Marcus Updateinfo to OVAL Converter 5.5 2015-11-16T04:02:19 openSUSE 12.3 Update sudo was updated to fix two security issues, where adjusting the time of the syste could be used to regain access to sudo sessions if they onc were granted. (CVE-2013-1775,CVE-2013-1776) openSUSE 12.3 Update This update fixes a bug which allows an unauthenticated remote attacker to cause a stack overflow in server code, resulting in either server crash or even code execution as the user running firebird. openSUSE 12.3 Update wireshark was updated to 1.8.6 [bnc#807942] + vulnerabilities fixed: * The TCP dissector could crash. wnpa-sec-2013-10 CVE-2013-2475 * The HART/IP dissectory could go into an infinite loop. wnpa-sec-2013-11 CVE-2013-2476 * The CSN.1 dissector could crash. wnpa-sec-2013-12 CVE-2013-2477 * The MS-MMS dissector could crash. wnpa-sec-2013-13 CVE-2013-2478 * The MPLS Echo dissector could go into an infinite loop. wnpa-sec-2013-14 CVE-2013-2479 * The RTPS and RTPS2 dissectors could crash. wnpa-sec-2013-15 CVE-2013-2480 * The Mount dissector could crash. wnpa-sec-2013-16 CVE-2013-2481 * The AMPQ dissector could go into an infinite loop. wnpa-sec-2013-17 CVE-2013-2482 * The ACN dissector could attempt to divide by zero. wnpa-sec-2013-18 CVE-2013-2483 * The CIMD dissector could crash. wnpa-sec-2013-19 CVE-2013-2484 * The FCSP dissector could go into an infinite loop. wnpa-sec-2013-20 CVE-2013-2485 * The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-21 CVE-2013-2486 CVE-2013-2487 * The DTLS dissector could crash. wnpa-sec-2013-22 CVE-2013-2488 + Further bug fixes and updated protocol support as listed in: http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html openSUSE 12.3 Update Mozilla Firefox was updated to 19.0.2 (bnc#808243) fixing: * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor could be used for code execution * blocklist updates openSUSE 12.3 Update krb5 was updated to fix security issues in PKINIT: - fix PKINIT null pointer deref in pkinit_check_kdc_pkid() (CVE-2012-1016 bnc#807556) - fix PKINIT null pointer deref (CVE-2013-1415 bnc#806715) Also package a missing file on 12.3 (bnc#794784). openSUSE 12.3 Update xulrunner was updated to 17.0.4esr (bnc#808243) to fix a important security issue: * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.3 Update The PackageKit zypp backend was fixed to only allow patches to be updated. Otherwise a regular user could install new packages or even downgrade older packages to ones with security problems. (CVE-2013-1764) openSUSE 12.3 Update seamonkey was updated to version 2.16.1 fixing a severe security issue. * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.3 Update Perl was updated to fix 3 security issues: - fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug was fixed: - fix IPC::Open3 bug when '-' is used [bnc#755278] openSUSE 12.3 Update Pidgin was updated to 2.10.7 to fix various security issues and the bug that IRC did not work at all in 12.3. Changes: - Add pidgin-irc-sasl.patch: link irc module to SASL. Allows the IRC module to be loaded (bnc#806975). - Update to version 2.10.7 (bnc#804742): + Alien hatchery: - No changes + General: - The configure script will now exit with status 1 when specifying invalid protocol plugins using the --with-static-prpls and --with-dynamic-prpls arguments. (pidgin.im#15316) + libpurple: - Fix a crash when receiving UPnP responses with abnormally long values. (CVE-2013-0274) - Don't link directly to libgcrypt when building with GnuTLS support. (pidgin.im#15329) - Fix UPnP mappings on routers that return empty <URLBase/> elements in their response. (pidgin.im#15373) - Tcl plugin uses saner, race-free plugin loading. - Fix the Tcl signals-test plugin for savedstatus-changed. (pidgin.im#15443) + Pidgin: - Make Pidgin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant. + Gadu-Gadu: - Fix a crash at startup with large contact list. Avatar support for buddies will be disabled until 3.0.0. (pidgin.im#15226, pidgin.im#14305) + IRC: - Support for SASL authentication. (pidgin.im#13270) - Print topic setter information at channel join. (pidgin.im#13317) + MSN: - Fix SSL certificate issue when signing into MSN for some users. - Fix a crash when removing a user before its icon is loaded. (pidgin.im#15217) + MXit: - Fix a bug where a remote MXit user could possibly specify a local file path to be written to. (CVE-2013-0271) - Fix a bug where the MXit server or a man-in-the-middle could potentially send specially crafted data that could overflow a buffer and lead to a crash or remote code execution. (CVE-2013-0272) - Display farewell messages in a different colour to distinguish them from normal messages. - Add support for typing notification. - Add support for the Relationship Status profile attribute. - Remove all reference to Hidden Number. - Ignore new invites to join a GroupChat if you're already joined, or still have a pending invite. - The buddy's name was not centered vertically in the buddy-list if they did not have a status-message or mood set. - Fix decoding of font-size changes in the markup of received messages. - Increase the maximum file size that can be transferred to 1 MB. - When setting an avatar image, no longer downscale it to 96x96. + Sametime: - Fix a crash in Sametime when a malicious server sends us an abnormally long user ID. (CVE-2013-0273) + Yahoo!: - Fix a double-free in profile/picture loading code. (pidgin.im#15053) - Fix retrieving server-side buddy aliases. (pidgin.im#15381) + Plugins: - The Voice/Video Settings plugin supports using the sndio GStreamer backends. (pidgin.im#14414) - Fix a crash in the Contact Availability Detection plugin. (pidgin.im#15327) - Make the Message Notification plugin more friendly to non-X11 GTK+, such as MacPorts' +no_x11 variant. + Windows-Specific Changes: - Compile with secure flags (pidgin.im#15290) - Installer downloads GTK+ Runtime and Debug Symbols more securely. (pidgin.im#15277) - Updates to a number of dependencies, some of which have security related fixes. (pidgin.im#14571, pidgin.im#15285, pidgin.im#15286) . ATK 1.32.0-2 . Cyrus SASL 2.1.25 . expat 2.1.0-1 . freetype 2.4.10-1 . gettext 0.18.1.1-2 . Glib 2.28.8-1 . libpng 1.4.12-1 . libxml2 2.9.0-1 . NSS 3.13.6 and NSPR 4.9.2 . Pango 1.29.4-1 . SILC 1.1.10 . zlib 1.2.5-2 - Patch libmeanwhile (sametime library) to fix crash. (pidgin.im#12637) openSUSE 12.3 Update The Openstack Stack components were updated to Folsom level as of March 5th. Changes in openstack-cinder: - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update cinder-config-update.diff: update etc/cinder/api-paste.ini to have a signing_dir key under [filter:authtoken]. Otherwise, cinder-api won't start. This was done with commit de289a6 in Grizzly. - Update to version 2012.2.4+git.1362502414.95a620b: + Check for non-default volume name template. + Fix error for extra specs update with empty body. - Update to version 2012.2.4+git.1361527687.68de70d: + Add a safe_minidom_parse_string function. (CVE-2013-1664) - Set auth_strategy to keystone for a good out-of-the-box experience - Add cinder-config-update.diff: move configuration changes to a patch, instead of using sed. - Update to version 2012.2.4+git.1360133755.a8caa79: + Final versioning for 2012.2.3 + Bump version to 2012.2.4 + Fix typo in cinder/db/api.py - Update to version 2012.2.3+git.1358429029.cdf6c13: + Add commands used by NFS volume driver to rootwrap Changes in openstack-dashboard: - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Backport packaging changes we did for Grizzly to fix theming: + define a production %bcond_with that will determine whether offline compression is used or not. + if not using the production feature, have a nodejs Requires. + move compression steps to %prep. + by default, use the non-production mode for greater flexibility. - Do not use "SUSE Cloud" as site branding: this is not SUSE Cloud. - Update to version 2012.2.4+git.1362503968.8ece3c7: + pin django to 1.4.x stream - Update to version 2012.2.4+git.1361527741.0a42fa0: + Prevent the user from creating a single IP address sized network + Add UTC offset information to the timezone - Update to version 2012.2.4+git.1360133827.f421145: + Final versioning for 2012.2.3 + Bump version to 2012.2.4 - Update to version 2012.2.2+git.1359111868.20fa0fc: + Pin docutils to 0.9.1, fix pep8 errors + Fix bug 1055929 - Can not display usage data for Quota Summary. + Revert "Temp fix for api/keystone.py" + Specify floating ips table action column's width + Allow setting nova quotas to unlimited + Add a check for unlimited quotas + Avoid cinder calls, when cinder is unavailable + Don't inherit from base.html in 500 error page + Don't show the EC2 Credentials panel if there is no EC2 service - Drop horizon-ssl.patch: merged upstream. Changes in openstack-glance: - Do not return location in headers (CVE-2013-1840) - This fixes bnc#808626. - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update to version 2012.2.4+git.1362583521.1fb759d: + Swallow UserWarning from glance-cache-manage + Avoid dangling partial image on size/checksum mismatch - Update to version 2012.2.4+git.1362503824.afe6166: + Fix broken JSON schemas in v2 tests + Prints list-cached dates in isoformat - Update to version 2012.2.4+git.1360133885.98d9928: + Bump version to 2012.2.4 - Update to version 2012.2.3+git.1359529730.a5b0f4e: + Change useexisting to extend_existing to fix deprecation warnings. + Remove Swift location/password from messages. (CVE-2013-0212) Changes in openstack-keystone: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - fix logging.conf to be about keystone and have absolute path - Update to version 2012.2.4+git.1362502288.8690166: + Sync timeutils to pick up normalize fix. + Backport of fix for 24-hour failure of pki. - Update to version 2012.2.4+git.1361527873.37b3532: + Disable XML entity parsing (CVE-2013-1664, CVE-2013-1665) + Ensure user and tenant enabled in EC2 (CVE-2013-0282) - Update to version 2012.2.4+git.1360133921.82c87e5: + Bump version to 2012.2.4 + Add size validations for /tokens. (CVE-2013-0247) - Update to version 2012.2.3+git.1359550485.ec7b94d: + Test 0.2.0 keystoneclient to avoid new deps + Unparseable endpoint URL's should raise friendly error + Fix catalog when services have no URL + Render content-type appropriate 404 (bug 1089987) - fix last commit's hash tag in Version Changes in openstack-nova: - Add quotas for fixed ips. (CVE-2013-1838) - Update to version 2012.2.3+git.1358515929.3545a7d: + Add NFS to the libvirt volume driver list + Call plug_vifs() for all instances in init_host + Fix addition of CPU features when running against legacy libvirt + Fix typo in resource tracker audit message - Move back to "git_tarballs" source service. - Start using obs-service-github_tarballs - Update to version 2012.2.3+git.1358434328.a41b913: + Provide better error message for aggregate-create + Fix errors in used_limits extension + Add an iptables mangle rule per-bridge for DHCP. + Limit formatting routes when adding resources - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Install polkit rules file in /usr/share/polkit-1/rules.d/ since it's not a configuration file, and use 10 instead of 50 as priority to make sure it is taken into account. - Update to version 2012.2.4+git.1362583574.da38af5: + VNC Token Validation (CVE-2013-0335) - Update to version 2012.2.4+git.1362502642.8c4df00: + Ensure we add a new line when appending to rc.local + Handle compute node not available for live migration + remove intermediate libvirt downloaded images - Add openstack-nova-polkit.rules: polkit rules for the new polkit that uses javascript. On openSUSE 12.3 and later, we install this file in /etc/polkit-1/rules.d/ instead of installing the pkla file which is of no use with the new polkit. - Update to version 2012.2.4+git.1361527907.d5e7f55: + Avoid stuck task_state on snapshot image failure + Add a safe_minidom_parse_string function. (CVE-2013-1664) + Enable libvirt to work with NoopFirewallDriver + Fix state sync logic related to the PAUSED VM state + libvirt: Fix nova-compute start when missing ip. - Update to version 2012.2.4+git.1360133953.e5d0f4b: + Final versioning for 2012.2.3 + Bump version to 2012.2.4 - Update to version 2012.2.3+git.1359529791.317cc0a: + remove session parameter from fixed_ip_get + Eliminate race conditions in floating association + Fix to include error message in instance faults + disallow boot from volume from specifying arbitrary volumes (CVE-2013-0208) - Update to version 2012.2.3+git.1359111576.03c3e9b: + Ensure that Quantum uses configured fixed IP + Makes sure compute doesn't crash on failed resume. - Update to version 2012.2.3+git.1358515929.3545a7d: + Add NFS to the libvirt volume driver list + Call plug_vifs() for all instances in init_host + Fix addition of CPU features when running against legacy libvirt + Fix typo in resource tracker audit message - Move back to "git_tarballs" source service. - Start using obs-service-github_tarballs - Update to version 2012.2.3+git.1358434328.a41b913: + Provide better error message for aggregate-create + Fix errors in used_limits extension + Add an iptables mangle rule per-bridge for DHCP. + Limit formatting routes when adding resources Changes in openstack-quantum: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update to version 2012.2.4+git.1362583635.f94b149: + L3 port delete prevention: do not raise if no IP on port - Update to version 2012.2.4+git.1362504084.06e42f8: + Close file descriptors when executing sub-processes + Persist updated expiration time - Update to version 2012.2.4+git.1361527969.4de49b4: + only destroy single namespace if router_id is set + Enable OVS and NETNS utilities to perform logging + Disable dhcp_domain distribution when dhcp_domain is empty + Shorten the DHCP default resync_interval - Update to version 2012.2.4+git.1360134016.d2a85e6: + Final versioning for 2012.2.3 + Bump version to 2012.2.4 - Update to version 2012.2.3+git.1359529852.a84ba7e: + Regression caused by commit b56c2c998 + LinuxBridge: update status according to admin_state_up + Ensure that correct root helper is used Changes in openstack-quickstart: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update to latest git (cb0fbe8): + Enalbe Cinder and Swift Service endpoints + Setup Cinder properly - Update to latest git (95d7088): + Fill in values in the cinder/api-paste.ini templatae Changes in openstack-swift: - Update to version 1.7.4.1+git.1359529903.0ce3e1d: + Use pypi for python-swiftclient dependency. - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update to version 1.7.4.1+git.1359529903.0ce3e1d: + Use pypi for python-swiftclient dependency. Changes in python-cinderclient: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Add compat-newer-requests.patch: take patches from upstream to allow working with newer versions of python-requests. Changes in python-django_openstack_auth: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Update to version 1.0.6: + Fix compatibility with keystoneclient v0.2. - Changes from version 1.0.5: + Improves error handling; fixes failing test. Changes in python-keystoneclient: - Update 12.3 packages to Folsom as of March 5th. This comes with? security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc#802278. - Add compat-newer-requests.patch: take patches from upstream to allow working with newer versions of python-requests. openSUSE 12.3 Update MozillaThunderbird was updated to 17.0.4 (bnc#808243) * MFSA 2013-29/CVE-2013-0787 (bmo#848644) Use-after-free in HTML Editor openSUSE 12.3 Update The Typo3 CMS versions were updated to receive security and bug fixes. - Raised to version 4.5.25 * bugfix: External URL regression by jumpurl security fix (Helmut Hummel), t3#46071 - Raised to version 4.5.24 * Raise submodule pointer (TYPO3 Release Team) * security: Open redirection with jumpurl (Franz G. Jahn), t3#28587, bnc#808528, CVE-2013-1843 * bugfix: Check minitems for TCAtree (Georg Ringer), t3#25003 * bugfix: Keep hyphens in custom HTML5 attributes (Jigal van Hemert), t3#34371 * Revert "[BUGFIX] FE session records are never removed" (Oliver Hader), t3#45570 - security fix: Typo3 Extbase Framework SQL Injection, bnc#808528, CVE-2013-1842 - Raised to version 4.5.23 * Raise submodule pointer * bugfix: t3lib_iconWorks must check if array exists before using it, t3#24248 * bugfix: BE user switch impossible when in adminOnly mode, t3#32686 * bugfix: Excludefieds must exclude admin only tables, t3#34460 * bugfix: TypoLink: absolute urls when installed in subfolder, t3#33214 * Raise submodule pointer * bugfix: [Cache][PDO] Duplicate cache entry possible, t3#34129 * bugfix: IE9 compatibility clear cache menu, t3#36364 * bugfix: Hook call modifyDBRow in ContentContentObject, t3#44416 * bugfix: Fix misspelling in RTE meta menu, t3#43886 * bugfix: load TCA before manipulation, t3#38505 * DataHandler::getAutoVersionId() should be public, t3#45050 * bugfix: Load date-time picker in scheduler module, t3#31027 * bugfix: Quick Edit triggers warnings of missing key uid, t3#42845 * Raise submodule pointer * bugfix: Fix warnings in em on tab Maintenance, t3#39680 * bugfix: Correct TCA inclusion for uploads rendering, t3#44145 * bugfix: Update description on changed error reporting defaults, t3#38240 * bugfix: Fix typos in stdWrap_crop description, t3#43919 * bugfix: Apc Cache backend has side effects, t3#38135 * bugfix: Invalid call to t3lib_TCEmain::processRemapStack(), t3#44301 * Raise submodule pointer * bugfix: Suggest wizard is behind form inputs, t3#42092 * bugfix: phpdoc: $urlParameters can be a string, t3#44263 * bugfix: FE session records are never removed, t3#34964 * bugfix: INTincScript_loadJSCode() causes PHP warnings, t3#32278 * bugfix: Enable the RTE with WebKit version 534 on iOS and Android, t3#43603 * bugfix: Remove HTML in RuntimeException from sysext 'install', t3#38472 * bugfix: Fix wrong column title in web>list for field colpos, t3#25113 * bugfix: SqlParser: trim all kinds of whitespaces, t3#43470 * Remove typo3.pageModule.js, t3#43459 * bugfix: Installer: Reference images wrong, t3#42292 * bugfix: Page Information shows incorrect number of total hits, t3#41608 * bugfix: Old logo on "Install Tool is locked" page, t3#42908 * openid: Update php-openid to 2.2.2, t3#42236 * Group excludefields by table, t3#34098 * bugfix: Hide version selector if workspaces are used, t3#43264 * Raise submodule pointer - Raised verstion to 4.6.18 * bugfix: External URL regression by jumpurl security fix (Helmut Hummel), t3#46071 - Raised version to 4.6.17 * Raise submodule pointer (TYPO3 Release Team) * security: Open redirection with jumpurl (Franz G. Jahn), t3#28587, bnc#808528, CVE-2013-1843 - security fix: Typo3 Extbase Framework SQL Injection, bnc#808528, CVE-2013-1842 - Raised version to 4.6.16 * bugfix: L10n fallback does not work for TS labels, t3#44099 * bugfix: L10n fallback does not work for ExtJS in BE, t3#44273 * Raise submodule pointer * bugfix: Allow "en" as language key, t3#42084 * Raise submodule pointer * bugfix: [Cache][PDO] Duplicate cache entry possible, t3#34129 * bugfix: IE9 compatibility clear cache menu, t3#36364 * bugfix: Hook call modifyDBRow in ContentContentObject, t3#44416 * bugfix: Fix misspelling in RTE meta menu, t3#43886 * bugfix: load TCA before manipulation, t3#38505 * bugfix: add check for empty form values in FORM View, t3#28606 * DataHandler::getAutoVersionId() should be public, t3#45050 * bugfix: Quick Edit triggers warnings of missing key uid, t3#42845 * Raise submodule pointer * bugfix: Fix warnings in em on tab Maintenance, t3#39680 * bugfix: Correct TCA inclusion for uploads rendering, t3#44145 * bugfix: Update description on changed error reporting defaults, t3#38240 * bugfix: Fix typos in stdWrap_crop description, t3#43919 * bugfix: Apc Cache backend has side effects, t3#38135 * bugfix: Invalid call to t3lib_TCEmain::processRemapStack(), t3#44301 * Raise submodule pointer * bugfix: Suggest wizard is behind form inputs, t3#42092 * bugfix: phpdoc: $urlParameters can be a string, t3#44263 * bugfix: FE session records are never removed, t3#34964 * bugfix: INTincScript_loadJSCode() causes PHP warnings, t3#32278 * bugfix: Fix broken logo file in Install Tool, t3#43426 * bugfix: Remove HTML in RuntimeException from sysext 'install', t3#38472 * bugfix: Fix wrong column title in web>list for field colpos, t3#25113 * bugfix: SqlParser: trim all kinds of whitespaces, t3#43470 * Remove typo3.pageModule.js, t3#43459 * bugfix: Installer: Reference images wrong, t3#42292 * bugfix: Page Information shows incorrect number of total hits, t3#41608 * bugfix: Old logo on "Install Tool is locked" page, t3#42908 * bugfix: Form values with newlines escaped in email, t3#32515 * openid: Update php-openid to 2.2.2, t3#42236 * bugfix: Wizard in HTML element moved to t3editor, t3#33813 * bugfix: Livesearch toolbar should close others, t3#32890 * bugfix: Hide version selector if workspaces are used, t3#43264 * bugfix: Subject field in FormWizard, t3#35787 * Raise submodule pointer * bugfix: Invalid behavior of search for integer in Backend search, t3#33700 * fluid, bugfix: Unit test fails with broken timezone, t3#45285 * fluid, bugfix: Date ViewHelper not using configured Timezones, t3#12769 * fluid, bugfix: Fix typo and improve backup of system settings, t3#45218 * fluid, bugfix: Remove PHP Error caused by setlocale call, t3#45118 * fluid, bugfix: Incomplete locale backup in unit test, t3#44835 * fluid, bugfix: selectViewHelper sorting should respect locales, t3#43445 * fluid, bugfix: Image viewhelper clears $GLOBALS['TSFE'] in backend context, t3#43446 * fluid, bugfix: AbstractFormFieldViewHelper always converts entities, t3#34091 * linkvalidator, bugfix: SQL error in getLinkCounts, t3#43322 * version, bugfix: Catchable fatal error when using the swap button, t3#42948 - Raised to version 4.7.10 * bugfix: External URL regression by jumpurl security fix (Helmut Hummel), t3#46071 - Added rpmlintrc to suppress duplicated files warning. - Raised to version 4.7.9 * Raise submodule pointer (TYPO3 Release Team) * security: Open redirection with jumpurl (Franz G. Jahn), t3#28587, bnc#808528, CVE-2013-1843 * bugfix: Invalid RSA key when submitting form twice (Benjamin Mack), t3#40085 - security fix: Typo3 Extbase Framework SQL Injection, bnc#808528, CVE-2013-1842 - Raised to version 4.7.8 * bugfix: L10n fallback does not work for TS labels, t3#44099 * bugfix: L10n fallback does not work for ExtJS in BE, t3#44273 * Raise submodule pointer * bugix: Allow "en" as language key, t3#42084 * Raise submodule pointer * bugfix: [Cache][PDO] Duplicate cache entry possible, t3#34129 * bugfix: IE9 compatibility clear cache menu, t3#36364 * bugfix: Hook call modifyDBRow in ContentContentObject, t3#44416 * bugfix: Fix misspelling in RTE meta menu, t3#43886 * bugfix: load TCA before manipulation, t3#38505 * bugfix: add check for empty form values in FORM View, t3#28606 * DataHandler::getAutoVersionId() should be public, t3#45050 * bugfix: Possible warning in about module, t3#44892 * bugfix: Quick Edit triggers warnings of missing key uid, t3#42845 * Raise submodule pointer * bugfix: Fix warnings in em on tab Maintenance, t3#39680 * bugfix: EXT:felogin: Multiple bugs with preserveGETvars, t3#19938 * bugfix: Correct TCA inclusion for uploads rendering, t3#44145 * bugfix: array_merge_recursive_overrule: __UNSET for array values, t3#43874 * bugfix: Update description on changed error reporting defaults, t3#38240 * bugfix: Fix typos in stdWrap_crop description, t3#43919 * Add save only button to Scheduler task, t3#44152 * bugfix: Apc Cache backend has side effects, t3#38135 * bugfix: Invalid call to t3lib_TCEmain::processRemapStack(), t3#44301 * Raise submodule pointer * Suggest wizard is behind form inputs, t3#42092 * bugfix: phpdoc: $urlParameters can be a string, t3#44263 * bugfix: FE session records are never removed, t3#34964 * bugfix: INTincScript_loadJSCode() causes PHP warnings, t3#32278 * bugfix: Fix broken logo file in Install Tool, t3#43426 * bugfix: Enable the RTE with WebKit version 534 on iOS and Android, t3#43603 * bugfix: IE9 crashes after saving with RTE, t3#43766 * bugfix: Remove HTML in RuntimeException from sysext 'install', t3#38472 * bugfix: Compatibility fix for get_html_translation_table(), t3#39287 * bugfix: Fix wrong column title in web>list for field colpos, t3#25113 * bugfix: SqlParser: trim all kinds of whitespaces, t3#43470 * Remove typo3.pageModule.js, t3#43459 * bugfix: Installer: Reference images wrong, t3#42292 * bugfix: Page Information shows incorrect number of total hits, t3#41608 * bugfix: Old logo on "Install Tool is locked" page, t3#42908 * bugfix: Form values with newlines escaped in email, t3#32515 * openid: Update php-openid to 2.2.2, t3#42236 * bugfix: Hide version selector if workspaces are used. t3#43264 * bugfix: Subject field in FormWizard, t3#35787 * Raise submodule pointer * Invalid behavior of search for integer in Backend search, t3#33700 openSUSE 12.3 Update nss-pam-ldap was updated to fix a FD_SET overflow, happening when more than 1024 filedescriptors are opened. (CVE-2013-0288) openSUSE 12.3 Update java-1_7_0-openjdk was updated to icedtea-2.3.7 (bnc#809386): * Security fixes - S8007014, CVE-2013-0809: Improve image handling - S8007675, CVE-2013-1493: Improve color conversion * Backports - S8002344: Krb5LoginModule config class does not return proper KDC list from DNS - S8004344: Fix a crash in ToolkitErrorHandler() in XlibWrapper.c - S8006179: JSR292 MethodHandles lookup with interface using findVirtual() - S8006882: Proxy generated classes in sun.proxy package breaks JMockit * Bug fixes - PR1303: Correct #ifdef to #if - PR1340: Simplify the rhino class rewriter to avoid use of concurrency - Revert 7017193 and add the missing free call, until a better fix is ready. openSUSE 12.3 Update telepathy-gabble was updated to fix a remote denial of service attack using NULL ptr dereferences during hashing. (CVE-2013-1769). openSUSE 12.3 Update libxml2 was updated to limit internal entity expansion denial of service problems (IXE) (CVE-2013-0338) (bnc#805233) openSUSE 12.3 Update Almanah was updated to encrypt the database when the application closes. (bgo#695117, bnc#809140, CVE-2013-1853). openSUSE 12.3 Update privoxy was updated to 3.0.21 stable fo fix CVE-2013-2503 (bnc#809123) - changes in 3.0.21 * On POSIX-like platforms, network sockets with file descriptor values above FD_SETSIZE are properly rejected. Previously they could cause memory corruption in configurations that allowed the limit to be reached. * Proxy authentication headers are removed unless the new directive enable-proxy-authentication-forwarding is used. Forwarding the headers potentionally allows malicious sites to trick the user into providing them with login information. Reported by Chris John Riley. * Compiles on OS/2 again now that unistd.h is only included on platforms that have it. * The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. * A couple of assert()s that could theoretically dereference NULL pointers in debug builds have been relocated. * Added an LSB info block to the generic start script. Based on a patch from Natxo Asenjo. * The max-client-connections default has been changed to 128 which should be more than enough for most setups. * Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which caused too man false positives. Reported by u302320 in #360284, additional feedback from Adam Piggott. * Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously reported in #3603636. * Stop blocking '/js/slider\.js'. Reported by Adam Piggott in #3606635 and _lvm in #2791160. * Added an iframes filter. * The whole GPLv2 text is included in the user manual now, so Privoxy can serve it itself and the user can read it without having to wade through GPLv3 ads first. * Properly numbered and underlined a couple of section titles in the config that where previously overlooked due to a flaw in the conversion script. Reported by Ralf Jungblut. * Improved the support instruction to hopefully make it harder to unintentionally provide insufficient information when requesting support. Previously it wasn't obvious that the information we need in bug reports is usually also required in support requests. * Removed documentation about packages that haven't been provided in years. * Only log the test number when not running in verbose mode The position of the test is rarely relevant and it previously - for full list of changes see ChangeLog file shipped together with this package openSUSE 12.3 Update ImageMagick received fixes for a overflow in *png_malloc functions. (CVE-2012-3437) openSUSE 12.3 Update GraphicsMagick was updated to fix integer overflows in the _png_malloc functions (CVE-2012-3438). openSUSE 12.3 Update pigz incorrectly used world writeable permissions during unpacking (CVE-2013-0296). openSUSE 12.3 Update When SSSD is configured as an Active Directory client by using the new Active Directory provider or equivalent configuration of the LDAP provider, the Simple Access Provider does not handle access control correctly. If any groups are specified with the simple_deny_groups option, the group members are permitted access. (CVE-2013-0287) openSUSE 12.3 Update clamav was updated to version 0.97.7 (bnc#809945) and contains several hardening fixes which might be security issues. openSUSE 12.3 Update Openstack keystone was updated to version 2012.2.4+git.1363796849.255b1d4: + validate from backend (lp#1129713, bnc#809590, CVE-2013-1865) openSUSE 12.3 Update Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821) Ruby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also: - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269 - limit entity expansion text limit to 10kB CVE-2013-1821 - get rid of a SEGV when calling rb_iter_break() from some extention libraries. - some warning suppressed and smaller fixes openSUSE 12.3 Update This update of fail2ban fixes a startup related startup-problem and a security problem fixed upstream (CVE-2012-5642). openSUSE 12.3 Update Two denial of service problems (crashes with NULL pointer derference) were fixed in libxslt, which could potentially be used by remote attackers to crash libxslt using programs. openSUSE 12.3 Update Various security issues were fixed in puppet. CVE-2013-1655 CVE-2013-2275 CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654 CVE-2013-1655 CVE-2013-2274 CVE-2013-2275 openSUSE 12.3 Update bind was updated to 9.9.2-P2, fixing a security issue in regular expression handling. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876) openSUSE 12.3 Update ISC DHCP was updated to ISC dhcp-4.2.5-P1 release, which contains updated bind-9.8.4-P2 sources with removed regex.h check in configure (bnc#811934, CVE-2013-2266). Also: Changed spec make the bind export library build output visible. Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) Update config.guess/sub for aarch64 openSUSE 12.3 Update jakarta-commons-httpclient was updated to enhance the fix of bnc#803332 / CVE-2012-5783 * also check for subjectAltNames in the certificate. openSUSE 12.3 Update apache2 was updated to fix: - fix for cross site scripting vulnerability in mod_balancer. This is CVE-2012-4558 [bnc#807152] - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 [bnc#806458] - Escape filename for the case that uploads are allowed with untrusted user's control over filenames and mod_negotiation enabled on the same directory. CVE-2012-2687 [bnc#777260] And also these bugs: - httpd-2.2.x-bnc798733-SNI_ignorecase.diff: ignore case when checking against SNI server names. [bnc#798733] openSUSE 12.3 Update - Update to version 0.8.6 (bnc#812568) * Fix security issue in save-pref command (CVE-2013-1904) openSUSE 12.3 Update The Mozilla suite received security and bugfix updates: Mozilla Firefox was updated to version 20.0. Mozilla Thunderbird was updated to version 17.0.5. Mozilla Seamonkey was updated to version 17.0.5. Mozilla XULRunner was updated to version 17.0.5. mozilla-nss was updated to version 3.14.3. mozilla-nspr was updated to version 4.9.6. mozilla-nspr was updated to version 4.9.6: * aarch64 support * added PL_SizeOfArenaPoolExcludingPool function (bmo#807883) * Auto detect android api version for x86 (bmo#782214) * Initialize Windows CRITICAL_SECTIONs without debug info and with nonzero spin count (bmo#812085) Previous update to version 4.9.5 * bmo#634793: define NSPR's exact-width integer types PRInt{N} and PRUint{N} types to match the <stdint.h> exact-width integer types int{N}_t and uint{N}_t. * bmo#782815: passing 'int *' to parameter of type 'unsigned int *' in setsockopt(). * bmo#822932: Port bmo#802527 (NDK r8b support for x86) to NSPR. * bmo#824742: NSPR shouldn't require librt on Android. * bmo#831793: data race on lib->refCount in PR_UnloadLibrary. mozilla-nss was updated to version 3.14.3: * disable tests with expired certificates * add SEC_PKCS7VerifyDetachedSignatureAtTime using patch from mozilla tree to fulfill Firefox 21 requirements * No new major functionality is introduced in this release. This release is a patch release to address CVE-2013-1620 (bmo#822365) * "certutil -a" was not correctly producing ASCII output as requested. (bmo#840714) * NSS 3.14.2 broke compilation with older versions of sqlite that lacked the SQLITE_FCNTL_TEMPFILENAME file control. NSS 3.14.3 now properly compiles when used with older versions of sqlite (bmo#837799) - remove system-sqlite.patch * add arm aarch64 support * added system-sqlite.patch (bmo#837799) * do not depend on latest sqlite just for a #define * enable system sqlite usage again * update to 3.14.2 * required for Firefox >= 20 * removed obsolete nssckbi update patch * MFSA 2013-40/CVE-2013-0791 (bmo#629816) Out-of-bounds array read in CERT_DecodeCertPackage * disable system sqlite usage since we depend on 3.7.15 which is not provided in any openSUSE distribution * add nss-sqlitename.patch to avoid any name clash Changes in MozillaFirefox: - update to Firefox 20.0 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - build fixes for armv7hl: * disable debug build as armv7hl does not have enough memory * disable webrtc on armv7hl as it is non-compiling Changes in MozillaThunderbird: - update to Thunderbird 17.0.5 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations Changes in seamonkey: - update to SeaMonkey 2.17 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) Changes in xulrunner: - update to 17.0.5esr (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * MFSA 2013-30/CVE-2013-0788 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations openSUSE 12.3 Update Changes in rubygem-actionpack-3_2: - add 2 patches to fix security issues: - bug-809935_3-2-css_sanitize.patch: CVE-2013-1855: rubygem-actionpack*: XSS vulnerability in sanitize_css in Action Pack (bnc#809935) - bug-809940_3-2-sanitize_protocol.patch: CVE-2013-1857: rubygem-actionpack*: XSS Vulnerability in the `sanitize` helper of Ruby on Rails (bnc#809940) openSUSE 12.3 Update Changes in rubygem-activerecord-3_2: - add patch to fix security issue: - bug-809932_3-2-attribute_symbols.patch: fix CVE-2013-1854: rubygem-activerecord*: Symbol DoS vulnerability in Active Record (bnc#809932) openSUSE 12.3 Update postgresql was updated to version 9.2.4 (bnc#812525): * CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is eventually rejected. * CVE-2013-1900: Reset OpenSSL randomness state in each postmaster child process. This avoids a scenario wherein random numbers generated by "contrib/pgcrypto" functions might be relatively easy for another database user to guess. The risk is only significant when the postmaster is configured with ssl = on but most connections don't use SSL encryption. * CVE-2013-1901: Make REPLICATION privilege checks test current user not authenticated user. An unprivileged database user could exploit this mistake to call pg_start_backup() or pg_stop_backup(), thus possibly interfering with creation of routine backups. * See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.2/static/release-9-2-4.html /usr/share/doc/packages/postgresql92/HISTORY openSUSE 12.3 Update Subversion received minor version updates to fix remote triggerable vulnerabilities in mod_dav_svn which may result in denial of service. On openSUSE 12.1: - update to 1.6.21 [bnc#813913], addressing remotely triggerable + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs - further changes: + mod_dav_svn will omit some property values for activity urls + improve memory usage when committing properties in mod_dav_svn + fix mod_dav_svn runs pre-revprop-change twice + fixed: post-revprop-change errors cancel commit + improved logic in mod_dav_svn's implementation of lock. + fix a compatibility issue with g++ 4.7 On openSUSE 12.2 and 12.3: - update to 1.7.9 [bnc#813913], addressing remotely triggerable vulnerabilities in mod_dav_svn which may result in denial of service: + CVE-2013-1845: mod_dav_svn excessive memory usage from property changes + CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs + CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs + CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs + CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT - further changes: + Client-side bugfixes: * improved error messages about svn:date and svn:author props. * fix local_relpath assertion * fix memory leak in `svn log` over svn:// * fix incorrect authz failure when using neon http library * fix segfault when using kwallet + Server-side bugfixes: * svnserve will log the replayed rev not the low-water rev. * mod_dav_svn will omit some property values for activity urls * fix an assertion in mod_dav_svn when acting as a proxy on / * improve memory usage when committing properties in mod_dav_svn * fix svnrdump to load dump files with non-LF line endings * fix assertion when rep-cache is inaccessible * improved logic in mod_dav_svn's implementation of lock. * avoid executing unnecessary code in log with limit - Developer-visible changes: + General: * fix an assertion in dav_svn_get_repos_path() on Windows * fix get-deps.sh to correctly download zlib * doxygen docs will now ignore prefixes when producing the index * fix get-deps.sh on freebsd + Bindings: * javahl status api now respects the ignoreExternals boolean - refresh subversion-no-build-date.patch for upstream source changes openSUSE 12.3 Update Seamonkey was updated to the 2.17 release, fixing bugs and security issues: - update to SeaMonkey 2.17 (bnc#813026) * requires NSPR 4.9.5 and NSS 3.14.3 * mozilla-webrtc-ppc.patch included upstream * MFSA 2013-30/CVE-2013-0788/CVE-2013-0789 Miscellaneous memory safety hazards * MFSA 2013-31/CVE-2013-0800 (bmo#825721) Out-of-bounds write in Cairo library * MFSA 2013-35/CVE-2013-0796 (bmo#827106) WebGL crash with Mesa graphics driver on Linux * MFSA 2013-36/CVE-2013-0795 (bmo#825697) Bypass of SOW protections allows cloning of protected nodes * MFSA 2013-37/CVE-2013-0794 (bmo#626775) Bypass of tab-modal dialog origin disclosure * MFSA 2013-38/CVE-2013-0793 (bmo#803870) Cross-site scripting (XSS) using timed history navigations * MFSA 2013-39/CVE-2013-0792 (bmo#722831) Memory corruption while rendering grayscale PNG images - use GStreamer 1.0 starting with 12.3 (mozilla-gstreamer-1.patch) - revert to use GStreamer 0.10 on 12.3 (bnc#814101) (remove mozilla-gstreamer-1.patch) openSUSE 12.3 Update libcurl was updated to fix a cookie tail matching flaw which could lead to attackers gaining cookie access depending on domain names. (CVE-2013-1944,bnc#814655) openSUSE 12.3 Update This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server. This update fixes the following issue for Mesa on openSUSE 12.3: - bnc#814947, fdo#62141: Make sure we do render between two hiz flushes openSUSE 12.3 Update - update to 1.3.2 (bnc#815596) - Security Updates * CVE-2013-1927, RH884705: fixed gifar vulnerability * CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common * Added new option in itw-settings which allows users to set JVM arguments when plugin is initialized. - NetX * PR580: http://www.horaoficial.cl/ loads improperly - Plugin * PR1260: IcedTea-Web should not rely on GTK obsoletes icedtea-web-remove-gtk-dep.patch * PR1157: Applets can hang browser after fatal exception openSUSE 12.3 Update The openSUSE 12.3 kernel was updated to fix various security issues and bugs: - config.conf: Disable armv7hl/u8500 until it builds again - patches.fixes/ocfs2-Fix-oops-in-ocfs2_fast_symlink_readpage: ocfs2: Fix oops in ocfs2_fast_symlink_readpage() code path - drm/nouveau: Fix typo in init_idx_addr_latched() (bnc#800686). - rtl28xxu: Add USB ID for MaxMedia HU394-T (bnc#812113). - rtl28xxu: Add USB IDs for Compro VideoMate U620F (bnc#812113). - Support Digivox Mini HD (rtl2832) (bnc#812113). - rtl28xxu: correct some device names (bnc#812113). - rtl28xxu: add Gigabyte U7300 DVB-T Dongle (bnc#812113). - rtl28xxu: [1b80:d3a8] ASUS My Cinema-U3100Mini Plus V2 (bnc#812113). - rtl28xxu: add NOXON DAB/DAB+ USB dongle rev 2 (bnc#812113). - drm: correctly restore mappings if drm_open fails (bnc#807850). - Drivers: hv: vmbus: Fix a bug in hv_need_to_signal() (bnc#811417). - svcrpc: fix rpc server shutdown races (bnc#802812). - Update patches to what was accepted upstream. - Refresh patches.arch/kvm-convert-msr_kvm_system_time-to-use-gfn_to_hva_cache_init.patch. - Refresh patches.arch/kvm-fix-for-buffer-overflow-in-handling-of-msr_kvm_system_time.patch. - KVM: Convert MSR_KVM_SYSTEM_TIME to use gfn_to_hva_cache_init (bnc#806980 CVE-2013-1797). - KVM: Fix bounds checking in ioapic indirect register read (bnc#806980 CVE-2013-1798). - KVM: Fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (bnc#806980 CVE-2013-1796). - kabi/severities: Allow kvm abi changes - kvm modules are self consistent - loopdev: fix a deadlock (bnc#809748). - block: use i_size_write() in bd_set_size() (bnc#809748). - drm/i915: bounds check execbuffer relocation count (bnc#808829,CVE-2013-0913). - TTY: do not reset master's packet mode (bnc#809330). - Update patches.fixes/ext3-Fix-format-string-issues.patch (bnc#809155 CVE-2013-1848). - ext3: Fix format string issues (bnc#809155). - Drivers: hv: balloon: Do not request completion notification (fate#314663). - e1000e: fix runtime power management transitions (bnc#806966). - e1000e: fix pci-device enable-counter balance (bnc#806966). - e1000e: fix accessing to suspended device (bnc#806966). - gpio-ich: Fix ichx_gpio_check_available() return what callers expect. - gpio/ich: Add missing spinlock init. - Refresh patches.suse/SUSE-bootsplash-mgadrmfb-workaround. Add the same w/a for ast and cirrus KMS, too (bnc#806990). - Fix broken VT1 output with mgadrmfb (bnc#806990). - PCI/PM: Clear state_saved during suspend (bnc#806966). openSUSE 12.3 Update - fix for CVE-2013-1969 (bnc#815665) * libxml2-CVE-2013-1969.patch openSUSE 12.3 Update - fix prep_reprocess_req NULL pointer deref CVE-2013-1416 (bnc#816413) bug-816413-CVE-2013-1416-prep_reprocess_req-NULL-ptr-deref.dif openSUSE 12.3 Update - update to icedtea-2.3.9 (bnc#816720) * Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model - S8001322: Refactor deserialization - S8001329, CVE-2013-1557: Augment RMI logging - S8003335: Better handling of Finalizer thread - S8003445: Adjust JAX-WS to focus on API - S8003543, CVE-2013-2415: Improve processing of MTOM attachments - S8004261: Improve input validation - S8004336, CVE-2013-2431: Better handling of method handle intrinsic frames - S8004986, CVE-2013-2383: Better handling of glyph table - S8004987, CVE-2013-2384: Improve font layout - S8004994, CVE-2013-1569: Improve checking of glyph table - S8005432: Update access to JAX-WS - S8005943: (process) Improved Runtime.exec - S8006309: More reliable control panel operation - S8006435, CVE-2013-2424: Improvements in JMX - S8006790: Improve checking for windows - S8006795: Improve font warning messages - S8007406: Improve accessibility of AccessBridge - S8007617, CVE-2013-2420: Better validation of images - S8007667, CVE-2013-2430: Better image reading - S8007918, CVE-2013-2429: Better image writing - S8008140: Better method handle resolution - S8009049, CVE-2013-2436: Better method handle binding - S8009063, CVE-2013-2426: Improve reliability of ConcurrentHashMap - S8009305, CVE-2013-0401: Improve AWT data transfer - S8009677, CVE-2013-2423: Better setting of setters - S8009699, CVE-2013-2421: Methodhandle lookup - S8009814, CVE-2013-1488: Better driver management - S8009857, CVE-2013-2422: Problem with plugin * Backports - S7130662, RH928500: GTK file dialog crashes with a NPE * Bug fixes - PR1363: Fedora 19 / rawhide FTBFS SIGILL - PR1401: Fix Zero build on 2.3.8 - Fix offset problem in ICU LETableReference. - Change -Werror fix to preserve OpenJDK default. - PR1303: Correct #ifdef to #if - PR1404: Failure to bootstrap with ecj 4.2 - Added url as source. Please see http://en.opensuse.org/SourceUrls - icedtea-2.3.8-zero-patches.patch: remove patch not applicable to zero compatible hotspot - java-1.7.0-openjdk-fork.patch: Add support for architectures without fork syscall - java-1.7.0-openjdk-aarch64.patch: Add support for aarch64 openSUSE 12.3 Update - U_xf86-fix-flush-input-to-work-with-Linux-evdev-device.patch * So when we VT switch back and attempt to flush the input devices, we don't succeed because evdev won't return part of an event, since we were only asking for 4 bytes, we'd only get -EINVAL back. This could later cause events to be flushed that we shouldn't have gotten. This is a fix for CVE-2013-1940. (bnc#814653) openSUSE 12.3 Update - Applied upstream patch for security vulnerability discovered by Kevin Wojtysiak in ECDSA signature verification of the strongswan openssl plugin (bnc#815236, CVE-2013-2944) [0003-Check-return-value-of-ECDSA_Verify-correctly.patch] openSUSE 12.3 Update This update of python-httplib2 fixed broken SSL certification verification. openSUSE 12.3 Update Changes in telepathy-idle: - Add telepathy-idle-require-tls-validation.patch (bnc#817120, CVE-2007-6746). This fixes flaws in the SSL certificate validation. openSUSE 12.3 Update This version update fixes several bugs: - Frequent connection drops fixed (bnc#817152). - Update to version 4.09 * Fix overflow on HTTP request buffers (CVE-2012-6128)(bnc#803347) * Fix connection to servers with round-robin DNS with two-stage auth/connect. * Impose minimum MTU of 1280 bytes. * Fix some harmless issues reported by Coverity. * Improve "Attempting to connect..." message to be explicit when it's connecting to a proxy. - Update to version 4.07 * Fix segmentation fault when invoked with -p argument. * Fix handling of write stalls on CSTP (TCP) socket. - Update to version 4.06 * Fix default CA location for non-Fedora systems with old GnuTLS. * Improve error handing when vpnc-script exits with error. * Handle PKCS#11 tokens which won't list keys without login. - Update to version 4.05 * Use correct CSD script for Mac OS X. * Fix endless loop in PIN cache handling with multiple PKCS#11 tokens. * Fix PKCS#11 URI handling to preserve all attributes. * Don't forget key password on GUI reconnect. * Fix GnuTLS v3 build on OpenBSD. - Update to version 4.04 * Fix GnuTLS password handling for PKCS#8 files. - Update to version 4.03 * Fix --no-proxy option. * Fix handling of requested vs. received MTU settings. * Fix DTLS MTU for GnuTLS 3.0.21 and newer. * Support more ciphers for OpenSSL encrypted PEM keys, with GnuTLS. * Fix GnuTLS compatibilty issue with servers that insist on TLSv1.0 or non-AES ciphers (RH#836558). - Update to version 4.02 * Fix build failure due to unconditional inclusion of <gnutls/dtls.h>. - Update to version 4.01 * Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS. * Fix repeated passphrase retry for OpenSSL. * Add keystore support for Android. * Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12. * Fix library references to OpenSSL's ERR_print_errors_cb() when built against GnuTLS v2.12. - Update to version 4.00 * Add support for OpenSSL's odd encrypted PKCS#1 files, for GnuTLS. * Fix repeated passphrase retry for OpenSSL. * Add keystore support for Android. * Support TPM, and also additional checks on PKCS#11 certs, even with GnuTLS 2.12. * Fix library references to OpenSSL's ERR_print_errors_cb() when built against GnuTLS v2.12. openSUSE 12.3 Update Changes in icedtea-web with update to 1.4 (bnc#818768): * Added cs, de, pl localization * Splash screen for javaws and plugin * Better error reporting for plugin via Error-splash-screen * All IcedTea-Web dialogues are centered to middle of active screen * Download indicator made compact for more then one jar * User can select its own JVM via itw-settings and deploy.properties. * Added extended applets security settings and dialogue * Security updates - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - CVE-2013-1927, RH884705: fixed gifar vulnerabilit - CVE-2012-3422, RH840592: Potential read from an uninitialized memory location - CVE-2012-3423, RH841345: Incorrect handling of not 0-terminated strings * NetX - PR1027: DownloadService is not supported by IcedTea-Web - PR725: JNLP applications will prompt for creating desktop shortcuts every time they are run - PR1292: Javaws does not resolve versioned jar names with periods correctly * Plugin - PR1106: Buffer overflow in plugin table- - PR1166: Embedded JNLP File is not supported in applet tag - PR1217: Add command line arguments for plugins - PR1189: Icedtea-plugin requires code attribute when using jnlp_href - PR1198: JSObject is not passed to javascript correctly - PR1260: IcedTea-Web should not rely on GTK - PR1157: Applets can hang browser after fatal exception - PR580: http://www.horaoficial.cl/ loads improperly * Common - PR1049: Extension jnlp's signed jar with the content of only META-INF/* is considered - PR955: regression: SweetHome3D fails to run - PR1145: IcedTea-Web can cause ClassCircularityError - PR1161: X509VariableTrustManager does not work correctly with OpenJDK7 - PR822: Applets fail to load if jars have different signers - PR1186: System.getProperty("deployment.user.security.trusted.cacerts") is null - PR909: The Java applet at http://de.gosupermodel.com/games/wardrobegame.jsp fails - PR1299: WebStart doesn't read socket proxy settings from firefox correctly openSUSE 12.3 Update New clamav version 0.97.8 (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation. openSUSE 12.3 Update libtiff security update: * CVE-2013-1961.patch [bnc#818117] * CVE-2013-1960.patch [bnc#817573] openSUSE 12.3 Update OpenStack Keystone was updated to fix (bnc#818596, CVE-2013-2059): Keystone tokens not immediately invalidated when user is deleted. openSUSE 12.3 Update This submission supersedes the Samba packages currently available from http://download.openSUSE.org/pub/opensuse/update/12.*-test/ - Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). - Fix "guest ok", "force user" and "force group" for guest users; (bso#9746). - Fix 'map untrusted to domain' with NTLMv2; (bso#9817). - Fix crash bug in Winbind; (bso#9854). - Fix panic in nt_printer_publish_ads; (bso#9830). openSUSE 12.3 Update MozillaFirefox was updated to Firefox 21.0 (bnc#819204) * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-43/CVE-2013-1671 (bmo#842255) File input control has access to full path * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer Changes in MozillaFirefox-branding-openSUSE: - modified file locations for Firefox 21 and above - added DuckDuckGo as search option (bnc#801121) openSUSE 12.3 Update MozillaThunderbird was updated to security update Thunderbird 17.0.6 (bnc#819204): * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer openSUSE 12.3 Update Mozilla xulrunner was updated to 17.0.6esr (bnc#819204) * MFSA 2013-41/CVE-2013-0801/CVE-2013-1669 Miscellaneous memory safety hazards * MFSA 2013-42/CVE-2013-1670 (bmo#853709) Privileged access for content level constructor * MFSA 2013-46/CVE-2013-1674 (bmo#860971) Use-after-free with video and onresize event * MFSA 2013-47/CVE-2013-1675 (bmo#866825) Uninitialized functions in DOMSVGZoomEvent * MFSA 2013-48/CVE-2013-1676/CVE-2013-1677/CVE-2013-1678/ CVE-2013-1679/CVE-2013-1680/CVE-2013-1681 Memory corruption found using Address Sanitizer openSUSE 12.3 Update The openSUSE 12.3 kernel was updated to fix a critical security issue, other security issues and several bugs. Security issues fixed: CVE-2013-2094: The perf_swevent_init function in kernel/events/core.c in the Linux kernel used an incorrect integer data type, which allowed local users to gain privileges via a crafted perf_event_open system call. CVE-2013-0290: The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel did not properly handle the MSG_PEEK flag with zero-length data, which allowed local users to cause a denial of service (infinite loop and system hang) via a crafted application. Bugs fixed: - qlge: fix dma map leak when the last chunk is not allocated (bnc#819519). - ACPI / thermal: do not always return THERMAL_TREND_RAISING for active trip points (bnc#820048). - perf: Treat attr.config as u64 in perf_swevent_init() (bnc#819789, CVE-2013-2094). - cxgb4: fix error recovery when t4_fw_hello returns a positive value (bnc#818497). - kabi/severities: Ignore drivers/mfd/ucb1400_core It provides internal exports to UCB1400 drivers, that we have just disabled. - Fix -devel package for armv7hl armv7hl kernel flavors in the non-multiplatform configuration (which is the default for our openSUSE 12.3 release), needs more header files from the machine specific directories to be included in kernel-devel. - Update config files: disable UCB1400 on all but ARM Currently UCB1400 is only used on ARM OMAP systems, and part of the code is dead code that can't even be modularized. - CONFIG_UCB1400_CORE=n - CONFIG_TOUCHSCREEN_UCB1400=n - CONFIG_GPIO_UCB1400=n - rpm/config.sh: Drop the ARM repository, the KOTD will build against the "ports" repository of openSUSE:12.3 - mm/mmap: check for RLIMIT_AS before unmapping (bnc#818327). - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g<commit> suffix - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string. - xen-pciback: notify hypervisor about devices intended to be assigned to guests. - unix/stream: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290). - unix/dgram: fix peeking with an offset larger than data in queue (bnc#803931 CVE-2013-0290). - unix/dgram: peek beyond 0-sized skbs (bnc#803931 CVE-2013-0290). - net: fix infinite loop in __skb_recv_datagram() (bnc#803931 CVE-2013-0290). - TTY: fix atime/mtime regression (bnc#815745). - md/raid1,raid10: fix deadlock with freeze_array() (813889). - md: raid1,10: Handle REQ_WRITE_SAME flag in write bios (bnc#813889). - KMS: fix EDID detailed timing vsync parsing. - KMS: fix EDID detailed timing frame rate. - Add Netfilter/ebtables support Those modues are needed for proper OpenStack support on ARM, and are also enabled on x86(_64) openSUSE 12.3 Update This update of gpg2 fixes two security issues: * fix for CVE-2012-6085 (bnc#798465) added gpg2-CVE-2012-6085.patch * fix for bnc#780943 added gpg2-set_umask_before_open_outfile.patch openSUSE 12.3 Update This update of libvirt fixes two problems: - fix leak after listing all volumes - CVE-2013-1962 ca697e90-CVE-2013-1962.patch bnc#820397 - Fix parsing of bond interface XML 5ba077dc-iface-bond.patch bnc#810893 openSUSE 12.3 Update This update of wireshark includes several security and bug fixes. [bnc#820566] + vulnerabilities fixed: * The RELOAD dissector could go into an infinite loop. wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 * The GTPv2 dissector could crash. wnpa-sec-2013-24 * The ASN.1 BER dissector could crash. wnpa-sec-2013-25 * The PPP CCP dissector could crash. wnpa-sec-2013-26 * The DCP ETSI dissector could crash. wnpa-sec-2013-27 * The MPEG DSM-CC dissector could crash. wnpa-sec-2013-28 * The Websocket dissector could crash. wnpa-sec-2013-29 * The MySQL dissector could go into an infinite loop. wnpa-sec-2013-30 * The ETCH dissector could go into a large loop. wnpa-sec-2013-31 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html openSUSE 12.3 Update This version update for nginx to 1.2.9 includes a security fix and several bugfixes and feature enhancements. (bnc#821184) *) Security: contents of worker process memory might be sent to a client if HTTP backend returned specially crafted response (CVE-2013-2070); the bug had appeared in 1.1.4. - changes with 1.2.8: *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: in backend usage accounting. - changes with nginx 1.2.7 *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR notation. *) Feature: the "flush" and "gzip" parameters of the "access_log" directive. *) Feature: variables support in the "auth_basic" directive. *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local variables can now be used not only in the "log_format" directive. *) Feature: IPv6 support in the ngx_http_geoip_module. *) Bugfix: nginx could not be built with the ngx_http_perl_module in some cases. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used. *) Bugfix: nginx could not be built on MacOSX in some cases. *) Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. *) Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. *) Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses. *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux. *) Bugfix: in backup servers handling. *) Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used. *) Bugfix: a segmentation fault occurred on start or during reconfiguration if the "keepalive" directive was specified more than once in a single upstream block. *) Bugfix: in the "proxy_method" directive. *) Bugfix: a segmentation fault might occur in a worker process if resolver was used with the poll method. *) Bugfix: nginx might hog CPU during SSL handshake with a backend if the select, poll, or /dev/poll methods were used. *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error. *) Bugfix: in the "fastcgi_keep_conn" directive. openSUSE 12.3 Update This update of libxcb fixes a integer overflow issue: - U_0001-integer-overflow-in-read_packet-CVE-2013-2064.patch * fixes integer overflow in read_packet() [CVE-2013-2064] (bnc#821584, bnc#815451) openSUSE 12.3 Update This update of libXext fixes several integer overflow issues: - U_0001-integer-overflow-in-XcupGetReservedColormapEntries-C.patch, U_0002-integer-overflow-in-XcupStoreColors-CVE-2013-1982-2-.patch, U_0003-several-integer-overflows-in-XdbeGetVisualInfo-CVE-2.patch, U_0004-integer-overflow-in-XeviGetVisualInfo-CVE-2013-1982-.patch, U_0005-integer-overflow-in-XShapeGetRectangles-CVE-2013-198.patch, U_0006-integer-overflow-in-XSyncListSystemCounters-CVE-2013.patch, * integer overflow(s) in XcupGetReservedColormapEntries(), XcupStoreColors(), XdbeGetVisualInfo(), XeviGetVisualInfo(), XShapeGetRectangles(), XSyncListSystemCounters() [CVE-2013-1982] (bnc#821665, bnc#815451) openSUSE 12.3 Update This update of libXfixes fixes an integer overflow issue: - U_0001-integer-overflow-in-XFixesGetCursorImage-CVE-2013-19.patch * integer overflow in XFixesGetCursorImage() [CVE-2013-1983] (bnc#821667, bnc#815451) openSUSE 12.3 Update This update of libXp fixes several integer overflow issues: - U_0001-integer-overflow-in-XpGetAttributes-XpGetOneAttribut.patch, U_0002-integer-overflows-in-XpGetPrinterList-CVE-2013-2062-.patch, U_0003-integer-overflows-in-XpQueryScreens-CVE-2013-2062-3-.patch * integer overflow(s) in XpGetAttributes/XpGetOneAttribute, XpGetPrinterList() and XpQueryScreens() [CVE-2013-2062] (bnc#821668, bnc#815451) openSUSE 12.3 Update This update of libXrender fixes several integer overflow issues. - U_0001-integer-overflow-in-XRenderQueryFilters-CVE-2013-198.patch, U_0002-integer-overflow-in-XRenderQueryFormats-CVE-2013-198.patch, U_0003-integer-overflow-in-XRenderQueryPictIndexValues-CVE-.patch * integer overflow in XRenderQueryFilters(), XRenderQueryFormats() and XRenderQueryPictIndexValues() [CVE-2013-1987] (bnc#821669, bnc#815451) openSUSE 12.3 Update This update of libXt fixes several security issues. - U_0001-unvalidated-length-in-_XtResourceConfigurationEH-CVE.patch * unvalidated length in _XtResourceConfigurationEH [CVE-2013-2002] (bnc#821670, bnc#815451) - U_0001-Unchecked-return-values-of-XGetWindowProperty-CVE-20.patch * Unchecked return values of XGetWindowProperty [CVE-2013-2005] (bnc#821670, bnc#815451) openSUSE 12.3 Update This update of libXrender fixes several buffer and integer overflow issues. - U_0001-integer-overflow-in-XvQueryPortAttributes-CVE-2013-1.patch, U_0002-integer-overflow-in-XvListImageFormats-CVE-2013-1989.patch, U_0003-integer-overflow-in-XvCreateImage-CVE-2013-1989-3-3.patch * integer overflow in XvQueryPortAttributes(), XvListImageFormats(), XvCreateImage() [CVE-2013-1989] (bnc#821671, bnc#815451) - U_0001-buffer-overflow-in-XvQueryPortAttributes-CVE-2013-20.patch * buffer overflow in XvQueryPortAttributes() [CVE-2013-2066] (bnc#821671, bnc#815451) openSUSE 12.3 Update This update of telepathy-gabble fixes a TLS bypass problem. Changes in telepathy-gabble: - Add telepathy-gabble-cve-2013-1431.patch (bnc#822586). This makes it respect the TLS-required flag on legacy Jabber servers. Identified as CVE-2013-1431. openSUSE 12.3 Update This update of nfs-utils includes several bug and security fixes. - gssd-reverse-dns-fix: Allow DNS lookups to be avoided when determining kerberos identity of server. The GSSD_OPTIONS sysconfig variable is added so that use of DNS can be enforced for sites that need it. (bnc#813464 CVE-2013-1923) - gssd-n.fix: linux-3.7 changed behaviour of gssd lookups so that "gssd -n" isn't sufficient to stop the use of "machine credentials". This patch add "-N" which stops the new use as well. Also add GSSD_OPTIONS to sysconfig so these flags can be set more easily. (bnc#817651) - mountd-fix-exporting-of-with-sec-setting.patch Fix bug when exporting root filesystem with gss security. (bnc#809226) - mountd-fix-error-check.patch: check for errors with exporting filesystems correctly (bnc#809226) - nfsserver.init: make sure warning about bind= being deprecated goes to terminal and not into /run/nfs/bind.mounts (bnc#809226) openSUSE 12.3 Update This update of subversion includes several bug and security fixes. - update to 1.7.10 [bnc#821505] CVE-2013-1968 CVE-2013-2088 CVE-2013-2112 - Client-side bugfixes: * fix 'svn revert' "no such table: revert_list" spurious error * fix 'svn diff' doesn't show some locally added files * fix changelist filtering when --changelist values aren't UTF8 * fix 'svn diff --git' shows wrong copyfrom * fix 'svn diff -x-w' shows wrong changes * fix 'svn blame' sometimes shows every line as modified * fix regression in 'svn status -u' output for externals * fix file permissions change on commit of file with keywords * improve some fatal error messages * fix externals not removed when working copy is made shallow - Server-side bugfixes: * fix repository corruption due to newline in filename * fix svnserve exiting when a client connection is aborted * fix svnserve memory use after clear * fix repository corruption on power/disk failure on Windows - Developer visible changes: * make get-deps.sh compatible with Solaris /bin/sh * fix infinite recursion bug in get-deps.sh * fix uninitialised output parameter of svn_fs_commit_txn() - Bindings: * fix JavaHL thread-safety bug openSUSE 12.3 Update This update of autotrace fixes a buffer overflow issue. - Fix stack-based buffer overflow in bmp parser (CVE-2013-1953.patch, bnc#815382, CVE-2013-1953). openSUSE 12.3 Update This update of pymongo fixes a null pointer issue. - Add Fix-null-pointer-when-decoding-invalid-DBRef.patch * Fixed user-triggerable NULL pointer dereference due to utter plebbery (CVE-2013-2132, bnc#822798) openSUSE 12.3 Update The openSUSE 12.3 kernel was updated to fix a critical security issue and two reiserfs bugs. CVE-2013-2850: Incorrect strncpy usage in the network listening part of the iscsi target driver could have been used by remote attackers to crash the kernel or execute code. This required the iscsi target running on the machine and the attacker able to make a network connection to it (aka not filtered by firewalls). Bugs fixed: - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry (bnc#822722). - reiserfs: fix problems with chowning setuid file w/ xattrs (bnc#790920). - iscsi-target: fix heap buffer overflow on error (CVE-2013-2850, bnc#821560). openSUSE 12.3 Update This update of libFS fixes an integer overflow issue. - U_0001-Sign-extension-issue-and-integer-overflow-in-FSOpenS.patch * Sign extension issue and integer overflow in FSOpenServer() [CVE-2013-1996] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXcursor fixes an integer overflow issue. - U_0001-signedness-bug-integer-overflow-in-_XcursorFileHeade.patch * signedness bug & integer overflow in _XcursorFileHeaderCreate() [CVE-2013-2003] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXi fixes several integer overflow issues. - U_0001-integer-overflow-in-XGetDeviceControl-CVE-2013-1984-.patch, U_0002-integer-overflow-in-XGetFeedbackControl-CVE-2013-198.patch, U_0003-integer-overflow-in-XGetDeviceDontPropagateList-CVE-.patch, U_0004-integer-overflow-in-XGetDeviceMotionEvents-CVE-2013-.patch, U_0005-integer-overflow-in-XIGetProperty-CVE-2013-1984-5-8.patch, U_0006-integer-overflow-in-XIGetSelectedEvents-CVE-2013-198.patch, U_0007-Avoid-integer-overflow-in-XGetDeviceProperties-CVE-2.patch, U_0008-Avoid-integer-overflow-in-XListInputDevices-CVE-2013.patch * integer overflow in various functions [CVE-2013-1984] (bnc#821663, bnc#815451) - U_0001-sign-extension-issue-in-XListInputDevices-CVE-2013-1.patch * sign extension issue in XListInputDevices() [CVE-2013-1995] (bnc#821663, bnc#815451) - U_0001-Stack-buffer-overflow-in-XGetDeviceButtonMapping-CVE.patch, U_0002-memory-corruption-in-_XIPassiveGrabDevice-CVE-2013-1.patch, U_0003-unvalidated-lengths-in-XQueryDeviceState-CVE-2013-19.patch * Stack buffer overflow in XGetDeviceButtonMapping(), memory corruption in _XIPassiveGrabDevice(), unvalidated lengths in XQueryDeviceState() [CVE-2013-1998] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXinerama fixes an integer overflow issue. - U_0001-integer-overflow-in-XineramaQueryScreens-CVE-2013-19.patch * integer overflow in XineramaQueryScreens() [CVE-2013-1985] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXrandr fixes several integer overflow issues. - U_0001-integer-overflow-in-XRRQueryOutputProperty-CVE-2013-.patch, U_0003-integer-overflow-in-XRRGetOutputProperty-CVE-2013-19.patch, * integer overflow in XRRQueryOutputProperty(), XRRGetProviderProperty() [CVE-2013-1986] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXres fixes several integer overflow issues. - U_0001-integer-overflow-in-XResQueryClients-CVE-2013-1988-1.patch, U_0002-integer-overflow-in-XResQueryClientResources-CVE-201.patch * integer overflow in XResQueryClients(), XResQueryClientResources() [CVE-2013-1988] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXtst fixes an integer overflow issue. - U_0001-integer-overflow-in-XRecordGetContext-CVE-2013-2063.patch * integer overflow in XRecordGetContext() [CVE-2013-2063] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXvMC fixes several integer overflow issues. - U_0001-integer-overflow-in-XvMCListSurfaceTypes-CVE-2013-19.patch, U_0002-integer-overflow-in-XvMCListSubpictureTypes-CVE-2013.patch * integer overflow in XvMCListSurfaceTypes(), XvMCListSubpictureTypes() [CVE-2013-1990] (bnc#821663, bnc#815451) - U_0001-Multiple-unvalidated-assumptions-in-XvMCGetDRInfo-CV.patch * Multiple unvalidated assumptions in XvMCGetDRInfo() [CVE-2013-1999] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXxf86dga fixes several buffer and integer overflow issues. - U_0001-integer-overflow-in-XDGAQueryModes-CVE-2013-1991-1-2.patch, U_0002-integer-overflow-underflow-in-XDGASetMode-CVE-2013-1.patch * integer overflow in XDGAQueryModes(); integer overflow & underflow in XDGASetMode() [CVE-2013-1991] (bnc#821663, bnc#815451) - U_0001-buffer-overflow-in-XDGAQueryModes-CVE-2013-2000-1-2.patch, U_0002-buffer-overflow-in-XDGASetMode-CVE-2013-2000-2-2.patch * buffer overflow in XDGAQueryModes(), XDGASetMode() [CVE-2013-2000] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libXxf86vm fixes a memory corruption issue. - U_0001-memory-corruption-in-XF86VidModeGetGammaRamp-CVE-201.patch * memory corruption in XF86VidModeGetGammaRamp() [CVE-2013-2001] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libdmx fixes several integer overflow issues. - U_0001-integer-overflow-in-DMXGetScreenAttributes-CVE-2013-.patch, U_0002-integer-overflow-in-DMXGetWindowAttributes-CVE-2013-.patch, U_0003-integer-overflow-in-DMXGetInputAttributes-CVE-2013-1.patch, * integer overflow in DMXGetScreenAttributes(), DMXGetWindowAttributes(), DMXGetInputAttributes() [CVE-2013-1992] (bnc#821663, bnc#815451) openSUSE 12.3 Update This update of libX11 fixes several security issues. - U_0001-integer-overflow-in-_XQueryFont-on-32-bit-platforms-.patch, U_0002-integer-overflow-in-_XF86BigfontQueryFont-CVE-2013-1.patch, U_0003-integer-overflow-in-XListFontsWithInfo-CVE-2013-1981.patch, U_0004-integer-overflow-in-XGetMotionEvents-CVE-2013-1981-4.patch, U_0005-integer-overflow-in-XListHosts-CVE-2013-1981-5-13.patch, U_0006-Integer-overflows-in-stringSectionSize-cause-buffer-.patch, U_0007-integer-overflow-in-ReadInFile-in-Xrm.c-CVE-2013-198.patch, U_0008-integer-truncation-in-_XimParseStringFile-CVE-2013-1.patch, U_0009-integer-overflows-in-TransFileName-CVE-2013-1981-9-1.patch, U_0010-integer-overflow-in-XGetWindowProperty-CVE-2013-1981.patch, U_0011-integer-overflow-in-XGetImage-CVE-2013-1981-11-13.patch, U_0012-integer-overflow-in-XGetPointerMapping-XGetKeyboardM.patch, U_0013-integer-overflow-in-XGetModifierMapping-CVE-2013-198.patch * integer overflow in various functions, integer truncation in _XimParseStringFile() [CVE-2013-1981] (bnc#821664, bnc#815451) - U_0001-unvalidated-lengths-in-XAllocColorCells-CVE-2013-199.patch, U_0002-unvalidated-index-in-_XkbReadGetDeviceInfoReply-CVE-.patch, U_0003-unvalidated-indexes-in-_XkbReadGeomShapes-CVE-2013-1.patch, U_0004-unvalidated-indexes-in-_XkbReadGetGeometryReply-CVE-.patch, U_0005-unvalidated-index-in-_XkbReadKeySyms-CVE-2013-1997-5.patch, U_0006-unvalidated-index-in-_XkbReadKeyActions-CVE-2013-199.patch, U_0007-unvalidated-index-in-_XkbReadKeyBehaviors-CVE-2013-1.patch, U_0008-unvalidated-index-in-_XkbReadModifierMap-CVE-2013-19.patch, U_0009-unvalidated-index-in-_XkbReadExplicitComponents-CVE-.patch, U_0010-unvalidated-index-in-_XkbReadVirtualModMap-CVE-2013-.patch, U_0011-unvalidated-index-length-in-_XkbReadGetNamesReply-CV.patch, U_0012-unvalidated-length-in-_XimXGetReadData-CVE-2013-1997.patch, U_0013-Avoid-overflows-in-XListFonts-CVE-2013-1997-13-15.patch, U_0014-Avoid-overflows-in-XGetFontPath-CVE-2013-1997-14-15.patch, U_0015-Avoid-overflows-in-XListExtensions-CVE-2013-1997-15-.patch * unvalidated index/length in various functions; Avoid overflows in XListFonts(), XGetFontPath(), XListExtensions() [CVE-2013-1997] (bnc##821664, bnc#815451) - U_0001-Unbounded-recursion-in-GetDatabase-when-parsing-incl.patch, U_0002-Unbounded-recursion-in-_XimParseStringFile-when-pars.patch * Unbounded recursion in GetDatabase(), _XimParseStringFile when parsing include files [CVE-2013-2004] (bnc##821664, bnc#815451) openSUSE 12.3 Update This update of darktable fixes a problem inside the embedded libraw version. - Fix for CVE-2013-2126 * added backported patch from git master 0001-fixed-error-handling-for-broken-full-color-images.patch fixes bnc#823114- openSUSE 12.3 Update This update of wireshark includes several security and bug fixes. - update to 1.8.8 [bnc#823932] + vulnerabilities fixed: * The CAPWAP dissector could crash. wnpa-sec-2013-32 * The GMR-1 BCCH dissector could crash. wnpa-sec-2013-33 * The PPP dissector