Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20170305
When you reply to report some issues, make sure to change the subject.
It is not helpful to keep the release announcement subject in a thread
while discussing a specific problem.
Packages changed:
automake
bash
binutils
bluez (5.43 -> 5.44)
dbus-1 (1.10.12 -> 1.10.16)
dbus-1-x11 (1.10.12 -> 1.10.16)
diffutils (3.5 -> 3.5.15)
ed (1.14 -> 1.14.2)
filesystem
geoclue2
google-noto-fonts (20151215 -> 20161025)
gpsd
grep (2.28 -> 3.0)
grub2
installation-images (14.302 -> 14.304)
kdelibs4
libX11 (1.6.4 -> 1.6.5)
libpcap (1.7.3 -> 1.8.1)
ncurses
openssh
os-prober
patterns-openSUSE
python-cairo
python-gobject2
sed (4.3 -> 4.4)
sessreg (1.1.0 -> 1.1.1)
shadow
systemd-presets-branding-openSUSE
tcl
tcpdump (4.7.4 -> 4.9.0)
yast2-vm (3.1.30 -> 3.2.0)
=== Details ===
==== automake ====
- use vendor suse instead of IBM on s390x
==== bash ====
Subpackages: bash-doc libreadline7 readline-devel readline-doc
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
was disabled and nobody had reported trouble)
==== binutils ====
Subpackages: binutils-devel
- Add binutils-bso21193.diff to fix section alignment on
.gnu_debuglink. [bso#21193]
==== bluez ====
Version update (5.43 -> 5.44)
Subpackages: bluez-cups bluez-devel libbluetooth3
- make testsuite run non-parallel (obs seems to have problems with
parallel checks) and quiet
- update to version 5.44:
Most fixes are LE (specifically GATT) related, however some other
areas are affected as well.
Feature-wise, there?s a new MIDI plugin and support for using
single-mode (LE-only) controllers that lack a public address.
E.g. any nRF5x controller running a MyNewt or Zephyr based
firmware falls into this category.
- packaging: add "--enable-midi", "--enable-deprecated"
TODO: package deprecated tools into separate package to prepare
removal some time in the future
- rebase bluez-cups-libexec.patch
- Set the cupsdir directly with patch instead of mv and seds:
* bluez-cups-libexec.patch
- Replace requirements by the pkgconfig counterparts
* this should solve out the problem with builcycle on Factory
- Ran over with spec-cleaner
==== dbus-1 ====
Version update (1.10.12 -> 1.10.16)
Subpackages: dbus-1-devel libdbus-1-3 libdbus-1-3-32bit
- Update to 1.10.16
Fixes:
* Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "nonce", in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
(fd.o #99828, Simon McVittie) (bsc#1025950)
* Avoid symlink attacks in the "embedded tests", which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie) (bsc#1025951)
* Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "in flight" for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
* Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
Enhancements:
* Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
==== dbus-1-x11 ====
Version update (1.10.12 -> 1.10.16)
- Update to 1.10.16
Fixes:
* Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "nonce", in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
(fd.o #99828, Simon McVittie) (bsc#1025950)
* Avoid symlink attacks in the "embedded tests", which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie) (bsc#1025951)
* Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "in flight" for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
* Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
Enhancements:
* Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
==== diffutils ====
Version update (3.5 -> 3.5.15)
- Update to a pre-release version (3.5.15):
* remove big-file-performance.patch and gnulib-diffseq.patch
* comment signature source as the release is not officially signed yet
==== ed ====
Version update (1.14 -> 1.14.2)
- Update to version 1.14.2:
* main.c (show_strerror) Revert to using '!scripted' instead of
'verbose' to suppress diagnostics.
* Print counts, messages, '?' and '!' to stdout instead of stderr.
* buffer.c (append_lines): Fixed current address after empty 'i'.
* regex.c (set_subst_regex): Treat missing delimiters consistently.
(extract_replacement): Don't replace 'a' with '%' in 's/a/%'.
Fixed infinite loop with EOF in the middle of a replacement.
Don't accept newlines in replacement in a global command.
Last delimiter can't be omitted if not last in command list.
(search_and_replace): Set current address to last line modified.
