Packages changed: SuSEfirewall2 (3.6.357 -> 3.6.359) cairo desktop-translations (84.87.20170202.0c8d823 -> 84.87.20170618.be69114) evolution (3.24.2 -> 3.24.3) evolution-data-server (3.24.2 -> 3.24.3) evolution-ews (3.24.2 -> 3.24.3) gdb (7.12.1 -> 8.0) gnome-shell gnome-vfs2 graphite2 (1.3.9 -> 1.3.10) gsl (2.3 -> 2.4) gstreamer (1.12.0 -> 1.12.1) gstreamer-plugins-bad (1.12.0 -> 1.12.1) gstreamer-plugins-base (1.12.0 -> 1.12.1) gstreamer-plugins-good (1.12.0 -> 1.12.1) gstreamer-plugins-ugly (1.12.0 -> 1.12.1) gtk3 (3.22.15 -> 3.22.16) installation-images-Kubic installation-images-openSUSE kernel-source (4.11.6 -> 4.11.7) libcares2 (1.12.0 -> 1.13.0) libglvnd (0.1.2~20170427~6bcecd8 -> 0.1.2~20170620~d850cdd) libreoffice (5.4.0.0.beta2 -> 5.4.0.1) multipath-tools (0.7.1+53+suse.07c2f6ac -> 0.7.1+62+suse.62a2c36e) obs-service-tar_scm (0.7.0.1496831936.d960322 -> 0.7.0.1497870887.fa1750b) openssl (1.0.2k -> 1.0.2l) openssl-1_0_0 (1.0.2k -> 1.0.2l) opus (1.1.5 -> 1.2.1) patterns-gnome perl-File-Path (2.120000 -> 2.140000) perl-GD (2.56 -> 2.66) perl-HTTP-Message (6.11 -> 6.13) perl-Scalar-List-Utils (1.47 -> 1.48) python-kiwi (9.7.2 -> 9.7.4) python-ldap (2.4.39 -> 2.4.40) python-pyserial qemu qemu-linux-user shotwell (0.26.2 -> 0.27.0) terminus-bitmap-fonts (4.40 -> 4.46) tiff (4.0.7 -> 4.0.8) yast2-pkg-bindings (3.2.3 -> 3.2.4) === Details === ==== SuSEfirewall2 ==== Version update (3.6.357 -> 3.6.359) - Also check /etc/sysctl.d for custom sysctl overrides (bnc#1044523) - improved documentation of FW_SERVICES_DROP_... to mention "all" protocols ==== cairo ==== Subpackages: cairo-devel libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcairo2-32bit - Add 0001-image-prevent-invalid-ptr-access-for-4GB-images.patch to fix a segfault when using >4GB images since int values were used for pointer operations (bsc#1007255, fdo#98165, CVE-2016-9082). ==== desktop-translations ==== Version update (84.87.20170202.0c8d823 -> 84.87.20170618.be69114) - Update to version 84.87.20170618.be69114: * Translated using Weblate (Arabic) * Translated using Weblate (Danish) * Translated using Weblate (German) * Translated using Weblate (Greek) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Russian) * Translated using Weblate (Spanish) - Update to version 84.87.20170613.caa39e6: * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) - Update to version 84.87.20170613.847c686: * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (Lithuanian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Lithuanian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Translated using Weblate (Kabyle) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Danish) * Translated using Weblate (Danish) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (German) * Translated using Weblate (German) * Revert swedish translation to SVN state * Regenerate translations from .desktop files - Update to version 84.87.20170531.7e7f57d: * Translated using Weblate (Arabic) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Slovak) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) * Rename appstream.po to appstreamdata.po to avoid conflict * Rename appstream -> appstreamdata in tar2po * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Catalan) * Translated using Weblate (Italian) * Translated using Weblate (Portuguese (Brazil)) - Change License: to MIT - Also generate other mo files - Update to version 84.87.20170518.2205c8c: * tar2po: Escape newline in gettext strings correctly * Merge POT files into PO files to not lose translations * Update translations with latest changes - Add gettext-runtime and xz BuildRequires - Update to version 84.87.20170517.b889563: * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Arabic) * Translated using Weblate (Arabic) * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Arabic) * Translated using Weblate (Italian) * Translated using Weblate (Catalan) ==== evolution ==== Version update (3.24.2 -> 3.24.3) Subpackages: evolution-plugin-bogofilter evolution-plugin-pst-import evolution-plugin-spamassassin - Update to version 3.24.3: + [ECompEditor]: - Ensure local store directory exists before saving attachments. - Use ICAL_FILENAME_PARAMETER for attachments, if available. + Use SIGTERM instead of SIGQUIT in killev (evolution --force-shutdown). + Allow select the same source and destination calendar in Copy To Calendar. + Crash under e_dom_resize_document_content_to_preview_width(). + Allow overwrite of CMAKE_SKIP_RPATH variable. + e_mail_folder_to_full_display_name: Special-case virtual Trash/Junk folders. + Bugs fixed: bgo#720197, bgo#782529, bgo#773420, bgo#782803, bgo#783106, bgo#537048, bgo#783191, bgo#782052, bgo#783317, bgo#782210, bgo#783353, bgo#782470, bgo#783682. + Updated translations. - Pass -DCMAKE_SKIP_RPATH=OFF to configure, needed after upstream changes. ==== evolution-data-server ==== Version update (3.24.2 -> 3.24.3) Subpackages: libcamel-1_2-60 libebackend-1_2-10 libebook-1_2-19 libebook-contacts-1_2-2 libecal-1_2-19 libedata-book-1_2-25 libedata-cal-1_2-28 libedataserver-1_2-22 libedataserverui-1_2-1 - Update to version 3.24.3: + Remove forgotten debug print. + Add CamelWeakRefGroup to camel-docs.sgml. + Mis-filters emails with Mailing List rule in certain situations. + Prevent busy-loop opening Google calendar configured in GOA. + Prevent GError override in e_cal_backend_sync_get_timezone(). + Allow overwrite of CMAKE_SKIP_RPATH variable. + Bugs fixed: bgo#782360, bgo#782362, bgo#782377, bgo#782096, bgo#770476, bgo#783385. - Pass -DCMAKE_SKIP_RPATH=OFF to configure, needed after upstream changes. ==== evolution-ews ==== Version update (3.24.2 -> 3.24.3) Subpackages: evolution-ews-lang - Update to version 3.24.3: + e_ews_connection_try_credentials_sync() asks for password when not needed. + Allow overwrite of CMAKE_SKIP_RPATH variable. - Pass -DCMAKE_SKIP_RPATH=OFF to configure, needed after upstream changes. ==== gdb ==== Version update (7.12.1 -> 8.0) - Rebase to gdb 8.0 release: [fate #319573] * support for DWARF5 (except its .debug_names) * support C++11 rvalue references * support PKU register (memory protection keys on future Intel CPUs) * python scripting: - start, stop and access running btrace - rvalue references in gdb.Type * record/replay x86_64 rdrand and rdseed * removed support for GCJ compiled java programs * user commands accept more than 10 arguments * "eval" expands user-defined command arguments * new options: set/show disassembler-options (on arm, ppc s390) - Removed obsoleted patches: gdb-release-werror.patch - Rebase to gdb 7.99.90 (prerelease of gdb 8) [fate #319573] - Updated libstdc++ pretty printers to gdb-libstdc++-v3-python-6.3.1-20170212.tar.bz2. - Added patches from fedora: gdb-release-werror.patch gdb-rhbz1398387-tab-crash-test.patch - Removed obsoleted patches: gdb-6.7-bz426600-DW_TAG_interface_type-test.patch gdb-bison-old.patch gdb-testsuite-casts.patch gdb-testsuite-m-static.patch gdb-upstream.patch gdb-testsuite-morestack-gold.patch gdb-fix-bnc-994537.diff gdb-libiberty-demangler-fuzz.diff - Fix rpm condition to allow build on SLE10. - Do not require glibc-devel-static-32bit on SLE12 which is not available there. ==== gnome-shell ==== Subpackages: gnome-shell-browser-plugin gnome-shell-calendar - Drop gnome-shell-970480-authprompt-wrapping-message.patch: Fixed upstream. ==== gnome-vfs2 ==== Subpackages: gnome-vfs2-devel gnome-vfs2-lang - Replace openssl-devel with libopenssl-1_0_0-devel BuildRequires: Build fails with openssl-1.1 (bgo#1042650). ==== graphite2 ==== Version update (1.3.9 -> 1.3.10) Subpackages: graphite2-devel libgraphite2-3 libgraphite2-3-32bit - Use %ctest macro - Update license string to lgpl2.1+ and mpl2.0+ - Remove patch graphite2-CVE-2017-5436.patch - Update to 1.3.10: * Upstream marks this as contianing various bugfixes without any specific mentions ==== gsl ==== Version update (2.3 -> 2.4) Subpackages: gsl-devel libgslcblas0 - rstat_test.patch - Fix rstat test on PPC platform - re-enable multi-job support in unit tests (check make target) - Update to new upstream version 2.4: * add const to declaration of appropriate gsl_rstat routines * added routines for Hermite polynomials, gsl_sf_hermite_* * added routines to compute integrals with fixed-point quadrature, based on IQPACK * added new nonlinear least squares example for fitting a Gaussian to data * deprecated routines: gsl_sf_coupling_6j_INCORRECT gsl_sf_coupling_6j_INCORRECT_e * deprecated routine 'gsl_linalg_hessenberg' (replaced by gsl_linalg_hessenberg_decomp) * removed routines which were deprecated in v2.1: gsl_bspline_deriv_alloc gsl_bspline_deriv_free * changed COD expression to Q R Z^T instead of Q R Z to be consistent with standard texts * added check for nz == 0 in gsl_spmatrix_get * permit zero-dimension blocks, vectors, matrics, subvectors, submatrices, and views of the above * added routine gsl_linalg_COD_lssolve2 for regularized least squares problems - obsoletes patches: * ppc_test_tolerence.patch * fix_legendre_test.patch - unit tests re-enabled - Update to test version 2.3.90. ==== gstreamer ==== Version update (1.12.0 -> 1.12.1) Subpackages: gstreamer-devel gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0 - Update to version 1.12.1: + Various fixes for crashes, assertions, deadlocks and memory leaks. + Fix for regression when seeking to the end of ASF files. + Fix for regression in (raw)videoparse that caused it to omit video metadata. + Fix for regression in discoverer that made it show more streams than actually available. + Numerous bugfixes to the adaptive demuxer base class and the DASH demuxer. + Various playbin3/urisourcebin related bugfixes. + Vivante DirectVIV (imx6) texture uploader works with single-plane (e.g. RGB) video formats now. + Intel Media SDK encoder now outputs valid PTS and keyframe flags. + OpenJPEG2000 plugin can be loaded again on MacOS and correctly displays 8 bit RGB images now. + Fixes to DirectSound source/sink for high CPU usage and wrong latency/buffer size calculations. + gst-libav was updated to ffmpeg n3.3.2. ==== gstreamer-plugins-bad ==== Version update (1.12.0 -> 1.12.1) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 - Update to version 1.12.1: + Bugs fixed: bgo#783028, bgo#773681, bgo#776609, bgo#779202, bgo#781249, bgo#781561, bgo#782221, bgo#782352, bgo#782376, bgo#782693, bgo#782697, bgo#782736, bgo#782771, bgo#782801, bgo#782921, bgo#783066, bgo#783075, bgo#783255, bgo#783256, bgo#783401, bgo#783626, bgo#781204. ==== gstreamer-plugins-base ==== Version update (1.12.0 -> 1.12.1) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.12.1: + Various fixes for crashes, assertions, deadlocks and memory leaks. + Fix for regression when seeking to the end of ASF files. + Fix for regression in (raw)videoparse that caused it to omit video metadata. + Fix for regression in discoverer that made it show more streams than actually available. + Numerous bugfixes to the adaptive demuxer base class and the DASH demuxer. + Various playbin3/urisourcebin related bugfixes. + Vivante DirectVIV (imx6) texture uploader works with single-plane (e.g. RGB) video formats now. + Intel Media SDK encoder now outputs valid PTS and keyframe flags. + OpenJPEG2000 plugin can be loaded again on MacOS and correctly displays 8 bit RGB images now. + Fixes to DirectSound source/sink for high CPU usage and wrong latency/buffer size calculations. + gst-libav was updated to ffmpeg n3.3.2. ==== gstreamer-plugins-good ==== Version update (1.12.0 -> 1.12.1) Subpackages: gstreamer-plugins-good-extra - Update to version 1.12.1: + Various fixes for crashes, assertions, deadlocks and memory leaks. + Fix for regression when seeking to the end of ASF files. + Fix for regression in (raw)videoparse that caused it to omit video metadata. + Fix for regression in discoverer that made it show more streams than actually available. + Numerous bugfixes to the adaptive demuxer base class and the DASH demuxer. + Various playbin3/urisourcebin related bugfixes. + Vivante DirectVIV (imx6) texture uploader works with single-plane (e.g. RGB) video formats now. + Intel Media SDK encoder now outputs valid PTS and keyframe flags. + OpenJPEG2000 plugin can be loaded again on MacOS and correctly displays 8 bit RGB images now. + Fixes to DirectSound source/sink for high CPU usage and wrong latency/buffer size calculations. + gst-libav was updated to ffmpeg n3.3.2. ==== gstreamer-plugins-ugly ==== Version update (1.12.0 -> 1.12.1) - Update to version 1.12.1: + Bugs fixed: bgo#783100. ==== gtk3 ==== Version update (3.22.15 -> 3.22.16) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.22.16: + GtkEntryBuffer no longer emits changed events when input is truncated. + gtk3-icon-browser now offers to copy the icon name to the clipboard. + Bugs fixed: bgo#745289, bgo#759308, bgo#770513, bgo#778853, bgo#779078, bgo#781285, bgo#781945, bgo#782117, bgo#782283, bgo#782325, bgo#783047, bgo#783347, bgo#783397, bgo#783587. + Updated translations. ==== installation-images-Kubic ==== - remove obsolete dependency on links (bsc#1044791) ==== installation-images-openSUSE ==== - remove obsolete dependency on links (bsc#1044791) ==== kernel-source ==== Version update (4.11.6 -> 4.11.7) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.11.7 (bnc#1012628). - commit ddd09a5 - drm/nouveau/gpio: enable interrupts on cards with 32 gpio lines (bnc#1045105). - commit d61c66b - reiserfs: don't preallocate blocks for extended attributes (bsc#990682). - commit a4e55c0 - reiserfs: Protect dquot_writeback_dquots() by s_umount semaphore (bsc#1037795). - reiserfs: Make cancel_old_flush() reliable (bsc#1037795). - commit 5e3bb37 - Update config files. - config.conf: Added s390x zfcpdump kernel - commit 9bfc6ab - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286 bsc#1017461 bsc#1036171). - commit 7d41685 - Only set CONFIG_GCC_PLUGINS=y in kernel-syzkaller (boo#1043591) - commit fe00c55 - rpm/kernel-binary.spec.in: Only kernel-syzkaller needs gcc-devel (boo#1043591). - commit d7ff041 ==== libcares2 ==== Version update (1.12.0 -> 1.13.0) - Version update to 1.13.0: * Fixes bsc#1044946 CVE-2017-1000381 * Bunch of bugfixes - Drop cares-1.9.1-ocloexec.patch as it broke again and it is not really worth all the fwdporting - Drop check phase there is only return 0 ==== libglvnd ==== Version update (0.1.2~20170427~6bcecd8 -> 0.1.2~20170620~d850cdd) Subpackages: libglvnd-32bit libglvnd-devel - Update to version 0.1.2~20170620~d850cdd: * EGL: detect platform gbm vendor capability. * EGL: add platform gbm detection in eglGetDisplay. * EGL: alias "drm" to gbm when using EGL_PLATFORM. * EGL: honour eglGetPlatformDisplay's attrib_list. * PPC64LE: Fix the cache clear instructions (boo#1045185). * configure: Remove AC_PROG_CXX. * EGL: Allow vendor libraries to identify platforms for eglGetDisplay. * GL: Use a table to look up core GLX functions. ==== libreoffice ==== Version update (5.4.0.0.beta2 -> 5.4.0.1) Subpackages: libreoffice-base libreoffice-base-drivers-mysql libreoffice-branding-upstream libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-theme-breeze libreoffice-icon-theme-galaxy libreoffice-icon-theme-hicontrast libreoffice-icon-theme-sifr libreoffice-icon-theme-tango libreoffice-impress libreoffice-kde4 libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-writer libreofficekit - Update to 5.4.0.1: * First rc of the series, now only serious bugs will be fixed - Drop upstreamed patch 0001-undo-clone.patch - Drop upstreamed patch 0001-watermark.patch - Add suse color palette bsc#1045339 ==== multipath-tools ==== Version update (0.7.1+53+suse.07c2f6ac -> 0.7.1+62+suse.62a2c36e) Subpackages: kpartx - Update to version 0.7.1+62+suse.62a2c36e: * kpartx: only check for 'no_partitions' feature on dm devices (bsc#1037533) * Revert "kpartx: use mapname if no uuid is present" (bsc#1037533, bsc#1033541) - "no_path_retry" patch series (bsc#1043027) * libmultipath: load_config: skip setting unnecessary defaults * libmultipath: add/remove_feature: use const char* for feature * libmultipath: clarify option conflicts for "features" * libmultipath: merge_hwe: fix queue_if_no_path logic * libmultipath: assemble_map: fix queue_if_no_path logic * multipath.conf.5: document no_path_retry vs. queue_if_no_path * multipath.conf.5: Remove ??? and other minor fixes * libmultipath: add deprecated warning for some features settings - _service: Use "sles12-sp3" branch as revision, as factory and SLE12-SP3 submissions are in sync. Will be changed when factory forks off (latest at SLE12-SP3 GA). - set KBUILD_BUILD_TIMESTAMP to generate reproducible man-pages to fix build-compare (bsc#1045111) ==== obs-service-tar_scm ==== Version update (0.7.0.1496831936.d960322 -> 0.7.0.1497870887.fa1750b) Subpackages: obs-service-obs_scm-common - Update to version 0.7.0.1497261741.b1aa4cb: * Move spec file to git ==== openssl ==== Version update (1.0.2k -> 1.0.2l) Subpackages: libopenssl-devel - Revert back to 1.0.2l for now so we get new fixes of 1.0 openssl to tumbleweed - Update to 1.1.0f release - Switch default to openssl-1.1.0 ==== openssl-1_0_0 ==== Version update (1.0.2k -> 1.0.2l) Subpackages: libopenssl-1_0_0-devel libopenssl1_0_0 libopenssl1_0_0-32bit - Update engines location for the engines to match up 1.1 to ease later on migration bsc#1045803 * openssl-engines-path.patch - update to 1.0.2l * bugfix release only * fixes problem with a lower-than-before version number (bsc#1040863) - drop openssl-print_notice-NULL_crash.patch (upstream) - refresh patches openssl-fipslocking.patch and 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch ==== opus ==== Version update (1.1.5 -> 1.2.1) - Update to version 1.2.1: + This fixes an issue where the encoder can misdetect that the signal is SWB instead of FB, lowpassing the signal. This patch makes the encoder much more careful about doing that. - Cleanup with spec-cleaner - Update to version 1.2 + Speech quality improvements especially in the 12-20 kbit/s range + Improved VBR encoding for hybrid mode + More aggressive use of wider speech bandwidth, including fullband speech starting at 14 kbit/s + Music quality improvements in the 32-48 kb/s range + Generic and SSE CELT optimizations + Support for directly encoding packets up to 120 ms + DTX support for CELT mode + SILK CBR improvements + Support for all of the fixes in draft-ietf-codec-opus-update-06 (the mono downmix and the folding fixes need --enable-update-draft) + Many bug fixes, including integer wrap-arounds discovered through fuzzing (no security implications) - Removed static package ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_admin patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_ide patterns-gnome-gnome_imaging patterns-gnome-gnome_imaging_opt patterns-gnome-gnome_internet patterns-gnome-gnome_laptop patterns-gnome-gnome_multimedia patterns-gnome-gnome_multimedia_opt patterns-gnome-gnome_office patterns-gnome-gnome_office_opt patterns-gnome-gnome_utilities patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - gnome_ide pattern: + Add the gnome-builder recommendation. + Add the gedit, gedit-plugins and jhbuild suggestions. + Move anjuta and monodevelop from recommendations to suggestions. + Move gitg from suggestions to recommendations. - Remove liferea as it is not a GNOME application and is a niche tool that shouldn't be installed by default. - Replace gucharmap by gnome-characters. - Do not require a base system: GNOME builds on top of X11 (for now) and what is below X11 is not our concern. ==== perl-File-Path ==== Version update (2.120000 -> 2.140000) - updated to 2.14 see /usr/share/doc/packages/perl-File-Path/Changes 2.14 2017-06-07 - When creating subdirectories for testing underneath File::Spec::Functions::tmpdir(), use randomly generated strings. - No change in functionality from 2.13. - updated to 2.13 see /usr/share/doc/packages/perl-File-Path/Changes 2.13 2017-05-31 - Document security vulnerability reported as CVE-2017-6512. 2.12_008 2017-05-07 - Patch from John Lightsey. 2.12_007 2017-04-22 - Skip tests where filesystem doesn't support permissions (RT 121248). - Add AppVeyor configuration; thanks to Charlie Gonzalez and Hayo Baan. 2.12_006 2017-04-21 - Modernize README, Makefile.PL, updating of version number and release date in documentation. 2.12_005 2017-04-21 - Recommend use of 'safe => 1' in remove_tree() and rmtree(). - Warn if mkpath() or make_path() is passed implausible options on Windows. - Corrections to errors in previous release. 2.12_004 2017-04-18 - Certain functions used in tests are not available on Windows; skip them. - Move certain functions used in testing to t/FilePathTest.pm. 2.12_003 2017-04-07 - Add tests to improve coverage ratios as measured by Devel::Cover - No functional changes. 2.12_002 2017-03-12 - GH#41 RT 117019 Fixed File::Path::remove_tree option hash is auto populated and cannot be reused - GH#40 Unskip in path root t - GH#39 Remove superfluous assignment to $arg{perm} - GH#38 Minor grammatical doc fixes. - GH#37 Minor grammatical doc fixes. 2.12_001 2016-09-18 - RT 94209 document that the thread safety issue will not change and communicate alternative. - RT 85878 be more generous with error check regex given we could be dealing with a pre-1.25 Carp. - GH #33 Be more precise in documentation example for make_path error checking. - GH #34 Skip Windows 2000 and earlier unit tests (test change). - GH #36 Do not hardcode ENOENT (test change). ==== perl-GD ==== Version update (2.56 -> 2.66) - updated to 2.66 see /usr/share/doc/packages/perl-GD/ChangeLog 2.66 * throw proper error on newFrom* with not-existing file * add t/transp.t from RT #40525 * Improve RT #54366 multiple gd.h warning * better doc for GD::Simple->arc * fix ANIMGIF with libgd 2.3.0-dev 2.65 * fix --gdlib_config_path to accept an argument (fperrad) 2.64 * Update doc for LIBGD_VERSION() * Fix 5.6.2, which does not have float in its typemap 2.63 * renamed VERSION() to LIBGD_VERSION(), RT #121307. It was treated magically by "use GD 2.18" 2.62 * fixed wrong <5.14 code generated with ExtUtils::Constants RT #121297. Don't generate const-xs.inc, only when missing. * add -liconv on hpux also (our pkgconfig parser cannot handle it) 2.61 * add CONFIGURE_REQUIRES META * add --gdlib_config_path * add Image Filters: scatter, pixelate, negate, grayscale, brightness, contrast, color, selectiveBlur, edgeDetectQuick, gaussianBlur, emboss, meanRemoval, smooth, copyGaussianBlurred * add palette methods: createPaletteFromTrueColor, neuQuant (but discouraged), colorMatch. * add interpolation methods: copyScale, copyRotateInterpolated, interpolationMethod. * add double GD::VERSION * add all gd.h constants 2.60 * add missing methods newFromWBMP, newFromXbm, (RT #68784) and some missing docs * Add --lib_fontconfig_path, --fcgi options * rewrote most of the XS code * cleanup Makefile.PL #20 2.59 * error on failing libgd calls * fix colorClosestAlpha, colorAllocateAlpha * add missing documentation 2.58 * fix VERSION_STRING for 2.0.x * honor --lib_gd_path specific gdlib-config * Loosen the comparison tests with GDIMAGETYPE ne gd2 * Improve gdlib-config parsing (PR #17), esp. with 2.0.34 2.57 * fix Jpeg magic number detection RT #26146 * fix RGB - HSV roundtrips: RT #120572 by J2N-FORGET * fix -print-search-dirs errors RT #106265 * co-maint to rurban * add hv_fetchs, CI smokers * add GD::VERSION_STRING api 2.56_03 * add alpha method * improve option handling * fix meta data 2.56_02 * fix feature extraction >= 2.2 [RT #119459] 2.56_01 * rm Build.PL, fix permissions, fix for missing gdlib-config ==== perl-HTTP-Message ==== Version update (6.11 -> 6.13) - updated to 6.13 see /usr/share/doc/packages/perl-HTTP-Message/Changes ==== perl-Scalar-List-Utils ==== Version update (1.47 -> 1.48) - updated to 1.48 see /usr/share/doc/packages/perl-Scalar-List-Utils/Changes 1.48 -- 2017/06/23 17:29:42 [CHANGES] * Note in documentation that outer function's @_ can be accessed in some blocks, but ought not be (thanks wchristian) [BUGFIXES] * Ensure pairmap extends its stack correctly (thanks davem) * Fix name of List::Util::unpairs in its error messages ==== python-kiwi ==== Version update (9.7.2 -> 9.7.4) Subpackages: kiwi-pxeboot kiwi-tools - Bump version: 9.7.3 ? 