could crash. wnpa-sec-2013-34 * The NBAP dissector could crash. wnpa-sec-2013-35 * The RDP dissector could crash. wnpa-sec-2013-36 * The GSM CBCH dissector could crash. wnpa-sec-2013-37 * The Assa Abloy R3 dissector could consume excessive memory and CPU. wnpa-sec-2013-38 * The HTTP dissector could overrun the stack. wnpa-sec-2013-39 * The Ixia IxVeriWave file parser could overflow the heap. wnpa-sec-2013-40 * The DCP ETSI dissector could crash. wnpa-sec-2013-41 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html wnpa-sec-2013-24 CVE-2013-3555 wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557 wnpa-sec-2013-26 CVE-2013-3558 wnpa-sec-2013-27 CVE-2013-3559 wnpa-sec-2013-28 CVE-2013-3560 wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562 wnpa-sec-2013-30 CVE-2013-3561 wnpa-sec-2013-31 CVE-2013-3561 openSUSE 12.3 Update This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 (2013-04-24) * [security] Remote code execution (preg_replace), reported by Janek Vind (see PMASA-2013-2) * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind (see PMASA-2013-3) - fix for bnc#824301 * PMASA-2013-2 (CVE-2013-3238) - fix for bnc#824302 * PMASA-2013-3 (CVE-2013-3239) - update to 3.5.8 (2013-04-08) * sf#3828 MariaDB reported as MySQL * sf#3854 Incorrect header for Safari 6.0 * sf#3705 Attempt to open trigger for edit gives NULL * Use HTML5 DOCTYPE * [security] Self-XSS on GIS visualisation page, reported by Janek Vind see PMASA-2013-1 * sf#3800 Incorrect keyhandler behaviour #2 - fix for bnc#814678 * PMASA-2013-1 (CVE-2013-1937) openSUSE 12.3 Update This update of libraw fixes a security issue. - security update: * CVE-2013-2126.patch [bnc#822665] openSUSE 12.3 Update This update of openstack-nova fixes a security vulnerability. - Add CVE-2013-2030.patch: fix insecure keystone middleware tmpdir by default (CVE-2013-2030, bnc#819349). - Use explicit keystone-signing dir to workaround lp#1181157. openSUSE 12.3 Update This update of openstack-swift fixes a security vulnerability. - Add CVE-2013-2161.patch: fix unchecked user input in Swift XML responses (CVE-2013-2161, bnc#824286). openSUSE 12.3 Update This update of openstack-keystone fixes two security vulnerabilities. - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation (CVE-2013-2104, bnc#821201) - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend (CVE-2013-2157, bnc#823783) openSUSE 12.3 Update This update of python-keystoneclient fixes a security vulnerability. - Add CVE-2013-2013.patch: allow secure user password update (CVE-2013-2013, bnc#817415). openSUSE 12.3 Update This update of fail2ban fixes a security vulnerability. Changes in fail2ban: - Fixes: Yaroslav Halchenko * [6ccd5781] filter.d/apache-{auth,nohome,noscript,overflows} - anchor failregex at the beginning (and where applicable at the end). Addresses a possible DoS. Closes gh#fail2ban/fail2ban#248, CVE-2013-2178, bnc#824710 openSUSE 12.3 Update This update fixes a kpasswd UDP ping-pong security bug (CVE-2002-2443). openSUSE 12.3 Update This dbus-1 update fixes a security vulnerability. - Added CVE-2013-2168.patch, fixes referenced vulnerability (bnc#824607) openSUSE 12.3 Update xdm was updated on crypt() NULL pointer crashes: * Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL (w/ NULL return) if the salt violates specifications. Additionally, on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords passed to crypt() fail with EPERM (w/ NULL return). If using glibc's crypt(), check return value to avoid a possible NULL pointer dereference. (bnc#824884) (CVE-2013-2179) openSUSE 12.3 Update Empty. openSUSE 12.3 Update MozillaFirefox was updated to Firefox 22.0 (bnc#825935) Following security issues were fixed: * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name openSUSE 12.3 Update MozillaThunderbird was updated to Thunderbird 17.0.7 (bnc#825935) Security issues fixed: * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context openSUSE 12.3 Update Mozilla xulrunner was update to 17.0.7esr (bnc#825935) Security issues fixed: * MFSA 2013-49/CVE-2013-1682 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context openSUSE 12.3 Update This xorg-x11-server update fixes a DoS vulnerability and adds randr support. - U_os-Reset-input-buffer-s-ignoreBytes-field.patch * If a client sends a request larger than maxBigRequestSize, the server is supposed to ignore it. Before commit cf88363d, the server would simply disconnect the client. After that commit, it attempts to gracefully ignore the request by remembering how long the client specified the request to be, and ignoring that many bytes. However, if a client sends a BigReq header with a large size and disconnects before actually sending the rest of the specified request, the server will reuse the ConnectionInput buffer without resetting the ignoreBytes field. This makes the server ignore new X clients' requests. This fixes that behavior by resetting the ignoreBytes field when putting the ConnectionInput buffer back on the FreeInputs list. (bnc#815583) - u_xserver_xvfb-randr.patch * Add randr support to Xvfb (bnc#823410) openSUSE 12.3 Update This python-bugzilla update fixes a SSL verification issue. - CVE-2013-2191 (bnc#825876) - validate SSL certificates and hostnames openSUSE 12.3 Update This nagios update fixes a authorization problem inside host/service views. - added nagios-CVE-2013-2214.patch fixing unauthorized host/service views displayed in servicegroup view (bnc#827020) openSUSE 12.3 Update - Update to 30.0.1553 * Bug and stability fixes * Includes security update for v8 (bnc821601) * CVE-2013-2838 Denial of service (out-of-bounds read) via unspecified vectors - Add the flag --disable-gpu-sandbox to prevent crashes and/or slowness. The GPU Sandbox is a new sandbox introduces in M28 and is currently causing issues (http://code.google.com/p/chromium/issues/detail?id=255063) openSUSE 12.3 Update - fix cve-2013-4073 (bnc#827265) The fix_cve-2013-4073.patch contains the patch for cve-2013-4073 (bnc#827265) adapted from https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 openSUSE 12.3 Update perl-Module-Signature was updated to 0.73, fixing bugs and security issues: Security fix for code execution in signature checking: * fix for bnc#828010 (CVE-2013-2145) * Properly redo the previous fix using File::Spec->file_name_is_absolute. - [Changes for 0.72 - Wed Jun 5 23:19:02 CST 2013] * Only allow loading Digest::* from absolute paths in @INC, by ensuring they begin with \ or / characters. Contributed by: Florian Weimer (CVE-2013-2145) - [Changes for 0.71 - Tue Jun 4 18:24:10 CST 2013] * Constrain the user-specified digest name to /^\w+\d+$/. * Avoid loading Digest::* from relative paths in @INC. Contributed by: Florian Weimer (CVE-2013-2145) - [Changes for 0.70 - Thu Nov 29 01:45:54 CST 2012] * Don't check gpg version if gpg does not exist. This avoids unnecessary warnings during installation when gpg executable is not installed. Contributed by: Kenichi Ishigaki - [Changes for 0.69 - Fri Nov 2 23:04:19 CST 2012] * Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2 Contributed by: Michael Schwern openSUSE 12.3 Update seamonkey was updated to 2.19 (bnc#825935) to fix bugs and security issues. Security issues fixed: * MFSA 2013-49/CVE-2013-1682/CVE-2013-1683 Miscellaneous memory safety hazards * MFSA 2013-50/CVE-2013-1684/CVE-2013-1685/CVE-2013-1686 Memory corruption found using Address Sanitizer * MFSA 2013-51/CVE-2013-1687 (bmo#863933, bmo#866823) Privileged content access and execution via XBL * MFSA 2013-52/CVE-2013-1688 (bmo#873966) Arbitrary code execution within Profiler * MFSA 2013-53/CVE-2013-1690 (bmo#857883) Execution of unmapped memory through onreadystatechange event * MFSA 2013-54/CVE-2013-1692 (bmo#866915) Data in the body of XHR HEAD requests leads to CSRF attacks * MFSA 2013-55/CVE-2013-1693 (bmo#711043) SVG filters can lead to information disclosure * MFSA 2013-56/CVE-2013-1694 (bmo#848535) PreserveWrapper has inconsistent behavior * MFSA 2013-57/CVE-2013-1695 (bmo#849791) Sandbox restrictions not applied to nested frame elements * MFSA 2013-58/CVE-2013-1696 (bmo#761667) X-Frame-Options ignored when using server push with multi-part responses * MFSA 2013-59/CVE-2013-1697 (bmo#858101) XrayWrappers can be bypassed to run user defined methods in a privileged context * MFSA 2013-60/CVE-2013-1698 (bmo#876044) getUserMedia permission dialog incorrectly displays location * MFSA 2013-61/CVE-2013-1699 (bmo#840882) Homograph domain spoofing in .com, .net and .name openSUSE 12.3 Update Mesa was updated to fix a security problem in the Intel drivers, where potentially remote attackers via 3D models could inject code. (CVE-2013-1872 - i965: fix problem with constant out of bounds access (bnc #828007).) openSUSE 12.3 Update Python SUDS was updated to create a create random cache tempdir to avoid other local user access (bnc#827568) (CVE-2013-2217) openSUSE 12.3 Update The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For now mask all file mode bits for "group" and "others" in become_daemon(). Temporarily, for compatibility reasons, stick with the 0666 file-mode in case of files newly created by the "guest-file-open" QMP call. Do so without changing the umask temporarily. QEMU was updated to 1.1.2 on openSUSE 12.2, and 1.3.1 on openSUSE 12.3. openSUSE 12.3 Update Tinyproxy allowed remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket. This update fixes this by limiting headers and improving the hash keying. openSUSE 12.3 Update A directory traversal in cgit could be used by remote attackers to read files on the local filesystem. (CVE-2013-2117) openSUSE 12.3 Update python-django was updated to 1.4.5 to fix various security issues and bugs. Update to 1.4.5: - Security release. - Fix bnc#807175 / bnc#787521 / CVE-2012-4520 / CVE-2013-0305 / CVE-2013-0306 and CVE-2013-1665. - Update to 1.4.3: - Security release: - Host header poisoning - Redirect poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/dec/10/security - Add a symlink from /usr/bin/django-admin.py to /usr/bin/django-admin - Update to 1.4.2: - Security release: - Host header poisoning - Please check release notes for details: https://www.djangoproject.com/weblog/2012/oct/17/security - Update to 1.4.1: - Security release: - Cross-site scripting in authentication views - Denial-of-service in image validation - Denial-of-service via get_image_dimensions() - Please check release notes for details: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued - Add patch to support CSRF_COOKIE_HTTPONLY config openSUSE 12.3 Update java-1_7_0-openjdk was updated to icedtea-2.4.1 (bnc#828665) * Security fixes - S6741606, CVE-2013-2407: Integrate Apache Santuario - S7158805, CVE-2013-2445: Better rewriting of nested subroutine calls - S7170730, CVE-2013-2451: Improve Windows network stack support. - S8000638, CVE-2013-2450: Improve deserialization - S8000642, CVE-2013-2446: Better handling of objects for transportation - S8001032: Restrict object access - S8001033, CVE-2013-2452: Refactor network address handling in virtual machine identifiers - S8001034, CVE-2013-1500: Memory management improvements - S8001038, CVE-2013-2444: Resourcefully handle resources - S8001043: Clarify definition restrictions - S8001308: Update display of applet windows - S8001309: Better handling of annotation interfaces - S8001318, CVE-2013-2447: Socket.getLocalAddress not consistent with InetAddress.getLocalHost - S8001330, CVE-2013-2443: Improve on checking order (non-Zero builds only) - S8003703, CVE-2013-2412: Update RMI connection dialog box - S8004288, CVE-2013-2449: (fs) Files.probeContentType problems - S8004584: Augment applet contextualization - S8005007: Better glyph processing - S8006328, CVE-2013-2448: Improve robustness of sound classes - S8006611: Improve scripting - S8007467: Improve robustness of JMX internal APIs - S8007471: Improve MBean notifications - S8007812, CVE-2013-2455: (reflect) Class.getEnclosingMethod problematic for some classes - S8007925: Improve cmsStageAllocLabV2ToV4curves - S8007926: Improve cmsPipelineDup - S8007927: Improve cmsAllocProfileSequenceDescription - S8007929: Improve CurvesAlloc - S8008120, CVE-2013-2457: Improve JMX class checking - S8008124, CVE-2013-2453: Better compliance testing - S8008128: Better API coherence for JMX - S8008132, CVE-2013-2456: Better serialization support - S8008585: Better JMX data handling - S8008593: Better URLClassLoader resource management - S8008603: Improve provision of JMX providers - S8008607: Better input checking in JMX - S8008611: Better handling of annotations in JMX - S8008615: Improve robustness of JMX internal APIs - S8008623: Better handling of MBeanServers - S8008744, CVE-2013-2407: Rework part of fix for JDK-6741606 - S8008982: Adjust JMX for underlying interface changes - S8009004: Better implementation of RMI connections - S8009008: Better manage management-api - S8009013: Better handling of T2K glyphs - S8009034: Improve resulting notifications in JMX - S8009038: Improve JMX notification support - S8009057, CVE-2013-2448: Improve MIDI event handling - S8009067: Improve storing keys in KeyStore - S8009071, CVE-2013-2459: Improve shape handling - S8009235: Improve handling of TSA data - S8009424, CVE-2013-2458: Adapt Nashorn to JSR-292 implementation change - S8009554, CVE-2013-2454: Improve SerialJavaObject.getFields - S8009654: Improve stability of cmsnamed - S8010209, CVE-2013-2460: Better provision of factories - S8011243, CVE-2013-2470: Improve ImagingLib - S8011248, CVE-2013-2471: Better Component Rasters - S8011253, CVE-2013-2472: Better Short Component Rasters - S8011257, CVE-2013-2473: Better Byte Component Rasters - S8012375, CVE-2013-1571: Improve Javadoc framing - S8012421: Better positioning of PairPositioning - S8012438, CVE-2013-2463: Better image validation - S8012597, CVE-2013-2465: Better image channel verification - S8012601, CVE-2013-2469: Better validation of image layouts - S8014281, CVE-2013-2461: Better checking of XML signature - S8015997: Additional improvement in Javadoc framing * OpenJDK - list to long, please consult NEWS file - java-1.7.0-openjdk-zero-arch.patch: fix detection of zero arch - ignore rhino dependencies during a build to prevent a build cycle - update to icedtea-2.4.0 (based on oracle jdk7u40) * OpenJDK (see NEWS for full listing) - PR1209, S7170638: Use DTRACE_PROBE[N] in JNI Set and SetStatic Field. - PR1206, S7201205: Add Makefile configuration option to build with unlimited crypto in OpenJDK * Backports - PR1197, S8003120, RH868136: ResourceManager.getApplicationResources() does not close InputStreams - S8014618, RH962568: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement * Bug fixes - PR1212: IcedTea7 fails to build because Resources.getText() is no longer available for code to use - Add NSS (commented out) to other platforms. - Allow multiple PKCS11 library initialisation to be a non-critical error. - Complete switch from local zlib patch to upstream version. - Include defs.make in buildtree.make so ZERO_BUILD is recognised and JVM_VARIANT_ZERO set. - Provide support for using PKCS11 provider with NSS - Remove file apparently removed as part of upstreaming of Zero. - Revert 7060849 - Set UNLIMITED_CRYPTO=true to ensure we use the unlimited policy. - PR473: Set handleStartupErrors to ignoreMultipleInitialisation in nss.cfg - PR716: IcedTea7 should bootstrap with IcedTea6 - Expand java.security.cert.* imports to avoid conflict when building with OpenJDK 6. - Fix indentation on Makefile block not executed when STRIP_POLICY=no_strip is set - Fix invalid XSL stylesheets and DTD introduced as part of JEP 167. - Include defs.make in buildtree.make so ZERO_BUILD is recognised and JVM_VARIANT_ZERO set. - Make sure libffi cflags and libs are used. - PR1378: Add AArch64 support to Zero - PR1170: Ensure unlimited crypto policy is in place. - RH513605, PR1280: Updating/Installing OpenJDK should recreate the shared class-data archive - PR1358: Make XRender mandatory - PR1360: Check for /usr/lib64 JVMs and generic JPackage alternative - PR1435, D657854: OpenJDK 7 returns incorrect TrueType font metrics - PR728: GTKLookAndFeel does not honor gtk-alternative-button-order * JamVM - JSR 335: (lambda expressions) initial hack - JEP 171: Implement fence methods in sun.misc.Unsafe - Fix invokesuper check in invokespecial opcode - Fix non-direct interpreter invokespecial super-class check - When GC'ing a native method don't try to free code - Do not free unprepared Miranda method code data - Set anonymous class protection domain - JVM_IsVMGeneratedMethodIx stub - Dummy implementation of sun.misc.Perf natives - separate vm for zero is no longer needed - drop java-1.7.0-openjdk-aarch64.patch (upstream: PR1378) - fix bnc#781690c#11 - setup JAVA_HOME in posttrans, so certificates will be created by this JVM - fix the postrans conditions (add missing prefiX) - relax build requires, so every java-devel >= 1.7.0 can match openSUSE 12.3 Update Libxml2 was updated to fix buffer overread problems which could lead to crashes (out of bounds read). (CVE-2013-2877) openSUSE 12.3 Update - update to 0.9.10: + added fullscreen option + added Thruk support + added Check_MK cookie-based auth + added new Centreon autologin option + added configurable default sort order + added filter for hosts in hard/soft state for Nagios, Icinga, Opsview and Centreon + added $STATUS-INFO$ variable for custom actions + added audio alarms also in fullscreen mode + improved update interval set in seconds instead minutes + improved Icinga JSON support + improved Centreon 2.4 xml/broker support + improved Nagios 3.4 pagination support + improved nicer GTK theme Murrine on MacOSX + fixed security bug + fixed some memory leaks + fixed superfluous passive icon for Check_MK + fixed blocking of shutdown/reboot on MacOSX + fixed saving converted pre 0.9.9 config immediately + fixed statusbar position when offscreen + fixed some GUI issues + fixed update detection - this version fixes a security bug in the automatic update check (mentioned in CVE-2013-4114 and bnc #829217) - fix build on CentOS > 5 openSUSE 12.3 Update - fixing the following security issues: * CVE-2013-4635.patch (bnc#828020): - Integer overflow in the SdnToJewish * CVE-2013-1635.patch and CVE-2013-1643.patch (bnc#807707): - reading system files via untrusted SOAP input - soap.wsdl_cache_dir function did not honour PHP open_basedir * CVE-2013-4113.patch (bnc#829207): - heap corruption due to badly formed xml openSUSE 12.3 Update - Added changeset_ra2bab28a.diff from upstream 4.11 branch, fixes kde#321576 - Added kdm-kcheckpass-Check-for-NULL-return-from-crypt-3-an.patch, (bnc#829857, CVE-2013-4132) openSUSE 12.3 Update This version update of lcms2 to release 2.5 fixes several security issues plus several other color management bugs. openSUSE 12.3 Update A buffer overflow in srtp was fixed which could potentially be used by attackers to crash srtp using applications and potentially execute code (CVE-2013-2139, bnc828009). openSUSE 12.3 Update The GNOME file-roller archive tool was updated to fix a path traversal issue while unpacking (CVE-2013-4668). File Roller now sanitizes path names while unpacking, so that a path traversal attack cannot be used to create files outside the unpack destination directory. openSUSE 12.3 Update Subversion was updated to 1.7.11 [bnc#830031] to fix bugs and security issues. * translation updates for Simplified Chinese * mod_dav_svn: fix incorrect path canonicalization (CVE-2013-4131) * javahl bindings: fix bug in error constructing code openSUSE 12.3 Update Tomcat was updated to fix two security issues: CVE-2013-1976: Avoid a potential symlink race during startup of the tomcat server, where a local attacker that gaine access to the tomcat chroot could escalate privileges to root. CVE-2013-2071: java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x did not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. openSUSE 12.3 Update libgcrypt was updated to 1.5.3 [bnc#831359] to fix a security issue, bugs and get some new features: Security issue fixed: * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448>. - contains changes from 1.5.2 * The upstream sources now contain the IDEA algorithm, dropping: idea.c.gz libgcrypt-1.5.0-idea.patch libgcrypt-1.5.0-idea_codecleanup.patch * Made the Padlock code work again (regression since 1.5.0). * Fixed alignment problems for Serpent. * Fixed two bugs in ECC computations. - add GPL3.0+ to License tag because of dumpsexp (bnc#810759) - contains changes from 1.5.1 * Allow empty passphrase with PBKDF2. * Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen. * Fixed some Valgrind warnings. * Fixed a problem with select and high fd numbers. * Improved the build system * Various minor bug fixes. * Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW. openSUSE 12.3 Update Wireshark was updated to 1.8.9 [bnc#831718] + vulnerabilities fixed: * The Bluetooth SDP dissector could go into a large loop CVE-2013-4927 wnpa-sec-2013-45 * The DIS dissector could go into a large loop CVE-2013-4929 wnpa-sec-2013-47 * The DVB-CI dissector could crash CVE-2013-4930 wnpa-sec-2013-48 * The GSM RR dissector (and possibly others) could go into a large loop CVE-2013-4931 wnpa-sec-2013-49 * The GSM A Common dissector could crash CVE-2013-4932 wnpa-sec-2013-50 * The Netmon file parser could crash CVE-2013-4933 CVE-2013-4934 wnpa-sec-2013-51 * The ASN.1 PER dissector could crash CVE-2013-4935 wnpa-sec-2013-52 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html openSUSE 12.3 Update - httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff CVE-2013-1896: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault. [bnc#829056] - httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff CVE-2013-1862: client data written to the RewriteLog must have terminal escape sequences escaped. [bnc#829057] openSUSE 12.3 Update The ticket system OTRS was updated to 3.1.18 to fix various bugs and security issues. Update to 3.1.18: * OSA-2013-05, CVE-2013-4717, CVE-2013-4718 fixed. * Fixed bug#9561 - ACL restriction with CustomerID for DynamicFields at new Ticket screen not working. * Fixed bug#9425 - Wrong created date for queue view. * Fixed bug#9125 - AgentTicketSearch dialog does not expand when choosing more search criteria. * Fixed bug#8273 - Copying text in preview mode not possible. * Fixed bug#9557 - Cannot see quoted text in customer ticket zoom. * Fixed bug#9011 - GenericInterface: New value after value mapping can't be 0. * Improved parameter quoting in various places. * Fixed bug#9104 - Group permission for customer subset overwrites permissions for other customers. * Fixed bug#8719 - PasswordMin2Lower2UpperCharacters problem. - 3.1.17 * Fixed OSA-2013-04, CVE-2013-4088. * Improved permission checks in AgentTicketWatcher. * Fixed bug#9503 - no connection header in soap responses. * Added parameter "-t dbonly" to backup.pl to only backup the database * Fixed bug#9491 - GenericAgent job update with dynamic fields sends Uninitialized value error. * Fixed bug#9462 - Package Management page timeout due to HTTPS disabled on Proxy connections. - 3.1.16 * Fixed OSA-2013-03, CVE-2013-3551. * Updated Package Manager, that will ensure that packages to be installed meet the quality standards of OTRS Group. This is to guarantee that your package wasn’t modified, which may possibly harm your system or have an influence on the stability and performance of it. All independent package contributors will have to conduct a check of their Add-Ons by OTRS Group in order to take full advantage of the OTRS package verification. * Fixed bug#9387 - Error in a condition with dynamic fields in NotificationEvent. * Fixed bug#9286 - Ticket::ChangeOwnerToEveryone isn't functional, After a AJAX Load the setting is ignored. * Fixed bug#7518 - Escalation Notify by not working properly (follow-up fix). * Fixed bug#7478 - Got an external answer to an internal mail. * Improved permission checks in AgentTicketPhone. * Fixed bug#[9360](http://bugs.otrs.org/show_bug.cgi?id=9360) - DynamicField Names shown in CSV output. * Fixed bug#9384 - Problem with Method ServiceParentsGet of ServiceObject. * Fixed bug#9072 - Reply to email-internal includes customer users email in Cc. field. - 3.1.15 * Added Malay translation. * Fixed bug#8960 - AgentTicketSearch.pm SearchProfile problem. * Fixed bug#9182 - Customer Search Function -> If you go into a ticket and go back you got not the search results. * Fixed bug#9198 - Linked search with fulltext AND additional attributes. * Fixed bug#9295 - Article dynamic field is not searchable. * Fixed bug#9312 - LinkObject permission check problem. - 3.1.14 * Fixed for OSA-2013-01, CVE-2013-2625. * Fixed bug#9257 - No notifications to agents with out-of-office set but period not reached. * Improved permission checks in LinkObject. * Fixed bug#9191 - When ticket types are restricted, first available type is selected in AgentTicketActionCommon-based screens. * Updated Turkish translation, thanks to Sefer Şimşek / Network Group! * Fixed bug#9214 - IE10: impossible to open links from rich text articles. * Fixed bug#9218 - Cannot use special characters in TicketHook. * Fixed bug#9056 - Unused SysConfig option Ticket::Frontend::CustomerInfoQueueMaxSize. * Follow-up fix for bug#8533 apache will not start on Fedora. * Fixed bug#9172 - Generic Interface does not work on IIS 7.0. * Updated Czech language translation, thanks to Katerina Bubenickova! * Fixed bug#8865 - Additional empty data column in statistics CSV-Output. - update OTRS::ITSM to 3.1.10 (fix for OSA-2013-05, CVE-2013-4717, CVE-2013-4718) - update OTRS::ITSM to 3.1.9 (fix for OSA-2013-03, CVE-2013-3551) - update OTRS::ITSM to 3.1.8 (fix for OSA-2013-01, CVE-2013-2625) (fix for OSA-2013-02, CVE-2013-2637) - update to 3.1.13 - http://www.otrs.com/en/open-source/community-news/releases-notes/ release-notes-otrs-help-desk-3113/ - http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.2260.2.206&view=markup * Fixed bug#9162 - Setting the start day of the week for the datepicker to Sunday does not work. * Fixed bug#9141 - Confused Columns in CustomerTicketSearch (ResultShort). * Fixed bug#9146 - Signed SMIME mails with altered content shows a not clear message. * Fixed bug#9145 - SMIME sign verification errors are not displayed in TicketZoom. * Fixed bug#9140 - Postmaster Filter for empty subjects does not work. * Fixed bug#9121 - Filenames with Unicode NFD are incorrectly reported as NFC by Main::DirectoryRead(). * Fixed bug#9108 - Check for opened/closed tickets not working with Ticket::SubjectFormat = Right. * Fixed bug#8839 - DateChecksum followup doesn't get correctly SystemID. * Updated Russian translation, thanks to Vadim Goncharov! * Fixed bug#9101 - Not possible to create dropdown with autocomplete attribute. * Fixed bug#9096 - All services list is shown instead of only default services. * Fixed bug#8470 - otrs.GenericAgent.pl reports: Can't open '/opt/otrs/otrs_vemco/var/tmp/CacheFileStorable/DynamicField/f3b7e10730fb6c9cab5ae0e7f7e034f3'. * Added new translation for Spanish (Colombia), thanks to John Edisson Ortiz Roman! * Fixed bug#9054 - Link Object deletes all links under certain conditions. * Fixed bug#8944 - do not backup the cache. * Fixed bug#9057 - Generating a PDF with bin/otrs.GenerateStats.pl produces lots of warnings. * Fixed bug#8929 - Fix problems with empty ticket search results while Ticket::Frontend::AgentTicketSearch###ExtendedSearchCondition is inactive. * Fixed bug#9042 - Add X-Spam-Score to Ticket.xml. * Fixed bug#9047 - HistoryTicketGet caches info on disk directly. * Fixed bug#8923 - Alert message shown, if parent window is reloaded while bulk action popup is open. * Fixed bug#9030 - Wrong handling of Invalid YAML in Scheduler Tasks. * Updated CKEditor to version 3.6.6. * Updated Polish translation, thanks to Pawel @ ib.pl! * Follow-up fix for bug#8805 - Cron missing as RPM dependency on RHEL. Changed dependency on 'anacron' to 'vixie-cron' on RHEL5. * Fixed bug#9020 - Generic Ticket Connector does not support attachments with ContentType without charset. * Fixed bug#8545 - Attachment download not possible if pop up of another action is open. * Fixed bug#9009 - Empty Multiselect Dynamic Fields provokes an error. * Fixed bug#8589 - Bulk-Action not possible for single ticket. * Fixed bug#7198 - Broken repository selection width in Package Manager. * Fixed bug#8457 - Error if accessing AgentTicketSearch from AgentTicketPhone in IE8. * Fixed bug#8695 - Table head of Customer Ticket History does not resize on window resize. * Fixed bug#8533 - Apache will not start if you use mod_perl on Fedora 16 or 17. * Fixed bug#8974 - Event Based Notification does not populate REALNAME with Customer User data. - update to 3.1.12 * Fixed bug#8933 - ArticleStorageInit permission check problem. * Fixed bug#8763 - Please add charset conversion for customer companies. * Fixed bug#1970 - Email attachments of type .msg (Outlook-Message) are converted. * Fixed bug#8955 - Init script might fail on SUSE. * Fixed bug#8936 - Ticket close date is empty when ticket is created in closed state. * Fixed bug#8937 - "$" should be escaped in interpolated strings when javascript is meant. * Fixed bug#8919 - Customer interface search results: ticket can only be accessed via ticket number and subject. * Fixed bug#8850 - CustomerTicketOverview - MouseOver Age isn't always correct. * Fixed bug#8868 - Event Based Notification problem saving 'text' Dynamic Fields. * Fixed bug#8914 - Syntax error in hash loop in TicketGet operation. * Fixed bug#8749 - CustomerFrontend: missing dynamicfield in search results. * Fixed bug#8873 - Bad example of customization of "static" dynamic fields in AgentTicketOverviewSmall. * Fixed bug#8791 - IMAPTLS fails with some Microsoft Exchange servers. * Fixed bug#8841 - Search for Dynamic Fields shows all tickets (on "enter" key pressed). * Fixed bug#8861 - Ticket History overlaid calender choice function. * Fixed bug#8862 - GI debugger GUI does not show SOAP XML tags correctly. * Fixed bug#8566 - Cannot download attachment if filename has character #. * Fixed bug#8833 - Article table in TicketZoom does not scroll correctly. * Fixed bug#8673 - Richtext-Editor popups broken on Customer-Interface. * Fixed bug#8859 - Package upgrade does not work if an installed testpackage should be upgraded with a newer regular package. * Fixed bug#8678 - 'WidgetAction Toggle' is always shown as 'Expanded' when nesting elements * Fixed bug#8378 - Validation fails if the ID of the element contains a dot (.) or a colon (:) * Fixed bug#8847 - Inline PGP message description routine does not add any info, thanks to IB Development Team. * Fixed bug#8848 - AgentTicketEmail does not preserve PGP Signatures set if attachment is added. * Fixed bug#8149 - Wrong handling of subject when SubjectFormat=right. * Updated Polish translation, thanks to Pawel! * Fixed bug#8820 - Service rcotrs restart fails because a race condition happens. * Fixed bug#8819 - Syntax error (stop crontab command) in SuSE rc script. * Removed auto cleanup of expired sessions in CreateSessionID() to improve the scalability of the hole system. * Fixed bug#8667 - TicketSplit does not use QueueID of old Ticket for ACL Checking. * Fixed bug#8780 - 508 Compliance: Text descriptions of "Responsible Tickets" and "Locked Tickets" links are insufficient for screen reader users. * Fixed bug#8812 - Encrypted email doesn't see properly in Outlook. * Fixed bug#8214 - OTRS Init script on Red Hat fails to check scheduler. * Fixed bug#8850 - Cron missing as RPM dependency on Red Hat Enterprise Linux. * Fixed bug#7274 - Ticket QueueView sorts by priority on first page but subsequent pages sort incorrectly by Age. * Fixed bug#8792 - TriggerEscalationStopEvents logs as loglevel 'error'. * Fixed bug#8743 - AgentTicketCompose.pm creates To, CC, BCC filelds without spaces after comma. * Fixed bug#8606 - Escalation notifications should not be sent to agents who are set out-of-office. * Fixed bug#8740 - backup.pl: insufficient handling of system() return values. * Fixed bug#8622 - Storing a new GI Invoker or Operation with an existing name doesn't complain anything. * Fixed bug#8770 - AJAX Removes Default Options (follow-up fix). * Improved caching for Services and Service Lists. - Update ITSM to 3.1.7 - News * In AgentTicketZoom the service and the sla are now shown as links to the service zoom / sla zoom screens. * Updated Polish translation, thanks to Pawel! * Added feature in bin/otrs.ITSMConfigItemDelete.pl script to delete config items by class together with the deployment state. * Added CustomerCompany field type that allows to link CI's with Customer Companies registered in OTRS. * Enhanced Import/Export screen to show a summary after importing. * Added new optional sysconfig option to check if config item names are unique. * Added attachment support for ITSM config items. This will replace the OTRS FeatureAddOn OTRSCIAttachment. Please uninstall this FeatureAddon BEFORE you upgrade to OTRS::ITSM 3.1.7 (no attachment data will be lost)! - Bug Fixes * Bug# 5928 - Print PDF: Newline not interpreted. * Bug# 8723 - Setting the planned start and planned end time to the same value causes an error. * Bug# 8785 - Poor performance of ServiceGet with many child services. * Bug# 8626 - AgentTicketAddtlITSMField, Ticket states set to first state after reload. * Bug# 8852 - No Impact and Criticality in CustomerTicketZoom. * Bug# 7786 - Search by "type" not displaying correct results from page 2 on. * Bug# 8804 - Reorder of workorders based on actual startime. * Bug# 8686 - CI-Search can not handle > 1000 CIs per class * Bug# 8863 - Problem with ChangeManagement DropDowns in Conditions Mask. * Bug# 8834 - Broken changes created from template when no time offset. * Bug# 8830 - CI version header should be clickable in all columns. * Bug# 8613 - Wrong date if a workorder has been created from a template. * Bug# 8881 - Searching for a config item number = 0 or a config item name = 0 (without wildcards) finds results where it should not. * Bug# 8882 - Error message from ToolBarMyCAB. * Bug# 8614 - Update agent notification doesn't contain agent name. * Bug# 8615 - Notification not sent for ChangeStateUpdate to pending PIR. * Bug# 7508 - Autocomplete uses milliseconds rather than seconds. - rebase perm patch - fix changes file openSUSE 12.3 Update - complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to mod_security2: /etc/apache2/conf.d/mod_security2.conf loads /usr/share/apache2-mod_security2/rules/modsecurity_crs_10_setup.conf, then /etc/apache2/mod_security2.d/*.conf , as set up based on advice in /etc/apache2/conf.d/mod_security2.conf Your configuration starting point is /etc/apache2/conf.d/mod_security2.conf - !!! Please note that mod_unique_id is needed for mod_security2 to run! - modsecurity-apache_2.7.5-build_fix_pcre.diff changes erroneaous linker parameter, preventing rpath in shared object. - fixes contained for the following bugs: * CVE-2009-5031, CVE-2012-2751 [bnc#768293] request parameter handling * [bnc#768293] multi-part bypass, minor threat * CVE-2013-1915 [bnc#813190] XML external entity vulnerability * CVE-2012-4528 [bnc#789393] rule bypass * CVE-2013-2765 [bnc#822664] null pointer dereference crash - new from 2.5.9 to 2.7.5, only major changes: * GPLv2 replaced by Apache License v2 * rules are not part of the source tarball any longer, but maintaned upstream externally, and included in this package. * documentation was externalized to a wiki. Package contains the FAQ and the reference manual in html form. * renamed the term "Encryption" in directives that actually refer to hashes. See CHANGES file for more details. * new directive SecXmlExternalEntity, default off * byte conversion issues on s390x when logging fixed. * many small issues fixed that were discovered by a Coverity scanner * updated reference manual * wrong time calculation when logging