[opensuse-factory] New Tumbleweed snapshot 20160128 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20160128 Packages changed: analitza (15.12.0 -> 15.12.1) bind (9.10.3P2 -> 9.10.3P3) blinken (15.12.0 -> 15.12.1) bovo (15.12.0 -> 15.12.1) bundle-lang-common bundle-lang-gnome bundle-lang-kde cervisia (15.12.0 -> 15.12.1) epiphany-branding-openSUSE gpg2 gpm grub2 hugin icedtea-web java-1_8_0-openjdk (1.8.0.65 -> 1.8.0.72) java-1_8_0-openjdk-plugin juk (15.12.0 -> 15.12.1) kalgebra (15.12.0 -> 15.12.1) kalzium (15.12.0 -> 15.12.1) kanagram (15.12.0 -> 15.12.1) katomic (15.12.0 -> 15.12.1) kblackbox (15.12.0 -> 15.12.1) kblocks (15.12.0 -> 15.12.1) kbounce (15.12.0 -> 15.12.1) kbreakout (15.12.0 -> 15.12.1) kbruch (15.12.0 -> 15.12.1) kcachegrind (15.12.0 -> 15.12.1) kde-print-manager (15.12.0 -> 15.12.1) kdeedu-data (15.12.0 -> 15.12.1) kdesdk4-scripts (15.12.0 -> 15.12.1) kdewebdev4 (15.12.0 -> 15.12.1) kdf (15.12.0 -> 15.12.1) kdiamond (15.12.0 -> 15.12.1) kfilemetadata5 kgeography (15.12.0 -> 15.12.1) kgoldrunner (15.12.0 -> 15.12.1) khangman (15.12.0 -> 15.12.1) kig (15.12.0 -> 15.12.1) kinfocenter5 kiriki (15.12.0 -> 15.12.1) kiten (15.12.0 -> 15.12.1) kiwi (7.03.48 -> 7.03.49) kjumpingcube (15.12.0 -> 15.12.1) kmouth (15.12.0 -> 15.12.1) knavalbattle (15.12.0 -> 15.12.1) knetwalk (15.12.0 -> 15.12.1) kolf (15.12.0 -> 15.12.1) kollision (15.12.0 -> 15.12.1) konquest (15.12.0 -> 15.12.1) kppp (15.12.0 -> 15.12.1) kremotecontrol (15.12.0 -> 15.12.1) kshisen (15.12.0 -> 15.12.1) ksirk (15.12.0 -> 15.12.1) kspaceduel (15.12.0 -> 15.12.1) ksquares (15.12.0 -> 15.12.1) kstars (15.12.0 -> 15.12.1) ksystemlog (15.12.0 -> 15.12.1) kteatime (15.12.0 -> 15.12.1) ktimer (15.12.0 -> 15.12.1) ktouch (15.12.0 -> 15.12.1) ktp-accounts-kcm (15.12.0 -> 15.12.1) ktp-approver (15.12.0 -> 15.12.1) ktp-auth-handler (15.12.0 -> 15.12.1) ktp-contact-list (15.12.0 -> 15.12.1) ktp-contact-runner (15.12.0 -> 15.12.1) ktp-desktop-applets (15.12.0 -> 15.12.1) ktp-filetransfer-handler (15.12.0 -> 15.12.1) ktp-kded-module (15.12.0 -> 15.12.1) ktp-send-file (15.12.0 -> 15.12.1) ktp-text-ui (15.12.0 -> 15.12.1) ktuberling (15.12.0 -> 15.12.1) kturtle (15.12.0 -> 15.12.1) kubrick (15.12.0 -> 15.12.1) kwordquiz (15.12.0 -> 15.12.1) libkdeedu4 (15.12.0 -> 15.12.1) libkeduvocdocument (15.12.0 -> 15.12.1) libkmahjongg (15.12.0 -> 15.12.1) libsrtp (1.5.2 -> 1.5.3) libvirt (1.3.0 -> 1.3.1) libvirt-python (1.3.0 -> 1.3.1) libzypp (15.20.0 -> 15.21.0) lokalize (15.12.0 -> 15.12.1) lskat (15.12.0 -> 15.12.1) nghttp2 (1.6.0 -> 1.7.0) okteta (15.12.0 -> 15.12.1) opencv opencv-qt5 ortp parley (15.12.0 -> 15.12.1) patterns-openSUSE perl-Bootloader (0.903 -> 0.904) perl-HTML-Parser (3.71 -> 3.72) plasma5-workspace poxml (15.12.0 -> 15.12.1) procps pulseaudio (7.1 -> 8.0) python-kde4 python3-setuptools (19.4 -> 19.6) squid (4.0.3 -> 3.5.13) step (15.12.0 -> 15.12.1) sysdig (0.6.0_k4.4.0_2 -> 0.7.1_k4.4.0_2) umbrello (15.12.0 -> 15.12.1) xf86-video-r128 (6.10.0 -> 6.10.1) xkeyboard-config (2.16 -> 2.17) yast2-ca-management (3.1.7 -> 3.1.8) yast2-core (3.1.18 -> 3.1.19) zypper (1.12.28 -> 1.12.29) === Details === ==== analitza ==== Version update (15.12.0 -> 15.12.1) Subpackages: libAnalitza5 - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== bind ==== Version update (9.10.3P2 -> 9.10.3P3) Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns162 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141 - Security update 9.10.3-P3: * Specific APL data could trigger an INSIST (CVE-2015-8704, bsc#962189). * Certain errors that could be encountered when printing out or logging an OPT record containing a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure (CVE-2015-8705, bsc#962190). * Authoritative servers that were marked as bogus (e.g. blackholed in configuration or with invalid addresses) were being queried anyway. ==== blinken ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== bovo ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== bundle-lang-common ==== Subpackages: bundle-lang-common-cs bundle-lang-common-da bundle-lang-common-de bundle-lang-common-el bundle-lang-common-en bundle-lang-common-es bundle-lang-common-fr bundle-lang-common-hu bundle-lang-common-it bundle-lang-common-ja bundle-lang-common-pl bundle-lang-common-pt bundle-lang-common-ru bundle-lang-common-zh - Update package list. ==== bundle-lang-gnome ==== Subpackages: bundle-lang-gnome-cs bundle-lang-gnome-da bundle-lang-gnome-de bundle-lang-gnome-el bundle-lang-gnome-en bundle-lang-gnome-es bundle-lang-gnome-fr bundle-lang-gnome-hu bundle-lang-gnome-it bundle-lang-gnome-ja bundle-lang-gnome-pl bundle-lang-gnome-pt bundle-lang-gnome-ru bundle-lang-gnome-zh - Update package list. ==== bundle-lang-kde ==== Subpackages: bundle-lang-kde-cs bundle-lang-kde-da bundle-lang-kde-de bundle-lang-kde-el bundle-lang-kde-en bundle-lang-kde-es bundle-lang-kde-fr bundle-lang-kde-hu bundle-lang-kde-it bundle-lang-kde-ja bundle-lang-kde-pl bundle-lang-kde-pt bundle-lang-kde-ru bundle-lang-kde-zh - Update package list. ==== cervisia ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== epiphany-branding-openSUSE ==== - Make build not rely on lsb and opensuse-release (no constant rebuild in Tumbleweed): + Drop lsb/lsb-release BuildRequires. + Drop opensuse-release BuildRequires. + Use %{suse_version} in build section to inject proper values into branding.conf. On Tumbleweed we no longer use the snapshot version (which is anyway useless) but simply inject 'Tumbleweed'. We currently detect openSUSE 13.1, 13.2, Leap 42.1, SLE12 and Tumbleweed systems. All others will have 'SUSE/undef' in the browsers user agent string. ==== gpg2 ==== - add g13, an experimental tool for accessing encrypted storage with with GnuPG (cards) - fix fingerprint ambiguity (bsc#958891) * https://bugs.gnupg.org/gnupg/issue2198 * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch ==== gpm ==== Subpackages: libgpm2 - Remove dependency on aaa_base as using %{_sysconfig} instead of hardcoded /etc shuts up rpmlint. - Use %{buildroot} and %{optflags} insead of env vars. - Add %post and %postun entries for libgpm2. - Add a current version of GPL-2.0 with valid FSF address. - Add gpm-fix_fsf_addess.patch to get the current FSF address into gpm.h. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Backport upstream patches for HyperV gen2 TSC timer calbration without RTC (bsc#904647) * added 0001-grub-core-kern-i386-tsc.c-calibrate_tsc-Ensure-that.patch * added 0002-i386-tsc-Fix-unused-function-warning-on-xen.patch * added 0003-acpi-do-not-skip-BIOS-scan-if-EBDA-length-is-zero.patch * added 0004-tsc-Use-alternative-delay-sources-whenever-appropria.patch * added 0005-i386-fix-TSC-calibration-using-PIT.patch - Add 0001-menu-fix-line-count-calculation-for-long-lines.patch (bsc#943585) - grub2-xen-pv-firmware.cfg: fix hd boot (boo#926795) - Add 0001-Fix-security-issue-when-reading-username-and-passwor.patch Fix for CVE-2015-8370 [boo#956631] - Update grub2-efi-xen-chainload.patch - fix copying of Linux kernel and initrd to ESP (boo#958193) - Rename grub2-xen.cfg to grub2-xen-pv-firmware.cfg (boo#926795) - grub2-xen.cfg: to handle grub1 menu.lst in PV guest (boo#926795) - Expand list of grub.cfg search path in PV Xen guest for systems installed to btrfs snapshot. (bsc#946148) (bsc#952539) * modified grub2-xen.cfg - drop grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bsc#774666) - Add 0001-unix-do-not-close-stdin-in-grub_passwd_get.patch Fix reading password by grub2-mkpasswd-pbdk2 without controlling tty, e.g. when called from Xfce menu (boo#954519) - Modify grub2-linguas.sh-no-rsync.patch to re-enable en@quot catalog (boo#953022). Other autogenerated catalogs still fail to build due to missing C.UTF-8 locale. - Allow to execute menuentry unrestricted as default (fate#318574) * added grub2-menu-unrestricted.patch - Add missing quoting for linuxefi (bsc#951962) * modified grub2-secureboot-use-linuxefi-on-uefi.patch * refreshed grub2-secureboot-provide-linuxefi-config.patch - Include custom.cfg into the files scanned by grub2-once. Allows to chose manually added entries as well (FATE#319632). - Upstream patches for fixing file descriptor leakage (bsc#943784) * added 0001-unix-password-Fix-file-descriptor-leak.patch * added 0002-linux-getroot-fix-descriptor-leak.patch * added 0003-util-grub-mount-fix-descriptor-leak.patch * added 0004-linux-ofpath-fix-descriptor-leak.patch * added 0005-grub-fstest-fix-descriptor-leak.patch - Do not force ro option in linuxefi patch (bsc#948555) * modified grub2-secureboot-use-linuxefi-on-uefi.patch * refrehed grub2-secureboot-provide-linuxefi-config.patch - add 0001-efinet-Check-for-immediate-completition.patch, 0001-efinet-enable-hardware-filters-when-opening-interfac.patch, grub2-arm64-efinet-handle-get_status-on-buggy-firmware-properly.patch (bsc#947203) - Set default GRUB_DISTRIBUTOR from /etc/os-release if it is empty or not set by user (bsc#942519) * added grub2-default-distributor.patch * modified grub.default - add systemd-sleep-plugin subpackage (bsc#941758) - evaluate the menu entry's title string by printf * modified grub2-once * added grub2-systemd-sleep.sh - fix for 'rollback' hint (bsc#901487) * modified grub2-btrfs-05-grub2-mkconfig.patch: - Replace 12.1 with 12 SP1 for the list of snapshots (bsc#934252) * modified grub2-snapper-plugin.sh - Fix btrfs subvol detection on BigEndian systems (bsc#933541) * modified grub2-btrfs-06-subvol-mount.patch - Fix grub2-mkrelpath outputs wrong path on BigEndian system * added grub2-getroot-fix-get-btrfs-fs-prefix-big-endian.patch - If we have a post entry and the description field is empty, we should use the "Pre" number and add that description to the post entry. (fate#317972) - Show user defined comments in grub2 menu for snapshots (fate#318101) * modified grub2-snapper-plugin.sh - add 0001-grub-core-kern-efi-efi.c-Ensure-that-the-result-star.patch make sure firmware path starts with '/' (boo#902982) - Fix btrfs patch on BigEndian systems (bsc#933541) * modified grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * modified grub2-btrfs-06-subvol-mount.patch - Fix license for setjmp module * added grub2-arm64-setjmp-Add-missing-license-macro.patch - Fix install into snapper controlled btrfs subvolume and can't load grub modules from separate subvolume (fate#318392) * added grub2-btrfs-06-subvol-mount.patch * grub2-snapper-plugin.sh: use absolute subvol name - also Recommends mtools for grub2-mkrescue (used to create EFI boot image) in addition to libburnia-tools. - Support booting opensuse installer as PV DomU (boo#926795) * added grub2-xen.cfg for tracking default pvgrub2 xen configs rather than generating it from spec file * grub2-xen.cfg: from Olaf Hering <ohering@suse.com> - replace grub2-efinet-reopen-SNP-protocol-for-exclusive-use-by-grub.patch with upstream version: * 0001-efidisk-move-device-path-helpers-in-core-for-efinet.patch * 0002-efinet-skip-virtual-IPv4-and-IPv6-devices-when-enume.patch * 0003-efinet-open-Simple-Network-Protocol-exclusively.patch Fixes EFI network boot in some QEMU configurations. - fix grub2-mkconfig-aarch64.patch: fix arch detection broken by malformed patch rediffing - Cleanup patch not applied * remove grub2-enable-theme-for-terminal-window.patch * grub2.rpmlintrc: remove addFilter("patch-not-applied") - Merge changes from SLE12 - Do not pass root= when root is on nfs (bnc#894374) * modified grub2-pass-corret-root-for-nfsroot.patch * modified grub2-secureboot-provide-linuxefi-config.patch * modified grub2-secureboot-use-linuxefi-on-uefi.patch - Fix xen pvops kernel not appear on menu (bnc#895286) * modified grub2-fix-menu-in-xen-host-server.patch - Workaround grub2-once (bnc#892358) * added grub2-btrfs-workaround-grub2-once.patch * added grub2-once.service * modified grub2-once - Fix busy-loop and hang while network booting (bnc#870613) * added grub2-netboot-hang.patch - Add warning in grubenv file about editing it directly (bnc#887008) * added grub2-editenv-add-warning-message.patch - Fix broken graphics with efifb on QEMU/KVM and nomodeset (bnc#884558) * added grub2-efi-disable-video-cirrus-and-bochus.patch - Disable video support on Power (bnc#877142) * added grub2-ppc64le-disable-video.patch - Track occupied memory so it can be released on exit (bnc#885026) * added grub2-ppc64le-memory-map.patch - Fix grub.xen config searching path on boot partition (bnc#884828) - Add linux16 and initrd16 to grub.xen (bnc#884830) * added grub2-xen-linux16.patch - VLAN tag support (fate#315753) * added 0001-Add-bootargs-parser-for-open-firmware.patch * added 0002-Add-Virtual-LAN-support.patch - Use chainloader to boot xen.efi under UEFI (bnc#871857) * added grub2-efi-xen-chainload.patch - Use device part of chainloader target, if present (bnc#871857) * added grub2-efi-chainloader-root.patch - Create only hypervisor pointed by /boot/xen.gz symlink (bnc#877040) * modified grub2-fix-Grub2-with-SUSE-Xen-package-install.patch - Fix xen and native entries differ in grub.cfg (bnc#872014) * modified grub2-linux.patch - Fix install error on ddf md device (bnc#872360) * added grub2-getroot-treat-mdadm-ddf-as-simple-device.patch - Fix booting from NVMe device (bnc#873132) * added grub2-getroot-support-NVMe-device-names.patch - Document peculiarities of s390 terminals * added README.ibm3215 - Grub2 for System z (fate#314213) * added grub2-s390x-02-kexec-module-added-to-emu.patch * added grub2-s390x-03-output-7-bit-ascii.patch * added grub2-s390x-04-grub2-install.patch * added grub2-s390x-05-grub2-mkconfig.patch - grub2-arm64-set-correct-length.patch: arm64: set correct length of device path end entry - grub2-efi-HP-workaround.patch: * try to read config from all-uppercase prefix as last resort. (bnc#872503) (boo#902982) - add luks, gcry_rijndael, gcry_sha1 to signed EFI image to support LUKS partition in default setup (boo#917427) - enable i386-xen (boo#891043) - Downgrade os-prober dependency to Recommends (boo#898610) - grub2-snapper-plugin.sh: cleanup grub-snapshot.cfg not referring to any snapshot (boo#909359) - Require efibootmgr also on i586 - Require efibootmgr also on aarch64 - grub2-snapper-plugin.sh: fix use of printf without format string; fix quoting - grub2-arm64-Reduce-timer-event-frequency-by-10.patch: fix periodic timer on arm64 - enable 32bit arm targets for uboot and efi - Replace 'echo -e' command in grub2-snapper-plugin.sh script to 'printf' command. '-e' option of 'echo' command may be unsupported in some POSIX-complete shells. - fix bashism in post script - grub2.spec: Fix conditional construct which wasn't supported by older versions of rpmbuild (caused error message "parseExpressionBoolean returns -1".) - fix errors when boot is btrfs with Windows partition scheme. The first partition is created on cylinder boundary that can't offer enough room for core.img and also the installation has to be in logical paritition which made MBR the only location to install. (bnc#841247) * add grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - packaging 20_memtest86+ and 20_ppc_terminfo in corresponing grubarch package - Add '80_suse_btrfs_snapshot' required to show btrfs snapshots inside of the boot menu. - fix btrfs on big endian systems (ppc/ppc64) * add grub2-btrfs-fix-get_root-key-comparison-failures-due-to-en.patch - update translations - fix possible access to uninitialized pointer in linux loader * add grub2-Initialized-initrd_ctx-so-we-don-t-free-a-random-poi.patch * drop superceded grub2-ppc64le-23-grub-segfaults-if-initrd-is-specified-before-specify.patch - fix grub.xen not able to handle legacy menu.lst hdX names (bnc#863821) * add grub2-xen-legacy-config-device-name.patch from arvidjaar - fix the performance of grub2 uefi pxe is bad (bnc#871555) * add