9.7.4 - Fixed setup_plymouth_splash The schema generated get_bootsplash_theme() method returns a list because it's section content. The return value of the method was used as a string which caused a runtime error - Add package manager in image info task solving process This commit includes the package manager package in the packages list to be solved in image info task. - Bump version: 9.7.2 ? 9.7.3 - Fixed gce disk format The order of the files in the tarball is important. The first entry must be the manifest.json followed by disk.raw - Make sure CliTask instance reads the config file Any instance of a CliTask has to read the runtime config file if present - Add generic access for attributes The layout of the yaml runtime config is based on an element topic containing a list of attributes. For now only the xz topic with its options attribute is in use but for the future more elements might be supported which can use the same access method - Setup plymouth splash in the image prepare process In case the plymouth-set-default-theme tool can be found in the image root system and a bootsplash theme is configured in the XML description, the tool is used to setup the theme configuration This Fixes #366 - Include patternType information to resolv packages in image info task This commit includes ingore_recommended flag in the Sat.solve method. This way if the description file states to include only required packages (without recommendations) it is respected and taken into account to resolv the packages list. Fixes #381 - Added custom xz option handling for ArchiveTar Allow to pass custom xz options for create_xz_compressed method. Issue #373 - Make sure options are returned as list - Added custom xz option handling for Compress Allow to pass custom options for xz method. Issue #373 - Activate reading of runtime config in tasks Implement reading of runtime configuration file in base commandline class. Issue #373 - Cleanup doc string of base task class - Add runtime config man page section Describe the contents of the KIWI runtime config file - Added RuntimeConfig class An instance of RuntimeConfig reads in ~/.config/kiwi/config.yml if present and provides access methods to the expected information of the config file - Added PyYAML requirement to package and venv The KIWI config file is yaml based and thus we need support for reading the file in KIWI - Implement custom argument handling for xz_options Evaluate and hand over custom_args processing for the xz_options argument to all classes which performs xz compression tasks. This Fixes #373 - Read xz options from runtime config Read xz options from the kiwi runtime configuration file and pass along the information to the commands which performs compression tasks - Fixed alpha order of options in build command - Update custom_args doc for DiskBuilder class - Fixup class docstrings The attribute list should provide information about the construction of an object of this class. Some fields were missing or superfluous - Consider only repositories used for build in image info This commit makes sure that the repositories marked with imageonly flag are not included in the packages solve procedure. This is related to #362 - Removing has_repositories_marked_as_imageinclude method With the current repository management this method is not required anymore, since the setup repositories method does not modify the image if no repositories are present. It is related to #305 and #191 - Fixed typo in isoboot/fedora-25.0 It does not really matter because the package manager setup is inherited from the system image XML configuration to the boot image, but for consistency it should be correct in the isoboot description too - Added isoboot/fedora-25.0 boot description - Change to more explicit method names - Cleanup use of suseGFXBoot regarding grub The shell method suseGFXBoot from the config/functions contains code which should be better moved to the python code base dealing with the bootloader configuration. In this commit all grub parts of it has been moved to the BootLoaderConfigGrub2 class - Cleanup isoboot descriptions There is no need to install bootloader packages to the initrd, all information regarding the bootloader setup is taken from the system root directory - Fixup iso image builder(s) lookup path Don't lookup bootloader required files in the boot image root directory. Those needs to be looked up in the system image root directory - Refactor boot image factory Make sure the root directory of the base image is always accessible by any boot image type for consistency. In addition introduce a post_init method which explicitly setup the boot image root directory as needed for the selected boot image type and document it as such - Include imageonly attribute for repositories This commit adds imageonly attribute support for the repository element. imageonly is a boolean attribute that if true indicates that the repository is no used for the build but needs to be configured for the resulting image. Fixes #362 ==== python-ldap ==== Version update (2.4.39 -> 2.4.40) - update to upstream release 2.4.40 (small memleak fix) ==== python-pyserial ==== - Do not include unneccessary undeterministic environment.pickle in package to fix build-compare ==== qemu ==== Subpackages: qemu-arm qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-rbd qemu-block-ssh qemu-extra qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-ppc qemu-s390 qemu-seabios qemu-sgabios qemu-tools qemu-vgabios qemu-x86 - Use most recent compiler to build size-critical firmware, instead of hard-coding gcc6 for all target versions (bsc#1043390) * A few upstream ipxe patches were needed for gcc7 compatibility: ipxe-ath-Add-missing-break-statements.patch ipxe-mucurses-Fix-erroneous-__nonnull-attribute.