[opensuse-factory] New Tumbleweed snapshot 20160531 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20160531 Packages changed: GraphicsMagick LibVNCServer ModemManager MozillaFirefox MozillaThunderbird NetworkManager-gnome akonadi-calendar (15.12.3 -> 16.04.1) akonadi-search (15.12.3 -> 16.04.1) akonadi-server (15.12.3 -> 16.04.1) amarok ark (15.12.3 -> 16.04.1) baloo5-widgets (15.12.3 -> 16.04.1) cdrdao crda dolphin (15.12.3 -> 16.04.1) dragonplayer (15.12.3 -> 16.04.1) espeak gnome-software (3.20.2 -> 3.20.3) gpgmepp5 (15.12.3 -> 16.04.1) grantlee5 (5.0.0 -> 5.1.0) gstreamer-plugins-bad gwenview5 (15.12.3 -> 16.04.1) installation-images-openSUSE (14.245 -> 14.247) k3b kaccounts-integration (15.12.3 -> 16.04.1) kalarmcal (15.12.3 -> 16.04.1) kamera (15.12.3 -> 16.04.1) kate (15.12.3 -> 16.04.1) kcalc (15.12.3 -> 16.04.1) kcalcore (15.12.3 -> 16.04.1) kcalutils (15.12.3 -> 16.04.1) kcharselect (15.12.3 -> 16.04.1) kcolorchooser (15.12.3 -> 16.04.1) kcontacts (15.12.3 -> 16.04.1) kdebase4 (15.12.3 -> 16.04.1) kdebase4-runtime (15.12.3 -> 16.04.1) kdebase4-workspace kdelibs4 (4.14.18 -> 4.14.19) kdenetwork4-filesharing (15.12.3 -> 16.04.1) kdepim (15.12.3 -> 16.04.1) kdepim-runtime (15.12.3 -> 16.04.1) kdepimlibs (15.12.3 -> 16.04.1) kdepimlibs4 kdnssd (15.12.3 -> 16.04.1) kernel-source (4.5.4 -> 4.6.0) kget (15.12.3 -> 16.04.1) kgpg (15.12.3 -> 16.04.1) kholidays (15.12.3 -> 16.04.1) kidentitymanagement (15.12.3 -> 16.04.1) kimap (15.12.3 -> 16.04.1) kio-extras5 (15.12.3 -> 16.04.1) kio_audiocd (15.12.3 -> 16.04.1) kipi-plugins5 (4.94git -> 5.0.0~beta5) kiwi (7.03.68 -> 7.03.72) kldap (15.12.3 -> 16.04.1) kleopatra5 (15.12.3 -> 16.04.1) kmag (15.12.3 -> 16.04.1) kmailtransport (15.12.3 -> 16.04.1) kmbox (15.12.3 -> 16.04.1) kmime (15.12.3 -> 16.04.1) kmousetool (15.12.3 -> 16.04.1) kompare (15.12.3 -> 16.04.1) konsole (15.12.3 -> 16.04.1) kontactinterface (15.12.3 -> 16.04.1) kopete (15.12.3 -> 16.04.1) kpimtextedit (15.12.3 -> 16.04.1) kqtquickcharts (15.12.3 -> 16.04.1) krdc (15.12.3 -> 16.04.1) krfb (15.12.3 -> 16.04.1) kruler (15.12.3 -> 16.04.1) ktnef (15.12.3 -> 16.04.1) ktp-accounts-kcm (15.12.3 -> 16.04.1) ktp-approver (15.12.3 -> 16.04.1) ktp-auth-handler (15.12.3 -> 16.04.1) ktp-common-internals (15.12.3 -> 16.04.1) ktp-contact-list (15.12.3 -> 16.04.1) ktp-contact-runner (15.12.3 -> 16.04.1) ktp-desktop-applets (15.12.3 -> 16.04.1) ktp-filetransfer-handler (15.12.3 -> 16.04.1) ktp-kded-module (15.12.3 -> 16.04.1) ktp-send-file (15.12.3 -> 16.04.1) ktp-text-ui (15.12.3 -> 16.04.1) kwalletmanager5 (15.12.3 -> 16.04.1) libaccounts-glib (1.18 -> 1.21) libkcddb4 (15.12.3 -> 16.04.1) libkcompactdisc4 (15.12.3 -> 16.04.1) libkdcraw (15.12.3 -> 16.04.1) libkdepim (15.12.3 -> 16.04.1) libkexiv2 (15.12.3 -> 16.04.1) libkface (15.12.3 -> 16.04.1) libkgeomap (15.12.3 -> 16.04.1) libkipi (15.12.3 -> 16.04.1) libkolab-qt5 libkomparediff2 (15.12.3 -> 16.04.1) libksane (15.12.3 -> 16.04.1) libktorrent libmusicbrainz libqca-qt5 libqt5-qtdeclarative libraw libsidplay1 libyui (3.2.4 -> 3.2.5) marble (15.12.3 -> 16.04.1) mobipocket (15.12.3 -> 16.04.1) mozilla-nss net-snmp okular (15.12.3 -> 16.04.1) opal openCOLLADA perl (5.22.1 -> 5.24.0) perl-MIME-tools perl-Module-Build (0.421200 -> 0.421800) plasma5-desktop python-cffi (1.5.2 -> 1.6.0) qalculate signon-kwallet-extension (15.12.3 -> 16.04.1) spectacle (15.12.3 -> 16.04.1) sweeper (15.12.3 -> 16.04.1) syndication (15.12.3 -> 16.04.1) vim (7.4.1816 -> 7.4.1842) vlc webkitgtk webkitgtk3 yast2-drbd (3.1.21 -> 3.1.22) === Details === ==== GraphicsMagick ==== Subpackages: GraphicsMagick-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 - security update: * CVE-2016-5118 [bsc#982178] + GraphicsMagick-CVE-2016-5118.patch ==== LibVNCServer ==== Subpackages: LibVNCServer-devel libvncclient0 libvncserver0 - Fix build errors of applications using stl_algobase.h and libvncserver's rfbproto.h, e.g. krfb (issue #102) * Add libvncserver-0.9.10-use-namespaced-rfbMax-macro.patch ==== ModemManager ==== Subpackages: ModemManager-devel libmm-glib0 typelib-1_0-ModemManager-1_0 - Add three more patches from upstream to fix build with gcc6: + ModemManager-cinterion_drop_unused_constants.patch. + ModemManager-novatel_remove_unused_custom_AT_probe_array.patch. + ModemManager-wmc_fix_typo.patch. - Add ModemManager-fix-whitespaces.patch: Fix whitespace usage. While building with GCC 6, the indenting is taken as a warning for the user likely making a mistake. ==== MozillaFirefox ==== Subpackages: MozillaFirefox-translations-common - The conditional testing for gcc was failing for different openSUSE versions, drop it and apply patches unconditionally. - Add patches to fix building with gcc6: + mozilla-gcc6.patch: fix building with gcc >= 6.1; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + mozilla-exclude-nametablecpp.patch: Exclude NameTable.cpp from unified compilation because #include <cmath> in other source files causes gcc6 compilation failure; patch taken from upstream: https://hg.mozilla.org/mozilla-central/rev/9c57b7cacffc. - enable build with PIE and full relro on x86_64 (boo#980384) - update to Firefox 46.0.1 Fixed: * Search plugin issue for various locales * Add-on signing certificate expiration * Service worker update issue * Build issue when jit is disabled * Limit Sync registration updates - removed now obsolete mozilla-jit_branch64.patch - add mozilla-jit_branch64.patch to avoid PowerPC build failure (from bmo#1266366) - Update mozilla-gtk3_20.patch for Firefox 46.0 (sync to latest version from Fedora). - update to Firefox 46.0 (boo#977333) * Improved security of the JavaScript Just In Time (JIT) Compiler * WebRTC fixes to improve performance and stability * Added support for document.elementsFromPoint * Added HKDF support for Web Crypto API * requires NSPR 4.12 and NSS 3.22.3 * added patch to fix unchecked return value mozilla-check_return.patch * Gtk3 builds not supported at the moment security fixes: * MFSA 2016-39/CVE-2016-2804/CVE-2016-2806/CVE-2016-2807 (boo#977373, boo#977375, boo#977376) Miscellaneous memory safety hazards * MFSA 2016-40/CVE-2016-2809 (bmo#1212939, boo#977377) Privilege escalation through file deletion by Maintenance Service updater (Windows only) * MFSA 2016-41/CVE-2016-2810 (bmo#1229681, boo#977378) Content provider permission bypass allows malicious application to access data (Android only) * MFSA 2016-42/CVE-2016-2811/CVE-2016-2812 (bmo#1252330, bmo#1261776, boo#977379) Use-after-free and buffer overflow in Service Workers * MFSA 2016-43/CVE-2016-2813 (bmo#1197901, bmo#2714650, boo#977380) Disclosure of user actions through JavaScript with motion and orientation sensors (only affects mobile variants) * MFSA 2016-44/CVE-2016-2814 (bmo#1254721, boo#977381) Buffer overflow in libstagefright with CENC offsets * MFSA 2016-45/CVE-2016-2816 (bmo#1223743, boo#977382) CSP not applied to pages sent with multipart/x-mixed-replace * MFSA 2016-46/CVE-2016-2817 (bmo#1227462, boo#977384) Elevation of privilege with chrome.tabs.update API in web extensions * MFSA 2016-47/CVE-2016-2808 (bmo#1246061, boo#977386) Write to invalid HashMap entry through JavaScript.watch() * MFSA 2016-48/CVE-2016-2820 (bmo#870870, boo#977388) Firefox Health Reports could accept events from untrusted domains - Update mozilla-gtk3_20.patch to fix scrollbar appearance under gtk >= 3.20 (patch synced to Fedora's version). - Compile against gtk3 depending on whether the macro %firefox_use_gtk3 is defined or not (e.g., at the prjconf level); macro is undefined by default and so gtk2 is used as the default toolkit. - Add BuildRequires for additional packages needed when building against gtk3: pkgconfig(glib-2.0), pkgconfig(gobject-2.0), pkgconfig(gtk+-3.0) >= 3.4.0, pkgconfig(gtk+-unix-print-3.0). - Add firefox-gtk3_20.patch to fix appearance with gtk3 >= 3.20; patch taken from Fedora (bmo#1230955). - Mozilla Firefox 45.0.2: * Fix an issue impacting the cookie header when third-party cookies are blocked (bmo#1257861) * Fix a web compatibility regression impacting the srcset attribute of the image tag (bmo#1259482) * Fix a crash impacting the video playback with Media Source Extension (bmo#1258562) * Fix a regression impacting some specific uploads (bmo#1255735) * Fix a regression with the copy and paste with some old versions of some Gecko applications like Thunderbird (bmo#1254980) - Mozilla Firefox 45.0.1: * Fix a regression causing search engine settings to be lost in some context (bmo#1254694) * Bring back non-standard jar: URIs to fix a regression in IBM iNotes (bmo#1255139) * XSLTProcessor.importStylesheet was failing when <import> was used (bmo#1249572) * Fix an issue which could cause the list of search provider to be empty (bmo#1255605) * Fix a regression when using the location bar (bmo#1254503) * Fix some loading issues when Accept third-party cookies: was set to Never (bmo#1254856) * Disabled Graphite font shaping library - update to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library - Remove B_CNT from symbols.zip filename to reduce build-compare noise - fix build problems on i586, caused by too large unified compile units - adding mozilla-reduce-files-per-UnifiedBindings.patch - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942) - build fixes for arm/aarch64: * disable webrtc for arm/aarch64 * switch away from openGL-ES backend to default for arm/aarch64 since it almost never builds * reenable neon - reenable webrtc for powerpc as it seems to build - update to Firefox 44.0 * MFSA 2016-01/CVE-2016-1930/CVE-2016-1931 boo#963633 Miscellaneous memory safety hazards * MFSA 2016-02/CVE-2016-1933 (bmo#1231761) boo#963634 Out of Memory crash when parsing GIF format images * MFSA 2016-03/CVE-2016-1935 (bmo#1220450) boo#963635 Buffer overflow in WebGL after out of memory allocation * MFSA 2016-04/CVE-2015-7208/CVE-2016-1939 (bmo#1191423, bmo#1233784) boo#963637 Firefox allows for control characters to be set in cookie names * MFSA 2016-06/CVE-2016-1937 (bmo#724353) boo#963641 Missing delay following user click events in protocol handler dialog * MFSA 2016-07/CVE-2016-1938 (bmo#1190248) boo#963731 Errors in mp_div and mp_exptmod cryptographic functions in NSS (fixed by requiring NSS 3.21) * MFSA 2016-09/CVE-2016-1942/CVE-2016-1943 (bmo#1189082, bmo#1228590) Addressbar spoofing attacks boo#963643 * MFSA 2016-10/CVE-2016-1944/CVE-2016-1945/CVE-2016-1946 (bmo#1186621, bmo#1214782, bmo#1232096) boo#963644 Unsafe memory manipulation found through code inspection * MFSA 2016-11/CVE-2016-1947 (bmo#1237103) boo#963645 Application Reputation service disabled in Firefox 43 * requires NSPR 4.11 * requires NSS 3.21 - prepare mozilla-kde.patch for Gtk3 builds - rebased patches - Mozilla Firefox 43.0.4: * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections (bmo#1236975) * Fix for startup crash for users of a third party antivirus tool (bmo#1235537) - The following change was previously in the package as a patch: * Multi-user GNU/Linux download folders can be created (bmo#1233434), removed mozilla-bmo1233434.patch - update to Firefox 43.0.3 * requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 (bmo#1158489) MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature * various changes to support Windows update (SHA-1 vs. SHA-2) * workaround Youtube user agent detection issue (bmo#1233970) - fix file download regression for multi user systems (bmo#1233434) (mozilla-bmo1233434.patch) - explicitely requires libXcomposite-devel - update to Firefox 43.0 (bnc#959277) * Improved API support for m4v video playback * Users can opt-in to receive search suggestions from the Awesome Bar * WebRTC streaming on multiple monitors * User selectable second block list for Private Browsing's Tracking Protection security fixes: * MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards * MFSA 2015-135/CVE-2015-7204 (bmo#1216130) Crash with JavaScript variable assignment with unboxed objects * MFSA 2015-136/CVE-2015-7207 (bmo#1185256) Same-origin policy violation using perfomance.getEntries and history navigation * MFSA 2015-137/CVE-2015-7208 (bmo#1191423) Firefox allows for control characters to be set in cookies * MFSA 2015-138/CVE-2015-7210 (bmo#1218326) Use-after-free in WebRTC when datachannel is used after being destroyed * MFSA 2015-139/CVE-2015-7212 (bmo#1222809) Integer overflow allocating extremely large textures * MFSA 2015-140/CVE-2015-7215 (bmo#1160890) Cross-origin information leak through web workers error events * MFSA 2015-141/CVE-2015-7211 (bmo#1221444) Hash in data URI is incorrectly parsed * MFSA 2015-142/CVE-2015-7218/CVE-2015-7219 (bmo#1194818, bmo#1194820) DOS due to malformed frames in HTTP/2 * MFSA 2015-143/CVE-2015-7216/CVE-2015-7217 (bmo#1197059, bmo#1203078) Linux file chooser crashes on malformed images due to flaws in Jasper library * MFSA 2015-144/CVE-2015-7203/CVE-2015-7220/CVE-2015-7221 (bmo#1201183, bmo#1178033, bmo#1199400) Buffer overflows found through code inspection * MFSA 2015-145/CVE-2015-7205 (bmo#1220493) Underflow through code inspection * MFSA 2015-146/CVE-2015-7213 (bmo#1206211) Integer overflow in MP4 playback in 64-bit versions * MFSA 2015-147/CVE-2015-7222 (bmo#1216748) Integer underflow and buffer