[opensuse-factory] New Factory snapshot 20140928 released!
fribidi-32bit gtk3-tools-32bit libgtk-3-0-32bit hxtools hxtools-man hxtools-scripts sysinfo
libcanberra-gtk3-module-32bit
libfm-gtk4 libfm-lang libfm4 lxshortcut
lxpanel-lang
pcmanfm-lang
uim-32bit uim-gtk2 uim-gtk2-32bit uim-gtk3 uim-gtk3-32bit uim-qt4 uim-qt4-32bit
ibus-branding-openSUSE-KDE ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5-32bit python-ibus ibus-anthy ibus-googlepinyin ibus-libpinyin ibus-libzhuyin ibus-m17n ibus-pinyin ibus-qt ibus-sunpinyin ibus-table ibus-table-chinese-array ibus-table-chinese-cangjie ibus-table-chinese-cantonese ibus-table-chinese-easy ibus-table-chinese-erbi ibus-table-chinese-jyutping ibus-table-chinese-quick ibus-table-chinese-scj ibus-table-chinese-stroke5 ibus-table-chinese-wu ibus-table-chinese-wubi-haifeng ibus-table-chinese-wubi-jidian ibus-table-chinese-yong ibus-table-rustrad ibus-table-translit ibus-table-zhuyin kactivities4
libva-egl1 libva-glx1 libva-x11-1 libva1 vaapi-dummy-driver
ibus-mozc-candidate-window opencc
Changed packages:
==== GraphicsMagick-devel ====
Subpackages: libGraphicsMagick-Q16-3 libGraphicsMagickWand-Q16-2
- Move library configuration files to separated package
==== ImageMagick ====
Version update (6.8.9.5 -> 6.8.9.8)
Subpackages: ImageMagick-devel ImageMagick-doc ImageMagick-extra libMagick++-6_Q16-5 libMagickCore-6_Q16-2 libMagickWand-6_Q16-2 perl-PerlMagick
- update to 6.8.9-8
* JPEG library version >= 80 is thread safe
* Added support for some legacy dds formats
- updated to 6.8.9-7
* Fix off by one buglet when extracting profiles 8BIM.
* Fixed bug when reading 1 bit PSD.
* Fixed fill-rule in SVG clip path.
* Added support for R5G6B5, RGB5A1 and RGBA4 dds files.
* Write LAB pixels as percentages in the TXT image format.
* Throw exception when image morphology differs when comparing.
* Remove mogrify backup file.
* Read WEBP images from STDIN.
==== Mesa ====
Subpackages: Mesa-32bit Mesa-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL-devel Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv1_CM-devel Mesa-libGLESv1_CM1 Mesa-libGLESv2-2 Mesa-libGLESv2-devel Mesa-libglapi-devel Mesa-libglapi0 Mesa-libglapi0-32bit libOSMesa-devel libOSMesa9 libOSMesa9-32bit libgbm-devel libgbm1 libgbm1-32bit libvdpau_nouveau libvdpau_r600 libvdpau_radeonsi libwayland-egl-devel libwayland-egl1 libxatracker2
- Update to version 10.3.0 (10.3 Final):
- New features:
+ GL_ARB_ES3_compatibility on nv50, nvc0, r600, radeonsi, softpipe, llvmpipe
+ GL_ARB_clear_texture on i965
+ GL_ARB_compressed_texture_pixel_storage on all drivers
+ GL_ARB_conditional_render_inverted on i965, nvc0, softpipe, llvmpipe
+ GL_ARB_derivative_control on i965, nv50, nvc0, r600
+ GL_ARB_draw_indirect on nvc0, radeonsi
+ GL_ARB_explicit_uniform_location (all drivers that support GLSL)
+ GL_ARB_fragment_layer_viewport on nv50, nvc0, llvmpipe, r600
+ GL_ARB_gpu_shader5 on i965/gen7, nvc0
+ GL_ARB_multi_draw_indirect on nvc0, radeonsi
+ GL_ARB_sample_shading on radeonsi
+ GL_ARB_seamless_cubemap_per_texture on i965, llvmpipe, nvc0, r600, radeonsi, softpipe
+ GL_ARB_stencil_texturing on nv50, nvc0, r600, and radeonsi
+ GL_ARB_texture_barrier on nv50, nvc0, r300, r600, radeonsi
+ GL_ARB_texture_compression_bptc on i965/gen7+, nvc0, r600/evergreen+, radeonsi
+ GL_ARB_texture_cube_map_array on radeonsi
+ GL_ARB_texture_gather on r600, radeonsi
+ GL_ARB_texture_query_levels on nv50, nvc0, llvmpipe, r600, radeonsi, softpipe
+ GL_ARB_texture_query_lod on r600, radeonsi
+ GL_ARB_viewport_array on nvc0
+ GL_AMD_vertex_shader_viewport_index on i965/gen7+, r600
+ GL_OES_compressed_ETC1_RGB8_texture on nv30, nv50, nvc0, r300, r600, radeonsi, softpipe, llvmpipe
+ GLX_MESA_query_renderer on nv30, nv50, nvc0, r300, r600, radeonsi, softpipe, llvmpipe
+ A new software rasterizer driver (kms_swrast_dri.so) that works with DRM drivers that don't have a full-fledged GEM (such as qxl or simpledrm)
- Changes:
Building of gallium-pipe disabled for now by upstream, see:
http://cgit.freedesktop.org/mesa/mesa/commit/?h=10.3&id=07426ad1029c3505b809dc9eec104007fb623983
Nevertheless keep it around as it may get enabled again.
==== MozillaFirefox ====
Version update (31.1.0 -> 32.0.2)
Subpackages: MozillaFirefox-translations-common
- update to Firefox 32.0.2
* just a version bump for our builds
* fixed the in application update process for certain environments
(in application update is not enabled in openSUSE and Linux
is unaffected in any case)
- build with --disable-optimize for 13.1 and above for i586 to
workaround miscompilations (bnc#896624)
- use some more build flags to align with upstream
- update to Firefox 32.0.1
* fixed stability issues for computers with multiple graphics cards
* mixed content icon may be incorrectly displayed instead of lock
icon for SSL sites in 32.0 (
* WebRTC: setRemoteDescription() silently fails if no success
callback is specified (bmo#1063971)
- update to Firefox 32.0 (bnc#894370)
* MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562
Miscellaneous memory safety hazards
* MFSA 2014-68/CVE-2014-1563 (bmo#1018524)
Use-after-free during DOM interactions with SVG
* MFSA 2014-69/CVE-2014-1564 (bmo#1045977)
Uninitialized memory use during GIF rendering
* MFSA 2014-70/CVE-2014-1565 (bmo#1047831)
Out-of-bounds read in Web Audio audio timeline
* MFSA 2014-72/CVE-2014-1567 (bmo#1037641)
Use-after-free setting text directionality
- rebased patches
- requires NSS 3.16.4
- removed upstreamed patch
* mozilla-aarch64-bmo-810631.patch
- adapted _constraints, used more than 3900MB on s390x during
last build
- update to Firefox 31.0 (bnc#887746)
* MFSA 2014-56/CVE-2014-1547/CVE-2014-1548
Miscellaneous memory safety hazards
* MFSA 2014-57/CVE-2014-1549 (bmo#1020205)
Buffer overflow during Web Audio buffering for playback
* MFSA 2014-58/CVE-2014-1550 (bmo#1020411)
Use-after-free in Web Audio due to incorrect control message ordering
* MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375)
Toolbar dialog customization event spoofing
* MFSA 2014-61/CVE-2014-1555 (bmo#1023121)
Use-after-free with FireOnStateChange event
* MFSA 2014-62/CVE-2014-1556 (bmo#1028891)
Exploitable WebGL crash with Cesium JavaScript library
* MFSA 2014-63/CVE-2014-1544 (bmo#963150)
Use-after-free while when manipulating certificates in the trusted cache
(solved with NSS 3.16.2 requirement)
* MFSA 2014-64/CVE-2014-1557 (bmo#913805)
Crash in Skia library when scaling high quality images
* MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560
(bmo#1015973, bmo#1026022, bmo#997795)
Certificate parsing broken by non-standard character encoding
* MFSA 2014-66/CVE-2014-1552 (bmo#985135)
IFRAME sandbox same-origin access through redirect
- use EGL on ARM
- rebased patches
- requires NSS 3.16.2
- requires python-devel (not only python)
- update to Firefox 30.0 (bnc#881874)
* MFSA 2014-48/CVE-2014-1533/CVE-2014-1534
(bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874,
bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981,
bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817,
bmo#996536, bmo#996715, bmo#999651, bmo#1000598,
bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223,
bmo#1009952, bmo#1011007)
Miscellaneous memory safety hazards (rv:30.0)
* MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538
(bmo#989994, bmo#999274, bmo#1005584)
Use-after-free and out of bounds issues found using Address
Sanitizer
* MFSA 2014-50/CVE-2014-1539 (bmo#995603)
Clickjacking through cursor invisability after Flash interaction
* MFSA 2014-51/CVE-2014-1540 (bmo#978862)
Use-after-free in Event Listener Manager
* MFSA 2014-52/CVE-2014-1541 (bmo#1000185)
Use-after-free with SMIL Animation Controller
* MFSA 2014-53/CVE-2014-1542 (bmo#991533)
Buffer overflow in Web Audio Speex resampler
* MFSA 2014-54/CVE-2014-1543 (bmo#1011859)
Buffer overflow in Gamepad API
* MFSA 2014-55/CVE-2014-1545 (bmo#1018783)
Out of bounds write in NSPR
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-bmo-962488.patch
* mozilla-aarch64-bmo-963023.patch
* mozilla-aarch64-bmo-963024.patch
* mozilla-aarch64-bmo-963027.patch
* mozilla-ppc64-xpcom.patch
* mozilla-ppc64le-javascript.patch
* mozilla-ppc64le-libffi.patch
* mozilla-ppc64le-mfbt.patch
* mozilla-ppc64le-webrtc.patch
* mozilla-ppc64le-xpcom.patch
* mozilla-ppc64le-build.patch
- requires NSPR 4.10.6
- enabled GStreamer 1.0 usage for 13.2 and above
- update to Firefox 29.0.1
* Seer disabled by default (bmo#1005958)
* Session Restore failed with a corrupted sessionstore.js file
(bmo#1001167)
* pdf.js printing white page (bmo#1003707, bnc#876833)
- general.useragent.locale gets overwritten with en-US while it
should be using the active langpack's setting
- update to Firefox 29.0 (bnc#875378)
* MFSA 2014-34/CVE-2014-1518/CVE-2014-1519
Miscellaneous memory safety hazards
* MFSA 2014-36/CVE-2014-1522 (bmo#995289)
Web Audio memory corruption issues
* MFSA 2014-37/CVE-2014-1523 (bmo#969226)
Out of bounds read while decoding JPG images
* MFSA 2014-38/CVE-2014-1524 (bmo#989183)
Buffer overflow when using non-XBL object as XBL
* MFSA 2014-39/CVE-2014-1525 (bmo#989210)
Use-after-free in the Text Track Manager for HTML video
* MFSA 2014-41/CVE-2014-1528 (bmo#963962)
Out-of-bounds write in Cairo
* MFSA 2014-42/CVE-2014-1529 (bmo#987003)
Privilege escalation through Web Notification API
* MFSA 2014-43/CVE-2014-1530 (bmo#895557)
Cross-site scripting (XSS) using history navigations
* MFSA 2014-44/CVE-2014-1531 (bmo#987140)
Use-after-free in imgLoader while resizing images
* MFSA 2014-45/CVE-2014-1492 (bmo#903885)
Incorrect IDNA domain name matching for wildcard certificates
(fixed by NSS 3.16)
* MFSA 2014-46/CVE-2014-1532 (bmo#966006)
Use-after-free in nsHostResolver
* MFSA 2014-47/CVE-2014-1526 (bmo#988106)
Debugger can bypass XrayWrappers with JavaScript
- rebased patches
- removed obsolete patches
* firefox-browser-css.patch
* mozilla-aarch64-599882cfb998.diff
* mozilla-aarch64-bmo-963028.patch
* mozilla-aarch64-bmo-963029.patch
* mozilla-aarch64-bmo-963030.patch
* mozilla-aarch64-bmo-963031.patch
- requires NSS 3.16
- added mozilla-icu-strncat.patch to fix post build checks
- add mozilla-aarch64-599882cfb998.patch,
mozilla-aarch64-bmo-810631.patch,
mozilla-aarch64-bmo-962488.patch,
mozilla-aarch64-bmo-963030.patch,
mozilla-aarch64-bmo-963027.patch,
mozilla-aarch64-bmo-963028.patch,
mozilla-aarch64-bmo-963029.patch,
mozilla-aarch64-bmo-963023.patch,
mozilla-aarch64-bmo-963024.patch,
mozilla-aarch64-bmo-963031.patch: AArch64 porting
- Add patch for bmo#973977
* mozilla-ppc64-xpcom.patch
- Refresh mozilla-ppc64le-xpcom.patch patch
- Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system
- update to Firefox 28.0 (bnc#868603)
* MFSA 2014-15/CVE-2014-1493/CVE-2014-1494
Miscellaneous memory safety hazards
* MFSA 2014-17/CVE-2014-1497 (bmo#966311)
Out of bounds read during WAV file decoding
* MFSA 2014-18/CVE-2014-1498 (bmo#935618)
crypto.generateCRMFRequest does not validate type of key
* MFSA 2014-19/CVE-2014-1499 (bmo#961512)
Spoofing attack on WebRTC permission prompt
* MFSA 2014-20/CVE-2014-1500 (bmo#956524)
onbeforeunload and Javascript navigation DOS
* MFSA 2014-22/CVE-2014-1502 (bmo#972622)
WebGL content injection from one domain to rendering in another
* MFSA 2014-23/CVE-2014-1504 (bmo#911547)
Content Security Policy for data: documents not preserved by
session restore
* MFSA 2014-26/CVE-2014-1508 (bmo#963198)
Information disclosure through polygon rendering in MathML
* MFSA 2014-27/CVE-2014-1509 (bmo#966021)
Memory corruption in Cairo during PDF font rendering
* MFSA 2014-28/CVE-2014-1505 (bmo#941887)
SVG filters information disclosure through feDisplacementMap
* MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909)
Privilege escalation using WebIDL-implemented APIs
* MFSA 2014-30/CVE-2014-1512 (bmo#982957)
Use-after-free in TypeObject
* MFSA 2014-31/CVE-2014-1513 (bmo#982974)
Out-of-bounds read/write through neutering ArrayBuffer objects
* MFSA 2014-32/CVE-2014-1514 (bmo#983344)
Out-of-bounds write through TypedArrayObject after neutering
- requires NSPR 4.10.3 and NSS 3.15.5
- new build dependency (and recommends):
* libpulse
- update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com)
- rebased patches
- update to Firefox 27.0.1
* Fixed stability issues with Greasemonkey and other JS that used
ClearTimeoutOrInterval
* JS math correctness issue (bmo#941381)
- incorporate Google API key for geolocation (bnc#864170)
- updated list of "other" locales in RPM requirements
- update to Firefox 27.0 (bnc#861847)
* MFSA 2014-01/CVE-2014-1477/CVE-2014-1478
Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)
* MFSA 2014-02/CVE-2014-1479 (bmo#911864)
Clone protected content with XBL scopes
* MFSA 2014-03/CVE-2014-1480 (bmo#916726)
UI selection timeout missing on download prompts
* MFSA 2014-04/CVE-2014-1482 (bmo#943803)
Incorrect use of discarded images by RasterImage
* MFSA 2014-05/CVE-2014-1483 (bmo#950427)
Information disclosure with *FromPoint on iframes
* MFSA 2014-06/CVE-2014-1484 (bmo#953993)
Profile path leaks to Android system log
* MFSA 2014-07/CVE-2014-1485 (bmo#910139)
XSLT stylesheets treated as styles in Content Security Policy
* MFSA 2014-08/CVE-2014-1486 (bmo#942164)
Use-after-free with imgRequestProxy and image proccessing
* MFSA 2014-09/CVE-2014-1487 (bmo#947592)
Cross-origin information leak through web workers
* MFSA 2014-10/CVE-2014-1489 (bmo#959531)
Firefox default start page UI content invokable by script
* MFSA 2014-11/CVE-2014-1488 (bmo#950604)
Crash when using web workers with asm.js
* MFSA 2014-12/CVE-2014-1490/CVE-2014-1491
(bmo#934545, bmo#930874, bmo#930857)
NSS ticket handling issues
* MFSA 2014-13/CVE-2014-1481(bmo#936056)
Inconsistent JavaScript handling of access to Window objects
- requires NSS 3.15.4 or higher
- rebased/reworked patches
- removed obsolete mozilla-bug929439.patch
- Add support for powerpc64le-linux.
* mozilla-ppc64le.patch: general support
* mozilla-libffi-ppc64le.patch: libffi backport
* mozilla-xpcom-ppc64le.patch: port xpcom
- Add build fix from mainline.
