Packages changed: MozillaThunderbird amarok dolphin espeak firebird-classic geoclue2 (2.4.0 -> 2.4.2) ibus kdeclarative kdelibs4support kernel-source (4.4.2 -> 4.4.3) kservice kxmlgui loudmouth (1.5.1 -> 1.5.3) man-pages plasma5-workspace python3-setuptools (20.2.1 -> 20.2.2) usb_modeswitch (2.2.6 -> 2.3.0) wireshark (2.0.1 -> 2.0.2) xen zypper (1.12.33 -> 1.12.35) === Details === ==== MozillaThunderbird ==== Subpackages: MozillaThunderbird-translations-common - adjust _constraints to current peak build memory and disk usage ==== amarok ==== - Added amarok-ffmpeg3.0.patch to build against ffmpeg-3.0 libraries on PMBS. ==== dolphin ==== Subpackages: dolphin-part libdolphinvcs5 - Remove the --icon parameter (%i) from the command line in dolphinsu.desktop, it isn't necessary and it makes dolphin crash on exit due to a bug in Frameworks (boo#965514, kde#359758) ==== espeak ==== - Add %{version} to -devel requires ==== firebird-classic ==== - Build with -std=gnu++98 -fno-lifetime-dse for GCC 5+ to avoid issues with the old C++ code-base and its undefined behavior. [bnc#964466] ==== geoclue2 ==== Version update (2.4.0 -> 2.4.2) - Update to version 2.4.2: + Reliable desktop ID detection for xdg-app. This together with latest gnome-shell and gnome-control-center, allows for per-application geolocation access controls. + Don't require xdg-app applications to pass a valid desktop ID since Geoclue can automatically detect it. + Don't allow xdg-app application to become user-authorization agents. + Correct introspection namespace version for libgeoclue. + Option to disable the backend build. + Demo: Provide reason to access location data. + Demo agent: - Critical log message on failing to show notification. - If app provides a reason string in it's desktop file, show that to the user. ==== ibus ==== Subpackages: ibus-branding-openSUSE-KDE ibus-gtk ibus-gtk-32bit ibus-gtk3 libibus-1_0-5 libibus-1_0-5-32bit python-ibus typelib-1_0-IBus-1_0 - Fix the invocation of ibus service for KDE, etc (boo#968486): for DEs known to support autostart (KDE, XFCE and LXCE), ibus is now started via XDG autostart for avoiding the race. This should fix the missing ibus service. For other DEs, ibus is still started in xim script, but with a slight (two seconds) delay for avoiding the race, too. Along with the change, INPUT_METHOD environment variable is set explicitly in xim script at startup; this is referred in XDG autostart so that it won't be executed when other IM is chosen. Last but not least, the explicit dbus-launch invocation is dropped, as it's known to conflict with DE's own startup of dbus ==== kdeclarative ==== Subpackages: kdeclarative-components kdeclarative-devel libKF5CalendarEvents5 libKF5Declarative5 libKF5QuickAddons5 - Add %requires_eq libQt5Core5 to the libKF5Declarative5 subpackage * QQmlPropertyMap leaks private but exported QObjectPrivate symbol: https://bugreports.qt.io/browse/QTBUG-46433 and https://bugs.launchpad.net/bugs/1426335 ==== kdelibs4support ==== Subpackages: kdelibs4support-devel libKF5KDELibs4Support5 - Enable use-setFallbackSessionManagementEnabled-API-with-5.5.1.patch unconditionally, the updated libqt5-qtbase is in Tumbleweed now ==== kernel-source ==== Version update (4.4.2 -> 4.4.3) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - genirq: Validate action before dereferencing it in handle_irq_event_percpu() (bnc#968396). - commit 171b8f1 - Linux 4.4.3 (boo#962250 bsc#960910). - Delete patches.fixes/Revert-xfs-clear-PF_NOFREEZE-for-xfsaild-kthread. - Delete patches.suse/btrfs-fix-fitrim-discarding-device-area-reserved-for.patch. - commit 3ae1dff - btrfs: remove error message from search ioctl for nonexistent tree. - commit 2629d17 - drm/nouveau/display: Enable vblank irqs after display engine is on again (bsc#962535). - drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2) (bsc#962535). - drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4 (bsc#962535). - drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2) (bsc#962535). - drm: No-Op redundant calls to drm_vblank_off() (v2) (bsc#962535). - commit 46e3b92 ==== kservice ==== Subpackages: kservice-devel - Drop totally wrong list-local-mimeapps-last.patch ==== kxmlgui ==== Subpackages: kxmlgui-devel libKF5XmlGui5 - Enable use-setFallbackSessionManagementEnabled-API-with-5.5.1.patch unconditionally, the updated libqt5-qtbase is in Tumbleweed now ==== loudmouth ==== Version update (1.5.1 -> 1.5.3) Subpackages: libloudmouth-1-0 loudmouth-devel - update to 1.5.3 - Switch to SHA256 fingerprints. - Do not load system certificates