overflow processing MP4 metadata in libstagefright * MFSA 2015-148/CVE-2015-7223 (bmo#1226423) Privilege escalation vulnerabilities in WebExtension APIs * MFSA 2015-149/CVE-2015-7214 (bmo#1228950) Cross-site reading attack through data and view-source URIs - rebased patches - Add desktop menu action for private browsing window to desktop file (boo#954747) - remove obsolete patch mozilla-bmo1005535.patch completely from source package to avoid automatic check failures - update to Firefox 42.0 (bnc#952810) * Private Browsing with Tracking Protection blocks certain Web elements that could be used to record your behavior across sites * Control Center that contains site security and privacy controls * Login Manager improvements * WebRTC improvements * Indicator added to tabs that play audio with one-click muting * Media Source Extension for HTML5 video available for all sites security fixes: * MFSA 2015-116/CVE-2015-4513/CVE-2015-4514 Miscellaneous memory safety hazards * MFSA 2015-117/CVE-2015-4515 (bmo#1046421) Information disclosure through NTLM authentication * MFSA 2015-118/CVE-2015-4518 (bmo#1182778, bmo#1136692) CSP bypass due to permissive Reader mode whitelist * MFSA 2015-119/CVE-2015-7185 (bmo#1149000) (Android only) Firefox for Android addressbar can be removed after fullscreen mode * MFSA 2015-120/CVE-2015-7186 (bmo#1193027) (Android only) Reading sensitive profile files through local HTML file on Android * MFSA 2015-121/CVE-2015-7187 (bmo#1195735) disabling scripts in Add-on SDK panels has no effect * MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas * MFSA 2015-124/CVE-2015-7190 (bmo#1208520) (Android only) Android intents can be used on Firefox for Android to open privileged files * MFSA 2015-125/CVE-2015-7191 (bmo#1208956) (Android only) XSS attack through intents on Firefox for Android * MFSA 2015-126/CVE-2015-7192 (bmo#1210023) (OS X only) Crash when accessing HTML tables with accessibility tools on OS X * MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files * MFSA 2015-129/CVE-2015-7195 (bmo#1211871) Certain escaped characters in host of Location-header are being treated as non-escaped * MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1188010, bmo#1204061, bmo#1204155) Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1205157) NSS and NSPR memory corruption issues (fixed in mozilla-nspr and mozilla-nss packages) - requires NSPR >= 4.10.10 and NSS >= 3.19.4 - removed obsolete patches * mozilla-arm-disable-edsp.patch * mozilla-icu-strncat.patch * mozilla-skia-be-le.patch * toolkit-download-folder.patch - fixed build with enable-libproxy (bmo#1220399) * mozilla-libproxy.patch - update to Firefox 41.0.2 (bnc#950686) * MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) Cross-origin restriction bypass using Fetch - added explicit appdata provides (bnc#949983) - do not build with --enable-stdcxx-compat (this starts to fail build on various toolchain combinations and is not required for openSUSE builds in general - update to Firefox 41.0.1 * Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124) * Fix potential hangs with Flash plugins (bmo#1185639) * Fix a regression in the bookmark creation (bmo#1206376) * Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665) * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) - update to Firefox 41.0 (bnc#947003) * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API - rebased patches - removed obsolete patches * mozilla-arm64-libjpeg-turbo.patch - update to Firefox 40.0.3 (bnc#943550) * Disable the asynchronous plugin initialization (bmo#1198590) * Fix a segmentation fault in the GStreamer support (bmo#1145230) * Fix a regression with some Japanese fonts used in the <input> field (bmo#1194055) * On some sites, the selection in a select combox box using the mouse could be broken (bmo#1194733) security fixes * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bmo#1042699) Add-on notification bypass through data URLs - update to Firefox 40.0 (bnc#940806) * Added protection against unwanted software downloads * Suggested Tiles show sites of interest, based on categories from your recent browsing history * Hello allows adding a link to conversations to provide context on what the conversation will be about * New style for add-on manager based on the in-content preferences style * Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) * Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes: * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards * MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file * MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback * MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright * MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) * MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) * MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections * MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification * MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches * mozilla-add-glibcxx_use_cxx11_abi.patch * firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - security update to Firefox 39.0.3 (bnc#940918) * MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader - update to Firefox 39.0 (bnc#935979) * Share Hello URLs with social networks * Support for 'switch' role in ARIA 1.1 (web accessibility) * SafeBrowsing malware detection lookups enabled for downloads (Mac OS X and Linux) * Support for new Unicode 8.0 skin tone emoji * Removed support for insecure SSLv3 for network communications * Disable use of RC4 except for temporarily whitelisted hosts * NPAPI Plug-in performance improved via asynchronous initialization security fixes: * MFSA 2015-59/CVE-2015-2724/CVE-2015-2725/CVE-2015-2726 Miscellaneous memory safety hazards * MFSA 2015-60/CVE-2015-2727 (bmo#1163422) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-61/CVE-2015-2728 (bmo#1142210) Type confusion in Indexed Database Manager * MFSA 2015-62/CVE-2015-2729 (bmo#1122218) Out-of-bound read while computing an oscillator rendering range in Web Audio * MFSA 2015-63/CVE-2015-2731 (bmo#1149891) Use-after-free in Content Policy due to microtask execution error * MFSA 2015-64/CVE-2015-2730 (bmo#1125025) ECDSA signature validation fails to handle some signatures correctly (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-65/CVE-2015-2722/CVE-2015-2733 (bmo#1166924, bmo#1169867) Use-after-free in workers while using XMLHttpRequest * MFSA 2015-66/CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737 CVE-2015-2738/CVE-2015-2739/CVE-2015-2740 Vulnerabilities found through code inspection * MFSA 2015-67/CVE-2015-2741 (bmo#1147497) Key pinning is ignored when overridable errors are encountered * MFSA 2015-68/CVE-2015-2742 (bmo#1138669) OS X crash reports may contain entered key press information (not relevant under Linux) * MFSA 2015-69/CVE-2015-2743 (bmo#1163109) Privilege escalation in PDF.js * MFSA 2015-70/CVE-2015-4000 (bmo#1138554) NSS accepts export-length DHE keys with regular DHE cipher suites (this fix is shipped by NSS 3.19.1 externally) * MFSA 2015-71/CVE-2015-2721 (bmo#1086145) NSS incorrectly permits skipping of ServerKeyExchange (this fix is shipped by NSS 3.19.1 externally) - dropped mozilla-prefer_plugin_pref.patch as this feature is likely not worth maintaining further - rebased patches - require NSS 3.19.2 - mozilla-arm64-libjpeg-turbo.patch: fix libjpeg-turbo configuration - update to Firefox 38.0.6 * fixes bmo#1171730 which is not really relevant to oS builds - fix KDE regression from 38.0.5 builds (bsc#933439) - update to Firefox 38.0.5 * Keep track of articles and videos with Pocket * Clean formatting for articles and blog posts with Reader View * Share the active tab or window in a Hello conversation - add changes file as source for SRPM (bsc#932142) - add mozilla-add-glibcxx_use_cxx11_abi.patch grabbed from https://bugzilla.mozilla.org/show_bug.cgi?id=1153109 - update to Firefox 38.0.1 stability and regression fixes * Systems with first generation NVidia Optimus graphics cards may crash on start-up * Users who import cookies from Google Chrome can end up with broken websites * Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) * New tab-based preferences * Ruby annotation support * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes: * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards * MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML * MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata * MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages - requires NSS 3.18.1 - removed obsolete patches: * mozilla-skia-bmo1136958.patch - remove gnomevfs build options as it is removed from sources - rebased patches - update to Firefox 37.0.2 (bnc#928116) * MFSA 2015-45/CVE-2015-2706 (bmo#1141081) Memory corruption during failed plugin initialization - update to Firefox 37.0.1 (bnc#926166) * MFSA 2015-43/CVE-2015-0798 (bmo#1147597) (Android only) Loading privileged content through Reader mode * MFSA 2015-44/CVE-2015-0799 (bmo#1148328) Certificate verification bypass through the HTTP/2 Alt-Svc header - update to Firefox 37.0 (bnc#925368) * Heartbeat user rating system * Yandex set as default search provider for the Turkish locale * Bing search now uses HTTPS for secure searching * Improved protection against site impersonation via OneCRL centralized certificate revocation * Opportunistically encrypt HTTP traffic where the server supports HTTP/2 AltSvc * some more behaviour changes for TLS security fixes: * MFSA 2015-30/CVE-2015-0814/CVE-2015-0815 Miscellaneous memory safety hazards * MFSA 2015-31/CVE-2015-0813 (bmo#1106596)) Use-after-free when using the Fluendo MP3 GStreamer plugin * MFSA 2015-32/CVE-2015-0812 (bmo#1128126) Add-on lightweight theme installation approval bypassed through MITM attack * MFSA 2015-33/CVE-2015-0816 (bmo#1144991) resource:// documents can load privileged pages * MFSA-2015-34/CVE-2015-0811 (bmo#1132468) Out of bounds read in QCMS library * MFSA-2015-35/CVE-2015-0810 (bmo#1125013) Cursor clickjacking with flash and images (OS X only) * MFSA-2015-36/CVE-2015-0808 (bmo#1109552) Incorrect memory management for simple-type arrays in WebRTC * MFSA-2015-37/CVE-2015-0807 (bmo#1111834) CORS requests should not follow 30x redirections after preflight * MFSA-2015-38/CVE-2015-0805/CVE-2015-0806 (bmo#1135511, bmo#1099437) Memory corruption crashes in Off Main Thread Compositing * MFSA-2015-39/CVE-2015-0803/CVE-2015-0804 (bmo#1134560) Use-after-free due to type confusion flaws * MFSA-2015-40/CVE-2015-0801 (bmo#1146339) Same-origin bypass through anchor navigation * MFSA-2015-41/CVE-2015-0800/CVE-2012-2808 PRNG weakness allows for DNS poisoning on Android (only) * MFSA-2015-42/CVE-2015-0802 (bmo#1124898) Windows can retain access to privileged content on navigation to unprivileged pages - removed obsolete patches * mozilla-bmo1088588.patch * mozilla-bmo1108834.patch - requires NSPR 4.10.8 - Fix builds with skia on Power mozilla-skia-be-le.patch (patch from #bmo1136958) mozilla-bmo1108834.patch mozilla-bmo1005535.patch - update to Firefox 36.0.4 (bnc#923534) * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination - Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g. xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info). - update to Firefox 36.0.1 Bugfixes: * Disable the usage of the ANY DNS query type (bmo#1093983) * Hello may become inactive until restart (bmo#1137469) * Print preferences may not be preserved (bmo#1136855) * Hello contact tabs may not be visible (bmo#1137141) * Accept hostnames that include an underscore character ("_") (bmo#1136616) * WebGL may use significant memory with Canvas2d (bmo#1137251) * Option -remote has been restored (bmo#1080319) - added mozilla-skia-bmo1136958.patch to fix build issues for ARM and PPC - update to Firefox 36.0 (bnc#917597) * mozilla-xremote-client was removed * added libclearkey.so media plugin * Pinned tiles on the new tab page can be synced * Support for the full HTTP/2 protocol. HTTP/2 enables a faster, more scalable, and more responsive web. * Locale added: Uzbek (uz) security fixes: * MFSA 2015-11/CVE-2015-0835/CVE-2015-0836 Miscellaneous memory safety hazards * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will load locally stored DLL files (Windows only) * MFSA 2015-13/CVE-2015-0832 (bmo#1065909) Appended period to hostnames can bypass HPKP and HSTS protections * MFSA 2015-14/CVE-2015-0830 (bmo#1110488) Malicious WebGL content crash when writing strings * MFSA 2015-15/CVE-2015-0834 (bmo#1098314) TLS TURN and STUN connections silently fail to simple TCP connections * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB * MFSA 2015-17/CVE-2015-0829 (bmo#1128939) Buffer overflow in libstagefright during MP4 video playback * MFSA 2015-18/CVE-2015-0828 (bmo#1030667, bmo#988675) Double-free when using non-default memory allocators with a zero-length XHR * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write while rendering SVG content * MFSA 2015-20/CVE-2015-0826 (bmo#1092363) Buffer overflow during CSS restyling * MFSA 2015-21/CVE-2015-0825 (bmo#1092370) Buffer underflow during MP3 playback * MFSA 2015-22/CVE-2015-0824 (bmo#1095925) Crash