grub2-efinet-reopen-SNP-protocol-for-exclusive-use-by-grub.patch - grub2-mkconfig-aarch64.patch: Look for Image-* instead of vmlinuz-* on aarch64 - add grub2-glibc-2.20.patch - fix build with glibc 2.20+ (use _DEFAULT_SOURCE to avoid warning) - fix xen pvops kernel not appear on menu (bnc#895286) * refresh grub2-fix-menu-in-xen-host-server.patch - fix extraneous comma in printf shell command (bnc#895884) * refresh grub2-btrfs-04-grub2-install.patch - aarch64-reloc.patch: replace with upstream solution - remove unused patch, which's supersceded by new snapper rollback support patches * 0001-script-provide-overridable-root-by-subvol.patch * 0002-script-create-menus-for-btrfs-snapshot.patch - fix openqa boot error on separate boot partition * refresh grub2-btrfs-05-grub2-mkconfig.patch - update snapper plugin for rollback support * refresh grub2-snapper-plugin.sh - snapper rollback support patches. - rename patch * 0002-btrfs-add-ability-to-boot-from-subvolumes.patch to grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0004-btrfs-export-subvolume-envvars.patch to grub2-btrfs-02-export-subvolume-envvars.patch - added patches * grub2-btrfs-03-follow_default.patch * grub2-btrfs-04-grub2-install.patch * grub2-btrfs-05-grub2-mkconfig.patch - remove patch * 0003-cmdline-add-envvar-loader_cmdline_append.patch - grub2-btrfs-fix-incorrect-address-reference.patch * Fix incorrect address reference in GRUB_BTRFS_EXTENT_REGULAR range check (bnc#869748) - grub2-vbe-blacklist-preferred-1440x900x32.patch * Blacklist preferred resolution 1440x900x32 which is broken on many Thinkpads (bnc#888727) - Enable building on aarch64 - aarch64-reloc.patch: support R_AARCH64_PREL32 relocation - Build host tools with RPM_OPT_FLAGS - Fix the 64-bit trampoline code in dynamic linker (bnc#890999) grub2-ppc64le-fix-64bit-trampoline-in-dyn-linker.patch - Prefer a higher resolution in efi_gop driver if the mode taking over is too small like 640x480 (bnc#887972): grub2-efi_gop-avoid-low-resolution.patch - Fix ppc64le build by fixing grub2-xfs-V5-filesystem-format-support.patch - xfs V5 superblock support (bnc#880166 bnc#883942) - added patches: * grub2-xfs-Add-helper-for-inode-size.patch * grub2-xfs-Fix-termination-loop-for-directory-iteration.patch * grub2-xfs-Convert-inode-numbers-to-cpu-endianity-immediate.patch * grub2-xfs-V5-filesystem-format-support.patch - grub2: use stat instead of udevadm for partition lookup (bnc#883635) * Added grub2-use-stat-instead-of-udevadm-for-partition-lookup.patch - Fix sorting of RC kernels to be older than first regular of the series. Fixes bnc#827531. - added patches: * grub2-use-rpmsort-for-version-sorting.patch - Build GRUB2 for ppc64le as LittleEndian and 64bit - Fix timeout issue on ppc64le (bnc#869166) - Add powerpc-utils requires to grub2-powerpc-ieee1275 - added patches: * grub2-ppc64-build-ppc64-32bit.patch * grub2-ppc64-qemu.patch * grub2-ppc64le-01-Add-Little-Endian-support-for-Power64-to-the-build.patch * grub2-ppc64le-02-Build-grub-as-O1-until-we-add-savegpr-and-restgpr-ro.patch * grub2-ppc64le-03-disable-creation-of-vsx-and-altivec-instructions.patch * grub2-ppc64le-04-powerpc64-LE-s-linker-knows-how-to-handle-the-undefi.patch * grub2-ppc64le-05-grub-install-can-now-recognize-and-install-a-LE-grub.patch * grub2-ppc64le-06-set-the-ABI-version-to-0x02-in-the-e_flag-of-the-PPC.patch * grub2-ppc64le-07-Add-IEEE1275_ADDR-helper.patch * grub2-ppc64le-08-Fix-some-more-warnings-when-casting.patch * grub2-ppc64le-09-Add-powerpc64-types.patch * grub2-ppc64le-10-powerpc64-is-not-necessarily-BigEndian-anymore.patch * grub2-ppc64le-11-Fix-warnings-when-building-powerpc-linux-loader-64bi.patch * grub2-ppc64le-12-GRUB_ELF_R_PPC_-processing-is-applicable-only-for-32.patch * grub2-ppc64le-13-Fix-powerpc-setjmp-longjmp-64bit-issues.patch * grub2-ppc64le-14-Add-powerpc64-ieee1275-trampoline.patch * grub2-ppc64le-15-Add-64bit-support-to-powerpc-startup-code.patch * grub2-ppc64le-16-Add-grub_dl_find_section_addr.patch * grub2-ppc64le-17-Add-ppc64-relocations.patch * grub2-ppc64le-18-ppc64-doesn-t-need-libgcc-routines.patch * grub2-ppc64le-19-Use-FUNC_START-FUNC_END-for-powerpc-function-definit.patch * grub2-ppc64le-20-.TOC.-symbol-is-special-in-ppc64le-.-It-maps-to-the-.patch * grub2-ppc64le-21-the-.toc-section-in-powerpc64le-modules-are-sometime.patch * grub2-ppc64le-22-all-parameter-to-firmware-calls-should-to-be-BigEndi.patch * grub2-ppc64le-23-grub-segfaults-if-initrd-is-specified-before-specify.patch * grub2-ppc64le-timeout.patch - removed patches: * grub2-powerpc-libgcc.patch * grub2-ppc64le-core-bigendian.patch * grub2-ppc64le-platform.patch - add grub2-x86_64-xen subpackage (bnc#863821) - rename grub2.chrp back into grub.chrp, otherwise it is not found by grub tools - replace grub2-use-DejaVuSansMono-for-starfield-theme.patch with grub2-use-Unifont-for-starfield-theme-terminal.patch - use Unifont font for terminal window - grub2-snapper-plugin: fix important snapshots are not marked as such in grub2 menu, also display the snapshot entries in the format "important distribution version (kernel_version, timestamp, pre/post)" (bnc#864842) - refresh grub2-fix-menu-in-xen-host-server.patch (bnc#859361) * prevent 10_linux from booting xen kernel without pv_opt support on systems other than xen PV domU guest * prevent 20_linux_xen.in from setting up nested virt running from Xen domU - refresh grub2-fix-Grub2-with-SUSE-Xen-package-install.patch * adjust accordingly - updating grub2-once - added --list switch. - improved --help and error handling. - add Supplements: packageand(snapper:grub2) in grub2-snapper-plugin to install it while both snapper and grub2 are installed - add grub2-snapper-plugin.sh (fate#316232) * grub2's snapper plugin for advanced btrfs snapshot menu management * package as grub2-snapper-plugin.noarch - refresh 0002-script-create-menus-for-btrfs-snapshot.patch * when booting btrfs snapshots disabled, deleting snapshot master config if it's not customized - Enable grub2 for PowerPC LE (ppc64le) - Add ppc64le to exclusive arches - Don't require gcc-32bit (PowerLE don't have 32bit toolchain) - added patches: * grub2-powerpc-libgcc.patch Provide 32bit libgcc functions for PowerLE * grub2-ppc64le-core-bigendian.patch Build grub kernel and images as BE on ppc64le (BL is BE there) * grub2-ppc64le-platform.patch Enable ppc64le platform - Add changes to allow build for s390x arch: added grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch - refresh 0002-script-create-menus-for-btrfs-snapshot.patch * Fix bootable snapshots not found while root is on Btrfs subvolume (bnc#859587) * Create missing slave config in /.snapshots/<num>/ * Prefix with SUSE_ for related options - refresh 0001-script-provide-overridable-root-by-subvol.patch * Introduce $boot_prefix for setting prefix on seeking other /boot directory. - refresh 0002-script-create-menus-for-btrfs-snapshot.patch * Support existing snapshots by creating their missing slave configs. * Temporarily default to disable this feature until receiving more tests from QA. * Introduce GRUB_ENABLE_CUSTOM_SNAPSHOT_SUBMENU to allow custom submenu for listing snapshots rather than the default one. - package autoiso.cfg and osdetect.cfg as documentation - add 0001-look-for-DejaVu-also-in-usr-share-fonts-truetype.patch - fix configure test for DejaVu font - add dejavu-fonts to BR (needed to build starfield theme) - package starfield theme as grub2-branding-upstream - add grub2-use-DejaVuSansMono-for-starfield-theme.patch - use fixed width font for starfield theme - clarify that grub2 subpackage contains only user space tools - add new patches for booting btrfs snapshot (fate#316522) (fate#316232) * 0001-script-provide-overridable-root-by-subvol.patch * 0002-script-create-menus-for-btrfs-snapshot.patch - update to grub-2.02 beta2 * drop upstream patches - grub2-fix-unquoted-string-in-class.patch (different) - grub2-cdpath.patch (modified) - grub2-fix-parsing-of-short-LVM-PV-names.patch - grub2-fix-descriptor-leak-in-grub_util_is_imsm.patch - grub2-install-opt-skip-fs-probe.patch (file it patched no more exists, functionality included upstream) - grub2-fix-x86_64-efi-startup-stack-alignment.patch - grub2-fix-x86_64-efi-callwrap-stack-alignment.patch - 0001-Fix-build-with-FreeType-2.5.1.patch * rediff - grub2-linux.patch - use-grub2-as-a-package-name.patch (do not patch generated configure) - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch - grub2-fix-locale-en.mo.gz-not-found-error-message.patch (upstream added explicit exclusion for en_* language only; I do not see reason to stop with error in this case for any language). - not-display-menu-when-boot-once.patch - grub2-secureboot-provide-linuxefi-config.patch - grub2-pass-corret-root-for-nfsroot.patch - 0002-btrfs-add-ability-to-boot-from-subvolumes.patch - grub2-fix-menu-in-xen-host-server.patch - grub2-fix-Grub2-with-SUSE-Xen-package-install.patch - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-no-insmod-on-sb.patch - rename-grub-info-file-to-grub2.patch * drop Makefile.util.am and Makefile.core.am, they are now generated during build * call ./autogen.sh again now when it does not need autogen anymore; drop autoreconf call, it is called by autogen.sh * drop 0001-btrfs-rename-skip_default-to-follow_default.patch - is not needed anymore due to upstream changes * package /usr/bin/grub2-file, /usr/bin/grub2-syslinux2cfg and /usr/sbin/grub2-macbless * use grub-install --no-bootsector instead of --grub-setup=/bin/true in postinstall script - add new patches for booting btrfs snapshot (fate#316522) (fate#316232) * 0001-btrfs-rename-skip_default-to-follow_default.patch * 0002-btrfs-add-ability-to-boot-from-subvolumes.patch * 0003-cmdline-add-envvar-loader_cmdline_append.patch * 0004-btrfs-export-subvolume-envvars.patch - add patch 0001-Fix-build-with-FreeType-2.5.1.patch - fix build with freetype2 >= 2.5.1 (backport from fd0df6d098b1e6a4f60275c48a3ec88d15ba1fbb) - reset executable bits on *module, *.exec and *.image files. They are not executable. - add grub2-fix-x86_64-efi-startup-stack-alignment.patch and grub2-fix-x86_64-efi-callwrap-stack-alignment.patch: fix the stack alignment of x86_64 efi. (bnc#841426) - use new update-bootloader option --reinit to install and update bootloader config - refresh grub2-secureboot-no-insmod-on-sb.patch to fobid module loading completely. - replace openSUSE UEFI certificate with new 2048 bit certificate. - add grub2-fix-parsing-of-short-LVM-PV-names.patch - fix PV detection in grub-probe when PV name is less than 10 charaters - add grub2-fix-descriptor-leak-in-grub_util_is_imsm.patch - fix decriptor leak which later caused LVM warnings during grub-probe invocation - remove --enable-grub-emu-usb - it is not needed on physical platform - refresh grub2-fix-menu-in-xen-host-server.patch: In domU we have to add xen kernel to config. (bnc#825528) - updated existent translations and include new ones (es, lt, pt_BR, sl, tr) - update to current upstream trunk rev 5042 * drop upstream patches - grub2-correct-font-path.patch - grub2-fix-mo-not-copied-to-grubdir-locale.patch - grub2-stdio.in.patch - grub2-fix-build-error-on-flex-2.5.37.patch - grub2-quote-messages-in-grub.cfg.patch - 30_os-prober_UEFI_support.patch - grub2-fix-enumeration-of-extended-partition.patch - grub2-add-device-to-os_prober-linux-menuentry.patch - grub2-fix-tftp-endianness.patch - efidisk-ahci-workaround - grub2-grub-mount-return-failure-if-FUSE-failed.patch * rediff - rename-grub-info-file-to-grub2.patch - grub2-linux.patch - use-grub2-as-a-package-name.patch - grub2-iterate-and-hook-for-extended-partition.patch - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-chainloader.patch * add - grub2-linguas.sh-no-rsync.patch + disable rsync in linguas.sh so it can be used during RPM build + disable auto-generated catalogs, they fail at the moment due to missing C.UTF-8 locale * update Makefile.util.am and Makefile.core.am * grub2-mknetdir is now in /usr/bin * generate po/LINGUAS for message catalogs using distributed linguas.sh * remove po/stamp-po during setup to trigger message catalogs rebuild * package bootinfo.txt on PPC (used by grub2-mkrescue) - BuildRequires: help2man to generate man pages and package them too - add grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch (bnc#810912) * use linuxefi in 30_os-prober if secure boot is enabled - update rename-grub-info-file-to-grub2.patch * do not rename docs/grub2.texi here, do it in %%prep (we do it there conditionally already). It simplifies patch refreshing using quilt which does not support file rename. - refresh grub2-secureboot-chainloader.patch: Fix wrongly aligned buffer address (bnc#811608) - package Secure Boot CA file as /usr/lib64/efi/grub.der which could be used to verify signed image from build server - add openSUSE-UEFI-CA-Certificate.crt, openSUSE Secure Boot CA - add SLES-UEFI-CA-Certificate.crt, SUSE Linux Enterprise Secure Boot CA - extraconfigure macro is not defined on ppc - corretly set chainloaded image device handle in secure boot mode (bnc#809038) - remove all compatible links in grub2-efi as now all concerned utilities are fixed - superseding grub2-efi by grub2-x86_64-efi and grub2-i386-efi on x86_64 and ix86 respectively - make grub2-x86_64-efi and grub2-i386-efi providing grub2-efi capability to not break package dependency - handle upgrade from 12.2 by preseving grubenv and custom.cfg to new directory /boot/grub2, rename /boot/grub2-efi to /boot/grub2-efi.rpmsave to avoid confusion. - move post scripts into corresponding subpackages to ensure they are run after updated binaries are installed. Currently it may happen that update-bootlader picks up old binaries. - move requires for perl-Bootloader to target subpackages. Make sure efi requires minimal version that supports /boot/grub2. - add requires(post) to force order of installation: grub2 => grub2-arch => grub2-efi - split efi post in two parts. One that updates configuration and is part of grub2-efiarch and second that migrates settings and is part of grub2-efi. Only custom.cfg and grubenv may need migration. device.map is not relevant for EFI and new grub.cfg had been created at this point. - add grub2-fix-tftp-endianness.patch from upstream (bnc#808582) - add efinet and tftp to grub.efi (bnc#808582) - convert spec file to UTF-8 - add lvm to grub.efi (bnc#807989) - add loadenv to grub.efi (bnc#807992) - grub2-grub-mount-return-failure-if-FUSE-failed.patch - return error if fuse_main failed (bnc#802983) - Fix build for SLES 11. Fix up bogus items from the previous merge: - efi_libdir = _libdir = /usr/lib - package /usr/lib/grub2 dir only once - move grub.efi to /usr/lib/grub2/%{grubefiarch}/ - create a symlink so that scripts can find it there. - merge internal+external BS changes into superset spec file, remove obsolete dependencies - merge SLES+openSUSE patches, restrict "grub-efi" to 12.2 - add efidisk-ahci-workaround (bnc#794674) - fix unquoted-string-in-class.patch (bnc#788322) - adapt to pesign-obs-integration changes - grub.efi signing on build server. - switch to out of source / subdir build - sync from SLE-11 SP3 to date - set empty prefix to grub.efi for looking up in current directory - grub2-cdpath.patch: fix the grub.cfg not found when booting from optical disk - put grub.efi in grub2's source module directory - create links in system's efi directory to grub.efi - arvidjaar: do not overwrite device path in grub2-cdpath.patch - remove obsolete reference to /boot/grub2-efi and /usr/sbin/grub2-efi from grub2-once - add GRUB_SAVEDFAULT description to /etc/default/grub - set empty prefix to grub.efi for looking up in current directory - remove grubcd.efi, as grub.efi can now be used for cdrom booting - add fat module to grubcd - explicitly set empty prefix to get grub to set $prefix to the currrent directory - ship a Secure Boot UEFI compatible bootloader (fate#314485) - add grub2-secureboot-chainloader.patch, which expands the efi chainloader to be able to verify images via shim lock protocol. - ship a Secure Boot UEFI compatible bootloader (fate#314485). - update for cdrom boot support. - grub2-cdpath.patch: fix the grub.cfg not found when booting from optical disk. - grubcd.efi: the efi image used for optial disk booting, with reduced size and $prefix set to /EFI/BOOT. - add grub2-fix-unquoted-string-in-class.patch (bnc#788322) - add grub2-add-device-to-os_prober-linux-menuentry.patch (bnc#796919) - add patch grub2-fix-enumeration-of-extended-partition.patch to fix enumeration of extended partitions with non-standard EBR (bnc#779534) - add support for chainloading another UEFI bootloader to 30_os-prober (bnc#775610) - put 32-bit grub2 modules to /usr/lib/grub2 - put 64-bit grub2 modules to /usr/lib64/grub2 (x86_64-efi) - put grub.efi to /usr/lib64/efi(x86_64) or /usr/lib/efi(i586) - ship a Secure Boot UEFI compatible bootloader (fate#314485) - add grub2-secureboot-chainloader.patch, which expands the efi chainloader to be able to verify images via shim lock protocol. - replace %{sles_version} by %{suse_version} - use correct product name - ship a Secure Boot UEFI compatible bootloader (fate#314485) - added secureboot patches which introduces new linuxefi module that is able to perform verifying signed images via exported protocol from shim. The insmod command will not function if secure boot enabled (as all modules should built in grub.efi and signed). - grub2-secureboot-add-linuxefi.patch - grub2-secureboot-use-linuxefi-on-uefi.