Packages changed: GraphicsMagick (1.3.24 -> 1.3.25) acpica (20150717 -> 20160422) libyui (3.2.6 -> 3.2.7) mercurial (3.9 -> 3.9.1) openssh os-prober vsftpd xf86-input-keyboard xf86-video-intel (2.99.917.674_g9154dff -> 2.99.917.703_b45dbdb) yast2-core (3.1.23 -> 3.1.24) yast2-ldap (3.1.13 -> 3.1.14) yast2-mail (3.1.9 -> 3.1.10) yast2-users (3.1.57 -> 3.1.60) === Details === ==== GraphicsMagick ==== Version update (1.3.24 -> 1.3.25) Subpackages: GraphicsMagick-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 - update to 1.3.25: * EscapeParenthesis(): I was notified by Gustavo Grieco of a heap overflow in EscapeParenthesis() used in the text annotation code. While not being able to reproduce the issue, the implementation of this function is completely redone. * Utah RLE: Reject truncated/absurd files which caused huge memory allocations and/or consumed huge CPU. Problem was reported by Agostino Sarubbo based on testing with AFL. * SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in the MVG rendering code (also impacts SVG). * TIFF: Fix heap buffer read overflow while copying sized TIFF attributes. Problem was reported by Agostino Sarubbo based on testing with AFL. ==== acpica ==== Version update (20150717 -> 20160422) - enable build for ARM (needed for ovmf nowadays) - Update to version 20160422 - Update to version 20151124 * Fixed a possible regression for a previous update to FADT handling. The FADT no longer has a fixed table ID, causing some issues with code that was hardwired to a specific ID. Lv Zheng. * Fixed a problem where the method auto-serialization could interfere with the current SyncLevel. This change makes the auto-serialization support transparent to the SyncLevel support and management. * Removed support for the _SUB predefined name in AcpiGetObjectInfo. This interface is intended for early access to the namespace during the initial namespace device discovery walk. The _SUB method has been seen to access operation regions in some cases, causing errors because the operation regions are not fully initialized. * AML Debugger: Fixed some issues with the terminate/quit/exit commands that can cause faults. * AML Debugger: Add thread ID support so that single-step mode only applies * to the AML Debugger thread. This prevents runtime errors within some kernels. * Eliminated extraneous warnings from AcpiGetSleepTypeData. Since the _Sx methods that are invoked by this interface are optional, removed warnings emitted for the case where one or more of these methods do not exist. ACPICA BZ 1208. * Made a major pass through the entire ACPICA source code base to standardize formatting that has diverged a bit over time. There are no functional changes, but this will of course cause quite a few code differences from the previous ACPICA release. * Example Code and Data Size: These are the sizes for the OS-independent acpica.lib produced by the Microsoft Visual C++ 9.0 32-bit compiler. The debug version of the code includes the debug output trace mechanism and has a much larger code and data size. * iASL/acpiexec/acpixtract/disassembler: Added support to allow multiple definition blocks within a single ASL file and the resulting AML file. Support for this type of file was also added to the various tools that use binary AML files: acpiexec, acpixtract, and the AML disassembler. The example code below shows two definition blocks within the same file: DefinitionBlock ("dsdt.aml", "DSDT", 2, "Intel", "Template", 0x12345678) { } DefinitionBlock ("", "SSDT", 2, "Intel", "Template", 0xABCDEF01) { } * iASL: Enhanced typechecking for the Name() operator. All expressions for the value of the named object must be reduced/folded to a single constant at compile time, as per the ACPI specification (the AML definition of Name()). * iASL: Fixed some code indentation issues for the -ic and -ia options (C and assembly headers). Now all emitted code correctly begins in column 1. * iASL: Added an error message for an attempt to open a Scope() on an object defined in an SSDT. The DSDT is always loaded into the namespace first, so any attempt to open a Scope on an SSDT object will fail at runtime. - Remove acpica_remove_date_macro.patch; fixed on upstream release ==== libyui ==== Version update (3.2.6 -> 3.2.7) - Added editing abilities to the spy dialog (Ctrl+Shift+Alt+Y in the Qt UI) (bsc#998593) - 3.2.7 ==== mercurial ==== Version update (3.9 -> 3.9.1) Subpackages: mercurial-lang - Mercurial 3.9.1 (2016-9-1) This is a regularly-scheduled bugfix release. * bundle2: fail faster when interrupted * bundle2: localize handleoutput remote prompts * convert: move svn config initializer out of the module level * debian: update source URL in copyright file * exchange: correctly specify url to unbundle (issue5145) * help: add example of '[templates]' usage * help: update link to wiki/CommandServer * osx: update bugzilla link in readme * revset: fix keyword arguments to go through optimization process * win32: update link to mailing list in readme * win32: update wiki link in mercurial.ini ==== openssh ==== Subpackages: openssh-helpers - FIPS compatibility (no selfchecks, only crypto restrictions) [openssh-7.2p2-fips.patch] - PRNG re-seeding [openssh-7.2p2-seed-prng.patch] - preliminary version of GSSAPI KEX [openssh-7.2p2-gssapi_key_exchange.patch] ==== os-prober ==== - Parse /etc/os-release for openSUSE Tumbleweed (bsc#997465) * os-prober-linux-distro-parse-os-release.patch ==== vsftpd ==== - Add vsftpd-3.0.2-fix-chown-uploads.patch to fix a bug in vsftpd where files uploaded by an anonymous user could not be chown()ed to the desired UID as specified in the daemon's configuration file. [bnc#996370] ==== xf86-input-keyboard ==== - Add patch U_Use-xf86AddEnabledDevice-with-threaded-input.patch This is in preparation for the upcoming XServer and its threaded input. ==== xf86-video-intel ==== Version update (2.99.917.674_g9154dff -> 2.99.917.703_b45dbdb) - Fix the build against XServer 1.18.x or older - Update to 2.99.917.703_b45dbdb: Incremental update in preparation for XServer 1.19. ==== yast2-core ==== Version update (3.1.23 -> 3.1.24) - disable doc generation (FATE#320356) - remove unnecessary build dependency to speed up build (bsc#999203) - 3.1.24 ==== yast2-ldap ==== Version update (3.1.13 -> 3.1.14) - disable doc generation (FATE#320356) - remove unnecessary build dependency to speed up build (bsc#999203) - 3.1.14 ==== yast2-mail ==== Version update (3.1.9 -> 3.1.10) - Reduce build dependencies to speed up build (bsc#999203) - 3.1.10 ==== yast2-users ==== Version update (3.1.57 -> 3.1.60) - Do not require yast2-ldap for build time tests (bsc#999203). - 3.1.60 - Prevent a potential security issue if the target authorized_keys file is not a regular file (related to FATE#319471) - Fix authorized_keys section of AutoYaST schema - 3.1.59 - Add support to specify SSH authorized keys in the profile (FATE#319471) - 3.1.58