* main_loop.c (extract_addresses): Fixed address offsets;
'3 ---- 2' was calculated as -2 instead of 1.
Accept ranges with the first address omitted.
(exec_command): Fixed current address after empty replacement
text in 'c' command.
Don't clear the modified status after writing the buffer to a
shell command. (Reported by J�r�me Frgacic).
(get_command_suffix): Don't allow repeated print suffixes.
(command_s): Accept suffixes in any order.
Don't allow multiple count suffixes.
'sp' now toggles all print suffixes.
(main_loop): Make EOF on stdin behave as a 'q' command.
* ed.texi: Fixed the description of commands 'acegijkmqrsuw'.
Documented that ed allows any combination of print suffixes.
* testsuite: Improved most tests. Simplified bug reporting.
* configure: Avoid warning on some shells when testing for gcc.
* Makefile.in: Detect the existence of install-info.
==== filesystem ====
- Remove /usr/games (finally everything is moved to /usr/bin)
==== geoclue2 ====
Subpackages: typelib-1_0-Geoclue-2_0
- Add geoclue2-permit-Night-Light.patch: Add "Night Light"
functionality to the whitelist (bgo#779343, fdo#100008).
==== google-noto-fonts ====
Version update (20151215 -> 20161025)
Subpackages: google-noto-fonts-doc noto-sans-cjk-fonts noto-sans-fonts
- update to version 20161025
- new: Mono Font
- new: Naskh Arabic Font
- new: Bengali Sans Serif Font
- new: Devanagari Sans Serif Font
- new: Gujarati Sans Serif Font
- new: Gurmukhi Sans Serif Font
- new: Kannada Sans Serif Font
- new: Khmer Sans Serif Font
- new: Lao Sans Serif Font
- new: Malayalam Sans Serif Font
- new: Myanmar Sans Serif Font
- new: Oriya Sans Serif Font
- new: Tamil Sans Serif Font
- new: Telugu Sans Serif Font
- new: Thai Sans Serif Font
- new: Sans UI Font
- new: Bengali Font
- new: Devanagari Font
- new: Gujarati Font
- new: Kannada Font
- new: Malayalam Font
- new: Tamil Font
- new: Telugu Font
- fix generate-specfile.sh:
- handle UI fonts, that do not start with Sans ot Serif
- fix description of fonts, that do not start with Sans ot Serif
- flag sans fonts only, that really deserve it
==== gpsd ====
- Cleanup build/spec file:
* Use .desktop files and PNG icon from tarball
* correct flag to disable stripping (nostrip=True)
==== grep ====
Version update (2.28 -> 3.0)
- Update to version 3.0:
* grep without -F no longer goes awry when given two or more
patterns that contain no special characters other than '\' and
also contain a subpattern like '\.' that escapes a character to
make it ordinary.
* grep no longer fails to build on PCRE versions before 8.20.
- Cleanup spec file:
* Drop support for old distributions
* Create lang subpackage
* Use fdupes to replace duplicate files with symlinks
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen
- Fix for openQA UEFI USB Boot failure with upstream patch (bsc#1026344)
* added 0001-efi-strip-off-final-NULL-from-File-Path-in-grub_efi_.patch
* removed 0001-Revert-efi-properly-terminate-filepath-with-NULL-in-.patch
==== installation-images ====
Version update (14.302 -> 14.304)
- copy the correct modprobe blacklist files to rescue system (bsc#1023023)
- 14.304
- ensure lvm config files are writable
- 14.303
- change tftpboot-installation subpackages to contain product in package name
==== kdelibs4 ====
Subpackages: kdelibs4-core libkde4 libkdecore4 libksuseinstall1
- Add upstream patch to fix kio security issue (boo#1027520)
* kio-sanitize-url-for-proxy.patch
==== libX11 ====
Version update (1.6.4 -> 1.6.5)
Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 libX11-xcb1-32bit
- Update to version 1.6.5:
+ Revert "Compose sequences for rouble sign"
+ specs/libX11: More synopsis fixes
+ specs/libX11: Fix paramdef entries listing multiple parameters
+ specs/libX11: Make paramdef spacing more consistent
+ specs/libX11: Add missing parameter types for XGetWindowProperty()
+ specs/libX11: Fix broken synopsis for Data/Data16/Data32
+ specs/libX11: Update Portability Considerations for the 21st century
+ autogen.sh: use quoted string variables
+ Plug a memory leak
+ Fix wrong Xfree in XListFonts failure path
+ Typos in "Xlib - C Language X Interface" document - Chapter 02
+ autogen: add default patch prefix
+ Compose sequences for rouble sign
+ autogen.sh: use exec instead of waiting for configure to finish
+ Revert cs_CZ.UTF-8 XLC_LOCALE to en_US.UTF-8
- supersedes u_nls-fix-handling-of-cs_CZ.UTF8_locale.patch
==== libpcap ====
Version update (1.7.3 -> 1.8.1)
Subpackages: libpcap1 libpcap1-32bit
- Dropped patches not required after review
* libpcap-1.0.0-pcap-bpf.patch
* libpcap-1.5.2-filter-fix.patch
- Reference of the pull request for the rest of the patches
* https://github.com/the-tcpdump-group/libpcap/issues/196
- Changed libpcap-1.0.0-s390.patch to the git formatted one
- Formatted the specs file using spec-cleaner.
