Packages changed: biosdevname breeze5-icons (5.4.3 -> 5.16.0) btrfsprogs dmraid dtc evolution (3.18.2 -> 3.18.3) evolution-data-server (3.18.2 -> 3.18.3) evolution-ews (3.18.2 -> 3.18.3) haveged installation-images-openSUSE (14.210 -> 14.211) kbd kernel-firmware kernel-source (4.3.0 -> 4.3.3) kexec-tools kmod (21 -> 22) ldb (1.1.23 -> 1.1.24) libcacard (2.3.0 -> 2.4.0) libcroco (0.6.9 -> 0.6.10) libgdata (0.17.3 -> 0.17.4) libgpg-error (1.20 -> 1.21) lvm2 mdadm mobile-broadband-provider-info (20150323 -> 20151214) net-snmp p7zip perl-Bootloader (0.900 -> 0.901) pinentry (0.9.6 -> 0.9.7) plymouth qemu (2.3.0 -> 2.4.0) qemu-linux-user (2.3.0 -> 2.4.0) samba (4.3.2 -> 4.3.3) sssd (1.13.1 -> 1.13.2) xen (4.5.1_13 -> 4.6.0_04) xf86-video-nouveau (1.0.11 -> 1.0.12) === Details === ==== biosdevname ==== - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== breeze5-icons ==== Version update (5.4.3 -> 5.16.0) - Added applets.patch: install applet icons (kde#355676)- Mark license as LGPL-3.0 - Add oxygen.diff, certain applications still expect oxygen icons to be present, e.g. kmail ==== btrfsprogs ==== Subpackages: libbtrfs0 - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at post / postun (boo#958562) ==== dmraid ==== - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== dtc ==== - Obsolete old devel package as well- Cleanup spec file with spec-cleaner - Dont include soname version in devel package name ==== evolution ==== Version update (3.18.2 -> 3.18.3) Subpackages: evolution-plugin-bogofilter evolution-plugin-spamassassin - Update to version 3.18.3: + [EActivityBar] Do not remove timeout GSource twice in dispose. + [libgnomecanvas] Drag end not recognized with gtk+ 3.18.x. + [EMailBrowser] Free MessageList on close. + Do not leak a GalView in a GalViewInstance. + Read link/visited-link colors also from the style context flags. + Disable animation of the GtkInfoBar's revealer. + Fix possible memory leak with attachments in message preview. + Ask for a forced quit when a user tries to re-close the window. + Attachment's List View passes mouse events to the parent widget. + Add into appdata/metainfo files. + EAttachment/Store not freed in the message preview panel. + Composer: - Last empty block in pasted content could be inaccessible. - Set GObject's data on history event instead on its data and rename them. - Partially revert previous commit as EHTMLEditorHistoryEvent is not GObject. + EHTMLEditorView: - Add an extra debug message when inserting a new history event. - Fix a link detection when ending a link with the Return key. - Don't leak the WebKitDOMRange object when undoing the Return key press. - New lines could be skipped when parsing the mail content into the composer. - Correctly remove the HISTORY_AND events from history. - Post-process every HISTORY_DELETE event. - After undoing the HISTORY_DELETE operation always re-wrap and re-quote current block. - Don't save history when undoing/redoing a paste of content. - Check if the Backspace or Delete operation can remove anything. - Warning printed on console after pressing Enter and Tabulator. - Don't include non-breaking space while recognizing links. - Links could not be recognized after deleting them and later undoing it. - Caret is put on wrong place when pasting into quoted content. - Don't include non-breaking space while recognizing links. - Don't check for links if we cannot obtain valid block. - Undoing and redoing Return press in the beginning of citation is wrong. - 'Paste Quotation' action in HTML mode is not setting the caret to the right position. - Replace the preedit-* signals with compositionstart and compositionend HTML events. - Rename variables and functions to more reflect previous change. - Note a type of DOMRange comparison in comment. + EHTMLEditorSelection: - Remove previously inserted BR if correcting wrapping around selection markers. - Editor is not marked as changed after doing paste action. + EMailPrinter: Clean the unused variables. + Bugs fixed: bgo#757658, bgo#598037, bgo#692713, bgo#744859, bgo#241050, bgo#710761, bgo#758015, bgo#757887, bgo#758191, bgo#758152, bgo#758650, bgo#758665, bgo#752543, bgo#758827, bgo#758827, bgo#758851, bgo#758846, bgo#758849, bgo#758747, bgo#757939, bgo#759046, bgo#759337, bgo#749712. ==== evolution-data-server ==== Version update (3.18.2 -> 3.18.3) Subpackages: evolution-data-server-devel libcamel-1_2-54 libebackend-1_2-10 libebook-1_2-16 libebook-contacts-1_2-2 libecal-1_2-19 libedata-book-1_2-25 libedata-cal-1_2-28 libedataserver-1_2-21 libedataserverui-1_2-1 typelib-1_0-EBook-1_2 typelib-1_0-EBookContacts-1_2 typelib-1_0-EDataServer-1_2 - Update to version 3.18.3: + [Camel] Check for session existence in store/folder maybe_connect. + [IMAPx] Doesn't ask for password when a wrong is entered. + [POP3] Avoid deadlock around pop3_folder_get_message_sync(). + [ECacheReaper] Recover data for private folders. + Correct test-vcard-parsing, use unique test names. + Bugs fixed: bgo#757789, bgo#702127, bgo#746675. ==== evolution-ews ==== Version update (3.18.2 -> 3.18.3) Subpackages: evolution-ews-lang libeews-1_2-0 libewsutils0 - Update to version 3.18.3: + [Camel] Fill message From header if missing in received MIME content. + Add into a metainfo file. + Bugs fixed: bgo#758375. ==== haveged ==== Subpackages: libhavege1 - Fix missing dependency on coreutils for initrd macros (boo#958562) ==== installation-images-openSUSE ==== Version update (14.210 -> 14.211) - adjust module config - add xen kernel/initrd links for compat - 14.211 ==== kbd ==== Subpackages: kbd-legacy - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== kernel-firmware ==== Subpackages: ucode-amd - Fix dependencies for initrd macros (boo#958562) - Fix missing dependency for ucode-amd, too (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== kernel-source ==== Version update (4.3.0 -> 4.3.3) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - drm/i915: Do a better job at disabling primary plane in the noatomic case (bnc#954137). - commit db72752- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439). - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439). - ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439). - commit 7b4772e- Linux 4.3.3. - commit 0baa1c7- Linux 4.3.2 (bsc#954414). - Delete patches.fixes/0001-X.509-Fix-the-time-validation-ver-2.patch. - commit 2aebb11- Linux 4.3.1. - commit 0e3e409- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504). - commit 6945bb0- Refresh patches.suse/stack-unwind. Use the fix from master. - commit d3f999c- Refresh patches.suse/stack-unwind. Add missing put_cpu() in case dwarf unwinder succeeds (bnc#943107) - commit 60ce178- thinkpad_acpi: Don't yell on unsupported brightness interfaces (boo#957152). - commit 0e6e680- drm/i915: Don't override output type for DDI HDMI (boo#955190). - drm/i915: Don't compare has_drrs strictly in pipe config (bsc#956397). - commit bce32fe- Delete patches.fixes/bridge-module-get-put.patch. As discussed in http://lists.opensuse.org/opensuse-kernel/2015-11/msg00046.html - commit 91e30a7- Enable pvops Xen for x86_64/vanilla as well i386/vanilla is left as is for now, because it matches the non-pae - default kernel which does not support Xen either. - commit 6a48ac7- ethernet/atheros/alx: add Killer E2400 device ID (boo#955363). - commit 66773be- XEN: Use the PVOPS kernel (fate#315712) Merge the -pv configs into -default (-pae on i386) and -debug and drop the -xen flavor and the associated patches.xen series. For a transitional period, the -xen flavor will be maintained in a separate branch as a reference. - commit ff1dcd9- X.509: Fix the time validation [ver #2] (bsc#954414). - commit 6b3b033- Update config files. Enable CRASHER on s390x to be the same as in all other configs. - commit 71162f2- Rename patches.suse/crasher-26.diff to patches.suse/crasher.patch It is no longer anything for 2.6 :). - commit d407cb2- Refresh