Packages changed: Mesa (13.0.1 -> 13.0.2) amarok ffmpeg (3.2 -> 3.2.1) git (2.10.2 -> 2.11.0) irqbalance ispell k3b libteam (1.22 -> 1.26) libuv (1.10.0 -> 1.10.1) libvorbis lxpanel obs-service-tar_scm (0.6.1.1473925745.c5264bb -> 0.7.0.1480000004.4027270) openSUSE-build-key perl-Class-Inspector (1.28 -> 1.31) postfix python-simplejson (3.6.5 -> 3.8.2) python3-setuptools (28.8.0 -> 29.0.1) python3-smbc (1.0.15.5 -> 1.0.15.6) spice-vdagent (0.16.0 -> 0.17.0) subversion (1.9.4 -> 1.9.5) tcsh (6.19.00 -> 6.20.00) texlive-specs-m (2016.111.svn40218 -> 2016.112.svn40218) texlive-specs-n (2016.111.2.004svn28119 -> 2016.112.2.004svn28119) tiff (4.0.6 -> 4.0.7) w3m (0.5.3 -> 0.5.3.git20161120) xf86-video-chips xf86-video-glint xf86-video-mga xf86-video-savage xf86-video-siliconmotion xf86-video-sisusb xf86-video-tdfx xf86-video-trident === Details === ==== Mesa ==== Version update (13.0.1 -> 13.0.2) Subpackages: Mesa-32bit Mesa-dri-devel Mesa-dri-nouveau Mesa-libEGL-devel Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL-devel Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv2-2 Mesa-libglapi0 Mesa-libglapi0-32bit Mesa-libva libOSMesa9 libOSMesa9-32bit libgbm1 libgbm1-32bit libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libwayland-egl1 libxatracker2 - update to 13.0.2 * fdo#97321 Query INFO_LOG_LENGTH for empty info log should return 0 * fdo#97420 "#version 0" crashes glsl_compiler * i965: Add some APL and KBL SKU strings * i965: Reorder PCI ID list to match release order * i965/glk: Add basic Geminilake support * wsi: fix VK_INCOMPLETE for vkGetSwapchainImagesKHR * ac/nir/llvm: fix channel in texture gather lowering code. * vulkan/wsi/x11: handle timeouts properly in next image acquire (v1.1) * vulkan/wsi: store present mode in swapchain base class * vulkan/wsi/x11: add support for IMMEDIATE present mode * vulkan/wsi/x11: Fix behavior of vkGetPhysicalDeviceSurfaceFormatsKHR * vulkan/wsi/x11: Fix behavior of vkGetPhysicalDeviceSurfacePresentModesKHR * cherry-ignore: add reverted LLVM_LIBDIR patch * anv: fix enumeration of properties * vc4: Don't abort when a shader compile fails. * vc4: Clamp the shadow comparison value. * vc4: Fix register class handling of DDX/DDY arguments. * util/disk_cache: close a previously opened handle in disk_cache_put (v2) * anv: Fix unintentional integer overflow in anv_CreateDmaBufImageINTEL * anv/format: handle unsupported formats properly * glcpp: Handle '#version 0' and other invalid values * glsl: Parse 0 as a preprocessor INTCONSTANT * anv/gen8: Stall when needed in Cmd(Set|Reset)Event * anv/wsi: Set the fence to signaled in AcquireNextImageKHR * anv: Rework fences * vulkan/wsi/wayland: Include pthread.h * vulkan/wsi/wayland: Clean up some error handling paths * vulkan/wsi: Report the correct min/maxImageCount * i965/gs: Allow primitive id to be a system value * anv: Handle null in all destructors * anv/fence: Handle ANV_FENCE_CREATE_SIGNALED_BIT * nir/spirv: Fix handling of gl_PrimitiveId * anv/blorp: Ignore clears for attachments first used as resolve destinations * anv: Implement a depth stall restriction on gen7 * anv/cmd_buffer: Handle running out of binding tables in compute shaders * anv/cmd_buffer: Emit a CS stall before setting a CS pipeline * vulkan/wsi/x11: Implement FIFO mode. * isl: Fix height calculation in isl_msaa_interleaved_scale_px_to_sa * i965/hsw: Set integer mode in sampling state for stencil texturing * intel: Set min_ds_entries on Broxton. * i965: Fix compute shader crash. * mesa: Drop PATH_MAX usage. * i965: Fix GS push inputs with enhanced layouts. * vulkan/wsi: Add a thread-safe queue implementation * anv: fix multi level clears with VK_REMAINING_MIP_LEVELS * gbm: request correct version of the DRI2_FENCE extension * radeonsi: store group_size_variable in struct si_compute * glsl/lower_output_reads: fix geometry shader output handling with conditional emit * Fix races during _mesa_HashWalk(). * mesa: fix empty program log length - baselibs.conf: enabled build of 32bit Mesa-dri-nouveau package, e.g. required for Steam (bnc#1011156) ==== amarok ==== - Expand macro kde4_runtime_requires only when its available to fix quilt setup ==== ffmpeg ==== Version