- Allow bluetooth monitoring support unconditionally.
- update to 1.8.1
* Clean up the name-to-DLT mapping table.
* Add some newer DLT_ values:
IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS
* Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue
[#493].
* Filter out duplicate looped back CAN frames.
* Fix the handling of loopback filters for IPv6 packets.
* Add a link-layer header type for RDS (IEC 62106) groups.
* On Linux, handle all CAN captures with pcap-linux.c, in cooked mode.
* Removes the need for the "host-endian" link-layer header type.
* Compile with '-Wused-but-marked-unused' in devel mode if supported
* Have separate DLTs for big-endian and host-endian SocketCAN headers.
* Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)!
* Properly check for sock_recv() errors.
* Re-impose some of Winsock's limitations on sock_recv().
* Replace sprintf() with pcap_snprintf().
* Fix signature of pcap_stats_ex_remote().
* Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag.
* Clean up {DAG, Septel, Myricom SNF}-only builds.
* pcap_create_interface() needs the interface name on Linux.
* Clean up hardware time stamp support: the "any" device does not support any time stamp types.
* Recognize 802.1ad nested VLAN tag in vlan filter.
- dropped libpcap-ocloexec.patch, never upstreamed.
- refreshed libpcap-1.0.0-ppp.patch
==== ncurses ====
Subpackages: libncurses6 libncurses6-32bit ncurses-devel ncurses-utils tack terminfo terminfo-base
- Add ncurses patch 20170218
+ fix several formatting issues with manual pages.
+ correct read of terminfo entry in which all strings are absent or
explicitly cancelled. Before this fix, the result was that all were
treated as only absent.
+ modify infocmp to suppress mixture of absent/cancelled capabilities
that would only show as "NULL, NULL", unless the -q option is used,
e.g., to show "-, @" or "@, -".
- Add ncurses patch 20170212
+ build-fixes for PGI compilers (report by Adam J. Stewart)
+ accept whitespace in sed expression for generating expanded.c
+ modify configure check that g++ compiler warnings are not used.
+ add configure check for -fPIC option needed for shared libraries.
+ let configure --disable-ext-funcs override the default for the
- -enable-sp-funcs option.
+ mark some structs in form/menu/panel libraries as potentially opaque
without modifying API/ABI.
+ add configure option --enable-opaque-curses for ncurses library and
similar options for the other libraries.
- Add ncurses patch 20170204
+ trim newlines, tabs and escaped newlines from terminfo "paths" passed
to db-iterator.
+ ignore zero-length files in db-iterator; these are useful for
instance to suppress "$HOME/.terminfo" when not wanted.
+ amended "b64:" encoder to work with the terminfo reader.
+ modify terminfo reader to accept "b64:" format using RFC-3548 in
as well as RFC-4648 url/filename-safe format.
+ modify terminfo reader to accept "hex:" format as generated by
"infocmp -0qQ1" (cf: 20150905).
+ adjust authors comment to reflect drop below 1% for SV.
==== openssh ====
Subpackages: openssh-helpers
- sshd.service: Set TasksMax=infinity, as there should be
no limit on the amount of tasks sshd can run.