patches.suse/crasher.patch See the patch to see what the update consists of. - commit 57989db ==== kexec-tools ==== - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== kmod ==== Version update (21 -> 22) Subpackages: kmod-compat libkmod2 - Update to new upstream release 22 * support `insmod -f` * depmod: do not fall back to uname on bad version ==== ldb ==== Version update (1.1.23 -> 1.1.24) Subpackages: libldb1 libldb1-32bit - Update to 1.1.24. + fix LDAP \00 search expression attack DoS; CVE-2015-3223; (bso#11325) + fix remote read memory exploit in LDB; CVE-2015-5330; (bso#11599) + move ldb_(un)pack_data into ldb_module.h for testing + fix installation of _ldb_text.py + fix propagation of LDB errors through TDB + fix bug triggered by having an empty message in database during search ==== libcacard ==== Version update (2.3.0 -> 2.4.0) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches added: 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches added: 0039-tests-Unique-test-path-for-string-v.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches added: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch ==== libcroco ==== Version update (0.6.9 -> 0.6.10) - Update to version 0.6.10: + Misc bug fixes. ==== libgdata ==== Version update (0.17.3 -> 0.17.4) Subpackages: libgdata-devel libgdata22 typelib-1_0-GData-0_0 - Update to version 0.17.4: + Major changes: - Download stream data corruption fixes and fixes to content length calculation. - Fix symbol exporting on OS X. - Fix copying and deleting documents in Google Drive. - Fix folder creation in Google Drive. - Fix metadata-only uploads in Google Drive. - Fix searching by title in Google Drive. + API changes: Remove a couple of incorrect GIR annotations. + Bugs fixed: bgo#755976, bgo#754821, bgo#758119, bgo#684920, bgo#758524. + Updated translations. ==== libgpg-error ==== Version update (1.20 -> 1.21) Subpackages: libgpg-error-devel libgpg-error0 libgpg-error0-32bit - update to 1.21: * New functions gpgrt_poll and gpgrt_set_nonblock. For now only pipes and sockets on Unix are supported. * Interface changes relative to the 1.20 release: gpgrt_set_nonblock NEW. gpgrt_get_nonblock NEW. gpgrt_poll NEW. gpgrt_poll_t NEW type. es_poll_t NEW type. es_set_nonblock NEW macro. es_get_nonblock NEW macro. es_poll NEW macro. GPG_ERR_TRUE NEW. GPG_ERR_FALSE NEW. GPG_ERR_NO_NAME NEW. GPG_ERR_NO_KEY NEW. GPG_ERR_SERVER_FAILED NEW. ==== lvm2 ==== Subpackages: device-mapper device-mapper-32bit - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562)- Re-add lvm2-do-not-strip-pdata_tools.patch: this is still needed. ==== mdadm ==== - Add missing pre-requres for initrd macros (boo#958562) ==== mobile-broadband-provider-info ==== Version update (20150323 -> 20151214) - Update to version 20151214: + cl: add APNs for Virgin Mobile, VTR Movil and Nextel (bgo#677596). + sv: fix wrong MNC for El Salvador Claro 706:01 + no: new default APN for Telenor Norway + gb: - move "Asda Mobile" after "Vodafone" - move "giffgaff" after "O2" + ca: add Canadian provider SaskTel Mobility's GSM network + ad: add Andorra Telecom provider + mm: add Ooredoo and Telenor for Myanmar (bgo#694073). + at: add Austria "HoT" provider (MVNO on T-Mobile) (bgo#757626). ==== net-snmp ==== - Request pkgconfig(libssl) instead of openssl-devel to support using LibreSSL as well.- update to upstream version 5.7.3 - remove patch that is now present in the upstream release: * net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch - rename patches to new version number 5.7.3: delete: * net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch * net-snmp-5.7.2-net-snmp-config-headercheck.patch * net-snmp-5.7.2-perl-tk-warning.patch * net-snmp-5.7.2-pie.patch * net-snmp-5.7.2-socket-path.patch * net-snmp-5.7.2-testing-empty-arptable.patch * net-snmp-5.7.2-velocity-mib.patch add: * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch * net-snmp-5.7.3-net-snmp-config-headercheck.patch * net-snmp-5.7.3-perl-tk-warning.patch * net-snmp-5.7.3-pie.patch * net-snmp-5.7.3-socket-path.patch * net-snmp-5.7.3-testing-empty-arptable.patch * net-snmp-5.7.3-velocity-mib.patch - add build requirement 'procps' to fix a net-snmp-config error (bsc#935863) - enable DTLS and TLS support (FATE#318789) new binary 'snmptls' was added - add support for hostname netgroups (FATE#316305) '@hostgroup' can be specified for multiple hosts * net-snmp-5.7.3-netgroups.patch - suppress network statistics output in snmpstatus (FATE#316289) '-Sn' don't print any info about the network '-Si' don't print the operational status of network interfaces * net-snmp-5.7.3-snmpstatus-suppress-output.patch- also stop snmptrapd on removal- update to upstream version 5.7.3.pre5 - remove patches that are now present in the upstream release: * net-snmp-5.7.2-build-fix-for-strlcat.patch * net-snmp-5.7.2-fix-mib-representation-of-timeout-values.patch * net-snmp-5.7.2-fix-perl-trap-handler.patch - net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch: refresh and add patch header- added net-snmp-5.7.2-fix-snmptrapd-remote-denial-of-service.patch: fix remote denial of service problem inside snmptrapd when started with the "-OQ" option (CVE-2014-3565)(bnc#894361) - added net-snmp-5.7.2-fix-perl-trap-handler.patch: fix potential remote denial of service problem inside the snmptrapd Perl trap handler (CVE-2014-2285)(bnc#866942)- merge some old fixes from SLE 11: * init script should provide snmpd. (bnc#466805) * stop all snmp agents when stopping the daemon. (bnc#473328)- recompress .tar.gz - it has trailing garbage, hope we can readd source url on next update- update to upstream version 5.7.2.1, fixing one security issue: * A denial of service attack vector was discovered on the Linux implementation of the ICMP-MIB. (CVE-2014-2284, bnc#866942)- net-snmp-5.7.2-fix-mib-representation-of-timeout-values.patch: fix mib representation of timeout values (bnc#833153)- use _rundir macro- remove old workaround for ppc/ppc64 migrations which is no longer needed (bnc#437293)- add support for python bindings- improve snmptrapd init script (avoid to overwrite the logfile on restart)- Disable parallelism during build. The dependencies between the Perl module and libnetsnmp are not defined correctly and might result in broken linkage (bnc#819497, bnc#818907)- Add Source URL, see https://en.opensuse.org/SourceUrls- net-snmp-5.7.2-build-fix-for-strlcat.patch: fix exported strlcat() prototype that could conflict with other packages (bnc#793548)- update to version 5.7.2: several bug fixes in the agent, client utilities and libraries. The CHANGES file shipped with the package contains a comprehensive list of fixes and improvements - rebase patches to apply cleanly: * net-snmp-5.7.2-perl-tk-warning.patch * net-snmp-5.7.2-socket-path.patch * net-snmp-5.7.2-testing-empty-arptable.patch * net-snmp-5.7.2-pie.patch * net-snmp-5.7.2-velocity-mib.patch * net-snmp-5.7.2-fix-snmpd-crashing-when-an-agentx-disconnects.patch - remove patches that are now present in the upstream release: * net-snmp-5.7.0-recognize-reiserfs.patch * net-snmp-5.7.1-snmplib-zero-timeout.patch * net-snmp-5.7.1-old-api-double-free.patch * net-snmp-5.7.1-use-pclose-to-close-pipes.patch * net-snmp-5.7.1-fix-handling-of-large-filesystems.patch * net-snmp-5.7.1-snmplib-default-retries.patch * net-snmp-5.7.1-fsys-memory-leak.patch * net-snmp-5.7.1-adjust-copyright-in-agent-txt-file.patch * net-snmp-5.7.1-recognize-ocfs2.patch * net-snmp-5.7.1-properly-clean-up-old-requests-in-subagents.patch * net-snmp-5.7.1-reduce-code-duplication-in-agentx.patch * net-snmp-5.7.1-log-agentx-disconnections.patch * net-snmp-5.7.1-more-robust-handling-of-agentx-errors.patch * net-snmp-5.7.1-report-problems-with-setundo-processing.patch * net-snmp-5.7.1-fix-array-index-error.patch- Remove redundant sections from specfile - Avoid shipping .la files- fix array index error that could lead to a crash (CVE-2012-2141) (bnc#759352)- fix agent crash when reloading a subagent (AgentX) during a query (bnc#670789)- add OCFS2 to the list of known file systems- update copyright notice of AGENT.txt allowing us to redistribute the file in our package (from Dave Shield) (bnc#750704)- fix license to be in spdx.org format- logrotate: use "reload" instead of "try-restart" to avoid an unnecessary stop/start cycle in the agent (bnc#707636)- net-snmp-5.7.1-fsys-memory-leak.patch: fix a memory leak in agent/mibgroup/hardware/fsys (bnc#725766) - net-snmp-5.7.1-snmplib-default-retries.patch: change default number of retries back from 0 to 5 (bnc#725766) - net-snmp-5.7.1-fix-handling-of-large-filesystems.patch: fix bug in handling large (>8TB) filesystems (bnc#725766) - net-snmp-5.7.1-use-pclose-to-close-pipes.patch: use pclose() instead of fclose() to close a pipe (bnc#725766) - net-snmp-5.7.1-old-api-double-free.patch: agent: avoid double free when netsnmp_register_old_api() fails (bnc#725766) - net-snmp-5.7.1-snmplib-zero-timeout.patch: snmplib: avoid waiting indefinitely if a session has timeout zero (bnc#725766)- update to version 5.7.1: minor release including some bug fixes- enable net-snmp-devel on all baselib architectures- make sure all delegated requests are removed before closing an AgentX session (bnc#670789)- update to version 5.7.1.rc1 but keep package version as 5.7.1 to avoid update problems when the final version is released- small fixes to snmpd and snmptrapd init scripts: - if $SNMPD_LOGLEVEL is not defined, use LOG_NOTICE instead of LOG_DEBUG - improve messages printed and service description - write snmptrapd logs to /var/log/net-snmpd.log- update README.SUSE to reflect some recent changes and drop a bit of outdated information - update baselibs to reflect new library version - spec file cleanup: rename some source files for consistency- add ReiserFS to the list of known file systems (bnc#715199)- install snmptrapd init script by default (bnc#712175)- fix logging option in snmptrapd init script (bnc#712174)- update upstream patches from branch V5-7-patches to 20110714- update to version 5.7: new features and lots of bug fixes - remove patches that are no longer needed: net-snmp-5.6.0-enable-hrh-filesys.patch net-snmp-5.6.1-recognize-jfs-and-xfs.patch net-snmp-5.6.1-rpm490.patch - refresh and rename patches to apply cleanly after update: net-snmp-5.7.0-pie.patch net-snmp-5.7.0-velocity-mib.patch- switch from rpmdb to rpmts to support rpm-4.9.0- update upstream patches from branch V5-6-patches to 20110512- add JFS and XFS to the list of known file systems (bnc#687327)- update upstream patches from branch V5-6-patches to 20110328- fix libsnmp version in baselibs.conf- update to version 5.6.1: new features and lots of bug fixes - update upstream patches from branch V5-6-patches to 20110104 - remove patches that are no longer needed: net-snmp-5.6.0-ethtool-speed.patch- remove /var/adm/perl-modules/net-snmp from the Perl module- update upstream patches from branch V5-6-patches to 20101129 - spec file cleanup: upstream uses -fno-strict-aliasing by default now - remove patches that are no longer needed: net-snmp-5.5.0-rpmdb-h-detect.patch net-snmp-5.6.0-vendorperl.patch- if-mib: add support for more speeds with ethtool (bnc#650558)- update upstream patches from branch V5-6-patches to 20101101, fixing a segmentation fault on shutdown (bnc#650282)- enable new implementation of hrStorage and hrFilesys to fix persistent indexes in FS and Storage tables (bnc#648364)- update upstream patches from branch V5-6-patches to 20101021- update to version 5.6: new features and lots of bug fixes - refresh and rename patches to apply cleanly after update: net-snmp-5.6.0-pie.patch net-snmp-5.6.0-vendorperl.patch net-snmp-5.6.0-net-snmp-config-headercheck.patch- update upstream patches from branch V5-5-patches to 20100803- change default log level from DEBUG to NOTICE (bnc#623497)- spec file cleanup: remove old backward compatibility