update (3.2 -> 3.2.1) Subpackages: libavcodec57 libavformat57 libavutil55 libswresample2 libswscale4 - Update to version 3.2.1: * avcodec/aac_adtstoasc_bsf: validate and forward extradata if the stream is already ASC * libopusdec: default to stereo for invalid number of channels * sbgdec: prevent NULL pointer access * rmdec: validate block alignment * smacker: limit recursion depth of smacker_decode_bigtree * mxfdec: fix NULL pointer dereference in mxf_read_packet_old * ffmdec: validate codec parameters * avformat/mpeg: Adjust vid probe threshold to correct mis-detection * avcodec/avpacket: fix leak on realloc in av_packet_add_side_data() * avformat/apngenc: use the stream parameters extradata if available * ffprobe: fix crash in case -of is specified with an empty string * exr: fix out-of-bounds read * libschroedingerdec: fix leaking of framewithpts * filmstripdec: correctly check image dimensions * icodec: fix leaking pkt on error * dvbsubdec: fix division by zero in compute_default_clut * escape124: reject codebook size 0 * mpegts: prevent division by zero * matroskadec: fix NULL pointer dereference in webm_dash_manifest_read_header * mxfdec: fix NULL pointer dereference * avcodec/mpeg4videodec: Workaround interlaced mpeg4 edge MC bug * avcodec/mpegvideo: Fix edge emu buffer overlap with interlaced mpeg4 * avcodec/ituh263dec: Avoid spending a long time in slice sync * avcodec: Check side data size before use * avformat/flvdec: Fix regression losing streams ==== git ==== Version update (2.10.2 -> 2.11.0) Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - git 2.11.0: * backward compatibility: + empty string (matching everything) used as pathspec now triggers a warning + historical argument order "git merge HEAD ..." is deprecated + default abbreviation length of 7 now scales by repo size * updates + new version of git-gui + many new command line and configuration options + many workflow and output improvements * dropped upstreamed patches: + git-setup-i18n-fix.patch + git-tclIndex.patch ==== irqbalance ==== - Set-fd-limit.patch: Increase limit on file descriptors (bsc#998399) (fate#321645) ==== ispell ==== Subpackages: ispell-american ispell-british - Extend patch boo966124.dif for bug boo#1010330 ==== k3b ==== - Obsolete k3b-codecs, the additional codecs are part of the main package now - Restore conditionals for lame and libmad - Expand macro kde4_runtime_requires only when its available to fix quilt setup ==== libteam ==== Version update (1.22 -> 1.26) - Update to new upstream release 1.26 * dbus: don't do in template dbus s. f. * teamd: do correct l3/l4 tx hashing with vlans * teamd: lacp: use original hwaddr as source address in lacpdus * libteam: fix TEAM_OPTION_TYPE_BOOL type for big-endian architectures * teamd: handle vlan 0 packets * misc: fix an out-of-bound write with zero-length hardware address * teamd: fix the issue that network blocks when issuing `systemctl stop teamd` * teamd: lacp: Do not unselect port if it changes state to "expired" ==== libuv ==== Version update (1.10.0 -> 1.10.1) - Update to 1.10.1 * win: fix anonymous union syntax * unix: use uv__is_closing everywhere * win: add missing break statement * doc: fix wrong man page link for uv_fs_lstat() * win, tty: handle empty buffer in uv_tty_write_bufs * doc: add cjihrig alternative GPG ID * Revert "win,tty: add support for ANSI codes in win10 v1511" - Add signature and keyring for GPG source verification ==== libvorbis ==== Subpackages: libvorbis-devel libvorbis0 libvorbis0-32bit libvorbisenc2 libvorbisenc2-32bit libvorbisfile3 libvorbisfile3-32bit - Added 32bit libvorbis-devel in baselibs.conf ==== lxpanel ==== Subpackages: liblxpanel0 lxpanel-lang - Reword description. ==== obs-service-tar_scm ==== Version update (0.6.1.1473925745.c5264bb -> 0.7.0.1480000004.4027270) - Update to version 0.7.0.1480000004.4027270: * fixed pip8 problems * keep checkout while running with osc - Update to version 0.7.0.1478249268.e162c66: * prevent key errors when $HOME is not set - Update to version 0.7.0.1477858520.51a62fb: * added locking for cachedir in jailed mode * removed setup_tracking_branches and '--dissociate' * inital version of TarSCM classes * scm_object generation moved to singletask * FETCH_UPSTREAM_COMMANDS into classes * moved update_cache_* to classes * moved detect_version into classes and refactored calls of get_timestamp_* * moved get_timestamp functions into scm classes * git_ref_exists -> TarSCM.git._ref_exists * fetch_upstream_git_submodules -> fetch_submodules to get rid of exceptions for git * just moved some functions for better overview * refactor of detect_changes into classes * url as attribute of TarSCM.scm * run_cmd and safe_run moved into class helpers * combine os.path.join statement * refactoring fetch_upstream to be part of TarSCM.scm * new classes for archives * common method 'get_current_commit' to get rid of execption for git * refactored detect_changes to get rid of changesgenerate exception * get_repocachedir -> TarSCM.scm * revision, repodir and repocachedir as attribute for TarSCM. * new class TarSCM.cli to make testing easier * testing script name more reliable * fixed arguments for singletask in case of snapcraft * refactored snapcraft code + first tests for snapcraft * added testcase for snapcraft finalize * split classes into serveral files * more testing for TarSCM.tasks * clone_dir/repodir/arch_dir(tar_dir) now attributes of scm objects * test case for save_run * major refactor of git cache handling * consolidation of archive.obscpio and archive.tar parameters * next test cases * sytnax fix for "tar" service * fixed tests for tar * unset CACHEDIRECTORY env variable in unit tests * update atime/mtime of repocachedir if already exists - Update to version 0.7.0.1474270818.3e05f80: * - Update to version 0.7.0.1477567374.d44d677: * use '--dissociate' for git if package-meta is set * added locking for cachedir in jailed mode * removed setup_tracking_branches and '--dissociate' * inital version of TarSCM classes * scm_object generation moved to singletask * FETCH_UPSTREAM_COMMANDS into classes * moved update_cache_* to classes * moved detect_version into classes and refactored calls of get_timestamp_* * moved get_timestamp functions into scm classes * git_ref_exists -> TarSCM.git._ref_exists * fetch_upstream_git_submodules -> fetch_submodules to get rid of exceptions for git * just moved some functions for better overview * refactor of detect_changes into classes * url as attribute of TarSCM.scm * run_cmd and safe_run moved into class helpers * combine os.path.join statement * refactoring fetch_upstream to be part of TarSCM.scm * new classes for archives * common method 'get_current_commit' to get rid of execption for git * refactored detect_changes to get rid of changesgenerate exception * get_repocachedir -> TarSCM.scm * revision, repodir and repocachedir as attribute for TarSCM. * new class TarSCM.cli to make testing easier * testing script name more reliable * fixed arguments for singletask in case of snapcraft * refactored snapcraft code + first tests for snapcraft * added testcase for snapcraft finalize * split classes into serveral files * more testing for TarSCM.tasks * clone_dir/repodir/arch_dir(tar_dir) now attributes of scm objects * test case for save_run * major refactor of git cache handling * consolidation of archive.obscpio and archive.tar parameters * next test cases * sytnax fix for "tar" service - Update to version 0.7.0.1476904507.e88eed1: * fixed arguments for singletask in case of snapcraft * refactored snapcraft code + first tests for snapcraft * added testcase for snapcraft finalize * split classes into serveral files * more testing for TarSCM.tasks * clone_dir/repodir/arch_dir(tar_dir) now attributes of scm objects * test case for save_run * major refactor of git cache handling * consolidation of archive.obscpio and archive.tar parameters * next test cases ==== openSUSE-build-key ==== - modify dumpsigs to deal with fingerprint lines in gpg output ==== perl-Class-Inspector ==== Version update (1.28 -> 1.31) - updated to 1.31 see /usr/share/doc/packages/perl-Class-Inspector/Changes 1.31 2016-11-25 09:33:47 -0500 - Migrated from Module::Install to Dist::Zilla and ExtUtils::MakeMaker - Fixed meta for repository which was pointing to the wrong URL - updated to 1.30 see /usr/share/doc/packages/perl-Class-Inspector/Changes 1.30 23 Nov 2016 - Moving to prod release 1.29_02 23 Nov 2016 - Update metadata to point to github repository. Plus some other minor dist meta tweaks. - Note: planning on doing a migration from Module::Install to ExtUtils::MakeMaker shortly AFTER the next production release. 