==== os-prober ====
- Fix btrfs 1.74 regression in detection btrfs, the do_unmount has to be
skipped for btrfs as it removes tmp mount point of which btrfs is making
use (bsc#1024196)
* modify os-prober-btrfs-absolute-subvol.patch
* rediff os-prober-btrfs-always-detect-default.patch
==== patterns-openSUSE ====
Subpackages: patterns-openSUSE-apparmor patterns-openSUSE-apparmor_opt patterns-openSUSE-base patterns-openSUSE-books patterns-openSUSE-console patterns-openSUSE-devel_C_C++ patterns-openSUSE-devel_basis patterns-openSUSE-devel_ide patterns-openSUSE-devel_kde patterns-openSUSE-devel_kde_frameworks patterns-openSUSE-devel_kernel patterns-openSUSE-devel_osc_build patterns-openSUSE-devel_perl patterns-openSUSE-devel_python patterns-openSUSE-devel_qt5 patterns-openSUSE-devel_rpm_build patterns-openSUSE-devel_ruby patterns-openSUSE-devel_web patterns-openSUSE-dhcp_dns_server patterns-openSUSE-directory_server patterns-openSUSE-enhanced_base patterns-openSUSE-enhanced_base_opt patterns-openSUSE-file_server patterns-openSUSE-fonts patterns-openSUSE-fonts_opt patterns-openSUSE-games patterns-openSUSE-gateway_server patterns-openSUSE-generic_server patterns-openSUSE-gnome patterns-openSUSE-gnome_admin patterns-openSUSE-gnome_basis patterns-openSUSE-gnome_basis_opt patterns-openSUSE-gnome_game
s patterns-openSUSE-gnome_ide patterns-openSUSE-gnome_imaging patterns-openSUSE-gnome_imaging_opt patterns-openSUSE-gnome_internet patterns-openSUSE-gnome_laptop patterns-openSUSE-gnome_multimedia patterns-openSUSE-gnome_multimedia_opt patterns-openSUSE-gnome_office patterns-openSUSE-gnome_office_opt patterns-openSUSE-gnome_utilities patterns-openSUSE-gnome_yast patterns-openSUSE-imaging patterns-openSUSE-imaging_opt patterns-openSUSE-kde patterns-openSUSE-kde_edutainment patterns-openSUSE-kde_games patterns-openSUSE-kde_ide patterns-openSUSE-kde_imaging patterns-openSUSE-kde_internet patterns-openSUSE-kde_multimedia patterns-openSUSE-kde_office patterns-openSUSE-kde_plasma patterns-openSUSE-kde_telepathy patterns-openSUSE-kde_utilities patterns-openSUSE-kde_utilities_opt patterns-openSUSE-kde_yast patterns-openSUSE-kvm_server patterns-openSUSE-lamp_server patterns-openSUSE-laptop patterns-openSUSE-lxde patterns-openSUSE-lxde_laptop patterns-openSUSE-lxde_office patterns-openSUSE-ma
il_server patterns-openSUSE-minimal_base patterns-openSUSE-minimal_base-conflicts patterns-openSUSE-misc_server patterns-openSUSE-multimedia patterns-openSUSE-multimedia_opt patterns-openSUSE-network_admin patterns-openSUSE-non_oss patterns-openSUSE-non_oss_opt patterns-openSUSE-office patterns-openSUSE-office_opt patterns-openSUSE-print_server patterns-openSUSE-remote_desktop patterns-openSUSE-rest_dvd patterns-openSUSE-sw_management patterns-openSUSE-sw_management_gnome patterns-openSUSE-sw_management_kde patterns-openSUSE-tabletpc patterns-openSUSE-technical_writing patterns-openSUSE-x11 patterns-openSUSE-x11_opt patterns-openSUSE-x11_yast patterns-openSUSE-xen_server patterns-openSUSE-xfce patterns-openSUSE-xfce_basis patterns-openSUSE-xfce_laptop patterns-openSUSE-xfce_office patterns-openSUSE-yast2_basis patterns-openSUSE-yast2_install_wf
- Replace kwrite with kate
- Replace mozilla-kde4-integration with kmozillahelper
==== python-cairo ====
Subpackages: python-cairo-devel
- Add python2-cairo and python2-cairo-devel provides for
compatibility with the new multipython spec file macros.
