June 2016 - openSUSE Factory - openSUSE Mailing Lists

[opensuse-factory] New Tumbleweed snapshot 20160531 released!
by Dominique Leuenberger 03 Jun '16

03 Jun '16

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Packages changed: GraphicsMagick LibVNCServer ModemManager MozillaFirefox MozillaThunderbird NetworkManager-gnome akonadi-calendar (15.12.3 -> 16.04.1) akonadi-search (15.12.3 -> 16.04.1) akonadi-server (15.12.3 -> 16.04.1) amarok ark (15.12.3 -> 16.04.1) baloo5-widgets (15.12.3 -> 16.04.1) cdrdao crda dolphin (15.12.3 -> 16.04.1) dragonplayer (15.12.3 -> 16.04.1) espeak gnome-software (3.20.2 -> 3.20.3) gpgmepp5 (15.12.3 -> 16.04.1) grantlee5 (5.0.0 -> 5.1.0) gstreamer-plugins-bad gwenview5 (15.12.3 -> 16.04.1) installation-images-openSUSE (14.245 -> 14.247) k3b kaccounts-integration (15.12.3 -> 16.04.1) kalarmcal (15.12.3 -> 16.04.1) kamera (15.12.3 -> 16.04.1) kate (15.12.3 -> 16.04.1) kcalc (15.12.3 -> 16.04.1) kcalcore (15.12.3 -> 16.04.1) kcalutils (15.12.3 -> 16.04.1) kcharselect (15.12.3 -> 16.04.1) kcolorchooser (15.12.3 -> 16.04.1) kcontacts (15.12.3 -> 16.04.1) kdebase4 (15.12.3 -> 16.04.1) kdebase4-runtime (15.12.3 -> 16.04.1) kdebase4-workspace kdelibs4 (4.14.18 -> 4.14.19) kdenetwork4-filesharing (15.12.3 -> 16.04.1) kdepim (15.12.3 -> 16.04.1) kdepim-runtime (15.12.3 -> 16.04.1) kdepimlibs (15.12.3 -> 16.04.1) kdepimlibs4 kdnssd (15.12.3 -> 16.04.1) kernel-source (4.5.4 -> 4.6.0) kget (15.12.3 -> 16.04.1) kgpg (15.12.3 -> 16.04.1) kholidays (15.12.3 -> 16.04.1) kidentitymanagement (15.12.3 -> 16.04.1) kimap (15.12.3 -> 16.04.1) kio-extras5 (15.12.3 -> 16.04.1) kio_audiocd (15.12.3 -> 16.04.1) kipi-plugins5 (4.94git -> 5.0.0~beta5) kiwi (7.03.68 -> 7.03.72) kldap (15.12.3 -> 16.04.1) kleopatra5 (15.12.3 -> 16.04.1) kmag (15.12.3 -> 16.04.1) kmailtransport (15.12.3 -> 16.04.1) kmbox (15.12.3 -> 16.04.1) kmime (15.12.3 -> 16.04.1) kmousetool (15.12.3 -> 16.04.1) kompare (15.12.3 -> 16.04.1) konsole (15.12.3 -> 16.04.1) kontactinterface (15.12.3 -> 16.04.1) kopete (15.12.3 -> 16.04.1) kpimtextedit (15.12.3 -> 16.04.1) kqtquickcharts (15.12.3 -> 16.04.1) krdc (15.12.3 -> 16.04.1) krfb (15.12.3 -> 16.04.1) kruler (15.12.3 -> 16.04.1) ktnef (15.12.3 -> 16.04.1) ktp-accounts-kcm (15.12.3 -> 16.04.1) ktp-approver (15.12.3 -> 16.04.1) ktp-auth-handler (15.12.3 -> 16.04.1) ktp-common-internals (15.12.3 -> 16.04.1) ktp-contact-list (15.12.3 -> 16.04.1) ktp-contact-runner (15.12.3 -> 16.04.1) ktp-desktop-applets (15.12.3 -> 16.04.1) ktp-filetransfer-handler (15.12.3 -> 16.04.1) ktp-kded-module (15.12.3 -> 16.04.1) ktp-send-file (15.12.3 -> 16.04.1) ktp-text-ui (15.12.3 -> 16.04.1) kwalletmanager5 (15.12.3 -> 16.04.1) libaccounts-glib (1.18 -> 1.21) libkcddb4 (15.12.3 -> 16.04.1) libkcompactdisc4 (15.12.3 -> 16.04.1) libkdcraw (15.12.3 -> 16.04.1) libkdepim (15.12.3 -> 16.04.1) libkexiv2 (15.12.3 -> 16.04.1) libkface (15.12.3 -> 16.04.1) libkgeomap (15.12.3 -> 16.04.1) libkipi (15.12.3 -> 16.04.1) libkolab-qt5 libkomparediff2 (15.12.3 -> 16.04.1) libksane (15.12.3 -> 16.04.1) libktorrent libmusicbrainz libqca-qt5 libqt5-qtdeclarative libraw libsidplay1 libyui (3.2.4 -> 3.2.5) marble (15.12.3 -> 16.04.1) mobipocket (15.12.3 -> 16.04.1) mozilla-nss net-snmp okular (15.12.3 -> 16.04.1) opal openCOLLADA perl (5.22.1 -> 5.24.0) perl-MIME-tools perl-Module-Build (0.421200 -> 0.421800) plasma5-desktop python-cffi (1.5.2 -> 1.6.0) qalculate signon-kwallet-extension (15.12.3 -> 16.04.1) spectacle (15.12.3 -> 16.04.1) sweeper (15.12.3 -> 16.04.1) syndication (15.12.3 -> 16.04.1) vim (7.4.1816 -> 7.4.1842) vlc webkitgtk webkitgtk3 yast2-drbd (3.1.21 -> 3.1.22) === Details === ==== GraphicsMagick ==== Subpackages: GraphicsMagick-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 - security update: * CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch ==== LibVNCServer ==== Subpackages: LibVNCServer-devel libvncclient0 libvncserver0 - Fix build errors of applications using stl_algobase.h and libvncserver's rfbproto.h, e.g. krfb (issue #102) * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch ==== ModemManager ==== Subpackages: ModemManager-devel libmm-glib0 typelib-1_0-ModemManager-1_0 - Add three more patches from upstream to fix build with gcc6: + ModemManager-cinterion_drop_unused_constants.patch. + ModemManager-novatel_remove_unused_custom_AT_probe_array.patch. + ModemManager-wmc_fix_typo.patch. - Add ModemManager-fix-whitespaces.patch: Fix whitespace usage. While building with GCC 6, the indenting is taken as a warning for the user likely making a mistake. ==== MozillaFirefox ==== Subpackages: MozillaFirefox-translations-common - The conditional testing for gcc was failing for different openSUSE versions, drop it and apply patches unconditionally. - Add patches to fix building with gcc6: + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp from unified compilation because #include <cmath> in other source files causes gcc6 compilation failure; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. - enable build with PIE and full relro on x86_64 (boo#980384) - update to Firefox 46.0.1 Fixed: * Search plugin issue for various locales * Add-on signing certificate expiration * Service worker update issue * Build issue when jit is disabled * Limit Sync registration updates - removed now obsolete mozilla-jit_branch64.patch - add mozilla-jit_branch64.patch to avoid PowerPC build failure (from bmo#1266366) - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest version from Fedora). - update to Firefox 46.0 (boo#977333) * Improved security of the JavaScript Just In Time (JIT) Compiler * WebRTC fixes to improve performance and stability * Added support for document.elementsFromPoint * Added HKDF support for Web Crypto API * requires NSPR 4.12 and NSS 3.22.3 * added patch to fix unchecked return value mozilla-check_return.patch * Gtk3 builds not supported at the moment security fixes: * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 (boo#977373, boo#977375, boo#977376) Miscellaneous memory safety hazards * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) Privilege escalation through file deletion by Maintenance Service updater (Windows only) * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) Content provider permission bypass allows malicious application to access data (Android only) * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776, boo#977379) Use-after-free and buffer overflow in Service Workers * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) Disclosure of user actions through JavaScript with motion and orientation sensors (only affects mobile variants) * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) Buffer overflow in libstagefright with CENC offsets * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) CSP not applied to pages sent with multipart/x-mixed-replace * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) Elevation of privilege with chrome.tabs.update API in web extensions * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) Write to invalid HashMap entry through JavaScript.watch() * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) Firefox Health Reports could accept events from untrusted domains - Update mozilla-gtk3_20.patch to fix scrollbar appearance under gtk >= 3.20 (patch synced to Fedora's version). - Compile against gtk3 depending on whether the macro %firefox_use_gtk3 is defined or not (e.g., at the prjconf level); macro is undefined by default and so gtk2 is used as the default toolkit. - Add BuildRequires for additional packages needed when building against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; patch taken from Fedora (bmo#1230955). - Mozilla Firefox 45.0.2: * Fix an issue impacting the cookie header when third-party cookies are blocked (bmo#1257861) * Fix a web compatibility regression impacting the srcset attribute of the image tag (bmo#1259482) * Fix a crash impacting the video playback with Media Source Extension (bmo#1258562) * Fix a regression impacting some specific uploads (bmo#1255735) * Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (bmo#1254980) - Mozilla Firefox 45.0.1: * Fix a regression causing search engine settings to be lost in some context (bmo#1254694) * Bring back non-standard jar: URIs to fix a regression in IBM iNotes (bmo#1255139) * XSLTProcessor.importStylesheet was failing when <import> was used (bmo#1249572) * Fix an issue which could cause the list of search provider to be empty (bmo#1255605) * Fix a regression when using the location bar (bmo#1254503) * Fix some loading issues when Accept third-party cookies: was set to Never (bmo#1254856) * Disabled Graphite font shaping library - update to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library - Remove B_CNT from symbols.zip filename to reduce build-compare noise - fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942) - build fixes for arm/aarch64: * disable webrtc for arm/aarch64 * switch away from openGL-ES backend to default for arm/aarch64 since it almost never builds * reenable neon - reenable webrtc for powerpc as it seems to build - update to Firefox 44.0 * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 Miscellaneous memory safety hazards * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 Out of Memory crash when parsing GIF format images * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 Buffer overflow in WebGL after out of memory allocation * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 Firefox allows for control characters to be set in cookie names * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 Missing delay following user click events in protocol handler dialog * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 Errors in mp_div and mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21) * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) Addressbar spoofing attacks boo#963643 * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 Unsafe memory manipulation found through code inspection * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 Application Reputation service disabled in Firefox 43 * requires NSPR 4.11 * requires NSS 3.21 - prepare mozilla-kde.patch for Gtk3 builds - rebased patches - Mozilla Firefox 43.0.4: * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections (bmo#1236975) * Fix for startup crash for users of a third party antivirus tool (bmo#1235537) - The following change was previously in the package as a patch: * Multi-user GNU/Linux download folders can be created (bmo#1233434), removed mozilla-bmo1233434.patch - update to Firefox 43.0.3 * requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * various changes to support Windows update (SHA-1 vs. SHA-2) * workaround Youtube user agent detection issue (bmo#1233970) - fix file download regression for multi user systems (bmo#1233434) (mozilla-bmo1233434.patch) - explicitely requires libXcomposite-devel - update to Firefox 43.0 (bnc#959277) * Improved API support for m4v video playback * Users can opt-in to receive search suggestions from the Awesome Bar * WebRTC streaming on multiple monitors * User selectable second block list for Private Browsing's Tracking Protection security fixes: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs - rebased patches - Add desktop menu action for private browsing window to desktop file (boo#954747) - remove obsolete patch mozilla-bmo1005535.patch completely from source package to avoid automatic check failures - update to Firefox 42.0 (bnc#952810) * Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites * Control Center that contains site security and privacy controls * Login Manager improvements * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites security fixes: * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR >= 4.10.10 and NSS >= 3.19.4 - removed obsolete patches * mozilla-arm-disable-edsp.patch * mozilla-icu-strncat.patch * mozilla-skia-be-le.patch * toolkit-download-folder.patch - fixed build with enable-libproxy (bmo#1220399) * mozilla-libproxy.patch - update to Firefox 41.0.2 (bnc#950686) * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) Cross-origin restriction bypass using Fetch - added explicit appdata provides (bnc#949983) - do not build with --enable-stdcxx-compat (this starts to fail build on various toolchain combinations and is not required for openSUSE builds in general - update to Firefox 41.0.1 * Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124) * Fix potential hangs with Flash plugins (bmo#1185639) * Fix a regression in the bookmark creation (bmo#1206376) * Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665) * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) - update to Firefox 41.0 (bnc#947003) * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API - rebased patches - removed obsolete patches * mozilla-arm64-libjpeg-turbo.patch - update to Firefox 40.0.3 (bnc#943550) * Disable the asynchronous plugin initialization (bmo#1198590) * Fix a segmentation fault in the GStreamer support (bmo#1145230) * Fix a regression with some Japanese fonts used in the <input> field (bmo#1194055) * On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) Add-on notification bypass through data URLs - update to Firefox 40.0 (bnc#940806) * Added protection against unwanted software downloads * Suggested Tiles show sites of interest, based on categories from your recent browsing history * Hello allows adding a link to conversations to provide context on what the conversation will be about * New style for add-on manager based on the in-content preferences style * Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) * Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes: * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches * mozilla-add-glibcxx_use_cxx11_abi.patch * firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - security update to Firefox 39.0.3 (bnc#940918) * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader - update to Firefox 39.0 (bnc#935979) * Share Hello URLs with social networks * Support for 'switch' role in ARIA 1.1 (web accessibility) * SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) * Support for new Unicode 8.0 skin tone emoji * Removed support for insecure SSLv3 for network communications * Disable use of RC4 except for temporarily whitelisted hosts * NPAPI Plug-in performance improved via asynchronous initialization security fixes: * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 Miscellaneous memory safety hazards * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) Out-of-bound read while computing an oscillator rendering range in Web Audio * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) Use-after-free in Content Policy due to microtask execution error * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) Use-after-free in workers while using XMLHttpRequest * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 Vulnerabilities found through code inspection * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) Key pinning is ignored when overridable errors are encountered * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) OS X crash reports may contain entered key press information (not relevant under Linux) * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) Privilege escalation in PDF.js * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) NSS accepts export-length DHE keys with regular DHE cipher suites (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) NSS incorrectly permits skipping of ServerKeyExchange (this fix is shipped by NSS 3.19.1 externally) - dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further - rebased patches - require NSS 3.19.2 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration - update to Firefox 38.0.6 * fixes bmo#1171730 which is not really relevant to oS builds - fix KDE regression from 38.0.5 builds (bsc#933439) - update to Firefox 38.0.5 * Keep track of articles and videos with Pocket * Clean formatting for articles and blog posts with Reader View * Share the active tab or window in a Hello conversation - add changes file as source for SRPM (bsc#932142) - add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 - update to Firefox 38.0.1 stability and regression fixes * Systems with first generation NVidia Optimus graphics cards may crash on start-up * Users who import cookies from Google Chrome can end up with broken websites * Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) * New tab-based preferences * Ruby annotation support * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes: * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards * MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML * MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata * MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages - requires NSS 3.18.1 - removed obsolete patches: * mozilla-skia-bmo1136958.patch - remove gnomevfs build options as it is removed from sources - rebased patches - update to Firefox 37.0.2 (bnc#928116) * MFSA 2015-45/CVE-2015-2706 (bmo#1141081) Memory corruption during failed plugin initialization - update to Firefox 37.0.1 (bnc#926166) * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) Loading privileged content through Reader mode * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) Certificate verification bypass through the HTTP/2 Alt-Svc header - update to Firefox 37.0 (bnc#925368) * Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc * some more behaviour changes for TLS security fixes: * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only) * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) Use-after-free due to type confusion flaws * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 PRNG weakness allows for DNS poisoning on Android (only) * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) Windows can retain access to privileged content on navigation to unprivileged pages - removed obsolete patches * mozilla-bmo1088588.patch * mozilla-bmo1108834.patch - requires NSPR 4.10.8 - Fix builds with skia on Power mozilla-skia-be-le.patch (patch from #bmo1136958) mozilla-bmo1108834.patch mozilla-bmo1005535.patch - update to Firefox 36.0.4 (bnc#923534) * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination - Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g. xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info). - update to Firefox 36.0.1 Bugfixes: * Disable the usage of the ANY DNS query type (bmo#1093983) * Hello may become inactive until restart (bmo#1137469) * Print preferences may not be preserved (bmo#1136855) * Hello contact tabs may not be visible (bmo#1137141) * Accept hostnames that include an underscore character ("_") (bmo#1136616) * WebGL may use significant memory with Canvas2d (bmo#1137251) * Option -remote has been restored (bmo#1080319) - added mozilla-skia-bmo1136958.patch to fix build issues for ARM and PPC - update to Firefox 36.0 (bnc#917597) * mozilla-xremote-client was removed * added libclearkey.so media plugin * Pinned tiles on the new tab page can be synced * Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web. * Locale added: Uzbek (uz) security fixes: * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only) * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs * MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass - rebased patches - requires NSS 3.17.4 - update to Firefox 35.0.1 * With the Enhanced Steam extension, Firefox could crash (bmo#1123732) * Kerberos authentication did not work with alias (bmo#1108971) * SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (bmo#1083079) * On Godaddy webmail, Firefox could crash (bmo#1113121) * document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (bmo#1121857) * With a Right-to-left (RTL) version of Firefox, the text selection could be broken (bmo#1104036) * CSP had a change in behavior with regard to case sensitivity resources loading (bmo#1122445) - update to Firefox 35.0 (bnc#910669) notable features: * Firefox Hello with