scripts- update upstream patches from branch V5-5-patches to 20100602: fixed potential buffer overflow in parsing OIDs in config files- update upstream patches from branch V5-5-patches to 20100531 - add net-snmp-5.5.0-rpmdb-h-detect.patch: workaround for autoconf failing to detect rpm/rpmdb.h - remove patches that are no longer needed: net-snmp-5.5.0-use-lmsensors-v3.patch- create /var/run/agentx during startup to support systems that mount /var/run as tmpfs- update libsnmp package name to reflect the library version we are currently shipping - remove patches that are obsolete: net-snmp-5.4.rc2-versinfo.diff net-snmp-5.4.2_snmpconf-selinux.patch - refresh all patches to apply as "-p1" - spec file cleanup: remove conditionals to build on unsupported versions of the distribution- update upstream patches from branch V5-5-patches to 20100428- add net-snmp-5.5.0_upstream-20100405.patch: merge all patches committed to upstream branch V5-5-patches - remove patches that are now upstream: net-snmp-5.4.2_audit.patch net-snmp-5.5.0_autoconf.patch net-snmp-5.4.2_overflow.patch net-snmp-5.4.2.1-rpm4.7.patch net-snmp-5.5.0_gcc45.patch- Fix strncat properly (from Andreas Jaeger)- Fix code errors found by gcc 4.5- build for libsensors4 instead of libsensors3- remove sparcv9-specific baselib exceptions (not needed)- remove net-snmp-5.4.1.2-rmon-mib-revised_3.patch from sources (upstream since 5.5) - refresh net-snmp-5.5.0_autoconf.patch - spec file cleanup: update package description- update to version 5.5: new features and lots of bug fixes, including: - fix hrSWRunPath for processes other than init (bnc#486270) - remove patches that are now upstream: Add-Default-Router-Table-support.patch Add-ICMP-Statistics-Tables-support.patch Add-IPv6-Scope-Zone-Index.patch Add-IPv6-support-on-Internet-Address-Translation-Tab.patch Fix-for-IPv6-Interface-Table.patch Fix-for-Internet-Address-Prefix-Table.patch Fix-for-Internet-Address-Table.patch Fix-for-tcpConnnectionTable-tcpListenerTable-udpEn.patch Improve-IP-Statistics-tables.patch net-snmp-5.3.0.1_trap-agent-addr_v2.patch net-snmp-5.4.1.2-etherlike-mib-revised_4.patch net-snmp-5.4.x_embedded_perl_error_message.patch- add baselibs.conf as a source - add baselib defs for SPARC- Fix build with rpm 4.7 (net-snmp-5.4.2.1-rpm4.7.patch)- make patch0 usage consistent ==== p7zip ==== - Enable PIE & LD_BIND_NOW security features - Package all the text documentation ==== perl-Bootloader ==== Version update (0.900 -> 0.901) Subpackages: perl-Bootloader-YAML - Add initial implementation of uboot/config script - 0.901 ==== pinentry ==== Version update (0.9.6 -> 0.9.7) Subpackages: pinentry-gtk2 pinentry-qt4 - pinentry 0.9.7: * Fix regressions in the Qt pinentry. (previsouly patched, removed pinentry-qt4-fix-qstring-conversion.patch) * Fix minor problems pinnetyr-tty. * New option --invisible-char. ==== plymouth ==== Subpackages: libply-boot-client2 libply-splash-core2 libply-splash-graphics2 libply2 plymouth-dracut plymouth-plugin-label plymouth-plugin-script plymouth-scripts - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) ==== qemu ==== Version update (2.3.0 -> 2.4.0) Subpackages: qemu-arm qemu-block-curl qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Fix testsuite on 32bit systems (bsc#957379)- Fix SLE11 build by fixing systemd conditionalization (from olh)- Add systemd unit file and udev rules for qemu guest agent - taken from the SLE12 / Leap package, see boo#955707- Add _constraints file (based on work by kenljohnson)- Enable SLOF build for ppc64le, too, now (bsc#949000, bsc#949016)- Allow building SLOF on ppc64le (bsc#949016) SLOF_ppc64le.patch - Add two checks for DictZip and tar qemu-img behavior (bsc#945778) * Clean up qemu-testsuite build/installation- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix endianness issues in DictZip block driver (bsc#937572, bsc#945778) 0027-block-Add-support-for-DictZip-enabl.patch 0028-block-Add-tar-container-format.patch 