==== python-gobject2 ====
Subpackages: python-gobject2-devel
- Add python2-gobject2 and python2-gobject2-devel provides for
compatibility with multipython packages.
==== sed ====
Version update (4.3 -> 4.4)
- Update to version 4.4:
* sed could segfault when invoked with specific combination of
newlines in the input and regex pattern.
==== sessreg ====
Version update (1.1.0 -> 1.1.1)
- Update to version 1.1.1:
+ Use off_t instead of long to make largefile support work
+ autogen.sh: use quoted string variables
+ autogen: add default patch prefix
+ autogen.sh: use exec instead of waiting for configure to finish
+ Pass -P to the preprocessor when generating filenames for the manpage.
- supersedes patches:
+ U_Pass-P-to-the-preprocessor-when-generating-filenames.patch
+ u_use-off_t-instead-of-long-to-make-largefile-support-work.patch
==== shadow ====
- useradd: call external program "/sbin/pam_tally2" to reset
failed login counter in "/var/log/tallylog"
(bsc#980486, useradd-clear-tallylog.patch)
==== systemd-presets-branding-openSUSE ====
- Enable socket/service(s) for lvm2 (bsc#1011053)
==== tcl ====
- Reenable testsuite on %arm
- Disable check for s390x for now
==== tcpdump ====
Version update (4.7.4 -> 4.9.0)
- version update to 4.9.0 bsc#1020940
* CVE-2016-7922 The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().
* CVE-2016-7923 The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().
* CVE-2016-7924 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().
* CVE-2016-7925 The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().
* CVE-2016-7926 The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().
* CVE-2016-7927 The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().
* CVE-2016-7928 The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().
* CVE-2016-7929 The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().
* CVE-2016-7930 The LLC parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().
* CVE-2016-7931 The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().
* CVE-2016-7932 The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().
* CVE-2016-7933 The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().
* CVE-2016-7934 The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().
* CVE-2016-7935 The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().
* CVE-2016-7936 The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().
* CVE-2016-7937 The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().
* CVE-2016-7938 The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().
* CVE-2016-7939 The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.
* CVE-2016-7940 The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
* CVE-2016-7973 The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.
* CVE-2016-7974 The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.
* CVE-2016-7975 The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().
* CVE-2016-7983 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
* CVE-2016-7984 The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().
* CVE-2016-7985 The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().
* CVE-2016-7986 The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
* CVE-2016-7992 The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().
* CVE-2016-7993 A bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).
* CVE-2016-8574 The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().
* CVE-2016-8575 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
* CVE-2017-5202 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
* CVE-2017-5203 The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().
* CVE-2017-5204 The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
* CVE-2017-5205 The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().
* CVE-2017-5341 The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().
* CVE-2017-5342 In tcpdump before 4.9.0 a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().
* CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().
* CVE-2017-5483 The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().
* CVE-2017-5484 The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().
* CVE-2017-5485 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
* CVE-2017-5486 The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
- fix filelist to fix build on s390/s390x
- correctly reference SOURCE1 during installation for s390x
- tcpdump 4.7.4:
* PPKI to Router Protocol: Fix Segmentation Faults and other problems
* RPKI to Router Protocol: print strings with fn_printn()
* wb: fix some bounds checks
(previously patched in, removed CVE-2015-3138.patch)
- fix a DoS vulnerability in print-wb.c
CVE-2015-3138 [boo#927637] adding CVE-2015-3138.patch
- update to 4.7.3
- fixes four security bugs:
* CVE-2015-0261 - IPv6 mobility printer (bnc#922220)
* CVE-2015-2153 - tcp printer (bnc#922221)
* CVE-2015-2154 - ethernet printer (bnc#922222)
* CVE-2015-2155 - force printer (bnc#922223)
- drop patches with security fixes (upstream):
* tcpdump-CVE-2014-8767.patch
* tcpdump-CVE-2014-8768.patch
* tcpdump-CVE-2014-8769.patch
* 0001-Clean-up-error-message-printing.patch
- fix CVE-2014-8767 (bnc#905870)
* denial of service in verbose mode using malformed OLSR payload
* added tcpdump-CVE-2014-8767.patch
- fix CVE-2014-8768 (bnc#905871)
* denial of service in verbose mode using malformed Geonet payload
* added tcpdump-CVE-2014-8768.patch
- fix CVE-2014-8769 (bnc#905872)
* unreliable output using malformed AOVD payload
* added tcpdump-CVE-2014-8769.patch
* added 0001-Clean-up-error-message-printing.patch
- tcpdump 4.6.2:
* fix out-of-source-tree builds: find libpcap that is out of source
* better configure check for libsmi
- tcpdump 4.6.1:
* add a short option '#', same as long option '--number'
- includes changes from 4.6.0:
* all of tcpdump is now using the new "NDO" code base
* nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL,
DHCPv6 enhancements/fixes
* M3UA decode added.
