January 2014 - openSUSE Updates - openSUSE Mailing Lists

openSUSE-SU-2014:0177-1: moderate: update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 31 Jan '14

31 Jan '14

openSUSE Security Update: update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0177-1 Rating: moderate References: #858818 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: - Fix a file conflict between -devel and -headless package - Update to 2.4.4 (bnc#858818) * changed from xz to gzipped tarball as the first was not available during update * changed a keyring file due release manager change new one is signed by 66484681 from omajid(a)redhat.com, see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J anuary/025800.html * Security fixes - S6727821: Enhance JAAS Configuration - S7068126, CVE-2014-0373: Enhance SNMP statuses - S8010935: Better XML handling - S8011786, CVE-2014-0368: Better applet networking - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code - S8022904: Enhance JDBC Parsers - S8022927: Input validation for byte/endian conversions - S8022935: Enhance Apache resolver classes - S8022945: Enhance JNDI implementation classes - S8023057: Enhance start up image display - S8023069, CVE-2014-0411: Enhance TLS connections - S8023245, CVE-2014-0423: Enhance Beans decoding - S8023301: Enhance generic classes - S8023338: Update jarsigner to encourage timestamping - S8023672: Enhance jar file validation - S8024302: Clarify jar verifications - S8024306, CVE-2014-0416: Enhance Subject consistency - S8024530: Enhance font process resilience - S8024867: Enhance logging start up - S8025014: Enhance Security Policy - S8025018, CVE-2014-0376: Enhance JAX-P set up - S8025026, CVE-2013-5878: Enhance canonicalization - S8025034, CVE-2013-5907: Improve layout lookups - S8025448: Enhance listening events - S8025758, CVE-2014-0422: Enhance Naming management - S8025767, CVE-2014-0428: Enhance IIOP Streams - S8026172: Enhance UI Management - S8026176: Enhance document printing - S8026193, CVE-2013-5884: Enhance CORBA stub factories - S8026204: Enhance auth login contexts - S8026417, CVE-2013-5910: Enhance XML canonicalization - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms - S8027201, CVE-2014-0376: Enhance JAX-P set up - S8029507, CVE-2013-5893: Enhance JVM method processing - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains * Backports - S8025255: (tz) Support tzdata2013g - S8026826: JDK 7 fix for 8010935 broke the build * Bug fixes - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds - D729448: 32-bit alignment on mips and mipsel - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6 - Add update.py, helper script to download openjdk tarballs from hg repo - Buildrequire quilt unconditionally as it's used unconditionally. - Really disable tests on non-JIT architectures. (from Ulrich Weigand) - Add headless subpackage wich does not require X and pulse/alsa - Add accessibility to extra subpackage, which requires new java-atk-wrapper package * removed java-1.7.0-openjdk-java-access-bridge-idlj.patch * removed java-1.7.0-openjdk-java-access-bridge-tck.patch * removed java-access-bridge-1.26.2.tar.bz2 - Refreshed * java-1.7.0-openjdk-java-access-bridge-security.patch - Add a support for running tests using --with tests * this is ignored on non-jit architectures - Prefer global over define as bcond_with does use them - Forward declare aarch64 arch macro - Define archbuild/archinstall macros for arm and aarch64 * remove a few ifarch conditions by using those macros in filelist - Need ecj-bootstrap in bootstrap mode (noted by mmatz) - Don't install vim and quilt in bootstrap mode - A few enhancenments of bootstrap mode * usable wia --with bootstrap * disable docs, javadoc package * fix configure arguments on bootstrap - Add the unversioned SDK directory link to the files list of -devel package (fixes update-alternatives from %post). - Add support for bootstrapping with just gcj (using included ecj directly). Increase stacksize for powerpc (amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add support for ppc64le. - fix stackoverflow for powerpc (java-1_7_0-openjdk-ppc-stackoverflow.patch) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-95 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-24.13.5 java-1_7_0-openjdk-accessibility-1.7.0.6-24.13.5 java-1_7_0-openjdk-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-debugsource-1.7.0.6-24.13.5 java-1_7_0-openjdk-demo-1.7.0.6-24.13.5 java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-devel-1.7.0.6-24.13.5 java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-headless-1.7.0.6-24.13.5 java-1_7_0-openjdk-headless-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-javadoc-1.7.0.6-24.13.5 java-1_7_0-openjdk-src-1.7.0.6-24.13.5 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5893.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0408.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/858818