new rooms-based conversations model * Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections) security fixes: * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - rebased patches - dropped explicit support for everything older than 12.3 (including SLES11) * merge firefox-kde.patch and firefox-kde-114.patch * dropped mozilla-sle11.patch - reworked specfile to build conditionally based on release channel either Firefox or Firefox Developer Edition - added mozilla-openaes-decl.patch to fix implicit declarations - obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892) - fix bashism in mozilla.sh script - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 - rebased patches - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - Disable elf-hack for aarch64 - Enable EGL for aarch64 - Limit RAM usage during link for %arm - Fix _constraints for ARM - use proper macros for ARM - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too to fix compiling. - pass '-Wl,--no-keep-memory' to linker to reduce required memory during linking on arm. - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) - use Firefox default optimization flags instead of -Os - specfile cleanup - fix build for all ppc by not enabling elf-hack (bnc#901213) - update to Firefox 33.0 (bnc#900941) New features: * OpenH264 support (sandboxed) * Enhanced Tiles * Improved search experience through the location bar * Slimmer and faster JavaScript strings * New CSP (Content Security Policy) backend * Support for connecting to HTTP proxy over HTTPS * Improved reliability of the session restoration * Proprietary window.crypto properties/functions removed Security: * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch - added basic appdata information - update to Firefox 32.0.2 * just a version bump for our builds * fixed the in application update process for certain environments (in application update is not enabled in openSUSE and Linux is unaffected in any case) - build with --disable-optimize for 13.1 and above for i586 to workaround miscompilations (bnc#896624) - use some more build flags to align with upstream - update to Firefox 32.0.1 * fixed stability issues for computers with multiple graphics cards * mixed content icon may be incorrectly displayed instead of lock icon for SSL sites in 32.0 ( * WebRTC: setRemoteDescription() silently fails if no success callback is specified (bmo#1063971) - update to Firefox 32.0 (bnc#894370) * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - rebased patches - requires NSS 3.16.4 - removed upstreamed patch * mozilla-aarch64-bmo-810631.patch - adapted _constraints, used more than 3900MB on s390x during last build - update to Firefox 31.0 (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect - use EGL on ARM - rebased patches - requires NSS 3.16.2 - requires python-devel (not only python) - update to Firefox 30.0 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-50/CVE-2014-1539 (bmo#995603) Clickjacking through cursor invisability after Flash interaction * MFSA 2014-51/CVE-2014-1540 (bmo#978862) Use-after-free in Event Listener Manager * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-53/CVE-2014-1542 (bmo#991533) Buffer overflow in Web Audio Speex resampler * MFSA 2014-54/CVE-2014-1543 (bmo#1011859) Buffer overflow in Gamepad API * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-bmo-962488.patch * mozilla-aarch64-bmo-963023.patch * mozilla-aarch64-bmo-963024.patch * mozilla-aarch64-bmo-963027.patch * mozilla-ppc64-xpcom.patch * mozilla-ppc64le-javascript.patch * mozilla-ppc64le-libffi.patch * mozilla-ppc64le-mfbt.patch * mozilla-ppc64le-webrtc.patch * mozilla-ppc64le-xpcom.patch * mozilla-ppc64le-build.patch - requires NSPR 4.10.6 - enabled GStreamer 1.0 usage for 13.2 and above - update to Firefox 29.0.1 * Seer disabled by default (bmo#1005958) * Session Restore failed with a corrupted sessionstore.js file (bmo#1001167) * pdf.js printing white page (bmo#1003707, bnc#876833) - general.useragent.locale gets overwritten with en-US while it should be using the active langpack's setting - update to Firefox 29.0 (bnc#875378) * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-599882cfb998.diff * mozilla-aarch64-bmo-963028.patch * mozilla-aarch64-bmo-963029.patch * mozilla-aarch64-bmo-963030.patch * mozilla-aarch64-bmo-963031.patch - requires NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks - add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting - Add patch for bmo#973977 * mozilla-ppc64-xpcom.patch - Refresh mozilla-ppc64le-xpcom.patch patch - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system - update to Firefox 28.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 - new build dependency (and recommends): * libpulse - update of PowerPC 64 patches (bmo#976648) (pcerny(a)suse.com) - rebased patches - update to Firefox 27.0.1 * Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval * JS math correctness issue (bmo#941381) - incorporate Google API key for geolocation (bnc#864170) - updated list of "other" locales in RPM requirements - update to Firefox 27.0 (bnc#861847) * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects - requires NSS 3.15.4 or higher - rebased/reworked patches - removed obsolete mozilla-bug929439.patch - Add support for powerpc64le-linux. * mozilla-ppc64le.patch: general support * mozilla-libffi-ppc64le.patch: libffi backport * mozilla-xpcom-ppc64le.patch: port xpcom - Add build fix from mainline. * mozilla-bug929439.patch - update to Firefox 26.0 (bnc#854367, bnc#854370) * rebased patches * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now - update to Firefox 25.0 (bnc#847708) * rebased patches * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates - as GStreamer is not automatically required anymore but loaded dynamically if available, require it explicitely - recommend optional GStreamer plugins for comprehensive media support - move greek to the translations-common package (bnc#840551) - update to Firefox 24.0 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - enable gstreamer explicitely via pref (gecko.js) - require NSS 3.15.1 - update to Firefox 23.0.1 * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (bmo#901527) - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) - update to Firefox 22.0 (bnc#825935) * removed obsolete patches + mozilla-qcms-ppc.patch + mozilla-gstreamer-760140.patch * GStreamer support does not build on 12.1 anymore (build only on 12.2 and later) * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name - Fix qcms altivec include (mozilla-qcms-ppc.patch) - update to Firefox 21.0 (bnc#819204) * removed upstreamed patch firefox-712763.patch * removed disabled mozilla-disable-neon-option.patch * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) - Explicitly disable WebRTC support on non-x86, the configure script disables it only half-heartedly - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling - update to Firefox 19.0.2 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor - update to Firefox 19.0.1 * blocklist updates - update to Firefox 19.0 (bnc#804248) * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) - update to Firefox 18.0.2 * blocklist and CTP updates * fixes in JS engine - update to Firefox 18.0.1 * blocklist updates * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions - Fix WebRTC to build on powerpc - update to Firefox 18.0 (bnc#796895) * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) - removed obsolete SLE11 patches (mozilla-gcc43*) - reenable WebRTC - added mozilla-libproxy-compat.patch for libproxy API compat on openSUSE 11.2 and earlier - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) - update to Firefox 17.0.1 * revert some useragent changes introduced in 17.0 * leaving private browsing with social enabled doesn't reset all social components (bmo#815042) - fix KDE integration for file dialogs - update to Firefox 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) - build on SLE11 * mozilla-gcc43-enums.patch * mozilla-gcc43-template_hacks.patch * mozilla-gcc43-templates_instantiation.patch - update to Firefox 16.0.2 (bnc#786522) * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues - bring back Obsoletes for libproxy's mozjs plugin for distributions before 12.2 to avoid crashes - update to Firefox 16.0.1 (bnc#783533) * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - update to Firefox 16.0 (bnc#783533) * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager - requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) - removed upstreamed mozilla-crashreporter-restart-args.patch - webapprt now included - use kmozillahelper's new REVEAL command (bnc#777415) (requires mozilla-kde4-integration >= 0.6.4) - updated translations-other with new languages - update to Firefox 15.0.1 (bnc#779936) * Sites visited while in Private Browsing mode could be found through manual browser cache inspection (bmo#787743) - update to Firefox 15.0 (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of privilege through about:newtab * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor extension allows for remote debugging without explicit activation * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled (bmo#761030) - GStreamer is only used for MP4 (no WebM, OGG) - updated filelist - moved browser specific preferences to correct location - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) - update to 14.0.1 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-43/CVE-2012-1950 Incorrect URL displayed in addressbar through drag and drop * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-46/CVE-2012-1966 (bmo#734076) XSS through data: URLs * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-55/CVE-2012-1965 (bmo#758990) feed: URLs with an innerURI inherit security context of page * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs - license change from tri license to MPL-2.0 - fix crashreporter restart option (bmo#762780) - require NSS 3.13.5 - remove mozjs pacrunner