openSUSE Security Update: update for java-1_7_0-openjdk
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0177-1
Rating: moderate
References: #858818
Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5893
CVE-2013-5896 CVE-2013-5907 CVE-2013-5910
CVE-2014-0368 CVE-2014-0373 CVE-2014-0376
CVE-2014-0408 CVE-2014-0411 CVE-2014-0416
CVE-2014-0422 CVE-2014-0423 CVE-2014-0428
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
- Fix a file conflict between -devel and -headless package
- Update to 2.4.4 (bnc#858818)
* changed from xz to gzipped tarball as the first was not
available during update
* changed a keyring file due release manager change new
one is signed by 66484681 from omajid(a)redhat.com, see
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J
anuary/025800.html
* Security fixes
- S6727821: Enhance JAAS Configuration
- S7068126, CVE-2014-0373: Enhance SNMP statuses
- S8010935: Better XML handling
- S8011786, CVE-2014-0368: Better applet networking
- S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.**
should be on restricted package list
- S8021271, S8021266, CVE-2014-0408: Better buffering in
ObjC code
- S8022904: Enhance JDBC Parsers
- S8022927: Input validation for byte/endian conversions
- S8022935: Enhance Apache resolver classes
- S8022945: Enhance JNDI implementation classes
- S8023057: Enhance start up image display
- S8023069, CVE-2014-0411: Enhance TLS connections
- S8023245, CVE-2014-0423: Enhance Beans decoding
- S8023301: Enhance generic classes
- S8023338: Update jarsigner to encourage timestamping
- S8023672: Enhance jar file validation
- S8024302: Clarify jar verifications
- S8024306, CVE-2014-0416: Enhance Subject consistency
- S8024530: Enhance font process resilience
- S8024867: Enhance logging start up
- S8025014: Enhance Security Policy
- S8025018, CVE-2014-0376: Enhance JAX-P set up
- S8025026, CVE-2013-5878: Enhance canonicalization
- S8025034, CVE-2013-5907: Improve layout lookups
- S8025448: Enhance listening events
- S8025758, CVE-2014-0422: Enhance Naming management
- S8025767, CVE-2014-0428: Enhance IIOP Streams
- S8026172: Enhance UI Management
- S8026176: Enhance document printing
- S8026193, CVE-2013-5884: Enhance CORBA stub factories
- S8026204: Enhance auth login contexts
- S8026417, CVE-2013-5910: Enhance XML canonicalization
- S8026502: java/lang/invoke/MethodHandleConstants.java
fails on all platforms
- S8027201, CVE-2014-0376: Enhance JAX-P set up
- S8029507, CVE-2013-5893: Enhance JVM method processing
- S8029533: REGRESSION:
closed/java/lang/invoke/8008140/Test8008140.java fails
agains
* Backports
- S8025255: (tz) Support tzdata2013g
- S8026826: JDK 7 fix for 8010935 broke the build
* Bug fixes
- PR1618: Include defs.make in vm.make so
VM_LITTLE_ENDIAN is defined on Zero builds
- D729448: 32-bit alignment on mips and mipsel
- PR1623: Collision between OpenJDK 6 & 7 classes when
bootstrapping with OpenJDK 6
- Add update.py, helper script to download openjdk tarballs
from hg repo
- Buildrequire quilt unconditionally as it's used
unconditionally.
- Really disable tests on non-JIT architectures. (from
Ulrich Weigand)
- Add headless subpackage wich does not require X and
pulse/alsa
- Add accessibility to extra subpackage, which requires new
java-atk-wrapper package
* removed java-1.7.0-openjdk-java-access-bridge-idlj.patch
* removed java-1.7.0-openjdk-java-access-bridge-tck.patch
* removed java-access-bridge-1.26.2.tar.bz2
- Refreshed
* java-1.7.0-openjdk-java-access-bridge-security.patch
- Add a support for running tests using --with tests
* this is ignored on non-jit architectures
- Prefer global over define as bcond_with does use them
- Forward declare aarch64 arch macro
- Define archbuild/archinstall macros for arm and aarch64
* remove a few ifarch conditions by using those macros in
filelist
- Need ecj-bootstrap in bootstrap mode (noted by mmatz)
- Don't install vim and quilt in bootstrap mode
- A few enhancenments of bootstrap mode
* usable wia --with bootstrap
* disable docs, javadoc package
* fix configure arguments on bootstrap
- Add the unversioned SDK directory link to the files list
of -devel package (fixes update-alternatives from %post).