1 0

openSUSE-SU-2014:0176-1: moderate: update for libqt5-qtbase
by opensuse-security＠opensuse.org 31 Jan '14

31 Jan '14

openSUSE Security Update: update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0176-1 Rating: moderate References: #856832 Cross-References: CVE-2013-4549 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - added patches: * disallow-deep-or-widely-nested-entity-references.patch: upstream fix for bnc#856832 and CVE-2013-4549: xml entity expansion attacks Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-94 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libQt5Gui5-5.1.1-6.7 libQt5Gui5-debuginfo-5.1.1-6.7 libQt5Sql5-5.1.1-6.7 libQt5Sql5-debuginfo-5.1.1-6.7 libQt5Test5-5.1.1-6.7 libQt5Test5-debuginfo-5.1.1-6.7 libQt5Widgets5-5.1.1-6.7 libQt5Widgets5-debuginfo-5.1.1-6.7 libqt5-qtbase-5.1.1-6.7 libqt5-qtbase-debuginfo-5.1.1-6.7 libqt5-qtbase-debugsource-5.1.1-6.7 libqt5-qtbase-devel-5.1.1-6.7 libqt5-qtbase-devel-debuginfo-5.1.1-6.7 libqt5-qtbase-private-headers-devel-5.1.1-6.7 libqt5-sql-mysql-5.1.1-6.7 libqt5-sql-mysql-debuginfo-5.1.1-6.7 libqt5-sql-postgresql-5.1.1-6.7 libqt5-sql-postgresql-debuginfo-5.1.1-6.7 libqt5-sql-sqlite-5.1.1-6.7 libqt5-sql-sqlite-debuginfo-5.1.1-6.7 libqt5-sql-unixODBC-5.1.1-6.7 libqt5-sql-unixODBC-debuginfo-5.1.1-6.7 - openSUSE 13.1 (x86_64): libQt5Gui5-32bit-5.1.1-6.7 libQt5Gui5-debuginfo-32bit-5.1.1-6.7 libQt5Sql5-32bit-5.1.1-6.7 libQt5Sql5-debuginfo-32bit-5.1.1-6.7 libQt5Test5-32bit-5.1.1-6.7 libQt5Test5-debuginfo-32bit-5.1.1-6.7 libQt5Widgets5-32bit-5.1.1-6.7 libQt5Widgets5-debuginfo-32bit-5.1.1-6.7 libqt5-qtbase-32bit-5.1.1-6.7 libqt5-qtbase-debuginfo-32bit-5.1.1-6.7 libqt5-sql-mysql-32bit-5.1.1-6.7 libqt5-sql-mysql-debuginfo-32bit-5.1.1-6.7 libqt5-sql-postgresql-32bit-5.1.1-6.7 libqt5-sql-postgresql-debuginfo-32bit-5.1.1-6.7 libqt5-sql-sqlite-32bit-5.1.1-6.7 libqt5-sql-sqlite-debuginfo-32bit-5.1.1-6.7 libqt5-sql-unixODBC-32bit-5.1.1-6.7 libqt5-sql-unixODBC-debuginfo-32bit-5.1.1-6.7 References: http://support.novell.com/security/cve/CVE-2013-4549.html https://bugzilla.novell.com/856832

1 0

openSUSE-SU-2014:0174-1: moderate: update for java-1_7_0-openjdk
by opensuse-security＠opensuse.org 31 Jan '14