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix qemu-testsuite for glib2-2.46.0 by assuring uniqueness of paths 0039-tests-Unique-test-path-for-string-v.patch- Build SLOF on ppc64 (bsc#949016, thanks to k0da) * Simplify x86 fw logic while at it - No need to enable KVM for armv6hl - Add notice about pre_checkin.sh to update_git.sh- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4 * Provide qemu-img symlink instead of passing QTEST_QEMU_IMG- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch * Package new vgabios-virtio.bin * target-x86_64.conf was dropped * Add qemu-block-dmg module sub-package * Set QTEST_QEMU_IMG variable for ahci-test * --enable-quorum and --enable-vnc-ws are no longer available ==== qemu-linux-user ==== Version update (2.3.0 -> 2.4.0) - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches added: 0040-dictzip-Fix-on-big-endian-systems.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches added: 0039-tests-Unique-test-path-for-string-v.patch- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Fix aarch64 TCG: 0038-tcg-aarch64-Fix-tcg_out_qemu_-ld-st.patch- Update to v2.4.0: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc2: See http://wiki.qemu-project.org/ChangeLog/2.4- Update to v2.4.0-rc1: See http://wiki.qemu-project.org/ChangeLog/2.4 * Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.4 * Patches dropped: 0037-linux-user-Allocate-thunk-size-dyna.patch 0039-s390x-Fix-stoc-direction.patch 0040-s390x-Add-interlocked-access-facili.patch 0041-fdc-force-the-fifo-access-to-be-in-.patch 0042-rules.mak-Force-CFLAGS-for-all-obje.patch 0043-qcow2-Set-MIN_L2_CACHE_SIZE-to-2.patch 0044-hw-arm-boot-Increase-fdt-alignment.patch * Patches renamed: 0038-Revert-Revert-seccomp-tests-that-al.patch -> 0037-Revert-Revert-seccomp-tests-that-al.patch ==== samba ==== Version update (4.3.2 -> 4.3.3) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libgensec0 libgensec0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libregistry0 libsamba-credentials0 libsamba-credentials0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient-raw0 libsmbclient-raw0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585). ==== sssd ==== Version update (1.13.1 -> 1.13.2) Subpackages: libnfsidmap-sss libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Update to new upstream release 1.13.2 * Initial support for Smart Card authentication was added. * The PAM prompting was enhanced so that when Two-Factor Authentication is used, both factors (password and token) can be entered separately on separate prompts. * This release supports authenticating againt a KDC proxy. ==== xen ==== Version update (4.5.1_13 -> 4.6.0_04) Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - fate#315712: XEN: Use the PVOPS kernel Turn off building the KMPs now that we are using the pvops kernel xen.spec- Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch- Use upstream variants of block-iscsi and block-nbd- Remove xenalyze.hg, its part of xen-4.6- Update to Xen Version 4.6.0 xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch 5576f143-x86-adjust-PV-I-O-emulation-functions-types.patch 55795a52-x86-vMSI-X-support-qword-MMIO-access.patch 557eb55f-gnttab-per-active-entry-locking.patch 557eb5b6-gnttab-introduce-maptrack-lock.patch 557eb620-gnttab-make-the-grant-table-lock-a-read-write-lock.patch 557ffab8-evtchn-factor-out-freeing-an-event-channel.patch 5582bf43-evtchn-simplify-port_is_valid.patch 5582bf81-evtchn-remove-the-locking-when-unmasking-an-event-channel.patch 5583d9c5-x86-MSI-X-cleanup.patch 5583da09-x86-MSI-track-host-and-guest-masking-separately.patch 5583da64-gnttab-use-per-VCPU-maptrack-free-lists.patch 5583da8c-gnttab-steal-maptrack-entries-from-other-VCPUs.patch 5587d711-evtchn-clear-xen_consumer-when-clearing-state.patch 5587d779-evtchn-defer-freeing-struct-evtchn-s-until-evtchn_destroy_final.patch 5587d7b7-evtchn-use-a-per-event-channel-lock-for-sending-events.patch 