1.29_01 22 Nov 2016 - Fix Makefile.PL to work with Perls without '.' in @INC - Fix for the installed method when used with a PAR archive (rt#42846) - Minor documentation fixes (grammar, spelling: rt#74481, rt#85356) ==== postfix ==== Subpackages: postfix-doc - improve config.postfix * improve SASL stuff * add POSTFIX_SMTP_AUTH_SERVICE=(cyrus|dovecot) - improve config.postfix * improve with MySQL stuff - update vda patch to latest available * remove postfix-vda-v13-3.10.0.patch * add postfix-vda-v14-3.0.3.patch - rebase patches (and to be p0) * pointer_to_literals.patch * postfix-main.cf.patch * postfix-master.cf.patch * postfix-no-md5.patch * postfix-ssl-release-buffers.patch - add /etc/postfix/ssl as default DIR for SSL stuff * cacerts -> ../../ssl/certs/ * certs/ - revert POSTFIX_SSL_PATH from '/etc/ssl' to '/etc/postfix/ssl' - improve config.postfix * revert smtpd_tls_CApath to POSTFIX_SSL_PATH/cacerts which is a symlink to /etc/ssl/certs Without reverting, 'gen_CA' would create files which would then be on the previous defined 'sslpath(/etc/ssl)/certs' (smtpd_tls_CApath) Cert reqs would be placed in 'sslpath(/etc/ssl)/certs/postfixreq.pem' which is not a good idea. * mkchroot: sync '/etc/postfix/ssl' to chroot * improve PCONF for smtp{,d}_tls_{cert,key}_file, adding/removing from main.cf, show warning if enabled and file is missing ==== python-simplejson ==== Version update (3.6.5 -> 3.8.2) - update to 3.8.2: * Fix implicit cast compiler warning in _speedups.c * simplejson is now available as wheels for OS X and Windows thanks to Travis-CI and AppVeyor respectively! Many thanks to @aebrahim for getting this party started. * Fix issue with iterable_as_array and indent option * Fix typo in keyword argument name introduced in 3.8.0 * New iterable_as_array encoder option to perform lazy serialization of any iterable objects, without having to convert to tuple or list. * Fix typo introduced in 3.7.0 (behavior should be indistinguishable) https://github.com/simplejson/simplejson/commit/e18cc09b688ea1f3305c27616fd3cadd2adc6d31#commitcomment-11443842 * Do not cache Decimal class in encoder, only reference the decimal module. This may make reload work in more common scenarios. * Fix compilation with MSVC https://github.com/simplejson/simplejson/pull/119 * simplejson no longer trusts custom str/repr methods for int, long, float subclasses. These instances are now formatted as if they were exact instances of those types. https://github.com/simplejson/simplejson/issues/118 ==== python3-setuptools ==== Version update (28.8.0 -> 29.0.1) - update to version 29.0.1: * #861: Re-release of v29.0.1 with the executable script launchers bundled. Now, launchers are included by default and users that want to disable this behavior must set the environment variable 'SETUPTOOLS_INSTALL_WINDOWS_SPECIFIC_FILES' to a false value like "false" or "0". - update to version 29.0.0: * #841: Drop special exception for packages invoking win32com during the build/install process. See Distribute #118 for history. ==== python3-smbc ==== Version update (1.0.15.5 -> 1.0.15.6) - update to version 1.0.15.6: (no changelog available) ==== spice-vdagent ==== Version update (0.16.0 -> 0.17.0) - Add pkgconfig(glib-2.0) BuildRequires: Explicit dependency. - Handle spice-vdagentd.target in pre/post/preun/postun. - Handle spice-vdagentd.conf in post via tmpfiles_create macro. - Update to 0.17.0 * Denies file-transfer in locked sessions * Denies file-transfer in login screen * Bump glib version to 2.28 * Set exit code to 1 instead of 0 when virtio device cannot be opened * Fix double-free on uinput->screen_info (rhbz#1262635) * Code improvement over unix domain client server support (udcs) * Fix build compatiblity with different libsystemd versions (fdo#94209) - obsoleted patches removed: 8c465007-vdagentd-fixes-small-leak.patch f97751fa-revert-uinput-fix-small-leak-of-screen_info.patch - package: add explicit buildrequires for pkgconfig(dbus-1) ==== subversion ==== Version update (1.9.4 -> 1.9.5) Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-devel subversion-perl subversion-python subversion-server subversion-tools - Version update to 1.9.5: * bsc#1011552 CVE-2016-8734 Unrestricted XML entity expansion in mod_dontdothat and Subversion clients using http(s):// - Client-side bugfixes: * fix accessing non-existent paths during reintegrate merge (r1766699 et al) * fix handling of newly secured subdirectories in working copy (r1724448) * info: remove trailing whitespace in --show-item=revision (issue #4660) * fix recording wrong revisions for tree conflicts (r1734106) * gpg-agent: improve discovery of gpg-agent sockets (r1766327) * gpg-agent: fix file descriptor leak (r1766323) * resolve: fix --accept=mine-full for binary files (issue #4647) * merge: fix possible crash (issue #4652) * resolve: fix possible crash (r1748514) * fix potential crash in Win32 crash reporter (r1663253 et al) - Server-side bugfixes: * fsfs: fix "offset too large" error during pack (issue #4657) * svnserve: enable hook script environments (r1769152) * fsfs: fix possible data reconstruction error (issue #4658) * fix source of spurious 'incoming edit' tree conflicts (r1770108) * fsfs: improve caching for large directories (r1721285) * fsfs: fix crash when encountering all-zero checksums (r1759686) * fsfs: fix potential source of repository corruptions (r1756266) * mod_dav_svn: fix excessive memory usage with mod_headers/mod_deflate (issue #3084) * mod_dav_svn: reduce memory usage during GET requests (r1757529 et al) * fsfs: fix unexpected "database is locked" errors (r1741096 et al) * fsfs: fix opening old repositories without db/format files (r1720015) - Client-side and server-side bugfixes: * fix possible crash when reading invalid configuration files (r1715777) - Bindings bugfixes: * swig-pl: do not corrupt "{DATE}" revision variable (r1767768) * javahl: fix temporary accepting SSL server certificates (r1764851) * swig-pl: fix possible stack corruption (r1683266, r1683267) - Drop no longer needed patch: * subversion-1.8.11-swig-py-comment-3.patch ==== tcsh ==== Version update (6.19.00 -> 6.20.00) Subpackages: tcsh-lang - Add patch tcsh-6.20-rmstar.patch from mailing list to restore the correct behaviour of `rm *' if rmstar is set - Update to tcsh bug fix version V6.20.00 - 20161124 * Don't resize the screen if it did not change size. * restore file description when cleaning up after eval: repeat 99 time * PR/572: Fix $SHLVL issue when exec'ing subshells. * PR/403: Fix backquote expansion for multi-byte character sets. * Fix drawing issu with multi-line prompt (Kensuke Iwahashi/David Kaspar) * always send prusage to stdout. * PR/526: Fix double \\ printing from previous fix in history expansion. * Android updates from Corinna Vinschen * PR/526: Quote backslashes properly so they can be preserved in `` expansions * Fix memory leak for paraml * Add notempty and ask values for the noclobber setting (Martin Tournoij) * more correct $wordchars for vimode (Luke Mewburn) * expose VImode in $vimode (Luke Mewburn) * display what the compiled in editor is in bindkey -d (Luke Mewburn) * run-fg-editor improvements and documentation (Luke Mewburn) * Fix parsing of 'if (cond)then' (Fridolin Pokorny) * PR/437: Fix handling of invalid unicode characters. * PR/451: Fix error messages containing %c to be always '%c' - Rename patch tcsh-6.18.03.dif which becomes tcsh-6.20.00.dif now - Drop patch union-wait.patch as now upstream - Modify patches tcsh-6.15.00-pipe.dif tcsh-6.17.06-dspmbyte.dif tcsh-6.18.03-colorls.dif tcsh-6.18.03-history-file-locking.patch tcsh-6.19.00-history-file-locking-order.patch - Add patch tcsh-6.19.00-history-file-locking-order.patch Make a copy of the file descriptor of the history file to be able not only to lock but also unlock this file (bsc#992577) ==== texlive-specs-m ==== Version update (2016.111.svn40218 -> 2016.112.svn40218) - Fix language code: pt-br --> pt_BR and es-ve --> es_VE ==== texlive-specs-n ==== Version update (2016.111.2.004svn28119 -> 2016.112.2.004svn28119) - Fix language code: pt-br --> pt_BR and es-ve --> es_VE ==== tiff ==== Version update (4.0.6 -> 4.0.7) Subpackages: libtiff-devel libtiff5 libtiff5-32bit - Upgrade to upstream release 4.0.7 * libtiff/tif_aux.c + Fix crash in TIFFVGetFieldDefaulted() when requesting Predictor tag and that the zip/lzw codec is not configured. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2591 * libtiff/tif_compress.c + Make TIFFNoDecode() return 0 to indicate an error and make upper level read routines treat it accordingly. (linked to the test case of http://bugzilla.maptools.org/show_bug.cgi?id=2517) * libtiff/tif_dir.c + Discard values of SMinSampleValue and SMaxSampleValue when they have been read and the value of SamplesPerPixel is changed afterwards (like when reading a OJPEG compressed image with a missing SamplesPerPixel tag, and whose photometric is RGB or YCbCr, forcing SamplesPerPixel being 3). Otherwise when rewriting the directory (for example with tiffset, we will expect 3 values whereas the array had been allocated with just one), thus causing a out of bound read access. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127, bsc#914890, duplicate: CVE-2016-3658, bsc#974840) * libtiff/tif_dirread.c + In TIFFFetchNormalTag(), do not dereference NULL pointer when values of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297, bsc#1010161). Assigned as CVE-2016-9448, bsc#1011103 + In TIFFFetchNormalTag(), make sure that values of tags with TIFF_SETGET_C16_ASCII/TIFF_SETGET_C32_ASCII access are null terminated, to avoid potential read outside buffer in _TIFFPrintField(). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2590 (CVE-2016-9297, bsc#1010161) + Initialize doubledata at line 3693 to NULL to please MSVC 2013 + Prevent reading ColorMap or TransferFunction if BitsPerPixel > 24, so as to avoid huge memory allocation and file read attempts + Reject images with OJPEG compression that have no TileOffsets/StripOffsets tag, when OJPEG compression is disabled. Prevent null pointer dereference in TIFFReadRawStrip1() and other functions that expect td_stripbytecount to be non NULL. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2585 + When compiled with DEFER_STRILE_LOAD, fix regression, when reading a one-strip file without a StripByteCounts tag. + Workaround false positive warning of Clang Static Analyzer about null pointer dereference in TIFFCheckDirOffset(). * libtiff/tif_dirwrite.c + Avoid null pointer dereference on td_stripoffset when writing directory, if FIELD_STRIPOFFSETS was artificially set for a hack case in OJPEG case. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500 (CVE-2014-8127, bsc#914890, duplicate: CVE-2016-3658, bsc#974840) + Fix truncation to 32 bit of file offsets in TIFFLinkDirectory() and TIFFWriteDirectorySec() when aligning directory offsets on an even offset (affects BigTIFF). * libtiff/tif_dumpmode.c + DumpModeEncode() should return 0 in case of failure so that the above mentionned functions detect the error. * libtiff/tif_fax3.c + remove dead assignment in Fax3PutEOLgdal(). * libtiff/tif_fax3.h + make Param member of TIFFFaxTabEnt structure a uint16 to reduce size of the binary. * libtiff/tif_getimage.c + Fix out-of-bound reads in TIFFRGBAImage interface in case of unsupported values of SamplesPerPixel/ExtraSamples for LogLUV/CIELab. Add explicit call to TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 and CVE-2015-8683. + Fix some benign warnings which appear in 64-bit compilation under Microsoft Visual Studio of the form "Arithmetic overflow: 32-bit value is shifted, then cast to 64-bit value. Results might not be an expected value." + TIFFRGBAImageOK: Reject attempts to read floating point images. * libtiff/tif_luv.c + Fix potential out-of-bound writes in decode functions in non debug builds by replacing assert()s by regular if checks (http://bugzilla.maptools.org/show_bug.cgi?id=2522). Fix potential out-of-bound reads in case of short input data. + Validate that for COMPRESSION_SGILOG and PHOTOMETRIC_LOGL, there is only one sample per pixel. Avoid potential invalid memory write on corrupted/unexpected images when using the TIFFRGBAImageBegin() interface * libtiff/tif_next.c + Fix