31 Jan '14

openSUSE Security Update: update for java-1_7_0-openjdk ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0174-1 Rating: moderate References: #858818 Cross-References: CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0408 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes 15 vulnerabilities is now available. Description: - Fix a file conflict between -devel and -headless package - Update to 2.4.4 (bnc#858818) * changed from xz to gzipped tarball as the first was not available during update * changed a keyring file due release manager change new one is signed by 66484681 from omajid(a)redhat.com, see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-J anuary/025800.html * Security fixes - S6727821: Enhance JAAS Configuration - S7068126, CVE-2014-0373: Enhance SNMP statuses - S8010935: Better XML handling - S8011786, CVE-2014-0368: Better applet networking - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code - S8022904: Enhance JDBC Parsers - S8022927: Input validation for byte/endian conversions - S8022935: Enhance Apache resolver classes - S8022945: Enhance JNDI implementation classes - S8023057: Enhance start up image display - S8023069, CVE-2014-0411: Enhance TLS connections - S8023245, CVE-2014-0423: Enhance Beans decoding - S8023301: Enhance generic classes - S8023338: Update jarsigner to encourage timestamping - S8023672: Enhance jar file validation - S8024302: Clarify jar verifications - S8024306, CVE-2014-0416: Enhance Subject consistency - S8024530: Enhance font process resilience - S8024867: Enhance logging start up - S8025014: Enhance Security Policy - S8025018, CVE-2014-0376: Enhance JAX-P set up - S8025026, CVE-2013-5878: Enhance canonicalization - S8025034, CVE-2013-5907: Improve layout lookups - S8025448: Enhance listening events - S8025758, CVE-2014-0422: Enhance Naming management - S8025767, CVE-2014-0428: Enhance IIOP Streams - S8026172: Enhance UI Management - S8026176: Enhance document printing - S8026193, CVE-2013-5884: Enhance CORBA stub factories - S8026204: Enhance auth login contexts - S8026417, CVE-2013-5910: Enhance XML canonicalization - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms - S8027201, CVE-2014-0376: Enhance JAX-P set up - S8029507, CVE-2013-5893: Enhance JVM method processing - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains * Backports - S8025255: (tz) Support tzdata2013g - S8026826: JDK 7 fix for 8010935 broke the build * Bug fixes - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds - D729448: 32-bit alignment on mips and mipsel - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6 - Add update.py, helper script to download openjdk tarballs from hg repo - Buildrequire quilt unconditionally as it's used unconditionally. - Really disable tests on non-JIT architectures. (from Ulrich Weigand) - Add headless subpackage wich does not require X and pulse/alsa - Add accessibility to extra subpackage, which requires new java-atk-wrapper package * removed java-1.7.0-openjdk-java-access-bridge-idlj.patch * removed java-1.7.0-openjdk-java-access-bridge-tck.patch * removed java-access-bridge-1.26.2.tar.bz2 - Refreshed * java-1.7.0-openjdk-java-access-bridge-security.patch - Add a support for running tests using --with tests * this is ignored on non-jit architectures - Prefer global over define as bcond_with does use them - Forward declare aarch64 arch macro - Define archbuild/archinstall macros for arm and aarch64 * remove a few ifarch conditions by using those macros in filelist - Need ecj-bootstrap in bootstrap mode (noted by mmatz) - Don't install vim and quilt in bootstrap mode - A few enhancenments of bootstrap mode * usable wia --with bootstrap * disable docs, javadoc package * fix configure arguments on bootstrap - Add the unversioned SDK directory link to the files list of -devel package (fixes update-alternatives from %post). - Add support for bootstrapping with just gcj (using included ecj directly). Increase stacksize for powerpc (amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add support for ppc64le. - fix stackoverflow for powerpc (java-1_7_0-openjdk-ppc-stackoverflow.patch) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-95 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): java-1_7_0-openjdk-1.7.0.6-24.13.5 java-1_7_0-openjdk-accessibility-1.7.0.6-24.13.5 java-1_7_0-openjdk-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-debugsource-1.7.0.6-24.13.5 java-1_7_0-openjdk-demo-1.7.0.6-24.13.5 java-1_7_0-openjdk-demo-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-devel-1.7.0.6-24.13.5 java-1_7_0-openjdk-devel-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-headless-1.7.0.6-24.13.5 java-1_7_0-openjdk-headless-debuginfo-1.7.0.6-24.13.5 java-1_7_0-openjdk-javadoc-1.7.0.6-24.13.5 java-1_7_0-openjdk-src-1.7.0.6-24.13.5 References: http://support.novell.com/security/cve/CVE-2013-5878.html http://support.novell.com/security/cve/CVE-2013-5884.html http://support.novell.com/security/cve/CVE-2013-5893.html http://support.novell.com/security/cve/CVE-2013-5896.html http://support.novell.com/security/cve/CVE-2013-5907.html http://support.novell.com/security/cve/CVE-2013-5910.html http://support.novell.com/security/cve/CVE-2014-0368.html http://support.novell.com/security/cve/CVE-2014-0373.html http://support.novell.com/security/cve/CVE-2014-0376.html http://support.novell.com/security/cve/CVE-2014-0408.html http://support.novell.com/security/cve/CVE-2014-0411.html http://support.novell.com/security/cve/CVE-2014-0416.html http://support.novell.com/security/cve/CVE-2014-0422.html http://support.novell.com/security/cve/CVE-2014-0423.html http://support.novell.com/security/cve/CVE-2014-0428.html https://bugzilla.novell.com/858818