* mozilla-bug929439.patch
- update to Firefox 26.0 (bnc#854367, bnc#854370)
* rebased patches
* requires NSPR 4.10.2 and NSS 3.15.3.1
* MFSA 2013-104/CVE-2013-5609/CVE-2013-5610
Miscellaneous memory safety hazards
* MFSA 2013-105/CVE-2013-5611 (bmo#771294)
Application Installation doorhanger persists on navigation
* MFSA 2013-106/CVE-2013-5612 (bmo#871161)
Character encoding cross-origin XSS attack
* MFSA 2013-107/CVE-2013-5614 (bmo#886262)
Sandbox restrictions not applied to nested object elements
* MFSA 2013-108/CVE-2013-5616 (bmo#938341)
Use-after-free in event listeners
* MFSA 2013-109/CVE-2013-5618 (bmo#926361)
Use-after-free during Table Editing
* MFSA 2013-110/CVE-2013-5619 (bmo#917841)
Potential overflow in JavaScript binary search algorithms
* MFSA 2013-111/CVE-2013-6671 (bmo#930281)
Segmentation violation when replacing ordered list elements
* MFSA 2013-112/CVE-2013-6672 (bmo#894736)
Linux clipboard information disclosure though selection paste
* MFSA 2013-113/CVE-2013-6673 (bmo#970380)
Trust settings for built-in roots ignored during EV certificate
validation
* MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449)
Use-after-free in synthetic mouse movement
* MFSA 2013-115/CVE-2013-5615 (bmo#929261)
GetElementIC typed array stubs can be generated outside observed
typesets
* MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693)
JPEG information leak
* MFSA 2013-117 (bmo#946351)
Mis-issued ANSSI/DCSSI certificate
(fixed via NSS 3.15.3.1)
- removed gecko.js preference file as GStreamer is enabled by
default now
- update to Firefox 25.0 (bnc#847708)
* rebased patches
* requires NSS 3.15.2 or above
* MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592
Miscellaneous memory safety hazards
* MFSA 2013-94/CVE-2013-5593 (bmo#868327)
Spoofing addressbar through SELECT element
* MFSA 2013-95/CVE-2013-5604 (bmo#914017)
Access violation with XSLT and uninitialized data
* MFSA 2013-96/CVE-2013-5595 (bmo#916580)
Improperly initialized memory and overflows in some JavaScript
functions
* MFSA 2013-97/CVE-2013-5596 (bmo#910881)
Writing to cycle collected object during image decoding
* MFSA 2013-98/CVE-2013-5597 (bmo#918864)
Use-after-free when updating offline cache
* MFSA 2013-99/CVE-2013-5598 (bmo#920515)
Security bypass of PDF.js checks using iframes
* MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601
(bmo#915210, bmo#915576, bmo#916685)
Miscellaneous use-after-free issues found through ASAN fuzzing
* MFSA 2013-101/CVE-2013-5602 (bmo#897678)
Memory corruption in workers
* MFSA 2013-102/CVE-2013-5603 (bmo#916404)
Use-after-free in HTML document templates
- as GStreamer is not automatically required anymore but loaded
dynamically if available, require it explicitely
- recommend optional GStreamer plugins for comprehensive media
support
- move greek to the translations-common package (bnc#840551)
- update to Firefox 24.0 (bnc#840485)
* MFSA 2013-76/CVE-2013-1718/CVE-2013-1719
Miscellaneous memory safety hazards
* MFSA 2013-77/CVE-2013-1720 (bmo#888820)
Improper state in HTML5 Tree Builder with templates
* MFSA 2013-78/CVE-2013-1721 (bmo#890277)
Integer overflow in ANGLE library
* MFSA 2013-79/CVE-2013-1722 (bmo#893308)
Use-after-free in Animation Manager during stylesheet cloning
* MFSA 2013-80/CVE-2013-1723 (bmo#891292)
NativeKey continues handling key messages after widget is destroyed
* MFSA 2013-81/CVE-2013-1724 (bmo#894137)
Use-after-free with select element
* MFSA 2013-82/CVE-2013-1725 (bmo#876762)
Calling scope for new Javascript objects can lead to memory corruption
* MFSA 2013-85/CVE-2013-1728 (bmo#883686)
Uninitialized data in IonMonkey
* MFSA 2013-88/CVE-2013-1730 (bmo#851353)
Compartment mismatch re-attaching XBL-backed nodes
* MFSA 2013-89/CVE-2013-1732 (bmo#883514)
Buffer overflow with multi-column, lists, and floats
* MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301)
Memory corruption involving scrolling
* MFSA 2013-91/CVE-2013-1737 (bmo#907727)
User-defined properties on DOM proxies get the wrong "this" object
* MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897)
GC hazard with default compartments and frame chain restoration
- enable gstreamer explicitely via pref (gecko.js)
- require NSS 3.15.1
- update to Firefox 23.0.1
* Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls
(bmo#901527)
- update to Firefox 23.0 (bnc#833389)
* MFSA 2013-63/CVE-2013-1701/CVE-2013-1702
Miscellaneous memory safety hazards
* MFSA 2013-64/CVE-2013-1704 (bmo#883313)
Use after free mutating DOM during SetBody
* MFSA 2013-65/CVE-2013-1705 (bmo#882865)
Buffer underflow when generating CRMF requests
* MFSA 2013-67/CVE-2013-1708 (bmo#879924)
Crash during WAV audio file decoding
* MFSA 2013-68/CVE-2013-1709 (bmo#838253)
Document URI misrepresentation and masquerading
* MFSA 2013-69/CVE-2013-1710 (bmo#871368)
CRMF requests allow for code execution and XSS attacks
* MFSA 2013-70/CVE-2013-1711 (bmo#843829)
Bypass of XrayWrappers using XBL Scopes
* MFSA 2013-72/CVE-2013-1713 (bmo#887098)
Wrong principal used for validating URI for some Javascript
components
* MFSA 2013-73/CVE-2013-1714 (bmo#879787)
Same-origin bypass with web workers and XMLHttpRequest
* MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397)
Local Java applets may read contents of local file system
- requires NSPR 4.10 and NSS 3.15
- fix build on ARM (/-g/ matches /-grecord-switches/)
- update to Firefox 22.0 (bnc#825935)
* removed obsolete patches
+ mozilla-qcms-ppc.patch
+ mozilla-gstreamer-760140.patch
* GStreamer support does not build on 12.1 anymore (build only
on 12.2 and later)
* MFSA 2013-49/CVE-2013-1682/CVE-2013-1683
Miscellaneous memory safety hazards
* MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686
Memory corruption found using Address Sanitizer
* MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823)
Privileged content access and execution via XBL
* MFSA 2013-52/CVE-2013-1688 (bmo#873966)
Arbitrary code execution within Profiler
* MFSA 2013-53/CVE-2013-1690 (bmo#857883)
Execution of unmapped memory through onreadystatechange event
* MFSA 2013-54/CVE-2013-1692 (bmo#866915)
Data in the body of XHR HEAD requests leads to CSRF attacks
* MFSA 2013-55/CVE-2013-1693 (bmo#711043)
SVG filters can lead to information disclosure
* MFSA 2013-56/CVE-2013-1694 (bmo#848535)
PreserveWrapper has inconsistent behavior
* MFSA 2013-57/CVE-2013-1695 (bmo#849791)
Sandbox restrictions not applied to nested frame elements
* MFSA 2013-58/CVE-2013-1696 (bmo#761667)
X-Frame-Options ignored when using server push with multi-part
responses
* MFSA 2013-59/CVE-2013-1697 (bmo#858101)
XrayWrappers can be bypassed to run user defined methods in a
privileged context
* MFSA 2013-60/CVE-2013-1698 (bmo#876044)
getUserMedia permission dialog incorrectly displays location
* MFSA 2013-61/CVE-2013-1699 (bmo#840882)
Homograph domain spoofing in .com, .net and .name
- Fix qcms altivec include (mozilla-qcms-ppc.patch)
- update to Firefox 21.0 (bnc#819204)
* removed upstreamed patch firefox-712763.patch
* removed disabled mozilla-disable-neon-option.patch
* MFSA 2013-41/CVE-2013-0801/CVE-2013-1669
Miscellaneous memory safety hazards
* MFSA 2013-42/CVE-2013-1670 (bmo#853709)
Privileged access for content level constructor
* MFSA 2013-43/CVE-2013-1671 (bmo#842255)
File input control has access to full path
* MFSA 2013-46/CVE-2013-1674 (bmo#860971)
Use-after-free with video and onresize event
* MFSA 2013-47/CVE-2013-1675 (bmo#866825)
Uninitialized functions in DOMSVGZoomEvent
* MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/
CVE-2013-1679/CVE-2013-1680/CVE-2013-1681
Memory corruption found using Address Sanitizer
- revert to use GStreamer 0.10 on 12.3 (bnc#814101)
(remove mozilla-gstreamer-1.patch)
- Explicitly disable WebRTC support on non-x86, the configure script
disables it only half-heartedly
- update to Firefox 20.0 (bnc#813026)
* requires NSPR 4.9.5 and NSS 3.14.3
* mozilla-webrtc-ppc.patch included upstream
* MFSA 2013-30/CVE-2013-0788/CVE-2013-0789
Miscellaneous memory safety hazards
* MFSA 2013-31/CVE-2013-0800 (bmo#825721)
Out-of-bounds write in Cairo library
* MFSA 2013-35/CVE-2013-0796 (bmo#827106)
WebGL crash with Mesa graphics driver on Linux
* MFSA 2013-36/CVE-2013-0795 (bmo#825697)
Bypass of SOW protections allows cloning of protected nodes
* MFSA 2013-37/CVE-2013-0794 (bmo#626775)
Bypass of tab-modal dialog origin disclosure
* MFSA 2013-38/CVE-2013-0793 (bmo#803870)
Cross-site scripting (XSS) using timed history navigations
* MFSA 2013-39/CVE-2013-0792 (bmo#722831)
Memory corruption while rendering grayscale PNG images
- use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch)
- build fixes for armv7hl:
* disable debug build as armv7hl does not have enough memory
* disable webrtc on armv7hl as it is non-compiling
- update to Firefox 19.0.2 (bnc#808243)
* MFSA 2013-29/CVE-2013-0787 (bmo#848644)
Use-after-free in HTML Editor
- update to Firefox 19.0.1
* blocklist updates
- update to Firefox 19.0 (bnc#804248)
* MFSA 2013-21/CVE-2013-0783/2013-0784
Miscellaneous memory safety hazards
* MFSA 2013-22/CVE-2013-0772 (bmo#801366)
Out-of-bounds read in image rendering
* MFSA 2013-23/CVE-2013-0765 (bmo#830614)
Wrapped WebIDL objects can be wrapped again
* MFSA 2013-24/CVE-2013-0773 (bmo#809652)
Web content bypass of COW and SOW security wrappers
* MFSA 2013-25/CVE-2013-0774 (bmo#827193)
Privacy leak in JavaScript Workers
* MFSA 2013-26/CVE-2013-0775 (bmo#831095)
Use-after-free in nsImageLoadingContent
* MFSA 2013-27/CVE-2013-0776 (bmo#796475)
Phishing on HTTPS connection through malicious proxy
* MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/
CVE-2013-0778/CVE-2013-0779/CVE-2013-0781
Use-after-free, out of bounds read, and buffer overflow issues
found using Address Sanitizer
- removed obsolete patches
* mozilla-webrtc.patch
* mozilla-gstreamer-803287.patch
- added patch to fix session restore window order (bmo#712763)
- update to Firefox 18.0.2
* blocklist and CTP updates
* fixes in JS engine
- update to Firefox 18.0.1
* blocklist updates
* backed out bmo#677092 (removed patch)
* fixed problems involving HTTP proxy transactions
- Fix WebRTC to build on powerpc
- update to Firefox 18.0 (bnc#796895)
* MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770
Miscellaneous memory safety hazards
* MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767
CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829
Use-after-free and buffer overflow issues found using Address Sanitizer
* MFSA 2013-03/CVE-2013-0768 (bmo#815795)
Buffer Overflow in Canvas
* MFSA 2013-04/CVE-2012-0759 (bmo#802026)
URL spoofing in addressbar during page loads
* MFSA 2013-05/CVE-2013-0744 (bmo#814713)
Use-after-free when displaying table with many columns and column groups
* MFSA 2013-06/CVE-2013-0751 (bmo#790454)
Touch events are shared across iframes
* MFSA 2013-07/CVE-2013-0764 (bmo#804237)
Crash due to handling of SSL on threads
* MFSA 2013-08/CVE-2013-0745 (bmo#794158)
AutoWrapperChanger fails to keep objects alive during garbage collection
* MFSA 2013-09/CVE-2013-0746 (bmo#816842)
Compartment mismatch with quickstubs returned values
* MFSA 2013-10/CVE-2013-0747 (bmo#733305)
Event manipulation in plugin handler to bypass same-origin policy
* MFSA 2013-11/CVE-2013-0748 (bmo#806031)
Address space layout leaked in XBL objects
* MFSA 2013-12/CVE-2013-0750 (bmo#805121)
Buffer overflow in Javascript string concatenation
* MFSA 2013-13/CVE-2013-0752 (bmo#805024)
Memory corruption in XBL with XML bindings containing SVG
* MFSA 2013-14/CVE-2013-0757 (bmo#813901)
Chrome Object Wrapper (COW) bypass through changing prototype
* MFSA 2013-15/CVE-2013-0758 (bmo#813906)
Privilege escalation through plugin objects
* MFSA 2013-16/CVE-2013-0753 (bmo#814001)
Use-after-free in serializeToStream
* MFSA 2013-17/CVE-2013-0754 (bmo#814026)
Use-after-free in ListenerManager
* MFSA 2013-18/CVE-2013-0755 (bmo#814027)
Use-after-free in Vibrate
* MFSA 2013-19/CVE-2013-0756 (bmo#814029)
Use-after-free in Javascript Proxy objects
- requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743)
- removed obsolete SLE11 patches (mozilla-gcc43*)
- reenable WebRTC
- added mozilla-libproxy-compat.patch for libproxy API compat
on openSUSE 11.2 and earlier
- backed out restartless language packs as it broke multi-locale
setup (bmo#677092, bmo#818468)
- update to Firefox 17.0.1
* revert some useragent changes introduced in 17.0
* leaving private browsing with social enabled doesn't reset all
social components (bmo#815042)
- fix KDE integration for file dialogs
- update to Firefox 17.0 (bnc#790140)
* MFSA 2012-91/CVE-2012-5842/CVE-2012-5843
Miscellaneous memory safety hazards
* MFSA 2012-92/CVE-2012-4202 (bmo#758200)
Buffer overflow while rendering GIF images
* MFSA 2012-93/CVE-2012-4201 (bmo#747607)
evalInSanbox location context incorrectly applied
* MFSA 2012-94/CVE-2012-5836 (bmo#792857)
Crash when combining SVG text on path with CSS
* MFSA 2012-95/CVE-2012-4203 (bmo#765628)
Javascript: URLs run in privileged context on New Tab page
* MFSA 2012-96/CVE-2012-4204 (bmo#778603)
Memory corruption in str_unescape
* MFSA 2012-97/CVE-2012-4205 (bmo#779821)
XMLHttpRequest inherits incorrect principal within sandbox
* MFSA 2012-99/CVE-2012-4208 (bmo#798264)
XrayWrappers exposes chrome-only properties when not in chrome
compartment
* MFSA 2012-100/CVE-2012-5841 (bmo#805807)
Improper security filtering for cross-origin wrappers
* MFSA 2012-101/CVE-2012-4207 (bmo#801681)
Improper character decoding in HZ-GB-2312 charset
* MFSA 2012-102/CVE-2012-5837 (bmo#800363)
Script entered into Developer Toolbar runs with chrome privileges
* MFSA 2012-103/CVE-2012-4209 (bmo#792405)
Frames can shadow top.location
* MFSA 2012-104/CVE-2012-4210 (bmo#796866)
CSS and HTML injection through Style Inspector
* MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/
CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/
CVE-2012-4213/CVE-2012-4217/CVE-2012-4218
Use-after-free and buffer overflow issues found using Address
Sanitizer
* MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838
Use-after-free, buffer overflow, and memory corruption issues
found using Address Sanitizer
- rebased patches
- disabled WebRTC since build is broken (bmo#776877)
- build on SLE11
* mozilla-gcc43-enums.patch
* mozilla-gcc43-template_hacks.patch
* mozilla-gcc43-templates_instantiation.patch
- update to Firefox 16.0.2 (bnc#786522)
* MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196
(bmo#800666, bmo#793121, bmo#802557)
Fixes for Location object issues
- bring back Obsoletes for libproxy's mozjs plugin for distributions
before 12.2 to avoid crashes
- update to Firefox 16.0.1 (bnc#783533)
* MFSA 2012-88/CVE-2012-4191 (bmo#798045)
Miscellaneous memory safety hazards
* MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619)
defaultValue security checks not applied
- update to Firefox 16.0 (bnc#783533)
* MFSA 2012-74/CVE-2012-3982/CVE-2012-3983
Miscellaneous memory safety hazards
* MFSA 2012-75/CVE-2012-3984 (bmo#575294)
select element persistance allows for attacks
* MFSA 2012-76/CVE-2012-3985 (bmo#655649)
Continued access to initial origin after setting document.domain
* MFSA 2012-77/CVE-2012-3986 (bmo#775868)
Some DOMWindowUtils methods bypass security checks
* MFSA 2012-79/CVE-2012-3988 (bmo#725770)
DOS and crash with full screen and history navigation
* MFSA 2012-80/CVE-2012-3989 (bmo#783867)
Crash with invalid cast when using instanceof operator
* MFSA 2012-81/CVE-2012-3991 (bmo#783260)
GetProperty function can bypass security checks
* MFSA 2012-82/CVE-2012-3994 (bmo#765527)
top object and location property accessible by plugins
* MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370)
Chrome Object Wrapper (COW) does not disallow acces to privileged
functions or properties
* MFSA 2012-84/CVE-2012-3992 (bmo#775009)
Spoofing and script injection through location.hash
* MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/
CVE-2012-4181/CVE-2012-4182/CVE-2012-4183
Use-after-free, buffer overflow, and out of bounds read issues
found using Address Sanitizer
* MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/
CVE-2012-4188
Heap memory corruption issues found using Address Sanitizer
* MFSA 2012-87/CVE-2012-3990 (bmo#787704)
Use-after-free in the IME State Manager
- requires NSPR 4.9.2
- improve GStreamer integration (bmo#760140)
- removed upstreamed mozilla-crashreporter-restart-args.patch
- webapprt now included
- use kmozillahelper's new REVEAL command (bnc#777415)
(requires mozilla-kde4-integration >= 0.6.4)
- updated translations-other with new languages
- update to Firefox 15.0.1 (bnc#779936)
* Sites visited while in Private Browsing mode could be found
through manual browser cache inspection (bmo#787743)
- update to Firefox 15.0 (bnc#777588)
* MFSA 2012-57/CVE-2012-1970
Miscellaneous memory safety hazards
* MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975
CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959
CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964
Use-after-free issues found using Address Sanitizer
* MFSA 2012-59/CVE-2012-1956 (bmo#756719)
Location object can be shadowed using Object.defineProperty
* MFSA 2012-60/CVE-2012-3965 (bmo#769108)
Escalation of privilege through about:newtab
* MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793)
Memory corruption with bitmap format images with negative height
* MFSA 2012-62/CVE-2012-3967/CVE-2012-3968
WebGL use-after-free and memory corruption
* MFSA 2012-63/CVE-2012-3969/CVE-2012-3970
SVG buffer overflow and use-after-free issues
* MFSA 2012-64/CVE-2012-3971
Graphite 2 memory corruption
* MFSA 2012-65/CVE-2012-3972 (bmo#746855)
Out-of-bounds read in format-number in XSLT
* MFSA 2012-66/CVE-2012-3973 (bmo#757128)
HTTPMonitor extension allows for remote debugging without explicit
activation
* MFSA 2012-68/CVE-2012-3975 (bmo#770684)
DOMParser loads linked resources in extensions when parsing
text/html
* MFSA 2012-69/CVE-2012-3976 (bmo#768568)
Incorrect site SSL certificate data display
* MFSA 2012-70/CVE-2012-3978 (bmo#770429)
Location object security checks bypassed by chrome code
* MFSA 2012-72/CVE-2012-3980 (bmo#771859)
Web console eval capable of executing chrome-privileged code
- fix HTML5 video crash with GStreamer enabled (bmo#761030)
- GStreamer is only used for MP4 (no WebM, OGG)
- updated filelist
- moved browser specific preferences to correct location
- Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16)
- update to 14.0.1 (bnc#771583)
* MFSA 2012-42/CVE-2012-1949/CVE-2012-1948
Miscellaneous memory safety hazards
* MFSA 2012-43/CVE-2012-1950
Incorrect URL displayed in addressbar through drag and drop
* MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952
Gecko memory corruption
* MFSA 2012-45/CVE-2012-1955 (bmo#757376)
Spoofing issue with location
* MFSA 2012-46/CVE-2012-1966 (bmo#734076)
XSS through data: URLs
* MFSA 2012-47/CVE-2012-1957 (bmo#750096)
Improper filtering of javascript in HTML feed-view
* MFSA 2012-48/CVE-2012-1958 (bmo#750820)
use-after-free in nsGlobalWindow::PageHidden
* MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559)
Same-compartment Security Wrappers can be bypassed
* MFSA 2012-50/CVE-2012-1960 (bmo#761014)
Out of bounds read in QCMS
* MFSA 2012-51/CVE-2012-1961 (bmo#761655)
X-Frame-Options header ignored when duplicated
* MFSA 2012-52/CVE-2012-1962 (bmo#764296)
JSDependentString::undepend string conversion results in memory
corruption
* MFSA 2012-53/CVE-2012-1963 (bmo#767778)
Content Security Policy 1.0 implementation errors cause data
leakage
* MFSA 2012-55/CVE-2012-1965 (bmo#758990)
feed: URLs with an innerURI inherit security context of page
* MFSA 2012-56/CVE-2012-1967 (bmo#758344)
Code execution through javascript: URLs
- license change from tri license to MPL-2.0
- fix crashreporter restart option (bmo#762780)
- require NSS 3.13.5
- remove mozjs pacrunner obsoletes again for now
- adopted mozilla-prefer_plugin_pref.patch
- PPC fixes:
* reenabled mozilla-yarr-pcre.patch to fix build for PPC
* add patches for bmo#750620 and bmo#746112
* fix xpcshell segfault on ppc
- update to Firefox 13.0.1
* bugfix release
- obsolete libproxy's mozjs pacrunner (bnc#759123)
- update to Firefox 13.0 (bnc#765204)
* MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101
Miscellaneous memory safety hazards
* MFSA 2012-36/CVE-2012-1944 (bmo#751422)
Content Security Policy inline-script bypass
* MFSA 2012-37/CVE-2012-1945 (bmo#670514)
Information disclosure though Windows file shares and shortcut
files
* MFSA 2012-38/CVE-2012-1946 (bmo#750109)
Use-after-free while replacing/inserting a node in a document
* MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941
Buffer overflow and use-after-free issues found using Address
Sanitizer
- require NSS 3.13.4
* MFSA 2012-39/CVE-2012-0441 (bmo#715073)
- fix sound notifications when filename/path contains a whitespace
(bmo#749739)
- fix build on arm
- reenabled crashreporter for Factory/12.2
(fix in mozilla-gcc47.patch)
- update to Firefox 12.0 (bnc#758408)
* rebased patches
* MFSA 2012-20/CVE-2012-0467/CVE-2012-0468
Miscellaneous memory safety hazards
* MFSA 2012-22/CVE-2012-0469 (bmo#738985)
use-after-free in IDBKeyRange
* MFSA 2012-23/CVE-2012-0470 (bmo#734288)
Invalid frees causes heap corruption in gfxImageSurface
* MFSA 2012-24/CVE-2012-0471 (bmo#715319)
Potential XSS via multibyte content processing errors
* MFSA 2012-25/CVE-2012-0472 (bmo#744480)
Potential memory corruption during font rendering using cairo-dwrite
* MFSA 2012-26/CVE-2012-0473 (bmo#743475)
WebGL.drawElements may read illegal video memory due to
FindMaxUshortElement error
* MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307)
Page load short-circuit can lead to XSS
* MFSA 2012-28/CVE-2012-0475 (bmo#694576)
Ambiguous IPv6 in Origin headers may bypass webserver access
restrictions
* MFSA 2012-29/CVE-2012-0477 (bmo#718573)
Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
* MFSA 2012-30/CVE-2012-0478 (bmo#727547)
Crash with WebGL content using textImage2D
* MFSA 2012-31/CVE-2011-3062 (bmo#739925)
Off-by-one error in OpenType Sanitizer
* MFSA 2012-32/CVE-2011-1187 (bmo#624621)
HTTP Redirections and remote content can be read by javascript errors
* MFSA 2012-33/CVE-2012-0479 (bmo#714631)
Potential site identity spoofing when loading RSS and Atom feeds
- added mozilla-libnotify.patch to allow fallback from libnotify
to xul based events if no notification-daemon is running
- gcc 4.7 fixes
* mozilla-gcc47.patch
* disabled crashreporter temporarily for Factory
- recommend libcanberra0 for proper sound notifications
- update to Firefox 11.0 (bnc#750044)
* MFSA 2012-13/CVE-2012-0455 (bmo#704354)
XSS with Drag and Drop and Javascript: URL
* MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103)
SVG issues found with Address Sanitizer
* MFSA 2012-15/CVE-2012-0451 (bmo#717511)
XSS with multiple Content Security Policy headers
* MFSA 2012-16/CVE-2012-0458
Escalation of privilege with Javascript: URL as home page
* MFSA 2012-17/CVE-2012-0459 (bmo#723446)
Crash when accessing keyframe cssText after dynamic modification
* MFSA 2012-18/CVE-2012-0460 (bmo#727303)
window.fullScreen writeable by untrusted content
* MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/
CVE-2012-0463
Miscellaneous memory safety hazards
- ported and reenabled KDE integration (bnc#746591)
- explicitely build-require X libs
- add Provides: browser(npapi) FATE#313084
- better plugin directory resolution (bnc#747320)
- update to Firefox 10.0.2 (bnc#747328)
* CVE-2011-3026 (bmo#727401)
libpng: integer overflow leading to heap-buffer overflow
- update to Firefox 10.0.1 (bnc#746616)
* MFSA 2012-10/CVE-2012-0452 (bmo#724284)
use after free in nsXBLDocumentInfo::ReadPrototypeBindings
- Use YARR interpreter instead of PCRE on platforms where YARR JIT
is not supported, since PCRE doesnt build (bmo#691898)
- fix ppc64 build (bmo#703534)
- update to Firefox 10.0 (bnc#744275)
* MFSA 2012-01/CVE-2012-0442/CVE-2012-0443
Miscellaneous memory safety hazards
* MFSA 2012-03/CVE-2012-0445 (bmo#701071)
<iframe> element exposed across domains via name attribute
* MFSA 2012-04/CVE-2011-3659 (bmo#708198)
Child nodes from nsDOMAttribute still accessible after removal
of nodes
* MFSA 2012-05/CVE-2012-0446 (bmo#705651)
Frame scripts calling into untrusted objects bypass security
checks
* MFSA 2012-06/CVE-2012-0447 (bmo#710079)
Uninitialized memory appended when encoding icon images may
cause information disclosure
* MFSA 2012-07/CVE-2012-0444 (bmo#719612)
Potential Memory Corruption When Decoding Ogg Vorbis files
* MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466)
Crash with malformed embedded XSLT stylesheets
- KDE integration has been disabled since it needs refactoring
- removed obsolete ppc64 patch
- Disable neon for arm as it doesn't build correctly
- update to Firefox 9.0.1
* (strongparent) parentNode of element gets lost (bmo#335998)
- fix arm build, don't package crashreporter there
- update to Firefox 9 (bnc#737533)
* MFSA 2011-53/CVE-2011-3660
Miscellaneous memory safety hazards (rv:9.0)
* MFSA 2011-54/CVE-2011-3661 (bmo#691299)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-55/CVE-2011-3658 (bmo#708186)
nsSVGValue out-of-bounds access
* MFSA 2011-56/CVE-2011-3663 (bmo#704482)
Key detection without JavaScript via SVG animation
* MFSA 2011-58/VE-2011-3665 (bmo#701259)
Crash scaling <video> to extreme sizes
- Fix accessibility under GNOME 3 (bnc#732898)
- fix ppc64 build
- update to Firefox 8 (bnc#728520)
* MFSA 2011-47/CVE-2011-3648 (bmo#690225)
Potential XSS against sites using Shift-JIS
* MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654
Miscellaneous memory safety hazards
* MFSA 2011-49/CVE-2011-3650 (bmo#674776)
Memory corruption while profiling using Firebug
* MFSA 2011-52/CVE-2011-3655 (bmo#672182)
Code execution via NoWaiverWrapper
- rebased patches
- enable telemetry prompt
- update to minor release 7.0.1
* fixed staged addon updates
- set intl.locale.matchOS=true in the base package as it causes
too much confusion when it's only available with branding-openSUSE
- update to Firefox 7 (bnc#720264)
including
* Improve Responsiveness with Memory Reductions
* Instant Sync
* WebSocket protocol 8
* MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997
Miscellaneous memory safety hazards
* MFSA 2011-39/CVE-2011-3000 (bmo#655389)
Defense against multiple Location headers due to CRLF Injection
* MFSA 2011-40/CVE-2011-2372/CVE-2011-3001
Code installation through holding down Enter
* MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335)
Potentially exploitable WebGL crashes
* MFSA 2011-42/CVE-2011-3232 (bmo#653672)
Potentially exploitable crash in the YARR regular expression
library
* MFSA 2011-43/CVE-2011-3004 (bmo#653926)
loadSubScript unwraps XPCNativeWrapper scope parameter
* MFSA 2011-44/CVE-2011-3005 (bmo#675747)
Use after free reading OGG headers
* MFSA 2011-45
Inferring keystrokes from motion data
- removed obsolete mozilla-cairo-lcd.patch
- rebased patches
- removed XLIB_SKIP_ARGB_VISUALS=1 from environment in
mozilla.sh.in (bnc#680758)
- fixed loading of kde.js under KDE (bnc#718311)
- add dbus-1-glib-devel to BuildRequires (not pulled in
automatically anymore on 12.1)
- increase minversions for NSPR and NSS
- recreated source archive to get correct source-stamp.txt
- security update to 6.0.2 (bnc#714931)
* Complete blocking of certificates issued by DigiNotar
(bmo#683449)
- security update to 6.0.1 (bnc#714931)
* MFSA 2011-34
Protection against fraudulent DigiNotar certificates
(bmo#682927)
- update to 6.0 (bnc#712224)
included security fixes MFSA 2011-29
* CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985
Miscellaneous memory safety hazards
* CVE-2011-2993 (bmo#657267)
Unsigned scripts can call script inside signed JAR
* CVE-2011-2988 (bmo#665934)
Heap overflow in ANGLE library
* CVE-2011-0084 (bmo#648094)
Crash in SVGTextElement.getCharNumAtPosition()
* CVE-2011-2990
Credential leakage using Content Security Policy reports
* CVE-2011-2986 (bmo#655836)
Cross-origin data theft using canvas and Windows D2D
- removed obsolete curl header dependency (mozilla-curl.patch)
- update to 6.0b3
* removed obsolete patches
- firefox-shellservice.patch
- mozilla-gio.patch
- mozilla-ppc-ipc.patch
- firefox-linkorder.patch
- firefox-no-sync-l10n.patch
- recognize linux3 as platform for symbolstore.py
- Add x-scheme-handler/ftp to the MimeType key in the .desktop, to
let desktops know that Firefox can deal with ftp: URIs.
- create upstream branding package again (supposedly empty)
(bnc#703401)
- fix build on SLE11 (changes do not affect/are not applied for
later versions)
- enable startup notification (bnc#701465)
- update to 5.0 final
- included fixes for security issues: (bnc#701296, bnc#700578)
* MFSA 2011-19/CVE-2011-2374 CVE-2011-2375
Miscellaneous memory safety hazards
* MFSA 2011-20/CVE-2011-2373 (bmo#617247)
Use-after-free vulnerability when viewing XUL document with
script disabled
* MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303)
Memory corruption due to multipart/x-mixed-replace images
* MFSA 2011-22/CVE-2011-2371 (bmo#664009)
Integer overflow and arbitrary code execution in
Array.reduceRight()
* MFSA 2011-25/CVE-2011-2366
Stealing of cross-domain images using WebGL textures
* MFSA 2011-26/CVE-2011-2367 CVE-2011-2368
Multiple WebGL crashes
* MFSA 2011-27/CVE-2011-2369 (bmo#650001)
XSS encoding hazard with inline SVG
* MFSA 2011-28/CVE-2011-2370 (bmo#645699)
Non-whitelisted site can trigger xpinstall
- update to 5.0b7
* updated supported locales
- do not build dump_syms static (not needed for us)
- > fix build for openSUSE 12.1 and above
- update to 5.0b6
- include proper revision information into the build
- speedier find-external-requires.sh
- update to 5.0b3
- transformed to standalone Firefox (not xulrunner based)
(with new Firefox rapid release cycle it makes no sense anymore)
* imported all relevant xulrunner patches
- do not compile in build timestamp
- security update to 4.0.1 (bnc#689281)
* MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079
CVE-2011-0080 CVE-2011-0081
Miscellaneous memory safety hazards
* MFSA 2011-17/CVE-2011-0068 (bmo#623791)
WebGLES vulnerabilities
* MFSA 2011-18/CVE-2011-1202 (bmo#640339)
XSLT generate-id() function heap address leak
- add all available icon sizes
- license update: MPLv1.1 or GPLv2+ or LGPLv2+
Sync licenses with Fedora. MPL does not state ^or later^
- update to version 4.0rc2
- fixed rpm macros delivered with devel package (bnc#679950)
- update to version 4.0b12
- rebased patches
- update to version 4.0b11
* loads of bugfixes compared to last beta
* added "Do Not Track" option
- rebased patches
- disable testpilot
- set correct desktop file name within KDE for 11.4 and up
- add devel package with macros for extensions (from lnussel@suse.de)
- update to version 4.0b10
- removed obsolete firefox-shell-bmo624267.patch
- testpilot moved to distribution/extensions
- updated locale provides and removed bn-IN from locales
- update to version 4.0b9
- added x-scheme-handler for http and https to desktop file for
newer Gnome environments
- fixed default browser check/set for GIO (bmo#611953)
(mozilla-shellservice.patch)
- removed obsolete firefox-appname.patch (integrated into
shellservice patch)
- renamed desktop file to firefox.desktop for 11.4 and newer
(bnc#664211)
- removed support for 10.3 and older from the spec file
- removed obsolete "Ximian" categories from desktop file
- Mirror ac_add_options --disable-ipc from xulrunner for PowerPC.
- update to version 4.0beta8
- major update to version 4.0beta7
* based on mozilla-xulrunner20
* far too many internal changes to list
- security update to 3.6.12 (bnc#649492)
* MFSA 2010-73/CVE-2010-3765 (bmo#607222)
Heap buffer overflow mixing document.write and DOM insertion
- security update to 3.6.11 (bnc#645315)
* MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176
Miscellaneous memory safety hazards
* MFSA 2010-65/CVE-2010-3179 (bmo#583077)
Buffer overflow and memory corruption using document.write
* MFSA 2010-66/CVE-2010-3180 (bmo#588929)
Use-after-free error in nsBarProp
* MFSA 2010-67/CVE-2010-3183 (bmo#598669)
Dangling pointer vulnerability in LookupGetterOrSetter
* MFSA 2010-68/CVE-2010-3177 (bmo#556734)
XSS in gopher parser when parsing hrefs
* MFSA 2010-69/CVE-2010-3178 (bmo#576616)
Cross-site information disclosure via modal calls
* MFSA 2010-70/CVE-2010-3170 (bmo#578697)
SSL wildcard certificate matching IP addresses
* MFSA 2010-71/CVE-2010-3182 (bmo#590753)
Unsafe library loading vulnerabilities
* MFSA 2010-72/CVE-2010-3173
Insecure Diffie-Hellman key exchange
- update to 3.6.10
* fixing startup topcrash (bmo#594699)
- security update to 3.6.9 (bnc#637303)
* MFSA 2010-49/CVE-2010-3169
Miscellaneous memory safety hazards
* MFSA 2010-50/CVE-2010-2765 (bmo#576447)
Frameset integer overflow vulnerability
* MFSA 2010-51/CVE-2010-2767 (bmo#584512)
Dangling pointer vulnerability using DOM plugin array
* MFSA 2010-53/CVE-2010-3166 (bmo#579655)
Heap buffer overflow in nsTextFrameUtils::TransformText
* MFSA 2010-54/CVE-2010-2760 (bmo#585815)
Dangling pointer vulnerability in nsTreeSelection
* MFSA 2010-55/CVE-2010-3168 (bmo#576075)
XUL tree removal crash and remote code execution
* MFSA 2010-56/CVE-2010-3167 (bmo#576070)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-57/CVE-2010-2766 (bmo#580445)
Crash and remote code execution in normalizeDocument
* MFSA 2010-59/CVE-2010-2762 (bmo#584180)
SJOW creates scope chains ending in outer object
* MFSA 2010-61/CVE-2010-2768 (bmo#579744)
UTF-7 XSS by overriding document charset using <object> type
attribute
* MFSA 2010-62/CVE-2010-2769 (bmo#520189)
Copy-and-paste or drag-and-drop into designMode document allows
XSS
* MFSA 2010-63/CVE-2010-2764 (bmo#552090)
Information leak via XMLHttpRequest statusText
- disable crash reporter for non x86/x86_64 to make it build.