using DrawTarget in Cairo graphics library * MFSA 2015-23/CVE-2015-0823 (bmo#1098497) Use-after-free in Developer Console date with OpenType Sanitiser * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files through manipulation of form autocomplete * MFSA 2015-25/CVE-2015-0821 (bmo#1111960) Local files or privileged URLs in pages can be opened into new tabs * MFSA 2015-26/CVE-2015-0819 (bmo#1079554) UI Tour whitelisted sites in background tab can spoof foreground tabs * MFSA 2015-27CVE-2015-0820 (bmo#1125398) Caja Compiler JavaScript sandbox bypass - rebased patches - requires NSS 3.17.4 - update to Firefox 35.0.1 * With the Enhanced Steam extension, Firefox could crash (bmo#1123732) * Kerberos authentication did not work with alias (bmo#1108971) * SVG / CSS animation had a regression causing rendering issues on websites like openstreemap.org (bmo#1083079) * On Godaddy webmail, Firefox could crash (bmo#1113121) * document.baseURI did not get updated to document.location after base tag was removed from DOM for site with a CSP (bmo#1121857) * With a Right-to-left (RTL) version of Firefox, the text selection could be broken (bmo#1104036) * CSP had a change in behavior with regard to case sensitivity resources loading (bmo#1122445) - update to Firefox 35.0 (bnc#910669) notable features: * Firefox Hello with new rooms-based conversations model * Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections) security fixes: * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects - rebased patches - dropped explicit support for everything older than 12.3 (including SLES11) * merge firefox-kde.patch and firefox-kde-114.patch * dropped mozilla-sle11.patch - reworked specfile to build conditionally based on release channel either Firefox or Firefox Developer Edition - added mozilla-openaes-decl.patch to fix implicit declarations - obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892) - fix bashism in mozilla.sh script - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 - rebased patches - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - Disable elf-hack for aarch64 - Enable EGL for aarch64 - Limit RAM usage during link for %arm - Fix _constraints for ARM - use proper macros for ARM - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too to fix compiling. - pass '-Wl,--no-keep-memory' to linker to reduce required memory during linking on arm. - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) - use Firefox default optimization flags instead of -Os - specfile cleanup - fix build for all ppc by not enabling elf-hack (bnc#901213) - update to Firefox 33.0 (bnc#900941) New features: * OpenH264 support (sandboxed) * Enhanced Tiles * Improved search experience through the location bar * Slimmer and faster JavaScript strings * New CSP (Content Security Policy) backend * Support for connecting to HTTP proxy over HTTPS * Improved reliability of the session restoration * Proprietary window.crypto properties/functions removed Security: * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch - added basic appdata information - update to Firefox 32.0.2 * just a version bump for our builds * fixed the in application update process for certain environments (in application update is not enabled in openSUSE and Linux is unaffected in any case) - build with --disable-optimize for 13.1 and above for i586 to workaround miscompilations (bnc#896624) - use some more build flags to align with upstream - update to Firefox 32.0.1 * fixed stability issues for computers with multiple graphics cards * mixed content icon may be incorrectly displayed instead of lock icon for SSL sites in 32.0 ( * WebRTC: setRemoteDescription() silently fails if no success callback is specified (bmo#1063971) - update to Firefox 32.0 (bnc#894370) * MFSA 2014-67/CVE-2014-1553/CVE-2014-1554/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - rebased patches - requires NSS 3.16.4 - removed upstreamed patch * mozilla-aarch64-bmo-810631.patch - adapted _constraints, used more than 3900MB on s390x during last build - update to Firefox 31.0 (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect - use EGL on ARM - rebased patches - requires NSS 3.16.2 - requires python-devel (not only python) - update to Firefox 30.0 (bnc#881874) * MFSA 2014-48/CVE-2014-1533/CVE-2014-1534 (bmo#921622, bmo#967354, bmo#969517, bmo#969549, bmo#973874, bmo#978652, bmo#978811, bmo#988719, bmo#990868, bmo#991981, bmo#992274, bmo#994907, bmo#995679, bmo#995816, bmo#995817, bmo#996536, bmo#996715, bmo#999651, bmo#1000598, bmo#1000960, bmo#1002340, bmo#1005578, bmo#1007223, bmo#1009952, bmo#1011007) Miscellaneous memory safety hazards (rv:30.0) * MFSA 2014-49/CVE-2014-1536/CVE-2014-1537/CVE-2014-1538 (bmo#989994, bmo#999274, bmo#1005584) Use-after-free and out of bounds issues found using Address Sanitizer * MFSA 2014-50/CVE-2014-1539 (bmo#995603) Clickjacking through cursor invisability after Flash interaction * MFSA 2014-51/CVE-2014-1540 (bmo#978862) Use-after-free in Event Listener Manager * MFSA 2014-52/CVE-2014-1541 (bmo#1000185) Use-after-free with SMIL Animation Controller * MFSA 2014-53/CVE-2014-1542 (bmo#991533) Buffer overflow in Web Audio Speex resampler * MFSA 2014-54/CVE-2014-1543 (bmo#1011859) Buffer overflow in Gamepad API * MFSA 2014-55/CVE-2014-1545 (bmo#1018783) Out of bounds write in NSPR - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-bmo-962488.patch * mozilla-aarch64-bmo-963023.patch * mozilla-aarch64-bmo-963024.patch * mozilla-aarch64-bmo-963027.patch * mozilla-ppc64-xpcom.patch * mozilla-ppc64le-javascript.patch * mozilla-ppc64le-libffi.patch * mozilla-ppc64le-mfbt.patch * mozilla-ppc64le-webrtc.patch * mozilla-ppc64le-xpcom.patch * mozilla-ppc64le-build.patch - requires NSPR 4.10.6 - enabled GStreamer 1.0 usage for 13.2 and above - update to Firefox 29.0.1 * Seer disabled by default (bmo#1005958) * Session Restore failed with a corrupted sessionstore.js file (bmo#1001167) * pdf.js printing white page (bmo#1003707, bnc#876833) - general.useragent.locale gets overwritten with en-US while it should be using the active langpack's setting - update to Firefox 29.0 (bnc#875378) * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-599882cfb998.diff * mozilla-aarch64-bmo-963028.patch * mozilla-aarch64-bmo-963029.patch * mozilla-aarch64-bmo-963030.patch * mozilla-aarch64-bmo-963031.patch - requires NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks - add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting - Add patch for bmo#973977 * mozilla-ppc64-xpcom.patch - Refresh mozilla-ppc64le-xpcom.patch patch - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system - update to Firefox 28.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 - new build dependency (and recommends): * libpulse - update of PowerPC 64 patches (bmo#976648) (pcerny@suse.com) - rebased patches - update to Firefox 27.0.1 * Fixed stability issues with Greasemonkey and other JS that used ClearTimeoutOrInterval * JS math correctness issue (bmo#941381) - incorporate Google API key for geolocation (bnc#864170) - updated list of "other" locales in RPM requirements - update to Firefox 27.0 (bnc#861847) * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects - requires NSS 3.15.4 or higher - rebased/reworked patches - removed obsolete mozilla-bug929439.patch - Add support for powerpc64le-linux. * mozilla-ppc64le.patch: general support * mozilla-libffi-ppc64le.patch: libffi backport * mozilla-xpcom-ppc64le.patch: port xpcom - Add build fix from mainline. * mozilla-bug929439.patch - update to Firefox 26.0 (bnc#854367, bnc#854370) * rebased patches * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now - update to Firefox 25.0 (bnc#847708) * rebased patches * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates - as GStreamer is not automatically required anymore but loaded dynamically if available, require it explicitely - recommend optional GStreamer plugins for comprehensive media support - move greek to the translations-common package (bnc#840551) - update to Firefox 24.0 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - enable gstreamer explicitely via pref (gecko.js) - require NSS 3.15.1 - update to Firefox 23.0.1 * Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (bmo#901527) - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) - update to Firefox 22.0 (bnc#825935) * removed obsolete patches + mozilla-qcms-ppc.patch + mozilla-gstreamer-760140.patch * GStreamer support does not build on 12.1 anymore (build only on 12.2 and later) * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name - Fix qcms altivec include (mozilla-qcms-ppc.patch) - update to Firefox 21.0 (bnc#819204) * removed upstreamed patch firefox-712763.patch * removed disabled mozilla-disable-neon-option.patch * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) - Explicitly disable WebRTC support on non-x86, the configure script disables it only half-heartedly - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling - update to Firefox 19.0.2 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor - update to Firefox 19.0.1 * blocklist updates - update to Firefox 19.0 (bnc#804248) * MFSA 2013-21/CVE-2013-0783/2013-0784 Miscellaneous memory safety hazards * MFSA 2013-22/CVE-2013-0772 (bmo#801366) Out-of-bounds read in image rendering * MFSA 2013-23/CVE-2013-0765 (bmo#830614) Wrapped WebIDL objects can be wrapped again * MFSA 2013-24/CVE-2013-0773 (bmo#809652) Web content bypass of COW and SOW security wrappers * MFSA 2013-25/CVE-2013-0774 (bmo#827193) Privacy leak in JavaScript Workers * MFSA 2013-26/CVE-2013-0775 (bmo#831095) Use-after-free in nsImageLoadingContent * MFSA 2013-27/CVE-2013-0776 (bmo#796475) Phishing on HTTPS connection through malicious proxy * MFSA 2013-28/CVE-2013-0780/CVE-2013-0782/CVE-2013-0777/ CVE-2013-0778/CVE-2013-0779/CVE-2013-0781 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer - removed obsolete patches * mozilla-webrtc.patch * mozilla-gstreamer-803287.patch - added patch to fix session restore window order (bmo#712763) - update to Firefox 18.0.2 * blocklist and CTP updates * fixes in JS engine - update to Firefox 18.0.1 * blocklist updates * backed out bmo#677092 (removed patch) * fixed problems involving HTTP proxy transactions - Fix WebRTC to build on powerpc - update to Firefox 18.0 (bnc#796895) * MFSA 2013-01/CVE-2013-0749/CVE-2013-0769/CVE-2013-0770 Miscellaneous memory safety hazards * MFSA 2013-02/CVE-2013-0760/CVE-2013-0762/CVE-2013-0766/CVE-2013-0767 CVE-2013-0761/CVE-2013-0763/CVE-2013-0771/CVE-2012-5829 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2013-03/CVE-2013-0768 (bmo#815795) Buffer Overflow in Canvas * MFSA 2013-04/CVE-2012-0759 (bmo#802026) URL spoofing in addressbar during page loads * MFSA 2013-05/CVE-2013-0744 (bmo#814713) Use-after-free when displaying table with many columns and column groups * MFSA 2013-06/CVE-2013-0751 (bmo#790454) Touch events are shared across iframes * MFSA 2013-07/CVE-2013-0764 (bmo#804237) Crash due to handling of SSL on threads * MFSA 2013-08/CVE-2013-0745 (bmo#794158) AutoWrapperChanger fails to keep objects alive during garbage collection * MFSA 2013-09/CVE-2013-0746 (bmo#816842) Compartment mismatch with quickstubs returned values * MFSA 2013-10/CVE-2013-0747 (bmo#733305) Event manipulation in plugin handler to bypass same-origin policy * MFSA 2013-11/CVE-2013-0748 (bmo#806031) Address space layout leaked in XBL objects * MFSA 2013-12/CVE-2013-0750 (bmo#805121) Buffer overflow in Javascript string concatenation * MFSA 2013-13/CVE-2013-0752 (bmo#805024) Memory corruption in XBL with XML bindings containing SVG * MFSA 2013-14/CVE-2013-0757 (bmo#813901) Chrome Object Wrapper (COW) bypass through changing prototype * MFSA 2013-15/CVE-2013-0758 (bmo#813906) Privilege escalation through plugin objects * MFSA 2013-16/CVE-2013-0753 (bmo#814001) Use-after-free in serializeToStream * MFSA 2013-17/CVE-2013-0754 (bmo#814026) Use-after-free in ListenerManager * MFSA 2013-18/CVE-2013-0755 (bmo#814027) Use-after-free in Vibrate * MFSA 2013-19/CVE-2013-0756 (bmo#814029) Use-after-free in Javascript Proxy objects - requires NSS 3.14.1 (MFSA 2013-20, CVE-2013-0743) - removed obsolete SLE11 patches (mozilla-gcc43*) - reenable WebRTC - added mozilla-libproxy-compat.patch for libproxy API compat on openSUSE 11.2 and earlier - backed out restartless language packs as it broke multi-locale setup (bmo#677092, bmo#818468) - update to Firefox 17.0.1 * revert some useragent changes introduced in 17.0 * leaving private browsing with social enabled doesn't reset all social components (bmo#815042) - fix KDE integration for file dialogs - update to Firefox 17.0 (bnc#790140) * MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards * MFSA 2012-92/CVE-2012-4202 (bmo#758200) Buffer overflow while rendering GIF images * MFSA 2012-93/CVE-2012-4201 (bmo#747607) evalInSanbox location context incorrectly applied * MFSA 2012-94/CVE-2012-5836 (bmo#792857) Crash when combining SVG text on path with CSS * MFSA 2012-95/CVE-2012-4203 (bmo#765628) Javascript: URLs run in privileged context on New Tab page * MFSA 2012-96/CVE-2012-4204 (bmo#778603) Memory corruption in str_unescape * MFSA 2012-97/CVE-2012-4205 (bmo#779821) XMLHttpRequest inherits incorrect principal within sandbox * MFSA 2012-99/CVE-2012-4208 (bmo#798264) XrayWrappers exposes chrome-only properties when not in chrome compartment * MFSA 2012-100/CVE-2012-5841 (bmo#805807) Improper security filtering for cross-origin wrappers * MFSA 2012-101/CVE-2012-4207 (bmo#801681) Improper character decoding in HZ-GB-2312 charset * MFSA 2012-102/CVE-2012-5837 (bmo#800363) Script entered into Developer Toolbar runs with chrome privileges * MFSA 2012-103/CVE-2012-4209 (bmo#792405) Frames can shadow top.location * MFSA 2012-104/CVE-2012-4210 (bmo#796866) CSS and HTML injection through Style Inspector * MFSA 2012-105/CVE-2012-4214/CVE-2012-4215/CVE-2012-4216/ CVE-2012-5829/CVE-2012-5839/CVE-2012-5840/CVE-2012-4212/ CVE-2012-4213/CVE-2012-4217/CVE-2012-4218 Use-after-free and buffer overflow issues found using Address Sanitizer * MFSA 2012-106/CVE-2012-5830/CVE-2012-5833/CVE-2012-5835/CVE-2012-5838 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer - rebased patches - disabled WebRTC since build is broken (bmo#776877) - build on SLE11 * mozilla-gcc43-enums.patch * mozilla-gcc43-template_hacks.patch * mozilla-gcc43-templates_instantiation.patch - update to Firefox 16.0.2 (bnc#786522) * MFSA 2012-90/CVE-2012-4194/CVE-2012-4195/CVE-2012-4196 (bmo#800666, bmo#793121, bmo#802557) Fixes for Location object issues - bring back Obsoletes for libproxy's mozjs plugin for distributions before 12.2 to avoid crashes - update to Firefox 16.0.1 (bnc#783533) * MFSA 2012-88/CVE-2012-4191 (bmo#798045) Miscellaneous memory safety hazards * MFSA 2012-89/CVE-2012-4192/CVE-2012-4193 (bmo#799952, bmo#720619) defaultValue security checks not applied - update to Firefox 16.0 (bnc#783533) * MFSA 2012-74/CVE-2012-3982/CVE-2012-3983 Miscellaneous memory safety hazards * MFSA 2012-75/CVE-2012-3984 (bmo#575294) select element persistance allows for attacks * MFSA 2012-76/CVE-2012-3985 (bmo#655649) Continued access to initial origin after setting document.domain * MFSA 2012-77/CVE-2012-3986 (bmo#775868) Some DOMWindowUtils methods bypass security checks * MFSA 2012-79/CVE-2012-3988 (bmo#725770) DOS and crash with full screen and history navigation * MFSA 2012-80/CVE-2012-3989 (bmo#783867) Crash with invalid cast when using instanceof operator * MFSA 2012-81/CVE-2012-3991 (bmo#783260) GetProperty function can bypass security checks * MFSA 2012-82/CVE-2012-3994 (bmo#765527) top object and location property accessible by plugins * MFSA 2012-83/CVE-2012-3993/CVE-2012-4184 (bmo#768101, bmo#780370) Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties * MFSA 2012-84/CVE-2012-3992 (bmo#775009) Spoofing and script injection through location.hash * MFSA 2012-85/CVE-2012-3995/CVE-2012-4179/CVE-2012-4180/ CVE-2012-4181/CVE-2012-4182/CVE-2012-4183 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer * MFSA 2012-86/CVE-2012-4185/CVE-2012-4186/CVE-2012-4187/ CVE-2012-4188 Heap memory corruption issues found using Address Sanitizer * MFSA 2012-87/CVE-2012-3990 (bmo#787704) Use-after-free in the IME State Manager - requires NSPR 4.9.2 - improve GStreamer integration (bmo#760140) - removed upstreamed mozilla-crashreporter-restart-args.patch - webapprt now included - use kmozillahelper's new REVEAL command (bnc#777415) (requires mozilla-kde4-integration >= 0.6.4) - updated translations-other with new languages - update to Firefox 15.0.1 (bnc#779936) * Sites visited while in Private Browsing mode could be found through manual browser cache inspection (bmo#787743) - update to Firefox 15.0 (bnc#777588) * MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards * MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE-2012-3959 CVE-2012-3960/CVE-2012-3961/CVE-2012-3962/CVE-2012-3963/CVE-2012-3964 Use-after-free issues found using Address Sanitizer * MFSA 2012-59/CVE-2012-1956 (bmo#756719) Location object can be shadowed using Object.defineProperty * MFSA 2012-60/CVE-2012-3965 (bmo#769108) Escalation of privilege through about:newtab * MFSA 2012-61/CVE-2012-3966 (bmo#775794, bmo#775793) Memory corruption with bitmap format images with negative height * MFSA 2012-62/CVE-2012-3967/CVE-2012-3968 WebGL use-after-free and memory corruption * MFSA 2012-63/CVE-2012-3969/CVE-2012-3970 SVG buffer overflow and use-after-free issues * MFSA 2012-64/CVE-2012-3971 Graphite 2 memory corruption * MFSA 2012-65/CVE-2012-3972 (bmo#746855) Out-of-bounds read in format-number in XSLT * MFSA 2012-66/CVE-2012-3973 (bmo#757128) HTTPMonitor extension allows for remote debugging without explicit activation * MFSA 2012-68/CVE-2012-3975 (bmo#770684) DOMParser loads linked resources in extensions when parsing text/html * MFSA 2012-69/CVE-2012-3976 (bmo#768568) Incorrect site SSL certificate data display * MFSA 2012-70/CVE-2012-3978 (bmo#770429) Location object security checks bypassed by chrome code * MFSA 2012-72/CVE-2012-3980 (bmo#771859) Web console eval capable of executing chrome-privileged code - fix HTML5 video crash with GStreamer enabled (bmo#761030) - GStreamer is only used for MP4 (no WebM, OGG) - updated filelist - moved browser specific preferences to correct location - Fix mozilla-kde.patch to include sys/resource.h for getrlimit etc (glibc 2.16) - update to 14.0.1 (bnc#771583) * MFSA 2012-42/CVE-2012-1949/CVE-2012-1948 Miscellaneous memory safety hazards * MFSA 2012-43/CVE-2012-1950 Incorrect URL displayed in addressbar through drag and drop * MFSA 2012-44/CVE-2012-1951/CVE-2012-1954/CVE-2012-1953/CVE-2012-1952 Gecko memory corruption * MFSA 2012-45/CVE-2012-1955 (bmo#757376) Spoofing issue with location * MFSA 2012-46/CVE-2012-1966 (bmo#734076) XSS through data: URLs * MFSA 2012-47/CVE-2012-1957 (bmo#750096) Improper filtering of javascript in HTML feed-view * MFSA 2012-48/CVE-2012-1958 (bmo#750820) use-after-free in nsGlobalWindow::PageHidden * MFSA 2012-49/CVE-2012-1959 (bmo#754044, bmo#737559) Same-compartment Security Wrappers can be bypassed * MFSA 2012-50/CVE-2012-1960 (bmo#761014) Out of bounds read in QCMS * MFSA 2012-51/CVE-2012-1961 (bmo#761655) X-Frame-Options header ignored when duplicated * MFSA 2012-52/CVE-2012-1962 (bmo#764296) JSDependentString::undepend string conversion results in memory corruption * MFSA 2012-53/CVE-2012-1963 (bmo#767778) Content Security Policy 1.0 implementation errors cause data leakage * MFSA 2012-55/CVE-2012-1965 (bmo#758990) feed: URLs with an innerURI inherit security context of page * MFSA 2012-56/CVE-2012-1967 (bmo#758344) Code execution through javascript: URLs - license change from tri license to MPL-2.0 - fix crashreporter restart option (bmo#762780) - require NSS 3.13.5 - remove mozjs pacrunner obsoletes again for now - adopted mozilla-prefer_plugin_pref.patch - PPC fixes: * reenabled mozilla-yarr-pcre.patch to fix build for PPC * add patches for bmo#750620 and bmo#746112 * fix xpcshell segfault on ppc - update to Firefox 13.0.1 * bugfix release - obsolete libproxy's mozjs pacrunner (bnc#759123) - update to Firefox 13.0 (bnc#765204) * MFSA 2012-34/CVE-2012-1938/CVE-2012-1937/CVE-2011-3101 Miscellaneous memory safety hazards * MFSA 2012-36/CVE-2012-1944 (bmo#751422) Content Security Policy inline-script bypass * MFSA 2012-37/CVE-2012-1945 (bmo#670514) Information disclosure though Windows file shares and shortcut files * MFSA 2012-38/CVE-2012-1946 (bmo#750109) Use-after-free while replacing/inserting a node in a document * MFSA 2012-40/CVE-2012-1947/CVE-2012-1940/CVE-2012-1941 Buffer overflow and use-after-free issues found using Address Sanitizer - require NSS 3.13.4 * MFSA 2012-39/CVE-2012-0441 (bmo#715073) - fix sound notifications when filename/path contains a whitespace (bmo#749739) - fix build on arm - reenabled crashreporter for Factory/12.2 (fix in mozilla-gcc47.patch) - update to Firefox 12.0 (bnc#758408) * rebased patches * MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards * MFSA 2012-22/CVE-2012-0469 (bmo#738985) use-after-free in IDBKeyRange * MFSA 2012-23/CVE-2012-0470 (bmo#734288) Invalid frees causes heap corruption in gfxImageSurface * MFSA 2012-24/CVE-2012-0471 (bmo#715319) Potential XSS via multibyte content processing errors * MFSA 2012-25/CVE-2012-0472 (bmo#744480) Potential memory corruption during font rendering using cairo-dwrite * MFSA 2012-26/CVE-2012-0473 (bmo#743475) WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error * MFSA 2012-27/CVE-2012-0474 (bmo#687745, bmo#737307) Page load short-circuit can lead to XSS * MFSA 2012-28/CVE-2012-0475 (bmo#694576) Ambiguous IPv6 in Origin headers may bypass webserver access restrictions * MFSA 2012-29/CVE-2012-0477 (bmo#718573) Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues * MFSA 2012-30/CVE-2012-0478 (bmo#727547) Crash with WebGL content using textImage2D * MFSA 2012-31/CVE-2011-3062 (bmo#739925) Off-by-one error in OpenType Sanitizer * MFSA 2012-32/CVE-2011-1187 (bmo#624621) HTTP Redirections and remote content can be read by javascript errors * MFSA 2012-33/CVE-2012-0479 (bmo#714631) Potential site identity spoofing when loading RSS and Atom feeds - added mozilla-libnotify.patch to allow fallback from libnotify to xul based events if no notification-daemon is running - gcc 4.7 fixes * mozilla-gcc47.patch * disabled crashreporter temporarily for Factory - recommend libcanberra0 for proper sound notifications - update to Firefox 11.0 (bnc#750044) * MFSA 2012-13/CVE-2012-0455 (bmo#704354) XSS with Drag and Drop and Javascript: URL * MFSA 2012-14/CVE-2012-0456/CVE-2012-0457 (bmo#711653, #720103) SVG issues found with Address Sanitizer * MFSA 2012-15/CVE-2012-0451 (bmo#717511) XSS with multiple Content Security Policy headers * MFSA 2012-16/CVE-2012-0458 Escalation of privilege with Javascript: URL as home page * MFSA 2012-17/CVE-2012-0459 (bmo#723446) Crash when accessing keyframe cssText after dynamic modification * MFSA 2012-18/CVE-2012-0460 (bmo#727303) window.fullScreen writeable by untrusted content * MFSA 2012-19/CVE-2012-0461/CVE-2012-0462/CVE-2012-0464/ CVE-2012-0463 Miscellaneous memory safety hazards - ported and reenabled KDE integration (bnc#746591) - explicitely build-require X libs - add Provides: browser(npapi) FATE#313084 - better plugin directory resolution (bnc#747320) - update to Firefox 10.0.2 (bnc#747328) * CVE-2011-3026 (bmo#727401) libpng: integer overflow leading to heap-buffer overflow - update to Firefox 10.0.1 (bnc#746616) * MFSA 2012-10/CVE-2012-0452 (bmo#724284) use after free in nsXBLDocumentInfo::ReadPrototypeBindings - Use YARR interpreter instead of PCRE on platforms where YARR JIT is not supported, since PCRE doesnt build (bmo#691898) - fix ppc64 build (bmo#703534) - update to Firefox 10.0 (bnc#744275) * MFSA 2012-01/CVE-2012-0442/CVE-2012-0443 Miscellaneous memory safety hazards * MFSA 2012-03/CVE-2012-0445 (bmo#701071) <iframe> element exposed across domains via name attribute * MFSA 2012-04/CVE-2011-3659 (bmo#708198) Child nodes from nsDOMAttribute still accessible after removal of nodes * MFSA 2012-05/CVE-2012-0446 (bmo#705651) Frame scripts calling into untrusted objects bypass security checks * MFSA 2012-06/CVE-2012-0447 (bmo#710079) Uninitialized memory appended when encoding icon images may cause information disclosure * MFSA 2012-07/CVE-2012-0444 (bmo#719612) Potential Memory Corruption When Decoding Ogg Vorbis files * MFSA 2012-08/CVE-2012-0449 (bmo#701806, bmo#702466) Crash with malformed embedded XSLT stylesheets - KDE integration has been disabled since it needs refactoring - removed obsolete ppc64 patch - Disable neon for arm as it doesn't build correctly - update to Firefox 9.0.1 * (strongparent) parentNode of element gets lost (bmo#335998) - fix arm build, don't package crashreporter there - update to Firefox 9 (bnc#737533) * MFSA 2011-53/CVE-2011-3660 Miscellaneous memory safety hazards (rv:9.0) * MFSA 2011-54/CVE-2011-3661 (bmo#691299) Potentially exploitable crash in the YARR regular expression library * MFSA 2011-55/CVE-2011-3658 (bmo#708186) nsSVGValue out-of-bounds access * MFSA 2011-56/CVE-2011-3663 (bmo#704482) Key detection without JavaScript via SVG animation * MFSA 2011-58/VE-2011-3665 (bmo#701259) Crash scaling <video> to extreme sizes - Fix accessibility under GNOME 3 (bnc#732898) - fix ppc64 build - update to Firefox 8 (bnc#728520) * MFSA 2011-47/CVE-2011-3648 (bmo#690225) Potential XSS against sites using Shift-JIS * MFSA 2011-48/CVE-2011-3651/CVE-2011-3652/CVE-2011-3654 Miscellaneous memory safety hazards * MFSA 2011-49/CVE-2011-3650 (bmo#674776) Memory corruption while profiling using Firebug * MFSA 2011-52/CVE-2011-3655 (bmo#672182) Code execution via NoWaiverWrapper - rebased patches - enable telemetry prompt - update to minor release 7.0.1 * fixed staged addon updates - set intl.locale.matchOS=true in the base package as it causes too much confusion when it's only available with branding-openSUSE - update to Firefox 7 (bnc#720264) including * Improve Responsiveness with Memory Reductions * Instant Sync * WebSocket protocol 8 * MFSA 2011-36/CVE-2011-2995/CVE-2011-2996/CVE-2011-2997 Miscellaneous memory safety hazards * MFSA 2011-39/CVE-2011-3000 (bmo#655389) Defense against multiple Location headers due to CRLF Injection * MFSA 