1 0

openSUSE-SU-2014:0173-1: moderate: update for libqt5-qtbase
by opensuse-security＠opensuse.org 31 Jan '14

31 Jan '14

openSUSE Security Update: update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0173-1 Rating: moderate References: #856832 Cross-References: CVE-2013-4549 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - added patches: * disallow-deep-or-widely-nested-entity-references.patch: upstream fix for bnc#856832 and CVE-2013-4549: xml entity expansion attacks Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-94 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libQt5Gui5-5.1.1-6.7 libQt5Gui5-debuginfo-5.1.1-6.7 libQt5Sql5-5.1.1-6.7 libQt5Sql5-debuginfo-5.1.1-6.7 libQt5Test5-5.1.1-6.7 libQt5Test5-debuginfo-5.1.1-6.7 libQt5Widgets5-5.1.1-6.7 libQt5Widgets5-debuginfo-5.1.1-6.7 libqt5-qtbase-5.1.1-6.7 libqt5-qtbase-debuginfo-5.1.1-6.7 libqt5-qtbase-debugsource-5.1.1-6.7 libqt5-qtbase-devel-5.1.1-6.7 libqt5-qtbase-devel-debuginfo-5.1.1-6.7 libqt5-qtbase-private-headers-devel-5.1.1-6.7 libqt5-sql-mysql-5.1.1-6.7 libqt5-sql-mysql-debuginfo-5.1.1-6.7 libqt5-sql-postgresql-5.1.1-6.7 libqt5-sql-postgresql-debuginfo-5.1.1-6.7 libqt5-sql-sqlite-5.1.1-6.7 libqt5-sql-sqlite-debuginfo-5.1.1-6.7 libqt5-sql-unixODBC-5.1.1-6.7 libqt5-sql-unixODBC-debuginfo-5.1.1-6.7 - openSUSE 13.1 (x86_64): libQt5Gui5-32bit-5.1.1-6.7 libQt5Gui5-debuginfo-32bit-5.1.1-6.7 libQt5Sql5-32bit-5.1.1-6.7 libQt5Sql5-debuginfo-32bit-5.1.1-6.7 libQt5Test5-32bit-5.1.1-6.7 libQt5Test5-debuginfo-32bit-5.1.1-6.7 libQt5Widgets5-32bit-5.1.1-6.7 libQt5Widgets5-debuginfo-32bit-5.1.1-6.7 libqt5-qtbase-32bit-5.1.1-6.7 libqt5-qtbase-debuginfo-32bit-5.1.1-6.7 libqt5-sql-mysql-32bit-5.1.1-6.7 libqt5-sql-mysql-debuginfo-32bit-5.1.1-6.7 libqt5-sql-postgresql-32bit-5.1.1-6.7 libqt5-sql-postgresql-debuginfo-32bit-5.1.1-6.7 libqt5-sql-sqlite-32bit-5.1.1-6.7 libqt5-sql-sqlite-debuginfo-32bit-5.1.1-6.7 libqt5-sql-unixODBC-32bit-5.1.1-6.7 libqt5-sql-unixODBC-debuginfo-32bit-5.1.1-6.7 References: http://support.novell.com/security/cve/CVE-2013-4549.html https://bugzilla.novell.com/856832

1 0

openSUSE-RU-2014:0160-1: aaa_base: Two fixes
by maintenance＠opensuse.org 30 Jan '14

30 Jan '14

openSUSE Recommended Update: aaa_base: Two fixes ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0160-1 Rating: low References: #859360 #860477 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues with aaa_base: - bnc#860477: print parse errors to stderr - bnc#859360: Avoid journal output as this may take time on pure journald systems Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-92 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): aaa_base-13.1-16.34.1 aaa_base-debuginfo-13.1-16.34.1 aaa_base-debugsource-13.1-16.34.1 aaa_base-extras-13.1-16.34.1 aaa_base-malloccheck-13.1-16.34.1 References: https://bugzilla.novell.com/859360 https://bugzilla.novell.com/860477