obsoletes again for now - adopted mozilla-prefer_plugin_pref.patch - PPC fixes: * reenabled mozilla-yarr-pcre.patch to fix build for PPC * add patches for bmo#750620 and bmo#746112 * fix xpcshell segfault on ppc - update to Firefox 13.0.1 * bugfix release - obsolete libproxy's mozjs pacrunner (bnc#759123) - update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Firefox 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications - update to Firefox 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards - ported and reenabled KDE integration (bnc#746591) - explicitely build-require X libs - add Provides: browser(npapi) FATE#313084 - better plugin directory resolution (bnc#747320) - update to Firefox 10.0.2 (bnc#747328) * CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow - update to Firefox 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) - update to Firefox 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - KDE integration has been disabled since it needs refactoring - removed obsolete ppc64 patch - Disable neon for arm as it doesn't build correctly - update to Firefox 9.0.1 * (strongparent) parentNode of element gets lost (bmo#335998) - fix arm build, don't package crashreporter there - update to Firefox 9 (bnc#737533) * MFSA 2011-53/CVE-2011-3660 Miscellaneous memory safety hazards (rv:9.0) * MFSA 2011-54/CVE-2011-3661 (bmo#691299) Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2011-3663 (bmo#704482) Key detection without JavaScript via SVG animation * MFSA 2011-58/VE-2011-3665 (bmo#701259) Crash scaling <video> to extreme sizes - Fix accessibility under GNOME 3 (bnc#732898) - fix ppc64 build - update to Firefox 8 (bnc#728520) * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug * MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper - rebased patches - enable telemetry prompt - update to minor release 7.0.1 * fixed staged addon updates - set intl.locale.matchOS=true in the base package as it causes too much confusion when it's only available with branding-openSUSE - update to Firefox 7 (bnc#720264) including * Improve Responsiveness with Memory Reductions * Instant Sync * WebSocket protocol 8 * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 Miscellaneous memory safety hazards * MFSA 2011-39/CVE-2011-3000 (bmo#655389) Defense against multiple Location headers due to CRLF Injection * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 Code installation through holding down Enter * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) Potentially exploitable WebGL crashes * MFSA 2011-42/CVE-2011-3232 (bmo#653672) Potentially exploitable crash in the YARR regular expression library * MFSA 2011-43/CVE-2011-3004 (bmo#653926) loadSubScript unwraps XPCNativeWrapper scope parameter * MFSA 2011-44/CVE-2011-3005 (bmo#675747) Use after free reading OGG headers * MFSA 2011-45 Inferring keystrokes from motion data - removed obsolete mozilla-cairo-lcd.patch - rebased patches - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in mozilla.sh.in (bnc#680758) - fixed loading of kde.js under KDE (bnc#718311) - add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1) - increase minversions for NSPR and NSS - recreated source archive to get correct source-stamp.txt - security update to 6.0.2 (bnc#714931) * Complete blocking of certificates issued by DigiNotar (bmo#683449) - security update to 6.0.1 (bnc#714931) * MFSA 2011-34 Protection against fraudulent DigiNotar certificates (bmo#682927) - update to 6.0 (bnc#712224) included security fixes MFSA 2011-29 * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 Miscellaneous memory safety hazards * CVE-2011-2993 (bmo#657267) Unsigned scripts can call script inside signed JAR * CVE-2011-2988 (bmo#665934) Heap overflow in ANGLE library * CVE-2011-0084 (bmo#648094) Crash in SVGTextElement.getCharNumAtPosition() * CVE-2011-2990 Credential leakage using Content Security Policy reports * CVE-2011-2986 (bmo#655836) Cross-origin data theft using canvas and Windows D2D - removed obsolete curl header dependency (mozilla-curl.patch) - update to 6.0b3 * removed obsolete patches - firefox-shellservice.patch - mozilla-gio.patch - mozilla-ppc-ipc.patch - firefox-linkorder.patch - firefox-no-sync-l10n.patch - recognize linux3 as platform for symbolstore.py - Add x-scheme-handler/ftp to the MimeType key in the .desktop, to let desktops know that Firefox can deal with ftp: URIs. - create upstream branding package again (supposedly empty) (bnc#703401) - fix build on SLE11 (changes do not affect/are not applied for later versions) - enable startup notification (bnc#701465) - update to 5.0 final - included fixes for security issues: (bnc#701296, bnc#700578) * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 Miscellaneous memory safety hazards * MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images * MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight() * MFSA 2011-25/CVE-2011-2366 Stealing of cross-domain images using WebGL textures * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 Multiple WebGL crashes * MFSA 2011-27/CVE-2011-2369 (bmo#650001) XSS encoding hazard with inline SVG * MFSA 2011-28/CVE-2011-2370 (bmo#645699) Non-whitelisted site can trigger xpinstall - update to 5.0b7 * updated supported locales - do not build dump_syms static (not needed for us) - > fix build for openSUSE 12.1 and above - update to 5.0b6 - include proper revision information into the build - speedier find-external-requires.sh - update to 5.0b3 - transformed to standalone Firefox (not xulrunner based) (with new Firefox rapid release cycle it makes no sense anymore) * imported all relevant xulrunner patches - do not compile in build timestamp - security update to 4.0.1 (bnc#689281) * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 Miscellaneous memory safety hazards * MFSA 2011-17/CVE-2011-0068 (bmo#623791) WebGLES vulnerabilities * MFSA 2011-18/CVE-2011-1202 (bmo#640339) XSLT generate-id() function heap address leak - add all available icon sizes - license update: MPLv1.1 or GPLv2+ or LGPLv2+ Sync licenses with Fedora. MPL does not state ^or later^ - update to version 4.0rc2 - fixed rpm macros delivered with devel package (bnc#679950) - update to version 4.0b12 - rebased patches - update to version 4.0b11 * loads of bugfixes compared to last beta * added "Do Not Track" option - rebased patches - disable testpilot - set correct desktop file name within KDE for 11.4 and up - add devel package with macros for extensions (from lnussel(a)suse.de) - update to version 4.0b10 - removed obsolete firefox-shell-bmo624267.patch - testpilot moved to distribution/extensions - updated locale provides and removed bn-IN from locales - update to version 4.0b9 - added x-scheme-handler for http and https to desktop file for newer Gnome environments - fixed default browser check/set for GIO (bmo#611953) (mozilla-shellservice.patch) - removed obsolete firefox-appname.patch (integrated into shellservice patch) - renamed desktop file to firefox.desktop for 11.4 and newer (bnc#664211) - removed support for 10.3 and older from the spec file - removed obsolete "Ximian" categories from desktop file - Mirror ac_add_options --disable-ipc from xulrunner for PowerPC. - update to version 4.0beta8 - major update to version 4.0beta7 * based on mozilla-xulrunner20 * far too many internal changes to list - security update to 3.6.12 (bnc#649492) * MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion - security update to 3.6.11 (bnc#645315) * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards * MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write * MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp * MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter * MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs * MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls * MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses * MFSA 2010-71/CVE-2010-3182 (bmo#590753) Unsafe library loading vulnerabilities * MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange - update to 3.6.10 * fixing startup topcrash (bmo#594699) - security update to 3.6.9 (bnc#637303) * MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards * MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability * MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array * MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText * MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection * MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution * MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument * MFSA 2010-59/CVE-2010-2762 (bmo#584180) SJOW creates scope chains ending in outer object * MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using <object> type attribute * MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS * MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText - disable crash reporter for non x86/x86_64 to make it build. - security update to 3.6.8 (bnc#622506) * MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix - security update to 3.6.7 (bnc#622506) * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards * MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability * MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator * MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function * MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow * MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability * MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image * MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts * MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context * MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities * MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS * MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages - update to 3.6.6 release * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. - update to final 3.6.4 release (bnc#603356) * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4) * MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances * MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal * MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting * MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes * MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present * MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random() - update to 3.6.4(build6) - security update to 3.6.4 (Lorentz) * enable crashreporter also for x86-64 * Flash runs in a separate process to avoid crashing Firefox (ix86 only; x86-64 still uses nspluginwrapper) - security update to 3.6.3 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion - security update to version 3.6.2 (bnc#586567) * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow * MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image * MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption * MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object * MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading * MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets * MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption * MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray * MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop * MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication * MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor * MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn't check nsIContentPolicy - update to 3.6rc2 (already named 3.6.0) - removed obsolete orbit-devel build requirement - major update to 3.6rc1 - update to version 3.5.7 (bnc#568011) * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193) - added missing lockdown preferences (bnc#567131) - readded firefox-ui-lockdown.patch (bnc#546158) - security update to version 3.5.6 (bnc#559807) * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library * MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities * MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - fixed firefox-browser-css.patch (bnc#561027) - rebased patches for fuzz=0 - update to version 3.5.5 (bnc#553172) - security update to version 3.5.4 (bnc#545277) * MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing * MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering * MFSA 2009-54/CVE-2009-3371 (bmo#514554) Crash with recursive web-worker calls * MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing * MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser * MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion * MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection() * MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 Upgrade media libraries to fix memory safety bugs * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch - fix KDE button order in one more place (bnc#170055) - improve UI colors to be usable with dark themes at all (firefox-browser-css.patch) (bnc#503351) - extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460) - added KDE integration patch from llunak(a)novell.com (firefox-kde.patch) * support for knotify, making -kde4-addon obsolete * KDE-specific support functional (bnc#170055) - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs) - security update to version 3.5.3 (bnc#534458) * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption * MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability * MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters * MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop as it contains more tweaks to handle non-Gnome environments and especially KDE integration: * added the ability to set the KDE default browser (still part of bnc#170055) - split -translations package into -common and -other (bnc#529180) - remove "set as background" from context menu if not running in Gnome (part of bnc#170055) - security update to version 3.5.2 * MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters * MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL * MFSA 2009-45 Crashes with evidence of memory corruption * MFSA 2009-46 (bmo#498897) Chrome privilege escalation due to incorrectly cached wrapper * various other stability fixes - export MOZ_APP_LAUNCHER in the startscript (bmo#453689) - fixed %exclude usage - fixed preferences' advanced pane for fresh profiles (bmo#506901) - security update to version 3.5.1 * MFSA 2009-41 Corrupt JIT state after deep return from native function - added mozilla-linkorder.patch to fix build with --as-needed - update to final version 3.5 (20090623) - fixed build by linking to a real file - update to version 3.5rc2 (20090617) - BuildRequire mozilla-xulrunner191 = 1.9.1.0 - update to version 3.5b99 (20090604) - BuildRequire mozilla-xulrunner191 = 1.9.1b99 - fixed typos in improved xulrunner dependencies - use non-localized Downloads folder (bnc#501724) - update to new major version 3.5b4 * based on Gecko 1.9.1 (mozilla-xulrunner191) * Private Browsing Mode * TraceMonkey JavaScript engine * Geolocation support * native JSON and web worker threads support * speculative parsing for faster content rendering * Some HTML5 support - updated firefox.schemas - improved firefox-no-update.patch - security update to 3.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun() - security update to 3.0.9 (bnc#495473) * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character * MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI * MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString * MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites * MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame * MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs - security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift - allow RPM provides for stuff besides shared libraries (e.g. mime-types) - security update to 3.0.7 (bnc#478625) * MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters ==== MozillaThunderbird ==== Subpackages: MozillaThunderbird-translations-common - The conditional testing for gcc was failing for different openSUSE versions, drop it and apply patches unconditionally. - Add patches to fix building with gcc >= 6: + mozilla-gcc6.patch: patch taken from fedora's git and is essentially identical to upstream firefox patch: https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + mozilla-flexible-array-member-in-union.patch: patch taken from upstream bmo#1272649. ==== NetworkManager-gnome ==== Subpackages: NetworkManager-connection-editor libnm-gtk0 typelib-1_0-NMGtk-1_0 - Add NetworkManager-wrongly-placed-brace.patch: fix wrongly placed brace. ==== akonadi-calendar ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== akonadi-search ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5AkonadiSearch - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== akonadi-server ==== Version update (15.12.3 -> 16.04.1) - Explicitly require the newly-split libs in the devel package - Split AkonadiCore, AkonadiAgentBase and AkonadiWidgets libraries to separate subpackages, as per the SLPP - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Move akonadi2xml to devel package - Move dbus xml files to the akonadi-devel package - Make the devel package conflict with libakonadiprotocolinternals-devel - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== amarok ==== - Add gcc6-workaround.patch to workaround an error seen by GCC, link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71273. ==== ark ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== baloo5-widgets ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== cdrdao ==== - Add cdrdao-gcc6-fixes.patch: Fix build with gcc6. ==== crda ==== - Add gcc6-fix-errors.patch to remove errors seen by GCC6. ==== dolphin ==== Version update (15.12.3 -> 16.04.1) Subpackages: dolphin-part libdolphinvcs5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Drop upstreamed patch specify-fallback-icon.patch - Added specify-fallback-icon.patch: fixes missing icons for certain filetypes where the specified icon doesn't exist (kde#358958, kde#361034) - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop upstreamed patch Fix-wrong-path-URL-conversion.patch ==== dragonplayer ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== espeak ==== - gcc6-char-cast.patch: Fix GCC6 errors. ==== gnome-software ==== Version update (3.20.2 -> 3.20.3) - Update to version 3.20.3: + Fix several issues with system upgrades. + Fix several issues with the Ubuntu reviews dialog. + Fix an issue that caused incorrect package versions to be shown in the update panel. + Fix an issue that caused offline updates to not start under certain conditions. + Updated translations. - Drop gs-compile-against-old-appstream-glib.patch, gs-Fix-underlinking.patch, gs-Fix-xdg-app-build.patch and gs-Fix-a-possible-crasher.patch: Fixed upstream. - Following the above drop gnome-common BuildRequires and autoreconf call, we no longer have patches touching the buildsystem. ==== gpgmepp5 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5QGpgme5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== grantlee5 ==== Version update (5.0.0 -> 5.1.0) - Update to 5.1.0 * Implement advanced operators for the {% if %} tag * Use 'd' postfix for plugins built in debug mode * Use 'd' postfix for libraries built in debug mode by Visual Studio * Make it possible to build without QtScript and QtLinguistTools * Bump Grantlee CMake requirement to 3.1. * Bump Grantlee Qt requirement to 5.3. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Drop pkgconfig(libmusicbrainz): gstreamer does not depend on it directly. ==== gwenview5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== installation-images-openSUSE ==== Version update (14.245 -> 14.247) - adjust to update-alternative package change - 14.247 - module.config: add macsec - 14.246 ==== k3b ==== - Add k3b-2.0.3-gcc6.patch: Fix build with GCC 6. Patch copied from Gentoo. ==== kaccounts-integration ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kalarmcal ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kamera ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kate ==== Version update (15.12.3 -> 16.04.1) Subpackages: kate-plugins kwrite - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalc ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Drop kcalc-fix_set_size.patch, not necessary any more - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalcore ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalutils ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5CalendarUtils5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcharselect ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcolorchooser ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcontacts ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: kdebase4-libkonq kdebase4-nsplugin kdepasswd kdialog keditbookmarks konqueror konqueror-plugins libkonq-devel libkonq5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4-runtime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4-workspace ==== Subpackages: kdebase4-workspace-libs python-kdebase4 - Changed kdm-sysconfig-values.diff: Add "-listen tcp" to the Xserver cmdline for Xorg 1.17 and up if DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="yes" in /etc/syconfig/displaymanager, newer versions have -nolisten as default (boo#978262) - Add patch gcc6-fixes.diff to fix errors reported by GCC6 compiler ==== kdelibs4 ==== Version update (4.14.18 -> 4.14.19) Subpackages: kdelibs4-core kdelibs4-doc libkde4 libkde4-devel libkdecore4 libkdecore4-devel libksuseinstall1 - Add patch gcc6-fix-errors.patch to fix errors reported by GCC6. - Update to 4.14.19 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php ==== kdenetwork4-filesharing ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdepim ==== Version update (15.12.3 -> 16.04.1) Subpackages: akonadi_resources akregator5 kaddressbook5 kalarm5 kmail5 knotes5 kontact5 korganizer5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Require kdepim for kmail, or the account wizard won't be found at startup. Found by openQA. - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Require kdepim-addons in kmail (kde#361605), korganizer and kaddressbook - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - libkdepim and kleopatra were split off in separate packages upstream ==== kdepim-runtime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop bko354056.diff due to upstream inclusion ==== kdepimlibs ==== Version update (15.12.3 -> 16.04.1) Subpackages: akonadi-contact kio-pimlibs libKF5AkonadiContact5 libKF5AkonadiMime5 libKF5AkonadiNotes5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdepimlibs4 ==== Subpackages: libakonadi4 libkdepimlibs4 - Remove akonadi2xml to prevent conflicts with akonadi-server - Remove superfluous libpth-devel dependency ==== kdnssd ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kernel-source ==== Version update (4.5.4 -> 4.6.0) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Fix build breakage due to missing buildroot in rpm/kernel-binary.spec.in - commit c03eb71 - drm/amd: add Kconfig dependency for ACP on DRM_AMDGPU. - Update config files. - commit 99e9d31 - rpm/kernel-binary.spec.in: Fix build error when no firmware is installed - commit a09ef60 - rpm/kernel-binary.spec.in: Do not package helper files in -devel (bsc#981204) - commit 4c334f0 - tipc: check nl sock before parsing nested attributes (CVE-2016-4951 bsc#981058). - commit 353e24b - rpm/kernel-binary.spec.in: Install only needed firmware for -base (bsc#966447) - commit f685839 - rpm/kernel-binary.spec.in: Fix placement of the reproducible build hack - commit 26e4b73 - Update change for hv-storvsc to set sg_tablesize on x86 - commit 758fc22 - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - commit 713ff49 - watchdog: sp5100_tco: properly check for new register layouts (boo#978953). - commit 8096c43 - kvm: Remove variable physbase MTRR 0x2f8 (bsc#979715, CVE-2016-3713). - commit ffec37b - Update to 4.6-final. - Eliminated 1 patch. - Config changes: - MLX5_CORE_EN_VXLAN=y - commit d9e67cc - net: fix infoleak in llc (bsc#978821, CVE-2016-4485). - commit 4715b83 - net: fix infoleak in llc (bsc#978821, CVE-2016-4485). - commit f2da272 - Update tags in two patches for CVE-2016-4578, bsc#979879 - commit f3ff4d1 ==== kget ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kgpg ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Fix filelist for 13.1, we don't install KF5 ServiceMenus there... ==== kholidays ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop kholidays-glibc-2.23.patch, this is no longer needed as the issue was fixed upstream ==== kidentitymanagement ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kimap ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kio-extras5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Conflict with kactivities5 5.19.0 and earlier to prevent file conflicts. The activities fileitem_linking_plugin and kio slave have been moved from kactivities5 to kio-extras5 in 16.04 (boo#976592) - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kio_audiocd ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kipi-plugins5 ==== Version update (4.94git -> 5.0.0~beta5) Subpackages: kipi-plugin-icons - Adjust licenses as shown by legal review - Update to 5.0 beta5 * No upstream changelog provided ==== kiwi ==== Version update (7.03.68 -> 7.03.72) Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-pxeboot kiwi-templates kiwi-tools - v7.03.72 released - fix hash key handling for perl 5.24 (boo#981080) - v7.03.71 released - Delete vmxboot dracut optimization For vmx type images, dracut was called in background to speedup the boot process. However this could cause a race condition together with grub2-mkconfig. If grub2-mkconfig is called but dracut has not yet created the initrd, grub2 creates a configuration file without an initrd. The result boot setup is not able to reboot the system because the initrd is not loaded. This fixes (bnc#982092) - v7.03.70 released - v7.03.69 released - Added readonly check for persistent data When creating a partition for persistent data, check if the device class has the readonly flag set before trying to write anything there. Fixes #576 - tag debug and source medias in rpm-md meta data (bnc#980871) ==== kldap ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kleopatra5 ==== Version update (15.12.3 -> 16.04.1) - Adjust license - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmag ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmailtransport ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmbox ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmousetool ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kompare ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== konsole ==== Version update (15.12.3 -> 16.04.1) Subpackages: konsole-part - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kontactinterface ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kopete ==== Version update (15.12.3 -> 16.04.1) - Add gcc6.patch from kde#363053: Fix build with gcc6 - Run spec-cleaner on kopete.spec - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kpimtextedit ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kqtquickcharts ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== krdc ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== krfb ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kruler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktnef ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-accounts-kcm ==== Version update (15.12.3 -> 16.04.1) Subpackages: libktpaccountskcminternal9 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-approver ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-auth-handler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-common-internals ==== Version update (15.12.3 -> 16.04.1) Subpackages: ktp-icons - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-contact-list ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-contact-runner ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-desktop-applets ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-filetransfer-handler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-kded-module ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-send-file ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-text-ui ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kwalletmanager5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libaccounts-glib ==== Version update (1.18 -> 1.21) - Update to 1.21 * Support desktop-specific overrides for service and providers files: desktops can define service and providers files in /usr/share/accounts/{providers,services}/$XDG_CURRENT_DESKTOP and these would override any files having the same name in the parent (default) directory. * Fixes - Drop upstream libaccounts-glib-ignore-deprecated-declarations.patch no longer required ==== libkcddb4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libkcddb4-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkcompactdisc4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libkcompactdisc4-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkdcraw ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KDcraw5 libkdcraw-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkdepim ==== Version update (15.12.3 -> 16.04.1) - Adjust version requires as per SLPP - Use correct package groups - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkexiv2 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KExiv2-15_0_0 libkexiv2-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkface ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KFace10_0_0 libkface-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkgeomap ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KGeoMap10_0_0 libkgeomap-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Add patch find-astro.diff to ensure that we find Marble ==== libkipi ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkolab-qt5 ==== - Remove akonadi-devel