if trusted certs are explicitly provided. - Improve automake/autoconf support. - update to 1.5.2 - openssl: always fill the fingerprint field of LmSSL - try generic cc before testing for gcc - remove libresolv relict - include the right gssapi.h - Add libasyncns to Libs.private - Add the new API to the reference documentation - update Url field to point to the github project instead of the unrelated website ==== man-pages ==== - open.2: O_TMPFILE support was added to btrfs [bsc#967488] + man-pages-open-btrfs.patch ==== plasma5-workspace ==== Subpackages: drkonqi5 plasma5-workspace-devel plasma5-workspace-libs - Update plasmashell-disable-windowclosing-on-logout.patch to upstream version (but apply it for Qt >= 5.5.1) - Added fix-session-switch.patch (kde#356945, boo#967538) - Added plasmashell-disable-windowclosing-on-logout.patch: prevent plasma from closing too early on logout resulting in an unusable desktop if the logout is cancelled (boo#955280, kde#349805) - Added kuiserver5_qApp.patch (boo#965922) ==== python3-setuptools ==== Version update (20.2.1 -> 20.2.2) - update to version 20.2.2: * Issue #502: Correct regression in parsing of multiple version specifiers separated by commas and spaces. ==== usb_modeswitch ==== Version update (2.2.6 -> 2.3.0) Subpackages: usb_modeswitch-data - Update to version 2.3.0 * ATTENTION: -I flag is now history and being ignored - determining SCSI attributes is really an 'outside task'. * -n flag (NeedResponse) is being ignored, CSW response will now always be read. * Introduction of parameter "OptionMode", wrapping the standard bulk message for all newer Huawei devices. * Fixed missing variable initialization in dispatcher script which could lead to crash (thanks, Dmitry Kunilov!). * Fixed bug which prevented early logging. * Fixed success report for Cisco AM10. * Some source code formatting and clean-up. - Removed fix for bnc#899013, fixed upstream. ==== wireshark ==== Version update (2.0.1 -> 2.0.2) - Wireshark 2.0.2 (boo#968565) This release fixes a number issues in protocol dissectors that could have allowed a remote attacker to crash Wireshark or cause excessive CPU usage through specially crafted packages inserted into the network or a capture file. * CVE-2016-2522: ASN.1 BER dissector crash (wnpa-sec-2016-02) * CVE-2016-2523: DNP dissector infinite loop (wnpa-sec-2016-03) * CVE-2016-2524: X.509AF dissector crash (wnpa-sec-2016-04) * CVE-2016-2525: HTTP/2 dissector crash (wnpa-sec-2016-05) * CVE-2016-2526: HiQnet dissector crash (wnpa-sec-2016-06) * CVE-2016-2527: 3GPP TS 32.423 Trace file parser crash (wnpa-sec-2016-07) * CVE-2016-2528: LBMC dissector crash (wnpa-sec-2016-08) * CVE-2016-2529: iSeries file parser crash (wnpa-sec-2016-09) * CVE-2016-2530: RSL dissector crash (wnpa-sec-2016-10) * CVE-2016-2531: RSL dissector crash (wnpa-sec-2016-10) * CVE-2016-2532: LLRP dissector crash (wnpa-sec-2016-11) * Ixia IxVeriWave file parser crash (wnpa-sec-2016-12) * IEEE 802.11 dissector crash (wnpa-sec-2016-13) * GSM A-bis OML dissector crash (wnpa-sec-2016-14) * ASN.1 BER dissector crash (wnpa-sec-2016-15) * SPICE dissector large loop (wnpa-sec-2016-16) * NFS dissector crash (wnpa-sec-2016-17) * ASN.1 BER dissector crash (wnpa-sec-2016-18) * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.0.2.html ==== xen ==== Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - bsc#968004 - VUL-0: CVE-2016-2538: xen: usb: integer overflow in remote NDIS control message handling CVE-2016-2538-qemuu-usb-integer-overflow-in-remote-NDIS-message-handling.patch - bsc#954872 - L3: script block-dmmd not working as expected - libxl: error: libxl_dm.c block-dmmd - Update libxl to recognize dmmd and npiv prefix in disk spec xen.libxl.dmmd.patch - bsc#967101 - VUL-0: CVE-2016-2391: xen: usb: multiple eof_timers in ohci module leads to null pointer dereference CVE-2016-2391-qemuu-usb-null-pointer-dereference-in-ohci-module.patch - bsc#967090 - VUL-0: CVE-2016-2392: xen: usb: null pointer dereference in remote NDIS control message handling CVE-2016-2392-qemuu-usb-null-pointer-dereference-in-NDIS-message-handling.patch ==== zypper ==== Version update (1.12.33 -> 1.12.35) Subpackages: zypper-aptitude zypper-log - Update zypper-po.tar.bz2 - man: Enhance description of Download-and-install mode options (bsc#968254) - version 1.12.35 - Return 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if repos were skipped due to a failing refresh (bsc#968006) - Fix repo import to honor enable and autorefresh flags (bsc#967673) - fix addlock man page header (boo#966760) - version 1.12.34