5587d7e2-evtchn-pad-struct-evtchn-to-64-bytes.patch 55b0a218-x86-PCI-CFG-write-intercept.patch 55b0a255-x86-MSI-X-maskall.patch 55b0a283-x86-MSI-X-teardown.patch 55b0a2ab-x86-MSI-X-enable.patch blktapctrl-close-fifos.patch blktapctrl-default-to-ioemu.patch blktapctrl-disable-debug-printf.patch blktap-no-uninit.patch blktap-pv-cdrom.patch build-tapdisk-ioemu.patch ioemu-bdrv-open-CACHE_WB.patch ioemu-blktap-barriers.patch ioemu-blktap-fv-init.patch ioemu-blktap-image-format.patch ioemu-blktap-zero-size.patch libxl.set-migration-constraints-from-cmdline.patch local_attach_support_for_phy.patch pci-attach-fix.patch qemu-xen-upstream-megasas-buildtime.patch tapdisk-ioemu-logfile.patch tapdisk-ioemu-shutdown-fix.patch udev-rules.patch xen.build-compare.ipxe.patch xen.build-compare.mini-os.patch xen.build-compare.smbiosdate.patch xen.build-compare.vgabios.patch xen.build-compare.xen_compile_h.patch xl-coredump-file-location.patch- bsc#954405 - VUL-0: CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in microcode via #DB exception - bsc#954018 - VUL-0: CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156) CVE-2015-5307-xsa156.patch- Update to Xen 4.5.2 xen-4.5.2-testing-src.tar.bz2 - Drop the following xen-4.5.1-testing-src.tar.bz2 552d0f49-x86-traps-identify-the-vcpu-in-context-when-dumping-regs.patch 5576f178-kexec-add-more-pages-to-v1-environment.patch 55780be1-x86-EFI-adjust-EFI_MEMORY_WP-handling-for-spec-version-2.5.patch 558bfaa0-x86-traps-avoid-using-current-too-early.patch 5592a116-nested-EPT-fix-the-handling-of-nested-EPT.patch 559b9dd6-x86-p2m-ept-don-t-unmap-in-use-EPT-pagetable.patch 559bc633-x86-cpupool-clear-proper-cpu_valid-bit-on-CPU-teardown.patch 559bc64e-credit1-properly-deal-with-CPUs-not-in-any-pool.patch 559bc87f-x86-hvmloader-avoid-data-corruption-with-xenstore-rw.patch 559bdde5-pull-in-latest-linux-earlycpio.patch 55a62eb0-xl-correct-handling-of-extra_config-in-main_cpupoolcreate.patch 55a66a1e-make-rangeset_report_ranges-report-all-ranges.patch 55a77e4f-dmar-device-scope-mem-leak-fix.patch 55c1d83d-x86-gdt-Drop-write-only-xalloc-d-array.patch 55c3232b-x86-mm-Make-hap-shadow-teardown-preemptible.patch 55dc78e9-x86-amd_ucode-skip-updates-for-final-levels.patch 55df2f76-IOMMU-skip-domains-without-page-tables-when-dumping.patch 55e43fd8-x86-NUMA-fix-setup_node.patch 55e43ff8-x86-NUMA-don-t-account-hotplug-regions.patch 55e593f1-x86-NUMA-make-init_node_heap-respect-Xen-heap-limit.patch 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch CVE-2015-4106-xsa131-9.patch CVE-2015-3259-xsa137.patch CVE-2015-7311-xsa142.patch CVE-2015-7835-xsa148.patch xsa139-qemuu.patch xsa140-qemuu-1.patch xsa140-qemuu-2.patch xsa140-qemuu-3.patch xsa140-qemuu-4.patch xsa140-qemuu-5.patch xsa140-qemuu-6.patch xsa140-qemuu-7.patch xsa140-qemut-1.patch xsa140-qemut-2.patch xsa140-qemut-3.patch xsa140-qemut-4.patch xsa140-qemut-5.patch xsa140-qemut-6.patch xsa140-qemut-7.patch xsa151.patch xsa152.patch xsa153-libxl.patch CVE-2015-5154-qemuu-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemuu-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemuu-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-5154-qemut-check-array-bounds-before-writing-to-io_buffer.patch CVE-2015-5154-qemut-fix-START-STOP-UNIT-command-completion.patch CVE-2015-5154-qemut-clear-DRQ-after-handling-all-expected-accesses.patch CVE-2015-6815-qemuu-e1000-fix-infinite-loop.patch CVE-2015-6815-qemut-e1000-fix-infinite-loop.patch CVE-2015-5239-qemuu-limit-client_cut_text-msg-payload-size.patch CVE-2015-5239-qemut-limit-client_cut_text-msg-payload-size.patch"- bsc#950704 - CVE-2015-7970 VUL-1: xen: x86: Long latency populate-on-demand operation is not preemptible (XSA-150) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch ==== xf86-video-nouveau ==== Version update (1.0.11 -> 1.0.12) - Update to version 1.0.12 * New nouveau DDX release Packages removed: kernel-pv-devel > kernel-xen-devel xen-kmp-default Packages added: qemu-block-dmg