Packages changed: AppStream (0.9.1 -> 0.9.2) aaa_base (13.2+git20151221.244f2a3 -> 13.2+git20160225.36aeb39) bind boost btrfsprogs (4.3.1 -> 4.4.1) cmake doxygen fcitx imap libreoffice ncurses nghttp2 (1.7.1 -> 1.8.0) suse-module-tools ufraw vim (7.4.1194 -> 7.4.1421) wpa_supplicant (2.4 -> 2.5) xrandr (1.4.3 -> 1.5.0) yast2-installation (3.1.169 -> 3.1.171) === Details === ==== AppStream ==== Version update (0.9.1 -> 0.9.2) Subpackages: libappstream3 - Update to version 0.9.2 Features: * qt: Improve usage of Qt containers (Aleix Pol) * qt: Implement Component::extends on the Qt front-end (Aleix Pol) * qt: Also call reserve for bundles on the Qt frontend (Aleix Pol) * validator: strstrip values when reading XML/YAML and validate linebreaks in summaries (Matthias Klumpp) * validator: Check if a description is present (Matthias Klumpp) * Always build with YAML support (Matthias Klumpp) * Move XML parser into its own class (Matthias Klumpp) * Make data-pool use the new YAML-aware metadata parser (Matthias Klumpp) * Simplify data-pool building routine (Matthias Klumpp) * Preprocess extension information for frontends (Matthias Klumpp) * qt: Use the new extensions property (Matthias Klumpp) * Implement translations tag (Matthias Klumpp) * cli: Document the "install" command (Matthias Klumpp) * l10n: Update Specification: * spec: Document the translation tag (Matthias Klumpp) * doc: Don't use tags in documentation (Matthias Klumpp) * spec: Mention the essential tags for a type:desktop component (Matthias Klumpp) Bugfixes: * as-cache-builder: Cope with no YAML documents (Iain Lane) * 50appstream: Don't run if we can't write to the system paths (Iain Lane) * Check for writability instead of root permissions when updating the cache (Matthias Klumpp) * qt: Don't compute screenshot images and then forget about them (Aleix Pol) * Add the missing extends property to the Xapian cache (Matthias Klumpp) * validator: Don't fail validation for description-less addons. (Matthias Klumpp) * Make reading empty cache values more robust (Matthias Klumpp) * Check if GIR scanner & compiler are really installed (Matthias Klumpp) ==== aaa_base ==== Version update (13.2+git20151221.244f2a3 -> 13.2+git20160225.36aeb39) Subpackages: aaa_base-extras - Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324) ==== bind ==== Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns162 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141 - drop a changing timestamp making build reproducible - Build with --with-randomdev=/dev/urandom otherwise libisc will use /dev/random to gather entropy and that might block, short read etc.. ==== boost ==== Subpackages: boost-devel boost-license1_60_0 libboost_atomic1_60_0 libboost_chrono1_60_0 libboost_container1_60_0 libboost_context1_60_0 libboost_coroutine1_60_0 libboost_date_time1_60_0 libboost_filesystem1_60_0 libboost_graph1_60_0 libboost_graph_parallel1_60_0 libboost_iostreams1_60_0 libboost_locale1_60_0 libboost_log1_60_0 libboost_math1_60_0 libboost_mpi1_60_0 libboost_program_options1_60_0 libboost_python1_60_0 libboost_random1_60_0 libboost_regex1_60_0 libboost_serialization1_60_0 libboost_signals1_60_0 libboost_system1_60_0 libboost_test1_60_0 libboost_thread1_60_0 libboost_timer1_60_0 libboost_wave1_60_0 - Added libboost_python3 to the dependency macro. * boost-devel will now correctly requires libboost_python3. ==== btrfsprogs ==== Version update (4.3.1 -> 4.4.1) Subpackages: libbtrfs0 - update to 4.4.1 * find-root: don't skip the first chunk * free-space-tree compat bits fix * build: target symlinks * documentation updates * test updates - update to 4.4 * mkfs.btrfs --data dup * support balance filters added/enhanced in linux 4.4 * manual pages enhanced (btrfs, mkfs, mount, filesystem, balance) * 'btrfs filesystem usage' works with mixed blockgroups * build: installation to /usr/local * build: the 'ar' tool is properly deteced during cross-compilation * improved stability on fuzzed/crafted images when reading sys array in superblock * debug-tree: option -t understands ids for tree root and chnuk tree * check: properly reset nlink of multi-linked file * chunk recovery: fix floating point exception * chunk recovery: endianity bugfix during rebuild * mkfs with 