- Add support for bootstrapping with just gcj (using
included ecj directly). Increase stacksize for powerpc
(amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add
support for ppc64le.
- fix stackoverflow for powerpc
(java-1_7_0-openjdk-ppc-stackoverflow.patch)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-95
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
java-1_7_0-openjdk-1.7.0.6-24.13.5
java-1_7_0-openjdk-accessibility-1.7.0.6-24.13.5
java-1_7_0-openjdk-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-debugsource-1.7.0.6-24.13.5
java-1_7_0-openjdk-demo-1.7.0.6-24.13.5
java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-devel-1.7.0.6-24.13.5
java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-headless-1.7.0.6-24.13.5
java-1_7_0-openjdk-headless-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-javadoc-1.7.0.6-24.13.5
java-1_7_0-openjdk-src-1.7.0.6-24.13.5
References:
http://support.novell.com/security/cve/CVE-2013-5878.htmlhttp://support.novell.com/security/cve/CVE-2013-5884.htmlhttp://support.novell.com/security/cve/CVE-2013-5893.htmlhttp://support.novell.com/security/cve/CVE-2013-5896.htmlhttp://support.novell.com/security/cve/CVE-2013-5907.htmlhttp://support.novell.com/security/cve/CVE-2013-5910.htmlhttp://support.novell.com/security/cve/CVE-2014-0368.htmlhttp://support.novell.com/security/cve/CVE-2014-0373.htmlhttp://support.novell.com/security/cve/CVE-2014-0376.htmlhttp://support.novell.com/security/cve/CVE-2014-0408.htmlhttp://support.novell.com/security/cve/CVE-2014-0411.htmlhttp://support.novell.com/security/cve/CVE-2014-0416.htmlhttp://support.novell.com/security/cve/CVE-2014-0422.htmlhttp://support.novell.com/security/cve/CVE-2014-0423.htmlhttp://support.novell.com/security/cve/CVE-2014-0428.htmlhttps://bugzilla.novell.com/858818
openSUSE Security Update: update for java-1_7_0-openjdk
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0174-1
Rating: moderate
References: #858818
Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5893
CVE-2013-5896 CVE-2013-5907 CVE-2013-5910
CVE-2014-0368 CVE-2014-0373 CVE-2014-0376
CVE-2014-0408 CVE-2014-0411 CVE-2014-0416
CVE-2014-0422 CVE-2014-0423 CVE-2014-0428
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
- Fix a file conflict between -devel and -headless package
- Update to 2.4.4 (bnc#858818)
* changed from xz to gzipped tarball as the first was not
available during update
* changed a keyring file due release manager change new
one is signed by 66484681 from omajid(a)redhat.com, see
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J
anuary/025800.html
* Security fixes
- S6727821: Enhance JAAS Configuration
- S7068126, CVE-2014-0373: Enhance SNMP statuses
- S8010935: Better XML handling
- S8011786, CVE-2014-0368: Better applet networking
- S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.**
should be on restricted package list
- S8021271, S8021266, CVE-2014-0408: Better buffering in
ObjC code
- S8022904: Enhance JDBC Parsers
- S8022927: Input validation for byte/endian conversions
- S8022935: Enhance Apache resolver classes
- S8022945: Enhance JNDI implementation classes
- S8023057: Enhance start up image display
- S8023069, CVE-2014-0411: Enhance TLS connections
- S8023245, CVE-2014-0423: Enhance Beans decoding
- S8023301: Enhance generic classes
- S8023338: Update jarsigner to encourage timestamping
- S8023672: Enhance jar file validation
- S8024302: Clarify jar verifications
- S8024306, CVE-2014-0416: Enhance Subject consistency
- S8024530: Enhance font process resilience
- S8024867: Enhance logging start up
- S8025014: Enhance Security Policy
- S8025018, CVE-2014-0376: Enhance JAX-P set up
- S8025026, CVE-2013-5878: Enhance canonicalization
- S8025034, CVE-2013-5907: Improve layout lookups
- S8025448: Enhance listening events
- S8025758, CVE-2014-0422: Enhance Naming management
- S8025767, CVE-2014-0428: Enhance IIOP Streams
- S8026172: Enhance UI Management
- S8026176: Enhance document printing
- S8026193, CVE-2013-5884: Enhance CORBA stub factories
- S8026204: Enhance auth login contexts
- S8026417, CVE-2013-5910: Enhance XML canonicalization
- S8026502: java/lang/invoke/MethodHandleConstants.java
fails on all platforms
- S8027201, CVE-2014-0376: Enhance JAX-P set up
- S8029507, CVE-2013-5893: Enhance JVM method processing
- S8029533: REGRESSION:
closed/java/lang/invoke/8008140/Test8008140.java fails
agains
* Backports
- S8025255: (tz) Support tzdata2013g
- S8026826: JDK 7 fix for 8010935 broke the build
* Bug fixes
- PR1618: Include defs.make in vm.make so
VM_LITTLE_ENDIAN is defined on Zero builds
- D729448: 32-bit alignment on mips and mipsel
- PR1623: Collision between OpenJDK 6 & 7 classes when
bootstrapping with OpenJDK 6
- Add update.py, helper script to download openjdk tarballs
from hg repo
- Buildrequire quilt unconditionally as it's used
unconditionally.