- security update to 3.6.8 (bnc#622506)
* MFSA 2010-48/CVE-2010-2755 (bmo#575836)
Dangling pointer crash regression from plugin parameter array
fix
- security update to 3.6.7 (bnc#622506)
* MFSA 2010-34/CVE-2010-1211/CVE-2010-1212
Miscellaneous memory safety hazards
* MFSA 2010-35/CVE-2010-1208 (bmo#572986)
DOM attribute cloning remote code execution vulnerability
* MFSA 2010-36/CVE-2010-1209 (bmo#552110)
Use-after-free error in NodeIterator
* MFSA 2010-37/CVE-2010-1214 (bmo#572985)
Plugin parameter EnsureCachedAttrParamArrays remote code
execution vulnerability
* MFSA 2010-38/CVE-2010-1215 (bmo#567069)
Arbitrary code execution using SJOW and fast native function
* MFSA 2010-39/CVE-2010-2752 (bmo#574059)
nsCSSValue::Array index integer overflow
* MFSA 2010-40/CVE-2010-2753 (bmo#571106)
nsTreeSelection dangling pointer remote code execution
vulnerability
* MFSA 2010-41/CVE-2010-1205 (bmo#570451)
Remote code execution using malformed PNG image
* MFSA 2010-42/CVE-2010-1213 (bmo#568148)
Cross-origin data disclosure via Web Workers and importScripts
* MFSA 2010-43/CVE-2010-1207 (bmo#571287)
Same-origin bypass using canvas context
* MFSA 2010-44/CVE-2010-1210 (bmo#564679)
Characters mapped to U+FFFD in 8 bit encodings cause subsequent
character to vanish
* MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957)
Multiple location bar spoofing vulnerabilities
* MFSA 2010-46/CVE-2010-0654 (bmo#524223)
Cross-domain data theft using CSS
* MFSA 2010-47/CVE-2010-2754 (bmo#568564)
Cross-origin data leakage from script filename in error messages
- update to 3.6.6 release
* modifies the crash protection feature to increase the amount
of time that plugins are allowed to be non-responsive before
being terminated.
- update to final 3.6.4 release (bnc#603356)
* MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/
CVE-2010-1203
Crashes with evidence of memory corruption (rv:1.9.2.4)
* MFSA 2010-28/CVE-2010-1198 (bmo#532246)
Freed object reuse across plugin instances
* MFSA 2010-29/CVE-2010-1196 (bmo#534666)
Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
* MFSA 2010-30/CVE-2010-1199 (bmo#554255)
Integer Overflow in XSLT Node Sorting
* MFSA 2010-31/CVE-2010-1125 (bmo#552255)
focus() behavior can be used to inject or steal keystrokes
* MFSA 2010-32/CVE-2010-1197 (bmo#537120)
Content-Disposition: attachment ignored if
Content-Type: multipart also present
* MFSA 2010-33/CVE-2008-5913 (bmo#475585)
User tracking across sites using Math.random()
- update to 3.6.4(build6)
- security update to 3.6.4 (Lorentz)
* enable crashreporter also for x86-64
* Flash runs in a separate process to avoid crashing Firefox
(ix86 only; x86-64 still uses nspluginwrapper)
- security update to 3.6.3
* MFSA 2010-25/CVE-2010-1121 (bmo#555109)
Re-use of freed object due to scope confusion
- security update to version 3.6.2 (bnc#586567)
* MFSA 2010-08/CVE-2010-1028
WOFF heap corruption due to integer overflow
* MFSA 2010-09/CVE-2010-0164 (bmo#547143)
Deleted frame reuse in multipart/x-mixed-replace image
* MFSA 2010-10/CVE-2010-0170 (bmo#541530)
XSS via plugins and unprotected Location object
* MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167
Crashes with evidence of memory corruption
* MFSA 2010-12/CVE-2010-0171 (bmo#531364)
XSS using addEventListener and setTimeout on a wrapped object
* MFSA 2010-13/CVE-2010-0168 (bmo#540642)
Content policy bypass with image preloading
* MFSA 2010-14/CVE-2010-0169 (bmo#535806)
Browser chrome defacement via cached XUL stylesheets
* MFSA 2010-15/CVE-2010-0172 (bmo#537862)
Asynchronous Auth Prompt attaches to wrong window
* MFSA 2010-16/CVE-2010-0173/CVE-2010-0174
Crashes with evidence of memory corruption
* MFSA 2010-18/CVE-2010-0176 (bmo#538308)
Dangling pointer vulnerability in nsTreeContentView
* MFSA 2010-19/CVE-2010-0177 (bmo#538310)
Dangling pointer vulnerability in nsPluginArray
* MFSA 2010-20/CVE-2010-0178 (bmo#546909)
Chrome privilege escalation via forced URL drag and drop
* MFSA 2010-22/CVE-2009-3555 (bmo#545755)
Update NSS to support TLS renegotiation indication
* MFSA 2010-23/CVE-2010-0181 (bmo#452093)
Image src redirect to mailto: URL opens email editor
* MFSA 2010-24/CVE-2010-0182 (bmo#490790)
XMLDocument::load() doesn't check nsIContentPolicy
- update to 3.6rc2 (already named 3.6.0)
- removed obsolete orbit-devel build requirement
- major update to 3.6rc1
- update to version 3.5.7 (bnc#568011)
* DNS resolution in MakeSN of nsAuthSSPI causing issues for
proxy servers that support NTLM auth (bmo#535193)
- added missing lockdown preferences (bnc#567131)
- readded firefox-ui-lockdown.patch (bnc#546158)
- security update to version 3.5.6 (bnc#559807)
* MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982
Crashes with evidence of memory corruption (rv:1.9.1.6)
* MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816)
Memory safety fixes in liboggplay media library
* MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613)
Integer overflow, crash in libtheora video library
* MFSA 2009-68/CVE-2009-3983 (bmo#487872)
NTLM reflection vulnerability
* MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232)
Location bar spoofing vulnerabilities
* MFSA 2009-70/VE-2009-3986 (bmo#522430)
Privilege escalation via chrome window.opener
- fixed firefox-browser-css.patch (bnc#561027)
- rebased patches for fuzz=0
- update to version 3.5.5 (bnc#553172)
- security update to version 3.5.4 (bnc#545277)
* MFSA 2009-52/CVE-2009-3370 (bmo#511615)
Form history vulnerable to stealing
* MFSA 2009-53/CVE-2009-3274 (bmo#514823)
Local downloaded file tampering
* MFSA 2009-54/CVE-2009-3371 (bmo#514554)
Crash with recursive web-worker calls
* MFSA 2009-55/CVE-2009-3372 (bmo#500644)
Crash in proxy auto-configuration regexp parsing
* MFSA 2009-56/CVE-2009-3373 (bmo#511689)
Heap buffer overflow in GIF color map parser
* MFSA 2009-57/CVE-2009-3374 (bmo#505988)
Chrome privilege escalation in XPCVariant::VariantDataToJS()
* MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862)
Heap buffer overflow in string to number conversion
* MFSA 2009-61/CVE-2009-3375 (bmo#503226)
Cross-origin data theft through document.getSelection()
* MFSA 2009-62/CVE-2009-3376 (bmo#511521)
Download filename spoofing with RTL override
* MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378
Upgrade media libraries to fix memory safety bugs
* MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383
Crashes with evidence of memory corruption
- removed upstreamed patch
* firefox-bug506901.patch
- fix KDE button order in one more place (bnc#170055)
- improve UI colors to be usable with dark themes at all
(firefox-browser-css.patch) (bnc#503351)
- extend list of supported architectures as ABI identifier
(mozilla-abi.patch) (bnc#543460)
- added KDE integration patch from llunak@novell.com
(firefox-kde.patch)
* support for knotify, making -kde4-addon obsolete
* KDE-specific support functional (bnc#170055)
- do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs)
- security update to version 3.5.3 (bnc#534458)
* MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/
CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075
Crashes with evidence of memory corruption
* MFSA 2009-49/CVE-2009-3077 (bmo#506871)
TreeColumns dangling pointer vulnerability
* MFSA 2009-50/CVE-2009-3078 (bmo#453827)
Location bar spoofing via tall line-height Unicode characters
* MFSA 2009-51/CVE-2009-3079 (bmo#454363)
Chrome privilege escalation with FeedWriter
- renamed patch firefox-contextmenu-gnome to firefox-cross-desktop
as it contains more tweaks to handle non-Gnome environments and
especially KDE integration:
* added the ability to set the KDE default browser
(still part of bnc#170055)
- split -translations package into -common and -other
(bnc#529180)
- remove "set as background" from context menu if not running in
Gnome (part of bnc#170055)
- security update to version 3.5.2
* MFSA 2009-38/CVE-2009-2470 (bmo#459524)
Data corruption with SOCKS5 reply containing DNS name longer
than 15 characters
* MFSA 2009-44/CVE-2009-2654 (bmo#451898)
Location bar and SSL indicator spoofing via window.open() on
invalid URL
* MFSA 2009-45
Crashes with evidence of memory corruption
* MFSA 2009-46 (bmo#498897)
Chrome privilege escalation due to incorrectly cached wrapper
* various other stability fixes
- export MOZ_APP_LAUNCHER in the startscript (bmo#453689)
- fixed %exclude usage
- fixed preferences' advanced pane for fresh profiles (bmo#506901)
- security update to version 3.5.1
* MFSA 2009-41
Corrupt JIT state after deep return from native function
- added mozilla-linkorder.patch to fix build with --as-needed
- update to final version 3.5 (20090623)
- fixed build by linking to a real file
- update to version 3.5rc2 (20090617)
- BuildRequire mozilla-xulrunner191 = 1.9.1.0
- update to version 3.5b99 (20090604)
- BuildRequire mozilla-xulrunner191 = 1.9.1b99
- fixed typos in improved xulrunner dependencies
- use non-localized Downloads folder (bnc#501724)
- update to new major version 3.5b4
* based on Gecko 1.9.1 (mozilla-xulrunner191)
* Private Browsing Mode
* TraceMonkey JavaScript engine
* Geolocation support
* native JSON and web worker threads support
* speculative parsing for faster content rendering
* Some HTML5 support
- updated firefox.schemas
- improved firefox-no-update.patch
- security update to 3.0.10
* MFSA 2009-23/CVE-2009-1313 (bmo#489647)
Crash in nsTextFrame::ClearTextRun()
- security update to 3.0.9 (bnc#495473)
* MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305
Crashes with evidence of memory corruption (rv:1.9.0.9)
* MFSA 2009-15/CVE-2009-0652 (bmo#479336)
URL spoofing with box drawing character
* MFSA 2009-16/CVE-2009-1306 (bmo#474536)
jar: scheme ignores the content-disposition: header on the
inner URI
* MFSA 2009-17/CVE-2009-1307 (bmo#481342)
Same-origin violations when Adobe Flash loaded via
view-source: scheme
* MFSA 2009-18/CVE-2009-1308 (bmo#481558)
XSS hazard using third-party stylesheets and XBL bindings
* MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433)
Same-origin violations in XMLHttpRequest and
XPCNativeWrapper.toString
* MFSA 2009-20/CVE-2009-1310 (bmo#483086)
Malicious search plugins can inject code into arbitrary sites
* MFSA 2009-21/CVE-2009-1311 (bmo#471962)
POST data sent to wrong site when saving web page with
embedded frame
* MFSA 2009-22/CVE-2009-1312 (bmo#475636)
Firefox allows Refresh header to redirect to javascript: URIs
- security update to 1.9.0.8 (bnc#488955,489411)
* MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217)
Crash and remote code execution in XSL transformation
* MFSA 2009-13/CVE-2009-1044 (bmo#484320)
Arbitrary code execution via XUL tree moveToEdgeShift
- allow RPM provides for stuff besides shared libraries
(e.g. mime-types)
- security update to 3.0.7 (bnc#478625)
* MFSA 2009-07 - Crashes with evidence of memory corruption
CVE-2009-0771 - Layout Engine Crashes
CVE-2009-0772 - Layout Engine Crashes
CVE-2009-0773 - crashes in the JavaScript engine
CVE-2009-0774 - Layout Engine Crashes
* MFSA 2009-08/CVE-2009-0775 - (bmo#474456)
Mozilla Firefox XUL Linked Clones Double Free Vulnerability
* MFSA 2009-09/CVE-2009-0776 (bmo#414540)
XML data theft via RDFXMLDataSource and cross-domain redirect
* MFSA 2009-10/CVE-2009-0040 (bmo#478901)
Upgrade PNG library to fix memory safety hazards
* MFSA 2009-11/CVE-2009-0777 (bmo#452979)
URL spoofing with invisible control characters
==== PackageKit ====
Version update (0.8.17 -> 1.0.0)
Subpackages: PackageKit-backend-zypp PackageKit-browser-plugin PackageKit-gstreamer-plugin PackageKit-gtk3-module typelib-1_0-PackageKitGlib-1_0
- Update to version 1.0.0:
+ The offline update functionality has moved to a proper D-Bus
interface and the pkexec helpers have been removed. Offline
updates is an important feature that no longer deserves to be
bolted-on. All the existing users have been ported to the new
interface, but you need 3.13.92 if you're running GNOME from
unstable or jhbuild.
+ No more plugins. Both in-tree and out-of-tree plugins were the
biggest source of crashes, and with the systemd offline updates
merged into the core daemon they are just not reuired anymore.
All affected projects have been notified.
+ No more conary, opkg, smart or yum plugins. These have been
unmaintained and broken for over two years, so time to give
them the heave-ho.
+ The alpm, aptcc, hif and zypp plugins have had lots of love,
and are up to date with the latest features and working well.
+ New Features:
- Add a D-Bus interface and helpers for offline support.
- Add a repo-set-data command to packagekit-direct.
- Add a simple script that generates some offline metadata.
- Add pk_backend_job_get_cancellable().
- Add pk_backend_job_is_cancelled().
- Add pk_backend_set_user_data().
- Add pk_offline_get_prepared_sack() and use it in the
systemd-updates plugin.
- Remove pk-debuginfo-install.
- Remove support for distros not supporting /etc/os-release.
- Remove the --enable-systemd-updates configure switch.
- Remove the events/pre-transaction.d functionality.
- Remove the pkexec systemd helpers.
- Remove the plugin interface.
- Remove various options from the config file.
+ Bugfixes:
- Automatically do pk_backend_job_finished() for threaded
backends.
- Do not shutdown the daemon on idle by default.
- Fix compile of the ConnMan network support.
- Fix packagekit-offline-update.service generation.
- Increase the default transaction limits.
- Prefer npapi-sdk over mozilla-plugins.
- Refresh the NetworkManager state when the daemon starts.
- Add rcpackagekitd and rcpackagekitd-offline-update symlinks.
- Shorten the Summary of PackageKit-branding-upstream a bit.
- Update to version 0.9.6 (git master/0fcee3c):
+ Fix a multitude of possible crashers.
- Drop 0002-Build-against-npapi-sdk-instead-of-xulrunner.patch and
PackageKit-zypp-0.9.patch: fixed upstream.
- Update to version 0.9.5:
+ New Features:
- Add --allow-untrusted option to pkcon.
- Add a new tool called packagekit-direct that can run without
a daemon.
- Remove remaining time reporting.
- Remove the desktop.db plugin.
+ Bugfixes:
- Do not commit the transaction manually but instead set the
correct state.
- Do not log a critical warning when idle exiting.
- Fix a crash when we are cancelling a transaction that has not
yet been run.
- Make browser-plugin search for npapi-sdk or mozilla-plugin.
- Never ever use g_main_context_iteration() manually.
+ Backend fixes.
+ For changes from version 0.9.1 up to 0.9.4: please see NEWS
file.
- No longer pass --with-security-framework to configure: not known
anymore.
- Rebase 0002-Build-against-npapi-sdk-instead-of-xulrunner.patch
and PackageKit-dbus-location.patch.
- Drop PackageKit-zypp-filter-uninstalled-packages.patch: fixed
upstream.
- Add PackageKit-zypp-0.9.patch: port zypp backend to PK 0.9.x.
- Drop typelib-1_0-PackageKitPlugin-1_0 subpackage: the plugin
architecture does no longer exist.
- Rename libpackagekit-glib2-16 subpackage to
libpackagekit-glib2-18, following upstreams soname change.
- Rework for GStreamer 1.0 support:
+ Remove gstreamer-0_10-devel and
gstreamer-0_10-plugins-base-devel BuildRequires.
+ Add gstreamer-devel and gstreamer-plugins-base-devel
BuildRequires.
+ Change supplements in gstreamer-plugin to
packageand(%{name}:gstreamer-plugins-base).
==== PackageKit-Qt-devel ====
Version update (0.8.8 -> 0.9.2)
- Add
0001-Use-GNUInstallDirs-to-determine-most-of-used-variabl.patch:
Use GNUinstallDirs to determine relevant destination directories.
Also removed unused vars.
- Pass only install prefix, the above patch takes care of the
libdir.
- Add PackageKit-Qt-ff-7248b030c0.patch: Fast forward to git
commit 7248b030c0, fixing build with PackageKit 1.0.0.
- Rename libpackagekit-qt2-6 subpackage to libpackagekitqt4-0,
following upstreams soname bump.
- Adust Requires in -devel package accordingly.
- Update to version 0.9.2:
+ Notes:
- Update to new PK API 0.9.
- Applied a series of patches to port to Qt5.
+ New Features:
- Add GetDetailsLocal, GetFilesLocal and RepoRemove.
- Make use of DBus Properties changed to make less blocking
calls.
+ Bugfixes:
- Allow for Details to be empty constructed.
- Cleaned include directive.
- Finish the API changes to get rid of blocking calls.
- Fix CMake var names for both Qt versions.
- Fix libdir path.
- Fix reply signature for Transaction methods.
- Improve object handlying.
- I think the API level should be hidden from libname.
- Keep only one transaction flags, which is unlikely to change.
- PackageKit doesn't has a changed signal anymore.
- Properly delete private data on daemon as DaemonPrivate is
not a QObject.
- Properly handle new Details signal.
- Properly init some Daemon values.
- Queue signals so that all transaction properties are
available when needed.
- Remove debug info.
- Update Roles enum, remove Provides enum, and fix some docs
typos.
- Drop PackageKit-Qt-libdir-references.patch: fixed upstream.
==== PackageKit-branding-openSUSE ====
- Rebase PackageKit-branding-default-config.patch for
PackageKit 0.9.6.
==== accountsservice ====
Version update (0.6.37 -> 0.6.38)
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- Update to version 0.6.38:
+ Fix polkit policy for non-desktop cases.
+ Fix for a race when new user appears.
+ Some clearer log and debug messages.
==== apache2-mod_perl ====
- Changed access control statements in config file to use
mod_authz_host (bnc#897005)
- adapt test configuration for apache24 to fix build
* use the new access control mechanisms from apache24
* added apache24-mod_authz_host.patch
==== apper ====
Version update (0.8.2 -> 0.9.1)
- add no-popup-for-background-actions.patch to avoid popups from
background jobs
- Update to 0.9.1
* bug fix release
- Update to 0.9.0
* Support for the PackageKit 0.9.x API
* use async calls on PackageKit-Qt everywhere
==== autoyast2 ====
Version update (3.1.60 -> 3.1.64)
Subpackages: autoyast2-installation
- Documentation update for SLES12.