64K pages and nodesize reported superblock checksum mismatch - Removed patches: * 0001-btrfs-progs-mkfs-use-correct-size-for-superblock-csu.patch * fix-doc-build-on-SLE11SP3.diff ==== cmake ==== - Remove cmake version from generated files cmake-version-in-generated-files.patch ==== doxygen ==== - Do not link with -pie if we are not compiling with -fPIE ==== fcitx ==== Subpackages: fcitx-branding-openSUSE fcitx-gtk2 fcitx-gtk3 fcitx-pinyin fcitx-qt4 fcitx-table libfcitx-4_2_9 - Add NoDisplay=true in autostart desktop file so that it won't be shown (boo#968486): fcitx-autostart-desktop-no-display.patch ==== imap ==== - imap-openssl.patch: Support TLS 1.2 and ECDH ciphersuites. ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-calc-extensions libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-icon-theme-breeze libreoffice-icon-theme-galaxy libreoffice-icon-theme-hicontrast libreoffice-icon-theme-oxygen libreoffice-icon-theme-sifr libreoffice-icon-theme-tango libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-ru libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreoffice-writer-extensions - Try to enable libreofficekit integration by mimicking what RH does bnc#965296 - Provide/obsolete the gtk3 subpackage in gnome to allow nice migration - %dir the appdata folder to build on leap and older ==== ncurses ==== Subpackages: libncurses5 libncurses6 libncurses6-32bit ncurses-devel ncurses-utils tack terminfo terminfo-base - Add ncurses patch 20160213 + amend fix for _nc_ripoffline from 20091031 to make test/ditto.c work in threaded configuration. + move _nc_tracebits, _tracedump and _tracemouse to curses.priv.h, since they are not part of the suggested ABI6. - Add ncurses patch 20160206 + define WIN32_LEAN_AND_MEAN for MinGW port, making builds faster. + modify test/ditto.c to allow $XTERM_PROG environment variable to override "xterm" as the name of the program to run in the threaded configuration. - Add ncurses patch 20160130 + improve formatting of man/curs_refresh.3x and man/tset.1 manpages + regenerate HTML manpages using newer man2html to eliminate some unwanted blank lines. - Add ncurses patch 20160123 + ifdef'd header-file definition of mouse_trafo() with NCURSES_NOMACROS (report by Corey Minyard). + fix some strict compiler-warnings in traces. - Add ncurses patch 20160116 + tidy up comments about hardcoded 256color palette (report by Leonardo Brondani Schenkel) -TD + add putty-noapp entry, and amend putty entry to use application mode for better consistency with xterm (report by Leonardo Brondani Schenkel) -TD + modify _nc_viscbuf2() and _tracecchar_t2() to trace wide-characters as a whole rather than their multibyte equivalents. + minor fix in wadd_wchnstr() to ensure that each cell has nonzero width. + move PUTC_INIT calls next to wcrtomb calls, to avoid carry-over of error status when processing Unicode values which are not mapped. ==== nghttp2 ==== Version update (1.7.1 -> 1.8.0) - Update to 1.8.0 * Add Architecture documents (work in progress) * List all contributors in AUTHORS * doc: fix out-of-tree doc builds (Patch from Peter Wu) * Wrap AM_PATH_XML2 by m4_ifdef to handle the case when _PATH_XML2 is not found * Fix configure script for non-gcc, clang build * Document compiling apps and include h2load in configure (Patch from David Beitey) * Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil) * Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11 * Fixing Windows Makefile version detection (Patch from Reza Tavakoli) * lib: Tokenize extra HTTP header fields * lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu) * lib: Add HTTP/2 extension framework to send and receive non-critical frames * tests: remove unused macros (Patch from Peter Wu) * src: Update default cipher list * src: Fix compile error with gcc-6 which enables C++14 by default * asio: client: Fix connect timeout does not work, return from cb if session stopped, removing client::session::connect_timeout() functon * nghttpd: Start SETTINGS timer after it is written to output buffer * nghttpd: Add trailer header field to status responses * nghttpd: Add -w and -W options to change window size * nghttpx: Worker wide blocker which is used when socket(2) is failed * nghttpx: ConnectBlocker per backend address * nghttpx: Interleave text/html pushed resources with associated resource * nghttpx: Add headers given in add-response-headers for mruby response * nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor of --backend-address-family * nghttpx: Add options to specify address family of memcached connections * nghttpx: Add encryption support for TLS ticket key retrieval * nghttpx: Add TLS support for session cache memcached connection * nghttpx: Refactor blacklisted cipher suite check (Patch from Jay Satiro) * nghttpx: Add TLS support for HTTP/1 backend * nghttpx: Add request-header-field-buffer and max-request-header-fields options, deprecating header-field-buffer and max-header-fields options. * nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite * nghttpx: Limit header fields from backend * nghttpx: Fix bug that IPv6 address in Forwarded "for" is not quoted-string * nghttpx: Support multiple frontend addresses * integration-tests: support out-of-tree tests (Patch from Peter Wu) * examples: fix compile warnings (Patch from Peter Wu) - Drop upstreamed nghttp2-c++14.patch ==== suse-module-tools ==== - add missing requirements on module-init-tools, findutils and gzip, mkinitrd (bnc#965830) ==== ufraw ==== - Don't pass --enable-extras to configure, its for code testing only and not for distribution (boo#968652) - Remove conflicts with dcraw. ==== vim ==== Version update (7.4.1194 -> 7.4.1421) Subpackages: gvim vim-data - Updated to revision 1421, fixes the following problems * When calling ch_close() the close callback is invoked, even though the docs say it isn't. * Using "u_char" intead of "char_u", which doesn't work everywhere. * Tests slowed down because of the "not a terminal" warning. * May free a channel when a callback may need to be invoked. - Disable sniff support, its unmaintained. - Updated to revision 1410, fixes the following problems * The close-cb option is not implemented yet. * Perl eval doesn't work properly on 64-bit big-endian machine. * Having 'autochdir' set during startup and using diff mode doesn't work. * GTK 3 is not supported. * Completion menu flickers. * Leaking memory in cs_print_tags_priv(). * json_encode() does not handle NaN and inf properly. * Leaking memory in cscope interface. - Updated to revision 1397, fixes the following problems * When the Job exit callback is invoked, the job may be freed too soon. * Starting a job hangs in the GUI. * Can't sort inside a sort function. - Drop vim-7.1.314-CVE-2009-0316-debian.patch, Python 2.7 has the appropriate fix. - Updated to revision 1385, fixes the following problems * Job and channel options parsing is scattered. * Channel test ch_sendexpr() times out. * Can't remove a callback with ch_setoptions(). * Channels don't have a queue for stderr. * X11 GUI callbacks don't specify the part of the channel. * Channel read implementation is incomplete. * Calling a Vim function over a channel requires turning the arguments into a string. * ch_setoptions() cannot set all options. * Can't change job settings after it started. * The job exit callback is not implemented. * Can't get the job of a channel. * It is not easy to use a set of plugins and their dependencies. - Updated to revision 1353, fixes the following problems * Compiler warnings in build with -O2. * When there is any error Vim will use a non-zero exit code. * When the test server fails to start Vim hangs. * When the port isn't opened yet when ch_open() is called it may fail instead of waiting for the specified time. * The test script lists all functions before executing them. - Updated to revision 1345, fixes the following problems * Crash when using channel that failed to open. * Crash when closing the channel in a callback. * Channel test fails on non-darwin builds. * Channel NL mode is not supported yet. * It's difficult to add more arguments to ch_sendraw() and ch_sendexpr(). * Can't compile with +job but without +channel. - Updated to revision 1328, fixes the following problems * Cursor changes column with up motion when the matchparen plugin saves and restores the cursor position. (Martin Kunev) * "\%1l^#.