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-provide-linuxefi-config.patch - Makefile.core.am : support building linuxefi module - Make grub.efi image that is with all relevant modules incorporated and signed, it will be the second stage to the shim loader which will verified it when secureboot enabled. - Make grub.efi's path to align with shim loader's default loader lookup path. - The changes has been verified not affecting any factory instalation, but will allow us to run & test secure boot setup manually with shim. - ship a Secure Boot UEFI compatible bootloader (fate#314485) - In SLE-11 SP3, don't include any other architecture binaries except EFI, so we split packages by architecture binaries to meet the requirement. - grub2 : common utilties and config etc - grub2-efi : provide compatibilty to grub2-efi package - grub2-i386-pc : binaries for x86 legacy pc firmware - grub2-i386-efi : binaries for ia32 EFI firmware - grub2-x86_64-efi : binaries for x86_64 firmware - grub2-powerpc-ieee1275: binaries for powerpc open firmware - update grub2-quote-messages-in-grub.cfg.patch to use upstream commit - quote localized "Loading ..." messages in grub.cfg (bnc#790195) - We really only need makeinfo, so require that one where it exists. - ship a Secure Boot UEFI compatible bootloader (fate#314485) - Secure boot support in installer DVD (fate#314489) - prime support for package on SLE-11 (SP3) - remove buildrequire to libuse and ncurses 32-bit devel packages as they are needed by grub-emu which we don't support - remove buildrequire to freetype2-devel-32bit as it's not need by grub2-mkfont and others - buildrequire to xz instead of lzma - buildrequire to texinfo instead of makeinfo - remove buildrequire to autogen as it's not available in SLE-11 - add Makefile.util.am Makefile.core.am generated by autogen - run autoreconf -vi instead of ./autogen.sh - For SLE-11 remove buildrequire to gnu-unifont as it's not yet available. Also do not package pf fonts created from it. - workaround SLE-11 patch utility not rename file for us - add -fno-inline-functions-called-once to CFLAGS to fix build error on gcc 4.3.x - not require os-prober for SLE-11, as package not yet ready - grub2-efi now depends on exact grub2 version - build grub2-efi with standard "grub2" prefix (bnc#782891) - remove use-grub2-efi-as-a-package-name.patch - migrate settings from /boot/grub2-efi to /boot/grub2 in efi post - provide some compatibility links grub2-efi-xxx for perl-Bootloader - workaround for /boot/grub2-efi linkk and /boot/grub2/grub.cfg missing on update from older versions - add grub2-fix-build-error-on-flex-2.5.37.patch - modify patch grub2-iterate-and-hook-for-extended-partition.patch to ignore extended partitions other then primary (bnc#785341) - refresh grub2-fix-locale-en.mo.gz-not-found-error-message.patch with the correct fix in upstream bugzilla #35880 by Colin Watson (bnc#771393) - grub2-fix-locale-en.mo.gz-not-found-error-message.patch (bnc#771393) - add 20_memtest86+ (bnc#780622) - Fix un-bootable grub2 testing entry in grub's menu.lst (bnc#779370) - Not add new grub2 testing entry if it's not found in menu.lst - Update grub2 stuff and config if there's grub2 entry in menu.lst - Check for current bootloader as update-bootloader acts on it - add grub2-fix-Grub2-with-SUSE-Xen-package-install.patch (bnc#774666) - add grub2-pass-corret-root-for-nfsroot.patch (bnc#774548) - disable grub2-enable-theme-for-terminal-window.patch to use default black background due to current background has poor contrast to the font color (bnc#776244). - rename grub2once to grub2-once - add grub2once (bnc#771587) - add not-display-menu-when-boot-once.patch - Fix build with missing gets declaration (glibc 2.16) - Add grub2-enable-theme-for-terminal-window.patch (bnc#770107) - add grub2-fix-menu-in-xen-host-server.patch (bnc#757895) - add grub2-fix-error-terminal-gfxterm-isn-t-found.patch - add grub2-fix-mo-not-copied-to-grubdir-locale.patch - We only need makeinfo, not texinfo for building. - fix build by adding texinfo to buildrequires. - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch. We don't run in sigle user mode for recovery, instead use different set kernel command line options which could be specified by this GRUB_CMDLINE_LINUX_RECOVERY setting. - add use-grub2-efi-as-a-package-name.patch (bnc#769916) - Add configuration support for serial terminal consoles. This will set the maximum screen size so that text is not overwritten. - don't enable grub-emu-usb on ppc ppc641 - update to 2.0 final * see ChangeLog for changes - enable xz/lzma support for image file generation - update to 2.0 beta6, a snapshot from today * see ChangeLog for changes - do not package grub.cfg, as it's generated at runtime and the presence of it would confuse pygrub (bnc#768063) - fix build error on 12.1 caused by autogen aborts because of absence of guile package - grub2-automake-1-11-2.patch : fix grub2 build error on newer autotools (automake >= 1.11.2) - call ./autogen.sh - grub2-probe-disk-mountby.patch : fix grub2-probe fails on probing mount-by devices under /dev/disk/by-(id|uuid|path). (bnc#757746) - Add Requires to os-prober as script depends on it for probing foreign os (bnc#753229) - Mark %config(noreplace) to /etc/default/grub (bnc#753246) - Fix build with gcc 4.7 (needs -fno-strict-aliasing for zfs code). - Fix error in installation to extended partition (bnc#750897) add grub2-iterate-and-hook-for-extended-partition.patch add grub2-install-opt-skip-fs-probe.patch - Added BuildRequires for gnu-unifont in order to create the necessary fonts for a graphical boot menu. - fixed typos in grub2.spec - platforms without efi should not specify exclusion of it - set --target=%{_target_plaform) explicitly to %configure in case it wouldn't do that for us implicitly - when making x86_64-efi image not use i386 target build and keep use of x86_64. otherwise it would have error "invalid ELF header" - add automake as buildrequire to avoid implicit dependency - remove doubly packaged files - remove INSTALL from docs - handle duplicate bindir files - make efi exclusion more complete - efibootmgr only exists on x86-64 and ia64. - Add requires from efi subpackage to main package (bnc#72596) - update it and pl translations - cleanup spec file * don't package efi files to non-efi package - Fix directory ownership. - Build an efi subpackage [bnc#713595]. - enable ppc build - patch unused-but-set-variable - Create submenu for all besides primary Linux kernels. - Only run preun section during package install but not during upgrade. - Update README.openSUSE - update translations - update to 1.99 final * See NEWS file for changes - fix build with gcc 4.6 - build in parallel (fixed finally in 1.99) - add translations from translations project - update to 1.99-rc2 * See NEWS file for changes - fix vanishing of /boot/grub2/* if /boot/grub/device.map doesn't exist - add missing " in the default file; add "fi" to grub2-linux.patch - repack gz to bz2 (0.5M saving) - Do not output vmlinux if vmlinuz of same version exists. - Update default grub file. - Add patch grub-1.98-follow-dev-mapper-symlinks.patch from Fedora for grub2-probe to detect lvm devices correctly - add gettext "requires" - Fix build on x86-64. - Don't build parallel. - Update to grub 1.98 including: * Multiboot on EFI support. * Saved default menu entry support, with new utilities `grub-reboot' and `grub-set-default'. * Encrypted password support, with a new utility `grub-mkpasswd-pbkdf2'. * `grub-mkfloppy' removed; use `grub-mkrescue' to create floppy images. - Update to grub 1.97.2: * Fix a few 4 GiB limits. * Fix license problems with a few BSD headers. * Lots of misc bugfixes. - Fix requires. - Mark /etc/default/grub as config file. - Mark root partition rw - New package grub2. ==== hugin ==== - Remove useless tclap dependency ==== icedtea-web ==== - Let java-VERSION-openjdk-plugin supplement java-VERSION-openjdk only and not the generic java-openjdk (bsc#929464) - Added patch: * icedtea-web-1.6.1-HexDumpEncoder.patch - Adapt to the move of HexDumpEncoder from sun.misc to sun.security.utils from jdk-9+99. ==== java-1_8_0-openjdk ==== Version update (1.8.0.65 -> 1.8.0.72) Subpackages: java-1_8_0-openjdk-devel java-1_8_0-openjdk-headless - Upgrade to upstream tag jdk8u72-b15 * Oracle Critical Patch Update of January 2016 (bsc#962743) * Using aarch64 hotspot tag aarch64-jdk8u72-b15 - Security issues fixed: * CVE-2015-7575: Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. * CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. * CVE-2016-0402: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. * CVE-2016-0448: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. * CVE-2016-0466: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. * CVE-2016-0475: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. * CVE-2016-0483: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. * CVE-2016-0494: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. - Modified patch: * s390-java-opts.patch + rediff to the changed context ==== java-1_8_0-openjdk-plugin ==== - Let java-VERSION-openjdk-plugin supplement java-VERSION-openjdk only and not the generic java-openjdk (bsc#929464) - Added patch: * icedtea-web-1.6.1-HexDumpEncoder.patch - Adapt to the move of HexDumpEncoder from sun.misc to sun.security.utils from jdk-9+99. ==== juk ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kalgebra ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kalzium ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kanagram ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== katomic ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kblackbox ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kblocks ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kbounce ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kbreakout ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kbruch ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kcachegrind ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kde-print-manager ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kdeedu-data ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kdesdk4-scripts ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kdewebdev4 ==== Version update (15.12.0 -> 15.12.1) Subpackages: kfilereplace kimagemapeditor klinkstatus - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kdf ==== Version update (15.12.0 -> 15.12.1) Subpackages: kwikdisk - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kdiamond ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kfilemetadata5 ==== Subpackages: kfilemetadata5-devel - Build against poppler-qt5 on SLE12 and Leap 42 as well, it is available meanwhile (boo#953957) ==== kgeography ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kgoldrunner ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== khangman ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kig ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kinfocenter5 ==== - Require baloo5-imports, this is needed for the fileindexermonitor to work ==== kiriki ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kiten ==== Version update (15.12.0 -> 15.12.1) Subpackages: fonts-KanjiStrokeOrders - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kiwi ==== Version update (7.03.48 -> 7.03.49) Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-pxeboot kiwi-templates kiwi-tools - v7.03.49 released - Don't use filesystem specific mount option When mounting the read write filesystem, prevent using filesystem specific options like barrier - Use HYBRID_EXT4_OPTS in fat container filesystem - Check read write filesystem prior to mounting If a filesystem type could be identified on the read write partition check it before mounting to eliminate a potential dirty state - Cascade exfat mount try normal mount first, if this does not work try fuse mount Normally this is done automatically by the mount program but if not we will give the direct fuse mount a chance - Make createFileSystem more robust When passing in a loop file instead of a device name, the method should be smart enough to handle the name without shell evaluation - Compile rnc -> rng - Added support for exfat as hybrid filesystem In addition to fat also exfat is now supported as persistent write filesystem. Because of the limitations of a fat filesystem fat and exfat are only used as a container filesystem providing an ext4 linux filesystem as a cowfile. The algorithm to create the size of the cow file has also been changed to use half of the size of the write partition or on fat a max size of 4G. The size of the cowfile is also prepared to become overwritten. However the XML definition and implementation to do this is still missing - Reread partition table after hybrid setup The hybrid write partition is created via fdisk. Some version of fdisk does not send the ioctl to let the kernel reread the table or fdisk itself holds it busy. Thus we actively initiate a reread via blockdev - Optimize ext4 hybrid write filesystem options Optimized for 512kB erase block size - Use mount options to increase overlay performace For overlay filesystems not writing into a tmpfs performance is more important than safety. We use this combination of options for now, if you encounter stability problems please let us know - Use -f force option for extX filesystem checker - Refactor and cleanup setupReadWrite Fix misleading error message and refactor the code to be less complex and more clear in the processing of tasks - Allow custom cowfile name for persistent data Instead of a fixed name 'cowfile' we allow a custom name which is predefined in HYBRID_PERSISTENT_FILENAME and prepared to become overwritten by an XML defintion whose implementation will follow later. Reason for the change is that a cowfile is visible as plain data file to the operating system if e.g used on a live stick. It should be more clear to the user what this file is good for - Protect mkfs.exfat from being deleted