- 3.1.64
- Exporting package selection correctly.
(bnc#897404)
- 3.1.63
- Fixed path of change-root scripts which have been
defined in autoinst.xml.
(bnc#897212)
- 3.1.62
- Finishing the autoyast-initscripts.service BEFORE the user can
login. (bnc#891144)
- 3.1.61
==== bash ====
Subpackages: bash-doc libreadline6 readline-devel readline-doc
- Add patches
bash-4.2-BSC898604.patch for bsc#898604: functions via environment
hardening
bash-4.2-CVE-2014-7169.patch for bsc#898346, CVE-2014-7169:
incremental parsing fix for function environment issue
bash-4.2-CVE-2014-7187.patch for bsc#898603, CVE-2014-7186,
CVE-2014-7187: bad handling of HERE documents and for loop issue
- Add bash-4.2-CVE-2014-6271.patch
to fix CVE-2014-6271, the unexpected code execution with
environment variables (bnc#896776)
- Add patch bash-4.2-error-getpwd.patch
which is the backport of the corrected german error message for
a failing getpwd (bnc#895475)
==== btrfsprogs ====
Version update (3.16 -> 3.16.1)
Subpackages: libbtrfs0
- version 3.16.1
- library version defines
- subvol list: -R to print received UUID
- fixed detection of multiple mounts on the same directory
- restore: misc fixes
- other fixes
- Modified patches (sync with pending upstream versions):
* 0011-btrfs-progs-Enhance-the-command-btrfs-filesystem-df.patch
* 0012-btrfs-progs-Add-helpers-functions-to-handle-the-prin.patch
* 0013-btrfs-progs-Add-command-btrfs-filesystem-disk-usage.patch
* 0018-btrfs-progs-read-global-reserve-size-from-space-info.patch
* 0020-btrfs-progs-move-device-usage-to-cmds-device-more-cl.patch
* 0024-btrfs-progs-Print-more-info-about-device-sizes.patch
* 0025-btrfs-progs-compare-unallocated-space-against-the-co.patch
* 0028-btrfs-progs-extend-pretty-printers-with-unit-mode.patch
* 0029-btrfs-progs-replace-df_pretty_sizes-with-pretty_size.patch
- Removed patch: library-version-defines.patch (upstream)
==== cantarell-fonts ====
Version update (0.0.15 -> 0.0.16)
- Update to version 0.0.16:
+ Add space variations (bgo#735205).
==== compositeproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== coreutils ====
- Add coreutils-fix_false_du_failure_on_newer_xfs.patch that fixes a false
negative in the testsuite.
- Add coreutils-disable_tests.patch to not run a tests that fail inside the OBS.
- Add coreutils-test_without_valgrind.patch to not use valgrind in shuf-reservoir.
==== crash-kmp-default ====
Version update (7.0.7_k3.16.2_1.gdcee397 -> 7.0.8_k3.16.3_1.gd2bbe7f)
Subpackages: crash-kmp-desktop crash-kmp-xen
- Upgrade to 7.0.8 from upstream. For a detailed changelog see
http://people.redhat.com/anderson/crash.changelog.html
- Dropped (now in upstream):
- crash-keep-file-orig-with-name-on-select.patch:
- As crash-7.0.8/gdb-7.6-ppc64le-support.patch:
- crash-gdb-7.6-ppc64_sysv_abi_push_float.patch
- crash-gdb-7.6-bound_minimal_symbol.patch
- crash-gdb-7.6-add-powerpc64le-linux.patch
- crash-gdb-7.6-update-autoconf-2013-04-24.patch
- crash-gdb-7.6-ppc_insns_match_pattern.patch
- crash-gdb-7.6-floatformat.patch
- crash-gdb-7.6-ppc64-ELFv2-trampoline-match.patch
- crash-gdb-7.6-update-autoconf-2013-06-10.patch
- crash-gdb-7.6-ppc64le.patch
==== cron ====
Subpackages: cronie
- fixes bnc#833240: the first occurance of "/etc/anacrontab"
replaced with "/etc/crontab" in the manpage file
- version updated to 1.4.12
* various small bugfixes
==== cyrus-sasl ====
Subpackages: cyrus-sasl-crammd5 cyrus-sasl-devel cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 libsasl2-3-32bit
- bnc#897837 saslauthd package has no config
==== damageproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== dbus-1-devel ====
Subpackages: libdbus-1-3 libdbus-1-3-32bit
- Update baselibs.conf: Provides dbus-1-32bit in lib package
==== dbus-1 ====
Subpackages: dbus-1-x11
- Update baselibs.conf: Provides dbus-1-32bit in lib package
==== deja-dup ====
Version update (28.0 -> 32.0)
Subpackages: nautilus-deja-dup
- Update to version 32.0:
+ Features: Drop support for Ubuntu One cloud storage, since it
has shut down.
+ Packaging: Fix some compile issues and warnings.
+ Updated translations.
- Update to version 30.0:
+ Packaging: Fix build with CMake 2.8.12.
- Changes from version 29.5:
+ Bug Fixes: Re-enable libunity support after it was
accidentally dropped in 29.1.
+ Packaging: Require duplicity 0.6.23.
- Changes from version 29.4:
+ Bug Fixes: Add missing icon in help documentation.
+ Packaging:
- Add ENABLE_UNITY_CCPANEL argument for unity-control-center
support.
- Fix some compile problems with valac, parallel building, and
rpath support.
- Changes from version 29.1:
+ Bug Fixes: Detect encryption on existing backups by paying
attention to what Duplicity tells us, rather than trying to
figure it out by scanning ourselves. This removes a possible
source of error.
+ Polish:
- Rename to Backups (instead of Backup).
- Update look and feel of preferences a bit.
- Add screenshots to appdata file.
+ Packaging:
- Require GTK+ 3.6 and GLib 2.34.
- Convert from autotools to cmake: --with-ccpanel is now
- DENABLE_CCPANEL, --with-nautilus is now -DENABLE_NAUTILUS,
- -with-unity is now -DENABLE_UNITY. Otherwise, normal cmake
conventions apply.
- Add some autopilot tests, runnable by 'autopilot' and
'autopilot-system' targets (which test against the local
built executables or the installed system ones respectively).
+ Updated translations.
- Add deja-dup-help2man_stderr.patch: Corrects help2man failure in
build.
- Drop deja-dup-vala-0.22.patch: Incorporated upstream.
- Updated .spec file for new CMake build process: add cmake
BuildRequires.
- Add -Wl,rpath to CFLAGS and CXXFLAGS to ensure we do not lose
the path to the private library.
==== dia ====
Version update (0.97.2 -> 0.97.3)
Subpackages: dia-lang
- Update to version 0.97.3:
+ Fix double free with some SVG rendering (regression from Dia
0.97.2).
+ Fixes to cope better with updated versions of Dia's
dependencies:
- don't crash at start-up with ABI breaking GLib 2-36.
- don't assert in cairo 1.12 with invalid arc parameters.
- avoid kerning problems (character overlap) for all Pango
versions.
- fix image files to be loadable by libpng16.
+ Backport fixes for some seldom crashes and other annoyances.
+ Updated translations.
- Drop upstream fixed patches:
+ dia-glib-2.31.patch.
+ dia-glib-2.35.patch.
+ dia-swig-2x.patch.
+ dia-use-recommended-freetype-include.patch.
==== digikam ====
Version update (4.2.0 -> 4.3.0)
Subpackages: digikam-doc kipi-plugins kipi-plugins-acquireimage kipi-plugins-geolocation libkface-devel libkface2 libkgeomap-devel libkgeomap1 libmediawiki-devel libmediawiki1
- Update to 4.3.0
digikam:
- Database : Nepomuk support have been replaced by
Baloo support
- Map Searches : New option to display all non geolocated
images from collections.
- General : New notification event when kioslave
cannot be started.
- General : OSX event notifier is now used to
dispatch notifications.
- AlbumGui : New Action To Exclude Items Without Rating
with items filter.
kipi-plugins:
- ExpoBlending: remove OPenMP dependency. Ported to QtConcurrentRun.
- Panorama: support next hugin version (2014.0).
- Build with baloo support for 13.2+
==== dmxproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== dosfstools ====
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
==== dracut ====
- Try to load xennet driver in network module (if loaded).
bnc#896464
* Add 0159-network-Try-to-load-xennet.patch
==== dri2proto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== dri3proto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== fcitx ====
Version update (4.2.8.4 -> 4.2.8.5)
Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-qt4 fcitx-table libfcitx-4_2_8
- update version 4.2.8.5
* bugfix release
==== fixesproto-devel ====
- require pkgconfig(xextproto) >= 7.0.99.1 in order to fix build
of xcursorgen/xcursor-themes
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== fontcacheproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== fontsproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== freeglut-devel ====
Subpackages: libglut3
- Cleanup buildrequires to include only what is actually
used.
==== fribidi-devel ====
- libfribidi-devel requires %{lname} = %{version}
- Utilize shared library package naming guidelines
- Drop Requires:pkg-config for fribidi-devel, it is implicit
(due to .pc file being picked up by rpm find-requires)
==== gfxboot ====
Version update (4.5.4 -> 4.5.5)
Subpackages: gfxboot-devel
- recreated font to match latest translations
- translation update
- remove duplicate 'Default' from po file
- 4.5.5
==== ghostscript ====
Version update (9.14 -> 9.15)
Subpackages: ghostscript-devel ghostscript-x11
- Version upgrade to 9.15. Primarily a maintenance release.
There are no recorded incompatible changes (as of this writing).
Highlights in this release include:
* Ghostscript now supports the PDF security handler revision 6.
* The pdfwrite and ps2write (and related) devices can now be
forced to "flatten" glyphs into "basic" marking operations
(rather than writing fonts to the output), by giving
the -dNoOutputFonts command line option (defaults to "false").
* PostScript programs can now use get_params or get_param to
determine if a page contains color markings by reading the
pageneutralcolor state from the device (so whether the page
is "color" or "mono"). Note that this is only accurate when in
clist mode, so -dMaxBitmap=0 and -dGrayDetection=true should
both be used.
* The pdfwrite device now supports Link annotations with GoTo
and GoToR actions.
* The pdfwrite device now supports BMC/BDC/EMC pdfmarks
* Regarding the new color management for the pdfwrite device
introduced in the previous release, the proscription on using
the new color management when producing PDF/A-1 compliant files
is now lifted. To reiterate, also, with the new color
management implementation, using the UseCIEColor option is
strongly discouraged. For further information on the new
pdfwrite color management, see in Ps2pdf.htm the
"Color Conversion and Management" section.
* Plus the usual round of bug fixes, compatibility changes,
and incremental improvements.
For details see the News.htm and History9.htm files.
- Version upgrade to 9.15rc2 (second release candidate for 9.15).
Ghostscript upstream QA highlighted a couple of issues
that they felt warranted a fresh release candidate.
For details see the History9.htm file.
- Version upgrade to 9.15rc1 (first release candidate for 9.15).
For details see the News.htm and History9.htm files.
- ppc64le-support.patch is no longer needed because
it is fixed in the upstream sources.
- Removed trailing whitespaces in spec file and changes file.
==== gimp ====
Version update (2.8.10 -> 2.8.14)
Subpackages: gimp-help-browser gimp-plugin-aa gimp-plugins-python libgimp-2_0-0 libgimpui-2_0-0
- update to version 2.8.14:
+ Fix libtool versioning (forgot to bump gimp_interface_age).
- Changes from Version 2.8.12:
+ Core:
- Fix brush sizes when used from plug-ins.
- Make XCF loading more robust against broken files.
+ GUI:
- Make sure the widget direction matches the GUI language.
- Remove the option to disable the warning when closing a
modified image.
- Fix canvas overlay widgets (like the text options) for
tablets.
- Make DND work between images in one dockable.
+ Libgimp: Make gimp_image_get_name() return the string used for
the image title.
+ Plug-ins:
- Make script-fu-server more secure by listening to 127.0.0.1
by default and add a warning about changing that IP. This
breaks the procedure's API, but for security reasons.
- Bring back proper script-fu translations.
+ General:
- Add Jenkins tutorial.
- Documentation updates.
- Bug fixes.
+ Updated translations.
- Drop gimp-use-recommended-freetype-include.patch: fixed upstream.
==== git ====
Version update (2.1.0 -> 2.1.1)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk
- git 2.1.1:
* Git 2.0 had a regression where "git fetch" into a shallowly
cloned repository from a repository with bitmap object index
enabled did not work correctly. This has been corrected.
* Git 2.0 had a regression which broke (rarely used) "git diff-tree
- t". This has been corrected.
* "git log --pretty/format=" with an empty format string did not
mean the more obvious "No output whatsoever" but "Use default
format", which was counterintuitive. Now it means "nothing shown
for the log message part".
* "git -c section.var command" and "git -c section.var= command"
should pass the configuration differently (the former should be a
boolean true, the latter should be an empty string), but they
didn't work that way. Now it does.
* Applying a patch not generated by Git in a subdirectory used to
check the whitespace breakage using the attributes for incorrect
paths. Also whitespace checks were performed even for paths
excluded via "git apply --exclude=<path>" mechanism.
* "git bundle create" with date-range specification were meant to
exclude tags outside the range, but it did not work correctly.
* "git add x" where x that used to be a directory has become a
symbolic link to a directory misbehaved.
* The prompt script checked $GIT_DIR/ref/stash file to see if there
is a stash, which was a no-no.
* "git checkout -m" did not switch to another branch while carrying
the local changes forward when a path was deleted from the index.
* With sufficiently long refnames, fast-import could have overflown
an on-stack buffer.
* After "pack-refs --prune" packed refs at the top-level, it failed
to prune them.
* "git gc --auto" triggered from "git fetch --quiet" was not quiet.
==== glproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== gnome-disk-utility ====
- Add %glib2_gsettings_schema_post/postun handling to scriptlets.
==== gnutls ====
Version update (3.2.17 -> 3.2.18)
Subpackages: libgnutls-devel libgnutls-openssl27 libgnutls28 libgnutls28-32bit
* Upgrade to Version 3.2.18 (released 2014-09-18)
* * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
strings with embedded spaces and escaped commas.
* * libgnutls: Corrected gnutls_x509_crl_verify() which would always report
a CRL signature as invalid. Reported by Armin Burgmeier.
* * libgnutls: Fixed issue with certificates being sanitized by gnutls prior
to signature verification. That resulted to certain non-DER compliant modifications
of valid certificates, being corrected by libtasn1's parser and restructured as
the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from
Codenomicon.
* * API and ABI modifications:
No changes since last version.
Delete files: gnutls-3.2.17.tar.xz, gnutls-3.2.17.tar.xz.sig
Add files: gnutls-3.2.18.tar.xz, gnutls-3.2.18.tar.xz.sig
- update list of available architectures for valgrind
==== goffice-lang ====
Version update (0.10.17 -> 0.10.18)
Subpackages: libgoffice-0_10-10
- Update to version 0.10.18:
+ Fix saving of color map names (bgo#735298).
+ Fix grid line theme support (bgo#733403).
+ Fix default ticks position.
+ Fix font color theme support (deb#757611).
+ Fix saving color maps when directory does not exists
(bgo#735008).
+ Fix color maps loading (bgo#735007).
+ Don't pass NULL to g_strtod() (bgo#735555).
+ Work around gtk+ ABI break for colour selector (bgo#733350).
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi grub2-x86_64-xen
- update translations
- fix possible access to uninitialized pointer in linux loader
* add grub2-Initialized-initrd_ctx-so-we-don-t-free-a-random-poi.patch
* drop superceded grub2-ppc64le-23-grub-segfaults-if-initrd-is-specified-before-specify.patch
- fix grub.xen not able to handle legacy menu.lst hdX names (bnc#863821)
* add grub2-xen-legacy-config-device-name.patch from arvidjaar
- fix the performance of grub2 uefi pxe is bad (bnc#871555)
* add grub2-efinet-reopen-SNP-protocol-for-exclusive-use-by-grub.patch
==== gstreamer ====
Version update (1.4.1 -> 1.4.3)
Subpackages: gstreamer-devel gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- Update to version 1.4.3:
+ Bugs fixed: bgo#709868, bgo#736969, bgo#737102, bgo#737133.
+ Updated translations.
- Update to version 1.4.2:
+ Bugs fixed: bgo#735574, bgo#734412, bgo#735975, bgo#729811,
bgo#736455, bgo#736424, bgo#736680, bgo#736295, bgo#736736,
bgo#736739, bgo#736813, bgo#736762.
+ Updated translations.
==== gstreamer-plugins-bad ====
Version update (1.4.1 -> 1.4.3)
Subpackages: libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0
- Update to version 1.4.3:
+ Bugs fixed: bgo#735861, bgo#736090, bgo#736390, bgo#736426,
bgo#736474, bgo#736490, bgo#736729, bgo#736730, bgo#736731,
bgo#736732, bgo#736733, bgo#736735, bgo#736750, bgo#736871,
bgo#736919, bgo#736951.
+ Updated translations.
==== gstreamer-plugins-base ====
Version update (1.4.1 -> 1.4.3)
Subpackages: gstreamer-plugins-base-devel libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAllocators-1_0 typelib-1_0-GstApp-1_0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstFft-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstRiff-1_0 typelib-1_0-GstRtp-1_0 typelib-1_0-GstRtsp-1_0 typelib-1_0-GstSdp-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0
- Update to version 1.4.3:
+ Bugs fixed: bgo#734617, bgo#736944.
+ Updated translations.
- Update to version 1.4.2:
+ Bugs fixed: bgo#727255, bgo#732908, bgo#735569, bgo#735748,
bgo#735800, bgo#735844, bgo#735952, bgo#736071, bgo#736118,
bgo#736679, bgo#736739, bgo#736779, bgo#736788, bgo#736796,
bgo#736861.
+ Updated translations.
==== gstreamer-plugins-good ====
Version update (1.4.1 -> 1.4.3)
Subpackages: gstreamer-plugins-good-extra
- Update to version 1.4.3:
+ Minor bug fixes.
+ Updated translations.
- Update to version 1.4.2:
+ Bugs fixed: bgo#719359, bgo#733607, bgo#734266, bgo#735520,
bgo#735660, bgo#735804, bgo#735833, bgo#735859, bgo#736192,
bgo#736266, bgo#736384, bgo#736670, bgo#736739, bgo#736805,
bgo#736807.