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility - Address various security/stability issues * Fix potential privilege escalation in virtfs (CVE-2016-9602 bsc#1020427) 0060-9pfs-local-fix-unlink-of-alien-file.patch * Fix DOS in megasas device emulation (CVE-2017-9503 bsc#1043296) 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch * Fix DOS in qemu-nbd server (CVE-2017-9524 bsc#1043808) 0063-nbd-Fully-initialize-client-in-case.patch * Fix regression introduced by recent virtfs security fixes (bsc#1045035) 0064-9pfs-local-remove-use-correct-path-.patch - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 - Backport ipxe to support FirstBurstLength (bsc#1040476) ipxe-iscsi-Always-send-FirstBurstLength-parameter.patch ==== qemu-linux-user ==== - Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9 * Patches added: 0060-9pfs-local-fix-unlink-of-alien-file.patch 0061-megasas-do-not-read-DCMD-opcode-mor.patch 0062-megasas-always-store-SCSIRequest-in.patch 0063-nbd-Fully-initialize-client-in-case.patch 0064-9pfs-local-remove-use-correct-path-.patch - Add --no-renames to the git format-patch command in the git workflow script for better patch compatibility ==== shotwell ==== Version update (0.26.2 -> 0.27.0) Subpackages: shotwell-lang - Update to version 0.27.0: + Remove F-Spot import support. + Create a commandline utility to test image transformations. + Speed up color transformations a bit. + Bump GTK+ requirement to 3.18 and remove deprecated functions. + Clean-up histogram drawing code. + Run thumbnailer with nice 19. + Update VAAPI blacklisting for video thumbnailer and new plugin structure. + Add configurable image background. + Split several dialogs from shotwell.ui file. + Move Tumblr to default plugin set. + Remove some unnecessary memcpys on import. + Add Meson build support. + Some more ngettext for plurals. + Add --fullscreen/-f option for viewer. + Add option to install Ubuntu apport hook. + Fix issue when importing to NTFS-backed vboxfs. + Fix GSettings schema search path for running out-of-tree. + Work around "Camera locked: -53" error on GNOME. + Fix issue with missing highlight on dnd actions. + Bugs fixed: bgo#716448, bgo#716499, bgo#716547, bgo#716599, bgo#716708, bgo#716830, bgo#717767, bgo#718809, bgo#718846, bgo#719020, bgo#719031, bgo#719240, bgo#733652, bgo#742563, bgo#752008, bgo#760868, bgo#768938, bgo#773267, bgo#774650, bgo#780811, bgo#781567, bgo#781897, bgo#783250. + Updated translations. ==== terminus-bitmap-fonts ==== Version update (4.40 -> 4.46) - Update to version 4.46 * The X11 8-bit code pages are not installed by default. * Added IBM-437 8-bit code page for X11. * The CRT VGA weight for Linux console is not installed by default. * Removed the Linux console mapping files. * These should be provided by the console packages. * Removed the BSD console installation. * The recent BSD-s have a new console subsystem. * Added 50 new characters. Mostly math, but also Buglarian yat and yus. * Rewritten the font conversion tools in python/javascript. * The full unicode range (17x64K) is now supported. * The Windows installer can be built from sources. * Small fixes and improvements (7 characters in various sizes). * Renamed install-ref to install-psf-ref (uninstall too). ==== tiff ==== Version update (4.0.7 -> 4.0.8) Subpackages: libtiff-devel libtiff5 libtiff5-32bit - Upgrade to upstream relaase 4.0.8 * libtiff/tif_getimage.c, libtiff/tif_open.c + add parenthesis to fix cppcheck clarifyCalculation warnings * libtiff/tif_predict.c, libtiff/tif_print.c + fix printf unsigned vs signed formatting (cppcheck invalidPrintfArgType_uint warnings) * libtiff/tif_read.c, libtiff/tiffiop.h + fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596 * libtiff/tif_pixarlog.c, libtiff/tif_luv.c + fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample. The fix for LUV has not been tested, but suffers from the same kind of issue of PixarLog. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604 * libtiff/tif_strip.c + revert the change in TIFFNumberOfStrips() done for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273 since the above change is a better fix that makes it unnecessary. * libtiff/tif_dirread.c + modify ChopUpSingleUncompressedStrip() to instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength, rowsperstrip), instead of a logic based on the total size of data. Which is faulty is the total size of data is not sufficient to fill the whole image, and thus results in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline(). Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608. * libtiff/tif_ojpeg.c + make OJPEGDecode() early exit in case of failure in OJPEGPreDecode(). This will avoid a divide by zero, and potential other issues. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611 * libtiff/tif_write.c + fix misleading indentation as warned by GCC. * libtiff/tif_fax3.h + revert change done on 2016-01-09 that made Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. It happens that the Hylafax software uses the tables that follow this typedef (TIFFFaxMainTable, TIFFFaxWhiteTable, TIFFFaxBlackTable), although they are not in a public libtiff header. Raised by Lee Howard. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2636 * libtiff/tiffio.h, libtiff/tif_getimage.c + add TIFFReadRGBAStripExt() and TIFFReadRGBATileExt() variants of the functions without ext, with an extra argument to control the stop_on_error behaviour. * libtiff/tif_getimage.c + fix potential memory leaks in error code path of TIFFRGBAImageBegin(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2627 * libtiff/tif_jpeg.c + increase libjpeg max memory usable to 10 MB instead of libjpeg 1MB default. This helps when creating files with "big" tile, without using libjpeg temporary files. Related to https://trac.osgeo.org/gdal/ticket/6757 * libtiff/tif_jpeg.c + avoid integer division by zero in JPEGSetupEncode() when horizontal or vertical sampling is set to 0. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2653, bsc#1033127, CVE-2017-7595 * libtiff/tif_dirwrite.c + in TIFFWriteDirectoryTagCheckedRational, replace assertion by runtime check to error out if passed value is strictly negative. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2535, bsc#1038438, CVE-2016-10371 * libtiff/tif_dirread.c + avoid division by floating point 0 in TIFFReadDirEntryCheckedRational() and TIFFReadDirEntryCheckedSrational(), and return 0 in that case (instead of infinity as before presumably) Apparently some sanitizers do not like those divisions by zero. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2644, bsc#1033118, CVE-2017-7598 * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c + implement various clampings of double to other data types to avoid undefined behaviour if the output range isn't big enough to hold the input value. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2643 http://bugzilla.maptools.org/show_bug.cgi?id=2642 http://bugzilla.maptools.org/show_bug.cgi?id=2646 http://bugzilla.maptools.org/show_bug.cgi?id=2647, bsc#1033126, CVE-2017-7596, bsc#1033120, CVE-2017-7597, bsc#1033113, CVE-2017-7599, bsc#1033112, CVE-2017-7600, * libtiff/tif_jpeg.c + validate BitsPerSample in JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648, bsc#1033111, CVE-2017-7601 * libtiff/tif_read.c + avoid potential undefined behaviour on signed integer addition in TIFFReadRawStrip1() in isMapped() case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2650, bsc#1033109, CVE-2017-7602 * libtiff/tif_getimage.c + add explicit uint32 cast in putagreytile to avoid UndefinedBehaviorSanitizer warning. Patch by Nicolas Pena. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2658, bsc#1033131, CVE-2017-7592 * libtiff/tif_read.c + TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize tif_rawdata. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651, bsc#1033129, CVE-2017-7593 * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c + add _TIFFcalloc() * libtiff/tif_luv.c, tif_lzw.c, tif_packbits.c + return 0 in Encode functions instead of -1 when TIFFFlushData1() fails. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2130 * libtiff/tif_ojpeg.c + fix leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by Nicolas Pena. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659, bsc#1033128, CVE-2017-7594 * libtiff/tif_jpeg.c + only run JPEGFixupTagsSubsampling() if the YCbCrSubsampling tag is not explicitly present. This helps a bit to reduce the I/O amount when the tag is present (especially on cloud hosted files). * libtiff/tif_lzw.c + in LZWPostEncode(), increase, if necessary, the code bit-width after flushing the remaining code and before emitting the EOI code. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=1982 * libtiff/tif_pixarlog.c + fix memory leak in error code path of PixarLogSetupDecode(). Patch by Nicolas Pena. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2665 * libtiff/tif_fax3.c, tif_predict.c, tif_getimage.c + fix GCC 7 -Wimplicit-fallthrough warnings. * libtiff/tif_dirread.c + fix memory leak in non DEFER_STRILE_LOAD mode (ie default) when there is both a StripOffsets and TileOffsets tag, or a StripByteCounts and TileByteCounts Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2689, bsc#1042805, CVE-2017-9403) * libtiff/tif_ojpeg.c + fix potential memory leak in OJPEGReadHeaderInfoSecTablesQTable, OJPEGReadHeaderInfoSecTablesDcTable and OJPEGReadHeaderInfoSecTablesAcTable Patch by Nicolas Pena. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2670 * libtiff/tif_fax3.c + avoid crash in Fax3Close() on empty file. Patch by Alan Coopersmith + complement by myself. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2673 * libtiff/tif_read.c + TIFFFillStrip(): add limitation to the number of bytes read in case td_stripbytecount[strip] is bigger than reasonable, so as to avoid excessive memory allocation. * libtiff/tif_zip.c, tif_pixarlog.c, tif_predict.c + fix memory leak when the underlying codec (ZIP, PixarLog) succeeds its setupdecode() method, but PredictorSetup fails. Credit to OSS-Fuzz (locally run, on GDAL) * libtiff/tif_read.c + TIFFFillStrip() and TIFFFillTile(): avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds and non-mapped cases. Credit to OSS-Fuzz (locally run, on GDAL) * libtiff/tif_read.c + TIFFFillStripPartial() / TIFFSeek(), avoid potential integer overflows with read_ahead in CHUNKY_STRIP_READ_SUPPORT mode. Should especially occur on 32 bit platforms. * libtiff/tif_read.c + TIFFFillStripPartial() + avoid excessive memory allocation in case of shorten files. Only effective on 64 bit builds. Credit to OSS-Fuzz (locally run, on GDAL) * libtiff/tif_read.c + update tif_rawcc in CHUNKY_STRIP_READ_SUPPORT mode with tif_rawdataloaded when calling TIFFStartStrip() or TIFFFillStripPartial(). This avoids reading beyond tif_rawdata when bytecount > tif_rawdatasize. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1545. Credit to OSS-Fuzz * libtiff/tif_color.c + avoid potential int32 overflow in TIFFYCbCrToRGBInit() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1533 Credit to OSS-Fuzz * libtiff/tif_pixarlog.c, tif_luv.c + avoid potential int32 overflows in multiply_ms() and add_ms(). Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1558 Credit to OSS-Fuzz * libtiff/tif_packbits.c + fix out-of-buffer read in PackBitsDecode() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1563 Credit to OSS-Fuzz * libtiff/tif_luv.c + LogL16InitState(): avoid excessive memory allocation when RowsPerStrip tag is missing. Credit to OSS-Fuzz (locally run, on GDAL) * libtiff/tif_lzw.c + update dec_bitsleft at beginning of LZWDecode(), and update tif_rawcc at end of LZWDecode(). This is needed to properly work with the latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. * libtiff/tif_pixarlog.c + PixarLogDecode(): resync tif_rawcp with next_in and tif_rawcc with avail_in at beginning and end of function, similarly to what is done in LZWDecode(). Likely needed so that it works properly with latest chnges in tif_read.c in CHUNKY_STRIP_READ_SUPPORT mode. But untested... * libtiff/tif_getimage.c + initYCbCrConversion(): add basic validation of luma and refBlackWhite coefficients (just check they are not NaN for now), to avoid potential float to int overflows. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1663 Credit to OSS Fuzz * libtiff/tif_read.c + _TIFFVSetField(): fix outside range cast of double to float. Credit to Google Autofuzz project * libtiff/tif_getimage.c + initYCbCrConversion(): check luma[1] is not zero to avoid division by zero. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit to OSS Fuzz * libtiff/tif_read.c + _TIFFVSetField(): fix outside range cast of double to float. Credit to Google Autofuzz project * libtiff/tif_getimage.c + initYCbCrConversion(): check luma[1] is not zero to avoid division by zero. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit to OSS Fuzz * libtiff/tif_getimage.c + initYCbCrConversion(): stricter validation for refBlackWhite coefficients values. To avoid invalid float->int32 conversion. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1718 Credit to OSS Fuzz * tools/fax2tiff.c (main) + Applied patch by Joerg Ahrens to fix passing client data for Win32 builds using tif_win32.c (USE_WIN32_FILEIO defined) for file I/O. Patch was provided via email on November 20, 2016. * tools/tiffcp.c + avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598 * tools/tiffcrop.c + fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 * tools/tiffcrop.c + add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621 * tools/tiffcrop.c + fix integer division by zero when BitsPerSample is missing. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619 * tools/tiffinfo.c + fix null pointer dereference in -r mode when the image has no StripByteCount tag. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594 * tools/tiffcp.c + avoid potential division by zero is BitsPerSamples tag is missing. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597 * tools/tif_dir.c + when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is called, limit the return number of inks to SamplesPerPixel, so that code that parses ink names doesn't go past the end of the buffer. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 * tools/tiffcp.c + avoid potential division by zero is BitsPerSamples tag is missing. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607 * tools/tiffcp.c + fix uint32 underflow/overflow that can cause heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 * tools/tiffcp.c + replace assert( (bps % 8) == 0 ) by a non assert check. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605 * tools/tiff2ps.c + fix 2 heap-based buffer overflows (in PSDataBW and PSDataColorContig). Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2633 and http://bugzilla.maptools.org/show_bug.cgi?id=2634. * tools/tiff2pdf.c + prevent heap-based buffer overflow in -j mode on a paletted image. Note: this fix errors out before the overflow happens. There could probably be a better fix. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2635 * tools/tiff2pdf.c + fix wrong usage of memcpy() that can trigger unspecified behaviour. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2638 * tools/tiff2pdf.c + avoid potential invalid memory read in t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 * tools/tiff2pdf.c + avoid potential heap-based overflow in t2p_readwrite_pdf_image_tile(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 * tools/tiffcrop.c + remove extraneous TIFFClose() in error code path, that caused double free. Related to http://bugzilla.maptools.org/show_bug.cgi?id=2535 * tools/tiffcp.c + error out cleanly in cpContig2SeparateByRow and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and http://bugzilla.maptools.org/show_bug.cgi?id=2657 * tools/raw2tiff.c + avoid integer division by zero. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2631 * tools/tiff2ps.c + call TIFFClose() in error code paths. * tools/fax2tiff.c + emit appropriate message if the input file is empty. Patch by Alan Coopersmith. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2672 * tools/tiff2bw.c + close TIFF handle in error code path. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2677 * Other issues fixed: + bsc#1042804, CVE-2017-9404 - Removed patches: * tiff-4.0.7-CVE-2015-7554.patch * tiff-4.0.7-CVE-2017-5225.patch * tiff-4.0.7-TIFFTAG_FAXRECVPARAMS.patch * tiff-CVE-2016-10266.patch * tiff-CVE-2016-10267.patch * tiff-CVE-2016-10268.patch * tiff-CVE-2016-10269.patch * tiff-CVE-2016-10270.patch * tiff-CVE-2016-10271.patch * tiff-CVE-2016-10272.patch + Fixed upstream ==== yast2-pkg-bindings ==== Version update (3.2.3 -> 3.2.4) - Do not crash when the repository URL is not defined (bsc#1043218) - 3.2.4