Packages changed: AppStream (0.9.5 -> 0.9.6) MozillaFirefox (46.0.1 -> 47.0) alsa branding-openSUSE curl kaccounts-integration kde-branding-openSUSE kernel-firmware (20160516 -> 20160609) kernel-source (4.6.1 -> 4.6.2) lcms2 libinput (1.3.0 -> 1.3.1) libpst librsvg (2.40.15 -> 2.40.16) libusb-1_0 libxml2 (2.9.3 -> 2.9.4) metamail mozilla-nss (3.22.3 -> 3.23) polkit python-M2Crypto (0.22.5 -> 0.24.0) python-cryptography (1.3.1 -> 1.3.4) python-keyring python-libxml2 (2.9.3 -> 2.9.4) sddm signon-plugin-oauth2 suse-module-tools swig (3.0.8 -> 3.0.9) systemd-presets-branding-openSUSE systemd-rpm-macros tidy (5.1.9 -> 5.2.0) util-linux util-linux-systemd xkeyboard-config (2.17 -> 2.18) yast2 (3.1.191 -> 3.1.193) === Details === ==== AppStream ==== Version update (0.9.5 -> 0.9.6) Subpackages: libappstream3 - Update to version 0.9.6 Features: * Improve metadata file decompression code (Matthias Klumpp) * validator: Simplify loading of data too (Matthias Klumpp) * Make it easy to compile with Address Sanitizer enabled (Matthias Klumpp) * Allow compiling with UBSan as well (Matthias Klumpp) * Add back support for Travis CI (Matthias Klumpp) * yaml: Write Releases field (Matthias Klumpp) Bugfixes: * qt: Properly check for component validity (Matthias Klumpp) * Ensure decompressed metadata is null-terminated (Neil Mayhew) * validator: Long descriptions are not needed for generic components (Matthias Klumpp) * Make VAPI generation depend on GIR typelibs explicitly (Matthias Klumpp) * Be more verbose when failing to move the cache directory (Matthias Klumpp) * Handle format errors when parsing YAML metadata (Neil Mayhew) ==== MozillaFirefox ==== Version update (46.0.1 -> 47.0) Subpackages: MozillaFirefox-translations-common - update to Firefox 47.0 (boo#983549) * Enable VP9 video codec for users with fast machines * Embedded YouTube videos now play with HTML5 video if Flash is not installed * View and search open tabs from your smartphone or another computer in a sidebar * Allow no-cache on back/forward navigations for https resources security fixes: * MFSA 2016-49/CVE-2016-2815/CVE-2016-2818 (boo#983638) (bmo#1241896, bmo#1242798, bmo#1243466, bmo#1245743, bmo#1264300, bmo#1271037, bmo#1234147, bmo#1256493, bmo#1256739, bmo#1256968, bmo#1261230, bmo#1261752, bmo#1263384, bmo#1264575, bmo#1265577, bmo#1267130, bmo#1269729, bmo#1273202, bmo#1273701) Miscellaneous memory safety hazards (rv:47.0 / rv:45.2) * MFSA 2016-50/CVE-2016-2819 (boo#983655) (bmo#1270381) Buffer overflow parsing HTML5 fragments * MFSA 2016-51/CVE-2016-2821 (bsc#983653) (bmo#1271460) Use-after-free deleting tables from a contenteditable document * MFSA 2016-52/CVE-2016-2822 (boo#983652) (bmo#1273129) Addressbar spoofing though the SELECT element * MFSA 2016-53/CVE-2016-2824 (boo#983651) (bmo#1248580) Out-of-bounds write with WebGL shader * MFSA 2016-54/CVE-2016-2825 (boo#983649) (bmo#1193093) Partial same-origin-policy through setting location.host through data URI * MFSA 2016-56/CVE-2016-2828 (boo#983646) (bmo#1223810) Use-after-free when textures are used in WebGL operations after recycle pool destruction * MFSA 2016-57/CVE-2016-2829 (boo#983644) (bmo#1248329) Incorrect icon displayed on permissions notifications * MFSA 2016-58/CVE-2016-2831 (boo#983643) (bmo#1261933) Entering fullscreen and persistent pointerlock without user permission * MFSA 2016-59/CVE-2016-2832 (boo#983632) (bmo#1025267) Information disclosure of disabled plugins through CSS pseudo-classes * MFSA 2016-60/CVE-2016-2833 (boo#983640) (bmo#908933) Java applets bypass CSP protections * MFSA 2016-62/CVE-2016-2834 (boo#983639) (bmo#1206283, bmo#1221620, bmo#1241034, bmo#1241037) Network