* many new test cases: 82 in 4.5.1 to 133 in 4.6.0
* cleaned up some unnecessary header files
* Added bittok2str().
* a number of unaligned access faults fixed
* -A flag does not consider CR to be printable anymore
* fx.lebail took over coverity baby sitting
* default snapshot size increased to 256K for accomodate USB
captures
- includes changes from 4.5.2:
* man page fix
- add build and runtime libpcap minimum version
- remove old patches, thus making package patchless:
tcpdump-4.0.0-prototypes.patch
tcpdump-4.0.0-aliasing.patch
- run spec cleaner on spec file
- remove gpg-offline, now part of source validator
- remove versioned binary
- run regression tests
- update to 4.5.1
Version 4.5.0 revised for non-code related edits
- some NFSv4 fixes for printing
- fix printing of unknown TCP options, and tcp fast-open
- fixes for syslog parser
- some gcc-version-specific flag tuning
- improvements to babel printing
- add OpenFlow 1.0 (no SSL) and test cases
- GeoNet printer.
- added STBC Rx support
- improvements to DHCPv6 decoder
- clarify which autoconf is needed
- Point users to the the-tcpdump-group repository on GitHub rather
than the mcr repository
- Add MSDP printer.
- Fixed IPv6 check on Solaris and other OSes requiring extra
networking libraries.
- Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03),
and add "vxlan" as an option for -T.
- Add support for OTV (draft-hasmit-otv-04).
fixes for DLT_IEEE802_11_RADIO datalink types
- added MPTCP decoder
- verify source signature
- update to 4.4.0
- RPKI-RTR (RFC6810) is now official (TCP Port 323)
- Fix detection of OpenSSL libcrypto.
- Add DNSSL (RFC6106) support.
- Add "radius" as an option for -T.
- Update Action codes for handle_action function according to
802.11s amendment.
- Decode DHCPv6 AFTR-Name option (RFC6334).
- Updates for Babel.
- Fix printing of infinite lifetime in ICMPv6.
- Added support for SPB, SPBM Service Identifier, and Unicast
Address sub-TLV in ISIS.
- Decode RIPv2 authentication up to RFC4822.
- Fix RIP Request/full table decoding issues.
- On Linux systems with cap-ng.h, drop root privileges
using Linux Capabilities.
- Add support for reading multiple files.
- remove tcpdump-4.0.0-uninitialized.patch, it's solved differently
- update to 4.3.0
- fixes for forces: SPARSE data (per RFC 5810)
- some more test cases added
- updates to documentation on -l, -U and -w flags.
- Fix printing of BGP optional headers.
- Tried to include DLT_PFSYNC support, failed due to headers required.
- added TIPC support.
- Fix LLDP Network Policy bit definitions.
- fixes for IGMPv3's Max Response Time: it is in units of 0.1 second.
- SIGUSR1 can be used rather than SIGINFO for stats
- permit -n flag to affect print-ip for protocol numbers
- ND_OPT_ADVINTERVAL is in milliseconds, not seconds
- Teach PPPoE parser about RFC 4638
- update to 4.2.1
- Only build the Babel printer if IPv6 is enabled.
- Support Babel on port 6696 as well as 6697.
- Include ppi.h in release tarball.
- Include all the test files in the release tarball, and don't
"include" test files that no longer exist.
- Don't assume we have