for some timezones fixed. * replaced time-measuring mechanism with finer granularity for measured request/answer phases. (Stopwatch remains for compat.) * cookie parser memory leak fix * parsing of quoted strings in multipart Content-Disposition headers fixed. * SDBM deadlock fix * @rsub memory leak fix * cookie separator code improvements * build failure fixes * compile time option --enable-htaccess-config (set) openSUSE 12.3 Update This version upgrade of mariadb fixed the following issues: - get rid of info which is not info (bnc#747811) - minor polishing of spec/installation - avoiding file conflicts with mytop - better fix for hardcoded libdir issue - making mysqldump work with MySQL 5.0 (bnc#768832) - fixed log rights (bnc#789263 and bnc#803040) - binlog disabled in default configuration (bnc#791863) - fixed dependencies for client package (bnc#780019) Additionally, it includes multiple security fixes. openSUSE 12.3 Update This update of strongswan fixed a denial-of-service vulnerability, that could be triggered by special XAuth usernames and EAP identities. openSUSE 12.3 Update This update of python-glanceclient fixed SSL certificate CNAME checking. openSUSE 12.3 Update This update of samba fixed the following issues: - The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20; (bnc#806501). - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969). - PIDL: fix parsing linemarkers in preprocessor output; (bso#9636). - build:autoconf: fix output of syslog-facility check; (bso#9983). - libreplace: add a missing "eval" to the AC_VERIFY_C_PROTOTYPE macro. - Remove ldapsmb from the main spec file. - Don't bzip2 the main tar ball, use the upstream gziped one instead. - Fix crash bug during Win8 sync; (bso#9822). - Check for system libtevent and link dbwrap_tool and dbwrap_torture against it; (bso#9881). - errno gets overwritten in call to check_parent_exists(); (bso#9927). - Fix a bug of drvupgrade of smbcontrol; (bso#9941). - Document idmap_ad rfc2307 attribute requirements; (bso#9880); (bnc#820531). - Don't package the SWAT man page while its build is disabled; (bnc#816647). - Don't install the tdb utilities man pages on post-12.1 systems; (bnc#823549). - Fix libreplace license ambiguity; (bso#8997); (bnc#765270). - s3-docs: Remove "experimental" label on "max protocol=SMB2" parameter; (bso#9688). - Remove the compound_related_in_progress state from the smb2 global state; (bso#9722). - Makefile: Don't know how to make LIBNDR_PREG_OBJ; (bso#9868). - Fix is_printer_published GUID retrieval; (bso#9900); (bnc#798856). - Fix 'map untrusted to domain' with NTLMv2; (bso#9817); (bnc#817919). - Don't modify the pidfile name when a custom config file path is used; (bnc#812929). - Add extra attributes for AD printer publishing; (bso#9378); (bnc#798856). - Fix vfs_catia module; (bso#9701); (bnc#824833). systems; (bnc#804822); (bnc#821889). - Fix AD printer publishing; (bso#9378); (bnc#798856). openSUSE 12.3 Update libzypp was adjusted to enhance the RPM GPG key import/handling to avoid a problem with multiple key blobs. Attackers able to supplying a repository could let the packagemanager show another keys fingerprint while a second one was actually used to sign the repository (CVE-2013-3704). openSUSE 12.3 Update This version upgrade of phpMyAdmin fixed various security issues (SQL injection, XSS, full path disclosure, Clickjacking) openSUSE 12.3 Update Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) openSUSE 12.3 Update The BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type 'keydata' could lead to a remotely triggerable REQUIRE failure. (CVE-2013-4854, bnc#831899) openSUSE 12.3 Update FileZilla was updated to version 3.7.3 to add various features, fix bugs and also security issues in the embedded putty ssh client. Full changelog: https://filezilla-project.org/changelog.php - Noteworthy changes: * Apply a fix for a security vulnerability in PuTTY as used in FileZilla to handle SFTP. See CVE-2013-4852 for reference. * Merge further fixes from PuTTY to address CVE-2013-4206, CVE-2013-4207, CVE-2013-4208 - Version bump to 3.7.0.1 - Fix issues with bundled gnutls - Update translations - Update to version 3.7.0. Changes since 3.6.0.2: - Show total transfer speed as tooltip over the transfer indicators - List supported protocols in tooltip of host field in quickconnect bar - Use TLS instead of the deprecated term SSL - Reworded text when saving of passwords is disabled, do not refer to kiosk mode - Improved usability of Update page in settings dialog - Improve SFTP performance - When navigating to the parent directory, highlight the former child - When editing files, use high priority for the transfers - Add label to size conditions in filter conditions dialog indicating that the unit is bytes - Ignore drag&drop operations where source and target are identical and clarify the wording in some drop error cases - Trim whitespace from the entered port numbers - Slightly darker color of inactive tabs - Ignore .. item in the file list context menus if multiple items are selected - Display TLS version and key exchange algorithm in certificate and encryption details dialog for FTP over TLS connections. - Fix handling of remote paths containing double-quotes - Fix crash when opening local directories in Explorer if the name contained characters not representable in the locale's narrow-width character set. - Fix a memory leak in the host key verification dialog for SFTP - Fix drag-scrolling in file lists with very low height - Don't attempt writing XML files upon loading them - Improve handling of legacy DDE file associations - Fix handling of HTTPS in the auto updater in case a mirror redirects to HTTPS - Update to version 3.6.0.2. Changes since 3.5.3: - 3.6.0.2 (2012-11-29) * Fix problems with stalling FTP over TLS uploads * MSW: Minor performance increase listing local files - 3.6.0.1 (2012-11-18) * Fix problems with TLS cipher selection, including a bugfix for GnuTLS * Fix a crash on shutdown * Add log message for servers not using UTF-8 * Small performance and memory optimizations getting file types * Improve formatting of transfer speeds - 3.6.0 (2012-11-10) * Fix a crash introduced since 3.5.3 * IPv6-only hosts should no longer cause a crash in the network configuration wizard openSUSE 12.3 Update Putty was updated to 0.63, bringing features, bug and security fixes. Changes: - Add 0001-Revert-the-default-for-font-bolding-style.patch (upstream patch fixing a cosmetic change introduced in 0.63) - Add Conflict tag against pssh package (Parallel SSH) due to conflicting files in /usr/bin - Do signature verification - update to 0.63 * Security fix: prevent a nefarious SSH server or network attacker from crashing PuTTY at startup in three different ways by presenting a maliciously constructed public key and signature. [bnc#833567] CVE-2013-4852 * Security fix: PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them. * Revamped the internal configuration storage system to remove all fixed arbitrary limits on string lengths. In particular, there should now no longer be an unreasonably small limit on the number of port forwardings PuTTY can store. * Forwarded TCP connections which close one direction before the other should now be reliably supported, with EOF propagated independently in the two directions. This also fixes some instances of forwarding data corruption (if the corruption consisted of losing data from the very end of the connection) and some instances of PuTTY failing to close when the session is over (because it wrongly thought a forwarding channel was still active when it was not). * The terminal emulation now supports xterm's bracketed paste mode (allowing aware applications to tell the difference between typed and pasted text, so that e.g. editors need not apply inappropriate auto-indent). * You can now choose to display bold text by both brightening the foreground colour and changing the font, not just one or the other. * PuTTYgen will now never generate a 2047-bit key when asked for 2048 (or more generally n−1 bits when asked for n). * Some updates to default settings: PuTTYgen now generates 2048-bit keys by default (rather than 1024), and PuTTY defaults to UTF-8 encoding and 2000 lines of scrollback (rather than ISO 8859-1 and 200). * Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies in both directions. * Unix: dead keys and compose-character sequences are now supported. * Unix: PuTTY and pterm now permit font fallback (where glyphs not present in your selected font are automatically filled in from other fonts on the system) even if you are using a server-side X11 font rather than a Pango client-side one. * Bug fixes too numerous to list, mostly resulting from running the code through Coverity Scan which spotted an assortment of memory and resource leaks, logic errors, and crashes in various circumstances. - packaging changes: * run make from base directory * run tests * remove putty-01-werror.diff (currently not needed) * remove putty-02-remove-gtk1.diff, putty-05-glib-deprecated.diff, putty-06-gtk2-indivhdr.diff (no longer needed) * refresh putty-03-config.diff * remove autoconf calls and requirements * package HTML documentation * package LICENCE file openSUSE 12.3 Update A potential remote code execution via YAML was fixed in puppet. (CVE-2013-3567) openSUSE 12.3 Update cacti was updated to version 0.8.8b to fix security issues and bugs. - Fixes CVE-2013-1434 CVE-2013-1435 - security: SQL injection and shell escaping issues - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installations - bug: Fix issue with poller not escaping the script query path correctly - bug: Allow snmpv3 priv proto none - bug: Fix issue where host activate may flush the entire poller item cache openSUSE 12.3 Update The ruby gemrc configured the gem installation source as http source, allowing man in the middle attacks (if someone could provide a different address for rubygems.org). openSUSE 12.3 Update XEN was updated to 4.2.2, fixing lots of bugs and several security issues. Various upstream patches were also merged into this version by our developers. Detailed buglist: - bnc#824676 - Failed to setup devices for vm instance when start multiple vms simultaneously - bnc#817799 - sles9sp4 guest fails to start after upgrading to sles11 sp3 - bnc#826882 - xen: CVE-2013-1432: XSA-58: Page reference counting error due to XSA-45/CVE-2013-1918 fixes - Add upstream patch to fix devid assignment in libxl 27184-libxl-devid-fix.patch - bnc#823608 - xen: XSA-57: libxl allows guest write access to sensitive console related xenstore keys 27178-libxl-Restrict-permissions-on-PV-console-device-xenstore-nodes.patch - bnc#823011 - xen: XSA-55: Multiple vulnerabilities in libelf PV kernel handling - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - bnc#801663 - performance of mirror lvm unsuitable for production block-dmmd - bnc#817904 - [SLES11SP3 BCS Bug] Crashkernel fails to boot after panic on XEN kernel SP3 Beta 4 and RC1 - Upstream AMD Erratum patch from Jan - bnc#813675 - - xen: CVE-2013-1919: XSA-46: Several access permission issues with IRQs for unprivileged guests - bnc#820917 - CVE-2013-2076: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs (XSA-52) - bnc#820919 - CVE-2013-2077: xen: Hypervisor crash due to missing exception recovery on XRSTOR (XSA-53) - bnc#820920 - CVE-2013-2078: xen: Hypervisor crash due to missing exception recovery on XSETBV (XSA-54) - bnc#808085 - aacraid driver panics mapping INT A when booting kernel-xen - bnc#817210 - openSUSE 12.3 Domain 0 doesn't boot with i915 graphics controller under Xen with VT-d enabled - bnc#819416 - xen: CVE-2013-2072: XSA-56: Buffer overflow in xencontrol Python bindings affecting xend - bnc#818183 - xen: CVE-2013-2007: XSA-51: qga set umask 0077 when daemonizing - add lndir to BuildRequires - remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch It changed migration protocol and upstream wants a different solution - bnc#802221 - fix xenpaging readd xenpaging.qemu.flush-cache.patch - bnc#808269 - Fully Virtualized Windows VM install is failed on Ivy Bridge platforms with Xen kernel - Additional fix for bnc#816159 CVE-2013-1918-xsa45-followup.patch - bnc#817068 - Xen guest with >1 sr-iov vf won't start - Update to Xen 4.2.2 c/s 26064 The following recent security patches are included in the tarball CVE-2013-0151-xsa34.patch (bnc#797285) CVE-2012-6075-xsa41.patch (bnc#797523) CVE-2013-1917-xsa44.patch (bnc#813673) CVE-2013-1919-xsa46.patch (bnc#813675) - bnc#816159 - xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible - bnc#816163 - xen: CVE-2013-1952: XSA-49: VT-d interrupt remapping source validation flaw for bridges - bnc#809662 - can't use pv-grub to start domU (pygrub does work) xen.spec - bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 on Kyoto - bnc#813673 - CVE-2013-1917: xen: Xen PV DoS vulnerability with SYSENTER - bnc#813675 - CVE-2013-1919: xen: Several access permission issues with IRQs for unprivileged guests - bnc#814059 - xen: qemu-nbd format-guessing due to missing format specification openSUSE 12.3 Update roundcubemail was updated to version 0.9.3 (bnc#837436) (CVE-2013-5645) * Optimized UI behavior for touch devices * Fix setting refresh_interval to "Never" in Preferences * Fix purge action in folder manager * Fix base URL resolving on attribute values with no quotes * Fix wrong handling of links with '|' character * Fix colorspace issue on image conversion using ImageMagick? * Fix XSS vulnerability when saving HTML signatures * Fix XSS vulnerability when editing a message "as new" or draft * Fix rewrite rule in .htaccess * Fix detecting Turkish language in ISO-8859-9 encoding * Fix identity-selection using Return-Path headers * Fix parsing of links with ... in URL * Fix compose priority selector when opening in new window * Fix bug where signature wasn't changed on identity selection when editing a draft * Fix IMAP SETMETADATA parameters quoting * Fix "could not load message" error on valid empty message body * Fix handling of message/rfc822 attachments on message forward and edit * Fix parsing of square bracket characters in IMAP response strings * Don't clear References and in-Reply-To when a message is "edited as new" * Fix messages list sorting with THREAD=REFS * Remove deprecated (in PHP 5.5) PREG /e modifier usage * Fix empty messages list when register_globals is enabled * Fix so valid and set date.timezone is not required by installer checks * Canonize boolean ini_get() results * Fix so install do not fail when one of DB driver checks fails but other drivers exist * Fix so exported vCard specifies encoding in v3-compatible format - Update to version 0.9.2 * Fix image thumbnails display in print mode * Fix height of message headers block * Fix timeout issue on drag&drop uploads * Fix default sorting of threaded list when THREAD=REFS isn't supported * Fix list mode switch to 'List' after saving list settings in Larry skin * Fix error when there's no writeable addressbook source * Fix zipdownload plugin issue with filenames charset * Fix so non-inline images aren't skipped on forward * Fix "null" instead of empty string on messages list in IE10 * Fix legacy options handling * Fix so bounces addresses in Sender headers are skipped on Reply-All * Fix bug where serialized strings were truncated in PDO::quote() * Fix displaying messages with invalid self-closing HTML tags * Fix PHP warning when responding to a message with many Return-Path headers * Fix unintentional compose window resize * Fix performance regression in text wrapping function * Fix connection to posgtres db using unix socket * Fix handling of comma when adding contact from contacts widget * Fix bug where a message was opened in both preview pane and new window on double-click * Fix fatal error when xdebug.max_nesting_level was exceeded in rcube_washtml * Fix PHP warning in html_table::set_row_attribs() in PHP 5.4 * Fix invalid option selected in default_font selector when font is unset * Fix displaying contact with ID divisible by 100 in sql addressbook * Fix browser warnings on PDF plugin detection * Fix fatal error when parsing UUencoded messages - Update to version 0.9.1 * a lot of bugfixes and smaller improvements (http://trac.roundcube.net/wiki/Changelog) - Update to version 0.9.0 * Improved rendering of forwarded and attached messages * Optionally display and compose email messages a new windows * Unified UI for message view and composition * Show sender photos from contacts in email view * Render thumbnails for image attachments * Download all attachments as zip archive (using the zipdownload plugin) * Forward multiple emails as attachments * CSV import for contacts openSUSE 12.3 Update This python update includes a SSL certificates fix. - handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601, CVE-2013-4238_py27.patch) openSUSE 12.3 Update This python update includes a SSL certificates fix. - handle NULL bytes in certain fields of SSL certificates (CVE-2013-4238, bnc#834601, CVE-2013-4238_py33.patch) openSUSE 12.3 Update This squid update includes several security fixes and minor changes. - squid-3.2.x-11823-bnc829084-CVE-2013-4115.diff fixes a buffer overflow involving very long hostnames. [bnc#829084] CVE-2013-4115 - squid-3.2.x-11823-bnc830319-CVE-2013-4123.diff fixes problems identifying a port number as specified by the client. [bnc#830319] CVE-2013-4123 - run logrotate as squid:nogroup [bnc#677335] openSUSE 12.3 Update This subversion update includes a security fix and several minor changes. - update to 1.7.13 [bnc#836245] - User-visible changes: - General * merge: fix bogus mergeinfo with conflicting file merges * diff: fix duplicated path component in '--summarize' output * ra_serf: ignore case when checking certificate common names - Server-side bugfixes: * svnserve: fix creation of pid files CVE-2013-4277 * mod_dav_svn: better status codes for commit failures * mod_dav_svn: do not map requests to filesystem - Developer-visible changes: - General: * don't use uninitialized variable to produce an error code - Bindings: * swig-pl: fix SVN::Client not honoring config file settings * swig-pl & swig-py: disable unusable svn_fs_set_warning_func openSUSE 12.3 Update This wireshark update to 1.8.10 fixes several security and non security bugs. [bnc#839607] + vulnerabilities fixed: * The NBAP dissector could crash. wnpa-sec-2013-55 CVE-2013-5718 * The ASSA R3 dissector could go into an infinite loop. wnpa-sec-2013-56 CVE-2013-5719 * The RTPS dissector could overflow a buffer. wnpa-sec-2013-57 CVE-2013-5720 * The MQ dissector could crash. wnpa-sec-2013-58 CVE-2013-5721 * The LDAP dissector could crash. wnpa-sec-2013-59 CVE-2013-5722 * The Netmon file parser could crash. wnpa-sec-2013-60 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html openSUSE 12.3 Update This tiff security update fixes several buffer overflow issues and a out-of-bounds wirte problem. * tiff: buffer overflows/use after free problem [CVE-2013-4231][CVE-2013-4232][bnc#834477] * libtiff (gif2tiff): OOB Write in LZW decompressor [CVE-2013-4244][bnc#834788] * libtiff (gif2tiff): heap-based buffer overflow in readgifimage() [CVE-2013-4243][bnc#834779] openSUSE 12.3 Update Empty. openSUSE 12.3 Update This xulrunner17 version update to 17.0.9esr fixes the following security issues (bnc#840485): * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-76/CVE-2013-1718 Miscellaneous memory safety hazards * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object openSUSE 12.3 Update This MozillaFirefox update to version 24.0 fixes several security and non-security issues: - move greek to the translations-common package (bnc#840551) - update to Firefox 24.0 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - enable gstreamer explicitely via pref (gecko.js) - require NSS 3.15.1 openSUSE 12.3 Update This MozillaThunderbird update to version 24.0 fixes several security and non-security issues: - update to Thunderbird 24.0 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - moved greek to common translation package - require NSPR 4.10 and NSS 3.15.1 - add GStreamer build requirements for Gecko - added enigmail-build.patch to fix TB packaging (bmo#886095) - removed obsolete patches: * enigmail-old-gcc.patch * mozilla-gcc43-enums.patch * mozilla-gcc43-template_hacks.patch * mozilla-gcc43-templates_instantiation.patch * ppc-xpcshell.patch openSUSE 12.3 Update This seamonkey update to version 2.21 fixes several security and non-security issues: - update to SeaMonkey 2.21 (bnc#840485) * MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards * MFSA 2013-77/CVE-2013-1720 (bmo#888820) Improper state in HTML5 Tree Builder with templates * MFSA 2013-78/CVE-2013-1721 (bmo#890277) Integer overflow in ANGLE library * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-80/CVE-2013-1723 (bmo#891292) NativeKey continues handling key messages after widget is destroyed * MFSA 2013-81/CVE-2013-1724 (bmo#894137) Use-after-free with select element * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-85/CVE-2013-1728 (bmo#883686) Uninitialized data in IonMonkey * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object * MFSA 2013-92/CVE-2013-1738 (bmo#887334, bmo#882897) GC hazard with default compartments and frame chain restoration - requires NSS 3.15.1 openSUSE 12.3 Update This python-django update fixes several security issues. - Update to version 1.4.8 (bnc#840832, CVE-2013-1443): + Fixed denial-of-service via large passwords - Changes from version 1.4.7: + Fixed directory traversal with ssi template tag - Changes from version 1.4.6: + Fixed Cross-site scripting (XSS) in admin interface + Fixed Possible XSS via is_safe_url openSUSE 12.3 Update This boost update fixes a UTF validation problem. - Apply boost-locale_utf.patch to fix a vulnerability in the utf handling of boost:locale (bnc#801991, CVE-2013-0252) openSUSE 12.3 Update This update fixes the following issues in glibc: - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions nonexistant file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn't release lock, results in double-lock - bnc#839870: glibc: three integer overflows in memory allocator - ARM: Support loading unmarked objects from cache openSUSE 12.3 Update This systemd update fixes several security and non-security issues. - polkit-Avoid-race-condition-in-scraping-proc.patch: VUL-0: polkit: process subject race condition (bnc#836932) CVE-2013-4288. - Don't use a trigger to create symlink for sysctl.conf, always run the test on %post (bnc#840864). - Move symlink migration trigger to post (bnc#821800). - Add systemd-fix-crash-listing-session-files.patch (bnc#840055). openSUSE 12.3 Update This icedtea-web update fixes several security issues. Changes in icedtea-web: - update to 1.4.1 (bnc#840572) * Improved and cleaned Temporary internet files panel * NetX - PR1465 - java.io.FileNotFoundException while trying to download a JAR file - PR1473 - javaws should not depend on name of local file * Plugin - PR854: Resizing an applet several times causes 100% CPU load * Security Updates - CVE-2013-4349, RH869040: Heap-based buffer overflow after triggering event attached to applet CVE-2012-4540 nit fixed in icedtea-web 1.4 * Misc - reproducers tests are enabled in dist-tarball - application context support for OpenJDK build 25 and higher - small patches into rhino support and - PR1533: Inherit jnlp.packEnabled and jnlp.versionEnabled like other properties - need jpackage-utils on older distros - run more tests in %check - drop icedtea-web-AppContext.patch, already upstream - add javapackages-tools to build requires openSUSE 12.3 Update The Linux Kernel was updated to fix various security issues and bugs. - sctp: Use correct sideffect command in duplicate cookie handling (bnc#826102, CVE-2013-2206). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - md/raid1,5,10: Disable WRITE SAME until a recovery strategy is in place (bnc#813889). - netback: don't disconnect frontend when seeing oversize packet (bnc#823342). - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after "reduce gso_max_size to account for max TCP header". - backends: Check for insane amounts of requests on the ring. - Refresh other Xen patches (bnc#804198, bnc#814211, bnc#826374). - Fix TLB gather virtual address range invalidation corner cases (TLB gather memory corruption). - mm: fix the TLB range flushed when __tlb_remove_page() runs out of slots (TLB gather memory corruption). - bnx2x: protect different statistics flows (bnc#814336). - Drivers: hv: util: Fix a bug in version negotiation code for util services (bnc#828714). - kabi/severities: Ignore changes in drivers/hv - e1000e: workaround DMA unit hang on I218 (bnc#834647). - e1000e: unexpected "Reset adapter" message when cable pulled (bnc#834647). - e1000e: 82577: workaround for link drop issue (bnc#834647). - e1000e: helper functions for accessing EMI registers (bnc#834647). - atl1c: Fix misuse of netdev_alloc_skb in refilling rx ring (bnc#812116). - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: locking, release lock around quota operations (bnc#815320). - reiserfs: locking, handle nested locks properly (bnc#815320). - reiserfs: locking, push write lock out of xattr code (bnc#815320). - af_key: fix info leaks in notify messages (bnc#827749 CVE-2013-2234). - af_key: initialize satype in key_notify_policy_flush() (bnc#828119 CVE-2013-2237). - kernel/signal.c: stop info leak via the tkill and the tgkill syscalls (bnc#823267 CVE-2013-2141). - b43: stop format string leaking into error msgs (bnc#822579 CVE-2013-2852). - net: fix incorrect credentials passing (bnc#816708 CVE-2013-1979). - tipc: fix info leaks via msg_name in recv_msg/recv_stream (bnc#816668 CVE-2013-3235). - rose: fix info leak via msg_name in rose_recvmsg() (bnc#816668 CVE-2013-3234). - NFC: llcp: fix info leaks via msg_name in llcp_sock_recvmsg() (bnc#816668 CVE-2013-3233). - netrom: fix info leak via msg_name in nr_recvmsg() (bnc#816668 CVE-2013-3232). - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (bnc#816668 CVE-2013-3231). - l2tp: fix info leak in l2tp_ip6_recvmsg() (bnc#816668 CVE-2013-3230). - iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() (bnc#816668 CVE-2013-3229). - irda: Fix missing msg_namelen update in irda_recvmsg_dgram() (bnc#816668 CVE-2013-3228). - caif: Fix missing msg_namelen update in caif_seqpkt_recvmsg() (bnc#816668 CVE-2013-3227). - Bluetooth: RFCOMM - Fix missing msg_namelen update in rfcomm_sock_recvmsg() (bnc#816668 CVE-2013-3226). - Bluetooth: fix possible info leak in bt_sock_recvmsg() (bnc#816668 CVE-2013-3224). - ax25: fix info leak via msg_name in ax25_recvmsg() (bnc#816668 CVE-2013-3223). - atm: update msg_namelen in vcc_recvmsg() (bnc#816668 CVE-2013-3222). - ipv6: call udp_push_pending_frames when uncorking a socket with (bnc#831058, CVE-2013-4162). - tracing: Fix possible NULL pointer dereferences (bnc#815256 CVE-2013-3301). - tg3: fix length overflow in VPD firmware parsing (bnc#813733 CVE-2013-1929). - dcbnl: fix various netlink info leaks (bnc#810473 CVE-2013-2634). - rtnl: fix info leak on RTM_GETLINK request for VF devices (bnc#810473 CVE-2013-2635). - crypto: user - fix info leaks in report API (bnc#809906 CVE-2013-2546 CVE-2013-2547 CVE-2013-2548). - kernel/signal.c: use __ARCH_HAS_SA_RESTORER instead of SA_RESTORER (bnc#808827 CVE-2013-0914). - signal: always clear sa_restorer on execve (bnc#808827 CVE-2013-0914). - signal: Define __ARCH_HAS_SA_RESTORER so we know whether to clear sa_restorer (bnc#808827 CVE-2013-0914). - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (bnc#827750, CVE-2013-2232). - xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (CVE-2013-1819 bnc#807471). - blk: avoid divide-by-zero with zero discard granularity (bnc#832615). - dlm: check the write size from user (bnc#831956). - drm/i915: Serialize almost all register access (bnc#823633). - drm/i915: initialize gt_lock early with other spin locks (bnc#801341). - drm/i915: fix up gt init sequence fallout (bnc#801341). - drm/nouveau/hwmon: s/fan0/fan1/. - Drivers: hv: balloon: Do not post pressure status if interrupted (bnc#829539). - drm/i915: Clear FORCEWAKE when taking over from BIOS (bnc#801341). - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d (bnc#818561). - fs/notify/inode_mark.c: make fsnotify_find_inode_mark_locked() static (bnc#807188). - fsnotify: change locking order (bnc#807188). - fsnotify: dont put marks on temporary list when clearing marks by group (bnc#807188). - fsnotify: introduce locked versions of fsnotify_add_mark() and fsnotify_remove_mark() (bnc#807188). - fsnotify: pass group to fsnotify_destroy_mark() (bnc#807188). - fsnotify: use a mutex instead of a spinlock to protect a groups mark list (bnc#807188). - fanotify: add an extra flag to mark_remove_from_mask that indicates wheather a mark should be destroyed (bnc#807188). - fsnotify: take groups mark_lock before mark lock (bnc#807188). - fsnotify: use reference counting for groups (bnc#807188). - fsnotify: introduce fsnotify_get_group() (bnc#807188). - inotify, fanotify: replace fsnotify_put_group() with fsnotify_destroy_group() (bnc#807188). - drm/i915: fix long-standing SNB regression in power consumption after resume v2 (bnc#801341). - drm/nouveau: use vmalloc for pgt allocation (bnc#802347). - USB: xhci: correctly enable interrupts (bnc#828191). - drm/i915: Resurrect ring kicking for semaphores, selectively (bnc#823633,bnc#799516). - ALSA: usb-audio: Fix invalid volume resolution for Logitech HD Webcam c310 (bnc#821735). - ALSA: usb-audio - Fix invalid volume resolution on Logitech HD webcam c270 (bnc#821735). - config: sync up config options added with btrfs update - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle (bnc#818053 bnc#807153). - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle (bnc#818053 bnc#807153). - btrfs: update to v3.10. - block: Add bio_end_sector(). - block: Use bio_sectors() more consistently. - btrfs: handle lookup errors after subvol/snapshot creation. - btrfs: add new ioctl to determine size of compressed file (FATE#306586). - btrfs: reduce btrfs_path size (FATE#306586). - btrfs: simplify move_pages and copy_pages (FATE#306586). - Prefix mount messages with btrfs: for clarity (FATE#306586). - Btrfs: forced readonly when free_log_tree fails (FATE#306586). - Btrfs: forced readonly when orphan_del fails (FATE#306586). - btrfs: abort unlink trans in missed error case. - btrfs: access superblock via pagecache in scan_one_device. - Btrfs: account for orphan inodes properly during cleanup. - Btrfs: add a comment for fs_info->max_inline. - Btrfs: add a incompatible format change for smaller metadata extent refs. - Btrfs: Add a new ioctl to get the label of a mounted file system. - Btrfs: add a plugging callback to raid56 writes. - Btrfs: add a rb_tree to improve performance of ulist search. - Btrfs: Add a stripe cache to raid56. - Btrfs: Add ACCESS_ONCE() to transaction->abort accesses. - Btrfs: add all ioctl checks before user change for quota operations. - Btrfs: add btrfs_scratch_superblock() function. - btrfs: add cancellation points to defrag. - Btrfs: add code to scrub to copy read data to another disk. - btrfs: add debug check for extent_io range alignment. - Btrfs: add fiemap's flag check. - Btrfs: add ioctl to wait for qgroup rescan completion. - btrfs: add missing break in btrfs_print_leaf(). - Btrfs: add new sources for device replace code. - btrfs: add "no file data" flag to btrfs send ioctl. - Btrfs: add orphan before truncating pagecache. - Btrfs: add path->really_keep_locks. - btrfs: add prefix to sanity tests messages. - Btrfs: add rw argument to merge_bio_hook(). - Btrfs: add some free space cache tests. - Btrfs: add some missing iput()'s in btrfs_orphan_cleanup. - Btrfs: add support for device replace ioctls. - Btrfs: add tree block level sanity check. - Btrfs: add two more find_device() methods. - Btrfs: allocate new chunks if the space is not enough for global rsv. - Btrfs: allow file data clone within a file. - Btrfs: allow for selecting only completely empty chunks. - Btrfs: allow omitting stream header and end-cmd for btrfs send. - Btrfs: allow repair code to include target disk when searching mirrors. - Btrfs: allow running defrag in parallel to administrative tasks. - Btrfs: allow superblock mismatch from older mkfs. - btrfs: annotate intentional switch case fallthroughs. - btrfs: annotate quota tree for lockdep. - Btrfs: automatic rescan after "quota enable" command. - Btrfs: avoid deadlock on transaction waiting list. - Btrfs: avoid double free of fs_info->qgroup_ulist. - Btrfs: avoid risk of a deadlock in btrfs_handle_error. - Btrfs: bring back balance pause/resume logic. - Btrfs: build up error handling for merge_reloc_roots. - Btrfs: change core code of btrfs to support the device replace operations. - Btrfs: changes to live filesystem are also written to replacement disk. - Btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS. - Btrfs: check for actual acls rather than just xattrs when caching no acl. - Btrfs: check for NULL pointer in updating reloc roots. - Btrfs: check if leaf's parent exists before pushing items around. - Btrfs: check if we can nocow if we don't have data space. - Btrfs: check return value of commit when recovering log. - Btrfs: check the return value of btrfs_run_ordered_operations(). - Btrfs: check the return value of btrfs_start_delalloc_inodes(). - btrfs: clean snapshots one by one. - btrfs: clean up transaction abort messages. - Btrfs: cleanup backref search commit root flag stuff. - Btrfs: cleanup, btrfs_read_fs_root_no_name() doesn't return NULL. - Btrfs: cleanup destroy_marked_extents. - Btrfs: cleanup: don't check the same thing twice. - Btrfs: cleanup duplicated division functions. - Btrfs: cleanup for btrfs_btree_balance_dirty. - Btrfs: cleanup for btrfs_wait_order_range. - btrfs: cleanup for open-coded alignment. - Btrfs: cleanup fs roots if we fail to mount. - Btrfs: cleanup of function where btrfs_extend_item() is called. - Btrfs: cleanup of function where fixup_low_keys() is called. - Btrfs: cleanup orphan reservation if truncate fails. - Btrfs: cleanup orphaned root orphan item. - Btrfs: cleanup redundant code in btrfs_submit_direct(). - Btrfs: cleanup scrub bio and worker wait code. - Btrfs: cleanup similar code in delayed inode. - btrfs: Cleanup some redundant codes in btrfs_log_inode(). - btrfs: Cleanup some redundant codes in btrfs_lookup_csums_range(). - Btrfs: cleanup the code of copy_nocow_pages_for_inode(). - Btrfs: cleanup the similar code of the fs root read. - Btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. - Btrfs: cleanup to remove reduplicate code in transaction.c. - Btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction. - Btrfs: cleanup unnecessary clear when freeing a transaction or a trans handle. - Btrfs: cleanup unused arguments. - Btrfs: cleanup unused arguments in send.c. - Btrfs: cleanup unused arguments of btrfs_csum_data. - Btrfs: cleanup unused function. - Btrfs: clear received_uuid field for new writable snapshots. - Btrfs: Cocci spatch "memdup.spatch". - Btrfs: Cocci spatch "ptr_ret.spatch". - Btrfs: compare relevant parts of delayed tree refs. - Btrfs: copy everything if we've created an inline extent. - btrfs: cover more error codes in btrfs_decode_error. - Btrfs: creating the subvolume qgroup automatically when enabling quota. - Btrfs: deal with bad mappings in btrfs_map_block. - Btrfs: deal with errors in write_dev_supers. - Btrfs: deal with free space cache errors while replaying log. - btrfs: define BTRFS_MAGIC as a u64 value. - Btrfs: delete inline extents when we find them during logging. - Btrfs: delete unused function. - Btrfs: delete unused parameter to btrfs_read_root_item(). - btrfs: deprecate subvolrootid mount option. - btrfs: device delete to get errors from the kernel. - Btrfs: disable qgroup id 0. - Btrfs: disallow mutually exclusive admin operations from