Added to the strip tools section in order to keep it in the initrd - Added support for exfat creation and probing In preparation to use exfat instead of vfat in a loop container for persistent data it's required to provide support for mkfs.exfat - Make loop_setup and loop_delete more robust The methods did not cope well with filenames containing bash characters with special meaning e.g spaces. For use with a iso hybrid cowfile whose name is visible in the OS the methods should be able to work with any given filename - fix message of missing command ==== kjumpingcube ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kmouth ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== knavalbattle ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== knetwalk ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kolf ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kollision ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== konquest ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kppp ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kremotecontrol ==== Version update (15.12.0 -> 15.12.1) Subpackages: liblibkremotecontrol1 - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kshisen ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ksirk ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kspaceduel ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ksquares ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kstars ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ksystemlog ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kteatime ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktimer ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktouch ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-accounts-kcm ==== Version update (15.12.0 -> 15.12.1) Subpackages: libktpaccountskcminternal9 - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-approver ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-auth-handler ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-contact-list ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-contact-runner ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-desktop-applets ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-filetransfer-handler ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-kded-module ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-send-file ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktp-text-ui ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== ktuberling ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kturtle ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kubrick ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== kwordquiz ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== libkdeedu4 ==== Version update (15.12.0 -> 15.12.1) Subpackages: libkdeedu4-devel libkeduvocdocument4 - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== libkeduvocdocument ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== libkmahjongg ==== Version update (15.12.0 -> 15.12.1) Subpackages: libKF5KMahjongglib5 libkmahjongg-devel - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== libsrtp ==== Version update (1.5.2 -> 1.5.3) - Update to new upstream release 1.5.3 * Maintenance release, including fix for CVE-2015-6360. ==== libvirt ==== Version update (1.3.0 -> 1.3.1) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen - qemu: set /usr/share/qemu/ovmf-x86_64-ms-{code,vars}.bin as default UEFI firmwares for x86_64 bsc#961853 - Update to libvirt 1.3.1 - CVE-2015-5313 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 034e47c3-CVE-2015-5313.patch, ace1ee22-qemuxml2argv-test.patch, add-with-login-shell.patch, virt-aa-helper-rw-mounts.patch ==== libvirt-python ==== Version update (1.3.0 -> 1.3.1) - Update to 1.3.1 - Add all new APIs and constants in libvirt 1.3.1 ==== libzypp ==== Version update (15.20.0 -> 15.21.0) - Update zypp-po.tar.bz2 - Filter unwanted btrfs subvolumes (fixes #54, closes #55, bnc#949945) - RepoInfo: Provide access to repo content keywords - Build with boost-1.60.0 - version 15.21.0 (19) - Update zypp-po.tar.bz2 - Update zypp-po.tar.bz2 ==== lokalize ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== lskat ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== nghttp2 ==== Version update (1.6.0 -> 1.7.0) - Update to 1.7.0 * Reset (RST_STREAM) stream if flow control window gets overflow * Validate :authroity, host, and :scheme value more strictly * Check request/response submission error based side of session * Strict outgoing idle stream detection * Return error from nghttp2_submit_{headers,request} when self dependency is made * Add -ldl to APPLDFLAGS for static openssl linking * asio: Stop acceptor on server::http2::stop * asio: Rename http2::get_io_services() as http2::io_services() * h2load: Support UNIX domain socket * h2load: Improve readability of traffic numbers * h2load: Remove "auto" for -m option * h2load: Show progress in rate mode * h2load: Perform sampling for request and connection timings to reduce memory consumption * nghttpd: Add --no-content-length option to omit content-length in response * nghttpx: Interleave pushed streams with the associated stream if pushed streams are javascript and CSS resources * nghttpx: The initial value of request/response buffer is increased to 128K * nghttpx: Fix bug that --listener-disable-timeout option is not used * nghttpx: Don't emit :authority if request does not contain authority information * nghttpx: Add clarification of quotes in configuration file * nghttpx: Don't allow certain characters in host and :scheme header field * nghttpx: Add RFC 7239 Forwarded header field support * nghttpx: Fix crash when running on IPv6 only (Patch from Vernon Tang) * nghttpx: Take into account of trailers when applying max_header_fields * nghttpx: Don't apply max_header_fields and header_field_buffer limit to response * nghttpx: Strict validation for header fields given in configuration * nghttpx: header value should not be lower-cased (Patch from ayanamist) - fixed typo in libnghttp2_asio1 [bsc#962914] ==== okteta ==== Version update (15.12.0 -> 15.12.1) Subpackages: okteta-devel - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== opencv ==== Subpackages: libopencv2_4 opencv-devel - Reduce build-compare noise opencv-build-compare.patch ==== opencv-qt5 ==== - Reduce build-compare noise opencv-build-compare.patch ==== ortp ==== - Add tarball signature ==== parley ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== patterns-openSUSE ==== Subpackages: patterns-openSUSE-apparmor patterns-openSUSE-apparmor_opt patterns-openSUSE-base patterns-openSUSE-books patterns-openSUSE-console patterns-openSUSE-devel_C_C++ patterns-openSUSE-devel_basis patterns-openSUSE-devel_gnome patterns-openSUSE-devel_ide patterns-openSUSE-devel_java patterns-openSUSE-devel_kde patterns-openSUSE-devel_kde_frameworks patterns-openSUSE-devel_kernel patterns-openSUSE-devel_perl patterns-openSUSE-devel_python patterns-openSUSE-devel_qt4 patterns-openSUSE-devel_qt5 patterns-openSUSE-devel_rpm_build patterns-openSUSE-devel_ruby patterns-openSUSE-devel_web patterns-openSUSE-dhcp_dns_server patterns-openSUSE-directory_server patterns-openSUSE-enhanced_base patterns-openSUSE-enhanced_base_opt patterns-openSUSE-file_server patterns-openSUSE-fonts patterns-openSUSE-fonts_opt patterns-openSUSE-games patterns-openSUSE-gateway_server patterns-openSUSE-gnome patterns-openSUSE-gnome_admin patterns-openSUSE-gnome_basis patterns-openSUSE-gnome_basis_opt patterns -openSUSE-gnome_games patterns-openSUSE-gnome_ide patterns-openSUSE-gnome_imaging patterns-openSUSE-gnome_imaging_opt patterns-openSUSE-gnome_internet patterns-openSUSE-gnome_laptop patterns-openSUSE-gnome_multimedia patterns-openSUSE-gnome_multimedia_opt patterns-openSUSE-gnome_office patterns-openSUSE-gnome_office_opt patterns-openSUSE-gnome_utilities patterns-openSUSE-gnome_yast patterns-openSUSE-imaging patterns-openSUSE-imaging_opt patterns-openSUSE-kde patterns-openSUSE-kde_edutainment patterns-openSUSE-kde_games patterns-openSUSE-kde_ide patterns-openSUSE-kde_imaging patterns-openSUSE-kde_internet patterns-openSUSE-kde_multimedia patterns-openSUSE-kde_office patterns-openSUSE-kde_plasma patterns-openSUSE-kde_telepathy patterns-openSUSE-kde_utilities patterns-openSUSE-kde_utilities_opt patterns-openSUSE-kde_yast patterns-openSUSE-kvm_server patterns-openSUSE-lamp_server patterns-openSUSE-laptop patterns-openSUSE-lxde patterns-openSUSE-lxde_laptop patterns-openSUSE-lxde_office patterns-openSUSE-mail_server patterns-openSUSE-minimal_base patterns-openSUSE-minimal_base-conflicts patterns-openSUSE-misc_server patterns-openSUSE-multimedia patterns-openSUSE-multimedia_opt patterns-openSUSE-network_admin patterns-openSUSE-non_oss patterns-openSUSE-non_oss_opt patterns-openSUSE-office patterns-openSUSE-office_opt patterns-openSUSE-print_server patterns-openSUSE-remote_desktop patterns-openSUSE-rest_dvd patterns-openSUSE-sw_management patterns-openSUSE-sw_management_gnome patterns-openSUSE-sw_management_kde patterns-openSUSE-tabletpc patterns-openSUSE-technical_writing patterns-openSUSE-x11 patterns-openSUSE-x11_opt patterns-openSUSE-x11_yast patterns-openSUSE-xen_server patterns-openSUSE-xfce patterns-openSUSE-xfce_basis patterns-openSUSE-xfce_laptop patterns-openSUSE-xfce_office patterns-openSUSE-yast2_basis patterns-openSUSE-yast2_install_wf - Obsolete the kde4bindings for perl, python, ruby and mono. They haven't been ported and are obstructing the switch of Akonadi to its Frameworks port - Do not require midori on the Rescue CD: we already have Firefox on it; midori pulling in webkit makes it just too big. ==== perl-Bootloader ==== Version update (0.903 -> 0.904) Subpackages: perl-Bootloader-YAML - fix typo - Fix dtb searching - 0.904 ==== perl-HTML-Parser ==== Version update (3.71 -> 3.72) - updated to 3.72 see /usr/share/doc/packages/perl-HTML-Parser/Changes 2016-01-19 Release 3.72 Gisle Aas (3): Avoid more clang casting warnings Remove trailing whitespace Ensure entities expand to utf8 sequences under 'utf8_mode' [RT#99755] David Steinbrunner (2): typo fix typo fixes Jacques Germishuys (1): Silence clang warning bulk88 (1): const+static-ing _______________________________________________________________________________ ==== plasma5-workspace ==== Subpackages: drkonqi5 plasma5-workspace-devel plasma5-workspace-libs - Add xembedsniproxy-check-for-null-geometry.patch: fixes an xembedsniproxy crash (boo#954623, kde#355463, kde#358227) ==== poxml ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== procps ==== Subpackages: libprocps5 - Remove SUSE version of pmap as this stumble over new entries in processes smaps files (boo#962275) - Add patch procps-ng-3.3.11-pmap4suse.patch to let upstream pmap behave similar to old suse pmap ==== pulseaudio ==== Version update (7.1 -> 8.0) Subpackages: libpulse-devel libpulse-mainloop-glib0 libpulse0 libpulse0-32bit pulseaudio-bash-completion pulseaudio-module-bluetooth pulseaudio-module-gconf pulseaudio-module-jack pulseaudio-module-lirc pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils - Update to 8.0 + Automatic routing more likely to change profile + OS X and NetBSD support improvements + Systemd journal logging for clients + New LFE balance programming interface + Module-dbus-protocol improvements + More flexible configuration file handling + pulsecore-8.0.so moved to a private directory + New script for measuring memory consumption + Various bug fixes and small improvements + https://wiki.freedesktop.org/www/Software/PulseAudio/Notes/8.0/ - Update to 8.0 RC2 (7.99.2) - Update to 8.0 RC1 (7.99.1) - remove 0004-module-alsa-card-Report-available-ports-before-unava.patch ==== python-kde4 ==== Subpackages: python-kde4-doc python-kde4-khtml python-kde4-knewstuff python-kde4-phonon python-kde4-plasma - Drop BuildRequires on kdepimlibs4 due to the change to the Frameworks version of akonadi. ==== python3-setuptools ==== Version update (19.4 -> 19.6) - update to version 19.6: * Added a new entry script "setuptools.launch", implementing the shim found in "pip.util.setuptools_build". Use this command to launch distutils-only packages under setuptools in the same way that pip does, causing the setuptools monkeypatching of distutils to be invoked prior to invoking a script. Useful for debugging or otherwise installing a distutils-only package under setuptools when pip isn't available or otherwise does not expose the desired functionality. For example:: $ python -m setuptools.launch setup.py develop * Issue #488: Fix dual manifestation of Extension class in extension packages installed as dependencies when Cython is present. - update to version 19.5: * Issue #486: Correct TypeError when getfilesystemencoding returns None. * Issue #139: Clarified the license as MIT. * Pull Request #169: Removed special handling of command spec in scripts for Jython. - changes from version 19.4.1: * Issue #487: Use direct invocation of "importlib.machinery" in "pkg_resources" to avoid missing detection on relevant platforms. ==== squid ==== Version update (4.0.3 -> 3.5.13) - Changes to squid-3.5.13 (06 Jan 2016): * Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath * Bug 4387: Kerberos build errors on Solaris * TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange * TLS: Complete certificate chains using external intermediate certificates * Avoid memory leaks when an X.509 certificate validator is used with SslBump * Fix connection retry and fallback after failed server TLS connections * Fix GnuTLS detection via pkg-config * Fix startup crash with a misconfigured (too-small) shared memory cache * ... and some documentation updates - Changes to squid-3.5.12 (28 Nov 2015): * Bug 4374: refresh_pattern config parser (%) * Bug 4373: assertion 'calloutContext->redirect_state == REDIRECT_NONE' * Bug 4228: links with krb5 libs despite --without options * Fix SSL_get_certificate() problem detection * Fix TLS handshake problem during Renegotiation * Fix cache_peer forceddomain= in CONNECT * Fix status code-based HTTP reason phrase for eCAP-generated messages * Fix build errors in cpuafinity.cc * ... and several documentation updates - Changes to squid-3.5.11 (01 Nov 2015): * Bug 3574: crashes on reconfigure and startup * Bug 4347: compile errors with LibreSSL 2.3 * Bug 4281: copy-paste typos in src/tools.cc * Bug 4279: No response from proxy for FTP-download of non-existing file * Bug 4188: Bumping intercepted SSL connections does not work on Solaris * Fix incorrect authentication headers on cache digest requests * Fix connection stats, including %<lp, missing for persistent connections * Fix invalid memory access issues in SBuf * Avoid errors when parsing manager ACL in old squid.conf - rebase squid-config.patch - disable pre scriptlet (sed -i '/emulate_httpd_log/d' /etc/{name}/{name}.conf) - downgrade to 3.5.x * cause 4.x is Beta, should not have been here * moved 4.x Beta package to server:proxy:Beta - fix ChangeLog * remove 4.x ChangeLog Entries - fixes for boo#956989 - updated pretrans scriptlet so it handles only rpm link vs folders issue - pre scriptlet updated to not change configuration file without real need for configuration updates - Fix rpmlint errors / warnings * systemd-service-without-service_add_pre moved service_add_pre to %pre * non-etc-or-var-file-marked-as-conffile moved mib.txt to /usr/share/snmp/mibs/SQUID-MIB.txt idea taken from Fedora package - Changes to squid-3.5.10 (01 Oct 2015): * Regression Fix cache_peer login=PASS(THRU) after CVE-2015-5400 * Regression Bug 4326: base64 binary encoder rejects data beginning with nil byte * Bug 4323: Netfilter broken cross-includes with Linux 4.2 * Bug 4328: %un format code