- Really disable tests on non-JIT architectures. (from
Ulrich Weigand)
- Add headless subpackage wich does not require X and
pulse/alsa
- Add accessibility to extra subpackage, which requires new
java-atk-wrapper package
* removed java-1.7.0-openjdk-java-access-bridge-idlj.patch
* removed java-1.7.0-openjdk-java-access-bridge-tck.patch
* removed java-access-bridge-1.26.2.tar.bz2
- Refreshed
* java-1.7.0-openjdk-java-access-bridge-security.patch
- Add a support for running tests using --with tests
* this is ignored on non-jit architectures
- Prefer global over define as bcond_with does use them
- Forward declare aarch64 arch macro
- Define archbuild/archinstall macros for arm and aarch64
* remove a few ifarch conditions by using those macros in
filelist
- Need ecj-bootstrap in bootstrap mode (noted by mmatz)
- Don't install vim and quilt in bootstrap mode
- A few enhancenments of bootstrap mode
* usable wia --with bootstrap
* disable docs, javadoc package
* fix configure arguments on bootstrap
- Add the unversioned SDK directory link to the files list
of -devel package (fixes update-alternatives from %post).
- Add support for bootstrapping with just gcj (using
included ecj directly). Increase stacksize for powerpc
(amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add
support for ppc64le.
- fix stackoverflow for powerpc
(java-1_7_0-openjdk-ppc-stackoverflow.patch)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-95
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
java-1_7_0-openjdk-1.7.0.6-24.13.5
java-1_7_0-openjdk-accessibility-1.7.0.6-24.13.5
java-1_7_0-openjdk-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-debugsource-1.7.0.6-24.13.5
java-1_7_0-openjdk-demo-1.7.0.6-24.13.5
java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-devel-1.7.0.6-24.13.5
java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-headless-1.7.0.6-24.13.5
java-1_7_0-openjdk-headless-debuginfo-1.7.0.6-24.13.5
java-1_7_0-openjdk-javadoc-1.7.0.6-24.13.5
java-1_7_0-openjdk-src-1.7.0.6-24.13.5
References:
http://support.novell.com/security/cve/CVE-2013-5878.htmlhttp://support.novell.com/security/cve/CVE-2013-5884.htmlhttp://support.novell.com/security/cve/CVE-2013-5893.htmlhttp://support.novell.com/security/cve/CVE-2013-5896.htmlhttp://support.novell.com/security/cve/CVE-2013-5907.htmlhttp://support.novell.com/security/cve/CVE-2013-5910.htmlhttp://support.novell.com/security/cve/CVE-2014-0368.htmlhttp://support.novell.com/security/cve/CVE-2014-0373.htmlhttp://support.novell.com/security/cve/CVE-2014-0376.htmlhttp://support.novell.com/security/cve/CVE-2014-0408.htmlhttp://support.novell.com/security/cve/CVE-2014-0411.htmlhttp://support.novell.com/security/cve/CVE-2014-0416.htmlhttp://support.novell.com/security/cve/CVE-2014-0422.htmlhttp://support.novell.com/security/cve/CVE-2014-0423.htmlhttp://support.novell.com/security/cve/CVE-2014-0428.htmlhttps://bugzilla.novell.com/858818
openSUSE Recommended Update: aaa_base: Two fixes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0160-1
Rating: low
References: #859360 #860477
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update fixes the following issues with aaa_base:
- bnc#860477: print parse errors to stderr
- bnc#859360: Avoid journal output as this may take time on
pure journald systems
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-92
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
aaa_base-13.1-16.34.1
aaa_base-debuginfo-13.1-16.34.1
aaa_base-debugsource-13.1-16.34.1
aaa_base-extras-13.1-16.34.1
aaa_base-malloccheck-13.1-16.34.1
References:
https://bugzilla.novell.com/859360https://bugzilla.novell.com/860477
openSUSE Recommended Update: coreutils: Fix 2 major regressions in sort and 1 fix for stat and tail
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0159-1
Rating: important
References: #856644 #857262
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has two recommended fixes can now be
installed.