2011-40/CVE-2011-2372/CVE-2011-3001 Code installation through holding down Enter * MFSA 2011-41/CVE-2011-3002/CVE-2011-3003 (bmo#680840, bmo#682335) Potentially exploitable WebGL crashes * MFSA 2011-42/CVE-2011-3232 (bmo#653672) Potentially exploitable crash in the YARR regular expression library * MFSA 2011-43/CVE-2011-3004 (bmo#653926) loadSubScript unwraps XPCNativeWrapper scope parameter * MFSA 2011-44/CVE-2011-3005 (bmo#675747) Use after free reading OGG headers * MFSA 2011-45 Inferring keystrokes from motion data - removed obsolete mozilla-cairo-lcd.patch - rebased patches - removed XLIB_SKIP_ARGB_VISUALS=1 from environment in mozilla.sh.in (bnc#680758) - fixed loading of kde.js under KDE (bnc#718311) - add dbus-1-glib-devel to BuildRequires (not pulled in automatically anymore on 12.1) - increase minversions for NSPR and NSS - recreated source archive to get correct source-stamp.txt - security update to 6.0.2 (bnc#714931) * Complete blocking of certificates issued by DigiNotar (bmo#683449) - security update to 6.0.1 (bnc#714931) * MFSA 2011-34 Protection against fraudulent DigiNotar certificates (bmo#682927) - update to 6.0 (bnc#712224) included security fixes MFSA 2011-29 * CVE-2011-2989/CVE-2011-2991/CVE-2011-2992/CVE-2011-2985 Miscellaneous memory safety hazards * CVE-2011-2993 (bmo#657267) Unsigned scripts can call script inside signed JAR * CVE-2011-2988 (bmo#665934) Heap overflow in ANGLE library * CVE-2011-0084 (bmo#648094) Crash in SVGTextElement.getCharNumAtPosition() * CVE-2011-2990 Credential leakage using Content Security Policy reports * CVE-2011-2986 (bmo#655836) Cross-origin data theft using canvas and Windows D2D - removed obsolete curl header dependency (mozilla-curl.patch) - update to 6.0b3 * removed obsolete patches - firefox-shellservice.patch - mozilla-gio.patch - mozilla-ppc-ipc.patch - firefox-linkorder.patch - firefox-no-sync-l10n.patch - recognize linux3 as platform for symbolstore.py - Add x-scheme-handler/ftp to the MimeType key in the .desktop, to let desktops know that Firefox can deal with ftp: URIs. - create upstream branding package again (supposedly empty) (bnc#703401) - fix build on SLE11 (changes do not affect/are not applied for later versions) - enable startup notification (bnc#701465) - update to 5.0 final - included fixes for security issues: (bnc#701296, bnc#700578) * MFSA 2011-19/CVE-2011-2374 CVE-2011-2375 Miscellaneous memory safety hazards * MFSA 2011-20/CVE-2011-2373 (bmo#617247) Use-after-free vulnerability when viewing XUL document with script disabled * MFSA 2011-21/CVE-2011-2377 (bmo#638018, bmo#639303) Memory corruption due to multipart/x-mixed-replace images * MFSA 2011-22/CVE-2011-2371 (bmo#664009) Integer overflow and arbitrary code execution in Array.reduceRight() * MFSA 2011-25/CVE-2011-2366 Stealing of cross-domain images using WebGL textures * MFSA 2011-26/CVE-2011-2367 CVE-2011-2368 Multiple WebGL crashes * MFSA 2011-27/CVE-2011-2369 (bmo#650001) XSS encoding hazard with inline SVG * MFSA 2011-28/CVE-2011-2370 (bmo#645699) Non-whitelisted site can trigger xpinstall - update to 5.0b7 * updated supported locales - do not build dump_syms static (not needed for us) - > fix build for openSUSE 12.1 and above - update to 5.0b6 - include proper revision information into the build - speedier find-external-requires.sh - update to 5.0b3 - transformed to standalone Firefox (not xulrunner based) (with new Firefox rapid release cycle it makes no sense anymore) * imported all relevant xulrunner patches - do not compile in build timestamp - security update to 4.0.1 (bnc#689281) * MFSA 2011-12/ CVE-2011-0069 CVE-2011-0070 CVE-2011-0079 CVE-2011-0080 CVE-2011-0081 Miscellaneous memory safety hazards * MFSA 2011-17/CVE-2011-0068 (bmo#623791) WebGLES vulnerabilities * MFSA 2011-18/CVE-2011-1202 (bmo#640339) XSLT generate-id() function heap address leak - add all available icon sizes - license update: MPLv1.1 or GPLv2+ or LGPLv2+ Sync licenses with Fedora. MPL does not state ^or later^ - update to version 4.0rc2 - fixed rpm macros delivered with devel package (bnc#679950) - update to version 4.0b12 - rebased patches - update to version 4.0b11 * loads of bugfixes compared to last beta * added "Do Not Track" option - rebased patches - disable testpilot - set correct desktop file name within KDE for 11.4 and up - add devel package with macros for extensions (from lnussel@suse.de) - update to version 4.0b10 - removed obsolete firefox-shell-bmo624267.patch - testpilot moved to distribution/extensions - updated locale provides and removed bn-IN from locales - update to version 4.0b9 - added x-scheme-handler for http and https to desktop file for newer Gnome environments - fixed default browser check/set for GIO (bmo#611953) (mozilla-shellservice.patch) - removed obsolete firefox-appname.patch (integrated into shellservice patch) - renamed desktop file to firefox.desktop for 11.4 and newer (bnc#664211) - removed support for 10.3 and older from the spec file - removed obsolete "Ximian" categories from desktop file - Mirror ac_add_options --disable-ipc from xulrunner for PowerPC. - update to version 4.0beta8 - major update to version 4.0beta7 * based on mozilla-xulrunner20 * far too many internal changes to list - security update to 3.6.12 (bnc#649492) * MFSA 2010-73/CVE-2010-3765 (bmo#607222) Heap buffer overflow mixing document.write and DOM insertion - security update to 3.6.11 (bnc#645315) * MFSA 2010-64/CVE-2010-3174/CVE-2010-3175/CVE-2010-3176 Miscellaneous memory safety hazards * MFSA 2010-65/CVE-2010-3179 (bmo#583077) Buffer overflow and memory corruption using document.write * MFSA 2010-66/CVE-2010-3180 (bmo#588929) Use-after-free error in nsBarProp * MFSA 2010-67/CVE-2010-3183 (bmo#598669) Dangling pointer vulnerability in LookupGetterOrSetter * MFSA 2010-68/CVE-2010-3177 (bmo#556734) XSS in gopher parser when parsing hrefs * MFSA 2010-69/CVE-2010-3178 (bmo#576616) Cross-site information disclosure via modal calls * MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses * MFSA 2010-71/CVE-2010-3182 (bmo#590753) Unsafe library loading vulnerabilities * MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange - update to 3.6.10 * fixing startup topcrash (bmo#594699) - security update to 3.6.9 (bnc#637303) * MFSA 2010-49/CVE-2010-3169 Miscellaneous memory safety hazards * MFSA 2010-50/CVE-2010-2765 (bmo#576447) Frameset integer overflow vulnerability * MFSA 2010-51/CVE-2010-2767 (bmo#584512) Dangling pointer vulnerability using DOM plugin array * MFSA 2010-53/CVE-2010-3166 (bmo#579655) Heap buffer overflow in nsTextFrameUtils::TransformText * MFSA 2010-54/CVE-2010-2760 (bmo#585815) Dangling pointer vulnerability in nsTreeSelection * MFSA 2010-55/CVE-2010-3168 (bmo#576075) XUL tree removal crash and remote code execution * MFSA 2010-56/CVE-2010-3167 (bmo#576070) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-57/CVE-2010-2766 (bmo#580445) Crash and remote code execution in normalizeDocument * MFSA 2010-59/CVE-2010-2762 (bmo#584180) SJOW creates scope chains ending in outer object * MFSA 2010-61/CVE-2010-2768 (bmo#579744) UTF-7 XSS by overriding document charset using <object> type attribute * MFSA 2010-62/CVE-2010-2769 (bmo#520189) Copy-and-paste or drag-and-drop into designMode document allows XSS * MFSA 2010-63/CVE-2010-2764 (bmo#552090) Information leak via XMLHttpRequest statusText - disable crash reporter for non x86/x86_64 to make it build. - security update to 3.6.8 (bnc#622506) * MFSA 2010-48/CVE-2010-2755 (bmo#575836) Dangling pointer crash regression from plugin parameter array fix - security update to 3.6.7 (bnc#622506) * MFSA 2010-34/CVE-2010-1211/CVE-2010-1212 Miscellaneous memory safety hazards * MFSA 2010-35/CVE-2010-1208 (bmo#572986) DOM attribute cloning remote code execution vulnerability * MFSA 2010-36/CVE-2010-1209 (bmo#552110) Use-after-free error in NodeIterator * MFSA 2010-37/CVE-2010-1214 (bmo#572985) Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability * MFSA 2010-38/CVE-2010-1215 (bmo#567069) Arbitrary code execution using SJOW and fast native function * MFSA 2010-39/CVE-2010-2752 (bmo#574059) nsCSSValue::Array index integer overflow * MFSA 2010-40/CVE-2010-2753 (bmo#571106) nsTreeSelection dangling pointer remote code execution vulnerability * MFSA 2010-41/CVE-2010-1205 (bmo#570451) Remote code execution using malformed PNG image * MFSA 2010-42/CVE-2010-1213 (bmo#568148) Cross-origin data disclosure via Web Workers and importScripts * MFSA 2010-43/CVE-2010-1207 (bmo#571287) Same-origin bypass using canvas context * MFSA 2010-44/CVE-2010-1210 (bmo#564679) Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish * MFSA 2010-45/CVE-2010-1206/CVE-2010-2751 (bmo#536466,556957) Multiple location bar spoofing vulnerabilities * MFSA 2010-46/CVE-2010-0654 (bmo#524223) Cross-domain data theft using CSS * MFSA 2010-47/CVE-2010-2754 (bmo#568564) Cross-origin data leakage from script filename in error messages - update to 3.6.6 release * modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated. - update to final 3.6.4 release (bnc#603356) * MFSA 2010-26/CVE-2010-1200/CVE-2010-1201/CVE-2010-1202/ CVE-2010-1203 Crashes with evidence of memory corruption (rv:1.9.2.4) * MFSA 2010-28/CVE-2010-1198 (bmo#532246) Freed object reuse across plugin instances * MFSA 2010-29/CVE-2010-1196 (bmo#534666) Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal * MFSA 2010-30/CVE-2010-1199 (bmo#554255) Integer Overflow in XSLT Node Sorting * MFSA 2010-31/CVE-2010-1125 (bmo#552255) focus() behavior can be used to inject or steal keystrokes * MFSA 2010-32/CVE-2010-1197 (bmo#537120) Content-Disposition: attachment ignored if Content-Type: multipart also present * MFSA 2010-33/CVE-2008-5913 (bmo#475585) User tracking across sites using Math.random() - update to 3.6.4(build6) - security update to 3.6.4 (Lorentz) * enable crashreporter also for x86-64 * Flash runs in a separate process to avoid crashing Firefox (ix86 only; x86-64 still uses nspluginwrapper) - security update to 3.6.3 * MFSA 2010-25/CVE-2010-1121 (bmo#555109) Re-use of freed object due to scope confusion - security update to version 3.6.2 (bnc#586567) * MFSA 2010-08/CVE-2010-1028 WOFF heap corruption due to integer overflow * MFSA 2010-09/CVE-2010-0164 (bmo#547143) Deleted frame reuse in multipart/x-mixed-replace image * MFSA 2010-10/CVE-2010-0170 (bmo#541530) XSS via plugins and unprotected Location object * MFSA 2010-11/CVE-2010-0165/CVE-2010-0166/CVE-2010-0167 Crashes with evidence of memory corruption * MFSA 2010-12/CVE-2010-0171 (bmo#531364) XSS using addEventListener and setTimeout on a wrapped object * MFSA 2010-13/CVE-2010-0168 (bmo#540642) Content policy bypass with image preloading * MFSA 2010-14/CVE-2010-0169 (bmo#535806) Browser chrome defacement via cached XUL stylesheets * MFSA 2010-15/CVE-2010-0172 (bmo#537862) Asynchronous Auth Prompt attaches to wrong window * MFSA 2010-16/CVE-2010-0173/CVE-2010-0174 Crashes with evidence of memory corruption * MFSA 2010-18/CVE-2010-0176 (bmo#538308) Dangling pointer vulnerability in nsTreeContentView * MFSA 2010-19/CVE-2010-0177 (bmo#538310) Dangling pointer vulnerability in nsPluginArray * MFSA 2010-20/CVE-2010-0178 (bmo#546909) Chrome privilege escalation via forced URL drag and drop * MFSA 2010-22/CVE-2009-3555 (bmo#545755) Update NSS to support TLS renegotiation indication * MFSA 2010-23/CVE-2010-0181 (bmo#452093) Image src redirect to mailto: URL opens email editor * MFSA 2010-24/CVE-2010-0182 (bmo#490790) XMLDocument::load() doesn't check nsIContentPolicy - update to 3.6rc2 (already named 3.6.0) - removed obsolete orbit-devel build requirement - major update to 3.6rc1 - update to version 3.5.7 (bnc#568011) * DNS resolution in MakeSN of nsAuthSSPI causing issues for proxy servers that support NTLM auth (bmo#535193) - added missing lockdown preferences (bnc#567131) - readded firefox-ui-lockdown.patch (bnc#546158) - security update to version 3.5.6 (bnc#559807) * MFSA 2009-65/CVE-2009-3979/CVE-2009-3980/CVE-2009-3982 Crashes with evidence of memory corruption (rv:1.9.1.6) * MFSA 2009-66/CVE-2009-3388 (bmo#504843,bmo#523816) Memory safety fixes in liboggplay media library * MFSA 2009-67/CVE-2009-3389 (bmo#515882,bmo#504613) Integer overflow, crash in libtheora video library * MFSA 2009-68/CVE-2009-3983 (bmo#487872) NTLM reflection vulnerability * MFSA 2009-69/CVE-2009-3984/CVE-2009-3985 (bmo#521461,bmo#514232) Location bar spoofing vulnerabilities * MFSA 2009-70/VE-2009-3986 (bmo#522430) Privilege escalation via chrome window.opener - fixed firefox-browser-css.patch (bnc#561027) - rebased patches for fuzz=0 - update to version 3.5.5 (bnc#553172) - security update to version 3.5.4 (bnc#545277) * MFSA 2009-52/CVE-2009-3370 (bmo#511615) Form history vulnerable to stealing * MFSA 2009-53/CVE-2009-3274 (bmo#514823) Local downloaded file tampering * MFSA 2009-54/CVE-2009-3371 (bmo#514554) Crash with recursive web-worker calls * MFSA 2009-55/CVE-2009-3372 (bmo#500644) Crash in proxy auto-configuration regexp parsing * MFSA 2009-56/CVE-2009-3373 (bmo#511689) Heap buffer overflow in GIF color map parser * MFSA 2009-57/CVE-2009-3374 (bmo#505988) Chrome privilege escalation in XPCVariant::VariantDataToJS() * MFSA 2009-59/CVE-2009-1563 (bmo#516396, bmo#516862) Heap buffer overflow in string to number conversion * MFSA 2009-61/CVE-2009-3375 (bmo#503226) Cross-origin data theft through document.getSelection() * MFSA 2009-62/CVE-2009-3376 (bmo#511521) Download filename spoofing with RTL override * MFSA 2009-63/CVE-2009-3377/CVE-2009-3379/CVE-2009-3378 Upgrade media libraries to fix memory safety bugs * MFSA 2009-64/CVE-2009-3380/CVE-2009-3381/CVE-2009-3383 Crashes with evidence of memory corruption - removed upstreamed patch * firefox-bug506901.patch - fix KDE button order in one more place (bnc#170055) - improve UI colors to be usable with dark themes at all (firefox-browser-css.patch) (bnc#503351) - extend list of supported architectures as ABI identifier (mozilla-abi.patch) (bnc#543460) - added KDE integration patch from llunak@novell.com (firefox-kde.patch) * support for knotify, making -kde4-addon obsolete * KDE-specific support functional (bnc#170055) - do not build libnkgnomevfs (bmo#512671) (firefox-no-gnomevfs) - security update to version 3.5.3 (bnc#534458) * MFSA 2009-47/CVE-2009-3069/CVE-2009-3070/CVE-2009-3071/ CVE-2009-3072/CVE-2009-3073/CVE-2009-3074/CVE-2009-3075 Crashes with evidence of memory corruption * MFSA 2009-49/CVE-2009-3077 (bmo#506871) TreeColumns dangling pointer vulnerability * MFSA 2009-50/CVE-2009-3078 (bmo#453827) Location bar spoofing via tall line-height Unicode characters * MFSA 2009-51/CVE-2009-3079 (bmo#454363) Chrome privilege escalation with FeedWriter - renamed patch firefox-contextmenu-gnome to firefox-cross-desktop as it contains more tweaks to handle non-Gnome environments and especially KDE integration: * added the ability to set the KDE default browser (still part of bnc#170055) - split -translations package into -common and -other (bnc#529180) - remove "set as background" from context menu if not running in Gnome (part of bnc#170055) - security update to version 3.5.2 * MFSA 2009-38/CVE-2009-2470 (bmo#459524) Data corruption with SOCKS5 reply containing DNS name longer than 15 characters * MFSA 2009-44/CVE-2009-2654 (bmo#451898) Location bar and SSL indicator spoofing via window.open() on invalid URL * MFSA 2009-45 Crashes with evidence of memory corruption * MFSA 2009-46 (bmo#498897) Chrome privilege escalation due to incorrectly cached wrapper * various other stability fixes - export MOZ_APP_LAUNCHER in the startscript (bmo#453689) - fixed %exclude usage - fixed preferences' advanced pane for fresh profiles (bmo#506901) - security update to version 3.5.1 * MFSA 2009-41 Corrupt JIT state after deep return from native function - added mozilla-linkorder.patch to fix build with --as-needed - update to final version 3.5 (20090623) - fixed build by linking to a real file - update to version 3.5rc2 (20090617) - BuildRequire mozilla-xulrunner191 = 1.9.1.0 - update to version 3.5b99 (20090604) - BuildRequire mozilla-xulrunner191 = 1.9.1b99 - fixed typos in improved xulrunner dependencies - use non-localized Downloads folder (bnc#501724) - update to new major version 3.5b4 * based on Gecko 1.9.1 (mozilla-xulrunner191) * Private Browsing Mode * TraceMonkey JavaScript engine * Geolocation support * native JSON and web worker threads support * speculative parsing for faster content rendering * Some HTML5 support - updated firefox.schemas - improved firefox-no-update.patch - security update to 3.0.10 * MFSA 2009-23/CVE-2009-1313 (bmo#489647) Crash in nsTextFrame::ClearTextRun() - security update to 3.0.9 (bnc#495473) * MFSA 2009-14/CVE-2009-1302/CVE-2009-1303/CVE-2009-1304/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) * MFSA 2009-15/CVE-2009-0652 (bmo#479336) URL spoofing with box drawing character * MFSA 2009-16/CVE-2009-1306 (bmo#474536) jar: scheme ignores the content-disposition: header on the inner URI * MFSA 2009-17/CVE-2009-1307 (bmo#481342) Same-origin violations when Adobe Flash loaded via view-source: scheme * MFSA 2009-18/CVE-2009-1308 (bmo#481558) XSS hazard using third-party stylesheets and XBL bindings * MFSA 2009-19/CVE-2009-1309 (bmo#482206,478433) Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString * MFSA 2009-20/CVE-2009-1310 (bmo#483086) Malicious search plugins can inject code into arbitrary sites * MFSA 2009-21/CVE-2009-1311 (bmo#471962) POST data sent to wrong site when saving web page with embedded frame * MFSA 2009-22/CVE-2009-1312 (bmo#475636) Firefox allows Refresh header to redirect to javascript: URIs - security update to 1.9.0.8 (bnc#488955,489411) * MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation * MFSA 2009-13/CVE-2009-1044 (bmo#484320) Arbitrary code execution via XUL tree moveToEdgeShift - allow RPM provides for stuff besides shared libraries (e.g. mime-types) - security update to 3.0.7 (bnc#478625) * MFSA 2009-07 - Crashes with evidence of memory corruption CVE-2009-0771 - Layout Engine Crashes CVE-2009-0772 - Layout Engine Crashes CVE-2009-0773 - crashes in the JavaScript engine CVE-2009-0774 - Layout Engine Crashes * MFSA 2009-08/CVE-2009-0775 - (bmo#474456) Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-09/CVE-2009-0776 (bmo#414540) XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-10/CVE-2009-0040 (bmo#478901) Upgrade PNG library to fix memory safety hazards * MFSA 2009-11/CVE-2009-0777 (bmo#452979) URL spoofing with invisible control characters ==== MozillaThunderbird ==== Subpackages: MozillaThunderbird-translations-common - The conditional testing for gcc was failing for different openSUSE versions, drop it and apply patches unconditionally. - Add patches to fix building with gcc >= 6: + mozilla-gcc6.patch: patch taken from fedora's git and is essentially identical to upstream firefox patch: https://hg.mozilla.org/mozilla-central/rev/55212130f19d. + mozilla-flexible-array-member-in-union.patch: patch taken from upstream bmo#1272649. ==== NetworkManager-gnome ==== Subpackages: NetworkManager-connection-editor libnm-gtk0 typelib-1_0-NMGtk-1_0 - Add NetworkManager-wrongly-placed-brace.patch: fix wrongly placed brace. ==== akonadi-calendar ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== akonadi-search ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5AkonadiSearch - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== akonadi-server ==== Version update (15.12.3 -> 16.04.1) - Explicitly require the newly-split libs in the devel package - Split AkonadiCore, AkonadiAgentBase and AkonadiWidgets libraries to separate subpackages, as per the SLPP - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Move akonadi2xml to devel package - Move dbus xml files to the akonadi-devel package - Make the devel package conflict with libakonadiprotocolinternals-devel - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== amarok ==== - Add gcc6-workaround.patch to workaround an error seen by GCC, link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71273. ==== ark ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== baloo5-widgets ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== cdrdao ==== - Add cdrdao-gcc6-fixes.patch: Fix build with gcc6. ==== crda ==== - Add gcc6-fix-errors.patch to remove errors seen by GCC6. ==== dolphin ==== Version update (15.12.3 -> 16.04.1) Subpackages: dolphin-part libdolphinvcs5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Drop upstreamed patch specify-fallback-icon.patch - Added specify-fallback-icon.patch: fixes missing icons for certain filetypes where the specified icon doesn't exist (kde#358958, kde#361034) - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop upstreamed patch Fix-wrong-path-URL-conversion.patch ==== dragonplayer ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== espeak ==== - gcc6-char-cast.patch: Fix GCC6 errors. ==== gnome-software ==== Version update (3.20.2 -> 3.20.3) - Update to version 3.20.3: + Fix several issues with system upgrades. + Fix several issues with the Ubuntu reviews dialog. + Fix an issue that caused incorrect package versions to be shown in the update panel. + Fix an issue that caused offline updates to not start under certain conditions. + Updated translations. - Drop gs-compile-against-old-appstream-glib.patch, gs-Fix-underlinking.patch, gs-Fix-xdg-app-build.patch and gs-Fix-a-possible-crasher.patch: Fixed upstream. - Following the above drop gnome-common BuildRequires and autoreconf call, we no longer have patches touching the buildsystem. ==== gpgmepp5 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5QGpgme5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== grantlee5 ==== Version update (5.0.0 -> 5.1.0) - Update to 5.1.0 * Implement advanced operators for the {% if %} tag * Use 'd' postfix for plugins built in debug mode * Use 'd' postfix for libraries built in debug mode by Visual Studio * Make it possible to build without QtScript and QtLinguistTools * Bump Grantlee CMake requirement to 3.1. * Bump Grantlee Qt requirement to 5.3. ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Drop pkgconfig(libmusicbrainz): gstreamer does not depend on it directly. ==== gwenview5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== installation-images-openSUSE ==== Version update (14.245 -> 14.247) - adjust to update-alternative package change - 14.247 - module.config: add macsec - 14.246 ==== k3b ==== - Add k3b-2.0.3-gcc6.patch: Fix build with GCC 6. Patch copied from Gentoo. ==== kaccounts-integration ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kalarmcal ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kamera ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kate ==== Version update (15.12.3 -> 16.04.1) Subpackages: kate-plugins kwrite - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalc ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Drop kcalc-fix_set_size.patch, not necessary any more - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalcore ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcalutils ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5CalendarUtils5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcharselect ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcolorchooser ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kcontacts ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: kdebase4-libkonq kdebase4-nsplugin kdepasswd kdialog keditbookmarks konqueror konqueror-plugins libkonq-devel libkonq5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4-runtime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdebase4-workspace ==== Subpackages: kdebase4-workspace-libs python-kdebase4 - Changed kdm-sysconfig-values.diff: Add "-listen tcp" to the Xserver cmdline for Xorg 1.17 and up if DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN="yes" in /etc/syconfig/displaymanager, newer versions have -nolisten as default (boo#978262) - Add patch gcc6-fixes.diff to fix errors reported by GCC6 compiler ==== kdelibs4 ==== Version update (4.14.18 -> 4.14.19) Subpackages: kdelibs4-core kdelibs4-doc libkde4 libkde4-devel libkdecore4 libkdecore4-devel libksuseinstall1 - Add patch gcc6-fix-errors.patch to fix errors reported by GCC6. - Update to 4.14.19 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php ==== kdenetwork4-filesharing ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdepim ==== Version update (15.12.3 -> 16.04.1) Subpackages: akonadi_resources akregator5 kaddressbook5 kalarm5 kmail5 knotes5 kontact5 korganizer5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Require kdepim for kmail, or the account wizard won't be found at startup. Found by openQA. - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Require kdepim-addons in kmail (kde#361605), korganizer and kaddressbook - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - libkdepim and kleopatra were split off in separate packages upstream ==== kdepim-runtime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop bko354056.diff due to upstream inclusion ==== kdepimlibs ==== Version update (15.12.3 -> 16.04.1) Subpackages: akonadi-contact kio-pimlibs libKF5AkonadiContact5 libKF5AkonadiMime5 libKF5AkonadiNotes5 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kdepimlibs4 ==== Subpackages: libakonadi4 libkdepimlibs4 - Remove akonadi2xml to prevent conflicts with akonadi-server - Remove superfluous libpth-devel dependency ==== kdnssd ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kernel-source ==== Version update (4.5.4 -> 4.6.0) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Fix build breakage due to missing buildroot in rpm/kernel-binary.spec.in - commit c03eb71 - drm/amd: add Kconfig dependency for ACP on DRM_AMDGPU. - Update config files. - commit 99e9d31 - rpm/kernel-binary.spec.in: Fix build error when no firmware is installed - commit a09ef60 - rpm/kernel-binary.spec.in: Do not package helper files in -devel (bsc#981204) - commit 4c334f0 - tipc: check nl sock before parsing nested attributes (CVE-2016-4951 bsc#981058). - commit 353e24b - rpm/kernel-binary.spec.in: Install only needed firmware for -base (bsc#966447) - commit f685839 - rpm/kernel-binary.spec.in: Fix placement of the reproducible build hack - commit 26e4b73 - Update change for hv-storvsc to set sg_tablesize on x86 - commit 758fc22 - ALSA: hrtimer: Handle start/stop