Packages changed: MozillaFirefox (43.0.3 -> 43.0.4) aqbanking (5.6.1beta -> 5.6.4beta) clamav grub2 gwenhywfar (4.14.0 -> 4.15.2beta) libvirt-python lxdm man-pages (4.03 -> 4.04) mbedtls (1.3.15 -> 1.3.16) perl-Bootloader (0.901 -> 0.903) perl-Pango pidgin-sipe (1.19.1 -> 1.20.1) pinpoint (0.1.6 -> 0.1.8) python-cffi (1.2.1 -> 1.4.2) python-cryptography (1.1.2 -> 1.2.1) tei-xsl-stylesheets (7.32.0 -> 7.40.1) tiff uget (2.0.2 -> 2.0.4) vim (7.4.1004 -> 7.4.1087) === Details === ==== MozillaFirefox ==== Version update (43.0.3 -> 43.0.4) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 43.0.4: * Re-enable SHA-1 certificates to prevent outdated man-in-the-middle security devices from interfering with properly secured SSL/TLS connections (bmo#1236975) * Fix for startup crash for users of a third party antivirus tool (bmo#1235537) - The following change was previously in the package as a patch: * Multi-user GNU/Linux download folders can be created (bmo#1233434), removed mozilla-bmo1233434.patch ==== aqbanking ==== Version update (5.6.1beta -> 5.6.4beta) Subpackages: aqbanking-devel aqbanking-lang - Update to 5.6.4beta + Fix error in SWIFT importer (missing import of :NS: fields) + Fix transmission of Flicker codes (HHD 1.4) ==== clamav ==== - now can handle regexp using signatures using pcre bsc#960237 ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Add 0001-menu-fix-line-count-calculation-for-long-lines.patch (bsc#943585) ==== gwenhywfar ==== Version update (4.14.0 -> 4.15.2beta) Subpackages: gwenhywfar-devel gwenhywfar-lang libgwengui-cpp0 libgwengui-fox16-0 libgwengui-gtk2-0 libgwengui-qt4-0 libgwenhywfar60 libgwenhywfar60-plugins - Update to 4.15.2beta + Use new code for SSL connections to enable build with current GnuTLS versions. This obsoletes patch gwenhywfar-gnutls30.patch ==== libvirt-python ==== - Require libvirt-client version >= libvirt-python version ==== lxdm ==== - Run intltoolize in order to get valid Makefiles for translation installations. ==== man-pages ==== Version update (4.03 -> 4.04) - update to 4.04: * new and rewritten pages + futex.2 Rewrite and massively expand page + membarrier.2 New page documenting membarrier() system call * newly documented interfaces in existing pages + mlock.2 Document mlock2(2) and MCL_ONFAULT ==== mbedtls ==== Version update (1.3.15 -> 1.3.16) - Update to 1.3.16 * Fixes a potential double free when mbedtls_asn1_store_named_data() fails to allocate memory. This was only used for certificate generation and was not triggerable remotely in SSL/TLS. boo#961290 * Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH (CVE-2015-7575) attack on TLS 1.2 server authentication (other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL). boo#961284 * Fixes an over-restrictive length limit in GCM. * Fixes a bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has a pathLenConstraint equal to zero. * Removed potential leak in mbedtls_rsa_rsassa_pkcs1_v15_sign() * Added config.h option POLARSSL_SSL_ENABLE_MD5_SIGNATURES to control use of MD5-based signatures for TLS 1.2 handshake (disabled by default). ==== perl-Bootloader ==== Version update (0.901 -> 0.903) Subpackages: perl-Bootloader-YAML - improve add/del-option scripts - rename uboot to u-boot - 0.903- added support for modifying default boot options - 0.902 ==== perl-Pango ==== - Add fix-pangocairo_libs.patch to fix compilation on Tumbleweed-2016-01 ==== pidgin-sipe ==== Version update (1.19.1 -> 1.20.1) Subpackages: libpurple-plugin-sipe - Update to version 1.20.1: + Add support for another type of ADFS response. + Improve configure check for back-ported features. + Updated translations. - Changes from version 1.20.0: + Parse HTML from Lync conference URL (Stefan Becker) + SRTP Support. + Office365 rejects RC4 in TLS-DSK: added support for AES-128/256-CBC. ==== pinpoint ==== Version update (0.1.6 -> 0.1.8) - Update to version 0.1.8: + Make pinpoint work on Wayland (includes depending on Gtk+ to have window decorations). + Remove more deprecation warnings (still so many left). - Add pkgconfig(clutter-gtk-1.0) BuildRequires: new