Description:
This update fixes the following issues with coreutils:
- sort:
+ rh#1003544: Fix sorting by non-first field
+ bnc#857262, rh#1046735, rh#1001775: Fix "sort always
sorts in C locale"
- bnc#856644: stat,tail: support new file system types
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-93
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
coreutils-8.21-7.12.1
coreutils-debuginfo-8.21-7.12.1
coreutils-debugsource-8.21-7.12.1
- openSUSE 13.1 (noarch):
coreutils-lang-8.21-7.12.1
References:
https://bugzilla.novell.com/856644https://bugzilla.novell.com/857262
openSUSE Recommended Update: sysconfig: Fixed an performance issue with rc.status
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0158-1
Rating: moderate
References: #859360
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issue with sysconfig:
- bnc#859360: A systemctl status is quite expensive as it
(by default) parses logs, etc. Use is-active where we
need the code only. This fixes an performance issue with
rc.status
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-91
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
sysconfig-0.81.5-14.1
sysconfig-debugsource-0.81.5-14.1
sysconfig-netconfig-0.81.5-14.1
sysconfig-network-0.81.5-14.1
sysconfig-network-debuginfo-0.81.5-14.1
udevmountd-0.81.5-14.1
udevmountd-debuginfo-0.81.5-14.1
References:
https://bugzilla.novell.com/859360
openSUSE Recommended Update: Softwarestack update for openSUSE 13.1
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0148-1
Rating: important
References: #683914 #853065 #855845 #859160 #859211
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update fixes the following issues with the Software
Stack:
- zypper:
+ bnc#859160:
* Zypper must refresh CD/DVD if no raw metadata are
present
* Don't read metadata from CD/DVD repo if --no-check
was used
+ bnc#859211: Fix filelist search to match full paths
instead of basenames only
+ bnc#855845: Fix missing priority in RepoInfo::dumpAsXML
+ Update manpage (distribution upgrade)
+ Updated translations
- libzypp:
+ bnc#853065: Fix cleanup code removing the @System solv
file.
+ bnc#855845: Fix missing priority in RepoInfo::dumpAsXML
+ bnc#683914: Add support for repo authentication using
SSL client certificates
+ Updated translations
- libzypp-bindings:
+ Fix python-testcases
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-89
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
libzypp-13.9.0-10.1
libzypp-bindings-debugsource-0.5.17.1-8.1
libzypp-debuginfo-13.9.0-10.1
libzypp-debugsource-13.9.0-10.1
libzypp-devel-13.9.0-10.1
perl-zypp-0.5.17.1-8.1
perl-zypp-debuginfo-0.5.17.1-8.1
python-zypp-0.5.17.1-8.1
python-zypp-debuginfo-0.5.17.1-8.1
ruby-zypp-0.5.17.1-8.1
ruby-zypp-debuginfo-0.5.17.1-8.1
zypper-1.9.10-12.1
zypper-debuginfo-1.9.10-12.1
zypper-debugsource-1.9.10-12.1
- openSUSE 13.1 (noarch):
zypper-aptitude-1.9.10-12.1
zypper-log-1.9.10-12.1
References:
https://bugzilla.novell.com/683914https://bugzilla.novell.com/853065https://bugzilla.novell.com/855845https://bugzilla.novell.com/859160https://bugzilla.novell.com/859211
openSUSE Recommended Update: git: Update to bugfix-release 1.8.4.5 from 1.8.4
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0147-1
Rating: low
References: #859057
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with git:
- bnc#859057: update to version 1.8.4.5, for fixing
git-send-email issue
+
https://raw.github.com/git/git/master/Documentation/RelNotes
/1.8.4.5.txt
* Recent update to remote-hg that attempted to make it
work better with non ASCII pathnames fed Unicode strings to
the underlying Hg API, which was wrong.
* "git submodule init" copied "submodule.$name.update"
settings from .gitmodules to .git/config without making
sure if the suggested value was sensible.