*" does not match on a line starting with "#". * Channel with pipes doesn't work in GUI. * Crash when unletting the variable that holds the channel in a callback function. * Can't compile with +job but without +channel. - Updated to revision 1294, fixes the following problems * copy() and deepcopy() fail with special variables. * Encoding {'key':} to JSON doesn't give an error. * assert_false(v:false) reports an error. * When jsonencode() fails it still returns something. * jsonencode() is not producing strict JSON. * Crash when evaluating the pattern of ":catch" causes an error. * The job feature isn't available on MS-Windows. * ch_open() with a timeout doesn't work correctly. * ch_sendexpr() does not use JS encoding. - Remove vim-7.3-diff_check.patch ==== wpa_supplicant ==== Version update (2.4 -> 2.5) Subpackages: wpa_supplicant-gui - Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination with CONFIG_DBUS=yes. - spec: Compile the GUI against QT5 in 13.2 and later. - Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes. - add aliases for both provided dbus names to avoid systemd stopping the service when switching runlevels (boo#966535) - removed obsolete security patches: * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch - Update to upstream release 2.5 * fixed P2P validation of SSID element length before copying it [http://w1.fi/security/2015-1/] (CVE-2015-1863) * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141) * fixed WMM Action frame parser (AP mode) [http://w1.fi/security/2015-3/] (CVE-2015-4142) * fixed EAP-pwd peer missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] * nl80211: - added VHT configuration for IBSS - fixed vendor command handling to check OUI properly - allow driver-based roaming to change ESS * added AVG_BEACON_RSSI to SIGNAL_POLL output * wpa_cli: added tab completion for number of commands * removed unmaintained and not yet completed SChannel/CryptoAPI support * modified Extended Capabilities element use in Probe Request frames to include all cases if any of the values are non-zero * added support for dynamically creating/removing a virtual interface with interface_add/interface_remove * added support for hashed password (NtHash) in EAP-pwd peer * added support for memory-only PSK/passphrase (mem_only_psk=1 and CTRL-REQ/RSP-PSK_PASSPHRASE) * P2P - optimize scan frequencies list when re-joining a persistent group - fixed number of sequences with nl80211 P2P Device interface - added operating class 125 for P2P use cases (this allows 5 GHz channels 161 and 169 to be used if they are enabled in the current regulatory domain) - number of fixes to P2PS functionality - do not allow 40 MHz co-ex PRI/SEC switch to force MCC - extended support for preferred channel listing * D-Bus: - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface - fixed PresenceRequest to use group interface - added new signals: FindStopped, WPS pbc-overlap, GroupFormationFailure, WPS timeout, InvitationReceived - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient - added manufacturer info * added EAP-EKE peer support for deriving Session-Id * added wps_priority configuration parameter to set the default priority for all network profiles added by WPS * added support to request a scan with specific SSIDs with the SCAN command (optional "ssid " arguments) * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2 * fixed SAE group selection in an error case * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * added support for CCMP-256 and GCMP-256 as group ciphers with FT * fixed BSS selection based on estimated throughput * added option to disable TLSv1.0 with OpenSSL (phase1="tls_disable_tlsv1_0=1") * added Fast Session Transfer (FST) module * fixed OpenSSL PKCS#12 extra certificate handling * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added RSN IE to Mesh Peering Open/Confirm frames * number of small fixes ==== xrandr ==== Version update (1.4.3 -> 1.5.0) - update to version 1.5.0 This release adds support for the new monitor objects added in RandR 1.5, and fixes a few bugs. ==== yast2-installation ==== Version update (3.1.169 -> 3.1.171) - bsc#956473 - network interfaces listing shows all IPv4 / IPv6 addresses per device - 3.1.171 - Ensure plymouth does not interfere with X11 when executing yast2-firstboot (bsc#966874) - 3.1.170