Security Services (NSS) vulnerabilities fixed by requiring NSS 3.23 packaging changes: * cleanup configure options (boo#981695): - notably remove GStreamer support which is gone from FF * remove obsolete patches - mozilla-libproxy.patch - mozilla-repo.patch ==== alsa ==== Subpackages: alsa-devel libasound2 libasound2-32bit - Backport upstream fixes: fixing PCM dmix & co suspend/resume, namehint parser fixes, stackable async handler: 0007-namehint-Don-t-enumerate-as-duplex-if-only-a-single-.patch 0008-pcm-Define-namehint-for-single-directional-PCM-types.patch 0009-conf-Add-thread-safe-global-tree-reference.patch 0010-pcm-Remove-resume-support-from-dmix-co.patch 0011-pcm-Fix-secondary-retry-in-dsnoop-and-dshare.patch 0012-pcm-dmix-resume-workaround-for-buggy-driver.patch 0013-pcm-dmix-Prepare-slave-when-it-s-in-SETUP-too.patch 0014-pcm-dmix-Return-error-when-slave-is-in-OPEN-or-DISCO.patch 0015-async-Handle-previously-installed-signal-handler.patch ==== branding-openSUSE ==== Subpackages: gfxboot-branding-openSUSE grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE xfce4-splash-branding-openSUSE - Add yast2-qt-branding-openSUSE back and remove Supplements - Much less breakage - Drop yast2-qt-branding-openSUSE (boo#955381) - Fix xfce4-splash-branding-openSUSE conflicts ==== curl ==== Subpackages: libcurl-devel libcurl4 - Depend on libssh2 >= 1.6.0 since curl depends on the libssh2_scp_recv2 symbol now. Fixes boo#983170 ==== kaccounts-integration ==== - Require ktp-accounts-kcm, kcm_kaccounts is not useful at all without it (boo#983036) - Recommend kaccounts-providers for additional providers (Google) ==== kde-branding-openSUSE ==== Subpackages: kdelibs4-branding-openSUSE ksplash-qml-branding-openSUSE ksplashx-branding-openSUSE - Add yast2-qt-branding-openSUSE back and remove Supplements - Much less breakage - Drop yast2-qt-branding-openSUSE (boo#955381) - Fix xfce4-splash-branding-openSUSE conflicts - grub2 theme: use blueish color for timeout bar. ==== kernel-firmware ==== Version update (20160516 -> 20160609) Subpackages: ucode-amd - Update to version 20160609: * linux-firmware: update audio firmware for Braswell platform * radeon: add new CI smc firmware * radeon: add new SI smc firmware * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1) * linux-firmware: Update firmware patch for Intel Bluetooth 7265 (C0/D0) * linux-firmware: Update firmware file for Intel Bluetooth 8260 - Update to version 20160602: * qed: Add FW 8.10.5.0 * linux-firmware: intel: Add Broxton audio firmware * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B3/B4) * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B5/B6) ==== kernel-source ==== Version update (4.6.1 -> 4.6.2) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - ecryptfs: don't allow mmap when the lower file system doesn't allow it (bsc#983143 CVE-2016-1583). - commit 8777776 - arm64: mm: always take dirty state from new pte in ptep_set_access_flags (bsc#983458). - Update config files. - commit d662464 - Linux 4.6.2. - commit b664f9a - x86/pat: Document the PAT initialization sequence (bnc#982991, bnc#974257, bnc#982991). - x86/xen, pat: Remove PAT table init code from Xen (bnc#982991, bnc#974257, bnc#982991). - x86/mtrr: Fix PAT init handling when MTRR is disabled (bnc#982991, bnc#974257, bnc#982991). - x86/mtrr: Fix Xorg crashes in Qemu sessions (bnc#982991, bnc#974257, bnc#982991). - x86/mm/pat: Replace cpu_has_pat with boot_cpu_has() (bnc#982991, bnc#974257, bnc#982991). - x86/mm/pat: Add pat_disable() interface (bnc#982991, bnc#974257, bnc#982991). - x86/mm/pat: Add support of non-default PAT MSR setting (bnc#982991, bnc#974257, bnc#982991). - commit 3988263 - Delete patches.suse/xen-pv-devmem_is_allowed.patch (bnc#982991) - commit 23cb422 - Refresh patches.drivers/0001-Subject-PATCH-USB-xhci-Add-broken-streams-quirk-for-.patch. Upstream status. - commit 2720edf - rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 (boo#983036). - commit 5a9c4b2 ==== lcms2 ==== Subpackages: liblcms2-2 liblcms2-2-32bit liblcms2-devel - Update to GNOME 3.20 Fate#318572 ==== libinput ==== Version update (1.3.0 -> 1.3.1) Subpackages: libinput-devel libinput-udev libinput10 - Update to new upstream release 1.3.1 * The pressure change check we used to detect finger releases has been adjusted to just apply to the Lenovo *50 and *60 series, it didn't work too well on other touchpads and resulted in jerky motion. * An error message was generated for 3-finger swipes on some touchads that had gestures disabled, this is fixed now. ==== libpst ==== - Update to GNOME 3.20 Fate#318572 ==== librsvg ==== Version update (2.40.15 -> 2.40.16) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-devel typelib-1_0-Rsvg-2_0 - Update to version 2.40.16: + Support for building the introspection files under MSVC. + Make the zooming options in rsvg-convert(1) work again for scaling the resulting image (bgo#760262). + Wikipedia generates equations as SVGs and renders them, but uses fill="currentColor". Since we don't let caller specify a starting state for CSS, we need to start with opaque black as the default current color (bgo#764808). + Added documentation for how to replace the deprecated rsvg_handle_set_size_callback(). - Drop librsvg-Fix-rsvg-convert.patch: Fixed upstream. ==== libusb-1_0 ==== Subpackages: libusb-1_0-0 libusb-1_0-0-32bit libusb-1_0-devel - Update to GNOME 3.20.2 FATE#318572 ==== libxml2 ==== Version update (2.9.3 -> 2.9.4) Subpackages: libxml2-2 libxml2-2-32bit libxml2-devel libxml2-tools - add libxml2-2.9.4-fix_attribute_decoding.patch to fix attribute decoding during XML schema validation [bnc#983288] - Update libxml2 to version libxml2-2.9.4. The new version is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and CVE-2016-1762. - Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch, 0001-Add-missing-increments-of-recursion-depth-counter-to.patch, and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch. ==== metamail ==== - add patches: * metamail-2.7-19-provide-filenames-for-attachments.patch rebased from Immanuel Halupczok original debian patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321968 ==== mozilla-nss ==== Version update (3.22.3 -> 3.23) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools - update to NSS 3.23 New functionality: * ChaCha20/Poly1305 cipher and TLS cipher suites now supported * Experimental-only support TLS 1.3 1-RTT mode (draft-11). This code is not ready for production use. New functions: * SSL_SetDowngradeCheckVersion - Set maximum version for new ServerRandom anti-downgrade mechanism. Clients that perform a version downgrade (which is generally a very bad idea) call this with the highest version number that they possibly support. This gives them access to the version downgrade protection from TLS 1.3. Notable changes: * The copy of SQLite shipped with NSS has been updated to version 3.10.2 * The list of TLS extensions sent in the TLS handshake has been reordered to increase compatibility of the Extended Master Secret with with servers * The build time environment variable NSS_ENABLE_ZLIB has been renamed to NSS_SSL_ENABLE_ZLIB * The build time environment variable NSS_DISABLE_CHACHAPOLY was added, which can be used to prevent compilation of the ChaCha20/Poly1305 