+
https://raw.github.com/git/git/master/Documentation/RelNotes
/1.8.4.4.txt
* The fix in v1.8.4.3 to the pack transfer protocol to
propagate the target of symbolic refs broke "git clone/git
fetch" from a repository with too many symbolic refs. As a
hotfix/workaround, we transfer only the information on HEAD.
+
https://raw.github.com/git/git/master/Documentation/RelNotes
/1.8.4.3.txt
* The interaction between use of Perl in our test suite
and NO_PERL has been clarified a bit.
* A fast-import stream expresses a pathname with funny
characters by quoting them in C style; remote-hg remote
helper (in contrib/) forgot to unquote such a path.
* One long-standing flaw in the pack transfer protocol
used by "git clone" was that there was no way to tell the
other end which branch "HEAD" points at, and the receiving
end needed to guess. A new capability has been defined in
the pack protocol to convey this information so that
cloning from a repository with more than one branches
pointing at the same commit where the HEAD is at now
reliably sets the initial branch in the resulting
repository.
* We did not handle cases where http transport gets
redirected during the authorization request (e.g. from
http:// to https://).
* "git rev-list --objects ^v1.0^ v1.0" gave v1.0 tag
itself in the output, but "git rev-list --objects
v1.0^..v1.0" did not.
* The fall-back parsing of commit objects with broken
author or committer lines were less robust than ideal in
picking up the timestamps.
* Bash prompting code to deal with an SVN remote as an
upstream were coded in a way not supported by older Bash
versions (3.x).
* "git checkout topic", when there is not yet a local
"topic" branch but there is a unique remote-tracking branch
for a remote "topic" branch, pretended as if "git checkout
-t -b topic remote/$r/topic" (for that unique remote $r)
was run. This hack however was not implemented for "git
checkout topic --".
* Coloring around octopus merges in "log --graph"
output was screwy.
* We did not generate HTML version of documentation to
"git subtree" in contrib/.
* The synopsis section of "git unpack-objects"
documentation has been clarified a bit.
* An ancient How-To on serving Git repositories on an
HTTP server lacked a warning that it has been mostly
superseded with more modern way.
+
https://raw.github.com/git/git/master/Documentation/RelNotes
/1.8.4.2.txt
* "git clone" gave some progress messages to the
standard output, not to the standard error, and did not
allow suppressing them with the "--no-progress" option.
* "format-patch --from=<whom>" forgot to omit
unnecessary in-body from line, i.e. when <whom> is the same
as the real author.
* "git shortlog" used to choke and die when there is a
malformed commit (e.g. missing authors); it now simply
ignore such a commit and keeps going.
* "git merge-recursive" did not parse its
"--diff-algorithm=" command line option correctly.
* "git branch --track" had a minor regression in
v1.8.3.2 and later that made it impossible to base your
local work on anything but a local branch of the upstream
repository you are tracking from.
* "git ls-files -k" needs to crawl only the part of the
working tree that may overlap the paths in the index to
find killed files, but shared code with the logic to find
all the untracked files, which made it unnecessarily
inefficient.
* When there is no sufficient overlap between old and
new history during a "git fetch" into a shallow repository,
objects that the sending side knows the receiving end has
were unnecessarily sent.
* When running "fetch -q", a long silence while the
sender side computes the set of objects to send can be
mistaken by proxies as dropped connection. The server side
has been taught to send a small empty messages to keep the
connection alive.
* When the webserver responds with "405 Method Not
Allowed", "git http-backend" should tell the client what
methods are allowed with the "Allow" header.
* "git cvsserver" computed the permission mode bits
incorrectly for executable files.
* The implementation of "add -i" has a crippling code
to work around ActiveState Perl limitation but it by
mistake also triggered on Git for Windows where MSYS perl
is used.
* We made sure that we notice the user-supplied GIT_DIR
is actually a gitfile, but did not do the same when the
default ".git" is a gitfile.
* When an object is not found after checking the
packfiles and then loose object directory, read_sha1_file()
re-checks the packfiles to prevent racing with a concurrent
repacker; teach the same logic to has_sha1_file().
* "git commit --author=$name", when $name is not in the
canonical "A. U. Thor <au.thor(a)example.xz>" format, looks
for a matching name from existing history, but did not
consult mailmap to grab the preferred author name.