dependency. ==== python-cffi ==== Version update (1.2.1 -> 1.4.2) - update to version 1.4.2: * Nothing changed from v1.4.1. - changes from version 1.4.1: * Fix the compilation failure of cffi on CPython 3.5.0. (3.5.1 works; some detail changed that makes some underscore-starting macros disappear from view of extension modules, and I worked around it, thinking it changed in all 3.5 versions?but no: it was only in 3.5.1.) - changes from version 1.4.0: * A better way to do callbacks has been added (faster and more portable, and usually cleaner). It is a mechanism for the out-of-line API mode that replaces the dynamic creation of callback objects (i.e. C functions that invoke Python) with the static declaration in cdef() of which callbacks are needed. This is more C-like, in that you have to structure your code around the idea that you get a fixed number of function pointers, instead of creating them on-the-fly. * ffi.compile() now takes an optional verbose argument. When True, distutils prints the calls to the compiler. * ffi.compile() used to fail if given sources with a path that includes "..". Fixed. * ffi.init_once() added. See docs. * dir(lib) now works on libs returned by ffi.dlopen() too. * Cleaned up and modernized the content of the demo subdirectory in the sources (thanks matti!). * ffi.new_handle() is now guaranteed to return unique void * values, even if called twice on the same object. Previously, in that case, CPython would return two cdata objects with the same void * value. This change is useful to add and remove handles from a global dict (or set) without worrying about duplicates. It already used to work like that on PyPy. This change can break code that used to work on CPython by relying on the object to be kept alive by other means than keeping the result of ffi.new_handle() alive. (The corresponding warning in the docs of ffi.new_handle() has been here since v0.8!) - changes from version 1.3.1: * The optional typedefs (bool, FILE and all Windows types) were not always available from out-of-line FFI objects. * Opaque enums are phased out from the cdefs: they now give a warning, instead of (possibly wrongly) being assumed equal to unsigned int. Please report if you get a reasonable use case for them. * Some parsing details, notably volatile is passed along like const and restrict. Also, older versions of pycparser mis-parse some pointer-to-pointer types like char * const *: the ?const? ends up at the wrong place. Added a workaround. - changes from version 1.3.0: * Added ffi.memmove(). * Pull request #64: out-of-line API mode: we can now declare floating-point types with typedef float... foo_t;. This only works if foo_t is a float or a double, not long double. * Issue #217: fix possible unaligned pointer manipulation, which crashes on some architectures (64-bit, non-x86). * Issues #64 and #126: when using set_source() or verify(), the const and restrict keywords are copied from the cdef to the generated C code; this fixes warnings by the C compiler. It also fixes corner cases like typedef const int T; T a; which would previously not consider a as a constant. (The cdata objects themselves are never const.) * Win32: support for __stdcall. For callbacks and function pointers; regular C functions still don?t need to have their calling convention declared. * Windows: CPython 2.7 distutils doesn?t work with Microsoft?s official Visual Studio for Python, and I?m told this is not a bug. For ffi.compile(), we removed a workaround that was inside cffi but which had unwanted side-effects. Try saying import setuptools first, which patches distutils... ==== python-cryptography ==== Version update (1.1.2 -> 1.2.1) - update to upstream release 1.2.1 1.2.1 - 2016-01-08 * Reverts a change to an OpenSSL EVP_PKEY object that caused errors with pyOpenSSL. 