potential out-of-bound write in NeXTDecode() (http://bugzilla.maptools.org/show_bug.cgi?id=2508) * libtiff/tif_pixarlog.c + Avoid zlib error messages to pass a NULL string to %s formatter, which is undefined behaviour in sprintf(). + Fix out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094. + Fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images (CVE-2016-5875, bsc#987351) + Fix write buffer overflow in PixarLogEncode if more input samples are provided than expected by PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from libtiff-4.0.3-25.el7_2.src.rpm, but with different and simpler check. (http://bugzilla.maptools.org/show_bug.cgi?id=2544, bsc#975069) * libtiff/tif_predict.c + PredictorSetup: Enforce bits-per-sample requirements of floating point predictor (3). Fixes CVE-2016-3622 "Divide By Zero in the tiff2rgba tool." (bsc#974449) * libtiff/tif_predict.h, libtiff/tif_predict.c + Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105. * libtiff/tif_read.c + Fix out-of-bounds read on memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1() when stripoffset is beyond tmsize_t max value + Make TIFFReadEncodedStrip() and TIFFReadEncodedTile() directly use user provided buffer when no compression (and other conditions) to save a memcpy(). * libtiff/tif_strip.c + Make TIFFNumberOfStrips() return the td->td_nstrips value when it is non-zero, instead of recomputing it. This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outsize of array in tiffsplit (or other utilities using TIFFNumberOfStrips()). Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2587 (CVE-2016-9273, bsc#1010163) * libtiff/tif_write.c + Fix issue in error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. I'm not completely sure if that could happen in practice outside of the odd behaviour of t2p_seekproc() of tiff2pdf). The report points that a better fix could be to check the return value of TIFFFlushData1() in places where it isn't done currently, but it seems this patch is enough. Reported as MSVR 35095. + Make TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() directly use user provided buffer when no compression to save a memcpy(). + TIFFWriteEncodedStrip() and TIFFWriteEncodedTile() should return -1 in case of failure of tif_encodestrip() as documented * tools/fax2tiff.c + Fix segfault when specifying -r without argument. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2572 * tools/Makefile.am + The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution. The libtiff tools rgb2ycbcr and thumbnail are only built in the build tree for testing. Old files are put in new 'archive' subdirectory of the source repository, but not in distribution archives. These changes are made in order to lessen the maintenance burden. * tools/rgb2ycbcr.c + Validate values of -v and -h parameters to avoid potential divide by zero. Fixes CVE-2016-3623, bsc#974618 (http://bugzilla.maptools.org/show_bug.cgi?id=2569) * tools/tiff2bw.c + Fix weight computation that could result of color value overflow (no security implication). Fix http://bugzilla.maptools.org/show_bug.cgi?id=2550. * tools/tiff2pdf.c + Avoid undefined behaviour related to overlapping of source and destination buffer in memcpy() call in t2p_sample_rgbaa_to_rgb() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2577 + Fix out-of-bounds write vulnerabilities in heap allocate buffer in t2p_process_jpeg_strip(). Reported as MSVR 35098. + Fix potential integer overflows on 32 bit builds in t2p_read_tiff_size() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2576 + Fix read -largely- outsize of buffer in t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG compressed image with TIFFTAG_JPEGTABLES length being one. Reported as MSVR 35101. CVE-2016-9453, bsc#1011107 + Fix write buffer overflow of 2 bytes on JPEG compressed images. Reported as TALOS-CAN-0187, CVE-2016-5652, bsc#1007280. Also prevents writing 2 extra uninitialized bytes to the file stream. * tools/tiff2rgba.c + Fix integer overflow in size of allocated buffer, when -b mode is enabled, that could result in out-of-bounds write. Based initially on patch tiff-CVE-2016-3945.patch from libtiff-4.0.3-25.el7_2.src.rpm, with