+ Updated translations.
==== gstreamer-plugins-ugly ====
Version update (1.4.1 -> 1.4.3)
- Update to version 1.4.3:
+ Bugs fixed: bgo#736060.
+ Updated translations.
==== gtkspell3-lang ====
Version update (3.0.3 -> 3.0.6)
Subpackages: libgtkspell3-3-0
- Update to version 3.0.6:
+ Fix badly merged translations.
+ Also recognize U+2019 as apostrophe.
+ Updated translations.
- Changes from version 3.0.5:
+ Fix incorrect handling of single quotes.
+ Buildsystem cleanups and tweaks.
+ Updated translations.
- Changes from version 3.0.4:
+ Make decode-language-codes more robust.
+ Don't use deprecated symbols when compiled against gtk3 >= 3.9.
+ Updated translations.
==== hplip ====
Subpackages: hplip-hpijs hplip-sane
- From openSUSE 13.2 on explicitly
"BuildRequires cups-filters-foomatic-rip"
to avoid that foomatic-filters is used for build
in the "Printing" development project (where foomatic-filters
intentionally exists also for openSUSE_13.2 and openSUSE_Factory)
which would not match what is used for build in openSUSE:13.2 or
openSUSE:Factory (where foomatic-filters is intentionally dropped
and replaced by cups-filters-foomatic-rip). Using the matching
package for build results that the backward compatibility link
/usr/lib/cups/filter/foomatic-rip-hplip points to a foomatic-rip
executable that is used by default on the runtime system.
- PPDs that require a proprietary plugin from HP must be moved to
the hplip main-package because the proprietary plugin from HP
must be downloaded and installed by using HP's "hp-plugin" tool
that belongs to the hplip main-package. Accordingly PPDs that
require a proprietary plugin from HP are in a new directory
/usr/share/cups/model/manufacturer-PPDs/hplip-plugin
that belongs to the hplip main-package (bnc#876690).
==== icedtea-web-javadoc ====
Version update (1.5 -> 1.5.1)
- Modified patch:
* icedtea-web-suse-desktop-files.patch
- Change categories for the desktop files to keep SLE and
openSUSE in sync
- Update to 1.5.1
* Massively improved offline abilities.
* Improved to be able to run with any JDK
* JDK 8 support added (URLPermission granted if applicable)
* Added DE and PL localizations
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property
to control scan of Manifest file
* Control Panel
- PR1856: ControlPanel UI improvement for lower resolutions (800*600)
* NetX
- PR1858: Java Console accepts multi-byte encodings
- PR1859: Java Console UI improvement for lower resolutions (800*600)
- RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception
java.lang.ClassCastException in method
sun.applet.PluginAppletViewer$8.run()
* Plugin
- PR1743 - Intermittant deadlock in PluginRequestProcessor
- RH1121549: coverity defects
* PolicyEditor
- codebases without permissions assigned save to file anyway (and
re-appear on next open)
- PR1776: NullPointer on save-and-exit
- Custom permissions are properly formatted
- Remove upstreamed patch:
* icedtea-web-1.5-no-return-in-nonvoid-function.patch
- Touch link targets in order to silence test of broken symlinks
- Update icedtea-web-suse-desktop-files.patch: Add
X-GNOME-SystemSettings category.
- Update alternatives code to match docu.
==== inputproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== install-initrd-openSUSE ====
Version update (14.136 -> 14.141)
- add splash=silent to enable plymouth on uefi systems (bnc #897461)
- 14.141
- update git2log script
- drop pcmciautils
- 14.140
- allow both pango-tools & pango-modules
- copy ssh keys into rescue system
- 14.139
- load scsi_dh_* before starting udevd (bnc #871617)
- kexec for everyone
- 14.138
- follow pango-tools to pango-modules rename
- improve ppc64le iso layout (bnc #894878)
- we have to load autoinst.xml, not autoyast.xml (fate #316530)
- remove rubygem(nokogiri) dependency (bnc #895069)
- 14.137
==== libjack-devel ====
Version update (1.9.9.5 -> 1.9.10)
Subpackages: libjack0
- Update to release 1.9.10
- Removed patches jack-wafdocbuild.patch and aarch64.patch as they
are now in upstream.
- Upstream changes:
* Correct JackPortAudioDriver::Open : special case for ASIO drivers.
* Correct JackEngine::NotifyGraphReorder : graph-order callback now notified after port latencies update.
* netjack/opus: don't re-init en/decoders.
* Use string ids in the alsa device list.
* controlapi: fix double free on master switch.
* netjack1/netone opus support.
* netjack1/2 Opus: use only 2bytes for encoded-length.
* wscript: add header defines and libs for example-clients/netsource.
* fix duplicate prog.includes.
* More robust channel mapping handling in JackCoreAudioDriver.
* Add opus support to NetJack2.
* jack_control: fix epr command.
* Update JackCoreAudioDriver and JackCoreAudioAdapter with more recent API.
* Devin Anderson patch for Jack/CoreMIDI duplicated messages.
* Fix in ALSA adapter.
* Fix alsa driver parameter order.
* Control API: Enforce driver/internal parameter order.
* Extend jack_control to have parameter reset commands.
* Align buffers to 32 byte boundaries to allow AVX processing.
* New jack_get_cycle_times() implementation from Fons Adriennsen.
* Update waf.
* [firewire] Introduce UpdateLatencies() in FFADO backend.
* [firewire] Allow FFADO backend to change the buffer size.
* Rework JackMessageBuffer.
* POST_PACKED_STRUCTURE used for jack_latency_range_t type.
* Remove JACK_32_64 flag, so POST_PACKED_STRUCTURE now always used.
* Improve libjacknet master mode.
* In control API, UNIX like sigset_t replaced by more abstract jackctl_sigmask_t * opaque struct.
* Check server API callback from notification thread.
* Use a time-out in notification channel write function.
* Fix lock management in JackEngine.
* A bit more robust JackMessageBuffer implementation (in progress).
* Rename JackProcessSync in JackPosixProcessSync.
* Fix NetJack2 initialisation bug.
* Improve ShutDown in NetManager.
* Correct ShutDown in JackInternalClient and JackLibClient.
* Implement shutdown for in server clients.
* Better time-out management in NetJack2.
* More robust server/client protocol.
* Factorize code the server/client request in JackRequestDecoder class.
* Cleanup drivers and internals loading code.
* jackctl_driver_params_parse API moved in public control.h.
* More general drivers/internals loading model on Windows.
* Fix library symbols export issue.
* Adrian Knoth fix in midiseq.c.
==== java-1_7_0-openjdk ====
Subpackages: java-1_7_0-openjdk-devel java-1_7_0-openjdk-headless
- Add provides jre-32 on %{ix86} and ppc
* This satisfies libreoffice's requires
- Update to 2.5.2 bugfix release
* Backports
- S8049480: Current versions of Java can't verify jars signed and
timestamped with Java 9
- S8051012, LP1360392: Regression in verifier for <init> method call
from inside of a branch
* Bug fixes
- PR1903: [REGRESSION] Bug reports now lack IcedTea version and
distribution packaging information
- PR1948: Only try and symlink debuginfo if STRIP_POLICY is other
than no_strip
- PR1948: Fix indenting
- PR1966: Move to new OpenJDK bug URL format
- RH1015432: java-1.7.0-openjdk: Fails on PPC with
StackOverflowError (revised fix for PPC32)
* PPC & AIX port
- Adapt AIX port to 5049299: (process) Use posix_spawn, not fork,
on S10 to avoid swap exhaustion
- Adapt aix to 8022507
- Fix aix after 8022507: SIGSEGV at ParMarkBitMap::verify_clear()
- S8050942: PPC64: implement template interpreter for ppc64le
- S8050972: Concurrency problem in PcDesc cache
- Remove upstreamed patch:
* java-1_7_0-openjdk-ppc-stackoverflow.patch
==== java-1_7_0-openjdk-plugin ====
Version update (1.5 -> 1.5.1)
- Modified patch:
* icedtea-web-suse-desktop-files.patch
- Change categories for the desktop files to keep SLE and
openSUSE in sync
- Update to 1.5.1
* Massively improved offline abilities.
* Improved to be able to run with any JDK
* JDK 8 support added (URLPermission granted if applicable)
* Added DE and PL localizations
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property
to control scan of Manifest file
* Control Panel
- PR1856: ControlPanel UI improvement for lower resolutions (800*600)
* NetX
- PR1858: Java Console accepts multi-byte encodings
- PR1859: Java Console UI improvement for lower resolutions (800*600)
- RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception
java.lang.ClassCastException in method
sun.applet.PluginAppletViewer$8.run()
* Plugin
- PR1743 - Intermittant deadlock in PluginRequestProcessor
- RH1121549: coverity defects
* PolicyEditor
- codebases without permissions assigned save to file anyway (and
re-appear on next open)
- PR1776: NullPointer on save-and-exit
- Custom permissions are properly formatted
- Remove upstreamed patch:
* icedtea-web-1.5-no-return-in-nonvoid-function.patch
==== java-1_8_0-openjdk ====
Subpackages: java-1_8_0-openjdk-headless
- Add provides jre-32 on %{ix86} and ppc
* This satisfies libreoffice's requires
==== java-1_8_0-openjdk-plugin ====
Version update (1.5 -> 1.5.1)
- Modified patch:
* icedtea-web-suse-desktop-files.patch
- Change categories for the desktop files to keep SLE and
openSUSE in sync
- Update to 1.5.1
* Massively improved offline abilities.
* Improved to be able to run with any JDK
* JDK 8 support added (URLPermission granted if applicable)
* Added DE and PL localizations
* Added KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK deployment property
to control scan of Manifest file
* Control Panel
- PR1856: ControlPanel UI improvement for lower resolutions (800*600)
* NetX
- PR1858: Java Console accepts multi-byte encodings
- PR1859: Java Console UI improvement for lower resolutions (800*600)
- RH1091563: [abrt] icedtea-web-1.5-2.fc20: Uncaught exception
java.lang.ClassCastException in method
sun.applet.PluginAppletViewer$8.run()
* Plugin
- PR1743 - Intermittant deadlock in PluginRequestProcessor
- RH1121549: coverity defects
* PolicyEditor
- codebases without permissions assigned save to file anyway (and
re-appear on next open)
- PR1776: NullPointer on save-and-exit
- Custom permissions are properly formatted
- Remove upstreamed patch:
* icedtea-web-1.5-no-return-in-nonvoid-function.patch
==== libjson-c2 ====
Version update (0.11 -> 0.12)
Subpackages: libjson-c2-32bit
- json-c 0.12
Fixes for security issues contained in this release have been
previously patched into this package, but listed for completeness:
* Address security issues:
* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int
- Further changes:
* Avoid potential overflow in json_object_get_double
* Eliminate the mc_abort() function and MC_ABORT macro.
* Make the json_tokener_errors array local. It has been deprecated for
a while, and json_tokener_error_desc() should be used instead.
* change the floating point output format to %.17g so values with
more than 6 digits show up in the output.
* Remove the old libjson.so name compatibility support. The library is
only created as libjson-c.so now and headers are only installed
into the ${prefix}/json-c directory.
* When supported by the linker, add the -Bsymbolic-functions flag.
* Make strict mode more strict:
* number must not start with 0
* no single-quote strings
* no comments
* trailing char not allowed
* only allow lowercase literals
* Added a json_object_new_double_s() convenience function to allow
an exact string representation of a double to be specified when
creating the object and use it in json_tokener_parse_ex() so
a re-serialized object more exactly matches the input.
* Add support NaN and Infinity
- packaging changes:
* json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream
* Move from json-c-lfs.patch which removed warning errors and
autoconf call to json-c-0.12-unused_variable_size.patch from
upstream which fixes the warning
* except for SLE 11 where autoreconf call is required
* add licence file to main package
==== kbd ====
- euro{,1,2}.map now produces correct unicode for Euro sign
[bnc#360993]
- added patches:
* kbd-2.0.2-euro-unicode.patch
- port dumpkeys-C-opt.patch
- modified patches:
* kbd-1.15.2-dumpkeys-C-opt.patch
- kbd-2.0.2-doshell-reference.patch:
drop doshell reference from openvt.1 man page [bnc#675317]
==== kbproto-devel ====
- Update description and other metadata
- Use full %configure for build, and remove CFLAGS (nothing is
compiled)
- Make file list more compact
==== kdebase4-openSUSE ====
Subpackages: kdebase4-runtime-branding-openSUSE kdebase4-workspace-branding-openSUSE
- Push new KDE branding for 13.2
- Put also config and colorschemes into kdebase4-runtime branding
==== kde4-kgreeter-plugins ====
Version update (4.11.11 -> 4.11.12)
Subpackages: kdebase4-workspace kdebase4-workspace-addons kdebase4-workspace-devel kdebase4-workspace-ksysguardd kdebase4-workspace-liboxygenstyle kdebase4-workspace-libs kdm kwin oxygen-cursors4 python-kdebase4
- Make kactivities4 a hard requirement (bnc#896660)
- Update to 4.11.12
* KDE 4.14.1 SC Bugfix Release
* See http://www.kde.org/announcements/announce-4.14.1.php
- Drop upstream patch
changeset_re8241313fc979aefafc8c2a0207570d6394f1580.diff
==== kdump ====
- kdump-enable-fadump-ppc64le.patch: Enable FADUMP on ppc64le
(bsc#889192).
- kdump-fadump-bootloader-always.patch: Always turn on fadump if
KDUMP_FADUMP is true (bsc#889192).
- kdump-bootloader-grub2.patch: kdump-Bootloader: add support for
GRUB2 (bsc#889192).
- kdump-fadump-keep-sysroot.patch: Keep /sysroot mount point if
fadump is on (bsc#889192).
- kdump-get-multipath-wwid-from-sysfs.patch: Refresh.
- kdump-add-IPv6-KDUMP_NETCONFIG-modes.patch: Refresh: Fix ip
error messages when KDUMP_NETCONFIG=auto (bnc#885897).
- kdump-split-kdump_default_netdev.patch: Cleanup: Split
kdump_default_netdev (bnc#885897).
- kdump-move-network-setup-to-module-setup.patch: Move dracut
network command line to module-setup.sh (bnc#885897).
- kdump-add-IPv6-KDUMP_NETCONFIG-modes.patch: Add KDUMP_NETCONFIG
modes to support IPv6 (bnc#885897).
- kdump-get-multipath-wwid-from-sysfs.patch: Get required multipath
wwids from sysfs (bnc#883883).
- kdump-remove-root-and-resume.patch: Remove root= and resume= from
the kdump kernel command line (bnc#883883).
- kdump-systemd-support.patch: Dracut-systemd support (bnc#883883).
- kdump-calibrate-systemd-runtime.patch: Calibrate: update
user-space run-time requirements for systemd (bnc#883883).
- kdump-calibrate-systemd-initramfs.patch: Calibrate: update the
initramfs size (bnc#883883).
==== kernel-default ====
Version update (3.16.2 -> 3.16.3)
Subpackages: kernel-default-devel
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kernel-desktop ====
Version update (3.16.2 -> 3.16.3)
Subpackages: kernel-desktop-devel
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kernel-docs ====
Version update (3.16.2 -> 3.16.3)
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kernel-devel ====
Version update (3.16.2 -> 3.16.3)
Subpackages: kernel-macros kernel-source
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kernel-syms ====
Version update (3.16.2 -> 3.16.3)
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kernel-xen ====
Version update (3.16.2 -> 3.16.3)
Subpackages: kernel-xen-devel
- Linux 3.16.3 (bnc#890096).
- Delete
patches.fixes/reiserfs-fix-corruption-introduced-by-balance_leaf-refactor.
- Delete patches.fixes/rtsx_usb-export-device-table.
- Update config files.
Set CONFIG_SMS_SIANO_DEBUGFS=n as it is in master.
- commit d2bbe7f
- blk-merge: fix blk_recount_segments (bnc#888259).
- commit 5fca623
==== kismet ====
- Require xz
==== kiwi ====
Version update (5.06.158 -> 5.06.165)
Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-pxeboot kiwi-templates kiwi-tools
- v5.06.165 released
- Make sure to wait for nic link up (bnc #898505)
- Fixed double encoded luks system (bnc #898249)
when kiwi builds a disk image it can either dump a filesystem
image onto a raw partition or it rsync a tree of files onto
a partition which has a filesystem created on top of a subsystem
or a subsystem stack like lvm, luks, etc. In kiwi this is
controlled by the value of the $treeAccess variable. If
treeAccess is disabled but the support for syncing a tree in
the given configuration is implemented this results in
duplicate preparation of the filesystem and the subsystems
which results in an unbootable mess.
- Fixed passthrough of luks cipher (bnc #898249)
kiwi passed the ciper using a shell echo command which is
bad because the shell evaluates the contents of this information
and might break the cipher if it contains shell meta characters.
This patch fixes this by using a simple pipe stream to the
cryptsetup process without invoking a shell command
- Fixed URI credentials setup
Make sure the ?credentials=kiwiRepoCredentials flag is only added
to the url if the appropriate credentials file exists
- v5.06.164 released
- Added missing filesystem provides for the xfs filesystem (bnc #897935)
With the kiwi-filesystem:xfs Provides the buildservice is able
to setup a build environment including the needed tools called
by kiwi when building inside this environment
- v5.06.163 released
- Follow up fix for max storage device wait period (bnc #897516)
Hannes Reinecke suggested to increase it to 60 seconds; 30 seconds
is the typical I/O timeout value, so I'd be giving it double the
time to allow error handling to complete.
- v5.06.162 released
- Increase max per storage device wait period to 30 sec (bnc #897516)
- Prevent activation of a partition on non x86 systems (bnc #897507)
The active flag is used by legacy BIOS systems on x86 systems.
On other architectures it could cause trouble because that
information is not expected
- Eliminate use of haveBootPartition variable in the initrd code
kiwi provides exact information in the partition ID's variables
created when the image is build in setupPartIDs. The indicator if
a boot partition is in use was not set correctly by the existing
function. The indicator for a boot partition should be the
filesystem label set to 'BOOT' and the check if this partition is
not equal to the root partition. In the repartition code the
partition ID for the root partition is always defined correctly
by the kiwi_RootPart variable and should not depend on any
condition. That way there was no code left which requires and
extra boolean haveBootPartition variable and also fixes the wrong
pID assignment described in bug (bnc #897497)
- remove media check from mini iso (bnc#895021)
- make the mini isos reasonable size again
instead of just removing the root file, remove all files actually downloaded
from NET repo
- v5.06.161 released
- Add a post install script for kiwi
The file /dev/shm/lwp-download will be removed in order to
allow kiwi to create this file with the permissions it needs.