more properly (bsc#973378). - commit 713ff49 - watchdog: sp5100_tco: properly check for new register layouts (boo#978953). - commit 8096c43 - kvm: Remove variable physbase MTRR 0x2f8 (bsc#979715, CVE-2016-3713). - commit ffec37b - Update to 4.6-final. - Eliminated 1 patch. - Config changes: - MLX5_CORE_EN_VXLAN=y - commit d9e67cc - net: fix infoleak in llc (bsc#978821, CVE-2016-4485). - commit 4715b83 - net: fix infoleak in llc (bsc#978821, CVE-2016-4485). - commit f2da272 - Update tags in two patches for CVE-2016-4578, bsc#979879 - commit f3ff4d1 ==== kget ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kgpg ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Fix filelist for 13.1, we don't install KF5 ServiceMenus there... ==== kholidays ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop kholidays-glibc-2.23.patch, this is no longer needed as the issue was fixed upstream ==== kidentitymanagement ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kimap ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kio-extras5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Conflict with kactivities5 5.19.0 and earlier to prevent file conflicts. The activities fileitem_linking_plugin and kio slave have been moved from kactivities5 to kio-extras5 in 16.04 (boo#976592) - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kio_audiocd ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kipi-plugins5 ==== Version update (4.94git -> 5.0.0~beta5) Subpackages: kipi-plugin-icons - Adjust licenses as shown by legal review - Update to 5.0 beta5 * No upstream changelog provided ==== kiwi ==== Version update (7.03.68 -> 7.03.72) Subpackages: kiwi-desc-isoboot kiwi-desc-netboot kiwi-desc-oemboot kiwi-desc-vmxboot kiwi-doc kiwi-media-requires kiwi-pxeboot kiwi-templates kiwi-tools - v7.03.72 released - fix hash key handling for perl 5.24 (boo#981080) - v7.03.71 released - Delete vmxboot dracut optimization For vmx type images, dracut was called in background to speedup the boot process. However this could cause a race condition together with grub2-mkconfig. If grub2-mkconfig is called but dracut has not yet created the initrd, grub2 creates a configuration file without an initrd. The result boot setup is not able to reboot the system because the initrd is not loaded. This fixes (bnc#982092) - v7.03.70 released - v7.03.69 released - Added readonly check for persistent data When creating a partition for persistent data, check if the device class has the readonly flag set before trying to write anything there. Fixes #576 - tag debug and source medias in rpm-md meta data (bnc#980871) ==== kldap ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kleopatra5 ==== Version update (15.12.3 -> 16.04.1) - Adjust license - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmag ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmailtransport ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmbox ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmime ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kmousetool ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kompare ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== konsole ==== Version update (15.12.3 -> 16.04.1) Subpackages: konsole-part - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kontactinterface ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kopete ==== Version update (15.12.3 -> 16.04.1) - Add gcc6.patch from kde#363053: Fix build with gcc6 - Run spec-cleaner on kopete.spec - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kpimtextedit ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kqtquickcharts ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== krdc ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== krfb ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kruler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktnef ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-accounts-kcm ==== Version update (15.12.3 -> 16.04.1) Subpackages: libktpaccountskcminternal9 - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-approver ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-auth-handler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-common-internals ==== Version update (15.12.3 -> 16.04.1) Subpackages: ktp-icons - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-contact-list ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-contact-runner ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-desktop-applets ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-filetransfer-handler ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-kded-module ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-send-file ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== ktp-text-ui ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== kwalletmanager5 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libaccounts-glib ==== Version update (1.18 -> 1.21) - Update to 1.21 * Support desktop-specific overrides for service and providers files: desktops can define service and providers files in /usr/share/accounts/{providers,services}/$XDG_CURRENT_DESKTOP and these would override any files having the same name in the parent (default) directory. * Fixes - Drop upstream libaccounts-glib-ignore-deprecated-declarations.patch no longer required ==== libkcddb4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libkcddb4-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkcompactdisc4 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libkcompactdisc4-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkdcraw ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KDcraw5 libkdcraw-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkdepim ==== Version update (15.12.3 -> 16.04.1) - Adjust version requires as per SLPP - Use correct package groups - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkexiv2 ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KExiv2-15_0_0 libkexiv2-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkface ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KFace10_0_0 libkface-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkgeomap ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5KGeoMap10_0_0 libkgeomap-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Add patch find-astro.diff to ensure that we find Marble ==== libkipi ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libkolab-qt5 ==== - Remove akonadi-devel BuildRequire (replaced by akonadi-sever-devel) ==== libkomparediff2 ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libksane ==== Version update (15.12.3 -> 16.04.1) Subpackages: libKF5Sane5 libksane-devel - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Remove conflicting icons with kipi-plugins - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== libktorrent ==== Subpackages: libktorrent-devel libktorrent6 libktorrent6-lang - Added require-lower-LibGMP.patch: 6.0.0 version was chosen randomly, and we know the code compiles with at least 5.1.3 ==== libmusicbrainz ==== Subpackages: libmusicbrainz-devel libmusicbrainz4 - Add patch gcc6-fix-errors.patch to remove errors seen by GCC6. ==== libqca-qt5 ==== Subpackages: libqca-qt5-devel libqca-qt5-plugins - Fix build on PowerPC with GCC 6: * Add libqca-qt5-2.1.1-explicit-signed-char.patch ==== libqt5-qtdeclarative ==== Subpackages: libQtQuick5 libqt5-qtdeclarative-devel libqt5-qtdeclarative-tools - Added Workaround-for-crashes-in-QtQml-code-relating-to-null-this-pointers.patch to prevent issues with GCC 6 ==== libraw ==== Subpackages: libraw-devel libraw15 - Complete libraw-0.17.1-gcc6-compatibility.patch to fix build on ppc as well - Fix build with GCC 6: * Add libraw-0.17.1-gcc6-compatibility.patch ==== libsidplay1 ==== - Add baselibs.conf to source list. - In case we build using gcc6, add -Wno-narrowing to CFLAGS and CXXFLAGS: the code (intentionally) stores values like 0x80 into signed chars, resulting in the compiler complaining (boo#981470). ==== libyui ==== Version update (3.2.4 -> 3.2.5) - Fix 'Werror=nonnull-compare' for GCC 6 (bsc#964144) - Optimizations remove null pointer checks for 'this' - Clean-up trailing white-space - 3.2.5 ==== marble ==== Version update (15.12.3 -> 16.04.1) Subpackages: libastro-qt5-1 marble-data marble-devel marble-doc marble-kde - Move marble.appdata.xml to the -kde package where the corresponding marble.desktop is shipped too. - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php - Drop marble-glibc-2.23.patch as this is fixed upstream ==== mobipocket ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== mozilla-nss ==== Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-devel mozilla-nss-tools - add nss_gcc6_change.patch ==== net-snmp ==== Subpackages: libsnmp30 libsnmp30-32bit net-snmp-devel perl-SNMP snmp-mibs - Fix build with perl 5.24.0: + Add net-snmp-5.7.3-Fix-Makefile.PL.patch: Fix build system recursiely loading Makefile.Pl and destroying its internas. See https://rt.perl.org/Public/Bug/Display.html?id=125907 + net-snmp-5.7.3-Remove-U64-typedef.patch: The U64 typedef conflicts with a typedef in a Perl header file. Hence remove the U64 typedef from the Net-SNMP header files. Backported from upstream commit 477b4307ef1. ==== okular ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== opal ==== - Build opal using -std=gnu++98. It's old code. ==== openCOLLADA ==== - Add openCOLLADA-signed-char.patch: Use signed char; 'char' by itself depends on arch implementation (gh#KhronosGroup/OpenCOLLADA#439). ==== perl ==== Version update (5.22.1 -> 5.24.0) Subpackages: perl-32bit perl-base perl-doc - Update to perl-5.24.0 * postfix dereferencing is no longer experimental * unicode 8.0 is now supported * perl will now croak when closing an in-place output file fails * new "\b{lb}" boundary in regular expressions * qr/(?[ ])/" now works in UTF-8 locales * integer shift ("<<" and ">>") now more explicitly defined * printf and sprintf now allow reordered precision arguments * more fields provided to "sigaction" callback with "SA_SIGINFO" * hashbang redirection to Perl 6 * set proper umask before calling mkstemp(3) * fix loss of taint in canonpath * remove duplicate environment variables from "environ" - rename patch perl-5.22.0.dif to perl-5.24.0.dif ==== perl-MIME-tools ==== - Add MIME-tools-5.507-rt113887.patch from fedora to fix test failure with new MailTools ==== perl-Module-Build ==== Version update (0.421200 -> 0.421800) - updated to 0.4218 see /usr/share/doc/packages/perl-Module-Build/Changes 0.4218 - Sun Apr 24 16:39:47 BST 2016 - Skip XS test when link_executable fails 0.42_17 - Mon Mar 21 14:02:06 CET 2016 - Read extra_linker_flags using its accessor [Salvador Fandino] - Convert win shell splitting to m//gc parser, fixing handling of 0 and handling of backslashes preceeding a double quote [Graham Knop] - Win32 installation of MB with gmake require SHELL env var to be set [bulk88] 0.4216 - Wed Jan 20 10:39:27 CET 2016 - Delete test that fails with new version.pm [Leon Timmermans] 0.42_15 - Sat Nov 28 15:17:40 CET 2015 - Honor environmental variables when using TAP::Harness directly [Leon Timmermans] - Reintroduce some level of perl 5.6 support [Leon Timmermans] Note that this comes with no guarantees or commitment - Allow Devel::Cover usage with TAP::Harness [Philipp Gortan] - Remove "running under some shell" [Shoichi Kaji] - Fix cookbook - code was missing trailing ` [Matthew Horsfall] 0.4214 - Fri Jun 12 00:25:00 CEST 2015 - Released 0.42_13 as 0.4214 0.42_13 - Sat Jun 6 21:18:24 CEST 2015 [BUG FIXES] - Handle failure to guess license from key better [ENHANCEMENTS] - Output data in a stable order [J�r�my Bobbio] - deleted patch make-builds-reproducible.patch ==== plasma5-desktop ==== - Add Cleanup-and-fixup-KConfig-handling-for-componentchooser.patch to fix setting the default browser (boo#931316) - Add fix-opening-recent-docs.patch to fix opening recent documents from the application menu on newer KF5 (boo#982146, kde#363337) - Add 100-fix-compile-with-gcc6.diff from upstream Plasma/5.6 branch * Fix compilation with GCC 6 (missing cmath include) ==== python-cffi ==== Version update (1.5.2 -> 1.6.0) - Add python-cffi-avoid-bitshifting-negative-int.patch to actually fix the "negative left shift" warning by replacing bitshifting in appropriate places by bitwise and comparison to self; patch taken from upstream git. Drop cffi-1.5.2-wnoerror.patch: no longer required. - disable "negative left shift" warning in test suite to prevent failures with gcc6, until upstream fixes the undefined code in question (boo#981848, cffi-1.5.2-wnoerror.patch) - Update to version 1.6.0: * ffi.list_types() * ffi.unpack() * extern ?Python+C? * in API mode, lib.foo.