BuildRequire (replaced by akonadi-sever-devel) ==== libkomparediff2 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libksane ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5Sane5 libksane-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Remove conflicting icons with kipi-plugins - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libktorrent ==== Subpackages: libktorrent-devel libktorrent6 libktorrent6-lang - Added require-lower-LibGMP.patch: 6.0.0 version was chosen randomly, and we know the code compiles with at least 5.1.3 ==== libmusicbrainz ==== Subpackages: libmusicbrainz-devel libmusicbrainz4 - Add patch gcc6-fix-errors.patch to remove errors seen by GCC6. ==== libqca-qt5 ==== Subpackages: libqca-qt5-devel libqca-qt5-plugins - Fix build on PowerPC with GCC 6: * Add libqca-qt5-2.1.1-explicit-signed-char.patch ==== libqt5-qtdeclarative ==== Subpackages: libQtQuick5 libqt5-qtdeclarative-devel libqt5-qtdeclarative-tools - Added Workaround-for-crashes-in-QtQml-code-relating-to-null-this-pointers.patch to prevent issues with GCC 6 ==== libraw ==== Subpackages: libraw-devel libraw15 - Complete libraw-0.17.1-gcc6-compatibility.patch to fix build on ppc as well - Fix build with GCC 6: * Add libraw-0.17.1-gcc6-compatibility.patch ==== libsidplay1 ==== - Add baselibs.conf to source list. - In case we build using gcc6, add -Wno-narrowing to CFLAGS and CXXFLAGS: the code (intentionally) stores values like 0x80 into signed chars, resulting in the compiler complaining (boo#981470). ==== libyui ==== Version update (3.2.4 -> 3.2.5) - Fix 'Werror=nonnull-compare' for GCC 6 (bsc#964144) - Optimizations remove null pointer checks for 'this' - Clean-up trailing white-space - 3.2.5 ==== marble ==== Version update (15.12.3 -> 16.04.1) Subpackages: libastro-qt5-1 marble-data marble-devel marble-doc marble-kde - Move marble.appdata.xml to the -kde package where the corresponding marble.desktop is shipped too. - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop marble-glibc-2.23.patch as this is fixed upstream ==== mobipocket ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== mozilla-nss ==== Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools - add nss_gcc6_change.patch ==== net-snmp ==== Subpackages: libsnmp30 libsnmp30-32bit net-snmp-devel perl-SNMP snmp-mibs - Fix build with perl 5.24.0: + Add net-snmp-5.7.3-Fix-Makefile.PL.patch: Fix build system recursiely loading Makefile.Pl and destroying its internas. See https://rt.perl.org/Public/Bug/Display.html?id=125907 + net-snmp-5.7.3-Remove-U64-typedef.patch: The U64 typedef conflicts with a typedef in a Perl header file. Hence remove the U64 typedef from the Net-SNMP header files. Backported from upstream commit 477b4307ef1. ==== okular ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== opal ==== - Build opal using -std=gnu++98. It's old code. ==== openCOLLADA ==== - Add openCOLLADA-signed-char.patch: Use signed char; 'char' by itself depends on arch implementation (gh#KhronosGroup/OpenCOLLADA#439). ==== perl ==== Version update (5.22.1 -> 5.24.0) Subpackages: perl-32bit perl-base perl-doc - Update to perl-5.24.0 * postfix dereferencing is no longer experimental * unicode 8.0 is now supported * perl will now croak when closing an in-place output file fails * new "\b{lb}" boundary in regular expressions * qr/(?[ ])/" now works in UTF-8 locales * integer shift ("<<" and ">>") now more explicitly defined * printf and sprintf now allow reordered precision arguments * more fields provided to "sigaction" callback with "SA_SIGINFO" * hashbang redirection to Perl 6 * set proper umask before calling mkstemp(3) * fix loss of taint in canonpath * remove duplicate environment variables from "environ" - rename patch perl-5.22.0.dif to perl-5.24.0.dif ==== perl-MIME-tools ==== - Add MIME-tools-5.507-rt113887.patch from fedora to fix test failure with new MailTools ==== perl-Module-Build ==== Version update (0.421200 -> 0.421800) - updated to 0.4218 see /usr/share/doc/packages/perl-Module-Build/Changes 0.4218 - Sun Apr 24 16:39:47 BST 2016 - Skip XS test when link_executable fails 0.42_17 - Mon Mar 21 14:02:06 CET 2016 - Read extra_linker_flags using its accessor [Salvador Fandino] - Convert win shell splitting to m//gc parser, fixing handling of 0 and handling of backslashes preceeding a double quote [Graham Knop] - Win32 installation of MB with gmake require SHELL env var to be set [bulk88] 0.4216 - Wed Jan 20 10:39:27 CET 2016 - Delete test that fails with new version.pm [Leon Timmermans] 0.42_15 - Sat Nov 28 15:17:40 CET 2015 - Honor environmental variables when using TAP::Harness directly [Leon Timmermans] - Reintroduce some level of perl 5.6 support [Leon Timmermans] Note that this comes with no guarantees or commitment - Allow Devel::Cover usage with TAP::Harness [Philipp Gortan] - Remove "running under some shell" [Shoichi Kaji] - Fix cookbook - code was missing trailing ` [Matthew Horsfall] 0.4214 - Fri Jun 12 00:25:00 CEST 2015 - Released 0.42_13 as 0.4214 0.42_13 - Sat Jun 6 21:18:24 CEST 2015 [BUG FIXES] - Handle failure to guess license from key better [ENHANCEMENTS] - Output data in a stable order [J�r�my Bobbio] - deleted patch make-builds-reproducible.patch ==== plasma5-desktop ==== - Add Cleanup-and-fixup-KConfig-handling-for-componentchooser.patch to fix setting the default browser (boo#931316) - Add fix-opening-recent-docs.patch to fix opening recent documents from the application menu on newer KF5 (boo#982146, kde#363337) - Add 100-fix-compile-with-gcc6.diff from upstream Plasma/5.6 branch * Fix compilation with GCC 6 (missing cmath include) ==== python-cffi ==== Version update (1.5.2 -> 1.6.0) - Add python-cffi-avoid-bitshifting-negative-int.patch to actually fix the "negative left shift" warning by replacing bitshifting in appropriate places by bitwise and comparison to self; patch taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no longer required. - disable "negative left shift" warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (boo#981848, cffi-1.5.2-wnoerror.patch) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern ?Python+C? * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython?s interpreter shutdown logic. ==== qalculate ==== Subpackages: libqalculate-devel libqalculate5 - add gcc-6-compile.patch: Fix compilation with gcc 6 ==== signon-kwallet-extension ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== spectacle ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== sweeper ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== syndication ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== vim ==== Version update (7.4.1816 -> 7.4.1842) Subpackages: gvim vim-data - Update apparmor.vim (taken from AppArmor 2.10.1) * add support for the "unspec" network keyword - Updated to revision 1842, fixes the following problems * non-antialiased misnamed. * When timer_stop() is called with a string there is no proper error message. * Memory leak in debug commands. * Cannot use an Ex command for 'keywordprg'. * Possible crash when conceal is active. * When splitting and closing a window the status height changes. * When using a partial on a dictionary it always gets bound to that dictionary. * The BufUnload event is triggered twice, when :bunload is used with `bufhidden` set to `unload` or `delete`. * Functions specifically for testing do not sort together. * Cannot get the items stored in a partial. * When using packages an "after" directory cannot be used. * The code to reallocate the buffer used for quickfix is repeated. * get() works for Partial but not for Funcref. - Fix build with perl 5.24 (perl-5.24.patch) - Updated to revision 1829, fixes the following problems * No error when invoking a callback when it's not safe. * May try to access buffer that's already freed. * No message on channel log when buffer was freed. - Updated to revision 1826, fixes the following problems * The screen is not updated if a callback is invoked when closing a channel. * Help completion adds @en to all matches except the first one. * Compiler warnings when sprintf() is a macro. * Removing language from help tags too often. * Redirecting stdout of a channel to "null" doesn't work. * When a job is no longer referenced and does not have an exit callback the process may hang around in defunc state. * When job writes to buffer nothing is written. * Callbacks are invoked when it's not safe. ==== vlc ==== Subpackages: libvlc5 libvlccore8 vlc-noX vlc-noX-lang - Add vlc-gcc6-buildfixes.patch: fix build with GCC 6. This patch file is a collection of the backported commits from master: + 5d26efcad8d1aa5023028e3caa5a608b5e1d81fe + 406f697d5592752efc8a0479e48512ed20ab274b + 569df08d1be561022b86ce9c58dece388532e818 + 45495aa458ef6856ee9eb18860706149148bb660 + a7a70e8163e04244d733f4745dc8cbbc7502b830 + ada4b4748eefcfd22f1417ed223f1381c694aa60 + 0bcb7fd2567ba494b730234609b146cd8e23483c + 59678ec0b489d86f6f62cc987e21a82346f8da42 + e8b683357b2ccc2bbd1ffbcb4783441a3620a6ea + ab550d60dd8d823b8ddacd2d4759f0840a9ea352 + f5d5cb75768b692359068e837f72c9fd7cf6bd45 + c5f80f5bc4cb498c8eb7469650437e92ae6d085a + 66842e08e177e3c458fa0e4db970deae84feb625 + 98b4e987252f798213effa5ed6d19d958d6d9d42 + d2571e643edb0f1cb217805ef8d5ac172d59a864 - Disable atmoLight sensor: pass --disable-atmo to configure. This module fails to build with GCC 6 and has been removed upstream for the next version of VLC already (671304). ==== webkitgtk ==== Subpackages: libjavascriptcoregtk-1_0-0 libwebkitgtk-1_0-0 libwebkitgtk-devel libwebkitgtk2-lang typelib-1_0-JavaScriptCore-1_0 typelib-1_0-WebKit-1_0 - Add webkitgtk-abs_to_fabs.patch: use fabs() instead of abs() on floating point values. ==== webkitgtk3 ==== Subpackages: libjavascriptcoregtk-3_0-0 libwebkitgtk-3_0-0 - Add webkitgtk-abs_to_fabs.patch: use fabs() instead of abs() on floating point values. ==== yast2-drbd ==== Version update (3.1.21 -> 3.1.22) - bsc#981779, add IP validation check of resource. - Version 3.1.22 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