user mode. - Btrfs: disallow some operations on the device replace target device. - btrfs: do away with non-whole_page extent I/O. - Btrfs: do delay iput in sync_fs. - Btrfs: do not allow logged extents to be merged or removed. - Btrfs: do not BUG_ON in prepare_to_reloc. - Btrfs: do not BUG_ON on aborted situation. - Btrfs: do not call file_update_time in aio_write. - Btrfs: do not change inode flags in rename. - Btrfs: do not continue if out of memory happens. - Btrfs: do not delete a subvolume which is in a R/O subvolume. - Btrfs: do not log extents when we only log new names. - Btrfs: do not mark ems as prealloc if we are writing to them. - Btrfs: do not merge logged extents if we've removed them from the tree. - Btrfs: do not overcommit if we don't have enough space for global rsv. - Btrfs: do not pin while under spin lock. - Btrfs: do not warn_on io_ctl->cur in io_ctl_map_page. - Btrfs: don't abort the current transaction if there is no enough space for inode cache. - Btrfs: don't add a NULL extended attribute. - Btrfs: don't allow degraded mount if too many devices are missing. - Btrfs: don't allow device replace on RAID5/RAID6. - Btrfs: don't auto defrag a file when doing directIO. - Btrfs: don't bother copying if we're only logging the inode. - Btrfs: don't BUG_ON() in btrfs_num_copies. - Btrfs: don't call btrfs_qgroup_free if just btrfs_qgroup_reserve fails. - Btrfs: don't call readahead hook until we have read the entire eb. - Btrfs: don't delete fs_roots until after we cleanup the transaction. - Btrfs: don't drop path when printing out tree errors in scrub. - Btrfs: don't flush the delalloc inodes in the while loop if flushoncommit is set. - Btrfs: don't force pages under writeback to finish when aborting. - Btrfs: don't invoke btrfs_invalidate_inodes() in the spin lock context. - Btrfs: don't memset new tokens. - Btrfs: don't null pointer deref on abort. - Btrfs: don't panic if we're trying to drop too many refs. - Btrfs: don't re-enter when allocating a chunk. - Btrfs: don't start a new transaction when starting sync. - Btrfs: don't steal the reserved space from the global reserve if their space type is different. - btrfs: don't stop searching after encountering the wrong item. - Btrfs: don't take inode delalloc mutex if we're a free space inode. - Btrfs: don't traverse the ordered operation list repeatedly. - Btrfs: Don't trust the superblock label and simply printk("%s") it. - Btrfs: don't try and free ebs twice in log replay. - btrfs: don't try to notify udev about missing devices. - Btrfs: don't use global block reservation for inode cache truncation. - Btrfs: don't wait for all the writers circularly during the transaction commit. - Btrfs: don't wait on ordered extents if we have a trans open. - Btrfs: dont do log_removal in insert_new_root. - btrfs: Drop inode if inode root is NULL. - Btrfs: eliminate a use-after-free in btrfs_balance(). - Btrfs: enforce min_bytes parameter during extent allocation. - Btrfs: enhance btrfs structures for device replace support. - btrfs: enhance superblock checks. - btrfs: ensure we don't overrun devices_info in __btrfs_alloc_chunk. - Btrfs: exclude logged extents before replying when we are mixed. - Btrfs: explicitly use global_block_rsv for quota_tree. - Btrfs: extend the checksum item as much as possible. - btrfs: fall back to global reservation when removing subvolumes. - Btrfs: fill the global reserve when unpinning space. - Btrfs: fix a bug of per-file nocow. - Btrfs: fix a bug when llseek for delalloc bytes behind prealloc extents. - Btrfs: fix a build warning for an unused label. - Btrfs: fix a deadlock in aborting transaction due to ENOSPC. - Btrfs: fix a double free on pending snapshots in error handling. - Btrfs: fix a mismerge in btrfs_balance(). - Btrfs: fix a regression in balance usage filter. - Btrfs: fix a scrub regression in case of write errors. - Btrfs: fix a warning when disabling quota. - Btrfs: fix a warning when updating qgroup limit. - Btrfs: fix accessing a freed tree root. - Btrfs: fix accessing the root pointer in tree mod log functions. - Btrfs: fix all callers of read_tree_block. - Btrfs: fix an while-loop of listxattr. - Btrfs: fix autodefrag and umount lockup. - Btrfs: fix backref walking race with tree deletions. - Btrfs: fix bad extent logging. - Btrfs: fix broken nocow after balance. - btrfs: fix btrfs_cont_expand() freeing IS_ERR em. - btrfs: fix btrfs_extend_item() comment. - Btrfs: fix BUG() in scrub when first superblock reading gives EIO. - Btrfs: fix check on same raid type flag twice. - Btrfs: fix chunk allocation error handling. - Btrfs: fix cleaner thread not working with inode cache option. - Btrfs: fix cluster alignment for mount -o ssd. - btrfs: fix comment typos. - Btrfs: fix confusing edquot happening case. - Btrfs: fix crash in log replay with qgroups enabled. - Btrfs: fix crash regarding to ulist_add_merge. - Btrfs: fix deadlock due to unsubmitted. - Btrfs: fix double free in the btrfs_qgroup_account_ref(). - Btrfs: fix double free in the iterate_extent_inodes(). - Btrfs: fix EDQUOT handling in btrfs_delalloc_reserve_metadata. - Btrfs: fix EIO from btrfs send in is_extent_unchanged for punched holes. - Btrfs: fix error handling in btrfs_ioctl_send(). - Btrfs: fix error handling in make/read block group. - Btrfs: fix estale with btrfs send. - Btrfs: fix extent logging with O_DIRECT into prealloc. - Btrfs: fix freeing delayed ref head while still holding its mutex. - Btrfs: fix freeze vs auto defrag. - Btrfs: fix hash overflow handling. - Btrfs: fix how we discard outstanding ordered extents on abort. - Btrfs: fix infinite loop when we abort on mount. - Btrfs: fix joining the same transaction handler more than 2 times. - Btrfs: fix lockdep warning. - Btrfs: fix locking on ROOT_REPLACE operations in tree mod log. - Btrfs: fix lots of orphan inodes when the space is not enough. - Btrfs: fix max chunk size on raid5/6. - Btrfs: fix memory leak in btrfs_create_tree(). - Btrfs: fix memory leak in name_cache_insert(). - Btrfs: fix memory leak of log roots. - Btrfs: fix memory leak of pending_snapshot->inherit. - Btrfs: fix memory patcher through fs_info->qgroup_ulist. - btrfs: fix minor typo in comment. - btrfs: fix misleading variable name for flags. - Btrfs: fix missed transaction->aborted check. - Btrfs: fix missing check about ulist_add() in qgroup.c. - Btrfs: fix missing check before creating a qgroup relation. - Btrfs: fix missing check before disabling quota. - Btrfs: fix missing check in the btrfs_qgroup_inherit(). - Btrfs: fix missing deleted items in btrfs_clean_quota_tree. - Btrfs: fix missing flush when committing a transaction. - Btrfs: fix missing i_size update. - Btrfs: fix missing log when BTRFS_INODE_NEEDS_FULL_SYNC is set. - Btrfs: fix missing qgroup reservation before fallocating. - Btrfs: fix missing release of qgroup reservation in commit_transaction(). - Btrfs: fix missing release of the space/qgroup reservation in start_transaction(). - Btrfs: fix missing reserved space release in error path of delalloc reservation. - Btrfs: fix missing write access release in btrfs_ioctl_resize(). - Btrfs: fix "mutually exclusive op is running" error code. - Btrfs: fix not being able to find skinny extents during relocate. - Btrfs: fix NULL pointer after aborting a transaction. - Btrfs: fix off-by-one error of the reserved size of btrfs_allocate(). - Btrfs: fix off-by-one error of the same page check in btrfs_punch_hole(). - Btrfs: fix off-by-one in fiemap. - Btrfs: fix off-by-one in lseek. - Btrfs: fix oops when recovering the file data by scrub function. - Btrfs: fix panic when recovering tree log. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix permissions of empty files not affected by umask. - Btrfs: fix possible infinite loop in slow caching. - Btrfs: fix possible memory leak in replace_path(). - Btrfs: fix possible memory leak in the find_parent_nodes(). - Btrfs: fix possible stale data exposure. - Btrfs: Fix printk and variable name. - Btrfs: fix qgroup rescan resume on mount. - Btrfs: fix race between mmap writes and compression. - Btrfs: fix race between snapshot deletion and getting inode. - Btrfs: fix race in check-integrity caused by usage of bitfield. - Btrfs: fix reada debug code compilation. - Btrfs: fix remount vs autodefrag. - Btrfs: fix repeated delalloc work allocation. - Btrfs: fix resize a readonly device. - Btrfs: fix several potential problems in copy_nocow_pages_for_inode. - Btrfs: fix space accounting for unlink and rename. - Btrfs: fix space leak when we fail to reserve metadata space. - btrfs: fix the code comments for LZO compression workspace. - Btrfs: fix the comment typo for btrfs_attach_transaction_barrier. - Btrfs: fix the deadlock between the transaction start/attach and commit. - Btrfs: fix the page that is beyond EOF. - Btrfs: fix the qgroup reserved space is released prematurely. - Btrfs: fix the race between bio and btrfs_stop_workers. - Btrfs: fix transaction throttling for delayed refs. - Btrfs: fix tree mod log regression on root split operations. - Btrfs: fix trivial error in btrfs_ioctl_resize(). - Btrfs: Fix typo in fs/btrfs. - Btrfs: fix unblocked autodefraggers when remount. - Btrfs: fix unclosed transaction handler when the async transaction commitment fails. - Btrfs: fix uncompleted transaction. - Btrfs: fix unlock after free on rewinded tree blocks. - Btrfs: fix unlock order in btrfs_ioctl_resize. - Btrfs: fix unlock order in btrfs_ioctl_rm_dev. - Btrfs: fix unnecessary while loop when search the free space, cache. - Btrfs: fix unprotected defragable inode insertion. - Btrfs: fix unprotected extent map operation when logging file extents. - Btrfs: fix unprotected root node of the subvolume's inode rb-tree. - Btrfs: fix use-after-free bug during umount. - btrfs: fix varargs in __btrfs_std_error. - Btrfs: fix warning of free_extent_map. - Btrfs: fix warning when creating snapshots. - Btrfs: fix wrong comment in can_overcommit(). - Btrfs: fix wrong file extent length. - Btrfs: fix wrong handle at error path of create_snapshot() when the commit fails. - Btrfs: fix wrong max device number for single profile. - Btrfs: fix wrong mirror number tuning. - Btrfs: fix wrong outstanding_extents when doing DIO write. - Btrfs: fix wrong reservation of csums. - Btrfs: fix wrong reserved space in qgroup during snap/subv creation. - Btrfs: fix wrong reserved space when deleting a snapshot/subvolume. - Btrfs: fix wrong return value of btrfs_lookup_csum(). - Btrfs: fix wrong return value of btrfs_truncate_page(). - Btrfs: fix wrong return value of btrfs_wait_for_commit(). - Btrfs: fix wrong sync_writers decrement in btrfs_file_aio_write(). - btrfs: fixup/remove module.h usage as required. - Btrfs: flush all dirty inodes if writeback can not start. - Btrfs: free all recorded tree blocks on error. - Btrfs: free csums when we're done scrubbing an extent. - Btrfs: get better concurrency for snapshot-aware defrag work. - Btrfs: get right arguments for btrfs_wait_ordered_range. - btrfs: get the device in write mode when deleting it. - Btrfs: get write access for qgroup operations. - Btrfs: get write access for scrub. - Btrfs: get write access when doing resize fs. - Btrfs: get write access when removing a device. - Btrfs: get write access when setting the default subvolume. - Btrfs: handle a bogus chunk tree nicely. - Btrfs: handle errors from btrfs_map_bio() everywhere. - Btrfs: handle errors in compression submission path. - btrfs: handle errors returned from get_tree_block_key. - btrfs: handle null fs_info in btrfs_panic(). - Btrfs: handle running extent ops with skinny metadata. - Btrfs: hold the ordered operations mutex when waiting on ordered extents. - Btrfs: hold the tree mod lock in __tree_mod_log_rewind. - Btrfs: if we aren't committing just end the transaction if we error out. - btrfs: ignore device open failures in __btrfs_open_devices. - Btrfs: ignore orphan qgroup relations. - Btrfs: implement unlocked dio write. - Btrfs: improve the delayed inode throttling. - Btrfs: improve the loop of scrub_stripe. - Btrfs: improve the noflush reservation. - Btrfs: improve the performance of the csums lookup. - Btrfs: in scrub repair code, optimize the reading of mirrors. - Btrfs: in scrub repair code, simplify alloc error handling. - Btrfs: Include the device in most error printk()s. - Btrfs: increase BTRFS_MAX_MIRRORS by one for dev replace. - btrfs: Init io_lock after cloning btrfs device struct. - Btrfs: init relocate extent_io_tree with a mapping. - Btrfs: inline csums if we're fsyncing. - Btrfs: introduce a btrfs_dev_replace_item type. - Btrfs: introduce a mutex lock for btrfs quota operations. - Btrfs: introduce GET_READ_MIRRORS functionality for btrfs_map_block(). - Btrfs: introduce grab/put functions for the root of the fs/file tree. - Btrfs: introduce per-subvolume delalloc inode list. - Btrfs: introduce per-subvolume ordered extent list. - Btrfs: introduce qgroup_ulist to avoid frequently allocating/freeing ulist. - Btrfs: just flush the delalloc inodes in the source tree before snapshot creation. - Btrfs: keep track of the extents original block length. - Btrfs: kill replicate code in replay_one_buffer. - Btrfs: kill some BUG_ONs() in the find_parent_nodes(). - Btrfs: kill unnecessary arguments in del_ptr. - Btrfs: kill unused argument of btrfs_pin_extent_for_log_replay. - Btrfs: kill unused argument of update_block_group. - Btrfs: kill unused arguments of cache_block_group. - Btrfs: let allocation start from the right raid type. - btrfs: limit fallocate extent reservation to 256MB. - Btrfs: limit the global reserve to 512mb. - btrfs: list_entry can't return NULL. - Btrfs: log changed inodes based on the extent map tree. - Btrfs: log ram bytes properly. - Btrfs: make __merge_refs() return type be void. - Btrfs: make backref walking code handle skinny metadata. - Btrfs: make delalloc inodes be flushed by multi-task. - Btrfs: make delayed ref lock logic more readable. - Btrfs: make ordered extent be flushed by multi-task. - Btrfs: make ordered operations be handled by multi-task. - btrfs: make orphan cleanup less verbose. - Btrfs: make raid attr array more readable. - btrfs: make static code static & remove dead code. - btrfs: make subvol creation/deletion killable in the early stages. - Btrfs: make sure nbytes are right after log replay. - Btrfs: make sure NODATACOW also gets NODATASUM set. - Btrfs: make sure roots are assigned before freeing their nodes. - Btrfs: make the chunk allocator completely tree lockless. - Btrfs: make the cleaner complete early when the fs is going to be umounted. - Btrfs: make the scrub page array dynamically allocated. - Btrfs: make the snap/subv deletion end more early when the fs is R/O. - Btrfs: make the state of the transaction more readable. - Btrfs: merge inode_list in __merge_refs. - Btrfs: merge pending IO for tree log write back. - btrfs: merge save_error_info helpers into one. - Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems. - btrfs: more open-coded file_inode(). - Btrfs: move btrfs_truncate_page to btrfs_cont_expand instead of btrfs_truncate. - Btrfs: move checks in set_page_dirty under DEBUG. - Btrfs: move d_instantiate outside the transaction during mksubvol. - Btrfs: move fs/btrfs/ioctl.h to include/uapi/linux/btrfs.h. - btrfs: move ifdef around sanity checks out of init_btrfs_fs. - btrfs: move leak debug code to functions. - Btrfs: move some common code into a subfunction. - Btrfs: move the R/O check out of btrfs_clean_one_deleted_snapshot(). - btrfs: Notify udev when removing device. - Btrfs: only clear dirty on the buffer if it is marked as dirty. - Btrfs: only do the tree_mod_log_free_eb if this is our last ref. - Btrfs: only exclude supers in the range of our block group. - Btrfs: only log the inode item if we can get away with it. - Btrfs: only unlock and relock if we have to. - Btrfs: optimize leaf_space_used. - Btrfs: optimize read_block_for_search. - Btrfs: optimize reada_for_balance. - Btrfs: optimize the error handle of use_block_rsv(). - Btrfs: optionally avoid reads from device replace source drive. - Btrfs: pass fs_info instead of root. - Btrfs: pass fs_info to btrfs_map_block() instead of mapping_tree. - Btrfs: Pass fs_info to btrfs_num_copies() instead of mapping_tree. - Btrfs: pass NULL instead of 0. - Btrfs: pass root object into btrfs_ioctl_{start, wait}_sync(). - Btrfs: pause the space balance when remounting to R/O. - Btrfs: place ordered operations on a per transaction list. - Btrfs: prevent qgroup destroy when there are still relations. - Btrfs: protect devices list with its mutex. - Btrfs: protect fs_info->alloc_start. - Btrfs: punch hole past the end of the file. - Btrfs: put csums on the right ordered extent. - Btrfs: put our inode if orphan cleanup fails. - Btrfs: put raid properties into global table. - btrfs: put some enospc messages under enospc_debug. - Btrfs: RAID5 and RAID6. - btrfs/raid56: Add missing #include <linux/vmalloc.h>. - btrfs: read entire device info under lock. - Btrfs: recheck bio against block device when we map the bio. - Btrfs: record first logical byte in memory. - Btrfs: reduce CPU contention while waiting for delayed extent operations. - Btrfs: reduce lock contention on extent buffer locks. - Btrfs: refactor error handling to drop inode in btrfs_create(). - Btrfs: relax the block group size limit for bitmaps. - btrfs: remove a printk from scan_one_device. - Btrfs: remove almost all of the BUG()'s from tree-log.c. - Btrfs: remove btrfs_sector_sum structure. - Btrfs: remove btrfs_try_spin_lock. - Btrfs: remove BUG_ON() in btrfs_read_fs_tree_no_radix(). - btrfs: remove cache only arguments from defrag path. - Btrfs: remove conflicting check for minimum number of devices in raid56. - Btrfs: remove deprecated comments. - Btrfs: remove extent mapping if we fail to add chunk. - Btrfs: remove reduplicate check about root in the function btrfs_clean_quota_tree. - Btrfs: remove some BUG_ONs() when walking backref tree. - Btrfs: remove some unnecessary spin_lock usages. - Btrfs: remove the block device pointer from the scrub context struct. - Btrfs: remove the code for the impossible case in cleanup_transaction(). - Btrfs: Remove the invalid shrink size check up from btrfs_shrink_dev(). - Btrfs: remove the time check in btrfs_commit_transaction(). - btrfs: remove unnecessary cur_trans set before goto loop in join_transaction. - btrfs: remove unnecessary DEFINE_WAIT() declarations. - Btrfs: remove unnecessary dget_parent/dput when creating the pending snapshot. - Btrfs: remove unnecessary ->s_umount in cleaner_kthread(). - Btrfs: remove unnecessary varient ->num_joined in btrfs_transaction structure. - Btrfs: remove unused argument of btrfs_extend_item(). - Btrfs: remove unused argument of fixup_low_keys(). - Btrfs: remove unused code in btrfs_del_root. - Btrfs: remove unused extent io tree ops V2. - btrfs: remove unused fd in btrfs_ioctl_send(). - btrfs: remove unused fs_info from btrfs_decode_error(). - btrfs: remove unused gfp mask parameter from release_extent_buffer callchain. - btrfs: remove unused "item" in btrfs_insert_delayed_item(). - Btrfs: remove unused variable in __process_changed_new_xattr(). - Btrfs: remove unused variable in the iterate_extent_inodes(). - Btrfs: remove useless copy in quota_ctl. - Btrfs: remove warn on in free space cache writeout. - Btrfs: rename root_times_lock to root_item_lock. - Btrfs: rename the scrub context structure. - Btrfs: reorder locks and sanity checks in btrfs_ioctl_defrag. - Btrfs: reorder tree mod log operations in deleting a pointer. - Btrfs: rescan for qgroups. - Btrfs: reset path lock state to zero. - Btrfs: restructure btrfs_run_defrag_inodes(). - Btrfs: return as soon as possible when edquot happens. - Btrfs: return EIO if we have extent tree corruption. - Btrfs: return ENOMEM rather than use BUG_ON when btrfs_alloc_path fails. - Btrfs: return errno if possible when we fail to allocate memory. - Btrfs: return error code in btrfs_check_trunc_cache_free_space(). - Btrfs: return error when we specify wrong start to defrag. - Btrfs: return free space in cow error path. - Btrfs: rework the overcommit logic to be based on the total size. - Btrfs: save us a read_lock. - Btrfs: select XOR_BLOCKS in Kconfig. - Btrfs: separate sequence numbers for delayed ref tracking and tree mod log. - Btrfs: serialize unlocked dio reads with truncate. - Btrfs: set/change the label of a mounted file system. - Btrfs: set flushing if we're limited flushing. - Btrfs: set hole punching time properly. - Btrfs: set UUID in root_item for created trees. - Btrfs: share stop worker code. - btrfs: show compiled-in config features at module load time. - Btrfs: simplify unlink reservations. - Btrfs: skip adding an acl attribute if we don't have to. - Btrfs: snapshot-aware defrag. - Btrfs: split btrfs_qgroup_account_ref into four functions. - Btrfs: steal from global reserve if we are cleaning up orphans. - Btrfs: stop all workers before cleaning up roots. - Btrfs: stop using try_to_writeback_inodes_sb_nr to flush delalloc. - Btrfs: stop waiting on current trans if we aborted. - Btrfs: traverse and flush the delalloc inodes once. - btrfs: try harder to allocate raid56 stripe cache. - Btrfs: unlock extent range on enospc in compressed submit. - btrfs: unpin_extent_cache: fix the typo and unnecessary arguements. - Btrfs: unreserve space if our ordered extent fails to work. - btrfs: update kconfig title. - Btrfs: update the global reserve if it is empty. - btrfs: update timestamps on truncate(). - Btrfs: update to use fs_state bit. - Btrfs: use a btrfs bioset instead of abusing bio internals. - Btrfs: use a lock to protect incompat/compat flag of the super block. - Btrfs: use a percpu to keep track of possibly pinned bytes. - Btrfs: use bit operation for ->fs_state. - Btrfs: use common work instead of delayed work. - Btrfs: use ctl->unit for free space calculation instead of block_group->sectorsize. - Btrfs: use existing align macros in btrfs_allocate(). - Btrfs: use helper to cleanup tree roots. - btrfs: use only inline_pages from extent buffer. - Btrfs: use percpu counter for dirty metadata count. - Btrfs: use percpu counter for fs_info->delalloc_bytes. - btrfs: use rcu_barrier() to wait for bdev puts at unmount. - Btrfs: use REQ_META for all metadata IO. - Btrfs: use reserved space for creating a snapshot. - Btrfs: use right range to find checksum for compressed extents. - Btrfs: use seqlock to protect fs_info->avail_{data, metadata, system}_alloc_bits. - Btrfs: use set_nlink if our i_nlink is 0. - Btrfs: use slabs for auto defrag allocation. - Btrfs: use slabs for delayed reference allocation. - Btrfs: use the inode own lock to protect its delalloc_bytes. - Btrfs: use token to avoid times mapping extent buffer. - Btrfs: use tokens where we can in the tree log. - Btrfs: use tree_root to avoid edquot when disabling quota. - btrfs: use unsigned long type for extent state bits. - Btrfs: use wrapper page_offset. - Btrfs: various abort cleanups. - Btrfs: wait on ordered extents at the last possible moment. - Btrfs: wait ordered range before doing direct io. - Btrfs: wake up delayed ref flushing waiters on abort. - clear chunk_alloc flag on retryable failure. - Correct allowed raid levels on balance. - Fix misspellings of "whether" in comments. - fs/btrfs: drop if around WARN_ON. - fs/btrfs: remove depends on CONFIG_EXPERIMENTAL. - fs/btrfs: use WARN. - Minor format cleanup. - new helper: file_inode(file). - Revert "Btrfs: fix permissions of empty files not affected by umask". - Revert "Btrfs: MOD_LOG_KEY_REMOVE_WHILE_MOVING never change node's nritems". - Revert "Btrfs: reorder tree mod log operations in deleting a pointer". - treewide: Fix typo in printk. - writeback: remove nr_pages_dirtied arg from balance_dirty_pages_ratelimited_nr(). - drivers/cdrom/cdrom.c: use kzalloc() for failing hardware (bnc#824295, CVE-2013-2164). - fanotify: info leak in copy_event_to_user() (CVE-2013-2148 bnc#823517). - block: do not pass disk names as format strings (bnc#822575 CVE-2013-2851). - libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350) - Update patches.drivers/media-rtl28xxu-01-add-NOXON-DAB-DAB-USB-dongle-rev-2.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-02-1b80-d3a8-ASUS-My-Cinema-U3100Mini-Pl.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-03-add-Gigabyte-U7300-DVB-T-Dongle.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-04-correct-some-device-names.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-05-Support-Digivox-Mini-HD.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-06-Add-USB-IDs-for-Compro-VideoMate-U620.patch (bnc#811882). - Update patches.drivers/media-rtl28xxu-07-Add-USB-ID-for-MaxMedia-HU394-T.patch (bnc#811882). Correct the bnc reference. - Update patches.fixes/block-discard-granularity-might-not-be-power-of-2.patch (bnc#823797). - block: discard granularity might not be power of 2. - USB: reset resume quirk needed by a hub (bnc#810144). - NFS: Fix keytabless mounts (bnc#817651). - ipv4: fix redirect handling for TCP packets (bnc#814510). - Always include the git commit in KOTD builds This allows us not to set it explicitly in builds submitted to the official distribution (bnc#821612, bnc#824171). - Btrfs: relocate csums properly with prealloc extents. - gcc4: disable __compiletime_object_size for GCC 4.6+ (bnc#837258). - ALSA: hda - Add Toshiba Satellite C870 to MSI blacklist (bnc#833585). openSUSE 12.3 Update Mozilla NSS was updated to 3.15.2 (bnc#842979) * Support for AES-GCM ciphersuites that use the SHA-256 PRF * MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs * Add PK11_CipherFinal macro * sizeof() used incorrectly * nssutil_ReadSecmodDB() leaks memory * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished. * Deprecate the SSL cipher policy code * Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) openSUSE 12.3 Update rtkit was fixed to avoid a TOCTOU race condition that might have allowed local attackers to gain realtime rights they should not have. (CVE-2013-4326) openSUSE 12.3 Update clutter was updatd to fix improper translation of hierarchy events (gnome-shell crash after system resume) (CVE-2013-2190, bnc#843441). openSUSE 12.3 Update libvirt was updated to fix security issues and bugs: Security issues fixed: CVE-2013-4311: Add support for using 3-arg pkcheck syntax for process to avoid race conditions. CVE-2013-4296: Fix a crash (denial of service) in remoteDispatchDomainMemoryStats CVE-2013-5651: Fix virBitmapParse to avoid access beyond bounds of array (denial of service crash). Also bugs were fixed: - nwfilter: check for inverted ctdir. bnc#810611 - Add xencommons as 'Wanted' in the systemd libvirtd service file. bnc#820888 openSUSE 12.3 Update Update to Chromium 30.0.1599.66: - Easier searching by image - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - Security fixes: + CVE-2013-2906: Races in Web Audio + CVE-2013-2907: Out of bounds read in Window.prototype object + CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2909: Use after free in inline-block rendering + CVE-2013-2910: Use-after-free in Web Audio + CVE-2013-2911: Use-after-free in XSLT + CVE-2013-2912: Use-after-free in PPAPI + CVE-2013-2913: Use-after-free in XML document parsing + CVE-2013-2914: Use after free in the Windows color chooser dialog + CVE-2013-2915: Address bar spoofing via a malformed scheme + CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code + CVE-2013-2917: Out of bounds read in Web Audio + CVE-2013-2918: Use-after-free in DOM + CVE-2013-2919: Memory corruption in V8 + CVE-2013-2920: Out of bounds read in URL parsing + CVE-2013-2921: Use-after-free in resource loader + CVE-2013-2922: Use-after-free in template element + CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives + CVE-2013-2924: Use-after-free in ICU. Upstream bug - Add patch chromium-fix-altgrkeys.diff - Make sure that AltGr is treated correctly (issue#296835) - Do not build with system libxml (bnc#825157) - Update to Chromium 31.0.1640.0 * Bug and Stability Fixes - Fix destkop file for chromium by removing extension from icon - Change the methodology for the Chromium packages. Build is now based on an official tarball. As soon as the Beta channel catches up with the current version, Chromium will be based on the Beta channel instead of svn snapshots - Update to 31.0.1632 * Bug and Stability fixes - Added the flag --enable-threaded-compositing to the startup script. This flag seems to be required when hardware acceleration is in use. This prevents websites from locking up on users in certain cases. - Update to 31.0.1627 * Bug and Stability fixes - Update to 31.0.1619 * bug and Stability fixes - require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel >= 4.9.5 - Add patch exclude_ymp.diff to ensure that 1-click-install files are downloaded and NOT opened (bnc#836059) - Update to 31.0.1611 * Bug and stability fixes - Update to 31.0.1605 * Bug and stability fixes - Change the startup script so that Chromium will not start when the chrome_sandbox doesn't have the SETUID. (bnc#779448) - Update to 31.0.1601 * Bug and stability fixes - Update to 30.0.1594 * Bug and stability fixes - Correct specfile to properly own /usr/bin/chromium (bnc#831584) - Chromium now expects the SUID-helper installed in the same directory as chromium. So let's create a symlink to the helper in /usr/lib - Update to 30.0.1587 * Bug and stability fixes - Remove patch chromium-nss-compliant.diff (Upstream) - Update to 30.0.1575 * Bug and stability fixes * Enable the gpu-sandbox again due to upstream fix (chromium#255063) - Update to 30.0.1567 * bug and Stability fixes openSUSE 12.3 Update Some minor stackoverflows in lcms utilities were fixed. (CVE-2013-4276). openSUSE 12.3 Update gpg2 was updated to fix a denial of service attack through infinite recursion in the compressed packet parser [bnc#844175] [CVE-2013-4402]. openSUSE 12.3 Update proftpd was updated to 1.3.4d. * Fixed broken build when using --disable-ipv6 configure option * Fixed mod_sql "SQLAuthType Backend" MySQL issues - fix for bnc#843444 (CVE-2013-4359) * http://bugs.proftpd.org/show_bug.cgi?id=3973 * add proftpd-sftp-kbdint-max-responses-bug3973.patch - Improve systemd service file - use upstream tmpfiles.d file. related to [bnc#811793] - Use /run instead of /var/run - update to 1.3.4c * Added Spanish translation. * Fixed several mod_sftp issues, including SFTPPassPhraseProvider, handling of symlinks for REALPATH requests, and response code logging. * Fixed symlink race for creating directories when UserOwner is in effect. * Increased performance of FTP directory listings. - rebase and rename patches (remove version string) * proftpd-1.3.4a-dist.patch -> proftpd-dist.patch * proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch * proftpd-1.3.4a-strip.patch -> proftpd-strip.patch - fix proftpd.conf (rebase basic.conf patch) * IdentLookups is now a seperate module <IfModule mod_ident.c> IdentLookups on/off </IfModule> is needed and module is not built cause crrodriguez disabled it. - fix for bnc#787884 (https://bugzilla.novell.com/show_bug.cgi?id=787884) * added extra Source proftpd.conf.tmpfile - Disable ident lookups, this protocol is totally obsolete and dangerous. (add --disable-ident) - Fix debug info generation ( add --disable-strip) - Add systemd unit - update to 1.3.4b + Fixed mod_ldap segfault on login when LDAPUsers with no filters used. + Fixed sporadic SFTP upload issues for large files. + Fixed SSH2 handling for some clients (e.g. OpenVMS). + New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions + Fixed build errors on Tru64, AIX, Cygwin. - add Source Signatuire (.asc) file - add noBuildDate patch - add lang pkg * --enable-nls - add configure option * --enable-openssl, --with-lastlog openSUSE 12.3 Update spice-gtk received fixes for the acl helper policy kit checks that had a race condition in PID checking. (CVE-2013-4324, bnc#844967). openSUSE 12.3 Update nmap was updated to fix the http-domino-enum-passwords scripts. If you ran the (fortunately non-default) http-domino-enum-passwords script with the (fortunately also non-default) domino-enum-passwords.idpath parameter against a malicious server, it could cause an arbitrarily named file to to be written to the client system. openSUSE 12.3 Update A remote attacker could supply a serialized instance of the DiskFileItem class, which would be deserialized on a server and write arbitrary content to any location on the server that is permitted by the user running the application server process. bnc#846174/CVE-2013-2186 openSUSE 12.3 Update libzrtpcpp was updated to fix multiple security issues. openSUSE 12.3 Update dropbear was updated to version 2013.60 to fix following bugs: * Fix "make install" so that it doesn't always install to /bin and /sbin * Fix "make install MULTI=1", installing manpages failed * Fix "make install" when scp is included since it has no manpage * Make --disable-bundled-libtom work - used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421 and CVE-2013-4434 - provided links for download sources - employed gpg-offline - verify sources - imported upstream version 2013.59 * Fix crash from -J command Thanks to Llu??s Batlle i Rossell and Arnaud Mouiche for patches * Avoid reading too much from /proc/net/rt_cache since that causes system slowness. * Improve EOF handling for half-closed connections Thanks to Catalin Patulea * Send a banner message to report PAM error messages intended for the user Patch from Martin Donnelly * Limit the size of decompressed payloads, avoids memory exhaustion denial of service Thanks to Logan Lamb for reporting and investigating it * Avoid disclosing existence of valid users through inconsistent delays Thanks to Logan Lamb for reporting * Update config.guess and config.sub for newer architectures * Avoid segfault in server for locked accounts * "make install" now installs manpages dropbearkey.8 has been renamed to dropbearkey.1 manpage added for dropbearconvert * Get rid of one second delay when running non-interactive commands openSUSE 12.3 Update ruby19 was updated to fix the following security issues: - fix CVE-2013-2065: Object taint bypassing in DL and Fiddle (bnc#843686) The file CVE-2013-2065.patch contains the patch - fix CVE-2013-4287 CVE-2013-4363: ruby19: Algorithmic complexity vulnerability (bnc#837457) The file CVE-2013-4287-4363.patch contains the patch openSUSE 12.3 Update Fixes the following security issue: - an authenticated X client can cause an X server to use memory after it was freed, potentially leading to crash and/or memory corruption. (CVE-2013-4396, bnc#843652) and the following bug was fixed too: - rfbAuthReenable is accessing rfbClient structure that was in most cases already freed. It actually needs only ScreenPtr, so pass it directly. (bnc#816813) openSUSE 12.3 Update the following security issue was fixed in apache2-mod_fcgid: - fixes a heap overflow identified by CVE-2013-4365 [bnc#844935]. openSUSE 12.3 Update the following security issue was fixed for HPLIP 3.13.10: usage of an insecure polkit DBUS API (fix for bnc#836937 and CVE-2013-4325 that are related to CVE-2013-4288 and bnc#835827). openSUSE 12.3 Update Update to icedtea 2.4.3 (bnc#846999) synchronized OpenJDK 7 support with the upstream u45 b31 fixes the following issues: - S8006900, CVE-2013-3829: Add new date/time capability - S8008589: Better MBean permission validation - S8011071, CVE-2013-5780: Better crypto provider handling - S8011081, CVE-2013-5772: Improve jhat - S8011157, CVE-2013-5814: Improve CORBA portablility - S8012071, CVE-2013-5790: Better Building of Beans - S8012147: Improve tool support - S8012277: CVE-2013-5849: Improve AWT DataFlavor - S8012425, CVE-2013-5802: Transform TransformerFactory - S8013503, CVE-2013-5851: Improve stream factories - S8013506: Better Pack200 data handling - S8013510, CVE-2013-5809: Augment image writing code - S8013514: Improve stability of cmap class - S8013739, CVE-2013-5817: Better LDAP