does not work for external ACLs in credentials-fetching rules * Bug 4208: more than one port in wccp2_service_info line causes error * Bug 4304: PeerConnector.cc:743 "!callback" assertion. * Bug 4330: Do not use SSL_METHOD::put_cipher_by_char to determine size of SSL hello ciphers * Relicense ntlm_fake_auth.pl to GPLv2+ * Relicense smb_lm auth helper to GPLv2+ * Relicense SSPI helper to GPLv2+ * ... and several minor performance optimizations - rebase squid-config.patch - Changes to squid-3.5.8 (02 Sep 2015): * Regression Bug 4306: build portability fix in Kerberos helpers * Bug 4302: IPFilter v5 transparent interception * Bug 4301: compile errors with IPFilter interception * Bug 4285 partial: %us is not supported in access.log * Bug 4278: Docs: typo in the refresh_pattern freshness algorithm * Bug 4242: compile errors with eCAP using clang-3.6 * Bug 3696: crash when client delay pools are activated * Bug 3553: cache_swap_high ignored and maxCapacity used instead * Regression Fix: FtpServer.cc:1024: "reply != NULL" assertion * Fix ignore of impossible SSL bumping actions, as intended and documented * Fix memory leak in Surrogate-Capability header detection * Fix truncated body length when RESPMOD service aborts * Reject non-chunked HTTP messages with conflicting Content-Length values * Support splice for SSLv3 and TLSv1 sessions that start with an SSLv2 Hello * ... and several portability and compile fixes * ... and several documentation updates - Move update logic to proper scriptlet * Replace 'etc' with %{_sysconfdir} macro - Changes to squid-3.5.7 (01 Aug 2015): * Bug 4293: wrong SNI sent to server after URL-rewrite * Bug 4251: incorrect instance name for memory segments in /dev/shm * Bug 4227: invalid key in AuthUserHashPointer causing assertation failure * Bug 3345: support %un (any available user name) format code for external ACLs. * basic_smb_auth: Fix several old issues identified by Debian users * Support ssl-bump splicing to origin cache_peer * Fix SSL errors relayed using invalid certificates * Fix crash in TcpAccepter with profiler enabled * Fix some cases of ssl_crtd SSL certificate DB corruption * Fix performance regression in SBuf::chop operations * Improve handling of client connections on shutdown * Handle exceptions during squid.conf parse * Make pod2man an optional dependency * ... and polishing for several cache.log notification messages * Do not blindly forward cache peer CONNECT responses (CVE-2015-5400) - rebase patch * squid-config.patch - Update to 3.5.6 * Bug 4274: ssl_crtd.8 not being installed * Bug 4193: memory leak on FTP listings * Bug 4183: segfault when freeing https_port clientca on reconfigure or exit * Bug 3875: bad mimeLoadIconFile error handling * Bug 3483: assertion failed store.cc:1866: 'isEmpty()' * Bug 3329: pinned server connection is not closed properly * TLS: Disable client-initiated renegotiation * ext_edirectory_userip_acl: fix uninitialized variable * Support custom OIDs in *_cert ACLs * Fix CONNECT failover to IPv4 after trying broken IPv6 servers * Use relative-URL in errorpage.css for SN.png * Do not blindly forward cache peer CONNECT responses * Fix assertion String.cc:221: "str" * Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone * Translations: add Spanish US dialect alias - Drop no longer needed squid-nobuilddates.patch - Update to 3.5.5 * Regression Bug 4132: short_icon_urls with global_internal_static on * Bug 4238: assertion Read.cc:205: "params.data == data" * Bug 4236: SSL negotiation error of 'success' * Bug 3930: assertion 'connIsUsable(http->getConn())' * Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer * Fix assertion errorpage.cc:600: "entry->isEmpty()" * Fix comm_connect_addr on failures returns Comm:OK * Fix missing external ACL helper notes * Fix "Not enough space to hold server hello message" error message * Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong * Prevent unused ssl_crtd helpers being run - Update permission in logrotate config - Refresh squid-config.patch - Update to 3.5.4 * Bug 4234: comm_connect_addr uses errno incorrectly * Bug 4231: fd_open() not correctly handling UDS socket descriptions * Bug 4226: digest_edirectory_auth: found but cannot be built * Bug 4198: assertion failed: client_side.h:364: "sslServerBump == srvBump" * Bug 3775: Disable HTTP/1.1 pipeline feature for pinned connections * Fix require-proxy-header preventing HTTPS proxying and ssl-bump * Fix Negotiate/Kerberos authentication request size exceeds output buffer size * Fix SQUID_X509_V_ERR_DOMAIN_MISMATCH errors while accessing sites with valid certificates * Add server_name ACL matching server name(s) obtained from various sources * Add Kerberos support for MAC OS X 10.x * Support for resuming TLS sessions * ... and some portability and compile fixes * ... and several documentation updates * ... and all fixes from squid 3.4.13 - Refresh patches - Remove emulate_httpd_log from config on update - Fix update from 3.4 to 3.5 - Fix SLE 11 build with older kerberos libraries * squid-old-kerberos.patch - Update to 3.5.3 * Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory * Regression Bug 4206: Incorrect connection close on expect:100-continue * Bug 4204: ./configure does not abort when required helpers cannot be built * Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment * Bug 2907: high CPU usage on CONNECT when using delay pools * basic_getpwnam_auth: fail authentication on crypt() failures * basic_nis_auth: fail authentication on crypt() failures * ext_kerberos_ldap_group_acl: Heimdal support improvements * ext_wbinfo_group_acl: Perl 5.20 support * ... and several compile issues - Use xz compressed source - Update to 3.5.2 * Regression Bug 4176: Digest auth too many helper lookups * Regression Bug 4180: not-fully-initialized data member in ACLUserData * Bug 4172: Solaris broken krb5-config * Bug 4073: Cygwin compile errors * Bug 3919: remove several never-true / never-false comparisons * HTTPS: Add missing root CAs when validating chains that passed internal checks * Fix some cbdataFree related memory leaks * Quieten CBDATA 'leak' messages * Set SNI information in transparent bumping mode * negotiate_kerberos_auth: fix krb5.conf backward compatibility * Fix memory leaks in cachemgr.cgi URL parser * Fix sslproxy_options in peek-and-splice mode * ... and fix several portability and build issues * ... and some documentation updates * ... and all fixes from squid 3.4.11 - Update to 3.5.1 (13 Jan 2015): * Fix handling of invalid SSL server certificates when splicing connections * basic_smb_lm_auth: Simplified MSNT basic auth helper * squidclient: Fix -A and -P options * ... and several portability fixes * ... and all fixes from squid 3.4.11 * ... and a lot of documentation updates - removed obsolete patch * squid-compiled_without_RPM_OPT_FLAGS.patch - rebased patches * squid-config.patch * squid-nobuilddates.patch * squid-brokenad.patch - replace configure option * --enable-ssl > --with-openssl - remove obsolete RELEASENOTES.html * included in package - Update to 3.4.11: * cachemgr.cgi: memory leak in request parser * Fix typo on commStartSslClose * Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro * Bug #3760: squidclient ignores --disable-ipv6 * Bug #3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11 * Bug #3754: configure doesnt detect IPFilter 5.1.2 system headers * Bug #4164: SEGFAULT when %W formating code used in errorpages * Deleting first fs left psstate->servers pointing to uninitialized memory * Maintenance: check release notes on packaging * Bug #4057: Avoid on-exit crashes when adaptation is enabled. - recover old spec * merge in suggested changes from tchvatal - fix permissions for SLE11 * revert suid bit for pinger and basic_pam_auth add them to permissions file (commented) - readd deleted files * RELEASENOTES * permissions (needed for SLE11) * init.rh - Cleanup with spec-cleaner - Version bump to 3.4.10: * Fix bootstrap.sh dependency on SPONSORS.list * HTTP/2: Support 421 (Misdirected Request) status code * Alternate-Protocol is a hop-by-hop header * Bug #4148: external_acl_type header format does not accept the new libformat syntax * Bug #4033: Rebuild corrupted ssl_db/size file * Bug #3902: Docs: external_acl_type cache hash key * Bug #4145: squid_endian.h compile errors with OpenBSD 5.6 * Fix segmentation fault in ACLUrlPathStrategy::match - Remove support for other distros as we build for opensuse anyway - remove permissions.easy and permissions.paranoid files from package as they are not used any more - remove setBadness in rpmlintrc as it should be already in Factory permissions package handled - %verifyscript is its own section, move out of the %postun section - Use URLs to paths that the source validator actually understands and make this acceptable for Tumbleweed. - fix for boo#894636 (squid's logrotate snippet runs init script) * modify squid.logrotate to work on both systemd and SysVinit - Changes to 3.4.9 (31 Oct 2014): + Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update + Bug 4102: sslbump cert contains only a dot character in key usage extension + Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options + Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0 + Bug 4024: Bad host/IP ::1 when using IPv4-only environment + Bug 3803: ident leaks memory on failure + kerberos_ldap_group/cert_tool: Remove ksh dependency; obsoletes squid-cert_tool_use_bash_not_ksh.patch + ... and some automated code style updates + ... and some documentation updates - Changes to 3.4.8 (15 Sep 2014): + Fix off by one in SNMP subsystem + pinger: Fix various ICMP handling issues; CVE-2014-7141; CVE-2014-7142; http://www.squid-cache.org/Advisories/SQUID-2014_4.txt; bnc#891268 obsoletes squid-icmp-DoS.patch - Remove dependency on gpg-offline as signature checking is implemented in the source validator. - fix spec and changes file - update logrotate file * postrotate now defaults to 'systemd' - fix for icmp pinger DOS bnc#891268 - some spec cleanup - some systemd/SysVinit fixes - fix sysconfig file for ! suse_version - replaced permissions handling using setuid bit with use of linux capabilities (on supported systems) - general cleanup of .spec file and systemd handling - Changes to 3.4.7 (28 Aug 2014): * Regression Fix: Kerberos LDAP authorizing groups with principle subdomain * Bug 4080: worker hangs when client identd is not responding * Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC * HTTP/1.1: Ignore Range headers with unidentifiable byte-range values * SSL-bump: Use v3 for fake certificate if we add _any_ certificate extension * Enable compile-time override for MAXTCPLISTENPORTS * ntlm_sspi_auth: Fix various build errors * negotiate_wrapper: Fix build issues with non-portable vfork() * negotiate_sspi_auth: Portability fixes for MinGW * ext_lm_group_acl: Portability fixes for MinGW * ... and several minor memory leaks - fix for bnc#894636 * fix postrotate for systemd - rebase patches * squid-cert_tool_use_bash_not_ksh.patch * squid-compiled_without_RPM_OPT_FLAGS.patch * squid-nobuilddates.patch * squid-config.patch - fix for bnc#894840 * fix logrotate file (sharedscripts) - add --disable-arch-native configure param as vmware does not emulate all instruction set and squid fails with "Illegal instruction" more info at http://wiki.squid-cache.org/KnowledgeBase/IllegalInstructionError - squid-cert_tool_use_bash_not_ksh.patch: /usr/sbin/cert_tool should use bash, not ksh. [bnc#891313] - Changes to squid-3.4.6 (25 Jun 2014): * Regression: segmentation fault logging with %tg format specifier * Bug 4065: round-robin neighbor selection with unequal weights * Bug 4056: assertion MemPools[type] from netdbExchangeStart() * Bug 4050: segmentation fault in CommSelectEngine::checkEvents on helper response * Fix segmentation fault setting up server SSL connnection * Fix hanging Non-HTTPS connections on SSL-bump enabled port * Fix Cache Manager actions listed more than once * ... and many minor memory leaks * ... and several portability build issues * ... and some documentation updates - Changes to squid-3.4.5 (02 May 2014): * Regression Bug 4051: inverted test on CONNECT payload existence * Regression Fix: order dependency between cache_dir and maximum_object_size * Fix logformat %note display * Resolve 'dying from an unhandled exception: c' * Copyright: Update CONTRIBUTORS list of copyright holders - fix deps * libtool >= 2.4 * older libtool needs --with-included-ltd - Rename rpmlintrc to %{name}-rpmlintrc. Follow the packaging guidelines. - fix rhel/centos usermod parameter invocation order - setuid handling for opensuse using permissions updated - enable build for centos/rhel - add centos/rhel init script - add 'squid' as default group and added suid bit for /usr/sbin/pinger [#] pinger needs 'root' privileges to be able to ping (cache peer) * attr(4750,root,squid) /usr/sbin/pinger - fix pidfile dir * systemd -> /run/squid.pid * SysVinit -> /var/run/squid.pid - added patch to force kerberos principalname handling ( http://bugs.squid-cache.org/show_bug.cgi?id=4042 ) * squid-brokenad.patch - Changes to squid-3.4.4 (09 Mar 2014): * Bug 4029: intercepted HTTPS requests bypass caching checks * Bug 4001: remove use of strsep() * Bug 3186 and 3628: Digest authentication always sending stale=false for nonce * Fix stalled concurrent rock store reads * Fix helper ID number assignment * Fix build failures from CMSG related definitions * Fix build failures from libcompat unsafe.h protections * Copyright: Relicense helpers by Treehouse Networks Ltd. * ... and all bug fixes from 3.3.12 - fix for bnc#743563 * fix spec(post): remove SLE_10 permissions stuff - rebased patches: * squid-compiled_without_RPM_OPT_FLAGS.patch * squid-nobuilddates.patch - add ssl bump to build config - Changes to squid-3.4.3 (02 Feb 2014): * Bug 4008: HttpHeader warnOnError should be an int not a bool * Bug 4002: clang 3.4 unable to compile * Bug 3996: Malformed DNS reply leads to crash * Bug 3995: compile error on CentOS 5 with GCC 4.1.2 * Bug 3975: atomic detection cross-compilation failure * Bug 3971: "cannot aggregate mgr:client_list: cmd->profile != NULL" in SMP mode * Bug 3954: compile failure in CpuAffinity.cc * Bug 3927: tests/testRock fatal.cc required * Fix memory leak in peer Cache Digest exchange * Fix external_acl_type async loop failures * Fix destination IP address cycling * ... and a few polishing changes - Changes to squid-3.4.2 (30 Dec 2013): * Regression Bug 3980: FATAL ERROR due to max_user_ip -s option * Regression Fix: \-unescaping in quoted strings from helpers * Regression Fix: URL helper API bypassing on URL containing '=' character * Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery * Bug 3806: Caching responses with Vary header * Bug 3498: FTP PUT assertion * WCCPv2: Fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD * Enable concurrency by default for SSL certificate validator * ... and fix several build errors - Changes to squid-3.4.1 (09 Dec 2013): * Bug 3935: Invalid pointer dereference when peeking at origin server certificate * Bug 3589: intercepted and ICAP modified request using a cache_peer * ... and several portability fixes * ... and some documentation updates - Changes to squid-3.4.0.3 (01 Dec 2013): * Bug 3941: Release notes error * Receive annotations from authentication and external ACL helpers * basic_nis_auth: Improved portability * ... and several documentation updates * ... and all bug fixes from 3.3.9, 3.3.10, 3.3.11 - Changes to squid-3.4.0.2 (03 Oct 2013): * Regression Bug 3891: squid.conf parser errors in 3.4.0.1 * Regression Fix: re-disable MinGW C++11 support * Bug 3914: partial: make squidclient tool build cleanly with -Wconversion * Fix memory leak in