1 0

openSUSE-RU-2014:0159-1: important: coreutils: Fix 2 major regressions in sort and 1 fix for stat and tail
by maintenance＠opensuse.org 30 Jan '14

30 Jan '14

openSUSE Recommended Update: coreutils: Fix 2 major regressions in sort and 1 fix for stat and tail ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0159-1 Rating: important References: #856644 #857262 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues with coreutils: - sort: + rh#1003544: Fix sorting by non-first field + bnc#857262, rh#1046735, rh#1001775: Fix "sort always sorts in C locale" - bnc#856644: stat,tail: support new file system types Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-93 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): coreutils-8.21-7.12.1 coreutils-debuginfo-8.21-7.12.1 coreutils-debugsource-8.21-7.12.1 - openSUSE 13.1 (noarch): coreutils-lang-8.21-7.12.1 References: https://bugzilla.novell.com/856644 https://bugzilla.novell.com/857262

1 0

openSUSE-RU-2014:0158-1: moderate: sysconfig: Fixed an performance issue with rc.status
by maintenance＠opensuse.org 30 Jan '14

30 Jan '14

openSUSE Recommended Update: sysconfig: Fixed an performance issue with rc.status ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0158-1 Rating: moderate References: #859360 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issue with sysconfig: - bnc#859360: A systemctl status is quite expensive as it (by default) parses logs, etc. Use is-active where we need the code only. This fixes an performance issue with rc.status Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-91 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): sysconfig-0.81.5-14.1 sysconfig-debugsource-0.81.5-14.1 sysconfig-netconfig-0.81.5-14.1 sysconfig-network-0.81.5-14.1 sysconfig-network-debuginfo-0.81.5-14.1 udevmountd-0.81.5-14.1 udevmountd-debuginfo-0.81.5-14.1 References: https://bugzilla.novell.com/859360

1 0

openSUSE-RU-2014:0148-1: important: Softwarestack update for openSUSE 13.1
by maintenance＠opensuse.org 28 Jan '14

28 Jan '14

openSUSE Recommended Update: Softwarestack update for openSUSE 13.1 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0148-1 Rating: important References: #683914 #853065 #855845 #859160 #859211 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues with the Software Stack: - zypper: + bnc#859160: * Zypper must refresh CD/DVD if no raw metadata are present * Don't read metadata from CD/DVD repo if --no-check was used + bnc#859211: Fix filelist search to match full paths instead of basenames only + bnc#855845: Fix missing priority in RepoInfo::dumpAsXML + Update manpage (distribution upgrade) + Updated translations - libzypp: + bnc#853065: Fix cleanup code removing the @System solv file. + bnc#855845: Fix missing priority in RepoInfo::dumpAsXML + bnc#683914: Add support for repo authentication using SSL client certificates + Updated translations - libzypp-bindings: + Fix python-testcases Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-89 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libzypp-13.9.0-10.1 libzypp-bindings-debugsource-0.5.17.1-8.1 libzypp-debuginfo-13.9.0-10.1 libzypp-debugsource-13.9.0-10.1 libzypp-devel-13.9.0-10.1 perl-zypp-0.5.17.1-8.1 perl-zypp-debuginfo-0.5.17.1-8.1 python-zypp-0.5.17.1-8.1 python-zypp-debuginfo-0.5.17.1-8.1 ruby-zypp-0.5.17.1-8.1 ruby-zypp-debuginfo-0.5.17.1-8.1 zypper-1.9.10-12.1 zypper-debuginfo-1.9.10-12.1 zypper-debugsource-1.9.10-12.1 - openSUSE 13.1 (noarch): zypper-aptitude-1.9.10-12.1 zypper-log-1.9.10-12.1 References: https://bugzilla.novell.com/683914 https://bugzilla.novell.com/853065 https://bugzilla.novell.com/855845 https://bugzilla.novell.com/859160 https://bugzilla.novell.com/859211

1 0

openSUSE-RU-2014:0147-1: git: Update to bugfix-release 1.8.4.5 from 1.8.4
by maintenance＠opensuse.org 28 Jan '14