11 12

[opensuse-factory] FYI VMware modules don't build on kernel 4.6 fix
by Marvin Schlegel 03 Jun '16

03 Jun '16

not an openSUSE issue, but maybe others are also affected: problem: vmware modules won't build on current kernel 4.6 fix [1] I) vmnet.tar - untar (i.e. aunpack) - change ./vmnet-only/userif.c - replace all: "get_user_pages" to "get_user_pages_remote" - make - cd.. II) vmmon.tar - untar (i.e. aunapck) - change ./vmmon-only/linux/hostif.c - replace all: "get_user_pages" to "get_user_pages_remote" - make - cd.. III) install modules (superuser) [2] cp vmmon.o /lib/modules/`uname -r`/kernel/drivers/misc/vmmon.ko cp vmnet.o /lib/modules/`uname -r`/kernel/drivers/misc/vmnet.ko depmod -a /etc/init.d/vmware restart HTH tested working. [1] https://communities.vmware.com/message/2598402#2598402 [2] https://communities.vmware.com/message/2570941#2570941 -- Cheers Marvin

1 0

Re: [opensuse-factory] NVMe based laptop?
by Bruno Friedmann 03 Jun '16

03 Jun '16

[snip]... >>> Thanks >>> Greg >> >> >> Depending of the day and plasma5 vapor, I'm a happy/unhappy owner of a >> Dell >> Precision M7510 Laptop >> since last december. >> It has a generous Xeon Skylake inside (yes a Xeon inside a lappy) 32Gb >> ram >> a intel gpu M530 (optimus) disabled in bios >> a Nvidia M200M quadro with 5 GB of ram >> a 4k display >> and I've took the challenge to bought the option 1TB M2 pcie SSD >> >> There's not that much trouble to use it as main storage you should >> find it >> under /dev/nvme0n1 >> >> It's just fantastic and insane, with mine I got a ~1.8GB read and >> ~1.4GB >> write :-) >> It make my previous ssd crucial looking like a Ford T ... >> >> you have a advanced package to install : nvme >> which will help you to grab smart-log and other advanced commands. >> >> Still I don't know how much time it will survive, but in the meantime >> what a >> cool thing. >> >> Have fun. > > I'm already getting psyched! > > Since your machine is Skylake based, it would be great to know if the > 4.4 LTS Kernel provides full support. > > I understand 4.4.0 didn't but there have been a lot of back ports > done, so who knows now. > > I've got the 4.4.11 default kernel RPM for Tumbleweed in: > > /repositories/home:/gregfreemyer:/Kernel:/LTS/openSUSE_Tumbleweed/x86_64 > > Greg Unfortunately, I will not be able to try that one a few day before my holidays :-) Even today with 4.5.4 or 4.6.0 not everything work, the bluetooth failed and also the dell_laptop (not directly concerned) module is failing keyboard backlight etc. I've seen move in the direction... If you have to use the intel gpu, I fear you need the lastest kernel/mesa/xorg (especially with 4k screen) And my advise is check at least every month your mfg support website, for newer bios. My Dell got 8 upgrade since January, and lot of changelog is firmware upgrade. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] [TW] mutt-1.6.1 unusable when built with --enable-sidebar
by Manfred Hollstein 02 Jun '16

02 Jun '16

Hi there, something in advance: I'm a long time mutt user. Therefore I'm used to shuffle through the list of folders containing new/unread messages using the 'c' followed by 'space' key sequence. This doesn't work anymore in current Tumbleweed snapshots. I narrowed it down to the configure option "--enable-sidebar", which enables some pseudo graphical functionality for - I guess - mutt newbies. Rebuilding the otherwise unchanged package with "--disable-sidebar" produces a normally working mutt again. I strongly recommend to disable this code until it gets fixed. <https://bugzilla.opensuse.org/show_bug.cgi?id=982129> Hope this helps some otherwise potentially frustrated mutt users ;) Thx, cheers. l8er manfred

5 16

[opensuse-factory] Networkmanager keeps asking for passwd
by Jogchum Reitsma 01 Jun '16

01 Jun '16

Hi, I installed Tumbleweed snapshot20160520 on our laptop, as a fresh install, but with the existing /home dir's. Beforehand it ran 42.1, which I had to re-install or upgrade. Somehow I'm unable to reach websites. The (wifi)-network is running, I can ping external addresses (e.g. 8.8.8.8, which I set up as first nameserver), but I cannot access websites. Not as normal user, not as root (destination host is unreachable). Firewall is disabled, and using our phones I do get access, so it doesn't seem a router problem to me. I tried both networkmanager and wicked. Networkmanager keeps on asking for the password of the router, wicked gives a working wifi-connection, but no access to url's. Using that laptop, with webaccess, is crucial to my wife's work, so I'm rather desperate to get it up... Anyone an idea? Regards, Jogchum -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

3 2

[opensuse-factory] Ports for 42.2
by Bo Simonsen 01 Jun '16

01 Jun '16

Dear fellow openSUSE users I have seen people writing about porting LEAP 42.2 for both i586 and ARM. Is there any plans on releasing these official with 42.2? I would love to run 42.2 on my raspberry pi (right now Tumbleweed, seems good, but would like something rock solid that is openSUSE) Bo -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

3 3

[opensuse-factory] Re: Just the last question about jrep
by Andreas Stieger 01 Jun '16

01 Jun '16

Hi, further to https://build.opensuse.org/request/show/398997 On 05/31/2016 06:59 PM, Dmitriy Perlow wrote: > What if jrep's upstream would provide self-contained .jar? Would the > issue be resolved? I do not think this would make much of a difference, it would still be a collection of binary blobs we cannot rebuild from source or patch to fix issues. Andreas -- Andreas Stieger <astieger(a)suse.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 0

[opensuse-factory] leap package update
by Peter Czanik 01 Jun '16

01 Jun '16

Hi, I need to prepare an update for syslog-ng in Leap 42.1 (bug #965191). I checked the wiki, but could not find the page explaining what steps are necessary. Could you point me to it or explain it here? Thanks, CzP -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

2 1