
Use-after-free due to type confusion flaws
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
Same-origin bypass through anchor navigation
* MFSA-2015-41/CVE-2015-0800/CVE-2012-2808
PRNG weakness allows for DNS poisoning on Android (only)
* MFSA-2015-42/CVE-2015-0802 (bmo#1124898)
Windows can retain access to privileged content on navigation
to unprivileged pages
- removed obsolete patches
* mozilla-bmo1088588.patch
* mozilla-bmo1108834.patch
- requires NSPR 4.10.8
- Fix builds with skia on Power
mozilla-skia-be-le.patch (patch from #bmo1136958)
mozilla-bmo1108834.patch
mozilla-bmo1005535.patch
==== MozillaThunderbird ====
Version update (31.5.0 -> 31.6.0)
Subpackages: MozillaThunderbird-translations-common
- update to Thunderbird 31.6.0 (bnc#925368)
* MFSA 2015-30/CVE-2015-0815
Miscellaneous memory safety hazards
* MFSA 2015-31/CVE-2015-0813 (bmo#1106596))
Use-after-free when using the Fluendo MP3 GStreamer plugin
* MFSA 2015-33/CVE-2015-0816 (bmo#1144991)
resource:// documents can load privileged pages
* MFSA-2015-37/CVE-2015-0807 (bmo#1111834)
CORS requests should not follow 30x redirections after preflight
* MFSA-2015-40/CVE-2015-0801 (bmo#1146339)
Same-origin bypass through anchor navigation
==== cmake ====
- Let CMake produces automatic RPM provides (added cmake.attr and
cmake.prov as sources)
==== cscope ====
- Use url for source
==== cups ====
Subpackages: cups-client cups-devel cups-libs cups-libs-32bit
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
==== ed ====
Version update (1.10 -> 1.11)
- Cleanup spec file with spec-cleaner
- Update to 1.11
* main_loop.c (exec_command): Fixed 'z' command.
(zN printed N + 1 lines).
* ed.texi: Documented the window size used by the 'z' command.
* Makefile.in: Added new targets 'install*-compress'.
* Restored original copyright notices in the code. I assigned to
the FSF the copyright on changes made to the part of ed already
copyrighted by the FSF, which seems to be just the manual.
==== fcitx ====
Version update (4.2.8.5 -> 4.2.8.6)
Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-qt4 fcitx-table libfcitx-4_2_8
- update version 4.2.8.6
* add kf5 kcm support
==== gnutls ====
Version update (3.3.13 -> 3.3.14)
Subpackages: libgnutls-devel libgnutls-openssl27 libgnutls28 libgnutls28-32bit
- updated to 3.3.13 (released 2015-03-30)
* * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
structures use BER to decode them (requires libtasn1 4.3). That allows
to decode some more complex structures.
* * libgnutls: When an end-certificate with no name is present and there
are CA name constraints, don't reject the certificate. This follows RFC5280
advice closely. Reported by Fotis Loukos.
* * libgnutls: Fixed handling of supplemental data with types > 255.
Patch by Thierry Quemerais.
* * libgnutls: Fixed double free in the parsing of CRL distribution points certificate
extension. Reported by Robert ?wi?cki.
* * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
protocol is not enabled by default (used by openconnect VPN).
* * libgnutls: The maximum user data send size is set to be the same for
block and non-block ciphersuites. This addresses a regression with wine:
https://bugs.winehq.org/show_bug.cgi?id=37500
* * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
and CKA_DECRYPT when needed.
* * libgnutls: Allow names with zero size to be set using
gnutls_server_name_set(). That will disable the Server Name Indication.
Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2
==== intltool ====
Version update (0.50.2 -> 0.51.0)
- Update to version 0.51.0:
+ Don't write $SRCDIR to the pot file.
+ Fixed incorrect handling of spaces around = in .ini files.
+ Add support for QT designer .UI files.
+ Add missing files to Makefile.am EXTRA_DIST definitions.
+ Use plain localedir to install mo files to, rather than trying
to guess one.
+ Fix makefile rule to build .pox files properly.
+ Fix incorrect usage of hyphens and dashes in man pages.
+ Update .bzrignore with some new generated files.
+ Use autoreconf instead of gnome-autogen scripts.
+ Remove obsolete AM_GNU_GETTEXT information from docs.
+ Support single quotes in glade/gtkuibuilder files (lp#1034153).
==== libpng16-16 ====
Version update (1.6.16 -> 1.6.17)
Subpackages: libpng16-16-32bit libpng16-devel
- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
+ libpng-rgb_to_gray-checks.patch
- updated to 1.6.17:
Corrected the width limit calculation in png_check_IHDR().
Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
Implement previously untested cases of libpng transforms in pngvalid.c
Fixed byte order in 2-byte filler, in png_do_read_filler().
Made the check for out-of-range values in png_set_tRNS() detect
values that are exactly 2^bit_depth, and work on 16-bit platforms.
Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
pngset.c to avoid warnings about dead code.
Do not build png_product2() when it is unused.
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
of png.h.
Free the unknown_chunks structure even when it contains no data.
Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
value was wrong. It's not clear if this affected the final stored
value; in the obvious code path the upper and lower 8-bits of the
alpha value were identical and the alpha was truncated to 8-bits
rather than dividing by 257 (John Bowler).
==== libfreebl3 ====
Version update (3.17.4 -> 3.18)
Subpackages: libsoftokn3 mozilla-nss mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools
- update to 3.18
* Firefox target release 38
New functionality:
* When importing certificates and keys from a PKCS#12 source,
it's now possible to override the nicknames, prior to importing
them into the NSS database, using new API
SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
- C, -D, -b and -R.
Use -C one, two or three times to print information about the
certificates received from a server, and information about the
locally found and trusted issuer certificates, to diagnose
server side configuration issues. It is possible to run tstclnt
without providing a database (-D). A PKCS#11 library that
contains root CA certificates can be loaded by tstclnt, which
may either be the nssckbi library provided by NSS (-b) or
another compatible library (-R).
New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames
New Types:
* SEC_PKCS12NicknameRenameCallback
Notable Changes:
* The highest TLS protocol version enabled by default has been
increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
protocol version enabled by default has been increased from
DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
pair has been increased from 1024 bits to 2048 bits.
* The following CA certificates had the Websites and Code Signing
trust bits turned off:
- Equifax Secure Certificate Authority
- Equifax Secure Global eBusiness CA-1
- TC TrustCenter Class 3 CA II
* The following CA certificates were added:
- Staat der Nederlanden Root CA - G3
- Staat der Nederlanden EV Root CA
- IdenTrust Commercial Root CA 1
- IdenTrust Public Sector Root CA 1
- S-TRUST Universal Root CA
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- CFCA EV ROOT
* The version number of the updated root CA list has been set
to 2.3
- add the changes file as source so the .src.rpm builds (used for
fake build time)
==== python-kde4 ====
Subpackages: python-kde4-akonadi python-kde4-devel python-kde4-khtml python-kde4-knewstuff python-kde4-phonon python-kde4-plasma
- add arm-qreal-float.patch, arm-avoid-return-type-confusion.patch
to fix build on ARM
==== python3-setuptools ====
Version update (14.3.1 -> 15.0)
- update to version 15.0:
* Pull Request #126: DistributionNotFound message now lists the
package or packages that required it.
==== libspeexdsp1 ====
- disable unchecked use of NEON extension
==== libamd-2_4_1 ====
Subpackages: libcamd-2_4_1 libccolamd-2_9_1 libcholmod-3_0_5 libcolamd-2_9_1 libumfpack-5_7_1
- Update to version 4.4.4
+ CHOLMOD version number corrected. In 4.4.3, the CHOLMOD_SUBSUB_VERSION
string was left at '4' (it should have been '5', for CHOLMOD 3.0.5).
This version of SuiteSparse corrects this glitch.
+ Minor changes to comments in SuiteSparse_config.
+ SPQR version 2.0.1 released (minor update to documentation)
==== tigervnc ====
Subpackages: xorg-x11-Xvnc
- u_terminate_instead_of_ignoring_restart.patch
* Terminate instead of ignoring restart. (bnc#920969)
==== update-alternatives ====
Version update (1.17.23 -> 1.17.24)
- Cleanup with spec-cleaner
- Update to 1.11.24:
* Translation updates
* Various small fixes
==== vsftpd ====
- bnc#925963 stat is sometimes run on wrong path and results with
ENOENT, ensure we sent both dir+file to filter verification:
* vsftpd-path-normalize.patch
- Update patch bit more for sanity checks. Done by rsassu@suse.de:
* vsftpd-path-normalize.patch
- Add back patch attempting to fix bnc#900326 bnc#915522 and
bnc#922538:
* vsftpd-path-normalize.patch
- Reset filter patch to match fedora, my work will be restarted
in one-off patch to make the changes stand out. Add rest of
RH filtering patches:
* vsftpd-2.2.0-wildchar.patch
* vsftpd-2.3.4-sqb.patch
* vsftpd-2.1.0-filter.patch
- Work on the filter patch and split out the normalisation of the
path to separate str function, currently commented out so I
avoid huge diffing.
* vsftpd-2.1.0-filter.patch
==== wine ====
Version update (1.7.39 -> 1.7.40)
Subpackages: wine-32bit
- Updated to 1.7.40 development snapshot
- Support for kernel job objects.
- Various fixes to the ListView control.
- Better support for OOB data in Windows Sockets.
- Support for DIB images in the OLE data cache.
- Improved support for MSI patches.
- Some fixes for ACL file permissions.
- Various bug fixes.
==== yast2-installation ====
Version update (3.1.135 -> 3.1.138)
- avoid endless loop when confirm update in proposal runner
(FATE#315161)
- 3.1.138
- fix method missing error in proposal_runner (FATE#315161)
- 3.1.137
- fix dependencies in proposal_store (FATE#315161)
- 3.1.136
Removed packages:
libsuitesparseconfig-4_4_3
Added packages:
libsuitesparseconfig-4_4_4