1.2 - 2016-01-08 * BACKWARDS INCOMPATIBLE: RevokedCertificate extensions now uses extension classes rather than returning raw values inside the Extension value. The new classes are: o CertificateIssuer o CRLReason o InvalidityDate * Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time there is no time table for actually dropping support, however we strongly encourage all users to upgrade, as those versions no longer receive support from the OpenSSL project. * The Certificate class now has signature and tbs_certificate_bytes attributes. * The CertificateSigningRequest class now has signature and tbs_certrequest_bytes attributes. * The CertificateRevocationList class now has signature and tbs_certlist_bytes attributes. * NameConstraints are now supported in the CertificateBuilder and CertificateSigningRequestBuilder. * Support serialization of certificate revocation lists using the public_bytes() method of CertificateRevocationList. * Add support for parsing CertificateRevocationList extensions () in the OpenSSL backend. The following extensions are currently supported: o AuthorityInformationAccess o AuthorityKeyIdentifier o CRLNumber o IssuerAlternativeName * Added CertificateRevocationListBuilder and RevokedCertificateBuilder to allow creation of CRLs. * Unrecognized non-critical X.509 extensions are now parsed into an UnrecognizedExtension object. ==== tei-xsl-stylesheets ==== Version update (7.32.0 -> 7.40.1) - Update to version 7.40.1 * No short changelog available; please read the ChangeLog file - Little specfile refactoring ==== tiff ==== Subpackages: libtiff-devel libtiff5 libtiff5-32bit - add tiff-4.0.4-uninitialized_mem_NeXTDecode.patch to fix uninitialized memory in NeXTDecode (upstream bug #2508) [bnc#942690] ==== uget ==== Version update (2.0.2 -> 2.0.4) Subpackages: uget-lang - Update to version 2.0.4: + Save and restore width of download column. + Adjust schedule form for large font size. + In speed limit mode, program adjust speed when downloading start-up. + Use filename from RPC request to match category if URL doesn't contain filename. + curl plug-in: - use posix_fallocate() to preallocate space for a file on Linux. - use SetEndOfFile() to preallocate space for a file on Windows. + Fix: program crash when simultaneously download > 32 files. + Fix: Can't save height of summary area. + Add compressed 256x256 icon for Windows 7. - Changes from version 2.0.3: + curl plug-in: - Update control file path if download file was renamed. - Update downloaded size after loading aria2 control file. - Update file size when allocating disk space. - Don't show border in right side of setting dialog. ==== vim ==== Version update (7.4.1004 -> 7.4.1087) Subpackages: gvim vim-data - Updated to revision 1087, fixes the following problems * Wrong way to check for unletting internal variables. * The Tcl interface can't be loaded dynamically on Unix. * Crash when using an invalid command. * CTRL-A does not work well in right-left mode. * Using "." to repeat CTRL-A in Visual mode increments the wrong numbers. * The CTRL-A and CTRL-X commands do not update the '[ and '] marks. * Crash with an extremely long buffer name. * CTRL-A and CTRL-X work badly with blockwise visual selection- Updated to revision 1066, fixes the following problems * Segfault when unletting "count". * Illegal memory access with weird syntax command. (Dominique Pelle) * Typos in the :options window. * Compiler warning for ignoring return value of fwrite(). * When a spell file has single letter compounding creating suggestions takes an awful long time.- Updated to revision 1046, fixes the following problems * The fix in patch 7.3.192 is not tested. * When a symbolic link points to a file in the root directory, the swapfile is not correct. * Vim overwrites the value of $PYTHONHOME. * The local value of 'errorformat' is not used for ":lexpr" and ":cexpr". * The column is not restored properly when the matchparen plugin is used in Insert mode and the cursor is after the end of the line. * When there is a backslash in an option ":set -=" doesn't work. * An Ex range gets adjusted for folded lines even when the range is not using line numbers. * Using "q!" when there is a modified hidden buffer does not unload the current buffer, resulting in the need to abandon it again. * g-CTRL-G shows the word count, but there is no way to get the word count in a script.