correction for invalid tests that rejected valid files. (http://bugzilla.maptools.org/show_bug.cgi?id=2545, bsc#974614) * tools/tiffcp.c + Fix out-of-bounds write on tiled images with odd tile width vs image width. Reported as MSVR 35103. + Fix read of undefined variable in case of missing required tags. Found on test case of MSVR 35100. * tools/tiffcrop.c + Avoid access outside of stack allocated array on a tiled separate TIFF with more than 8 samples per pixel. (CVE-2016-5321, CVE-2016-5323, http://bugzilla.maptools.org/show_bug.cgi?id=2558, http://bugzilla.maptools.org/show_bug.cgi?id=2559, bsc#984813, bsc#984815) + Fix memory leak in (recent) error code path. Fixes Coverity 1394415. + Fix multiple uint32 overflows in writeBufferToSeparateStrips(), writeBufferToContigTiles() and writeBufferToSeparateTiles() that could cause heap buffer overflows. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 + Fix out-of-bound read of up to 3 bytes in readContigTilesIntoBuffer(). Reported as MSVR 35092. + Fix out-of-bounds write in loadImage(). From patch libtiff-CVE-2016-3991.patch from libtiff-4.0.3-25.el7_2.src.rpm (http://bugzilla.maptools.org/show_bug.cgi?id=2543, bsc#975070) + Fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16 overflow. Reported as MSVR 35100. + Fix various out-of-bounds write vulnerabilities in heap or stack allocated buffers. Reported as MSVR 35093, MSVR 35096 and MSVR 35097. + readContigTilesIntoBuffer: Fix signed/unsigned comparison warning. * tools/tiffdump.c + Fix a few misaligned 64-bit reads warned by -fsanitize + ReadDirectory: Remove uint32 cast to_TIFFmalloc() argument which resulted in Coverity report. Added more mutiplication overflow checks * tools/tiffinfo.c + Fix out-of-bound read on some tiled images. (http://bugzilla.maptools.org/show_bug.cgi?id=2517) + TIFFReadContigTileData: Fix signed/unsigned comparison warning. + TIFFReadSeparateTileData: Fix signed/unsigned comparison warning. - Removed patches: * tiff-4.0.4-uninitialized_mem_NeXTDecode.patch * tiff-4.0.6-CVE-2015-8782.patch * tiff-4.0.6-CVE-2016-3186.patch * tiff-4.0.6-CVE-2016-3623.patch * tiff-4.0.6-CVE-2016-3945.patch * tiff-4.0.6-CVE-2016-3990.patch * tiff-4.0.6-CVE-2016-3991.patch * tiff-4.0.6-libtiff-tif_getimage.c-TIFFRGBAImageOK-Reject-attemp.patch * tiff-4.0.6-libtiff-tif_luv.c-validate-that-for-COMPRESSION_SGIL.patch * tiff-4.0.6-libtiff-tif_pixarlog.c-fix-potential-buffer-write-ov.patch * tiff-4.0.6-libtiff-tif_read.c-make-TIFFReadEncodedStrip-and.patch * tiff-4.0.6-tools-tiffcrop.c-fix-various-out-of-bounds-write-vul.patch - Fixed in the upsteam release - Changed patch: * tiff-4.0.6-CVE-2015-7554.patch -> tiff-4.0.7-CVE-2015-7554.patch - Rediffed to the changed context ==== w3m ==== Version update (0.5.3 -> 0.5.3.git20161120) - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) dropped patches: w3m-fix-build-with-imlib2-1.4.6.patch w3m-scheme.patch w3mman-formatting.patch w3m-parallel-make.patch w3m-gc7.diff w3m-openssl.patch w3m-closedir.patch w3m-fh-def.patch w3m-ssl-verify.patch w3m-parsetagx-crash.patch w3m-tempdir-override.patch w3m-0.5.1-no-ASCII-equivalents-by-default.patch w3m-uninitialized.patch w3m-inline-image.patch w3m-0.4.1-textarea-segfault.dif ported patches: w3m-disable-cookie-special-domain-check.patch to 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch w3m-0.4.1-session-mgmt.dif to 0001-implements-simple-session-management.patch w3m-history-crossdev.patch to 0001-handle-EXDEV-during-history-file-rename.patch w3mman-formatting.patch to 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch ==== xf86-video-chips ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-glint ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-mga ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-savage ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-siliconmotion ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-sisusb ==== - u_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-tdfx ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23 ==== xf86-video-trident ==== - U_Adapt-Block-WakeupHandler-signature-for-ABI-23.patch * Adapt Block/WakeupHandler signature for ABI 23