Packages changed: Mesa appstream-glib calligra (2.9.10 -> 2.9.11) http-parser hyphen jasper konsole libnettle (3.1.1 -> 3.2) libpsl libsolv (0.6.17 -> 0.6.18) libzypp (15.21.0 -> 15.21.1) obs-service-format_spec_file (20150904 -> 20160202) sensors xen (4.6.0_06 -> 4.6.0_08) yast2-core (3.1.19 -> 3.1.21) yast2-network (3.1.140 -> 3.1.142) yast2-update (3.1.34 -> 3.1.35) zypper (1.12.29 -> 1.12.31) === Details === ==== Mesa ==== Subpackages: Mesa-32bit Mesa-devel Mesa-dri-devel Mesa-libEGL-devel Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL-devel Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv1_CM-devel Mesa-libGLESv1_CM1 Mesa-libGLESv2-2 Mesa-libGLESv2-devel Mesa-libglapi-devel Mesa-libglapi0 Mesa-libglapi0-32bit Mesa-libva libOSMesa-devel libOSMesa9 libOSMesa9-32bit libgbm-devel libgbm1 libgbm1-32bit libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libwayland-egl-devel libwayland-egl1 libxatracker2 - Add U_clover-Fix-build-against-LLVM-3.8.patch to fix build against llvm 3.8 ==== appstream-glib ==== Subpackages: libappstream-builder8 libappstream-glib8 - openSUSE-appstream-process: fix very stupid typo. 4 eyes is not enough. ==== calligra ==== Version update (2.9.10 -> 2.9.11) Subpackages: calligra-extras-dolphin calligra-extras-okular calligra-stage calligra-words-common - Update to 2.9.11 * Bugfix release, for more details please see https://www.calligra.org/news/calligra-2-9-11-released/ - Don't build with kdepimlibs4 on Tumbleweed. We have switched to using Frameworks based PIM, which is no longer compatible ==== http-parser ==== - Add baselibs.conf as source, in order to build libhttp-parser-suse0 32-bit compatability lib. ==== hyphen ==== - Add baselibs.conf as source, in order to build libhyphen0 32-bit compatability lib. ==== jasper ==== Subpackages: libjasper-devel libjasper1 libjasper1-32bit - Modified patch * jasper-CVE-2016-2089.patch + Use the new version of patch from https://bugzilla.redhat.com/show_bug.cgi?id=1302636 with more targetted checks. - Version the Obsoletes/Provides so that the package does not obsolete itself - Add jasper-CVE-2016-2089.patch * CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip() function (bsc#963983) ==== konsole ==== Subpackages: konsole-part - Add allow-certain-variable-width-fonts.patch: resolve no characters are shown on Chinese and Japanese environment (boo#962239) * For some monospaced fonts with ligatures or the ambiguous-width problem, QFontInfo::fixedPitch does not return true. When such font is selected for "Monospace", Konsole did not print anything. - Add fix-profile-terminal-size.patch: allow profile's terminal size to work again (boo#964165, kde#345403) ==== libnettle ==== Version update (3.1.1 -> 3.2) Subpackages: libhogweed4 libhogweed4-32bit libnettle-devel libnettle6 libnettle6-32bit - Version update to 3.2 release bnc#964849 CVE-2015-8805 bnc#964847 CVE-2015-8804 bnc#964845 CVE-2015-8803: * New functions for RSA private key operations, identified by the "_tr" suffix, with better resistance to side channel attacks and to hardware or software failures which could break the CRT optimization * SHA3 implementation is updated according to the FIPS 202 standard * New ARM Neon implementation of the chacha stream cipher * Should be compatible binary with 3.1 series - Add patch to fix build with cflags: * nettle-respect-cflags.patch ==== libpsl ==== - Add baselibs.conf ==== libsolv ==== Version update (0.6.17 -> 0.6.18) Subpackages: libsolv-devel libsolv-tools perl-solv python-solv - fix rule generation for linked packages [bnc#961738] - add hash method in bindings for some classes - bump version to 0.6.18 ==== libzypp ==== Version update (15.21.0 -> 15.21.1) - Don't buildrequire graphviz-gnome (bsc#964150) - Unwanted btrfs subvolumes must be filtered by device (not fsid) (fixes #54) - version 15.21.1 (19) ==== obs-service-format_spec_file ==== Version update (20150904 -> 20160202) - update licenses ==== sensors ==== Subpackages: libsensors4 libsensors4-32bit libsensors4-devel - lm_sensors-3.4.0-sensord-service-extra-args.patch: Allow passing arbitrary extra arguments to sensord. ==== xen ==== Version update (4.6.0_06 -> 4.6.0_08) Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - bsc#963783 - VUL-1: CVE-2016-1981: xen: net: e1000 infinite loop in start_xmit and e1000_receive_iov routines CVE-2016-1981-qemuu-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch CVE-2016-1981-qemut-e1000-eliminate-infinite-loops-on-out-of-bounds-transfer.patch - bsc#962758 - VUL-0: CVE-2013-4539: xen: tsc210x: buffer overrun on invalid state load CVE-2013-4539-qemut-tsc210x-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962632 - VUL-0: CVE-2015-1779: xen: vnc: insufficient resource limiting in VNC websockets decoder CVE-2015-1779-qemuu-limit-size-of-HTTP-headers-from-websockets-clients.patch CVE-2015-1779-qemuu-incrementally-decode-websocket-frames.patch - bsc#962642 - VUL-0: CVE-2013-4537: xen: ssi-sd: buffer overrun on invalid state load CVE-2013-4537-qemut-ssi-sd-fix-buffer-overrun-on-invalid-state-load.patch - bsc#962627 - VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization CVE-2014-7815-qemut-vnc-sanitize-bits_per_pixel-from-the-client.patch - bsc#962335 - VUL-0: CVE-2013-4538: xen: ssd0323: fix buffer overun on invalid state CVE-2013-4538-qemut-ssd0323-fix-buffer-overun-on-invalid-state.patch - bsc#962360 - VUL-0: CVE-2015-7512: xen: net: pcnet: buffer overflow in non-loopback mode CVE-2015-7512-qemuu-net-pcnet-buffer-overflow-in-non-loopback-mode.patch CVE-2015-7512-qemut-net-pcnet-buffer-overflow-in-non-loopback-mode.patch - bsc#961692 - VUL-0: CVE-2016-1714: xen: nvram: OOB r/w access in processing firmware configurations CVE-2016-1714-qemuu-fw_cfg-add-check-to-validate-current-entry-value.patch CVE-2016-1714-qemut-fw_cfg-add-check-to-validate-current-entry-value.patch - bsc#961358 - VUL-0: CVE-2015-8613: xen: qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info CVE-2015-8613-qemuu-scsi-initialise-info-object-with-appropriate-size.patch - bsc#961332 - VUL-0: CVE-2016-1568: xen: Qemu: ide: ahci use-after-free vulnerability in aio port commands CVE-2016-1568-qemuu-ide-ahci-reset-ncq-object-to-unused-on-error.patch - bsc#959695 - missing docs for xen xen.spec - bsc#960862 - VUL-0: CVE-2016-1571: xen: VMX: intercept issue with INVLPG on non-canonical address (XSA-168) xsa168.patch - bsc#960861 - VUL-0: CVE-2016-1570: xen: PV superpage functionality missing sanity checks (XSA-167) xsa167.patch - bsc#960836 - VUL-0: CVE-2015-8744: xen: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744-qemuu-net-vmxnet3-incorrect-l2-header-validation-leads-to-crash.patch - bsc#960707 - VUL-0: CVE-2015-8745: xen: reading IMR registers leads to a crash via assert(2) call CVE-2015-8745-qemuu-net-vmxnet3-read-IMR-registers-instead-of-assert.patch - bsc#960726 - VUL-0: CVE-2015-8743: xen: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743-qemuu-ne2000-OOB-memory-access-in-ioport-rw-functions.patch ==== yast2-core ==== Version update (3.1.19 -> 3.1.21) Subpackages: yast2-core-devel - Treat C/C++ warnings as errors but only via bcond_with werror. - 3.1.21 - Treat C/C++ warnings as errors. - 3.1.20 ==== yast2-network ==== Version update (3.1.140 -> 3.1.142) - Removed old testsuites tests and autotools, so yast2-testsuite is not required anymore (fate#314695). - 3.1.142 - Fixed an Internal error when aborting the configuration of a WiFi interface (bsc#950902). - 3.1.141 ==== yast2-update ==== Version update (3.1.34 -> 3.1.35) - Fixed selecting additional products during system upgrade (do not select previously unselected products after adding repositories from the registration server) (bsc#959155) - 3.1.35 ==== zypper ==== Version update (1.12.29 -> 1.12.31) Subpackages: zypper-aptitude zypper-log - Don't load repos when removing packages (bsc#606220) - version 1.12.31 - Update zypper-po.tar.bz2 - Update zypper-po.tar.bz2 - Propagate repo refresh errors even if main action succeeded (bsc#961719) - Fix misaligned TAB stops in colored prompts (bsc#948566) - version 1.12.30 - Update zypper-po.tar.bz2