28 Jan '14

openSUSE Recommended Update: git: Update to bugfix-release 1.8.4.5 from 1.8.4 ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:0147-1 Rating: low References: #859057 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues with git: - bnc#859057: update to version 1.8.4.5, for fixing git-send-email issue + https://raw.github.com/git/git/master/Documentation/RelNotes /1.8.4.5.txt * Recent update to remote-hg that attempted to make it work better with non ASCII pathnames fed Unicode strings to the underlying Hg API, which was wrong. * "git submodule init" copied "submodule.$name.update" settings from .gitmodules to .git/config without making sure if the suggested value was sensible. + https://raw.github.com/git/git/master/Documentation/RelNotes /1.8.4.4.txt * The fix in v1.8.4.3 to the pack transfer protocol to propagate the target of symbolic refs broke "git clone/git fetch" from a repository with too many symbolic refs. As a hotfix/workaround, we transfer only the information on HEAD. + https://raw.github.com/git/git/master/Documentation/RelNotes /1.8.4.3.txt * The interaction between use of Perl in our test suite and NO_PERL has been clarified a bit. * A fast-import stream expresses a pathname with funny characters by quoting them in C style; remote-hg remote helper (in contrib/) forgot to unquote such a path. * One long-standing flaw in the pack transfer protocol used by "git clone" was that there was no way to tell the other end which branch "HEAD" points at, and the receiving end needed to guess. A new capability has been defined in the pack protocol to convey this information so that cloning from a repository with more than one branches pointing at the same commit where the HEAD is at now reliably sets the initial branch in the resulting repository. * We did not handle cases where http transport gets redirected during the authorization request (e.g. from http:// to https://). * "git rev-list --objects ^v1.0^ v1.0" gave v1.0 tag itself in the output, but "git rev-list --objects v1.0^..v1.0" did not. * The fall-back parsing of commit objects with broken author or committer lines were less robust than ideal in picking up the timestamps. * Bash prompting code to deal with an SVN remote as an upstream were coded in a way not supported by older Bash versions (3.x). * "git checkout topic", when there is not yet a local "topic" branch but there is a unique remote-tracking branch for a remote "topic" branch, pretended as if "git checkout -t -b topic remote/$r/topic" (for that unique remote $r) was run. This hack however was not implemented for "git checkout topic --". * Coloring around octopus merges in "log --graph" output was screwy. * We did not generate HTML version of documentation to "git subtree" in contrib/. * The synopsis section of "git unpack-objects" documentation has been clarified a bit. * An ancient How-To on serving Git repositories on an HTTP server lacked a warning that it has been mostly superseded with more modern way. + https://raw.github.com/git/git/master/Documentation/RelNotes /1.8.4.2.txt * "git clone" gave some progress messages to the standard output, not to the standard error, and did not allow suppressing them with the "--no-progress" option. * "format-patch --from=<whom>" forgot to omit unnecessary in-body from line, i.e. when <whom> is the same as the real author. * "git shortlog" used to choke and die when there is a malformed commit (e.g. missing authors); it now simply ignore such a commit and keeps going. * "git merge-recursive" did not parse its "--diff-algorithm=" command line option correctly. * "git branch --track" had a minor regression in v1.8.3.2 and later that made it impossible to base your local work on anything but a local branch of the upstream repository you are tracking from. * "git ls-files -k" needs to crawl only the part of the working tree that may overlap the paths in the index to find killed files, but shared code with the logic to find all the untracked files, which made it unnecessarily inefficient. * When there is no sufficient overlap between old and new history during a "git fetch" into a shallow repository, objects that the sending side knows the receiving end has were unnecessarily sent. * When running "fetch -q", a long silence while the sender side computes the set of objects to send can be mistaken by proxies as dropped connection. The server side has been taught to send a small empty messages to keep the connection alive. * When the webserver responds with "405 Method Not Allowed", "git http-backend" should tell the client what methods are allowed with the "Allow" header. * "git cvsserver" computed the permission mode bits incorrectly for executable files. * The implementation of "add -i" has a crippling code to work around ActiveState Perl limitation but it by mistake also triggered on Git for Windows where MSYS perl is used. * We made sure that we notice the user-supplied GIT_DIR is actually a gitfile, but did not do the same when the default ".git" is a gitfile. * When an object is not found