refresh_pattern parsing * negotiate_kerberos_auth: upgrade to present group= keys * Handle NTLM helper returning OK without user= value * Add dns_multicast_local to control mDNS operation * Add --disable-arch-native build option * Display Build-Info in cache manager info report * ... and all changes from squid 3.3.9 * ... and some code and debug output polishing - Changes to squid-3.4.0.1 (29 Jul 2013): * Port from 2.7: StoreURL (renamed Store-ID) support * Bug 3795: fix several mistakes in the MIB file * Bug 3793: configure: improved helper detection * Bug 3722: Invalid markup in Armenian hy ERR_ONLY_IF_CACHED_MISS * Bug 3676: Support GCC 4.7 with -Wshadow option * Bug 3643: NTLM helpers stuck in reserved state by Safari * Bug 3389: Auto-reconnect for tcp access_log * Bug 2066: squid does not do chdir() after chroot() * Fix uninitialized fields in IcapLogEntry * Fix a number of minor issues detected by Coverity Scan * Fix some potential memory leaks detected by Coverity Scan * Fix 64-bit support for Intel compiler suite (ICC) and other similar compilers * Fix ACL matching algorithm to avoid repeating tests * basic_pam_auth: Add -r option to strip NTLM/Negotiate domain from username * squidpurge: fix META TLV parsing issues * squid.conf: enforce all the directive and option names are lower-case * Support EUI on HTTPS and FTP data connections * Support OK/ERR/BH response codes from any helper * Support No-lookup flag (-n) on DNS ACLs * Support -march=native compiler optimization by default * Support forwarding intercepted but not bumped connections to cache_peers * Support IPv6 NAT interception on Linux and some BSD * Deprecate log_icap and log_access configuration directives * HTTP/1.1: improved method invalidation and cacheability detection * HTTP/1.1: support length configuration for pipeline_prefetch queue * Improved TPROXY support for OpenBSD and FreeBSD * Add storeid_file_rewrite helper to perform Store-ID rewrites from a rules file * Add all-of and any-of ACL types for grouping sets of ACL tests * Add note directive for transaction annotations * Add %note log format for transaction annotation logging * Add note ACL type for matching annotated transactions with by annotation name or value * Add kv-pair support to URL-rewrite/redirector interface * Add SSL server certificate validator interface, helper and result cache * Add SSL server certificate fingerprint ACL type * Add spoof_client_ip access control * Add pt-bz (Belize Portuguese) dialect to translations * ... and many Windows portability changes (still incomplete) * ... and many documentation changes * ... and much code cleanup and polishing - modified patches: * squid-compiled_without_RPM_OPT_FLAGS.patch * squid-config.patch - remove obsolete fix-pod2man-check patch - Changes to squid-3.3.11 (01 Dec 2013): * Regression Bug 3936: error-details.txt parse error with OpenSSL since 3.3.9 * Bug 3972: Segfault when getting the deny_info page ID after a reconfigure * Bug 3970: max_filedescriptors disabled due to missing setrlimit * Bug 3967: ipc/Kid.cc compilation failure: 'time' was not declared in this scope * Bug 3960: DEAD cache_peer are not revived * Bug 3956: xstrndup: tried to dup a NULL pointer * Bug 3906: Filedescriptor leaks in SNMP * Bug 3782: Digest authentication not obeying nonce_max_count * HTTP/1.1: Make header parser obey relaxed_header_parser * HTTP/1.1: Re-compute Range response content offset after an FTP response was adapted * SMP: Replace blocking sleep(3) and close UDS socket on failures * Windows: fix several compile errors - Changes to squid-3.3.10 (03 Nov 2013): * Bug 3929: request_header_add not working for tunnel requests * Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration * Bug 3918: Self Test Failures on Mac OS X 10.8 * Bug 3887: tcp_outgoing_tos not working for IPv6 * Bug 3836: Fix issues with automake 1.13+ and make check * Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() * Fix pinning hierarchy log information * Fix close idle client connections associated with closed idle pinned connections. * Fix cbdata 'error: expression result unused' errors * Avoid "hot idle": A series of rapid select() calls with zero timeout. * Append Connection:close to OPTIONS requests when icap_persistent_connections is off * ntlm_fake_auth: pass DOMAIN data to Squid in original case * kerberos_ldap_group: fix LDAP string duplication * Use IPv6 localhost nameserver on DNS configuration errors * Add cache_miss_revalidate * ... and several portability improvements - modified patches: * squid-compiled_without_RPM_OPT_FLAGS.patch * squid-config.patch - fix build for SLE (libxml2-devel vs pkgconfig(libxml2)) - fix changed files * bindir/purge * bindir/squidclient - Changes to squid-3.3.9 (11 Sep 2013): * Regression Bug 3077: off-by-one error in Digest header decoding * Bug 3895: fix acl_uses_indirect_client and cache_peer_access * Bug 3879: assertion failed ConnStateData::validatePinnedConnection * Bug 3863: myportname acl causes segmentation fault * Bug 3849: Duplicate certificate sent when using https_port * Bug 2287: Better fix for unsupported HTTP version handling * Bug 2112: Reload into If-None-Match * Fix several assert with side effects in ICAP/eCAP response handling * Fix myportname ACL on ICAP/eCAP transactions * Fix external ACL user:pass detail logging after adaptation * Fix SMP mgr:info report 'Largest file desc currently in use' * Improved compatibility with gcc 4.8, clang and icc * Show number of available filedescriptors when reserved FD changes * Sync with newest OpenSSL error codes * Register Http2-Settings header * ... and many Windows portability fixes - fix changelog - fix build for Factory * rework fix-pod2man-check - fix build for 1110 (SLES_11) * add configure --disable-strict-error-checking - Changes to squid-3.3.8 (13 Jul 2013): * Bug 3869: assertion failed: MemBuf.cc:272: size < capacity * Improved handling of port values in Host: header validation - Changes to squid-3.3.7 (11 Jul 2013): * Bug 3297: Fix openSSL related build failures * Fix build on FreeBSD 9.x platform with clang * Protect against buffer overrun in DNS query generation - Changes to squid-3.3.6 (01 Jul 2013): * Bug 3854: pt1: compile errors on AIX * Bug 3802: Fix wrong check inside Format::Format::assemble * Bug 3762: remove bogus WARNING in cache.log * Bug 3717: assertion failed with dstdom_regex with IP based URL * Bug 1991: kqueue causes SSL to hang * Ask for SSL key password when started with -N but without sslpassword_program * Make sure %<tt includes all [failed] connection attempts * Support HTTP reply ACLs in icap_log and log_icap * Fix incorrect external_acl_type codes * Fix ICAP logging request headers and segmentation faults * ... and some documentation polish - Changes to squid-3.3.5 (20 May 2013): * Bug 3851: Delay Pool class 5 tag:levels displayed incorrectly in cache manager * Bug 3845: http_port tcpkeepalive= option fails parsing * Bug 3840: assertion failed 'sde' in UFS cache loading * Bug 3836: make check failures with automake-1.13 * Bug 3827: Remove AccessLogEntry::cache.authuser * Bug 3816 pt2: SSL_get_certificate call inside Ssl::verifySslCertificate crashes * Bug 3780: cachemgr.cgi: output problem in HTTP Header Statistics * Bug 3759: OpenSSL compilation error on stock Fedora17, RHEL, CentOS 6 systems * Bug 3744: squid terminated: FATAL: Bungled (null) line 3: sslproxy_cert_sign signTrusted all * Port from 2.6: external acl %ACL and %DATA tags * Update copyright on SN.png * ... and several minor memory leaks * ... and some documentation polish - Changes to squid-3.3.4 (27 Apr 2013): * Bug 3831: basic_ncsa_auth Blowfish and SHA support * Bug 3816: SSL_get_certificate call inside Ssl::verifySslCertificate crashes * Bug 3794: MacOS: workaround compiler errors and case-insensitivity * Bug 3781: Proxy Authentication not sent to cache_peer * Bug 3720 pt1: SourceLayout: shuffle fd_table definition into fde.h * Bug 3720 pt2: Add missing include in /dev/poll I/O module * Bug 3674: Improve compiler detection, better support warnings-as-errors on clang * Add support for TPROXY on BSD * Fix SSL Bump bypass for intercepted traffic * Fix memory leaks in ConnStateData pinning * Fix external_acl.cc "inBackground" assertion on queue overloads * CacheMgr: fix missing column separator in helper stats * OpenBSD: libpthreads requires OpenBSD 5.2 or later * ... and lots of documentation updates * ... and all changes from squid 3.2.10 - Changes to squid-3.3.3 (12 Mar 2013): * Bug 3720: Add missing include in /dev/poll I/O module (pt2) * ... and all changes from squid 3.2.9 - Changes to squid-3.3.2 (02 Mar 2013): * Bug 3781: Proxy Authentication not sent to cache_peer * Bug 3794: MacOS: workaround compiler errors * Bug 3720: Compile error in Solaris /OpenIndiana * ... and all changes from squid 3.2.8 - Changes to squid-3.3.1 (09 Feb 2013): * Bug 3726: build errors with --disable-ssl * Propigate pinned connection persistency and closures to the client. * Mimic SSL certificate Key Usage and Basic Constraints * Fix segmentation fault on missing squid.conf values * ext_sql_session_acl: Fix hex decoding on UID * ... and some code polish * ... and a lot of documentation polish * ... and all changes from squid 3.2.7 - rebase patches * config, nobuilddates, compiled_without_RPM_OPT_FLAGS - Changes to squid-3.2.13 (13 Jul 2013): * Bug 3869: assertion failed: MemBuf.cc:272: size < capacity * Improved handling of port values in Host: header validation - Changes to squid-3.2.12 (11 Jul 2013): * Protect against buffer overrun in DNS query generation * Avoid !closing assertions when helpers call comm_read during reconfigure. * Fix several minor memory leaks during reconfigure * Remove origin_tries limiter on forwarding and permit large max_forward_tries values - Add patch squid-fix-pod2man-check.patch solving building with new perl. - Changes for squid 3.2.11 release (29 April 2013) * Fix enter_suid/leave_suid build errors in ip/Intercept.cc * GNU Hurd: define MAP_NORESERVE as no-op when missing * Bug #3833: Option '-k' is not present in squidclient man page * Bug #3817: Memory leak in SSL cert validate for alt_name peer certs * Bug #3822: Locate LDAP and SASL headers in /usr/local/include for BSD support * Bug #3825: basic_ncsa_auth segfaulting with glibc-2.17 * Bug #3774: -k reconfigure drops rock * Bug #3565: Resuming postponed accept kills Squid * HTTP/1.1: partial support for no-cache and private controls with parameters * ssl_crtd: helpers dying during startup on ARM * Updated copyright for icons/SN.png squid-3.2-11813.patch * Revert r11810 - tools.h does not exist in 3.2 squid-3.2-11812.patch - Fixed squid.service - Removed commented patch lines - New revision for squid.service (using only sed) handle multiple cache_dir line Added sed as require - Packaging : fixed systemd squid.service * Rework on squid.service ExecStartPre line remove dependency on unfunctionnal wrapper * Fix bnc#802635 (creating cache struture fail on first call) * Fixed Type=forking and remove the use off -N (non daemon flag) * Fixed missing pid file * Structural : add all -k to end of Exec/Stop line * Ulimit : Added LimitNOFile=4096 ( same value as in /etc/sysconfig) but there's no way to decode dynamically /etc/sysconfig * Remove syslog.target ( no need anymore : advise from fcrozat ) * Clean up squid_cache_build.sh - Changes to squid-3.2.9 (12 Mar 2013): * Regression fix: Accept-Language header parse * Bug 3673: Silence 'Failed to select source' messages * Fix authentication headers sent on peer digest requests * Fix build error on Solaris, OpenIndiana, Omnios - Changes to squid-3.2.8 (02 Mar 2013): * Bug 3767: tcp_outgoing_tos/mark ACLs do not obey acl_uses_indirect_client * Bug 3763: diskd Error: no filename in shm buffer * Bug 3752: objects that cannot be cached in memory are not cached on disk * Bug 3753: Removes the domain from the cache_peer server pconn key * Bug 3749: IDENT lookup using wrong ports to identify the user * Bug 3723: tcp_outgoing_tos/mark broken for CONNECT requests * Bug 3686: cache_dir max-size default fails * Bug 3515: crash in FtpStateData::ftpTimeout * Bug 3329: Quieten orphan Comm::Connection messages * Make squid -z for cache_dir rock preserve the rock DB * Fixed several server connect problems * ... and some build issues on Solaris, OpenIndiana, MacOS X * ... and some documentation and debugs polishing - Changes to squid-3.2.7 (01 Feb 2013): * Bug 3736: Floating point exception due to divide by zero * Bug 3735: raw-IPv6 domain URLs crash if IPv6-disabled * Bug 3732: Fix ConnOpener IPv6 awareness * Bug 3729: 32-bit overflow in parsing 64-bit configuration values * Bug 3728: Improve debug for cache_dir * Bug 3687: unhandled exception: c when using interception and peers * Bug 3678: external acl grace period causes acl lookup failures * Bug 3567: Memory leak handling malformed requests * Bug 3111: Mid-term fix for the forward.cc "err" assertion * Support OpenSSL NO_Compression optio * Fix IPv6 enabled pinger on split-stack or IPv6-disabled systems * Fix "address.GetPort() != 0" assertion for helpers * ... and several minor memory leaks * ... and some cache.log message polishing - Changes to squid-3.2.6 (09 Jan 2013): fix for bnc#794954, CVE-2012-5643, SQUID:2012-1 - Regression Bug 3731: TOS setsockopt() requires int value - Regression Bug 3712: Rotating logs overwrites the previous log - Bug 3727: LLVM compile errors in kerberos_ldap_group - Bug 3650: Negotiate auth missing challenge token - Additional fixes for CVE-2012-5643 / SQUID:2012-1 * http://www.squid-cache.org/Advisories/SQUID-2012_1.txt * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5643 - rebase nobuilddates, config patches - Changes to squid-3.2.5 (10 Dec 2012): - Bug 3698: Add missing include of errno.h - Changes to squid-3.2.4 (03 Dec 2012): - Ported: urllogin ACL from squid 2.7 - Bug 3688: Lots of Orphan Comm:Connections to ICAP server - Bug 3677: Port un-pinning logic changes from squid 3.3 - Bug 3405: ssl_crtd crashes failing to remove certificate - ... and major bugs fixed in squid 3.1.22 - Fix accept_filter on Linux - Remove 'Bungled' warning on missing component directives - ... and many buffer and memory leak issues in the bundled helpers - ... and a small amount of code polishing - remove obsolete glibc-217 patch - Verify GPG signature. - Fix build with glibc 2.17 (add patch squid-glibc217.patch). - update to 3.2.3 (21 Oct 2012): - Regression: SMP crashes on startup with workers > 1 - Bug 3655: pinning failure breaks NTLM and Negotiate authentication - SMP: Allow a UFS cache_dir entry to coexist with a shared memory cache entry - HTTP/1.1: honour Cache-Control before Pragma:no-cache - HTTP/1.1: Cache-Control compliance upgrade - Remove obsoleted refresh_pattern ignore-no-cache option - Fix IPv6 enabled squidclient - ... and several compile fixes - update to 3.2.2 (06 Oct 2012): - Regression: Make login=PASS send no credentials when none available - Regression: Handle dstdomain duplicates and overlapping names better - Bug 3661: Segmentation fault when using more than 1 worker - Bug 3660: ACLFilledChecklist::fd set with wrong fd for sslproxy_cert_error - Bug 3658: ERR_ZERO_SIZE_OBJECT propagates out even after successful retry - Bug 3648: polish String class files - Bug 3647: parsing hier_code acl fails - Bug 3626: forwarding loops on intercepted traffic - Bug 3616: retrieve client connection for ACL checks from the related HttpRequest object - Bug 3609: several RADIUS helper improvements - Bug 3605: memory leak in Negotiate authentication - Fix small memory leak in src ACL parse - Fix maximum_single_addr_tries upgrade - Fix chunked encoding on responses carrying a Content-Range header. - Do not reuse persistent connections for PUTs to avoid