Packages changed: aaa_base (13.2+git20160225.36aeb39 -> 13.2+git20160408.3d9d3a8) bluez (5.38 -> 5.39) empathy gthumb (3.4.2 -> 3.4.3) kgamma5 (5.6.1 -> 5.6.2) libdb-4_8 mutt (1.5.24 -> 1.6.0) python3-urllib3 (1.14 -> 1.15.1) samba (4.3.6 -> 4.4.2) sysdig (0.8.0_k4.5.0_3 -> 0.9.0_k4.5.0_3) systemd tcpd yast2-firstboot (3.1.11 -> 3.1.12) yast2-live-installer (3.1.6 -> 3.1.7) === Details === ==== aaa_base ==== Version update (13.2+git20160225.36aeb39 -> 13.2+git20160408.3d9d3a8) Subpackages: aaa_base-extras - chckconfig: add --no-systemctl option - chkconfig: return 1 trying to list unknown service (bnc#971567) - Merge pull request #26 from andreas-schwab/master - Remove spurious assignment to unknown variable term from /etc/inputrc ==== bluez ==== Version update (5.38 -> 5.39) Subpackages: bluez-cups bluez-devel libbluetooth3 - update to version 5.39: This is almost entirely a bug fix release with important fixes to GATT, HoG, AVRCP & A2DP. - install gatttool, needed for bluetooth 4.0 devices (boo#970628) ==== empathy ==== Subpackages: telepathy-mission-control-plugin-goa - Add empathy-clutter-gst-3_0.patch: Port to clutter-gst-3.0. - Replace pkgconfig(clutter-gst-2.0) for pkgconfig(clutter-gst-3.0) BuildRequires due to above port. - Add libtool BuildRequires and pass autoreconf -fiv since above patch touches the buildsystem. ==== gthumb ==== Version update (3.4.2 -> 3.4.3) Subpackages: gthumb-lang - Update to version 3.4.3: + Bugs fixed: - Theme errors with gtk+ 3.20. - Viewer sidebar too wide. + Updated translations. ==== kgamma5 ==== Version update (5.6.1 -> 5.6.2) - Update to 5.6.2 * New bugfix release * For more details please see: https://www.kde.org/announcements/plasma-5.6.2.php ==== libdb-4_8 ==== Subpackages: db48-utils libdb-4_8-32bit libdb-4_8-devel - Use upstream tarball - Cleanup a bit with spec-cleaner - remove unused script check-build.sh ==== mutt ==== Version update (1.5.24 -> 1.6.0) - Update to mutt version 1.6.0 (2016-04-04): + Enabled utf-8 mailbox support for IMAP. + New expandos %r and %R for comma separated list of To: and Cc: recipients respectively. + Improved support for internationalized email and SMTPUTF8 (RFC653[0-3]). ! $use_idn has been renamed to $idn_decode. + $idn_encode controls whether outgoing email address domains will be IDNA encoded. If your MTA supports it, unset to use utf-8 email address domains. + The S/MIME message digest algorithm is now specified using the option $smime_sign_digest_alg. Note that $smime_sign_command should be modified to include "-md %d". Please see contrib/smime.rc. + $reflow_space_quotes allows format=flowed email quotes to be displayed with spacing between them. ! multipart draft files are now supported. + The "-E" command line argument causes mutt to edit draft or include files. All changes made in mutt will be saved back out to those files. + $resume_draft_files and $resume_edited_draft_files control how mutt processes draft files. + For classic gpg mode, $pgp_decryption_okay should be set to verify multipart/encrypted are actually encrypted. Please see contrib/gpg.rc for the suggested value. ! mailto URL header parameters by default are now restricted to 'body' and 'subject'. + mailto_allow and unmailto_allow can be used to add or remove allowed mailto header parameters. ! The method of setting $hostname has been changed. Rather than scanning /etc/resolv.conf, the domain will now be determined using DNS calls. - Modfied patches aw.listreply.diff patch-1.5.24.vk.pgp_verbose_mime - Ported patches mutt-1.5.24.dif becomes mutt-1.6.0.dif mutt-1.5.24-opennfs.dif becomes mutt-1.6.0-opennfs.dif patch-1.5.24.rr.compressed.bz2 becomes patch-1.6.0.rr.compressed.bz2 patch-1.5.24.sidebar.20151111.patch becomes patch-1.6.0.sidebar.20160411.patch ==== python3-urllib3 ==== Version update (1.14 -> 1.15.1) - update to version 1.15.1: * Fix packaging to include backports module. (Issue #841) - specfile: * add setuptools - update to version 1.15: * Added Retry(raise_on_status=False). (Issue #720) * Always use setuptools, no more distutils fallback. (Issue #785) * Dropped support for Python 3.2. (Issue #786) * Chunked transfer encoding when requesting with "chunked=True". (Issue #790) * Fixed regression with IPv6 port parsing. (Issue #801) * Append SNIMissingWarning messages to allow users to specify it in the PYTHONWARNINGS environment variable. (Issue #816) * Handle unicode headers in Py2. (Issue #818) * Log certificate when there is a hostname mismatch. (Issue #820) * Preserve order of request/response headers. (Issue #821) ==== samba ==== Version update (4.3.6 -> 4.4.2) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient-devel libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap0 libsmbldap0-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - Update to comply with openSUSE shared library packaging policy. - Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862). - Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197). - Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package. ==== sysdig ==== Version update (0.8.0_k4.5.0_3 -> 0.9.0_k4.5.0_3) - Update to 0.9.0 * Mesos and Marathon support: + csysdig views: Mesos Tasks, Mesos Frameworks, Marathon Apps, arathon Groups + -m sysdig/csysdig parameter to specify URLs for Mesos Master Marathon API + -pm sysdig parameter to get a Mesos-friendly event output + Filter fields: mesos.task.name, mesos.task.id, mesos.task.label, mesos.task.labels, mesos.framework.name, mesos.framework.id, marathon.app.name, marathon.app.id, marathon.app.label, marathon.app.labels, marathon.group.name, marathon.group.id * icontains filter comparison operator: case-insensitive string comparison * Support for SSL based authentication and bearer token authentication against the Kubernetes API server. Previously, SSL was just supported for CA verification. See the updated documentation for -K * New actions on csysdig views: lsof and renice * New network filter fields that support a CIDR notation (e.g. 127.0.0.1/24): fd.net, fd.cnet, fd.snet, fd.lnet, fd.rnet ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - Avoid bootstrap cycle with sg3_utils ==== tcpd ==== Subpackages: libwrap0 libwrap0-32bit tcpd-devel - tcp_wrappers_7.6.diff: don't use public headers for own functions, make own yp_get_default_domain static. ==== yast2-firstboot ==== Version update (3.1.11 -> 3.1.12) - Do not overwrite bootloader configuration in first boot (related to FATE#317701) - 3.1.12 ==== yast2-live-installer ==== Version update (3.1.6 -> 3.1.7) - remove using of dropped bootloader parts (related to FATE#317701) - 3.1.7