code. * The following CA certificates were Removed - Staat der Nederlanden Root CA - NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado - NetLock Kozjegyzoi (Class A) Tanusitvanykiado - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado - VeriSign Class 1 Public PCA ? G2 - VeriSign Class 3 Public PCA - VeriSign Class 3 Public PCA ? G2 - CA Disig * The following CA certificates were Added + SZAFIR ROOT CA2 + Certum Trusted Network CA 2 * The following CA certificate had the Email trust bit turned on + Actalis Authentication Root CA Security fixes: * CVE-2016-2834: Memory safety bugs (boo#983639) MFSA-2016-61 bmo#1206283 bmo#1221620 bmo#1241034 bmo#1241037 - removed obsolete nss_gcc6_change.patch ==== polkit ==== Subpackages: libpolkit0 polkit-devel typelib-1_0-Polkit-1_0 - Use pkgconfig() instead of requiring systemd package names directly. - systemd.pc is shipped by systemd main package (bsc#983167) Strangely polkit wants systemd.pc to detect that the target system is running systemd even if its configured to build systemd support... ==== python-M2Crypto ==== Version update (0.22.5 -> 0.24.0) - update to 0.24.0 * No changelog provided - README is no longer included - Removed obsolete python-M2Crypto-SWIG-3.0.5.patch ==== python-cryptography ==== Version update (1.3.1 -> 1.3.4) - fix download urls - update to upstream release 1.3.4 * Added new OpenSSL functions to the bindings to support an upcoming ``pyOpenSSL`` release. - correct source urls - update to upstream release 1.3.2 * Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2h. * Fixed an issue preventing ``cryptography`` from compiling against LibreSSL 2.3.x. ==== python-keyring ==== - require python-setuptools (see bsc#983147) ==== python-libxml2 ==== Version update (2.9.3 -> 2.9.4) - Update python-libxml2 to version libxml2-2.9.4. The new version is resistant against CVE-2016-3627, CVE-2016-1833, CVE-2016-1835, CVE-2016-1837, CVE-2016-1836, CVE-2016-1839, CVE-2016-1838, CVE-2016-1840, CVE-2016-4483, CVE-2016-1834, CVE-2016-3705, and CVE-2016-1762. ==== sddm ==== Subpackages: sddm-branding-openSUSE - Fix build requirements on systemd (bsc#983167) Use pkgconfig() so we don't need to rely on package names. For the record, systemd.pc is now part of systemd main package. ==== signon-plugin-oauth2 ==== - Conflict with libproxy1-config-kde4, that's the actual name of the package, and having it installed makes the plugin crash (boo#953175) ==== suse-module-tools ==== - Run dos2unix on the modhash script. - Add modhash tool to calculate hash of signed module. It strips X.509 or PKCS#7 signature before hash kernel module. (fate#319460) - Remove -x bit from 50-kernel-uname_r.conf (bsc#981291). ==== swig ==== Version update (3.0.8 -> 3.0.9) - Update to 3.0.9 - Add support for Python's implicit namespace packages. - Fixes to support Go 1.6. - C++11 std::array support added for Java. - Improved C++ multiple inheritance support for Java/C# wrappers. - Various other minor fixes and improvements for C#, D, Go, Java, Javascript, Lua, Python, R, Ruby, Scilab. - drop swig308-Fix-li_boost_array-test.patch, upstream ==== systemd-presets-branding-openSUSE ==== - don't require systemd to avoid dependency loop (boo#983986) - added a prereq for coreutils to make sure the macro in %pre works when using touch and mkdir. (bsc#982337) ==== systemd-rpm-macros ==== - %service_add_post() suppress daemon-reload when in installation system (bsc#982343) ==== tidy ==== Version update (5.1.9 -> 5.2.0) Subpackages: libtidy5 - new upstream version 5.2.0 + added support for HTML5 - new upstream authors at https://github.com/htacg/tidy-html5 - remove