Changed packages: ==== libindi ==== Subpackages: libindi-devel libindi1 libindiAlignmentDriver1 libindidriver1 libindimain1 - libindi-implicit-pointer-decl.patch: fix rpmlint implicit declaration warnings - BuildRequire libusb-1.0 not libusb-devel - Build C++ code with at least -fvisibility-inlines-hidden. ==== nano ==== Version update (2.4.1 -> 2.4.2) Subpackages: nano-lang - GNU nano 2.4.2: * ability to resize when in modes other than the main editing window * proper displaying of invalid UTF-8 bytes * new syntax definitions for Elisp, Guile, and PostgreSQL * better display of shortcuts in the help menu and file browser ==== libopenssl-devel ==== Version update (1.0.2a -> 1.0.2d) Subpackages: libopenssl1_0_0 libopenssl1_0_0-32bit openssl - update to 1.0.2d * fixes CVE-2015-1793 (bsc#936746) Alternate chains certificate forgery During certificate verfification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. - drop openssl-fix_invalid_manpage_name.patch (upstream) - Workaround debugit crash on ppc64le with gcc5 bsc936563_hack.patch (bsc#936563) - update merge_from_0.9.8k.patch replacing __LP64__ by __LP64 this is a change versus previous request 309611 required to avoid build error for ppc64 - Build with no-ssl3, for details on why this is needed read rfc7568. Contrary to the "no-ssl2" option, this does not require us to patch dependant packages as the relevant functions are still available (SSLv3_(client|server)_method) but will fail to negotiate. if removing SSL3 methods is desired at a later time, option "no-ssl3-method" needs to be used. - update to 1.0.2c * Fix HMAC ABI incompatibility - refreshed openssl-1.0.2a-fips.patch - update to 1.0.2b * Malformed ECParameters causes infinite loop (CVE-2015-1788) * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) * CMS verify infinite loop with unknown hash function (CVE-2015-1792) * Race condition handling NewSessionTicket (CVE-2015-1791) - refreshed patches: * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch * 0001-libcrypto-Hide-library-private-symbols.patch * openssl-1.0.2a-default-paths.patch * openssl-1.0.2a-fips.patch * compression_methods_switch.patch * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch ==== pragha ==== Version update (1.3.2.1 -> 1.3.2.2) Subpackages: pragha-lang pragha-plugins - Update to 1.3.2.2. * Fixed: Not save state album_art_in_osd=false. * Provide more app icons size. * Set expand comment entry on tag dialog. * Ensure menu size and fallback to 16 on library and playlist icons. * Updated translations: German, Ukrainian, Czech. * New Bulgarian translation. - Correct the project URL. - Doesn't buildrequires fdupes. ==== xournal ==== - Use upstream command to install desktop entries, mimetypes and icons. - Generate and install hires icons into hicolor directory (needed on HiDPI displays). - Use appropriate post-scripts to update desstop menu database, mime cache and icon-theme. - Drop external .desktop file and icon, and use upstream bundled ones. Removed packages: Added packages: freshplayerplugin libconfig9