* The commit object names in the insn sheet that was
prepared at the beginning of "rebase -i" session can become
ambiguous as the rebasing progresses and the repository
gains more commits. Make sure the internal record is kept
with full 40-hex object names.
* "git rebase --preserve-merges" internally used the
merge machinery and as a side effect, left merge summary
message in the log, but when rebasing, there should not be
a need for merge summary.
* "git rebase -i" forgot that the comment character can
be configurable while reading its insn sheet.
+
https://raw.github.com/git/git/master/Documentation/RelNotes
/1.8.4.1.txt
* Some old versions of bash do not grok some constructs
like 'printf -v varname' which the prompt and completion
code started to use recently. The completion and prompt
scripts have been adjusted to work better with these old
versions of bash.
* In FreeBSD's and NetBSD's "sh", a return in a dot
script in a function returns from the function, not only in
the dot script, breaking "git rebase" on these platforms
(regression introduced in 1.8.4-rc1).
* "git rebase -i" and other scripted commands were
feeding a random, data dependant error message to 'echo'
and expecting it to come out literally.
* Setting the "submodule.<name>.path" variable to the
empty "true" caused the configuration parser to segfault.
* Output from "git log --full-diff -- <pathspec>"
looked strange because comparison was done with the
previous ancestor that touched the specified <pathspec>,
causing the patches for paths outside the pathspec to show
more than the single commit has changed.
* The auto-tag-following code in "git fetch" tries to
reuse the same transport twice when the serving end does
not cooperate and does not give tags that point to commits
that are asked for as part of the primary transfer.
Unfortunately, Git-aware transport helper interface is not
designed to be used more than once, hence this did not work
over smart-http transfer. Fixed.
* Send a large request to read(2)/write(2) as a smaller
but still reasonably large chunks, which would improve the
latency when the operation needs to be killed and
incidentally works around broken 64-bit systems that cannot
take a 2GB write or read in one go.
* A ".mailmap" file that ends with an incomplete line,
when read from a blob, was not handled properly.
* The recent "short-cut clone connectivity check" topic
broke a shallow repository when a fetch operation tries to
auto-follow tags.
* When send-email comes up with an error message to die
with upon failure to start an SSL session, it tried to read
the error string from a wrong place.
* A call to xread() was used without a loop to cope
with short read in the codepath to stream large blobs to a
pack.
* On platforms with fgetc() and friends defined as
macros, the configuration parser did not compile.
* New versions of MediaWiki introduced a new API for
returning more than 500 results in response to a query,
which would cause the MediaWiki remote helper to go into an
infinite loop.
* Subversion's serf access method (the only one
available in Subversion 1.8) for http and https URLs in
skelta mode tells its caller to open multiple files at a
time, which made "git svn fetch" complain that "Temp file
with moniker 'svn_delta' already in use" instead of
fetching.
Patch Instructions:
To install this openSUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2014-88
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
git-1.8.4.5-3.4.1
git-arch-1.8.4.5-3.4.1
git-core-1.8.4.5-3.4.1
git-core-debuginfo-1.8.4.5-3.4.1
git-cvs-1.8.4.5-3.4.1
git-daemon-1.8.4.5-3.4.1
git-daemon-debuginfo-1.8.4.5-3.4.1
git-debugsource-1.8.4.5-3.4.1
git-email-1.8.4.5-3.4.1
git-gui-1.8.4.5-3.4.1
git-remote-helpers-1.8.4.5-3.4.1
git-svn-1.8.4.5-3.4.1
git-svn-debuginfo-1.8.4.5-3.4.1
git-web-1.8.4.5-3.4.1
gitk-1.8.4.5-3.4.1
References:
https://bugzilla.novell.com/859057
openSUSE Security Update: update for hplip
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0146-1
Rating: moderate
References: #852368
Cross-References: CVE-2013-6402
Affected Products:
openSUSE 11.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
- fix-CVE-2013-6402.dif fixes hardcoded file name
/tmp/hp-pkservice.log in pkit.py (bnc#852368).
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 11.4:
zypper in -t patch 2014-10
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 11.4 (i586 x86_64):
hplip-3.11.5-1.19.1
hplip-debuginfo-3.11.5-1.19.1
hplip-debugsource-3.11.5-1.19.1
hplip-hpijs-3.11.5-1.19.1
hplip-hpijs-debuginfo-3.11.5-1.19.1
References:
http://support.novell.com/security/cve/CVE-2013-6402.htmlhttps://bugzilla.novell.com/852368