resource management - S8013744, CVE-2013-5783: Better tabling for AWT - S8014085: Better serialization support in JMX classes - S8014093, CVE-2013-5782: Improve parsing of images - S8014098: Better profile validation - S8014102, CVE-2013-5778: Improve image conversion - S8014341, CVE-2013-5803: Better service from Kerberos servers - S8014349, CVE-2013-5840: (cl) Class.getDeclaredClass problematic in some class loader configurations - S8014530, CVE-2013-5825: Better digital signature processing - S8014534: Better profiling support - S8014987, CVE-2013-5842: Augment serialization handling - S8015614: Update build settings - S8015731: Subject java.security.auth.subject to improvements - S8015743, CVE-2013-5774: Address internet addresses - S8016256: Make finalization final - S8016653, CVE-2013-5804: javadoc should ignore ignoreable characters in names - S8016675, CVE-2013-5797: Make Javadoc pages more robust - S8017196, CVE-2013-5850: Ensure Proxies are handled appropriately - S8017287, CVE-2013-5829: Better resource disposal - S8017291, CVE-2013-5830: Cast Proxies Aside - S8017298, CVE-2013-4002: Better XML support - S8017300, CVE-2013-5784: Improve Interface Implementation - S8017505, CVE-2013-5820: Better Client Service - S8019292: Better Attribute Value Exceptions - S8019617: Better view of objects - S8020293: JVM crash - S8021275, CVE-2013-5805: Better screening for ScreenMenu - S8021282, CVE-2013-5806: Better recycling of object instances - S8021286: Improve MacOS resourcing - S8021290, CVE-2013-5823: Better signature validation - S8022931, CVE-2013-5800: Enhance Kerberos exceptions - S8022940: Enhance CORBA translations - S8023683: Enhance class file parsing * Backports - S6614237: missing codepage Cp290 at java runtime - S8005932: Java 7 on mac os x only provides text clipboard formats - S8014046: (process) Runtime.exec(String) fails if command contains spaces [win] - S8015144: Performance regression in ICU OpenType Layout library - S8015965: (process) Typo in name of property to allow ambiguous commands - S8015978: Incorrect transformation of XPath expression "string(-0)" - S8016357: Update hotspot diagnostic class - S8019584: javax/management/remote/mandatory/loading/MissingClassTest.java failed in nightly against jdk7u45: java.io.InvalidObjectException: Invalid notification: null - S8019969: nioNetworkChannelInet6/SetOptionGetOptionTestInet6 test case crashes - S8020032: 7u fastdebug doesn't generate fastdebuginfo file - S8020085: Linux ARM build failure for 7u45 - S8020088: Increment minor version of HSx for 7u45 and initialize the build number - S8020551: increment hsx build to b03 for 7u45-b03 - S8020943: Memory leak when GCNotifier uses create_from_platform_dependent_str() - S8021287: Improve MacOS resourcing - S8021355: REGRESSION: Five closed/java/awt/SplashScreen tests fail since 7u45 b01 on Linux, Solaris - S8021360: object not exported" on start of JMXConnectorServer for RMI-IIOP protocol with security manager - S8021366: java_util/Properties/PropertiesWithOtherEncodings fails during 7u45 nightly testing - S8021577: JCK test api/javax_management/jmx_serial/modelmbean/ModelMBeanNotificationInfo/serial/index.html#Input has failed since jdk 7u45 b01 - S8021899: Re-adjust fix of # 8020498 in 7u45 after mergeing 7u40 - S8021901: Increment hsx build to b05 for 7u45-b05 - S8021933: Add extra check for fix # JDK-8014530 - S8021969: The index_AccessAllowed jnlp can not load successfully with exception thrown in the log. - S8022066: Evaluation of method reference to signature polymorphic method crashes VM - S8022086: Fixing licence of newly added files - S8022254: Remove incorrect jdk7u45-b05 tag from jdk7u-cpu forest - S8022661: InetAddress.writeObject() performs flush() on object output stream - S8022682: Supporting XOM - S8022808: Kitchensink hangs on macos - S8022856: 7u45 l10n resource file translation update - S8023323: Increment hsx build to b06 for 7u45-b08 - S8023457: Event based tracing framework needs a mutex for thread groups - S8023478: Test fails with HS crash in GCNotifier. - S8023741: Increment hsx 24.45 build to b07 for 7u45-b09 - S8023771: when USER_RELEASE_SUFFIX is set in order to add a string to java -version, build number in the bundles names should not be changed to b00 - S8023888: Increment hsx 24.45 build to b08 for 7u45-b10 - S8023964: java/io/IOException/LastErrorString.java should be @ignore-d - S8024369: Increment build # of hs24.0 to b57 for 7u40-b61 psu - S8024668: api/java_nio/charset/Charset/index.html#Methods JCK-runtime test fails with 7u45 b11 - S8024697: Fix for 8020983 causes Xcheck:jni warnings - S8024863: X11: Support GNOME Shell as mutter - S8024883: (se) SelectableChannel.register throws NPE if fd >= 64k (lnx) - S8025128: File.createTempFile fails if prefix is absolute path - S8025170: jdk7u51 7u-1-prebuild is failing since 9/19 * Bug fixes - PR1400: Menu of maximized AWT window not working in Mate - Update to icedtea 2.4.2 * System LCMS 2 support again enabled by default, requiring 2.5 or above. * OpenJDK - S7122222: GC log is limited to 2G for 32-bit - S7162400: Intermittent java.io.IOException: Bad file number during HotSpotVirtualMachine.executeCommand - S7165807: Non optimized initialization of NSS crypto library leads to scalability issues - S7199324: IPv6: JMXConnectorServer.getConnectionIDs() return IDs contradicting to address grammar - S8001345: VM crashes with assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc - S8001424: G1: Rename certain G1-specific flags - S8001425: G1: Change the default values for certain G1 specific flags - S8004859: Graphics.getClipBounds/getClip return difference nonequivalent bounds, depending from transform - S8005019: JTable passes row index instead of length when inserts selection interval - S8005194: [parfait] #353 sun/awt/image/jpeg/imageioJPEG.c Memory leak of pointer 'scale' allocated with calloc() - S8006941: [macosx] Deadlock in drag and drop - S8007898: Incorrect optimization of Memory Barriers in Matcher::post_store_load_barrier() - S8009168: accessibility.properties syntax issue - S8009985: [parfait] Uninitialised variable at jdk/src/solaris/native/com/sun/management/UnixOperatingSystem_md.c - S8011064: Some tests have failed with SIGSEGV on arm-hflt on build b82 - S8011569: ARM -- avoid native stack walking - S8011760: assert(delta != 0) failed: dup pointer in MemBaseline::malloc_sort_by_addr - S8012144: multiple SIGSEGVs fails on staxf - S8012156: tools/javac/file/zip/T6865530.java fails for win32/64 - S8012241: NMT huge memory footprint, it usually leads to OOME - S8012366: Fix for 8007815 breaks down when only building OpenJDK (without deploy and install forests) - S8013546: compiler/8011901/Test8011901.java fails with CompilationError: Compilation failed - S8013719: Increment build # of hs23.21 to b02 - S8013791: G1: G1CollectorPolicy::initialize_flags() may set min_alignment > max_alignment - S8014264: The applet pathguy_TimeDead throws java.lang.NullPointerException in java console once click drop-down check box. - S8014312: Fork hs23.25 hsx from hs23.21 for jdk7u25 and reinitialize build number - S8014805: NPE is thrown during certpath validation if certificate does not have AuthorityKeyIdentifier extension - S8014850: Third Party License Readme updates for 7u40 - S8014925: Disable sun.reflect.Reflection.getCallerClass(int) with a temporary switch to re-enable it - S8015237: Parallelize string table scanning during strong root processing - S8015411: Bump the hsx build number for 7u21-b50 for customer - S8015441: runThese crashed with assert(opcode == Op_ConP || opcode == Op_ThreadLocal || opcode == Op_CastX2P ..) failed: sanity - S8015576: CMS: svc agent throws java.lang.RuntimeException: No type named "FreeList" in database - S8015668: overload resolution: performance regression in JDK 7 - S8015884: runThese crashed with SIGSEGV, hs_err has an error instead of stacktrace - S8016074: NMT: assertion failed: assert(thread->thread_state() == from) failed: coming from wrong thread state - S8016102: Increment build # of hs23.25 to b02 for 7u25-b31 psu - S8016131: nsk/sysdict/vm/stress/chain tests crash the VM in 'entry_frame_is_first()' - S8016133: Regression: diff. behavior with user-defined SAXParser - S8016157: During CTW: C2: assert(!def_outside->member(r)) failed: Use of external LRG overlaps the same LRG defined in this block - S8016331: Minor issues in event tracing metadata - S8016648: FEATURE_SECURE_PROCESSING set to true or false causes SAXParseException to be thrown - S8016734: Remove extra code due to duplicated push - S8016737: After clicking on "Print UNCOLLATED" button, the print out come in order 'Page 1', 'Page 2', 'Page 1' - S8016740: assert in GC_locker from PSOldGen::expand with -XX:+PrintGCDetails and Verbose - S8016767: Provide man pages generated from DARB for OpenJDK - S8017070: G1: assert(_card_counts[card_num] <= G1ConcRSHotCardLimit) failed - S8017159: Unexclude sun/tools/JMAP/Basic.sh test - S8017173: XMLCipher with RSA_OAEP Key Transport algorithm can't be instantiated - S8017174: NPE when using Logger.getAnonymousLogger or LogManager.getLogManager().getLogger - S8017189: [macosx] AWT program menu disabled on Mac - S8017252: new hotspot build - hs24-b51 - S8017478: Kitchensink crashed with SIGSEGV in BaselineReporter::diff_callsites - S8017483: G1 tests fail with native OOME on Solaris x86 after HeapBaseMinAddress has been increased - S8017510: Add a regression test for 8005956 - S8017566: Backout 8000450 - Cannot access to com.sun.corba.se.impl.orb.ORBImpl - S8017588: SA: jstack -l throws UnalignedAddressException while attaching to core file for java that was started with CMS GC - S8019155: Update makefiles with correct jfr packages - S8019201: Regression: java.awt.image.ConvolveOp throws java.awt.image.ImagingOpException - S8019236: [macosx] Add javadoc to the handleWindowFocusEvent in CEmbeddedFrame - S8019265: [macosx] apple.laf.useScreenMenuBar regression comparing with jdk6 - S8019298: new hotspot build - hs24-b52 - S8019381: HashMap.isEmpty is non-final, potential issues for get/remove - S8019541: 7u40 l10n resource file translation update - S8019587: [macosx] Possibility to set the same frame for the different screens - S8019625: Test compiler/8005956/PolynomialRoot.java timeouts on Solaris SPARCs - S8019628: [macosx] closed/java/awt/Modal/BlockedMouseInputTest/BlockedMouseInputTest.html failed since 7u40b30 on MacOS - S8019826: Test com/sun/management/HotSpotDiagnosticMXBean/SetVMOption.java fails with NPE - S8019933: new hotspot build - hs24-b53 - S8019979: Replace CheckPackageAccess test with better one from closed repo - S8020038: [macosx] Incorrect usage of invokeLater() and likes in callbacks called via JNI from AppKit thread - S8020054: (tz) Support tzdata2013d - S8020155: PSR:PERF G1 not collecting old regions when humongous allocations interfer - S8020215: Different execution plan when using JIT vs interpreter - S8020228: Restore the translated version of logging_xx.properties - S8020298: [macosx] Incorrect merge in the lwawt code - S8020319: Update Japanese man pages for 7u40 - S8020371: [macosx] applets with Drag and Drop fail with IllegalArgumentException - S8020381: new hotspot build - hs24-b54 - S8020425: Product options incorrectly removed in minor version - S8020430: NullPointerException in xml sqe nightly result on 2013-07-12 - S8020433: Crash when using -XX:+RestoreMXCSROnJNICalls - S8020498: Crash when both libnet.so and libmawt.so are loaded - S8020525: Increment build # of hs23.25 to b03 for 7u25-b34 psu - S8020547: Event based tracing needs a UNICODE string type - S8020625: [TESTBUG] java/util/HashMap/OverrideIsEmpty.java doesn't compile for jdk7u - S8020701: Avoid crashes in WatcherThread - S8020796: new hotspot build - hs24-b55 - S8020811: [macosx] Merge fault 7u25-7u40: Missed focus fix JDK-8012330 - S8020940: Valid OCSP responses are rejected for backdated enquiries - S8020983: OutOfMemoryError caused by non garbage collected JPEGImageWriter Instances - S8021008: Provide java and jcmd man pages for Mac (OpenJDK) - S8021148: Regression in SAXParserImpl in 7u40 b34 (NPE) - S8021353: Event based tracing is missing thread exit - S8021381: JavaFX scene included in Swing JDialog not starting from Web Start - S8021565: new hotspot build - hs24-b56 - S8021771: warning stat64 is deprecated - when building on OSX 10.7.5 - S8021946: Disabling sun.reflect.Reflection.getCallerCaller(int) by default breaks several frameworks and libraries - S8022548: SPECJVM2008 has errors introduced in 7u40-b34 - S8023751: Need to backout 8020943, was pushed to hs24 without approval - S8024914: Swapped usage of idx_t and bm_word_t types in bitMap.inline.hpp * New features - RH991170: java does not use correct kerberos credential cache - PR1536: Allow use of system Kerberos to obtain cache location - PR1551: Add build support for Zero AArch64 - PR1552: Add -D_LITTLE_ENDIAN for ARM architectures. - PR1553: Add Debian AArch64 support - PR1554: Fix build on Mac OS X * Bug fixes - RH661505: JPEGs with sRGB IEC61966-2.1 color profiles have wrong colors - RH995488: Java thinks that the default timezone is Busingen instead of Zurich - Cleanup file resources properly in TimeZone_md. - PR1410: Icedtea 2.3.9 fails to build using icedtea 1.12.4 - G477456: emerge fails on pax system: java attempts RWX map, paxctl -m missing - G478484: patches/boot/ecj-diamond.patch FAILED - Fix Zero following changes to entry_frame_call_wrapper in 8016131 - Set ZERO_BUILD in flags.make so it is set on rebuilds - Cast should use same type as GCDrainStackTargetSize (uintx). - Add casts to fix build on S390 * JamVM - JSR292: Invoke Dynamic - sun.misc.Unsafe: additional methods get/putAddress: allows JamVM with OpenJDK 7/8 to run recent versions of JEdit. - FreeClassData: adjust method count for Miranda methods * Patches changes (mostly sync with Fedora) * removed java-1.7.0-openjdk-arm-fixes.patch, fixed upstream * removed java-1.7.0-openjdk-fork.patch, fixed upstream * renamed java-1.7.0-openjdk-bitmap.patch to zero-s8024914.patch * renamed java-1.7.0-openjdk-size_t.patch to zero-size_t.patch * added PStack-808293.patch * added RH661505-toBeReverted.patch * added abrt_friendly_hs_log_jdk7.patch * added gstackbounds.patch * added java-1.7.0-openjdk-freetype-check-fix.patch * added pulse-soundproperties.patch * added rhino.patch * added zero-entry_frame_call_wrapper.patch * added zero-gcdrainstacktargetsize.patch * added zero-zero_build.patch openSUSE 12.3 Update Empty. openSUSE 12.3 Update This update disables compression in openssl by default, as the varying sizes resulting from compression can be used to retrieve plaintext in various cases. (CRIME attack CVE-2012-4929). This update introduces a environment variable OPENSSL_NO_DEFAULT_ZLIB which can be set to "no" to reenable compression in selected services. openSUSE 12.3 Update Xen was updated to 4.2.3 c/s 26170 to fix various bugs and security issues. Following issues were fixed: - bnc#845520 - CVE-2013-4416: xen: ocaml xenstored mishandles oversized message replies - bnc#833483 - Boot Failure with xen kernel in UEFI mode with error "No memory for trampoline" - Improvements to block-dmmd script bnc#828623 - bnc#840196 - MTU size on Dom0 gets reset when booting DomU with e1000 device - bnc#840592 - CVE-2013-4355: XSA-63: xen: Information leaks through I/O instruction emulation - bnc#841766 - CVE-2013-4361: XSA-66: xen: Information leak through fbld instruction emulation - bnc#842511 - CVE-2013-4368: XSA-67: xen: Information leak through outs instruction emulation - bnc#842512 - CVE-2013-4369: XSA-68: xen: possible null dereference when parsing vif ratelimiting info - bnc#842513 - CVE-2013-4370: XSA-69: xen: misplaced free in ocaml xc_vcpu_getaffinity stub - bnc#842514 - CVE-2013-4371: XSA-70: xen: use-after-free in libxl_list_cpupool under memory pressure - bnc#842515 - CVE-2013-4375: XSA-71: xen: qemu disk backend (qdisk) resource leak - bnc#839596 - CVE-2013-1442: XSA-62: xen: Information leak on AVX and/or LWP capable CPUs - bnc#833251 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. - bnc#833796 - Xen: migration broken from xsave-capable to xsave-incapable host - bnc#834751 - [HP BCS SLES11 Bug]: In xen, “shutdown –y 0 –h” cannot power off system - bnc#839600 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and sles11sp3 with xen environment, xen hypervisor will panic on multiple blades nPar. - bnc#833251 - [HP BCS SLES11 Bug]: In HP’s UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. - bnc#835896 - vcpus not started after upgrading Dom0 from 11SP2 to SP3 - bnc#836239 - SLES 11 SP3 Xen security patch does not automatically update UEFI boot binary openSUSE 12.3 Update MozillaFirefox was updated to Firefox 25.0. MozillaThunderbird was updated to Thunderbird 24.1.0. Mozilla XULRunner was updated to 17.0.10esr. Mozilla NSPR was updated to 4.10.1. Changes in MozillaFirefox: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates Changes in MozillaThunderbird: * requires NSS 3.15.2 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates - update to Thunderbird 24.0.1 * fqdn for smtp server name was not accepted (bmo#913785) * fixed crash in PL_strncasecmp (bmo#917955) - update Enigmail to 1.6 * The passphrase timeout configuration in Enigmail is now read and written from/to gpg-agent. * New dialog to change the expiry date of keys * New function to search for the OpenPGP keys of all Address Book entries on a keyserver * removed obsolete enigmail-build.patch Changes in xulrunner: - update to 17.0.10esr (bnc#847708) * require NSS 3.14.4 or above * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers - update to 17.0.9esr (bnc#840485) * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-76/CVE-2013-1718 Miscellaneous memory safety hazards * MFSA 2013-79/CVE-2013-1722 (bmo#893308) Use-after-free in Animation Manager during stylesheet cloning * MFSA 2013-82/CVE-2013-1725 (bmo#876762) Calling scope for new Javascript objects can lead to memory corruption * MFSA 2013-88/CVE-2013-1730 (bmo#851353) Compartment mismatch re-attaching XBL-backed nodes * MFSA 2013-89/CVE-2013-1732 (bmo#883514) Buffer overflow with multi-column, lists, and floats * MFSA 2013-90/CVE-2013-1735/CVE-2013-1736 (bmo#898871, bmo#906301) Memory corruption involving scrolling * MFSA 2013-91/CVE-2013-1737 (bmo#907727) User-defined properties on DOM proxies get the wrong "this" object Changes in mozilla-nspr: - update to version 4.10.1 * bmo#888273: RWIN Scaling (RFC1323) limited to 2 on Windows 7 and 8 (Windows only) * bmo#907512: Unix platforms shouldn't mask errors specific to Unix domain sockets openSUSE 12.3 Update update to 0.13.1 fixes the following security issue: NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314) CVE-2013-4314 openSUSE 12.3 Update The following security issues were fixed: - Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpn_decrypt to address ciphertext injection in UDP mode (CVE-2013-2061, bnc#843509). [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch] Changes in openvpn: - Applied upstream patch changing to use a constant time memcmp when comparing HMACs in openvpn_decrypt to address ciphertext injection in UDP mode (CVE-2013-2061, bnc#843509). [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch] openSUSE 12.3 Update - update to SeaMonkey 2.22 (bnc#847708) * rebased patches * requires NSS 3.15.2 or higher * MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards * MFSA 2013-94/CVE-2013-5593 (bmo#868327) Spoofing addressbar through SELECT element * MFSA 2013-95/CVE-2013-5604 (bmo#914017) Access violation with XSLT and uninitialized data * MFSA 2013-96/CVE-2013-5595 (bmo#916580) Improperly initialized memory and overflows in some JavaScript functions * MFSA 2013-97/CVE-2013-5596 (bmo#910881) Writing to cycle collected object during image decoding * MFSA 2013-98/CVE-2013-5597 (bmo#918864) Use-after-free when updating offline cache * MFSA 2013-99/CVE-2013-5598 (bmo#920515) Security bypass of PDF.js checks using iframes * MFSA 2013-100/CVE-2013-5599/CVE-2013-5600/CVE-2013-5601 (bmo#915210, bmo#915576, bmo#916685) Miscellaneous use-after-free issues found through ASAN fuzzing * MFSA 2013-101/CVE-2013-5602 (bmo#897678) Memory corruption in workers * MFSA 2013-102/CVE-2013-5603 (bmo#916404) Use-after-free in HTML document templates openSUSE 12.3 Update - Applied upstream fix for a denial-of-service and authorization bypass vulnerability via crafted ID payload in strongswan 4.3.3 up to 5.1.0 (CVE-2013-6075, bnc#847506). [0005-strongswan-4.3.3_5.1.0-bnc-847506-CVE-2013-6075.patch] - Added missed references to patch file 0003. openSUSE 12.3 Update This update fixes the following security issue with varnish: - bnc#848451, CVE-2013-4484: fixed denial of service flaw in certain GET requests when using certain configurations in Varnish Cache handling openSUSE 12.3 Update security issue fixed in apache2-mod_fcgid: loop counter handled incorrectly, leading to SEGV and "Premature end of script headers" errors. [bnc#844935] CVE-2013-4365 This patch will be obsoleted by the next version update (to 2.3.9 or higher). openSUSE 12.3 Update the following security issues were fixed in wireshark: * The IEEE 802.15.4 dissector could crash wnpa-sec-2013-61 CVE-2013-6336 * The NBAP dissector could crash wnpa-sec-2013-62 CVE-2013-6337 * The SIP dissector could crash wnpa-sec-2013-63 CVE-2013-6338 * The OpenWire dissector could go into a large loop wnpa-sec-2013-64 CVE-2013-6339 * The TCP dissector could crash wnpa-sec-2013-65 CVE-2013-6340 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html openSUSE 12.3 Update - update to 5.0.26 [bnc#848594] * Added the .cf TLD server. * Updated the .bi TLD server. * Added a new ASN allocation. - includes changes from 5.0.25 * Added the .ax, .bn, .iq, .pw and .rw TLD servers. * Updated one or more translations. - includes updates changes 5.0.24: * Merged documentation fixes and the whois.conf(5) man page * Added a new ASN allocation. * Updated one or more translations. - includes changes from 5.0.23 * whois.nic.or.kr switched from EUC-KR to UTF-8. - includes changes from 5.0.22 * Fixed cross-compiling - includes changes from 5.0.21 * Fixed parsing of 6to4 addresses * Added the .xn--j1amh (.??????, Ukraine) TLD server. * Updated the .bi, .se and .vn TLD servers. * Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken. * Updated some disclaimer suppression strings. * Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling. - includes changes form 5.0.20 * Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. * Added the .bw, .td, .xn--mgb9awbf (????????., Oman), .xn--mgberp4a5d4ar (.????????????????, Saudi Arabia) and .xn--mgbx4cd0ab (??????????????????., Malaysia) TLD servers. * Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (??????????., Iran) TLD servers. - includes changes from 5.0.19 * Added the .post TLD server. * Updated the .co.za SLD servers. * Added the .alt.za, .net.za and .web.za SLD servers. * whois.ua changed (?) the encoding to utf-8. * Fixed the parsing of 6to4 addresses like whois 2002:xxxx::. - includes changes from 5.0.18 * Updated the .ae and .xn--mgbaam7a8h (.????????????, United Arabs Emirates) TLDs. * Updated the server charset table for .fr and .it. - includes changes from whois 5.0.17 * Updated the .bi, .fo, .gr and .gt TLD servers. * Removed support for recursion of .org queries, it has been a thick registry since 2005. - includes changes from 5.0.16 * Added the .xn--80ao21a (.??????, Kazakhstan) TLD server. * Updated the .ec and .ee TLD servers. * Removed the .xn--mgbc0a9azcg (.????????????, Morocco) and .xn--mgberp4a5d4ar (.????????????????, Saudi Arabia) TLD servers. * Added a new ASN allocation. * Updated one or more translations. - includes changes from 5.0.15 * Added the .xn--mgba3a4f16a (??????????., Iran) TLD server. * Updated the .pe TLD server, this time for real. * Updated one or more translations. - includes changes from 5.0.14 * Added the .sx TLD server. * Updated the .pe TLD server. - includes changes from 5.0.13 * Updated the .hr TLD server. * Improved the package description * Updated the FSF address in licenses. - includes changes from 5.0.12 * Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE). * Add the "+" flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the "a" and "n" flags. No thanks to ARIN for breaking every whois client. * Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.??????, Korea), .xn--45brj9c (.????????????, India, Bengali), .xn--90a3ac (.??????, Serbia), .xn--clchc0ea0b2g2a9gcd (.?????????????????????????????????, Singapore, Tamil), .xn--fpcrj9c3d (.???????????????, India, Telugu), .xn--fzc2c9e2c (.????????????, Sri Lanka, Sinhala), .xn--gecrj9c (.????????????, India, Gujarati), .xn--h2brj9c (.????????????, India, Hindi), .xn--lgbbat1ad8j (.??????????????, Algeria), .xn--mgbayh7gpa (.????????????, Jordan), .xn--mgbbh1a71e (.??????????, India, Urdu), .xn--mgbc0a9azcg (.????????????, Morocco), .xn--ogbpf8fl (.??????????, Syria), .xn--s9brj9c (.????????????, India, Punjabi), .xn--xkc2al3hye2a (.??????????????????, Sri Lanka, Tamil), .xn--wgbl6a (.??????, Qatar), .xn--xkc2dl3a5ee0h (.?????????????????????, India, Tamil), .xn--yfro4i67o (.?????????, Singapore, Chinese) and .xxx TLD servers. (Closes: #642424), * Added the .priv.at pseudo-SLD server. * Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478) * Added a new ASN allocation. * Fixed a typo and -t syntax in whois(1). (Closes: #614973, #632588) * Made whois return an error in some cases, code contributed by David Souther. * Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE. * mkpasswd: stop rejecting non-ASCII characters. * mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483. * mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default. * mkpasswd: removed support for 2 and {SHA}, which actually are not supported by FreeBSD and libxcrypt. - packaging changes * removed patches accepted upstream: whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-prefix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfish-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.diff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff * removed patches no longer required: whois-5.0.11-mkpasswd-fix-compiler-warnings.diff * updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch * verify source signatures - crypt_gensalt moved to separate library libowcrypt (fate#314945) - update to 5.0.26 [bnc#848594] * Added the .cf TLD server. * Updated the .bi TLD server. * Added a new ASN allocation. - includes changes from 5.0.25 * Added the .ax, .bn, .iq, .pw and .rw TLD servers. * Updated one or more translations. - includes updates changes 5.0.24: * Merged documentation fixes and the whois.conf(5) man page * Added a new ASN allocation. * Updated one or more translations. - includes changes from 5.0.23 * whois.nic.or.kr switched from EUC-KR to UTF-8. - includes changes from 5.0.22 * Fixed cross-compiling - includes changes from 5.0.21 * Fixed parsing of 6to4 addresses * Added the .xn--j1amh (.??????, Ukraine) TLD server. * Updated the .bi, .se and .vn TLD servers. * Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken. * Updated some disclaimer suppression strings. * Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling. - includes changes form 5.0.20 * Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. * Added the .bw, .td, .xn--mgb9awbf (????????., Oman), .xn--mgberp4a5d4ar (.????????????????, Saudi Arabia) and .xn--mgbx4cd0ab (??????????????????., Malaysia) TLD servers. * Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (??????????., Iran) TLD servers. - includes changes from 5.0.19 * Added the .post TLD server. * Updated the .co.za SLD servers. * Added the .alt.za, .net.za and .web.za SLD servers. * whois.ua changed (?) the encoding to utf-8. * Fixed the parsing of 6to4 addresses like whois 2002:xxxx::. - includes changes from 5.0.18 * Updated the .ae and .xn--mgbaam7a8h (.????????????, United Arabs Emirates) TLDs. * Updated the server charset table for .fr and .it. - includes changes from whois 5.0.17 * Updated the .bi, .fo, .gr and .gt TLD servers. * Removed support for recursion of .org queries, it has been a thick registry since 2005. - includes changes from 5.0.16 * Added the .xn--80ao21a (.??????, Kazakhstan) TLD server. * Updated the .ec and .ee TLD servers. * Removed the .xn--mgbc0a9azcg (.????????????, Morocco) and .xn--mgberp4a5d4ar (.????????????????, Saudi Arabia) TLD servers. * Added a new ASN allocation. * Updated one or more translations. - includes changes from 5.0.15 * Added the .xn--mgba3a4f16a (??????????., Iran) TLD server. * Updated the .pe TLD server, this time for real. * Updated one or more translations. - includes changes from 5.0.14 * Added the .sx TLD server. * Updated the .pe TLD server. - includes changes from 5.0.13 * Updated the .hr TLD server. * Improved the package description * Updated the FSF address in licenses. - includes changes from 5.0.12 * Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE). * Add the "+" flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the "a" and "n" flags. No thanks to ARIN for breaking every whois client. * Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.??????, Korea), .xn--45brj9c (.????????????, India, Bengali), .xn--90a3ac (.??????, Serbia), .xn--clchc0ea0b2g2a9gcd (.?????????????????????????????????, Singapore, Tamil), .xn--fpcrj9c3d (.???????????????, India, Telugu), .xn--fzc2c9e2c (.????????????, Sri Lanka, Sinhala), .xn--gecrj9c (.????????????, India, Gujarati), .xn--h2brj9c (.????????????, India, Hindi), .xn--lgbbat1ad8j (.??????????????, Algeria), .xn--mgbayh7gpa (.????????????, Jordan), .xn--mgbbh1a71e (.??????????, India, Urdu), .xn--mgbc0a9azcg (.????????????, Morocco), .xn--ogbpf8fl (.??????????, Syria), .xn--s9brj9c (.????????????, India, Punjabi), .xn--xkc2al3hye2a (.??????????????????, Sri Lanka, Tamil), .xn--wgbl6a (.??????, Qatar), .xn--xkc2dl3a5ee0h (.?????????????????????, India, Tamil), .xn--yfro4i67o (.?????????, Singapore, Chinese) and .xxx TLD servers. (Closes: #642424), * Added the .priv.at pseudo-SLD server. * Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478) * Added a new ASN allocation. * Fixed a typo and -t syntax in whois(1). (Closes: #614973, #632588) * Made whois return an error in some cases, code contributed by David Souther. * Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE. * mkpasswd: stop rejecting non-ASCII characters. * mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483. * mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default. * mkpasswd: removed support for 2 and {SHA}, which actually are not supported by FreeBSD and libxcrypt. - packaging changes * removed patches accepted upstream: whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-prefix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfish-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.diff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff * removed patches no longer required: whois-5.0.11-mkpasswd-fix-compiler-warnings.diff * updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch * verify source signatures - crypt_gensalt moved to separate library libowcrypt (fate#314945) openSUSE 12.3 Update Security and bugfix update to Chromium 31.0.1650.57 - Update to Chromium 31.0.1650.57: - Security Fixes: * CVE-2013-6632: Multiple memory corruption issues. - Update to Chromium 31.0.1650.48 Stable Channel update: - Security fixes: * CVE-2013-6621: Use after free related to speech input elements.. * CVE-2013-6622: Use after free related to media elements. * CVE-2013-6623: Out of bounds read in SVG. * CVE-2013-6624: Use after free related to “id” attribute strings. * CVE-2013-6625: Use after free in DOM ranges. * CVE-2013-6626: Address bar spoofing related to interstitial warnings. * CVE-2013-6627: Out of bounds read in HTTP parsing. * CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. * CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. * CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. * CVE-2013-6631: Use after free in libjingle. - Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes: + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Enable ARM build for Chromium. openSUSE 12.3 Update the following security issues were fixed in samba: - ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). - Fix memleak in reload_printers_full(); (bso#9993). - Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). - s3: smb2 breaks "smb encryption = mandatory"; (bso#10167). - Missing talloc_free can leak stackframe in error path; (bso#10187). - Offline logon cache not updating for cross child domain group membership; (bso#10194). - The preceding bugs are tracked by (bnc#849226) too. - Make Samba work on site with Read Only Domain Controller; (bso#5917). - Give machine password changes 10 minutes of time; (bso#8955). - NetrServerPasswordSet2 timeout is too short; (bso#8955). - Fix fallback to ncacn_np in cm_connect_lsat(); (bso#9615); (bso#9899). - s3-winbind: Do not delete an existing valid credential cache; (bso#9994). - 'net ads join': Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073). - Fix variable list in man vfs_crossrename; (bso#10076). - MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). - Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). - Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). - Fix 'smbstatus' as non-root user; (bso#10127). - The preceding bugs are tracked by (bnc#849226) too. - Windows 8 Roaming profiles fail; (bso#9678). - Linux kernel oplock breaks can miss signals; (bso#10064). - The preceding bugs are tracked by (bnc#849226) too. - Verify source tar ball gpg signature. - Store and return the correct spoolss jobid in notifications; (bnc#838472). - Reload snums before processing the printer list. (bnc#817880). openSUSE 12.3 Update This update fixes the following security issue with krb5: - bnc#849240, CVE-2013-1418: fix Multi-realm KDC null deref openSUSE 12.3 Update the following security issues were fixed in mozilla-nss and mozilla nspr: - mozilla-nss: + update to 3.15.3 (bnc#850148) * CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) * NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) * fix CVE-2013-5605 - mozilla-nspr: + update to version 4.10.2 relevant changes: * bmo#770534: possible pointer overflow in PL_ArenaAllocate() * bmo#888546: ptio.c:PR_ImportUDPSocket doesn't work openSUSE 12.3 Update librsvg was updated to fix a denial a XML External Entity Inclusion problem, where files on the system could be imported into the SVG. (CVE-2013-1881) openSUSE 12.3 Update The nginx webserver was fixed to avoid a restriction bypass when a space in not correctly escaped. (CVE-2013-4547) On openSUSE 12.2, nginx was updated to version 1.4.4 stable * CVE-2013-4547 a character following an unescaped space in a request line was handled incorrectly [bnc#851295] * bugfix: segmentation fault might occur in the spdy module * bugfix: segmentation fault might occur on start if if the "try_files" directive was used with an empty parameter. openSUSE 12.3 Update - it fixes config directory permission and owner for bnc#811369 CVE-2013-1090 openSUSE 12.3 Update This update fixes the following issues with subversion: - bnc#850747: update to 1.7.14 * CVE-2013-4505: mod_dontdothat does not restrict requests from serf clients. * CVE-2013-4558: mod_dav_svn assertion triggered by autoversioning commits. + Client- and server-side bugfixes: * fix assertion on urls of the form 'file://./' + Client-side bugfixes: * upgrade: fix an assertion when used with pre-1.3 wcs * fix externals that point at redirected locations * diff: fix incorrect calculation of changes in some cases * diff: fix errors with added/deleted targets + Server-side bugfixes: * mod_dav_svn: Prevent crashes with some 3rd party modules * fix OOM on concurrent requests at threaded server start * fsfs: limit commit