ERR_ZERO_SIZE_OBJECT - ... and several compile errors - fix deps * add missing Obsoletes/Provides for squid3 - package rename from squid3 back to squid * old 'squid' (2.7STABLE9) now obsolete * only one "stable" squid available >= 3.2 - update to 3.2.1 (15 Aug 2012): - Bug 3605: memory leak in peer selection - Bug 3478: better default handling without -DSTRICT_ORIGINAL_DST - ... and some documentation updates - rebase squid-config patch - update to 3.2.0.19 (02 Aug 2012) - Regression Bug 3580: IDENT request makes squid crash - Regression Bug 3577: File Descriptors not properly closed - Regression Bug 3478: Allow peer selection and connection auth on intercepted traffic - Regression Fix: Restore memory caching ability - Bug 3556 Workaround: epoll assertion failed: comm.cc:1093: isOpen(fd) - Bug 3551: store_rebuild.cc:116: "store_errors == 0" assertion - Bug 3525: Do not resend nibbled PUTs and avoid "mustAutoConsume" assertion. - Avoid bogus "Disk space over limit" warnings when rebuidling dirty ufs index - Support custom headers in [request|reply]_header_* manglers - ... and much code polishing - remove upstream patches * 3.2-11611 - 3.2-11638 - rebase config, nobuilddates, compiled_without_RPM_OPT_FLAGS patches - add upstream patches * 3.2-11631 - 3.2-11638 - update to 3.2.0.18 (29 Jun 2012) - Bug 3576: ICY streams being Transfer-Encoding:chunked - Bug 3537: statistics histogram leaks memory - Bug 3526: digest authentication crash - Bug 3484: Docs: sslproxy_cert_error example flawed - Bug 3462: Delay Pools and ICAP - Bug 3405: ssl_crtd crashes failing to remove certificate - Bug 3380: Mac OSX compile errors with CMSG_SPACE - Bug 3258: Requests hang when Host forgery verify fails - Bug 3186: Digest auth caches failed state without revalidating - Bug 2976: ERR_INVALID_URL for transparently captured requests when reconfiguring - Bug 2885: AIX: check and set required compiler flags - Fix ssl_crtd compile issues with libsslutil - Fix build with GCC 4.7 (and probably other C++11 compilers). - Fix double-escape of %R on deny_info redirect responses - Support status 308 Permanent Redirect - Support for TLSv1.1 and TLSv1.2 options and methods - Support passing external_acl_type credentials on ICAP - Language Updates: fr, hy, pt_BR - ... and many compile issues on Windows - ... and some minor code polish for more info please see ChangeLog - remove obsolete swapdir, FSF patches - rebase config, nobuilddates patches - add upstream patches * 3.2-11611 - 3.2-11630 - add compiled_without_RPM_OPT_FLAGS patch * squid3 no-rpm-opt-flags <cmdline>:./cf_gen.cc - update to 3.1.20 - Regression Bug 3545: FreeBSD dnsserver segfaults - Regression Bug 3504: clientside_tos fails to mark traffic - Bug 3539: CONNECT server connection not closed correctly on errors - Bug 3502: client timeout uses server-side read_timeout, not request_timeout - Bug 3466: Adaptation stuck on last single-byte body piece - Bug 3463: dnsserver fails to compile - Bug 3439: correct external_acl_type documented default for ipv4/ipv6 option - Bug 3390: Proxy auth data visible to scripts - Bug 3263: ssl_crtd: undefined references to squid_curtime - Bug 3233: Invalid URL accepted with url host is white spaces - Bug 3133: Memory leak handling requests for sites that don't exist - Bug 3074: Improper URL handling with empty path (RFC 3986) - Bug 3013: segmentation fault on shutdown commSetCloseOnExec at comm.cc:1889 - Regression: snmp/udp address directives not resolving hostname - Better helper-to-Squid buffer size management. - Support CoAP over HTTP (coap:// and coaps:// URLs) - Support for 3.2 error template codes - rebase config, swapdir patch - some cleanup * rebase patches (p0), remove version from patch_names - add Source signature file - add FSF patch (incorrect-fsf-address) - add rpmlintrc file * macro-in-comment * no-manual-page-for-binary - update to 3.1.19 - Regression Bug 3441: part 2: Prevent further cache size corruption of swap.state - Bug 3473: erase last uses of obsolete auth_user_hash_pointer - Bug 3470: GCC 4.7 - Bug 3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL - Bug 3441: part 1: Minimize cache size corruption by malformed swap.state - Bug 3440: compile error in Adaptation - Bug 3420: Request body consumption races and !theConsumer exception - Bug 3370: external ACL sometimes skipping - Bug 3085: Crash when parsing esi:include - HTTP/1.1: do not add 110 and 111 Warnings to revalidated responses - Fix SSL library dependency fixes - remove obsolete upstream patches * squid-3.1-10415 - ..421 - add squid source signature file - add upstream patches * 3.1-10419: Bug #3085: Crash when parsing esi:include * 3.1-10420: Bug #3473: erase last uses of obsolete auth_user_hash_pointer * 3.1-10421: Bug #3420: Request body consumption races and !theConsumer exception. - fix for bnc#737905 * fix test EXPRESSION in post section - add upstream patches * 3.1-10417: Polish: debug messages on swap.state rename failure * 3.1-10418: Bug #3442: assertion failed: external_acl.cc:908: ch->auth_user_request != NULL - fix build * add upstream patches - 3.1-10415: Portability: SSL library dependency fixes - 3.1-10416: Bug #3440: compile error in Adaptation - update to 3.1.18 - Regression: compile error in FTP - Changes to squid-3.1.17 (03 Dec 2011): - Bug 3432: Crash logging FTP errors - Bug 3428: Active FTP data channel accepted twice - Bug 3423: access violation in URL parser - Bug 3422: Buffer overflow in recv-announce - Bug 3412: External ACL Uses Invalid Cache Entry - Bug 3408: Wrong header length leads to EFAULTs when creating UFS swap.log.new - Bug 3398: persistent server connection closed after PUT/DELETE - Bug 3299: dnsserver: various undefined references - Bug 3077: '\' in url query strings cause Digest authentication to fail - Bug 2910: MemBuf may grow beyond max_capacity - Bug 2619: Excessive RAM growth due to unlimited adapted body data consumption - Bug 1243: Build overrides configured AR setting - Avoid crashes when processing bad X509 common names (CN). - Support %% in external ACL format - ... and several other compile error fixes - ... and several documentation fixes - make coolo's bot reviewer happy - Use service type "simple" - Support systemd - add libtool as buildrequire to avoid implicit dependency - update to 3.1.16 - Bug 3373: invalid URL in ERR_CACHE_ACCESS_DENIED - Bug 3368: Unhandled exceptions are not logged (workaround) - Bug 3326: miss_access incorrect default - Bug 3320: miss_access description confusing - Bug 3241: squid_kerb_auth cross compilation fix - Bug 3237: seq fault in free() from rfc1035RRDestroy - Bug 3190: Large HTTP POST stuck after early ICAP 400 error response - db_auth: display available DSN drivers on connect error - Updated OpenSSL 1.0.0 version checks - ... and several documentation fixes - Build with -DOPENSSL_LOAD_CONF see OPENSSL_config(3) for detail - update to 3.1.15 - Regression fix: vhost and defaultsite causing vport to be ignored - Regression Bug 3295: broken escaping in rfc1738_do_escape - Bug #3232: fails to compile with OpenSSL v1.0.0 - Bug #3222: cache_peer name is not logging on CONNECT - Bug #3131: fd_table[fd].closing() assert from ConnStateData::noteMoreBodySpaceAvailable() - Bug #3217: "!fd_table[fd].closing()" from ServerStateData::noteMoreBodySpaceAvailable - Bug #3213: https sites (CONNECT) not open when using NTLM - Bug #3114: Memory leak in SSL certificate verify code - Bug #3107: ncsa_auth DES silently truncates passwords to 8 bytes - Bug #2662: cf_gen failure when cross compiling - Bug #2655: passing wrong the username to the url_rewrite_program - Bug #2495: ignore whitespace prefix on config lines - Bug #2051: 'default' cache_peer option does not match documentation - Bug #1842: Optimize order of tests in peerWouldBePinged() and peerHTTPOkay() - Bug #1791: timestampsSet does not validate Date: if server sends very old date - Correct parsing of large Gopher indexes - Enable negative cacheing on unknown or -1 expiry timestamp - Remove hierarchy_stoplist default value - Migrate cf_gen tool from C-style to C++ - ... and several documentation and compiler warning fixes - Disable "ident" lookups, obsolete and dangerous thing to have enabled these days. - fix build for SLE_10 - This is a long running network daemon, build with full RELRO - remove -fno-strict-aliasing, no longer needed. - update to 3.1.14 - Regression Bug 3261: Could not create a DNS socket and exit - 3.1.13 - Regression Bug 3239: problems with myip/myport upgrade - Bug 3153: hung ICAP RESPMOD transactions - Update ssl_crtd to use 'OK' status inline with other helpers - remove obsolete upstream patches (10319,10320) - add upstream patches o 10319, SourceFormat Enforcemen o 10320, Bug 3153: additional compile fixes - update to 3.1.12.3 - Bug 3236: Port of %oa, %<lp and %<lp and %<la log format options - Bug 3214: unexpected read from ssl_crtd - Bug 3153: Prevent ICAP RESPMOD transactions getting stuck with the adapted body - Fix RADIUS helper resource leak - Fix segfault parsing digest auth realm - Fix segfault in parse_eol() - Fixed bypass of SSL certificate validation errors - Warn about myip/myport problems on interception proxies - Polish: display easily grepped config lines on -k parse - Fix squidclient -V option and allow non-HTTP protocols to be tested - rework patches o swapdir 3.1.10 -> 3.1.12.3 o nobuilddates 3.1.12 -> 3.1.12.3 - remove obsolete patches o 3.1.11-unused o 3.1.12-no-sslv2 - update to 3.1.12.2 - Bug 3226: Tags from external ACLs do not correctly expire - Bug 3215: Malformed IPv6 DNS reverse lookup - Bug 3209: ssl-bumped requests forwarded unencrypted to the parent proxies/caches - Bug 3205: SSL-bump starts then hangs - Bug 3178: gcc-4.6 complains unused variables - Bug 3122: Unknown record type in WCCPv2 Packet (6) - Bug 2965 (partial): Compile errors on MinGW - Fix to only ssl-bump CONNECT requests if they are about to be tunneled - Fix cache manager display of -i/+i in regex ACL config display - Fix cache manager display of cache_peer options userhash and sourcehash - Fix URL re-writer loosing many transaction details - Fix always-true comparison in ICAP for some 32-bit platforms - Support for 'slow' group ACLs in ssl_bump access control - Support OpenSSL 1.0.0 built without SSLv2 - Support GCC 4.6 and binutils-gold - Add CSS id attribute to BODY tag of generated error pages. - Display WARNING and ERROR when max_filedescriptors has failed - update to 3.1.12.1 - Port from 3.2: Dynamic SSL Certificate generation - Bug 3194: selinux may prevent ntlm_smb_lm_auth from using /tmp - Bug 3185: 3.1.11 fails to compile on OpenBSD 4.8 and 4.9 - Bug 3183: Invalid URL accepted with url host part of only '@' - Display ERROR in cache.log for invalid configured paths - Cache Manager: send User-Agent header from cachemgr.cgi - ... and many portability compile fixes for non-GCC systems. - rework initscript o rename source to squid.init o ShouldStart winbind o setup cache_dir only if defined in squid.conf otherwise squid won't start, cause cache_dir is not set by default o new vars to squid.sysconfig default_opts '-sYD' -> '-sY' (-D obsolete) - remove author from spec - updated unused patch (idoenmez@novell.com) - Add squid-3.1.11-unused.patch: remove write only variables to fix compilation with gcc 4.6 - mv RPM_BUILD_ROOT to {buildroot} - fdupes only on {buildroot}{_prefix} o no symlinks on config files ;) hence configs won't be overwritten on update - rework config patch o 3.1.4 -> 3.1.12 - add some comments for patches - sort header TAGS - Allow compile without SSLv2 o no-sslv2 patch - Supress build dates in binaries. o nobuilddates patch - Default cache storage type should be "aufs" in Linux o update config patch - update to 3.1.12 (Bugs tracked by http://bugs.squid-cache.org/) - Regression fix: Use bigger buffer for server reads. - Regression fix: Add reply_header_replace directive for ability lost since 2.7 - Bug 3181: /dev/poll fails to build on Solaris with GCC 4.5.0 - Bug 3177: assertion failed: comm.cc:1583: "fd >= 0" - Bug 3175: IPv6 PTR lookup crashes on raw-IP URLs when IPv6 disabled - Bug 3173: Assertion bodyPipe!=NULL on SslBump CONNECT response writing failure - Bug 3164: Total memory info display 32-bit overflows - Bug 3155: Werror is hard-coded in libTrie build - Bug 3151: squid_kerb_auth: use autoconf LIBS instead of FLAGS for library linkage - Bug 2976: invalid URL on intercepted requests during reconfigure - Bug 2720: comment in same line as cache/mem_replacement_policy causes error - Bug 2621: Provide request headers to RESPMOD when using cache_peer. - Bug 2330: AuthUser objects are never unlocked - Prevent CONNECT request relaying to origin servers - squidclient HTTP/1.1 compliance updates (Pragma and User-Agent headers) - squidclient: send Cache Manager password using -w - eCAP: give full Request-URI to adapters - ... and several debug and error display cleanups - update to 3.1.11 - Bug 3149: not caching eCAP adapted body - Bug 3144: redirector program blocks while reading STDIN - Bug 3140: memory leak in error page generation - Bug 3137: RADIUS auth helper does not send identifier to RADIUS server - Bug 3115: logging segfaults if access_log is set to a directory - Bug 2968: Show the Vary: headers information in cachemgr objects report - Bug 2959: remove SAMBAPREFIX dependency - Bug 2868: icc doesn't like string literal in assert checks - HTTP/1.1: Send 307 status on deny_info redirection - HTTP/1.1: Support POST/PUT with no body - HTTP/1.1: Allow persistent connections for Mozilla/3.0 User-Agents - Support RFC 5861 Cache-Control: stale-if-error option - Add ftp_eprt directive to disable EPRT extensions in FTP - Fix external_acl_type grace=0 to obey TTL - Fix IP/FQDN cache accounting to avoid idle caches on busy servers - Prevent pipeline_prefetch misconfigurations breaking NTLM/Negotiate auth - ... and some documentation updates and corrections - ... and some portability and stability fixes - update to 3.1.10 - Bug 3121: memory leak in DigestAuth: AuthUser object is locked twice - Bug 3113: Consuming too much memory when uploading files - Bug 3110: 'reply_body_max_size none' does not work with x-forwarded-for - Bug 3096: Consuming too much memory when delaying traffic - Bug 3091: Bypassed ICAP errors are not counted as service failures - Bug 3090: Polish FTP login error handing - Bug 3068: cache_dir capacity and usage overflows - Bug 3028: Permit wbinfo_group.pl to authenticate Kerberos users with NT domain - Bug 427: HTTP Compliance: Support If-Match and If-None-Match requests - Fix memory leak in adaptation_access - Fix /dev/poll and poll() selection priority - Fix PREFIX/var/run creation during install - Fix cachemgr http_port config report display - Add upgrade help process for obsolete options - Accept RFC 2965 Set-Cookie2 / Cookie2 headers as 'known' - HTTP/1.1: entry is stale if request has max-age=0 - HTTP/1.1: do not forward TRACE with Max-Forwards: 0 after REQMOD - Toolchain update to support newer auto-tools - ... and updated error page translations - ... and updated documentation - ... and some code optimization/simplification polish - reworked swapdir patch - update to 3.1.9 - Bug 3088: dnsserver is segfaulting - Bug 3084: IPv6 without Host: header in request causes connection to hang - Bug 3082: Typo in error message - Bug 3073: tunnelStateFree memory leak of host member - Bug 3058: errorSend and ICY leak MemBuf object - Bug 3057: 64-bit Solaris 9 Squid unable to determine peer IP and port - Bug 3056: comm.cc "!fd_table[fd].closing()" assertion crash when a helper dies - Bug 3053: cache version 1 LFS support detection broken - Bug 3051: integer display overflow - Bug 3040: Lower-case domain entries from hosts and resolv.conf files - Bug 3036: adaptation_access