__doc__ contains the C signature now. * Yet another attempt at robustness of ffi.def_extern() against CPython?s interpreter shutdown logic. ==== qalculate ==== Subpackages: libqalculate-devel libqalculate5 - add gcc-6-compile.patch: Fix compilation with gcc 6 ==== signon-kwallet-extension ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== spectacle ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== sweeper ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== syndication ==== Version update (15.12.3 -> 16.04.1) - Update to KDE Applications 16.04.1 * KDE Applications 16.04.1 * https://www.kde.org/announcements/announce-applications-16.04.1.php - Update to KDE Applications 16.04.0 * KDE Applications 16.04.0 * https://www.kde.org/announcements/announce-applications-16.04.0.php - Update to KDE Applications 16.03.90 * KDE Applications 16.04.0 RC * https://www.kde.org/announcements/announce-applications-16.04-rc.php ==== vim ==== Version update (7.4.1816 -> 7.4.1842) Subpackages: gvim vim-data - Update apparmor.vim (taken from AppArmor 2.10.1) * add support for the "unspec" network keyword - Updated to revision 1842, fixes the following problems * non-antialiased misnamed. * When timer_stop() is called with a string there is no proper error message. * Memory leak in debug commands. * Cannot use an Ex command for 'keywordprg'. * Possible crash when conceal is active. * When splitting and closing a window the status height changes. * When using a partial on a dictionary it always gets bound to that dictionary. * The BufUnload event is triggered twice, when :bunload is used with `bufhidden` set to `unload` or `delete`. * Functions specifically for testing do not sort together. * Cannot get the items stored in a partial. * When using packages an "after" directory cannot be used. * The code to reallocate the buffer used for quickfix is repeated. * get() works for Partial but not for Funcref. - Fix build with perl 5.24 (perl-5.24.patch) - Updated to revision 1829, fixes the following problems * No error when invoking a callback when it's not safe. * May try to access buffer that's already freed. * No message on channel log when buffer was freed. - Updated to revision 1826, fixes the following problems * The screen is not updated if a callback is invoked when closing a channel. * Help completion adds @en to all matches except the first one. * Compiler warnings when sprintf() is a macro. * Removing language from help tags too often. * Redirecting stdout of a channel to "null" doesn't work. * When a job is no longer referenced and does not have an exit callback the process may hang around in defunc state. * When job writes to buffer nothing is written. * Callbacks are invoked when it's not safe. ==== vlc ==== Subpackages: libvlc5 libvlccore8 vlc-noX vlc-noX-lang - Add vlc-gcc6-buildfixes.patch: fix build with GCC 6. This patch file is a collection of the backported commits from master: + 5d26efcad8d1aa5023028e3caa5a608b5e1d81fe + 406f697d5592752efc8a0479e48512ed20ab274b + 569df08d1be561022b86ce9c58dece388532e818 + 45495aa458ef6856ee9eb18860706149148bb660 + a7a70e8163e04244d733f4745dc8cbbc7502b830 + ada4b4748eefcfd22f1417ed223f1381c694aa60 + 0bcb7fd2567ba494b730234609b146cd8e23483c + 59678ec0b489d86f6f62cc987e21a82346f8da42 + e8b683357b2ccc2bbd1ffbcb4783441a3620a6ea + ab550d60dd8d823b8ddacd2d4759f0840a9ea352 + f5d5cb75768b692359068e837f72c9fd7cf6bd45 + c5f80f5bc4cb498c8eb7469650437e92ae6d085a + 66842e08e177e3c458fa0e4db970deae84feb625 + 98b4e987252f798213effa5ed6d19d958d6d9d42 + d2571e643edb0f1cb217805ef8d5ac172d59a864 - Disable atmoLight sensor: pass --disable-atmo to configure. This module fails to build with GCC 6 and has been removed upstream for the next version of VLC already (671304). ==== webkitgtk ==== Subpackages: libjavascriptcoregtk-1_0-0 libwebkitgtk-1_0-0 libwebkitgtk-devel libwebkitgtk2-lang typelib-1_0-JavaScriptCore-1_0 typelib-1_0-WebKit-1_0 - Add webkitgtk-abs_to_fabs.patch: use fabs() instead of abs() on floating point values. ==== webkitgtk3 ==== Subpackages: libjavascriptcoregtk-3_0-0 libwebkitgtk-3_0-0 - Add webkitgtk-abs_to_fabs.patch: use fabs() instead of abs() on floating point values. ==== yast2-drbd ==== Version update (3.1.21 -> 3.1.22) - bsc#981779, add IP validation check of resource. - Version 3.1.22 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Lot of kde updates in this one! should be interesting to see how kmail pans out. Thanks everyone. -- Lindsay Mathieson -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
This update seems to have broken some things that depend on perl (or particular perl modules). I've noticed so far: sa-learn from spamassassin-3.4.1-51.2.x86_64 vimdiff (I fixed this one by symlinking /usr/lib/perl5/5.22.1/x86_64-linux-thread-multi/CORE/libperl.so into /usr/lib64/) Should I open a bug report? -- ======================== Roger Whittaker roger@disruptive.org.uk http://disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi, 2016-06-02 16:07 GMT+02:00 Roger Whittaker <roger@disruptive.org.uk>:
This update seems to have broken some things that depend on perl (or particular perl modules).
I get Problem: perl-DateTime-Format-ISO8601-0.08-1.5.noarch requires perl(:MODULE_COMPAT_5.22.1), but this requirement cannot be provided deleted providers: perl-5.22.1-1.40.x86_64 Solution 1: Following actions will be done: keep obsolete yast2-apparmor-3.1.3-1.4.noarch [some 60 perl packages] keep obsolete apparmor-utils-2.10.1-2.1.noarch keep obsolete perl-5.22.1-1.40.x86_64 Solution 2: deinstallation of perl-DateTime-Format-ISO8601-0.08-1.5.noarch Solution 3: break perl-DateTime-Format-ISO8601-0.08-1.5.noarch by ignoring some of its dependencies If I tell to keep obsolete perl modules, then I get lots of complaints later one, like: Problem: yast2-perl-bindings-3.1.2-3.9.x86_64 requires perl = 5.24.0, but this requirement cannot be provided uninstallable providers: perl-5.24.0-1.1.i586[repo-oss] perl-5.24.0-1.1.x86_64[repo-oss] Otherwise seems fine. Which options should I select? ----- Also I keep getting: Problem: nothing provides libqcustomplot.so needed by sqlitebrowser-3.8.0-1.1.i586 Solution 1: keep obsolete sqlitebrowser-3.7.0-1.3.x86_64 Solution 2: break sqlitebrowser-3.8.0-1.1.i586 by ignoring some of its dependencies Note that I've already reported in comments of bug id=978746. Ciao, Fra
I've noticed so far:
sa-learn from spamassassin-3.4.1-51.2.x86_64
vimdiff
(I fixed this one by symlinking /usr/lib/perl5/5.22.1/x86_64-linux-thread-multi/CORE/libperl.so into /usr/lib64/)
Should I open a bug report?
-- ======================== Roger Whittaker roger@disruptive.org.uk http://disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Jun 02, Francesco Montesano wrote:
Solution 3: break perl-DateTime-Format-ISO8601-0.08-1.5.noarch by ignoring some of its dependencies
Otherwise seems fine. Which options should I select?
Pick #3, or wait until all perl related packages build again. Olaf -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
2016-06-02 17:05 GMT+02:00 Olaf Hering <olaf@aepfle.de>:
On Thu, Jun 02, Francesco Montesano wrote:
Solution 3: break perl-DateTime-Format-ISO8601-0.08-1.5.noarch by ignoring some of its dependencies
Otherwise seems fine. Which options should I select?
Pick #3, or wait until all perl related packages build again.
Thank you for the hint. I've waited half a day and today I don't see the perl problem anymore. Apparently the mirror I use took more than 4 hours to update. Ciao, Fra
Olaf
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, 2016-06-02 at 15:07 +0100, Roger Whittaker wrote:
This update seems to have broken some things that depend on perl (or particular perl modules).
I've noticed so far:
sa-learn from spamassassin-3.4.1-51.2.x86_64
openSUSE:Tumbleweed ships spamassassin-3.4.1-51.3 - which is rebuilt against Perl 5.25
vimdiff
Part of vim-7.4.1842-1.1.x86_64 - this version of vi vas updated to Perl 5.24 as well
Should I open a bug report?
Check if your system is properly updated... zypper lu -a might give you hints what's missing. Cheers, Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Jun 02, 2016 at 05:05:15PM +0200, Dominique Leuenberger / DimStar wrote:
Check if your system is properly updated...
zypper lu -a
might give you hints what's missing.
Yes. Thanks. Suddenly a whole bunch of perl module packages are available. -- ======================== Roger Whittaker roger@disruptive.org.uk http://disruptive.org.uk ======================== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hi! Those relying on nvidia proprietary cards should be careful. Some of old version *did not* compile against the kernel 4.6, which is shipped with this new snapshot. I was using the driver 352.79 that cannot be compiled against the kernel 4.6 without additional patches. Thus, I had to change to the latest 361.45.11 version that has a very annoying bug in which the background of gnome gets corrupted if I switch to TTY and go back to X (I'll appreciate any help to fix this problem!). Regards, Ronan Arraes -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I have a similar issue with KDE with bumblebee, namely that drawing on the screen is very sluggish and in some cases fails to work at all. Presumably because of the problem with the nvidia driver you mentioned, bumblebeed fails to start. My (inexplicable) workaround is to open System Settings, and toggle the "Enable compositor on startup" setting on and off again, after which everything works fine again. In theory, this should do nothing since I am not restarting KDE, but in the short term it works. I actually first noticed this on 23 May when using the kernel:HEAD repository with beta versions of the 4.6 kernel packaged (to fix an unrelated issue with screen flickering after turning the screen off and on again). Since I am using the intel card to draw the desktop, whereas you are using the nvidia card, I presume these are different issues, but I wanted to not the similarity in hopes it helps. Also, if anyone wants to point me in the right direction for any information to provide to file a bug report, please do. - Sonny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I can't compile latest 364.19 driver with kernel 4.6 from /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c:23: /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c: In function ‘nvidia_drm_lock_user_pages’: /usr/src/linux-4.6.0-1/arch/x86/include/asm/current.h:17:17: warning: passing argument 1 of ‘get_user_pages’ makes integer from pointer without a cast [-Wint-conversion] #define current get_current() ^ /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c:124:35: note: in expansion of macro ‘current’ pages_pinned = get_user_pages(current, mm, ^ m. On štvrtok, 2. júna 2016 11:18:13 CEST Ronan Arraes Jardim Chagas wrote:
Hi!
Those relying on nvidia proprietary cards should be careful. Some of old version *did not* compile against the kernel 4.6, which is shipped with this new snapshot. I was using the driver 352.79 that cannot be compiled against the kernel 4.6 without additional patches. Thus, I had to change to the latest 361.45.11 version that has a very annoying bug in which the background of gnome gets corrupted if I switch to TTY and go back to X (I'll appreciate any help to fix this problem!).
Regards, Ronan Arraes
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am 2016-06-02 um 17:15 schrieb Michal Hlavac:
I can't compile latest 364.19 driver with kernel 4.6
from /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c:23: /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c: In function ‘nvidia_drm_lock_user_pages’: /usr/src/linux-4.6.0-1/arch/x86/include/asm/current.h:17:17: warning: passing argument 1 of ‘get_user_pages’ makes integer from pointer without a cast [-Wint-conversion] #define current get_current() ^ /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linux.c:124:35: note: in expansion of macro ‘current’ pages_pinned = get_user_pages(current, mm,
this is a known problem of 364.19. use 367.18 http://www.nvidia.com/download/driverResults.aspx/102879/en-us or patch 364.19: https://devtalk.nvidia.com/default/topic/926824/linux/364-1-2-5-won-t-compil... -- Best Regards | Freundliche Grüße | Cordialement | Cordiali Saluti | *DI Rainer Klier* Research & Development, Technical Sales Consultant -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Am Donnerstag, 2. Juni 2016, 17:15:51 schrieb Michal Hlavac:
I can't compile latest 364.19 driver with kernel 4.6
from /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-lin ux.c:23: /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-lin ux.c: In function ‘nvidia_drm_lock_user_pages’: /usr/src/linux-4.6.0-1/arch/x86/include/asm/current.h:17:17: warning: passing argument 1 of ‘get_user_pages’ makes integer from pointer without a cast [-Wint-conversion] #define current get_current() ^ /tmp/selfgz2221/NVIDIA-Linux-x86_64-364.19/kernel/nvidia-drm/nvidia-drm-linu x.c:124:35: note: in expansion of macro ‘current’ pages_pinned = get_user_pages(current, mm, ^
Have a look at <https://devtalk.nvidia.com/default/topic/926824/364-1-2-5-won-t-compile-against-latest-kernel-git-tree-patches-for-4-6-0-rc3-included-/?offset=26> The patches proposed there work for me with the 4.6 kernel from kernel stable repo. To find such patches you may have a look at <http://rglinuxtech.com/> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (11)
-
Dominique Leuenberger -
Dominique Leuenberger / DimStar -
Francesco Montesano -
Lindsay Mathieson -
Markus Koßmann -
Michal Hlavac -
Olaf Hering -
Rainer Klier -
Roger Whittaker -
Ronan Arraes Jardim Chagas -
Sonny Michaud