time of files with deep change histories * mod_dav_svn: canonicalize paths properly + Other tool improvements and bugfixes: * mod_dontdothat: Fix the uri parser + Developer-visible changes: * javahl: canonicalize path for streamFileContent method + require python-sqlite when running regression tests openSUSE 12.3 Update The following security issue was fixed in ruby19: openSUSE 12.3 Update This update fixes the following security issues with curl: - fix CVE-2013-4545 (bnc#849596) = acknowledge VERIFYHOST without VERIFYPEER openSUSE 12.3 Update This update fixes the following security issue with nodejs: - fix CVE-2013-4450: nodejs: HTTP Pipelining DoS (bnc#846808) CVE-2013-4450-v0.10.x.patch: contains the fix openSUSE 12.3 Update This update fixes the following security issue with thttpd: - fix CVE-2013-0348 (bnc#853381) * don't create a world readable logfile openSUSE 12.3 Update The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. * distrust: AC DG Tresor SSL (bnc#854367) * new: CA_Disig_Root_R1:2.9.0.195.3.154.238.80.144.110.40.crt server auth, code signing, email signing * new: CA_Disig_Root_R2:2.9.0.146.184.136.219.176.138.193.99.crt server auth, code signing, email signing * new: China_Internet_Network_Information_Center_EV_Certificates_Root:2.4.72.159.0.1.crt server auth * changed: Digital_Signature_Trust_Co._Global_CA_1:2.4.54.112.21.150.crt removed code signing and server auth abilities * changed: Digital_Signature_Trust_Co._Global_CA_3:2.4.54.110.211.206.crt removed code signing and server auth abilities * new: D-TRUST_Root_Class_3_CA_2_2009:2.3.9.131.243.crt server auth * new: D-TRUST_Root_Class_3_CA_2_EV_2009:2.3.9.131.244.crt server auth * removed: Equifax_Secure_eBusiness_CA_2:2.4.55.112.207.181.crt * new: PSCProcert:2.1.11.crt server auth, code signing, email signing * new: Swisscom_Root_CA_2:2.16.30.158.40.232.72.242.229.239.195.124.74.30.90.24.103.182.crt server auth, code signing, email signing * new: Swisscom_Root_EV_CA_2:2.17.0.242.250.100.226.116.99.211.141.253.16.29.4.31.118.202.88.crt server auth, code signing * changed: TC_TrustCenter_Universal_CA_III:2.14.99.37.0.1.0.2.20.141.51.21.2.228.108.244.crt removed all abilities * new: TURKTRUST_Certificate_Services_Provider_Root_2007:2.1.1.crt server auth, code signing * changed: TWCA_Root_Certification_Authority:2.1.1.crt added code signing ability openSUSE 12.3 Update - Update to Chromium 31.0.1650.63 Stable channel update: - Security fixes: * CVE-2013-6634: Session fixation in sync related to 302 redirects * CVE-2013-6635: Use-after-free in editing * CVE-2013-6636: Address bar spoofing related to modal dialogs * CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. * CVE-2013-6638: Buffer overflow in v8 * CVE-2013-6639: Out of bounds write in v8. * CVE-2013-6640: Out of bounds read in v8 * and 12 other security fixes. - Remove the build flags to build according to the Chrome ffmpeg branding and the proprietary codecs. (bnc#847971) openSUSE 12.3 Update - fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch. - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch. openSUSE 12.3 Update - update to Firefox 26.0 (bnc#854367, bnc#854370) * rebased patches * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - removed gecko.js preference file as GStreamer is enabled by default now openSUSE 12.3 Update - update to Thunderbird 24.2.0 (bnc#854370) * requires NSS 3.15.3.1 or higher * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - update to Thunderbird 24.1.1 * requires NSPR 4.10.2 and NSS 3.15.3 for security reasons * fix binary compatibility issues for patch level updates (bmo#927073) openSUSE 12.3 Update - added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER["socket"] 443 block), but when you utilize SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled) - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free - added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER["socket"] 443 block), but when you utilize SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled) - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free - added cve-2013-4508.patch and cve-2013-4508-regression-bug729480.patch: (bnc#849059) When defining an ssl.cipher-list, it works for the 'default' HTTPS setup ($SERVER["socket"] 443 block), but when you utilize SNI ($HTTP["host"] blocks within the $SERVER["socket"] block) the ssl.cipher-list seems to not inherit into the host blocks and instead will default to include all of the available openssl ciphers (except SSL v2/v3 based if those are disabled) - added cve-2013-4559.patch (bnc#850468) check success of setuid,setgid,setgroups - added cve-2013-4560.patch (bnc#850469) FAM: fix use after free openSUSE 12.3 Update This update fixes the following security issue with mozilla-nss: - update to 3.15.3.1 (bnc#854367) * includes certstore update (1.95) (bmo#946351) (explicitely distrust AC DG Tresor SSL) - adapt specfile to ppc64le openSUSE 12.3 Update This update fixes the following security issue with rubygem-i18n: - fix bnc#854166: CVE-2013-4492: rubygem-i18n: missing translation XSS. File CVE-2013-4492.patch.i18n.0.6.x contains the fix. openSUSE 12.3 Update This update fixes the following security issue with openttd: - add patch 60.patch: Aircraft crashing near the map's border due to a lack of airports could trigger a crash [CVE-2013-6411] [FS#5820] (bnc#853041) openSUSE 12.3 Update This update fixes the following security issues with rubygem-activesupport-3_2: - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) File CVE-2013-4389.patch contains the fix. openSUSE 12.3 Update This update fixes the following security issue with rubygem-actionmailer-3_2: - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) File CVE-2013-4389.patch contains the fix. openSUSE 12.3 Update This update fixes the following security issues with rubygem-actionpack-3_2: - fix CVE-2013-4389: rubygem-actionmailer-3_1: possible DoS vulnerability in the log subscriber component (bnc#846239) File CVE-2013-4389.patch contains the fix. - fix CVE-2013-4491: rubygem-actionpack: i18n missing translation XSS (bnc#853625). File CVE-2013-4491.patch contains the patch - fix CVE-2013-6414: rubygem-actionpack: Action View DoS (bnc#853633). File CVE-2013-6414.patch contains the patch. - fix CVE-2013-6415: rubygem-actionpack: number_to_currency XSS (bnc#853632). File CVE-2013-6415.patch contains the patch. - fix CVE-2013-6417: rubygem-actionpack: unsafe query generation risk (incomplete fix for CVE-2013-0155) (bnc#853627). File CVE-2013-6417.patch contains the patch. openSUSE 12.3 Update This update fixes the following security issues with SeaMonkey: - update to SeaMonkey 2.23 (bnc#854370)) * requires NSPR 4.10.2 and NSS 3.15.3.1 * MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards * MFSA 2013-105/CVE-2013-5611 (bmo#771294) Application Installation doorhanger persists on navigation * MFSA 2013-106/CVE-2013-5612 (bmo#871161) Character encoding cross-origin XSS attack * MFSA 2013-107/CVE-2013-5614 (bmo#886262) Sandbox restrictions not applied to nested object elements * MFSA 2013-108/CVE-2013-5616 (bmo#938341) Use-after-free in event listeners * MFSA 2013-109/CVE-2013-5618 (bmo#926361) Use-after-free during Table Editing * MFSA 2013-110/CVE-2013-5619 (bmo#917841) Potential overflow in JavaScript binary search algorithms * MFSA 2013-111/CVE-2013-6671 (bmo#930281) Segmentation violation when replacing ordered list elements * MFSA 2013-112/CVE-2013-6672 (bmo#894736) Linux clipboard information disclosure though selection paste * MFSA 2013-113/CVE-2013-6673 (bmo#970380) Trust settings for built-in roots ignored during EV certificate validation * MFSA 2013-114/CVE-2013-5613 (bmo#930381, bmo#932449) Use-after-free in synthetic mouse movement * MFSA 2013-115/CVE-2013-5615 (bmo#929261) GetElementIC typed array stubs can be generated outside observed typesets * MFSA 2013-116/CVE-2013-6629/CVE-2013-6630 (bmo#891693) JPEG information leak * MFSA 2013-117 (bmo#946351) Mis-issued ANSSI/DCSSI certificate (fixed via NSS 3.15.3.1) - rebased patches: * mozilla-nongnome-proxies.patch * mozilla-shared-nss-db.patch openSUSE 12.3 Update - Update spec-file to fit the changes in V8 (addition of internal ICU) * Building against system ICU * Regenerate Makefiles before using them - Update to 3.22.24.8 - Security fixes (bnc#854473): * CVE-2013-6638: Buffer overflow in v8 * CVE-2013-6639: Out of bounds write in v8 * CVE-2013-6640: Out of bounds read in v8 openSUSE 12.3 Update Fixed CVE-2013-3709: make the secret token file (secret_token.rb) readable only for the webyast user to avoid forging the session cookie (bnc#851116) openSUSE 12.3 Update - security update * CVE-2013-6420.patch [bnc#854880] * CVE-2013-6712.patch [bnc#853045] * CVE-2013-4248.patch [bnc#837746] openSUSE 12.3 Update - openSUSE 12.2 and 12.3: update to 1.8.12 [bnc#855980] + vulnerabilities fixed: * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html - openSUSE 13.1: update to 1.10.4 [bnc#855980] + vulnerabilities fixed: * The SIP dissector could go into an infinite loop. wnpa-sec-2013-66 CVE-2013-7112 * The BSSGP dissector could crash. wnpa-sec-2013-67 CVE-2013-7113 * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. wnpa-sec-2013-68 CVE-2013-7114 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.4.html openSUSE 12.3 Update The X server was updated to fix a possible X server crash using invalid trapezoids. (bnc#853846 CVE-2013-6424) openSUSE 12.3 Update - Added pixman-bnc853824-bfo67484-CVE-2013-6425-fix-underflow.patch for bnc#853824. Fixes an integer underflow bug which can cause a crash. openSUSE 12.3 Update - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch - compression_methods_switch.patch: setenv might not be successful if a surrounding library or application filters it, like e.g. sudo. As setenv() does not seem to be useful anyway, remove it. bnc#849377 openSUSE 12.3 Update nagios was updated to fix a possible denial of service in CGI executables. openSUSE 12.3 Update This update of openssl fixes several security issues. - Fixed bnc#857203, openssl: crash in DTLS renegotiation after packet loss Add file: CVE-2013-6450.patch - Fixed bnc#856687, openssl: crash when using TLS 1.2 Add file: CVE-2013-6449.patch openSUSE 12.3 Update - Fixes XML Entity Expansion Denial of Service (bnc#856832, CVE-2013-4549) * add backported patch libqt4-disallow-deep-or-widely-nested-entity-references.patch * add backported patch libqt4-fully-expand-all-entities.patch openSUSE 12.3 Update - imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 (bnc#856837) * core: Add an Icinga syntax plugin for Vim #4150 - LE/MF * core: Document dropped options log_external_commands_user and event_profiling_enabled #4957 - BA * core: type in spec file on ido2db startup #5000 - MF * core: Build fails: xdata/xodtemplate.c requires stdint.h #5021 - SH * classic ui: fix status output in JSON format not including short and long plugin output properly #5217 - RB * classic ui: fix possible buffer overflows #5250 - RB * classic ui: fix Off-by-one memory access in process_cgivars() #5251 - RB * idoutils: idoutils oracle compile error #5059 - TD * idoutils: Oracle update script 1.10.0 failes while trying to drop nonexisting index #5256 - RB - imported upstream version 1.10.1 * core: add line number information to config verification error messages #4967 - GB * core/idoutils: revert check_source attribute due to mod_gearman manipulating in-memory checkresult list #4958 - MF ** classic ui/idoutils schema: functionality is kept only for Icinga 2 support * classic ui: fix context help on mouseover in cmd.cgi (Marc-Christian Petersen) #4971 - MF * classic ui: correction of colspan value in status.cgi (Bernd Arnold) #4961 - MF * idoutils: fix pgsql update script #4953 - AW/MF * idoutils: fix logentry_type being integer, not unsigned long (thx David Mikulksi) #4953 - MF - fixed file permission of icingastats - bnc#851619 - switch to all unhandled problems per default in index.html openSUSE 12.3 Update - add lightdm-gtk-greeter-handle-invalid-user.patch in order to fix a NULL pointer dereference after authentication of an invalid username has failed (bnc#857303, CVE-2014-0979) - add lightdm-gtk-greeter-invalid-last_session.patch fix segfault when last_session is an invalid session (lp#1161883) - add lightdm-gtk-greeter-fix-login.patch in order to fix login/unlock detection openSUSE 12.3 Update - Fixed bnc#857640, openssl: TLS record tampering issue can lead to OpenSSL crash Add file: CVE-2013-4353.patch openSUSE 12.3 Update - U_CVE-2013-6462-unlimited-sscanf-overflows-stack-buffe.patch * unlimited sscanf overflows stack buffer in bdfReadCharacters() (CVE-2013-6462, bnc#854915) openSUSE 12.3 Update - Add gnumeric-CVE-2013-6836.patch: fix Heap-buffer-overflow in ms_escher_get_data on a fuzzed xls file (bnc#856254, bgo#712772, CVE-2013-6838). openSUSE 12.3 Update Hardening: - cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch fixes the systemd cups.socket file so that systemd listens only on localhost (bnc#857372). openSUSE 12.3 Update - fix-CVE-2013-6402.dif fixes hardcoded file name /tmp/hp-pkservice.log in pkit.py (bnc#852368). - disable_hp-upgrade.patch disables hp-upgrade/upgrade.py for security reasons (bnc#853405). To upgrade HPLIP an openSUSE software package manager like YaST or zypper should be used. (CVE-2013-6427) openSUSE 12.3 Update - Fix a file conflict between -devel and -headless package - Update to 2.4.4 (bnc#858818) * changed from xz to gzipped tarball as the first was not available during update * changed a keyring file due release manager change new one is signed by 66484681 from omajid@redhat.com, see http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2014-January/025800.html * Security fixes - S6727821: Enhance JAAS Configuration - S7068126, CVE-2014-0373: Enhance SNMP statuses - S8010935: Better XML handling - S8011786, CVE-2014-0368: Better applet networking - S8021257, S8025022, CVE-2013-5896 : com.sun.corba.se.** should be on restricted package list - S8021271, S8021266, CVE-2014-0408: Better buffering in ObjC code - S8022904: Enhance JDBC Parsers - S8022927: Input validation for byte/endian conversions - S8022935: Enhance Apache resolver classes - S8022945: Enhance JNDI implementation classes - S8023057: Enhance start up image display - S8023069, CVE-2014-0411: Enhance TLS connections - S8023245, CVE-2014-0423: Enhance Beans decoding - S8023301: Enhance generic classes - S8023338: Update jarsigner to encourage timestamping - S8023672: Enhance jar file validation - S8024302: Clarify jar verifications - S8024306, CVE-2014-0416: Enhance Subject consistency - S8024530: Enhance font process resilience - S8024867: Enhance logging start up - S8025014: Enhance Security Policy - S8025018, CVE-2014-0376: Enhance JAX-P set up - S8025026, CVE-2013-5878: Enhance canonicalization - S8025034, CVE-2013-5907: Improve layout lookups - S8025448: Enhance listening events - S8025758, CVE-2014-0422: Enhance Naming management - S8025767, CVE-2014-0428: Enhance IIOP Streams - S8026172: Enhance UI Management - S8026176: Enhance document printing - S8026193, CVE-2013-5884: Enhance CORBA stub factories - S8026204: Enhance auth login contexts - S8026417, CVE-2013-5910: Enhance XML canonicalization - S8026502: java/lang/invoke/MethodHandleConstants.java fails on all platforms - S8027201, CVE-2014-0376: Enhance JAX-P set up - S8029507, CVE-2013-5893: Enhance JVM method processing - S8029533: REGRESSION: closed/java/lang/invoke/8008140/Test8008140.java fails agains * Backports - S8025255: (tz) Support tzdata2013g - S8026826: JDK 7 fix for 8010935 broke the build * Bug fixes - PR1618: Include defs.make in vm.make so VM_LITTLE_ENDIAN is defined on Zero builds - D729448: 32-bit alignment on mips and mipsel - PR1623: Collision between OpenJDK 6 & 7 classes when bootstrapping with OpenJDK 6 - Add update.py, helper script to download openjdk tarballs from hg repo - Buildrequire quilt unconditionally as it's used unconditionally. - Really disable tests on non-JIT architectures. (from Ulrich Weigand) - Add headless subpackage wich does not require X and pulse/alsa - Add accessibility to extra subpackage, which requires new java-atk-wrapper package * removed java-1.7.0-openjdk-java-access-bridge-idlj.patch * removed java-1.7.0-openjdk-java-access-bridge-tck.patch * removed java-access-bridge-1.26.2.tar.bz2 - Refreshed * java-1.7.0-openjdk-java-access-bridge-security.patch - Add a support for running tests using --with tests * this is ignored on non-jit architectures - Prefer global over define as bcond_with does use them - Forward declare aarch64 arch macro - Define archbuild/archinstall macros for arm and aarch64 * remove a few ifarch conditions by using those macros in filelist - Need ecj-bootstrap in bootstrap mode (noted by mmatz) - Don't install vim and quilt in bootstrap mode - A few enhancenments of bootstrap mode * usable wia --with bootstrap * disable docs, javadoc package * fix configure arguments on bootstrap - Add the unversioned SDK directory link to the files list of -devel package (fixes update-alternatives from %post). - Add support for bootstrapping with just gcj (using included ecj directly). Increase stacksize for powerpc (amends java-1.7.0-openjdk-ppc-zero-jdk.patch). Add support for ppc64le. - fix stackoverflow for powerpc (java-1_7_0-openjdk-ppc-stackoverflow.patch) openSUSE 12.3 Update - fixes potentially poor random number generation for users who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors and 4) have no state file in their DataDirectory (as would happen on first start). Users who generated relay or hidden service identity keys in such a situation should discard them and generate new ones. No 2 is not the default configuration for openSUSE. [bnc#859421] [CVE-2013-7295] - added patches: * tor-0.2.3.x-CVE-2013-7295.patch openSUSE 12.3 Update poppler was updated to fix a security issue: - Fix a DoS due to a format string error (bnc#859427 CVE-2013-7296) openSUSE 12.3 Update - Update to version 9.9.4P2 * Fixes named crash when handling malformed NSEC3-signed zones (CVE-2014-0591, bnc#858639) * Obsoletes workaround-compile-problem.diff - Replace rpz2+rl-9.9.3-P1.patch by rpz2-9.9.4.patch, rl is now supported upstream (--enable-rrl). openSUSE 12.3 Update Running QEMU in a configuration with more than 256 emulated SCSI devices attached could have caused a buffer overflow when the guest issues a REPORT LUNS command. Fix this as part of upgrading to the latest stable version on 13.1. Also fix unintentional building against gtk2 rather than gtk3 on 13.1, and fix serial retry logic on 12.3. openSUSE 12.3 Update - Update to version 2.10.8 (bnc#861019): + General: Python build scripts and example plugins are now compatible with Python 3 (pidgin.im#15624). + libpurple: - Fix potential crash if libpurple gets an error attempting to read a reply from a STUN server (CVE-2013-6484). - Fix potential crash parsing a malformed HTTP response (CVE-2013-6479). - Fix buffer overflow when parsing a malformed HTTP response with chunked Transfer-Encoding (CVE-2013-6485). - Better handling of HTTP proxy responses with negative Content-Lengths. - Fix handling of SSL certificates without subjects when using libnss. - Fix handling of SSL certificates with timestamps in the distant future when using libnss (pidgin.im#15586). - Impose maximum download size for all HTTP fetches. + Pidgin: - Fix crash displaying tooltip of long URLs (CVE-2013-6478). - Better handling of URLs longer than 1000 letters. - Fix handling of multibyte UTF-8 characters in smiley themes (pidgin.im#15756). + AIM: Fix untrusted certificate error. + AIM and ICQ: Fix a possible crash when receiving a malformed message in a Direct IM session. + Gadu-Gadu: - Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle (CVE-2013-6487). - Disabled buddy list import/export from/to server. - Disabled new account registration and password change options. + IRC: - Fix bug where a malicious server or man-in-the-middle could trigger a crash by not sending enough arguments with various messages (CVE-2014-0020). - Fix bug where initial IRC status would not be set correctly. - Fix bug where IRC wasn't available when libpurple was compiled with Cyrus SASL support (pidgin.im#15517). + MSN: - Fix NULL pointer dereference parsing headers in MSN (CVE-2013-6482). - Fix NULL pointer dereference parsing OIM data in MSN (CVE-2013-6482). - Fix NULL pointer dereference parsing SOAP data in MSN (CVE-2013-6482). - Fix possible crash when sending very long messages. Not remotely-triggerable. + MXit: - Fix buffer overflow with remote code execution potential (CVE-2013-6487). - Fix sporadic crashes that can happen after user is disconnected. - Fix crash when attempting to add a contact via search results. - Show error message if file transfer fails. - Fix compiling with InstantBird. - Fix display of some custom emoticons. + SILC: Correctly set whiteboard dimensions in whiteboard sessions. + SIMPLE: Fix buffer overflow with remote code execution potential (CVE-2013-6487). + XMPP: - Prevent spoofing of iq replies by verifying that the 'from' address matches the 'to' address of the iq request (CVE-2013-6483). - Fix crash on some systems when receiving fake delay timestamps with extreme values (CVE-2013-6477). - Fix possible crash or other erratic behavior when selecting a very small file for your own buddy icon. - Fix crash if the user tries to initiate a voice/video session with a resourceless JID. - Fix login errors when the first two available auth mechanisms fail but a subsequent mechanism would otherwise work when using Cyrus SASL (pidgin.im#15524). - Fix dropping incoming stanzas on BOSH connections when we receive multiple HTTP responses at once (pidgin.im#15684). + Yahoo!: - Fix possible crashes handling incoming strings that are not UTF-8 (CVE-2012-6152). - Fix a bug reading a peer to peer message where a remote user could trigger a crash (CVE-2013-6481). + Plugins: - Fix crash in contact availability plugin. - Fix perl function Purple::Network::ip_atoi. - Add Unity integration plugin. + Windows specific fixes: (CVE-2013-6486, pidgin.im#15520, pidgin.im#15521, bgo#668154). - Drop pidgin-irc-sasl.patch, fixed upstream. - Obsolete pidgin-facebookchat: the package is no longer maintained and pidgin as built-in support for Facebook Chat. - Protect buildrequires for mono-devel with with_mono macro. - Add pidgin-gstreamer1.patch: Port to GStreamer 1.0. Only enabled on openSUSE 13.1 and newer. - On openSUSE 13.1 and newer, use gstreamer-devel and gstreamer-plugins-base-devel BuildRequires. openSUSE 12.3 Update The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-msg_namelen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-return.patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix null pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-irq-remapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don't set hpd, afmt interrupts when interrupts are disabled. - patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount-fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - Disable patches related to bnc#840656 patches.suse/btrfs-cleanup-don-t-check-the-same-thing-twice patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-check-the-same-thi.patch - btrfs: use feature attribute names to print better error messages. - btrfs: add ability to change features via sysfs. - btrfs: add publishing of unknown features in sysfs. - btrfs: publish per-super features to sysfs. - btrfs: add per-super attributes to sysfs. - btrfs: export supported featured to sysfs. - kobject: introduce kobj_completion. - btrfs: add ioctls to query/change feature bits online. - btrfs: use btrfs_commit_transaction when setting fslabel. - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). - NFSv4: Fix issues in nfs4_discover_server_trunking (bnc#811746). - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513). openSUSE 12.3 Update Mozilla Firefox was updated to version 27. Mozilla Seamonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following security issues: * MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) * MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes * MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts * MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage * MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes * MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log * MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy * MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing * MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers * MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script * MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues * MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects Mozilla NSS was updated to 3.15.4: * required for Firefox 27 * regular CA root store update (1.96) * Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. * Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. * When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) * MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality * Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. * Implemented OCSP server functionality for testing purposes (httpserv utility). * Support SHA-1 signatures with TLS 1.2 client authentication. * Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. * Added the -w command-line option to pp: don't wrap long output lines. openSUSE 12.3 Update Chromium was updated to version 32.0.1700.102: Stable channel update: - Security Fixes: * CVE-2013-6649: Use-after-free in SVG images * CVE-2013-6650: Memory corruption in V8 * and 12 other fixes - Other: * Mouse Pointer disappears after exiting full-screen mode * Drag and drop files into Chromium may not work properly * Quicktime Plugin crashes in Chromium * Chromium becomes unresponsive * Trackpad users may not be able to scroll horizontally * Scrolling does not work in combo box * Chromium does not work with all CSS minifiers such as whitespace around a media query's `and` keyword - Update to Chromium 32.0.1700.77 Stable channel update: - Security fixes: * CVE-2013-6646: Use-after-free in web workers * CVE-2013-6641: Use-after-free related to forms * CVE-2013-6643: Unprompted sync with an attacker’s Google account * CVE-2013-6645: Use-after-free related to speech input elements * CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives - Other: * Tab indicators for sound, webcam and casting * Automatically blocking malware files * Lots of under the hood changes for stability and performance - Remove patch chromium-fix-chromedriver-build.diff as that chromedriver is fixed upstream - Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le. This is based on missing build requires (valgrind, v8, etc) openSUSE 12.3 Update This update fixes the following security issues with curl: - bnc#858673: re-use of wrong HTTP NTLM connection (CVE-2014-0015) - bnc#862144: fix test failure because of an expired cookie openSUSE 12.3 Update This update fixes the following security issue with libyaml: - bnc#860617: Fixed heap based buffer overflow due to integer misuse (CVE-2013-6393) openSUSE 12.3 Update This update fixes the following security issues with libvirt: - bnc#857492: Fix libvirtd crash when hot-plugging disks for qemu domains (CVE-2013-6458) - bnc#858817: Don't crash if a connection closes early (CVE-2014-1447) openSUSE 12.3 Update This update fixes two security issues with mumble: - bnc#862527: updated to version 1.2.5 to address two Denial of Service security issues (CVE-2014-0044, CVE-2014-0045). openSUSE 12.3 Update This update fixes the following security issue with icinga: - bnc#859424: Fixed vulnerability against CSRF attacks (CVE-2013-7107). openSUSE 12.3 Update icedtea-web was updated to version 1.4.2 (bnc#864364), fixing various bugs and a security issues: * Dialogs center on screen before becoming visible * Support for u45 new manifest attributes (Application-Name) * Custom applet permission policies panel in itweb-settings control panel * Plugin - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs - RH976833: Multiple applets on one page cause deadlock - Enabled javaconsole * Security Updates - CVE-2013-6493/RH1010958: insecure temporary file use flaw in LiveConnect implementation * Except above also: - Christmas splashscreen extension - fixed classloading deadlocks - cleaned code from warnings - pipes moved to XDG runtime dir * Patches changes: * rebased icedtea-web-1.1-moonlight-symbol-clash.patch * add icedtea-web-1.4.2-mkdir.patch * add icedtea-web-1.4.2-softkiller-link.patch * build with rhino support * use fdupes * run make run-netx-dist-tests in %check on openSUSE > 13.1 openSUSE 12.3 Update Apache Subversion was updated to 1.7.16 [bnc#862459] This release addresses one security issue: CVE-2014-0032: mod_dav_svn DoS vulnerability with SVNListParentPath. Affects servers with mod_dav_svn when configured on the root path of the server and SVNListParentPath is on. - Client-side bugfixes: * copy: fix some scenarios that broke the working copy * diff: fix regressions due to fixes in 1.7.14 - Server-side bugfixes: * mod_dav_svn: prevent crashes with SVNListParentPath on (CVE-2014-0032) * reduce memory usage during checkout and export Developer-visible changes: * fix failure in checkout_tests.py * support compiling against Cyrus sasl 2.1.25 * support compiling against neon 0.30.x - modified patches: * subversion-no-build-date.patch for context changes - 1.7.15 was not released - only require and build with junit when building with java and running regression tests openSUSE 12.3 Update The Python logilab-common module was updated to fix several temporary file problems, one in the PDF generator (CVE-2014-1838) and one in the shellutils helper (CVE-2014-1839). openSUSE 12.3 Update rubygem-actionpack-3_2 was updated to fix security issues: - fix CVE-2014-0081: XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (bnc#864433) - fix CVE-2014-0082: Denial of Service Vulnerability in Action View when using render :text (bnc#864431) openSUSE 12.3 Update Chromium was updated to 33.0.1750.117 Stable channel update: - Security Fixes: * CVE-2013-6653: Use-after-free related to web contents * CVE-2013-6654: Bad cast in SVG * CVE-2013-6655: Use-after-free in layout * CVE-2013-6656: Information leak in XSS auditor * CVE-2013-6657: Information leak in XSS auditor * CVE-2013-6658: Use-after-free in layout * CVE-2013-6659: Issue with certificates validation in TLS handshake * CVE-2013-6660: Information leak in drag and drop * CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. - Other: - Google Chrome Frame has been retired openSUSE 12.3 Update This update fixes the following issue with some rubygems: - bnc#864873: fix rubygem patches are not applied to the gem but only to the tree. Packages embedding rubygems via their .gem files were not receiving security updates. openSUSE 12.3 Update Xen was updated to fix various bugs and security issues: Update to Xen version 4.2.4 c/s 26280. - bnc#861256 - CVE-2014-1950: xen: XSA-88: use-after-free in xc_cpupool_getinfo() under memory pressure. (fix included with update) - bnc#863297: xend/pvscsi: recognize also SCSI CDROM devices - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory condition yielding memory corruption during IRQ setup - bnc#860163 - xen: XSA-84: integer overflow in several XSM/Flask hypercalls (CVE-2014-1891 CVE-2014-1892 CVE-2014-1893 CVE-2014-1894) - bnc#860165 - CVE-2014-1895: xen: XSA-85: Off-by-one error in FLASK_AVC_CACHESTAT hypercall - bnc#860300 - CVE-2014-1896: xen: XSA-86: libvchan failure handling malicious ring indexes - bnc#860302 - CVE-2014-1666: xen: XSA-87: PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests - bnc#858311 - Server is not booting in kernel XEN after latest updates - (XEN) setup 0000:00:18.0 for d0 failed (-19) - bnc#858496 - CVE-2014-1642: Xen: XSA-83: Out-of-memory condition yielding memory corruption during IRQ setup - bnc#853049 - CVE-2013-6885: xen: XSA-82: Guest triggerable AMD CPU erratum may cause host hang - bnc#853048 - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be inadvertently suppressed - bnc#831120 - CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades nPar with 46-bit memory addressing - bnc#833251 - [HP BCS SLES11 Bug]: In HPs UEFI x86_64 platform and with xen environment, in booting stage ,xen hypervisor will panic. - pygrub: Support (/dev/xvda) style disk specifications - bnc#849667 - CVE-2014-1895: xen: XSA-74: Lock order reversal between page_alloc_lock and mm_rwlock - bnc#849668 - CVE-2013-4554: xen: XSA-76: Hypercalls exposed to privilege rings 1 and 2 of HVM guests - bnc#842417 - In HPs UEFI x86_64 platform and sles11sp3 with xen environment, dom0 will soft lockup on multiple blades nPar. - bnc#848014 - [HP HPS] Xen hypervisor panics on 8-blades nPar with 46-bit memory addressing - bnc#846849 - Soft lockup with PCI passthrough and many VCPUs - bnc#833483 - Boot Failure with xen kernel in UEFI mode with error "No memory for trampoline" - bnc#849665 - CVE-2013-4551: xen: XSA-75: Host crash due to guest VMX instruction execution - The upstream version of checking for xend when using the 'xl' command is used is not working. - bnc#840997 - It is possible to start a VM twice on the same node. - bnc#848657 - xen: CVE-2013-4494: XSA-73: Lock order reversal between page allocation and grant table locks openSUSE 12.3 Update phpMyAdmin was updated to 4.1.8 to fix bugs, security issues and also bring new features. Fixed security issue: * PMASA-2014-1 ( CVE-2014-1879, CWE-661 CWE-79) - update to 4.1.8 (2014-02-22) * sf#4276 Login loop on session expiry * sf#4249 Incorrect number of result rows for SQL with subqueries * sf#4275 Broken Link to php extension manual * sf#4053 List of procedures is not displayed after executing with Enter * sf#4081 Setup page content shifted to the right edge of its tabs * sf#4284 Reordering a column erases comments for other columns * sf#4286 Open "Browse" in a new tab * sf#4287 Printview - Always one column too much * sf#4288 Expand database (+ icon) after timeout doesn't do anything * sf#4285 Fixed CSS for setup * Fixed altering table to DOUBLE/FLOAT field * sf#4292 Success message and failure message being shown together * sf#4293 opening new tab (using selflink) for import.php based actions results in error and logout openSUSE 12.3 Update FreeRadius received a security fix: A denial of service in rlm_pap hash processing was fixed (CVE-2014-2015 bnc#864576) openSUSE 12.3 Update The PostgreSQL database was updated to the security and bugfix release 9.2.7, which following fixes: * Shore up GRANT ... WITH ADMIN OPTION restrictions (CVE-2014-0060, bnc#864845) * Prevent privilege escalation via manual calls to PL validator functions (CVE-2014-0061, bnc#864846) * Avoid multiple name lookups during table and index DDL (CVE-2014-0062, bnc#864847) * Prevent buffer overrun with long datetime strings (CVE-2014-0063, bnc#864850) * Prevent buffer overrun due to integer overflow in size calculations (CVE-2014-0064, bnc#864851) * Prevent overruns of fixed-size buffers (CVE-2014-0065, bnc#864852) * Avoid crashing if crypt() returns NULL (CVE-2014-0066, bnc#864853) * Document risks of make check in the regression testing instructions (CVE-2014-0067) * For the other (many!) bug fixes, see the release notes: http://www.postgresql.org/docs/9.3/static/release-9-2-7.html openSUSE 12.3 Update The fail2ban tool was updated to version 0.8.12 to fix various security issues and also brings bugfixes and features. Security issues fixed: A remote unauthenticated attacker may cause arbitrary IP addresses to be blocked by Fail2ban causing legitimate users to be blocked from accessing services protected by Fail2ban. CVE-2013-7177 (cyrus-imap) and CVE-2013-7176 (postfix) - Use new flushlogs syntax after logrotate - Update to version 0.8.12 * Log rotation can now occur with the command "flushlogs" rather