Packages changed: curl (7.47.1 -> 7.48.0) hexchat iproute2 (4.4 -> 4.5) kernel-firmware (20160112git -> 20160330) kernel-source krb5 (1.14 -> 1.14.1) libabw libodfgen optipng (0.7.5 -> 0.7.6) pam-config (0.88 -> 0.89) php5 (5.6.19 -> 5.6.20) squid (3.5.15 -> 3.5.16) virtualbox (5.0.16 -> 5.0.17) xinit yast2-samba-server (3.1.13 -> 3.1.14) yast2-storage (3.1.84 -> 3.1.86) === Details === ==== curl ==== Version update (7.47.1 -> 7.48.0) Subpackages: libcurl-devel libcurl4 - Update to 7.48.0 * configure: --with-ca-fallback: use built-in TLS CA fallback * TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS * getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION * Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0 - Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff, superseded by --with-ca-fallback configure option. ==== hexchat ==== Subpackages: hexchat-lang - Provide/Obsolete xchat to ensure those that do not have patterns containing hexchat to migrate to it. ==== iproute2 ==== Version update (4.4 -> 4.5) - Update to new upstream release 4.5 * {f,m}_bpf: allow for sharing maps * geneve: add support for IPv6 link partners * geneve: add support for lwt tunnel creation and dst port selection * route: allow routes to be configured with expire values * iplink: support setting addrgenmode stable_secret * tipc: add peer remove functionality * tc, clsact: add clsact frontend * ss: support closing inet sockets via SOCK_DESTROY. * bridge: support for static and dynamic fdb entries * iplink: Support VF Trust ==== kernel-firmware ==== Version update (20160112git -> 20160330) Subpackages: ucode-amd - Update to version 20160330: * wl18xx: update firmware file * linux-firmware: intel: Update Skylake audio firmware * linux-firmware/i915: Major GuC release for Skylake - ver 6.1 * linux-firmware: Update AMD microcode patch firmware * Update radeon ucode images * Update amdgpu ucode images * Add amdgpu ucode images for Polaris family asics * radeon: revert last kaveri mec ucode update - Add _service to make updating more easy ==== kernel-source ==== Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled (bsc#969870,boo#970968,boo#969098). - commit 8cf0ce6 ==== krb5 ==== Version update (1.14 -> 1.14.1) Subpackages: krb5-32bit krb5-client krb5-devel - Upgrade from 1.14 to 1.14.1: * Remove expired patches: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch krbdev.mit.edu-8301.patch * Replace source archives: krb5-1.14.tar.gz -> krb5-1.14.1.tar.gz krb5-1.14.tar.gz.asc -> krb5-1.14.1.tar.gz.asc * Adjust line numbers in: krb5-fix_interposer.patch ==== libabw ==== - Add copying also to the library shipped ==== libodfgen ==== - Do not use boost but stick with c++11 ==== optipng ==== Version update (0.7.5 -> 0.7.6) - updated to 0.7.6, fixes CVE-2016-2191 ==== pam-config ==== Version update (0.88 -> 0.89) - Update to version 0.89 - Includes pam_google_authenticator.patch - Better check for dual-arch PAM stack - fix bashism in postun script - Added pam_google_authenticator.patch: support google authentiator [bnc#888149] - Update to pam-config 0.88 - Add pam_ecryptfs to password section [bnc#895096] - Update to pam-config 0.87 - Add support for pam_access.so - Rervert last change, it will break manually adjusted config files as documented - "pam-config --debug --update" in the %post section fails if any /etc/pam.d/common-$TYPE file is not a symlink to /etc/pam.d/common-$TYPE-pc. Fix that by adding '--force'. This is mainly an update issue since fresh configs are created appropriatly - Remove last change regarding sha512, is now solved directly by pam_unix.so. - Add sha512 and shadow to pam_unix.so when creating common-passwd-pc by default, did somehow got lost [bnc#801970] - Use --create --force for new installation - Update to pam-config 0.84 - Add pam_env per default - Don't print wrong error messages - Update to pam-config 0.83: - Fix stacking of pam_unix - Add new pam_unix options - Use pam_unix and pam_cracklib as default on fresh installations. - make pam_ssh a sufficient auth module (bnc#730851) - Update to pam-config 0.81: - pam_ssh: fix try_first_pass bug fixed [bnc#773560] - pam_ecryptfs: fix order, still does not work with krb5 [bnc#740110] - Add support for pam_ecryptfs [bnc#752851] - Remove redundant/unwanted tags/section (cf. specfile guidelines) - Use %_smp_mflags for parallel building - add automake as buildrequire to avoid implicit dependency - Add pam_systemd.patch: Add pam_systemd support - Version 0.79 * Make pam_lastlog optional [bnc#686034]. * Document that if symlinks don't point to *-pc files config is ignored [FATE#310739]. - Version 0.78 * Add pam_fprintd support [bnc#644168] * Move pam_env