The support to allow kiwi to run kiwi --info as non root user
requires this cleanup step because lwp-download is created
with permissions which allows root and normal users to call
the script. former versions leaves a version of the script
which doesn't allow non root users to call or change it which
results in a raise condition for a non privileged --info
call
- Really fixed package update from sle11 to sle12 (bnc #893340)
the man pages were moved from kiwi-doc to the main kiwi package
between sle11 and sle12. Thus the main kiwi package has to set
a conflicts for the kiwi-doc package in versions < 5
- KIWICollect: handle POOL flavors as "ftp" flavors (bnc#896930)
- Fixed spec file by adding missing requirements; tar and psmisc
- Allow kiwi --info to be called without root permission
There is one exception though. If the repo is an iso file
which needs to be loop mounted we still need root privileges
to call the mount system call. In such a case kiwi will
exit with a useful error message
- v5.06.160 released
- Improve spee of nic setup in netboot initrd (bnc #893788)
With this commit the list of preferred interfaces which are
either the BOOTIF interface or the list of all detected ones
is used to run the dhcp discovery. The first successfully
discovered interface is used to setup the default gateway
and route as there can only be one
- Fixed package build due to failed unit tests
The unit tests failed when building on non x86 architectures
because the test reference files for these architectures
contained an unexpected newline at the end of the file. In
addition subsequent tests should not fail which was the case
because existing test tmpdirs were not correctly cleaned up
- Use legacy bios_grub partition only on ix86 and x86_64 (bnc #896445)
- v5.06.159 released
- Fully document virtualsize attribute of <vagrantconfig> in schema
- Move useLVM helper function into global space and explain
conditions for using LVM or not in one central place
- Added runtime check for the bootpartition requirements
If the use of a bootpartition is explicitly disabled
and one of the filesystems btrfs, zfs or xfs are used
this is only supported with the grub2 bootloader.
- Implement preferlvm="true|false" attribute for <systemdisk>
When using filesystems which provides a volume management like
btrfs and zfs do, kiwi will make use of it by default. With the
preferlvm attribute the user can overwrite the default and prefer
LVM for volume management
- make the two vagrant box templates more consistent
This makes it easier to see the differences which really matter.
- remove pointless $xmlsize assignment
This assignment is pointless since $xmlsize will always get set to
another value soon after.
- do not publish appdata for source rpms
- Make suseImportBuildKey more robust (bnc #896126)
Check if dumpsigs tool exist and don't operate on
files which do not exist
- Prevent building iso with empty loader directory
- Added test_virtualboxGuestOS unit test
- Update unit tests due to ovf osType adaptions
- Fixed OVF creation for writing osType
osType is a subsection of the OperatingSystemSection not an attribute
osType was supported for VMware vmw: flagged systems. This patch adds
osType support for virtualbox vbox: flagged systems too
==== kiwi-config-openSUSE ====
- fix previous change, it's RC_LANG not RC_ALL
- set some english defaults to get the console into proper UTF-8
during boot
- fix permissions of langset.service
==== krb5 ====
Subpackages: krb5-32bit krb5-client krb5-devel
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
- added patches:
* bnc#897874-CVE-2014-5351.diff
==== libQtWebKit-devel ====
Version update (4.8.6+2.3.3 -> 4.8.6+2.3.4)
Subpackages: libQtWebKit4
- Update to 2.3.4:
* Bugfix release
* Incorporated GStreamer 1.0 support
- Drop gstreamer-1.0.diff, aarch64-support.patch, bison3.patch,
ppc64le-support.patch, all merged upstream
==== libcamgm100 ====
Version update (1.0.6 -> 1.0.7)
Subpackages: perl-camgm
- version 1.0.7
- Store the common server CA to /etc/pki/trust/anchors
and run update-ca-certificates to update the trust dir
(bnc#897441)
- upate translation files
==== libgcrypt-devel ====
Subpackages: libgcrypt20 libgcrypt20-32bit
- disabled curve P-192 in FIPS mode (bnc#896202)
* added libgcrypt-fips_ecdsa.patch
- don't use SHA-1 for ECDSA in FIPS mode
- also run the fips self tests only in FIPS mode
- run the fips self tests at the constructor code
* added libgcrypt-fips_run_selftest_at_constructor.patch
- rewrite the DSA-2 code to be FIPS 186-4 compliant (bnc#894216)
* added libgcrypt-fips-dsa.patch
* install fips186_dsa
- use 2048 bit keys in selftests_dsa
==== libgphoto2-6 ====
Version update (2.5.5 -> 2.5.5.1)
Subpackages: libgphoto2-6-32bit libgphoto2-devel
- 2.5.5.1 release
- regression with nikon coolpix s fixed
- canon eos has no zoom
- more fixes and translation updates
==== libical-devel ====
Subpackages: libical1
- disable parallel build, too unreliable
- Use %cmake macros so that %optflags reliably lands on the build
command lines
- Improve on RPM group classification
- Drop strange Recommends: from libical-doc to libical1
(the latter does not offer any directly-usable feature when
the docs are installed).
- Documentation subpackage should be noarch
==== libksba8 ====
Version update (1.3.0 -> 1.3.1)
- libksba 1.3.1:
* Fixed memory leak in CRL parsing
* Build fixes for ppc64el
==== libmtp-devel ====
Subpackages: libmtp9
- include-config-h.patch: always include "config.h" first
==== libnetfilter_conntrack3 ====
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
==== libqt4 ====
Subpackages: libqt4-32bit libqt4-devel libqt4-linguist libqt4-qt3support libqt4-qt3support-32bit libqt4-sql libqt4-sql-32bit libqt4-sql-sqlite libqt4-sql-sqlite-32bit libqt4-x11 libqt4-x11-32bit
- Added fix_qrasterpixmapdata_bnc847880.diff (bnc#847880).
When extracting a region of a QRasterPixmapData an optimization
was using the wrong bit depth for some calculations thus copying
a different section of the image than requested. This breaks
specially the oxygen kde theme under qemu when using a cirrus driver.
- Removed workaround for bnc#847880 which is no longer needed.
==== libQt5Core5 ====
Subpackages: libQt5DBus5 libQt5Gui5 libQt5Widgets5
- Build without sse2 instructions by default for %ix86 architecture,
and rebuild QtCore and QtuGui modules with sse2 (they are installed
to %_libdir/sse2 (bnc#897758)
==== gdk-pixbuf-loader-rsvg ====
Version update (2.40.3 -> 2.40.4)
Subpackages: librsvg-2-2 librsvg-devel typelib-1_0-Rsvg-2_0
- Update to version 2.40.4:
+ rsvg-convert: Handle gzip compressed input (bgo#735836).
==== librsync1 ====
- Library ends compiled with executable stack, something we really
do not want around.. it turns out a nested function causes gcc
to emit trampolines. fix that (librsync-noexecstack-nestedfunc.patch)
- Only export the public api, all symbols prefixed with "rs_"
(librsync-exports.patch)
==== libstorage-ruby ====
Subpackages: libstorage5
- sort partitions after certain remove steps (bsc#898362)
- treat disks with implicit partition table as read-only
(bsc#894585)
==== libvirt ====
Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-driver-xen libvirt-daemon-qemu libvirt-daemon-xen
- CVE-2014-3633: Use correct definition when looking up disk in
qemu blkiotune
3e745e8f-CVE-2014-3633.patch
bnc#897783
==== libzypp ====
Version update (14.29.0 -> 14.29.4)
- Trigger appdata plugin when system repos have changed (bnc#866257)
- Protect against race when destructing globals
- BuildRequire libsolv-tools as libsolv-devel no longer does
- version 14.29.4 (29)
- Update zypp-po.tar.bz2
- Fix computation of userinstalled items (bnc#897404)
- version 14.29.3 (29)
- Adapt to API changes in rpm.4.12
- SLE-12 (suse_version 1315) uses it's own translations set
(bnc#897176)
- version 14.29.2 (29)
- Update zypp-po.tar.bz2
- Update sle-zypp-po.tar.bz2
- Update zypp-po.tar.bz2
- Update zypp-po.tar.bz2
- adjust BuildRequires
- version 14.29.1 (29)
==== libLLVM ====
Version update (3.4.2 -> 3.5.0)
Subpackages: libLLVM-32bit
- Enable shared libs on PPC64
- Require llvm-clang not just clang
- Add llvm-remove-werror-date-time.patch to remove -Werror=date-time
for CXXFLAGS, gcc does not support it and it creeps into
llvm-config --cflags
- Remove wrong Requires from the llvm-devel package
- Add default target triple form ARM, fixes bnc#893359
- Use ninja for building
- Update to llvm 3.5.0
* Major update, see http://llvm.org/releases/3.5.0/docs/ReleaseNotes.html
- Use upstream pristine tarballs
- Add libc++/libc++abi support clang (only on x86_64)
- Add libcxxabi-exceptions.patch to fix libcxxabi exception handling
- Add libcxx-libdir.patch to fix libdir on 64bit arches
- Remove asan-disable-hugemalloctest.patch and
cmake-patchversion.patch, fixed upstream.
==== liblockdev1 ====
Subpackages: liblockdev1-32bit lockdev
- add baselibs.conf as source
- pass --enable-helper to force use of setgid helper in order to
be able to write /var/lock (bnc#896010)
==== lxappearance ====
Version update (0.5.5 -> 0.5.6)
Subpackages: lxappearance-lang
- new upstream release 0.5.6
* Change AC_CONFIG_MACRO_DIR to [.] instead of [m4]
* Add compilation notes into README file
* Include ~/.gtkrc-2.0.mine first to be able to apply changes from
* LXAppearance
* Add 'keyboard_options' frame for future improvements
* [SF#614]Don't follow symlink ~/.icons/default or we can recurse
* inheritance
* Avoid call to g_thread_init() with GLib >= 2.32
* Use .glade file names and compress them into .ui purging spaces
* Update Copyright years in the About dialog
* Fix compilation warnings with --enable-more-warnings
* Fix compilation warnings with --enable-debug
* [SF#515] Fix configure --enable-debug
* [SF#584] Fix crash on installing new cursor theme
* [SF#498] Fix lxappearanse 0.5.2 gtk3 linking problem
* [SF#484] Don't reset contents of settings.ini file, only update
* Fix crash in update_cursor_demo()
* Update .gitignore file
* Get rid of unused libtoolize - this is not a library
* Remove unused xml-purge program
* Remove po/Makefile.in.in -it's autogenerated
* Disable setting of custom colors if run without lxsession
* Fix broken pt_BR.po translation file
* Include lxappearance.desktop.in into release tarball
* Translation updates
==== lxappearance-obconf ====
Subpackages: lxappearance-obconf-lang
- added pkgconfig(ice) and pkgconfig(sm) to build requires
==== lxrandr ====
Version update (0.2.0 -> 0.3.0)
Subpackages: lxrandr-lang
- new upstream version 0.3.0
* Add compilation notes into README file
* Add AC_CONFIG_MACRO_DIR to configure.ac and ACLOCAL_AMFLAGS to
Makefile.am
* Add --enable-debug option to configure script
* Fix missing m->active_rate correction
* Implement confirmation dialog on mode(s) change
* Fix choise "show the same image on both monitors"
* Implement automatic diagnostic for monitors placement
* Correctly set state of 'Turn On' button
* Correctly react on 'Enable' button toggle
* Fix invalid selection which monitor should be disabled to change
position
* Fix formatting of xrandr command, new options don't work
* Implement positioning of monitors in 'Advanced' tab
* Fix notebook internal monitor detection
* Fix spelling error: accessable -> accessible
* Translation updates
==== makedumpfile ====
Version update (1.5.6 -> 1.5.7)
- Switch to dynamic linking: Since most libraries are no longer
available for static link, the remaining space savings are
no longer worth the effort.
- upgrade to makedumpfile-1.5.7
o Show memory usage of the running kernel
o Hugepage filtering
o Support kernels up to 3.16
- Drop following patches, which are now upstream:
o makedumpfile-generic-multi-page-excl.patch
o makedumpfile-remove-overrun-adj.patch
o makedumpfile-fix-free-bitmap_buffer_cyclic.patch
o makedumpfile-isCompoundHead.patch
o makedumpfile-exclude-compound-pages.patch
==== libmysqlclient-devel ====
Subpackages: libmysqlclient18 libmysqlclient18-32bit libmysqlclient_r18 libmysqld18 mariadb mariadb-client mariadb-errormessages
- Get rid of error during update
- Little polishing of rc script
==== mcelog ====
- mcelog.tmpfiles, mcelog-socket-path.patch, move socket
and pid file to /run/mcelog directory.
This update may require reboot as the relevant rpm macro
tmpfiles_create is not yet in any product.
==== meld ====
Version update (1.8.6 -> 3.11.4)
Subpackages: meld-lang
- Update to version 3.11.4:
+ Fixes:
- Only apply the auto merge flag to the last comparison
started.
- Fix install layout issues on Debian-based systems.
- Fix "Open External" for files on Windows.
- Record installation directory and executable location on
Windows.
- Revert to using latin1 as a fallback encoding; this will be
reverted in the next unstable series.
+ Updated translations.
- Update to version 3.11.3:
+ Features:
- Manually handle app menu fallback for non-Gnome shells.
- Save and restore window maximisation state.
+ Fixes:
- Add missing/incomplete "Language" entries.
- Miscellaneous code cleanups.
- Handle broken locale settings better.
- Fix size allocation issues in preferences UI.
- Update shebang for environments with Python 3 as default.
+ Updated translations.
- Update to version 3.11.2:
+ Features:
- File and folder comparison panes can now be resized.
- Folder comparisons now support scrolling between chunks using
the mouse wheel in the link map, like file comparisons.
+ Fixes:
- Don't draw spurious actions for equal chunks.
- Remove default sourceview behaviour for Alt+Left/Right.
- Fix storing translated column names in configuration.
- Several fixes for multiple windows in single-instance
handling:
. Resolve relative paths relative to the correct instance.
. Don't create windows in the original instance when the
calling instance errors out.
. Raise the correct window for new windows in the same
instance.
. Exit correctly for command line errors in the calling
instance.
- Fix display of unicode paths in repositories.
- Fix handling of unicode paths in recent files store.
- Improve behaviour of Open External action, and handle spaces
in filenames for the custom editor option.
- Improve support custom installation prefixes.
- Changes from version 3.11.1:
+ Features:
- New (alpha) infrastructure for stand-alone Windows builds.
- Display renames and metadata in Bazaar repositories.
- Improved tab labels in version control comparisons.
- New merge-order preference to accompany comparison-order.
- Added a prompt to mark a conflict as resolved from file
comparison.
+ Fixes:
- Fix filtering for shallow folder comparisons.
- Several install and distribution fixes.
- Sundry bug fixes.
+ Updated translations.
- Pass --no-update-icon-cache --no-compile-schemas to the distutils
script.
- Update to version 3.11.0:
+ Features:
- Supporting hiding empty filtered folders in folder
comparison.
- Notify user when files change externally in file comparison.
- Use standard GIO file trash handling when deleting files.
- Newly written Mallard-based help.
+ User interface updates:
- Support GNOME 3-style application menu.
- Visual improvements to several icons.
- Update Meld's colour scheme.
- Many visual styling updates, layout tweaks and UI polish.
+ Internal changes:
- Port to GObject introspection, GTK+ 3, GApplication,
GSettings and other new things starting with 'G'.
- Port to distutils, based on python-distutils-extra.
- Move to using CSS for styling and colour definitions.
- Update to use more modern GTK widgets.
- Move a lot of extra UI construction into glade/UI files.
- Make several custom icons themeable.
- Make Meld a single-instance application, and add support for
multiple windows.
+ Fixes:
- Improved rendering speed in file comparisons.
- Copy and paste within a buffer no longer causes occasional
incorrect change highlighting.
- Fixes for version control support.
- Windows crash fixes.
- Sundry bug fixes.
+ Updated translations.
- Drop meld-1.3.0-env.patch: no longer required.
- Add meld-nodocs.patch: do not install COPYING and NEWS: we do
this on our own.
- Drop scrollkeeper BuildRequires: no longer needed.
- Add glib2-devel, gobject-introspection-devel, itstool and
libxml2-tools BuildRequires: new requirements.
- Rewrite build and install section to match new upstream build
system, based on distutils.
==== libmono-2_0-1 ====
Version update (3.6.0 -> 3.8.0)
Subpackages: libmono-2_0-devel libmonoboehm-2_0-1 libmonoboehm-2_0-devel libmonosgen-2_0-1 mono-core mono-data mono-data-oracle mono-data-postgresql mono-data-sqlite mono-devel mono-extras mono-locale-extras mono-mvc mono-nunit mono-wcf mono-web mono-winforms mono-winfxcore monodoc-core
- Removed upstreamed ppc.patch
- Updated to 3.8.0
+ The JIT now better handle long remainers by powers of two, generating significantly better code.
+ Over 10x faster code is generated for delegates that only invoked once. C# features such as async and LINQ produces a lot of those delegates, so this improvement will impact everyone.
+ Improved alias analysis can now handle second order aliases and eliminate null checks.
+ The runtime now has a concurrently readable hashtable that can makes reflection heavy workloads significantly faster and more scalable.
+ Optimized one of the core data structures of the garbage collector should result in 5 to 10% reduction in collection times.