after checking the packfiles and then loose object directory, read_sha1_file() re-checks the packfiles to prevent racing with a concurrent repacker; teach the same logic to has_sha1_file(). * "git commit --author=$name", when $name is not in the canonical "A. U. Thor <au.thor(a)example.xz>" format, looks for a matching name from existing history, but did not consult mailmap to grab the preferred author name. * The commit object names in the insn sheet that was prepared at the beginning of "rebase -i" session can become ambiguous as the rebasing progresses and the repository gains more commits. Make sure the internal record is kept with full 40-hex object names. * "git rebase --preserve-merges" internally used the merge machinery and as a side effect, left merge summary message in the log, but when rebasing, there should not be a need for merge summary. * "git rebase -i" forgot that the comment character can be configurable while reading its insn sheet. + https://raw.github.com/git/git/master/Documentation/RelNotes /1.8.4.1.txt * Some old versions of bash do not grok some constructs like 'printf -v varname' which the prompt and completion code started to use recently. The completion and prompt scripts have been adjusted to work better with these old versions of bash. * In FreeBSD's and NetBSD's "sh", a return in a dot script in a function returns from the function, not only in the dot script, breaking "git rebase" on these platforms (regression introduced in 1.8.4-rc1). * "git rebase -i" and other scripted commands were feeding a random, data dependant error message to 'echo' and expecting it to come out literally. * Setting the "submodule.<name>.path" variable to the empty "true" caused the configuration parser to segfault. * Output from "git log --full-diff -- <pathspec>" looked strange because comparison was done with the previous ancestor that touched the specified <pathspec>, causing the patches for paths outside the pathspec to show more than the single commit has changed. * The auto-tag-following code in "git fetch" tries to reuse the same transport twice when the serving end does not cooperate and does not give tags that point to commits that are asked for as part of the primary transfer. Unfortunately, Git-aware transport helper interface is not designed to be used more than once, hence this did not work over smart-http transfer. Fixed. * Send a large request to read(2)/write(2) as a smaller but still reasonably large chunks, which would improve the latency when the operation needs to be killed and incidentally works around broken 64-bit systems that cannot take a 2GB write or read in one go. * A ".mailmap" file that ends with an incomplete line, when read from a blob, was not handled properly. * The recent "short-cut clone connectivity check" topic broke a shallow repository when a fetch operation tries to auto-follow tags. * When send-email comes up with an error message to die with upon failure to start an SSL session, it tried to read the error string from a wrong place. * A call to xread() was used without a loop to cope with short read in the codepath to stream large blobs to a pack. * On platforms with fgetc() and friends defined as macros, the configuration parser did not compile. * New versions of MediaWiki introduced a new API for returning more than 500 results in response to a query, which would cause the MediaWiki remote helper to go into an infinite loop. * Subversion's serf access method (the only one available in Subversion 1.8) for http and https URLs in skelta mode tells its caller to open multiple files at a time, which made "git svn fetch" complain that "Temp file with moniker 'svn_delta' already in use" instead of fetching. Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-88 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): git-1.8.4.5-3.4.1 git-arch-1.8.4.5-3.4.1 git-core-1.8.4.5-3.4.1 git-core-debuginfo-1.8.4.5-3.4.1 git-cvs-1.8.4.5-3.4.1 git-daemon-1.8.4.5-3.4.1 git-daemon-debuginfo-1.8.4.5-3.4.1 git-debugsource-1.8.4.5-3.4.1 git-email-1.8.4.5-3.4.1 git-gui-1.8.4.5-3.4.1 git-remote-helpers-1.8.4.5-3.4.1 git-svn-1.8.4.5-3.4.1 git-svn-debuginfo-1.8.4.5-3.4.1 git-web-1.8.4.5-3.4.1 gitk-1.8.4.5-3.4.1 References: https://bugzilla.novell.com/859057

1 0

openSUSE-SU-2014:0146-1: moderate: update for hplip
by opensuse-security＠opensuse.org 28 Jan '14

28 Jan '14

openSUSE Security Update: update for hplip ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0146-1 Rating: moderate References: #852368 Cross-References: CVE-2013-6402 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fix-CVE-2013-6402.dif fixes hardcoded file name /tmp/hp-pkservice.log in pkit.py (bnc#852368). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2014-10 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): hplip-3.11.5-1.19.1 hplip-debuginfo-3.11.5-1.19.1 hplip-debugsource-3.11.5-1.19.1 hplip-hpijs-3.11.5-1.19.1 hplip-hpijs-debuginfo-3.11.5-1.19.1 References: http://support.novell.com/security/cve/CVE-2013-6402.html https://bugzilla.novell.com/852368

1 0