at the end of session stack - Version 0.77 * Fix check for lib64 [bnc#635098] * Add pam_sss support - Version 0.76 * Add pam_fprint (patch from ro@suse.de) - Version 0.75 * Update translations * Add pam_exec support * Rewrite pam_make rules to use pam_exec - Version 0.74 * Fix typo in warning * Update translations - enable parallel building - Version 0.73 * Add support for pam_passwdqc * Print warning if cracklib-minlen <= 5 is used (bnc#539053) - Version 0.72 * src/mod_pam_gnome_keyring.c: enable use_authtok and support new option only_if. (bnc#523379) - Version 0.71 * re-add lost query option [bnc#501341] - Version 0.70 * Fix try_first_pass handling for pam_ssh [bnc#499711] - Version 0.69 * Add --verify option. * pam_cracklib is now default instead of pam_pwcheck [FATE#305468]. ==== php5 ==== Version update (5.6.19 -> 5.6.20) Subpackages: apache2-mod_php5 php5-bcmath php5-bz2 php5-calendar php5-ctype php5-curl php5-dba php5-devel php5-dom php5-exif php5-fastcgi php5-ftp php5-gd php5-gettext php5-gmp php5-iconv php5-imap php5-json php5-ldap php5-mbstring php5-mcrypt php5-mysql php5-odbc php5-openssl php5-pdo php5-pear php5-pear-Archive_Tar php5-pgsql php5-shmop php5-snmp php5-sockets php5-sqlite php5-suhosin php5-sysvsem php5-sysvshm php5-tidy php5-tokenizer php5-wddx php5-xmlreader php5-xmlwriter php5-xsl php5-zip php5-zlib - updated to 5.6.20: This is a security release. Several security bugs were fixed in this release. ==== squid ==== Version update (3.5.15 -> 3.5.16) - Update to 3.5.16 (boo#973771) * Bug 4476: Removed duplicated #include lines * Bug 4452: squid -z segfaults with ufs * Bug 4447:FwdState.cc:447 "serverConnection() == conn" assertion * Bug 4423: adding stdio: prefix to cache_log directive produces FATAL error * Bug 4409: compile error when two Heimdal libraries are installed * Bug 2831: Cache-control: max-age not sent on TCP_IMS_HIT/304 * pinger: Fix buffer overflow in Icmp6::Recv * pinger: Fix select(2) to actually use max_fd * pinger: drop capabilities on Linux * Fix memory leak of HttpRequest objects * Fix memory leak when the cache of sslcrtvalidator_program is disabled via ttl=0 * Fix assertion failed: Write.cc:41: "!ccb->active()" * Fix crash on shutdown while cleaning up idle ICAP connections * RFC 7725: Add registry entry for 451 status text * ... and some build issues - Refresh all patches ==== virtualbox ==== Version update (5.0.16 -> 5.0.17) Subpackages: virtualbox-guest-kmp-default virtualbox-guest-tools virtualbox-guest-x11 virtualbox-host-kmp-default virtualbox-qt - Fix problem with SONAME for VBoxOGL.so. With the Oracle code, it is libGL.so.1 rather than VBoxOGL.so.1. Thanks to Max Lin for notifying me about the problem. This fix adds file "vbox_prevent_wrong_SONAME.patch" - Fix problems with previous submission Removed copy of user manual from download site as there is no special manual for 5.0.17. File VirtualBox-5.0.17-r106108-r106140.patch is added to update the Oracle source to the latest commit. - Modify Guest Additions so that openSUSE build works with new Oracle code. The following changes have been made: Added Oracle patch to bring code to r106140 commit. Moved VB guest modules to /lib/modules/.../misc/. This layout matches that of the Oracle Guest Additions ISO. Added missing copy of Module.symvers from vboxguest build so that loads of vboxvideo can resolve all symbols. Remove patch added in previous cycle to build under kernel 4.5.0. The Oracle code now has this fix. With these changes, both Gnome and KDE desktops as VB virtual machines work with gdm and the versions of X.Org that do not run as root. The only known defect is that the mouse pointer is missing when 3D acceleration is turned on in the VB control panel. - Version bump to 5.0.17 (released 2016-03-07 by Oracle) Following the 5.0.16 release, the Guest Additions were updated to support Linux guests with X.Org Server running without root privileges and to fix certain 3D acceleration-related issues. There are no other changes to VirtualBox. A patch "vbox-guest-add.diff" is needed to enable the Oracle code to build with kernel 4.5. ==== xinit ==== - xinit.tar.bz2: update /etc/X11/xinit/xinitrc.common to make sure numbered scripts are run sequentially. All non-numbered scripts will still be run in background to avoid stalling on non-daemonizing 'services' (boo#973559). ==== yast2-samba-server ==== Version update (3.1.13 -> 3.1.14) - Don't require libsmbclient as it's pulled in by libsmbclient-devel; (bsc#972197). - 3.1.14 ==== yast2-storage ==== Version update (3.1.84 -> 3.1.86) - Removed Builtins.time. Cleanup for bnc#956730. - 3.1.86 - call snapper to setup quota during installation (for fate#312751)