+ Fix the leaking of mach ports introduced by 98bbf8512aec0fa01b4426583280f6d231d22187. bxc#22068
+ Fix Process.PrivateMemorySize64 etc. on ios. bxc#21882
+ Fix enum->int casts in gsharedvt code. bxc#21893
+ Avoid making generic calls from gsharedvt methods normally, go through the rgctx infrastructure instead. bxc#21677
+ Fix another native-types problem. Hopefully fixes #21670 and #21636
+ Use alias information to eliminate explicit null checks. bxc#21645
+ Initialize fields in MonoField:GetFieldOffset () if needed. Fixes part of #21604
+ Properly handle rethrow outside of catch blocks. bxc#20412
+ Disable runtime unit tests on linux, because it cannot be linked due to circular dependencies between libraries. bxc#21520
+ When parsing a method header, ensure we pass any available generic context. bxc#21388
+ Added new mono_domain_set_config function; used to fix ConfigurationErrorsException in bxc#10468
+ Only apply the maverick stack size hack to the main thread. bxc#10096
+ Don?t hardcode the temp dir to /tmp, use g_get_tmp_dir instead. bxc#20894
+ Explicit thread GC data around instead of relying on TLS storage. bxc#20360
+ Make WaitForPendingFinalizers () really wait for the finalizers added by a previous GC. bxc#20503
+ Fix the marshal7.cs test, longs can be aligned to 4 bytes on 32 bit linux, and the runtime no longer aligns structure sizes to 8 bytes. bxc#20788
+ Fix the popping of LMF frames during unwinding. bxc#20616
+ Fix the marshalling of ByValTStr types which have a size specified. bxc#20674
+ Fix the decoding of MonoJitInfo. bxc#16439
+ Make it possible to create views to magic zero size files such as /dev/zero. bxc#19460
+ Free static bound delegate wrappers of dynamic methods. bxc#19058
+ Don?t perform double accounting of offset for named memory segments. bxc#20591
+ Avoid joining attached threads. bxc#19343
+ Fix support for custom marshallers defined in other assemblies. bxc#20020
+ Fix a jit assertion on a class which contains an empty struct as a static field. bxc#20349
+ Applied patch from Kyle Edwards kyleedwardsny@gmail.com. Fix isinf () check with clang. bxc#20244
+ Fix constrained type unwrap for enum types. bxc#18371
+ Handle quoted filename value. bxc#21960
+ Correctly handle partial chunk sizes. bxc#20583
+ Tweak Dictionary initial capacity to be more conservative. bxc#21375
+ Handle closed-over-null delegates created with IL when using InvokeDynamic. bxc#21196
+ Fix a race in a Task test. bxc#20921
+ Contract the values array when decoding an array with a negative number and a trailer that evals to zero. bxc#20456
+ Fixes issue with expression columns and IsNull. bxc#20925
+ Array qsort without head allocation. bxc#20922
+ Enum::TryParse ignores leading whitespaces. bxc#20870
+ Fix disposing of DelegatingHandler. bxc#20818
+ Fix digest authentication (bug #18799)
+ Only recycle ServicePoints from the idle timer (fixes #19823)
+ Changed ConcurrentDictionary.Contains(KeyValuePair
pyzy-db-android pyzy-db-open-phrase xindy xindy-rules -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo. Greetings, Stephan -- Ma muaß weiterkämpfen, kämpfen bis zum Umfalln, a wenn die ganze Welt an Arsch offen hat, oder grad deswegn. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday 01 October 2014 20.19:04 Stephan Kulow wrote:
Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
Greetings, Stephan
Congrats Guys ... Let me wish you some more "tranquille" weeks in the next month. -- Bruno Friedmann Ioda-Net Sàrl www.ioda-net.ch openSUSE Member & Board, fsfe fellowship GPG KEY : D5C9B751C4653227 irc: tigerfoot -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in? What I mean is, that thread saying bash patches weren't applied to Factory because then Gnome would be included and it was broken... wasn't that what rings were about preventing? Perhaps the process should be reviewed a little bit with security patches in mind this time around. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 2014-10-01 at 15:53 -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
I still prefer a security fix going through staging that shooting every system down.. even though a shutdown system is the most secure there is, it's not where we're heading to.
What I mean is, that thread saying bash patches weren't applied to Factory because then Gnome would be included and it was broken... wasn't that what rings were about preventing?
You misunderstood something here: the new GNOME stack was not in Factory at the time of this reporting... there was still GNOME 3.12 from March. 'something' else happened to sneak through the openQA process which did not trigger the various desktops to fail there (and it was not only GNOME; G just was less random in getting a failure to be seen). So: while the broken stuff already WAS in Factory (not caught in the staging QA runs), bash entered as well.. publishing the state would have meant to knowingly publish a tree possibly breaking.
Perhaps the process should be reviewed a little bit with security patches in mind this time around.
That is the most sensible thing to do, yes. We rely largely on openQA,
but as with every test: it's only as reliable as the tests and the
things you verify. An addon repo for Security relevant quick fixes might
be an option, BUT that would also mean that once Factory publishes,
stuff has to disappear from that temp update repo again... (or it will
grow endlessly... forever)
I'm sure brilliant ideas on HOW to do all of this are most welcome.
Dominique
--
Dimstar / Dominique Leuenberger
On Wed, Oct 01, 2014 at 03:53:34PM -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
What I mean is, that thread saying bash patches weren't applied to Factory because then Gnome would be included and it was broken... wasn't that what rings were about preventing?
Perhaps the process should be reviewed a little bit with security patches in mind this time around.
I was hoping factory would be rolling fast enough that this does not matter. We will however be supplying a openSUSE:Factory:Update / update repo for these emergency updates when we cannot release factory. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Oct 1, 2014 at 4:16 PM, Dimstar / Dominique Leuenberger
On Wed, 2014-10-01 at 15:53 -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
I still prefer a security fix going through staging that shooting every system down.. even though a shutdown system is the most secure there is, it's not where we're heading to.
My point is more that, the security team gets a heads-up on patches, and this testing should be done then. I'm not sure they can publish the patch in OBS during the embargo, though, so it's a tricky thing. But integration testing should be done during the embargo, and the only thing left to do when the embargo finishes is publish to the updates repo that marcus hinted to. Then, you get two results: building against the latest snapshot, and current Factory. If current factory blows, that doesn't stop them from publishing snapshot. And if you get updated QA runs of snapshot, so you know if things blow. I believe the trickiest part is respecting the embargo, that's something the security team knows how to resolve I think (they already do it for released versions)
What I mean is, that thread saying bash patches weren't applied to Factory because then Gnome would be included and it was broken... wasn't that what rings were about preventing?
You misunderstood something here: the new GNOME stack was not in Factory at the time of this reporting... there was still GNOME 3.12 from March. 'something' else happened to sneak through the openQA process which did not trigger the various desktops to fail there (and it was not only GNOME; G just was less random in getting a failure to be seen).
So: while the broken stuff already WAS in Factory (not caught in the staging QA runs), bash entered as well.. publishing the state would have meant to knowingly publish a tree possibly breaking.
Yes, that's what I understood, just thought it was purely gnome, and it's a tricky state of affairs. That's why the update repo that applies against factory snapshot is an important thing IMHO. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 01/10/14 a las #4, Stephan Kulow escribió:
Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
Greetings, Stephan
Other than the KDE theme changing to "openSUSElight" without my consent...I upgraded 4 different boxes to this snapshot and nothing blew up. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Oct 01, 2014 at 05:31:27PM -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 4:16 PM, Dimstar / Dominique Leuenberger
wrote: On Wed, 2014-10-01 at 15:53 -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
I still prefer a security fix going through staging that shooting every system down.. even though a shutdown system is the most secure there is, it's not where we're heading to.
My point is more that, the security team gets a heads-up on patches, and this testing should be done then.
I'm not sure they can publish the patch in OBS during the embargo, though, so it's a tricky thing. But integration testing should be done during the embargo, and the only thing left to do when the embargo finishes is publish to the updates repo that marcus hinted to.
Then, you get two results: building against the latest snapshot, and current Factory. If current factory blows, that doesn't stop them from publishing snapshot. And if you get updated QA runs of snapshot, so you know if things blow.
I believe the trickiest part is respecting the embargo, that's something the security team knows how to resolve I think (they already do it for released versions)
openSUSE Factory and embargoes just do not fit together, as it is fully open. Local package testbuilds are possible, but not much more.
What I mean is, that thread saying bash patches weren't applied to Factory because then Gnome would be included and it was broken... wasn't that what rings were about preventing?
You misunderstood something here: the new GNOME stack was not in Factory at the time of this reporting... there was still GNOME 3.12 from March. 'something' else happened to sneak through the openQA process which did not trigger the various desktops to fail there (and it was not only GNOME; G just was less random in getting a failure to be seen).
So: while the broken stuff already WAS in Factory (not caught in the staging QA runs), bash entered as well.. publishing the state would have meant to knowingly publish a tree possibly breaking.
Yes, that's what I understood, just thought it was purely gnome, and it's a tricky state of affairs.
That's why the update repo that applies against factory snapshot is an important thing IMHO.
The tree was fully broken, the desktop systems only crashed on login. This would not be a happy experience. Ciao, marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Oct 1, 2014 at 5:51 PM, Marcus Meissner
On Wed, Oct 01, 2014 at 05:31:27PM -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 4:16 PM, Dimstar / Dominique Leuenberger
wrote: On Wed, 2014-10-01 at 15:53 -0300, Claudio Freire wrote:
On Wed, Oct 1, 2014 at 3:19 PM, Stephan Kulow
wrote: Am 01.10.2014 um 18:10 schrieb Ludwig Nussel:
Changed packages:
As you might have guessed from the length of a changelog: this was quite a job to get out - but finally bash is secure in official repo.
While that can readily be seen, by the time Factory is considered truly a replacement of TW, perhaps security patches shouldn't need full integration to get in?
I still prefer a security fix going through staging that shooting every system down.. even though a shutdown system is the most secure there is, it's not where we're heading to.
My point is more that, the security team gets a heads-up on patches, and this testing should be done then.
I'm not sure they can publish the patch in OBS during the embargo, though, so it's a tricky thing. But integration testing should be done during the embargo, and the only thing left to do when the embargo finishes is publish to the updates repo that marcus hinted to.
Then, you get two results: building against the latest snapshot, and current Factory. If current factory blows, that doesn't stop them from publishing snapshot. And if you get updated QA runs of snapshot, so you know if things blow.
I believe the trickiest part is respecting the embargo, that's something the security team knows how to resolve I think (they already do it for released versions)
openSUSE Factory and embargoes just do not fit together, as it is fully open.
Local package testbuilds are possible, but not much more.
OBS has private projects, so it can be kept private and link/aggregate the results at embargo finish time. The problem I think currently is openQA, which would need a separate instance working on the private repo - not even sure if it can do that. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 2014-10-01 at 18:00 -0300, Claudio Freire wrote:
openSUSE Factory and embargoes just do not fit together, as it is fully open.
Local package testbuilds are possible, but not much more.
OBS has private projects, so it can be kept private and link/aggregate the results at embargo finish time.
The problem I think currently is openQA, which would need a separate instance working on the private repo - not even sure if it can do that.
It has 'OPEN' in the name.. making it private makes it anything BUT
'open'. I for one do NOT want to be part of a 'halfway openSUSE'
project. We came a long way to get where we are now.
Instead of investing all the energy on all those different fronts, I
think it's much better invested to find out HOW this issue could slip
into Factory and only be noticed once it was too late. with our without
this bash timing conflict: THIS is the problem ACTUALLY at hand (just
that shellshock made it more visible).
Considering that Factory now IS published, I think we can assume that
the problem was identified (let's hope so)... identifying the problem is
always the first right step in the direction of getting a proper
solution.
--
Dimstar / Dominique Leuenberger
On Wed, Oct 1, 2014 at 6:07 PM, Dimstar / Dominique Leuenberger
On Wed, 2014-10-01 at 18:00 -0300, Claudio Freire wrote:
openSUSE Factory and embargoes just do not fit together, as it is fully open.
Local package testbuilds are possible, but not much more.
OBS has private projects, so it can be kept private and link/aggregate the results at embargo finish time.
The problem I think currently is openQA, which would need a separate instance working on the private repo - not even sure if it can do that.
It has 'OPEN' in the name.. making it private makes it anything BUT 'open'. I for one do NOT want to be part of a 'halfway openSUSE' project. We came a long way to get where we are now.
Embargos are temporary and a necessary thing for critical, easily exploitable security patches. I'm sure openSUSE, even though totally open, already respects the embargo and does security patching for those patches (not all are embargoed) in private already.
Instead of investing all the energy on all those different fronts, I think it's much better invested to find out HOW this issue could slip into Factory and only be noticed once it was too late. with our without this bash timing conflict: THIS is the problem ACTUALLY at hand (just that shellshock made it more visible).
True, but not totally true. You can never fix this timing issue. Eventually, snapshots will be delayed for whichever reason. You don't want a rolling distro that gets no security patches. If anything, a rolling distro should be more up-to-date than released versions, and yet releases got the security patch a few days before Factory. That makes it a show-stopper for many potential users of rolling distros.
Considering that Factory now IS published, I think we can assume that the problem was identified (let's hope so)... identifying the problem is always the first right step in the direction of getting a proper solution.
Indeed, if openQA could be taught to detect this particular (or similar) issue, it would be great. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 01.10.2014 um 23:25 schrieb Claudio Freire:
True, but not totally true. You can never fix this timing issue. Eventually, snapshots will be delayed for whichever reason. You don't want a rolling distro that gets no security patches. If anything, a rolling distro should be more up-to-date than released versions, and yet releases got the security patch a few days before Factory. That makes it a show-stopper for many potential users of rolling distros.
We have a factory update repo for security updates and we used it for the first time. I wonder why you still keep asking for it.
Considering that Factory now IS published, I think we can assume that the problem was identified (let's hope so)... identifying the problem is always the first right step in the direction of getting a proper solution.
Indeed, if openQA could be taught to detect this particular (or similar) issue, it would be great.
staging projects and Factory are different enough to make this slip happen and this (as we call it in German) "Mut zur Lücke" (the courage to admit when one doesn't know everything) is part of the designed process. It's a compromise to get this thing done at all. We run 6 tests for every staging project - all on x86_64, we run 103 for Factory. And we already track 16 of them as known failures to get an update out at all. In a perfect world this would be 0, but lvm crashes the kernel, USB boot of live cds is broken, ... I.e. to get 0928 out, I had to accept a broken lxde - even though libfm went into 1001 and the next snapshot will most likely have a fixed lxde again. The whole process is *allowed* to fail - that it failed in the week we had one of the most problematic security problem in UNIX is unfortunate, but that's what security update repos are for. Greetings, Stephan -- Ma muaß weiterkämpfen, kämpfen bis zum Umfalln, a wenn die ganze Welt an Arsch offen hat, oder grad deswegn. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Couple of oddities that I see during installation from DVD: In the installation summary I get these warnings - in red: Booting: "Warning: No location for bootloader stage1 selected. Unless you know what you are doing please select above location" Now this is preceded on my machines by two locations, MBR and "/", both of which are defaulted to "do not install". Why default to a setting that will not install GRUB2 correctly? [It won't. I tried it!] Software: "Warning: Cannot check free space in directory /home." [Plus any other directory you've allocated apart from '/'. Why issue a warning that only can cause mild panic, especially when it's totally unnecessary? My first reaction was to wonder if I had a disk problem but then it appeared on an install on a second machine so I thought I might be safe. Here we have two warnings on the same screen, one which needs user-action and another which can be ignored. Not a good idea to present this to newbies - or nervous oldies for that matter! ;-) -- Graham Davis, Bracknell, Berks. openSUSE 13.2-beta (64-bit); KDE 4.14.1; AMD Phenom II X2 550 Processor; Kernel: 3.16.3; Video: nVidia GeForce 210 (using nouveau driver); Sound: ATI SBx00 Azalia (Intel HDA) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Oct 2, 2014 at 3:33 AM, Stephan Kulow
Am 01.10.2014 um 23:25 schrieb Claudio Freire:
True, but not totally true. You can never fix this timing issue. Eventually, snapshots will be delayed for whichever reason. You don't want a rolling distro that gets no security patches. If anything, a rolling distro should be more up-to-date than released versions, and yet releases got the security patch a few days before Factory. That makes it a show-stopper for many potential users of rolling distros.
We have a factory update repo for security updates and we used it for the first time. I wonder why you still keep asking for it.
You're right. I got my point across, that's enough.
Considering that Factory now IS published, I think we can assume that the problem was identified (let's hope so)... identifying the problem is always the first right step in the direction of getting a proper solution.
Indeed, if openQA could be taught to detect this particular (or similar) issue, it would be great.
staging projects and Factory are different enough to make this slip happen and this (as we call it in German) "Mut zur Lücke" (the courage to admit when one doesn't know everything) is part of the designed process. It's a compromise to get this thing done at all.
I understand that.
We run 6 tests for every staging project - all on x86_64, we run 103 for Factory. And we already track 16 of them as known failures to get an update out at all. In a perfect world this would be 0, but lvm crashes the kernel, USB boot of live cds is broken, ...
I.e. to get 0928 out, I had to accept a broken lxde - even though libfm went into 1001 and the next snapshot will most likely have a fixed lxde again.
Are you referring to the impracticality of adding more tests on the staging projects?
The whole process is *allowed* to fail - that it failed in the week we had one of the most problematic security problem in UNIX is unfortunate, but that's what security update repos are for.
And that's going to happen again in all likelihood, that's my point. Occurrences like these are to be expected. Unlikely, but expectable. But as there's already an update repo and this event will probably make it so that it's used with less hesitation, there's nothing else I can say. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, 2 Oct 2014 11:11:18 +0100
Graham P Davis
Booting: "Warning: No location for bootloader stage1 selected. Unless you know what you are doing please select above location"
I have not seen that. I suspect that it happens when you are using GPT partitioning and have not created a BIOS Boot partition. I have (once) installed to a GPT disk with no BIOS boot partition and using grub2. Perhaps there was such a message, but I did not pay attention. In any case, I installed grub2 to "/boot" in that case. I did not expect it to work. I only wanted a "grub.cfg" to be generated, which I could then invoke from another install on a different disk.
Software: "Warning: Cannot check free space in directory /home." [Plus any other directory you've allocated apart from '/'.
Yes, I tend to agree that this message can cause confusion, and seems to not be needed. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Neil Rickert wrote on 2014-10-02 19:44 (UTC-0500):
On Thu, 2 Oct 2014 11:11:18 +0100 Graham P Davis wrote:
Software: "Warning: Cannot check free space in directory /home." [Plus any other directory you've allocated apart from '/'.
Yes, I tend to agree that this message can cause confusion, and seems to not be needed.
Dejavu: https://bugzilla.opensuse.org/show_bug.cgi?id=259493 I've also seen warnings about space shortage on irrelvant filesystems in relatively recent Factory installations. Virtually all my installations are into multiboot configurations where at least something somewhere is low on space. Nearly always included among such is the primary where I have the primary bootloader installed, and which is never mounted to a FHS location. Normally I don't tell YaST to mount it anywhere, dealing with it manually after installation has completed. Maybe the/an underlying problem is YaST poking the Grub menus and fstabs it finds? -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (10)
-
Bruno Friedmann
-
Claudio Freire
-
Cristian Rodríguez
-
Dimstar / Dominique Leuenberger
-
Felix Miata
-
Graham P Davis
-
Ludwig Nussel
-
Marcus Meissner
-
Neil Rickert
-
Stephan Kulow