acls cannot see myportname - Bug 3023: url_rewrite_program silently fails to rewrite on broken URLs - Bug 2964: Prevent memory leaks when ICAP transactions fail - Bug 2808: getRoundRobinParent not handling weights correctly - Bug 2793: memory statistics sometimes display wrong - Bug 2356: Port from 2.7: Solaris /dev/poll event ports support - Bug 2311: crashes with ICAP RESPMOD for HTTP body size greater than 100kb - Ensure /var/cache or jail equivalent exists on install - HTTP/1.1: delete Warnings that have warning-date different from Date - HTTP/1.1: do not remove ETag header from partial responses - HTTP/1.1: make date parser stricter to better handle malformed Expires - HTTP/1.1: improve age calculation - HTTP/1.1: reply with a 504 error if required validation fails - HTTP/1.1: add appropriate Warnings if serving a stale hit - HTTP/1.1: support requests with Cache-Control: min-fresh - HTTP/1.1: do not cache replies to requests with Cache-Control: no-store - squidclient: Display IP(s) connected to in verbose (-v) display - Fixes several issues with ICAP persistent connections - Fixes small leaks in Netdb, DNS, ICAP, ICY, HTTPS - ... and some cosmetic polishing - removed obsolete patches o squid-beta-3.0-ia64 (upstream) o squid-beta-3.0-mem_node_64bit (not needed, Amos) o squid-3.1.4-openldap (not needed, Amos) - reworked swapdir patch o send upstream - update to 3.1.8 - Bug 3033: incorrect information regarding TOS - Bug 3020: Segmentation fault: nameservers[vc->ns].vc = NULL - Bug 3005,2972: Locate LTDL headers correctly (again) - Bug 2872: leaking file descriptors - Bug 2583: pure virtual method called - Hardened DNS client against packet queue attacks - Hardened HTTP request-line parser - Several HTTP/1.1 support improvements - Improved cross-compile support - .. and several internal pointer safety fixes - remove obsolete patches o bug2972-real-fix.patch o squid-bootstrap.patch - added bug2972-real-fix.patch o fix build for SLE_10 o but impossible to apply LDAP patch - update to 3.1.7 - Regression Bug 3021: Large DNS reply causes crash - Regression Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes - Regression Bug 2997: visible_hostname directive no longer matches docs - Bug 3012: deprecate sslBump and support ssl-bump spelling in http_port - Bug 3006: handle IPV6_V6ONLY definition missing - Bug 3004: Solaris 9 SunStudio 12 build failure - Bug 3003: inconsistent concepts in documentation of cache_dir - Bug 3001: dnsserver link issues - HTTP/1.1: default keep-alive for 1.1 clients (bug 3016) - HTTP/1.1: Improved Range header field validation - HTTP/1.1: Forward multiple unknown Cache-Control directives - HTTP/1.1: Stop sending Proxy-Connection header - Fix 32-bit wrap in refresh_pattern min/max values - ... and several documentation corrections. - update to 3.1.6 - Bug 2994, 2995: IPv4-only regressions - Bug 2991: Wrong parameters to fcntl() in commSetCloseOnExec() - Bug 2975: chunked requests not supported after regular ones - Fix: 32-bit overflow in reported bytes received from next hop - Fix Libtool build regressions - Limited split-stack IPv6 support. - squid_db_auth support MD5 encrypted passwords - update to 3.1.5 - Bug 2967: raw-IPv6 address URL with append_domain broken - Bug 2950: HTTP responses with no Date, L-M or Expires can now be cached - Bug 2943: ICAP tokens not logged when using multiple access - Bug 2937: Fails to detect chunked encoding if not given in all lower case - Bug 2903: does not send indirect X-Client-Ip in ICAP respmod - Fix free memory corruption and off-by-one error when comparing SNMP OIDs - Port from 2.7: max_filedescriptor config option - Fix persistent_connection_after_error is meant to be on by default - ... and several build errors. - fix build for SLE_10 o added bootstrap patch o fix permissions.secure for pam_auth - spec mods o build with --mandir o add BuildReq libcap-devel (TPROXY) - new version 3.1.4 - Bug 2933: Verification of the max. port number for WCCP2 dynamic service - Bug 2924: RADIUS helper compile issues - Bug 2922: Fix assertion failed: HttpHeader.cc: "Headers[id].stat.aliveCount" - Bug 2919: tcp_outgoing_address ACLs not obeying acl_uses_indirect_client - Bug 2896: Fix assertion failed: comm.cc:2063: "!fd_table[fd].closing()" - Bug 2879: pt2: 3.0 regression in headers end finding - Bug 2877: pt2: only output zero-size warning on reverse-proxy requests - Bug 2876: FD_SETSIZE override not working on all linux distributions - Bug 2810: common log format generates 2 lines of syslog - Bug 2789: Optimize unlimited memory pools, and correctly handle limits over 2GB - Bug 2753: Fall back on IPv4 if IPv6 is not present - Bug 2697: Adaptation leaks and extra requests after reconfiguration - Bug 2633: Fix Ecap::HeaderRep::value(name) fails when there is no named header field - Change LDAP helpers to default to LDAP version 3 if available - Add Joomla and Salted Hash support to squid_db_auth helper - Fixed IpAddress port printing for ports higher than 9999 - Disable chunked memory pooling by default. - ... and several build errors. - reworked config patch with fuzz=0 - removed libxml2 patch - added swapdir patch - reworked ldap patch - adopt build_option storeio: (build all) o --enable-storeio=aufs,diskd,null,ufs -> --enable-storeio - adopt build_option ntlm-auth-helpers: SMB -> smb_lm o ntlm_auth -> ntlm_smb_lm_auth - enable parallel build - fix permissions file - new version 3.0.STABLE25 - Bug 2845: Rework the http digest auth parser - Bug 2787: unknown/unexpected status code messages - Bug 2507: squid_ldap_group: Strip Domain name separated by + - Bug 2367: stale=true on digest requests with unknown nonce - ... and several other minor corrections - new version 3.0.STABLE24 * Bug 2858: Segment violation in HTCP * Updated refresh pattern for dynamic pages - version 3.0.STABLE23 * Bug 2856: removing assert() required for 3.0 patch for SQUID-2010:1 * Regression Fix: Build error in Kerberos helper after library removal. - version 3.0.STABLE22 * Regression Fix: Make Squid abort on all config parse failures. * Bug 2787: Reduce unexpected http status to non-critical warnings. * Bug 2496: Downloading some variants in full before relaying * Bug 2452: Add upper limit to external_acl_type entries. * Removed optional kerberos/spnegohelp/ library due to licensing issues * Add client_ip_max_connections * Handle DNS header-only packets as invalid. - version 3.0.STABLE21 * Bug 2830: Clarify where NULL byte is in headers. * Bug 2778: Linking issues using SunCC * Bug 2395: FTP errors not displayed * Bug 2155: Assertion failures on malformed Content-Range response headers * Fix parsing and a few bugs in ACL time type * Fix RFC keep-alive compliance on intercepted replies * Improved security hardening on %nn parser * Replace several GCC-specific code snippets. - new version 3.0.STABLE20 * Bug 2794: ESI parsing on FreeBSD * Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity * Bug 2779: Support GNU/kFreeBSD * Bug 2773: Segfault in RFC2069 Digest authantication * Bug 2768: squid_ldap_group argument parsing error * Bug 2761: Gopher and double HTTP response header * Bug 2735: Incomplete -fhuge-objects detection * Bug 2722: prevent CONNECT via http_port with accel * Bug 2624: Invalid response for IMS request * Bug 2510: digest_ldap_auth TLS support * Correct LINUX_CAPABILITY actions on non-Linux - removed old upstream patches o squid-3.0-9107.patch - squid-3.0-9124.patch - added upstream patches o squid-3.0-9107.patch - squid-3.0-9124.patch - new version 3.0.STABLE19 * Bug 2745: Invalid Response error on small reads * Bug 2739: DNS resolver option ndots can't be parsed from resolv.conf * Bug 2734: some compile errors on Solaris * Bug 2648: stateful helpers stuck in reserved if client disconnects while helper busy * Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma * Bug 2362: Remove support for deferred state in stateful helpers * Add 0.0.0.0 as a to_localhost address * Docs: Improve chroot directive documentation slightly * Fixup libxml2 include magics, was failing when a configure cache was used * ... and some minor testing improvements. - spec mods o adding group winbind, add squid to group winbind when using squid with samba-winbind for ntlm_auth squid needs read access to /var/lib/samba/winbindd_privileged group winbind is added if squid is installed before winbind ;) - added upstream patches o b9097 - b9103 - rpmlint o added fdupes - cleanup spec o removed #-------- - remove outdated patches - merge factory changes with buildservice - Fix patch numbering for rpm 4.7. - make patch0 usage consistent - added upstream patches o b9095, b9096 - added upstream patches o b9089 - b9094 o disabled b9089,b9090,b9092 cause can not patch inexistent file - new version 3.0.STABLE18: * Bug 2728: regression: assertion failed: !eof * Bug 2732: reply_body_max_size smaller than error page loops infinitely until out of memory * Bug 2725: pconn failure if domain or client_address are unset * Bug 2648: reserved helpers not shut down after reconfigure/rotate * Bug 2462: make check should tell when cppunit is missing * Remove excess messages about headers < minimum size * Support Libtool 2.2.6 - Changes to squid-3.0.STABLE17 (27 Jul 2009): * Bug 2680 regression: Crash after rotate with no helpers running * Bug 2710: squid_kerb_auth non-terminated string * Bug 2679: strsep and strtoll detection failure * Bug 2674: Remove limit on HTTP headers read. * Bug 2659: String length overflows on append, leading to segfaults * Bug 2620: Invalid HTTP response codes causes segfault * Bug 2080: wbinfo_group.pl - false positive under certain conditions * Bug 1087: ESI processor not quoting attributes correctly. * Fix: issue with AUFS/UFS/DiskD writing objects to disk cache * Several small build issues with previous release. for full changes list, see: http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE18-RELEASENOTES.h... - removed squid-3.0.STABLE16-gcc_warn_kerb_auth.patch - removed changed, deprectated configure options o deprecated: - -enable-poll o changed to default: - -enable-htcp - -enable-snmp - spec mods * removed ^---------- * removed ^#--------- - new version 3.0.STABLE16: * Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk * Bug 2481: Don't set expires: now in generated error responses * Bug 2387: The calculation of the number of hash buckets correctly * Fix infinite loop in MSNT auth helper * Fix FD_SETSIZE on FreeBSD * Fix stripping NT domain in squid_ldap_group * Fix RADIUS auth helper build * Add Translate: and Unless-Modified-Since: headers to known list * Make fakeauth handle NTLMv2 better * Better Kerberos support detection * Several Widows port fixes - Changes to squid-3.0.STABLE16-RC1 (16 May 2009): * Bug 1148: Ported from 3.1: Chunked Transfer Encoding * Bug 2648: NTLM helpers not shutting down when deferred - Changes to squid-3.0.STABLE15 (06 May 2009): * Regression Bug 2635: Incorrect Max-Forwards header type * Bug 2652: 'Success' error on CONNECT requests * Bug 2625: IDENT receiving errors * Bug 2610: ipfilter support detection * Bug 2578: FTP download resume failure * Bug 2536: %H on HTTPS error pages * Bug 2491: assertion "age >= 0" * Bug 2276: too many NTLM helpers running * Endian system and compiler fixes provided by the NetBSD project * documentation fixes provided by the Debian project - Changes to squid-3.0.STABLE14 (11 Apr 2009): * Regression Fix: HTTP/0.9 in accelerator mode * Bug 1232: cache_dir parameter limited to only 63 entries * Bug 1868: support HTTP 207 status * Bug 2518: assertion failure on restart/reconfigure * Bug 2588: coredump in rDNS lookup * Bug 2595: Out of bounds memory write in squid_kerb_auth * Bug 2599: Idempotent start * Bug 2605: Prevent setsid() on helpers in daemon mode * Fix external_acl_type option parsing * Fix delay pools counters on FTP * Fix several issues with ident (some remain) * Fix performance issues with persistent connections * Fix performance issues with delay pools * Fix forwarding of OPTIONS requests * Add support for HTTP 1.1 Content-Disposition header * Add support for Windows 7, Windows Server 2008 R2 and later * ... and many small documentation updates for full changes list, see: http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE16-RELEASENOTES.h... - reworked gcc_warn_kerb_auth * was partially added - added after RELEASE patches * b9052 - b9067 for full changes list, see: http://www.squid-cache.org/Versions/v3/3.0/changesets/SQUID_3_0_STABLE16.htm... - some spec mods * removed {rel} - strchr returns a const char* now, work around - some spec fixes ==== step ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== sysdig ==== Version update (0.6.0_k4.4.0_2 -> 0.7.1_k4.4.0_2) - Update to 0.7.1 * Fix sysdig-probe compilation for kernel < 3.4.0 * Fix compilation on OSX - Changes for 0.7.0 * Fix sysdig-probe for kernel 4.4 * Fix a remotely possible deadlock during ioctl calls * Fix Kubernetes support when data returned from the API server is particularly big * Minor bugfixes * Spectrogram views in csysdig: spectro_all (System call latency spectrogram) and spectro_file (File I/O latency spectrogram) * Ability to authenticate to a Kubernetes API server using a certificate, via -K <file_name> or --k8s-api-cert=<file_name>. Can also be specified via the environment variable SYSDIG_K8S_API_CERT * Ability to sort columns in csysdig views using the keyboard * --filter-proclist: apply the filter to the process table * -M: add the possibility to stop collecting after X seconds evt.latency.quantized: 10-base log of the delta between an exit event and the correspondent enter event evt.latency.human: delta between an exit event and the correspondent enter event, as a human readable string (e.g. 10.3ms) ==== umbrello ==== Version update (15.12.0 -> 15.12.1) - Update to KDE Applications 15.12.1 * KDE Applications 15.12.1 * https://www.kde.org/announcements/announce-applications-15.12.1.php * boo#961265 ==== xf86-video-r128 ==== Version update (6.10.0 -> 6.10.1) - Update to version 6.10.1 * Really fix bitmasks for DDC * Assume CRT in the absence of other monitors ==== xkeyboard-config ==== Version update (2.16 -> 2.17) - Update to version 2.16 * Added sbj keymap for Jolla phone * Adding the option to make Caps Lock act as a Menu key. * add altwin:prtsc_rwin * Add br(thinkpad) to the xml files * symbols/group: re-enable grp:ctrls_toggle * Make us(dvp) work with regular right Alt key again * Updated Azerbaijani layout * Azerty French Layout * Added French Togo * More changes to tg layout * Added de(koy) * syntax fix * Translations updated before release * Reenable layer5-lock for de variants * Icelandic QWERTY Layout: Add ability to write Icelandic quotation marks (??) - add /usr/share/X11 dir to filelist in order to fix build again - Adding 'BuildRequires: xsltproc' to build man page. - Removed link from /usr/share/X11/xkb/xkbcomp to /usr/bin/xkbcomp - Removed xkbcomp as Buildrequire (bnc#953161) - Added man page xkeyboard-config (7) ==== yast2-ca-management ==== Version update (3.1.7 -> 3.1.8) - AutoYaST: Reporting timeout errors only. (bnc#962328) - version 3.1.8 ==== yast2-core ==== Version update (3.1.18 -> 3.1.19) Subpackages: yast2-core-devel - ag_ini: when multifile list contain glob, evaluate it in correct root. (bnc#962566) - 3.1.19 ==== zypper ==== Version update (1.12.28 -> 1.12.29) Subpackages: zypper-aptitude zypper-log - Update sle-zypper-po.tar.bz2 - Update zypper-po.tar.bz2 - Enhance guessing of 'obs://' URLs on openSUSE Leap (bnc#959804) - Print repository content 'keywords' in repo details - BuildRequires: libzypp-devel >= 15.20.1 - version 1.12.29 - Update zypper-po.tar.bz2 - Update zypper-po.tar.bz2 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (1)
-
Ludwig Nussel