tidy_generate_tarball.sh + not needed - remove tidy-fix-buffer-overflow.patch + upstreamed - add fix_doxygen_paths.diff + patch Doxygen config file to build documentation from buld directory - add test_fixes.diff + fix build paths + remove pauses via `read` bash builtin + don't hide logging in log files - add dynamic_library_build.diff + use standard cmake BUILD_SHARED_LIBS instead of BUILD_SHARED_LIB + build both static and dynamic libraries by default, instead of just static + link vs. dynamic by default - add tidy_fetch_docs.sh + used to fetch latest documentation configuration sources - add compat_headers.diff + upstream changed some header names, so provide compatible header wrappers with a compile time warning - change library subpackage according to new soname - build libtidy-devel instead of having soname in devel package name - add CVE to previous changelog entry - add tidy-fix-buffer-overflow.patch in order to fix a heap-based buffer overflow in tidy/libtidy (gh#htacg/tidy-html5#217 boo#933588) CVE-2015-5522 CVE-2015-5523 - license update: W3C SPDX format (the license corresponds to the W3C Software License) - fix libtidy-0_99-0-devel not providing/obsoleting libtidy-devel - updated to CVS snapshot 20100202 - cleaned up * included script to generate a tarball from CVS * consistent usage of license tag * removed erroneously packaged files * more concise description conforming to packaging policy * lint clean * renamed libtidy(-devel) to libtidy-0_99-0(-devel) * removed trailing period from libtidy-dev summary * split documentation into tidy-doc subpackage - remove static libraries - fix changelog entry order - added directory to filelist - copying package from buildservice package to autobuild (adding .changes file) ==== util-linux ==== Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit - blkid: Wipe corect area for probes with offset (bsc#976141, util-linux-libblkid-wipe-offset.patch). - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead (boo#977259). - Add librtas-devel to BuildRequires on Power platforms. Needed for proper function of lscpu (bsc#975082). ==== util-linux-systemd ==== - blkid: Wipe corect area for probes with offset (bsc#976141, util-linux-libblkid-wipe-offset.patch). - Remove incorrect --with-bashcompletiondir that breaks bash-completion, use path in bash-completion.pc instead (boo#977259). - Add librtas-devel to BuildRequires on Power platforms. Needed for proper function of lscpu (bsc#975082). ==== xkeyboard-config ==== Version update (2.17 -> 2.18) - Run over with spec-cleaner - pkgconfig/perl deps conversion - Use post dependency on coreutils instead of prereq - Disable silent rules to see whats happening - Tweak configure options to match what configure.ac contains and what is needed - Remove path provides on the old /etc location, should not be needed after all those years - Update to version 2.18 * Add Ctrl+Win keyboard layout switch. * rules: Giving the caps:ctrl_modifier option a distinctive description. * Sorting the Caps Lock options in a consistent manner. * symbols: add explicit definition for Group2 to win_space_toggle * Added Bone layout (including the q/eszett variant) and Neo qwertz/qwerty * Added the Ruble signe * Added us(carpalx) * Add Algerian layout with variants * Added some Asian layouts * Added US layout for IBM Arabic 238L * Synced descriptions * Added Armenian dram sign to Armenian phonetic * Fixed ISO codes for Jawi ==== yast2 ==== Version update (3.1.191 -> 3.1.193) - Fixed displaying the file conflicts callbacks when the Progress dialog is not displayed (bsc#983464) - 3.1.193 - Drop yast2-devel-doc package (fate#320356) - 3.1.192