than reloading fail2ban or keeping the logtarget settings consistent in jail.conf/local and /etc/logrotate.d/fail2ban. (dep#697333, rh#891798). * Added ignorecommand option for allowing dynamic determination as to ignore and IP or not. * Remove indentation of name and loglevel while logging to SYSLOG to resolve syslog(-ng) parsing problems. (dep#730202). Log lines now also report "[PID]" after the name portion too. * Epoch dates can now be enclosed within [] * New actions: badips, firewallcmd-ipset, ufw, blocklist_de * New filters: solid-pop3d, nsd, openwebmail, horde, freeswitch, squid, ejabberd, openwebmail, groupoffice * Filter improvements: - apache-noscript now includes php cgi scripts - exim-spam filter to match spamassassin log entry for option SAdevnull. - Added to sshd filter expression for "Received disconnect from : 3: Auth fail" - Improved ACL-handling for Asterisk - Added improper command pipelining to postfix filter. * General fixes: - Added lots of jail.conf entries for missing filters that creaped in over the last year. - synchat changed to use push method which verifies whether all data was send. This ensures that all data is sent before closing the connection. - Fixed python 2.4 compatibility (as sub-second in date patterns weren't 2.4 compatible) - Complain/email actions fixed to only include relevant IPs to reporting * Filter fixes: - Added HTTP referrer bit of the apache access log to the apache filters. - Apache 2.4 perfork regexes fixed - Kernel syslog expression can have leading spaces - allow for ",milliseconds" in the custom date format of proftpd.log - recidive jail to block all protocols - smtps not a IANA standard so may be missing from /etc/services. Due to (still) common use 465 has been used as the explicit port number - Filter dovecot reordered session and TLS items in regex with wider scope for session characters * Ugly Fixes (Potentially incompatible changes): - Unfortunately at the end of last release when the action firewall-cmd-direct-new was added it was too long and had a broken action check. The action was renamed to firewallcmd-new to fit within jail name name length. (gh#fail2ban/fail2ban#395). - Last release added mysqld-syslog-iptables as a jail configuration. This jailname was too long and it has been renamed to mysqld-syslog. - Fixed formating of github references in changelog - reformatted spec-file - Update to version 0.8.11 - In light of CVE-2013-2178 that triggered our last release we have put a significant effort into tightening all of the regexs of our filters to avoid another similar vulnerability. We haven't examined all of these for a potential DoS scenario however it is possible that another DoS vulnerability exists that is fixed by this release. A large number of filters have been updated to include more failure regexs supporting previously unbanned failures and support newer application versions too. We have test cases for most of these now however if you have other examples that demonstrate that a filter is insufficient we welcome your feedback. During the tightening of the regexs to avoid DoS vulnerabilities there is the possibility that we have inadvertently, despite our best intentions, incorrectly allowed a failure to continue. Addresses a possible DoS. Closes gh#fail2ban/fail2ban#248, bnc#824710 within [Init]. Closes gh#fail2ban/fail2ban#232 * Updates to asterisk filter. Closes gh#fail2ban/fail2ban#227, gh#fail2ban/fail2ban#230. * Updates to asterisk to include AUTH_UNKNOWN_DOMAIN. Closes gh#fail2ban/fail2ban#244. on Fedora. Closes gh#fail2ban/fail2ban#112. Thanks to Camusensei for the bug report. insight. Closes gh#fail2ban/fail2ban#103. * [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes gh#fail2ban/fail2ban#184. Thanks to Jon Foster for report and troubleshooting. Orion Poplawski * [39667ff6] Avoid leaking file descriptors. Closes gh#fail2ban/fail2ban#167. Closes gh#fail2ban/fail2ban#147, gh#fail2ban/fail2ban#148. * [b6a68f51] Fix delaction on server side. Closes gh#fail2ban/fail2ban#124. the fail2ban-client. Closes gh#fail2ban/fail2ban#134. gh#fail2ban/fail2ban#70. Thanks to iGeorgeX for the idea. * [96eb8986] ' and " should also be escaped in action tags Closes gh#fail2ban/fail2ban#109 beilber for the idea. Closes gh#fail2ban/fail2ban#114. fail2ban is running. Closes gh#fail2ban/fail2ban#166. * [29d0df5] Add mysqld filter. Closes gh#fail2ban/fail2ban#152. * [bba3fd8] Add Sogo filter. Closes gh#fail2ban/fail2ban#117. * [be06b1b] Add action for iptables-ipsets. Closes gh#fail2ban/fail2ban#102. * [f336d9f] Add filter for webmin. Closes gh#fail2ban/fail2ban#99. consistently. Closes gh#fail2ban/fail2ban#172. * [b36835f] Add get cinfo to fail2ban-client. Closes gh#fail2ban/fail2ban#124. Closes gh#fail2ban/fail2ban#142. Closes gh#fail2ban/fail2ban#126. Bug report by Michael Heuberger. * [3aeb1a9] Add jail.conf manual page. Closes gh#fail2ban/fail2ban#143. banning due to misconfigured DNS. Close gh#fail2ban/fail2ban#64 * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh#fail2ban/fail2ban#83 in the console. Close gh#fail2ban/fail2ban#91 the log file to take 'banip' or 'unbanip' in effect. Close gh#fail2ban/fail2ban#81, gh#fail2ban/fail2ban#86 * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh#fail2ban/fail2ban#79 for this gh#fail2ban/fail2ban#87) message stays non-unicode. Close gh#fail2ban/fail2ban#32 friend to developers stuck with Windows (Closes gh#fail2ban/fail2ban#66) repeated offenders. Close gh#fail2ban/fail2ban#19 Close gh#fail2ban/fail2ban#47 (Closes: #669063) openSUSE 12.3 Update The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. openSUSE 12.3 Update file was updated to fix two security issues. - A possible endless recursion. (CVE-2014-1943) - A crash in PE file handling (CVE-2014-2270) openSUSE 12.3 Update roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues: * CVE-2013-6172: vulnerability in handling _session argument of utils/save-prefs New upstream release 0.9.5 (bnc#847179) (CVE-2013-6172) * Fix failing vCard import when email address field contains spaces * Fix default spell-check configuration after Google suspended their spell service * Fix vulnerability in handling _session argument of utils/save-prefs * Fix iframe onload for upload errors handling * Fix address matching in Return-Path header on identity selection * Fix text wrapping issue with long unwrappable lines * Fixed mispelling: occured -> occurred * Fixed issues where HTML comments inside style tag would hang Internet Explorer * Fix setting domain in virtualmin password driver * Hide Delivery Status Notification option when smtp_server is unset * Display full attachment name using title attribute when name is too long to display * Fix attachment icon issue when rare font/language is used * Fix expanded thread root message styling after refreshing messages list * Fix issue where From address was removed from Cc and Bcc fields when editing a draft * Fix error_reporting directive check * Fix de_DE localization of "About" label in Help plugin openSUSE 12.3 Update libssh was updated to fix a random generator reseeding issue when forking multiple servers. Forking multiple servers might under some circumstances get them the same random seed state. openSUSE 12.3 Update The OTRS ticket system was updated to 3.1.20 / 3.2.15: On openSUSE 12.3 it was updated to 3.1.20: (fix for OSA-2014-03, CVE-2014-1695) * Improved HTML filter. - 3.1.19 2014-01-28 * Fixed bug#10158 - Missing quoting in State::StateGetStatesByType(). * Fixed bug#10099 - Missing challenge token checks on customer interface. * Fixed bug#8489 - setting Tickets per page resets AgentTicketQueue. * Fixed bug#9661 - Useless code in DynamicField backend. * Fixed bug#9622 - Actions in Small ticket overview don't work when cookies are turned off. * Fixed bug#9541 - Package manager cannot use https proxy. * Fixed bug#9594 - No auto-reply sent with multiple From addresses in AgentTicketPhone on PostgreSQL and Oracle. * Fixed bug#3434 - Validity of search time frame not checked by OTRS. * Fixed bug#9596 - On merge and bounce screens is confusing when fill or not 'To', 'Subject' and 'Body' fields. * Fixed bug#9595 - Incomplete page reload handling in merge and bounce. * Fixed bug#3007 - CheckMXRecord and CheckEmailAddresses have no effect on AgentTicketBounce. * Fixed bug#9512 - Database error for invalid date in AgentTicketSearch. * Fixed bug#8835 - No article found for TicketID <TICKET ID> when showing group tickets * Fixed bug#9583 - Dynamic Fields of type Date have timestamp in notifications. * Fixed bug#9579 - SOAP Serializer used in Kernel/GenericInterface/Transport/ HTTP/SOAP.pm does not correctly set namespace. * Fixed bug#7359 - Setting pending states via generic agent does not set pending time. * Fixed bug#8380 - Middle name not displayed in AdminCustomerUser. * Fixed bug#9576 - GI TicketSearch Date and Date/Time dynamic fields are ignored. * Changed Dynamic Field SearchFieldParameterBuild() API, LayoutObject is now optional. * Fixed bug#9573 - Date and DateTime dynamic fields not considered in GenericAgent Jobs. On openSUSE 13.1 it was updated to 3.2.15: (fix for OSA-2014-03, CVE-2014-1695) * Improved HTML filter. * Fixed bug#10207 - DynamicField Search-Function in CustomerFrontend is not working. * Followup for bug#9011 - New value after value mapping can't be 0. * Fixed bug#10214 - Value "0" for DynamicsFields prevents TicketCreation. * Fixed bug#9616 - Too long activities and transitions are not displayed correctly. * Fixed bug#10212 - My tickets & Company tickets in 3.3.4. * Fixed bug#10205 - GenericInterface: Mandatory TimeUnits can't be 0. * Fixed bug#10196 - Ticket merge action does not notify the owner of the existing ticket. * Fixed bug#9692 - On PhoneOutbound articles, the FROM field shows Customer ID instead Agent ID. * Fixed bug#10189 - ProcessManagement: Use article subject if no ticket title is set. * Fixed bug#9654 - TicketUpdate operation doesn't work when authenticated as a customer. * Fixed bug#10137 - Generic interface TicketCreate operation doesn't work when authenticated as a customer. - 3.2.14 * Fixed bug#10172 - Can't create process tickets with disabled richtext. * Fixed bug#10121 - QQMails break in OTRS. * Fixed bug#10158 - Missing quoting in State::StateGetStatesByType(). * Fixed bug#8969 - FAQ module Language files installation fails (Kernel/Language permissions). * Fixed bug#9959 - & breaks ExpandCustomerName. * Fixed bug#10099 - Missing challenge token checks on customer interface. * Fixed bug#10103 - ArticleTypeID is always undef in AgentTicketCompose. * Added functionality to disable access to tickets of other customers with the same customer company in customer interface. * Fixed bug#9650 - Special character in customer id breaks Open Tickets in AgentTicketZoom. * Fixed bug#9723 - TicketAccountedTime stat does not run on Oracle with many tickets * Fixed bug#10077 - regular expressions in postmaster filter return 1 if no regex match. * Fixed bug#10070 - Wrong error message if Transition contains no transition actions. openSUSE 12.3 Update percona-toolkit was updated to 2.1.11 [bnc#864194] CVE-2014-2029 This improves sanitisation of input and output for commands run when performing a version check. This option is not the default. openSUSE 12.3 Update ImageMagick was updated to fix a buffer overflow in handling of PSD images. openSUSE 12.3 Update Wireshark was updated to version 1.8.13 on openSUSE 12.3 and 1.10.6 on openSUSE 13.1 to fix security issues and bugs. Wireshark update to 1.8.13 [bnc#867485] + vulnerabilities fixed: * The NFS dissector could crash wnpa-sec-2014-01 CVE-2014-2281 * The RLC dissector could crash wnpa-sec-2014-03 CVE-2014-2283 * The MPEG file parser could overflow a buffer wnpa-sec-2014-04 CVE-2014-2299 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.html Wireshark update to 1.10.6 [bnc#867485] + vulnerabilities fixed: * The NFS dissector could crash wnpa-sec-2014-01 CVE-2014-2281 * The M3UA dissector could crash wnpa-sec-2014-02 CVE-2014-2282 * The RLC dissector could crash wnpa-sec-2014-03 CVE-2014-2283 * The MPEG file parser could overflow a buffer wnpa-sec-2014-04 CVE-2014-2299 + Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.6.html openSUSE 12.3 Update libyaml was updated to fix a regression introduced by the previous security patch for CVE-2013-6393. openSUSE 12.3 Update udisks was updated to fix a buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. (bnc#865854, CVE-2014-0004) openSUSE 12.3 Update udisks2 was updated to fix a buffer overflow in mount path parsing. If users have the possibility to create very long mount points, such as with FUSE, they could cause udisksd to crash, or even to run arbitrary code as root with specially crafted mount paths. (bnc#865854, CVE-2014-0004) openSUSE 12.3 Update net-snmp was updated to fix potential remote denial of service problems: - fixed a potential remote denial of service problem within the Linux ICMP-MIB implementation (CVE-2014-2284)(bnc#866942) - fixed a potential remote denial of service problem inside the snmptrapd Perl trap handler (CVE-2014-2285)(bnc#866942) openSUSE 12.3 Update libjansson was updated to fix a hash table collission CPU usage denial of service issue, when an attacker can supply his own JSON file. openSUSE 12.3 Update Samba was updated to fix security issues and bugs: Security issues fixed: - Password lockout was not enforced for SAMR password changes, this allowed brute force attacks on passwords. CVE-2013-4496; (bnc#849224). - The DCE-RPC fragment length field is incorrectly checked, which could expose samba clients to buffer overflow exploits caused by malicious servers; CVE-2013-4408; (bnc#844720). - The pam_winbind login without require_membership_of restrictions could allow fallbacks to local users even if they were not intended to be allowed; CVE-2012-6150; (bnc#853347). Also non security bugs were fixed: - Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561). - Depend on %version-%release with all manual Provides and Requires; (bnc#844307). - Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293). - Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677). - Samba is chatty about being unable to open a printer; (bso#10118). - nsswitch: Fix short writes in winbind_write_sock; (bso#10195). - xattr: fix listing EAs on *BSD for non-root users; (bso#10247). - spoolss: accept XPS_PASS datatype used by Windows 8; (bso#10267). - The preceding bugs are tracked by (bnc#854520) too. - Make use of the full gpg pub key file name including the key ID. - Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021). - Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474). - Attempt to use samlogon validation level 6; (bso#7945); (bnc#741623). - Recover from ncacn_ip_tcp ACCESS_DENIED/SEC_PKG_ERROR lsa errors; (bso#7944); (bnc#755663). - Fix lsa_LookupSids3 and lsa_LookupNames4 arguments. - Use simplified smb signing infrastructure; (bnc#741623). openSUSE 12.3 Update The monitoring system icinga received security fixes in the cgi helpers where buffers could be overflowed by 1 byte. Note that this will be caught by the FORTIFY_SOURCE static overflow detection. openSUSE 12.3 Update perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. openSUSE 12.3 Update The mailreader mutt was updated to fix a crash in header view that could be triggered by malformed e-mails and potentially be used to execute code. openSUSE 12.3 Update The file magic scanning tool/library was updated to fix a off-by-one error in the last security fixes. openSUSE 12.3 Update lighttpd was updated to version 1.4.35, fixing bugs and security issues: CVE-2014-2323: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd allowed remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. CVE-2014-2323: Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd allowed remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname. More information can be found on the lighttpd advisory page: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt Other changes: * [network/ssl] fix build error if TLSEXT is disabled * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) * [mod_rrdtool] fix invalid read (string not null terminated) * [mod_dirlisting] fix memory leak if pcre fails * [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends * [mod_magnet] fix memory leak * add comments for switch fall throughs * remove logical dead code * [buffer] fix length check in buffer_is_equal_right_len * fix resource leaks in error cases on config parsing and other initializations * add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) * [mod_cml_lua] fix null pointer dereference * force assertion: setting FD_CLOEXEC must work (if available) * [network] check return value of lseek() * fix unchecked return values from stream_open/stat_cache_get_entry * [mod_webdav] fix logic error in handling file creation error * check length of unix domain socket filenames * fix SQL injection / host name validation (thx Jann Horn) for all the changes see /usr/share/doc/packages/lighttpd/NEWS openSUSE 12.3 Update Mozilla Firefox was updated to version 28.0, receiving enhancements, bug and security fixes. Mozilla NSPR was updated to 4.10.4 receiving enhancements, bug and security fixes. Mozilla NSS was updated to 3.15.5 receiving enhancements, bug and security fixes. Changes in MozillaFirefox: - update to Firefox 28.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 - new build dependency (and recommends): * libpulse * JS math correctness issue (bmo#941381) Changes in mozilla-nspr: - update to version 4.10.4 * bmo#767759: Add support for new x32 abi * bmo#844784: Thread data race in PR_EnterMonitor * bmo#939786: data race nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root * bmo#958796: Users of _beginthreadex that set a custom stack size may not be getting the behavior they want * bmo#963033: AArch64 support update for NSPR * bmo#969061: Incorrect end-of-list test when iterating over a PRCList in prcountr.c and prtrace.c * bmo#971152: IPv6 detection on linux depends on availability of /proc/net/if_inet6 - update to version 4.10.3 * bmo#749849: ensure we'll free the thread-specific data key. * bmo#941461: don't compile android with unaligned memory access. * bmo#932398: Add PR_SyncMemMap, a portable version of msync/FlushViewOfFile. * bmo#952621: Fix a thread-unsafe access to lock->owner in PR_Lock. * bmo#957458: Fix several bugs in the lock rank checking code. * bmo#936320: Use an alternative test for IPv6 support on Linux to avoid opening a socket. Changes in mozilla-nss: - update to 3.15.5 * required for Firefox 28 * export FREEBL_LOWHASH to get the correct default headers (bnc#865539) New functionality * Added support for the TLS application layer protocol negotiation (ALPN) extension. Two SSL socket options, SSL_ENABLE_NPN and SSL_ENABLE_ALPN, can be used to control whether NPN or ALPN (or both) should be used for application layer protocol negotiation. * Added the TLS padding extension. The extension type value is 35655, which may change when an official extension type value is assigned by IANA. NSS automatically adds the padding extension to ClientHello when necessary. * Added a new macro CERT_LIST_TAIL, defined in certt.h, for getting the tail of a CERTCertList. Notable Changes * bmo#950129: Improve the OCSP fetching policy when verifying OCSP responses * bmo#949060: Validate the iov input argument (an array of PRIOVec structures) of ssl_WriteV (called via PR_Writev). Applications should still take care when converting struct iov to PRIOVec because the iov_len members of the two structures have different types (size_t vs. int). size_t is unsigned and may be larger than int. openSUSE 12.3 Update openssl was updated to fix a timing attack, where it was theoretically possible to recover ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack openSUSE 12.3 Update file was updated to fix extensive backtracking in awk rule regular expression which could lead to a CPU consumption denial of service. openSUSE 12.3 Update Chromium was updated to the 33.0.1750.152 stable channel uodate: - Security fixes: * CVE-2014-1713: Use-after-free in Blink bindings * CVE-2014-1714: Windows clipboard vulnerability * CVE-2014-1705: Memory corruption in V8 * CVE-2014-1715: Directory traversal issue Previous stable channel update 33.0.1750.149: - Security fixes: * CVE-2014-1700: Use-after-free in speech * CVE-2014-1701: UXSS in events * CVE-2014-1702: Use-after-free in web database * CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 openSUSE 12.3 Update Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering openSUSE 12.3 Update libyaml was updated to fix a heap overflow during parsing. openSUSE 12.3 Update Nagios was updated to fix a stack-based buffer overflow in the cmd_submitf function in the CGI handler. (CVE-2014-1878) openSUSE 12.3 Update a2ps was updated to fix a security issue: fixps called ghostscript without -dSAFER, enabling postscript files processed by fixps to execute code on the system. (CVE-2014-0466) openSUSE 12.3 Update xinetd was updated to receive security fixes and a bug fix. Security issues fixed: * CVE-2013-4342 (bnc#844230) - xinetd ignored user and group directives for tcpmux services * CVE-2012-0862 (bnc#762294) - xinetd enabled all services when tcp multiplexing is used Also added support for setting maximum number of open files (bnc#855685). openSUSE 12.3 Update This jakarta-commons-fileupload update fixes the follwoing security and non security issues: - bnc#862781: Fixed buffer overflow and resulting DoS (CVE-2014-0050). - Removed gcj part and deprecated macros. - Moved from jpackage-utils to javapackage-tools. openSUSE 12.3 Update This rubygem-rack-ssl updated fixes the following security issue: - bnc#869162: Fixed XSS in error page (CVE-2014-2538). openSUSE 12.3 Update This python updated fixes the following security issue: - bnc#863741: Fixed potential buffer overflow in socket.recvfrom_into (CVE-2014-1912). openSUSE 12.3 Update This otrs update fixes the following security and non security issues: - bnc#871758: Fixed OSA-2014-04 (CVE-2014-2553) and OSA-2014-05 (CVE-2014-2554). openSUSE 12.3 Update This openssl update fixes one security issue: - bnc#872299: Fixed missing bounds checks for heartbeat messages (CVE-2014-0160). openSUSE 12.3 Update This couchdb update fixes one security issue: - bnc#871111: Fixed remote denial of service via /_uuids that allowed remote attackers to cause CPU and memory consumption. openSUSE 12.3 Update The SSLBump feature acts as TLS/SSL termination for clients. If this feature is enabled, squid can crash with range requests, leading to a potential Denial of Service condition. openSUSE 12.3 Update This curl update fixes two security issues: - bnc#868627: Fixed wrong re-use of connections (CVE-2014-0138). - bnc#868629: Fixed IP address wildcard certificate validation (CVE-2014-0139). openSUSE 12.3 Update This json-c update fixes the following two security issue: - bnc#870147: Fixed buffer overflow if size_t is larger than int (CVE-2013-6370). - bnc#870147: Fixed possible hash collision DoS (CVE-2013-6371). openSUSE 12.3 Update This python update fixes the following security and non-security issues: - bnc#869222: Fixed DoS when opening malicious archives (CVE-2013-7338). - bnc#863741: Fixed buffer overflow in socket.recvfrom_into (CVE-2014-1912). - bnc#871152: Fixed race condition with umask when creating directories with os.mkdirs (CVE-2014-2667). - bnc#637176: Fixed update multilib patch to handle home install scheme. openSUSE 12.3 Update This is an openssl version update to 1.0.1g. - The main reason for this upgrade was to be clear about the TLS heartbeat problem know as "Heartbleed" (CVE-2014-0160). That problem was already fixed in our previous openssl update. openSUSE 12.3 Update This chromium version update fixes the following security and non-security issues: - Add patch chromium-fix-arm-skia-memset.patch to resolve a linking issue on ARM with regards to missing symbols. - Add patch arm_use_gold.patch to use the right gold binaries on ARM. Hopefully this resolves the build issues with running out of memory - bnc#872805: Update to Chromium 34.0.1847.116 * Responsive Images and Unprefixed Web Audio * Import supervised users onto new computers * A number of new apps/extension APIs * Lots of under the hood changes for stability and performance - Security fixes: * CVE-2014-1716: UXSS in V8 * CVE-2014-1717: OOB access in V8 * CVE-2014-1718: Integer overflow in compositor * CVE-2014-1719: Use-after-free in web workers * CVE-2014-1720: Use-after-free in DOM * CVE-2014-1721: Memory corruption in V8 * CVE-2014-1722: Use-after-free in rendering * CVE-2014-1723: Url confusion with RTL characters * CVE-2014-1724: Use-after-free in speech * CVE-2014-1725: OOB read with window property * CVE-2014-1726: Local cross-origin bypass * CVE-2014-1727: Use-after-free in forms * CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives * CVE-2014-1729: Multiple vulnerabilities in V8 - No longer build against system libraries as that Chromium works a lot better and crashes less on websites than with system libs - Added package depot_tools.tar.gz as that the chromium build now requires it during the initial build phase. It just contains some utilities and nothing from it is being installed. - If people want to install newer versions of the ffmpeg library then let them. This is what they want. - Remove the buildscript from the sources openSUSE 12.3 Update cacti was patched to fix several security issues: * CVE-2013-5588: XSS injection vulnerability * CVE-2013-5589: SQL injection vulnerability * CVE-2014-2326: XSS injection vulnerability * CVE-2014-2328: Remote Command Execution Vulnerability * CVE-2014-2708: SQL Injection Vulnerability * CVE-2014-2709: Remote Command Execution Vulnerability cacti-spine was updated to 0.8.8b to fix the following issue: * bug: set appropriate mysql 5.5+ timeouts openSUSE 12.3 Update A use-after-free race condition in OpenSSL's read buffer was fixed that could cause connections to drop (CVE-2010-5298). openSUSE 12.3 Update A temporary file race condition has been fixed in python-imaging when converting images (CVE-2014-1932, CVE-2014-1933). openSUSE 12.3 Update This libmss update fixes the following security issue. - bnc#874723: Fixed a possible heap memory overrun (CVE-2014-2892). openSUSE 12.3 Update This nrpe update fixes the following security documentation problem. - bnc#874743: Documented a possible command injection when command arguments are enabled (CVE-2014-2913). More details can be found inside the documentation of this package. openSUSE 12.3 Update This libpng update fixes the following security issue: - bnc#873124: Fixed integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). - bnc#873123: integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354) openSUSE 12.3 Update This libpng12 update fixes the following two security issues. - bnc#873123: Fixed integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() (CVE-2013-7354). - bnc#873124: Fixed integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() (CVE-2013-7353). openSUSE 12.3 Update This is a MozillaFirefox update to version 29.0: * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - removed obsolete patches * firefox-browser-css.patch * mozilla-aarch64-599882cfb998.diff * mozilla-aarch64-bmo-963028.patch * mozilla-aarch64-bmo-963029.patch * mozilla-aarch64-bmo-963030.patch * mozilla-aarch64-bmo-963031.patch - requires NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks - add mozilla-aarch64-599882cfb998.patch, mozilla-aarch64-bmo-810631.patch, mozilla-aarch64-bmo-962488.patch, mozilla-aarch64-bmo-963030.patch, mozilla-aarch64-bmo-963027.patch, mozilla-aarch64-bmo-963028.patch, mozilla-aarch64-bmo-963029.patch, mozilla-aarch64-bmo-963023.patch, mozilla-aarch64-bmo-963024.patch, mozilla-aarch64-bmo-963031.patch: AArch64 porting - Add patch for bmo#973977 * mozilla-ppc64-xpcom.patch - Refresh mozilla-ppc64le-xpcom.patch patch - Adapt mozilla-ppc64le-xpcom.patch to Mozilla > 24.0 build system This is also a mozilla-nss update to version 3.16: * required for Firefox 29 * bmo#903885 - (CVE-2014-1492) In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. * Supports the Linux x32 ABI. To build for the Linux x32 target, set the environment variable USE_X32=1 when building NSS. New Functions: * NSS_CMSSignerInfo_Verify New Macros * TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that were first defined in SSL 3.0 can now be referred to with their official IANA names in TLS, with the TLS_ prefix. Previously, they had to be referred to with their names in SSL 3.0, with the SSL_ prefix. Notable Changes: * ECC is enabled by default. It is no longer necessary to set the environment variable NSS_ENABLE_ECC=1 when building NSS. To disable ECC, set the environment variable NSS_DISABLE_ECC=1 when building NSS. * libpkix should not include the common name of CA as DNS names when evaluating name constraints. * AESKeyWrap_Decrypt should not return SECSuccess for invalid keys. * Fix a memory corruption in sec_pkcs12_new_asafe. * If the NSS_SDB_USE_CACHE environment variable is set, skip the runtime test sdb_measureAccess. * The built-in roots module has been updated to version 1.97, which adds, removes, and distrusts several certificates. * The atob utility has been improved to automatically ignore lines of text that aren't in base64 format. * The certutil utility has been improved to support creation of version 1 and version 2 certificates, in addition to the existing version 3 support. openSUSE 12.3 Update This is a MozillaThunderbird update to version 24.5.0: * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver - use shipped-locales as the authoritative source for supported locales (some unsupported locales disappear from -other package) openSUSE 12.3 Update This is a SeaMonkey update to version 2.26: * MFSA 2014-34/CVE-2014-1518/CVE-2014-1519 Miscellaneous memory safety hazards * MFSA 2014-36/CVE-2014-1522 (bmo#995289) Web Audio memory corruption issues * MFSA 2014-37/CVE-2014-1523 (bmo#969226) Out of bounds read while decoding JPG images * MFSA 2014-38/CVE-2014-1524 (bmo#989183) Buffer overflow when using non-XBL object as XBL * MFSA 2014-39/CVE-2014-1525 (bmo#989210) Use-after-free in the Text Track Manager for HTML video * MFSA 2014-41/CVE-2014-1528 (bmo#963962) Out-of-bounds write in Cairo * MFSA 2014-42/CVE-2014-1529 (bmo#987003) Privilege escalation through Web Notification API * MFSA 2014-43/CVE-2014-1530 (bmo#895557) Cross-site scripting (XSS) using history navigations * MFSA 2014-44/CVE-2014-1531 (bmo#987140) Use-after-free in imgLoader while resizing images * MFSA 2014-45/CVE-2014-1492 (bmo#903885) Incorrect IDNA domain name matching for wildcard certificates (fixed by NSS 3.16) * MFSA 2014-46/CVE-2014-1532 (bmo#966006) Use-after-free in nsHostResolver * MFSA 2014-47/CVE-2014-1526 (bmo#988106) Debugger can bypass XrayWrappers with JavaScript - rebased patches - added aarch64 porting patches * mozilla-aarch64-bmo-810631.patch * mozilla-aarch64-bmo-962488.patch * mozilla-aarch64-bmo-963023.patch * mozilla-aarch64-bmo-963024.patch * mozilla-aarch64-bmo-963027.patch - requires NSPR 4.10.3 and NSS 3.16 - added mozilla-icu-strncat.patch to fix post build checks openSUSE 12.3 Update This python-eyeD3 update fixes the following security issue: - bnc#863744: Fixed insecure use of temporary files (CVE-2014-1934). openSUSE 12.3 Update - Fix overflow in adb CVE-2014-1909 [bnc#863074] * fix-overflow-in-adb_client.patch openSUSE 12.3 Update - Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer dereference in do_ssl3_write Add file: CVE-2014-0198.patch openSUSE 12.3 Update - Update to Chromium 34.0.1847.132 * Security update: - CVE-2014-1730: Type confusion in V8 - CVE-2014-1731: Type confusion in DOM - CVE-2014-1732: Use-after-free in Speech Recognition - CVE-2014-1733: Compiler bug in Seccomp-BPF - CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33 - Update to Chromium 34.0.1847.131 * Bugfixes openSUSE 12.3 Update - fix for CVE-2014-0191 (bnc#876652) * libxml2: external parameter entity loaded when entity substitution is disabled * added libxml2-CVE-2014-0191.patch openSUSE 12.3 Update libvirt was patched to prevent expansion of entities when parsing XML files. This vulnerability allowed malicious users to read arbitrary files or cause a denial of service (CVE-2014-0179). openSUSE 12.3 Update The Linux Kernel was updated to fix various security issues and bugs. Main security issues fixed: A security issue in the tty layer that was fixed that could be used by local attackers for code execution (CVE-2014-0196). Two security issues in the floppy driver were fixed that could be used by local attackers on machines with the floppy to crash the kernel or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738). Other security issues and bugs that were fixed: - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper (bnc#860835 CVE-2014-1690). - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH (bnc#866102, CVE-2014-0101). - n_tty: Fix a n_tty_write crash and code execution when echoing in raw mode (bnc#871252 bnc#875690 CVE-2014-0196). - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717). - Update config files: re-enable twofish crypto support Software twofish crypto support was disabled in several architectures since openSUSE 10.3. For i386 and x86_64 it was on purpose, because hardware-accelerated alternatives exist. However for all other architectures it was by accident. Re-enable software twofish crypto support in arm, ia64 and ppc configuration files, to guarantee that at least one implementation is always available (bnc#871325). - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts driver only makes sense on the W90x900 architecture, which we do not support. - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672). - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug (bnc#869898). - SELinux: Fix kernel BUG on empty security contexts (bnc#863335,CVE-2014-1874). - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446). - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445). - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444). - ARM: 7809/1: perf: fix event validation for software group leaders (CVE-2013-4254, bnc#837111). - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages (bnc#868653, CVE-2014-2523). - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426, CVE-2013-4579). - drm/ttm: don't oops if no invalidate_caches() (bnc#869414). - Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch - xfs: growfs: use uncached buffers for new headers (bnc#858233). - xfs: use btree block initialisation functions in growfs (bnc#858233). - Revert "Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end." (bnc#858233) Put back again the patch patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end back as there is a better fix than reverting the affecting patch. - Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end. It turned out that this patch causes regressions (bnc#858233) The upstream 3.7.x also reverted it in the end (commit c3793e0d94af2). - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968). - tcp: syncookies: reduce mss table to four values (bnc#833968). - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967 CVE-2013-6885). - cifs: ensure that uncached writes handle unmapped areas correctly (bnc#864025 CVE-2014-0691). - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638 CVE-2014-1438). - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - balloon: don't crash in HVM-with-PoD guests. - hwmon: (coretemp) Fix truncated name of alarm attributes. - NFS: Avoid PUTROOTFH when managing leases (bnc#811746). - cifs: delay super block destruction until all cifsFileInfo objects are gone (bnc#862145). openSUSE 12.3 Update strongswan was fixed to correct two issues: - Fix for DoS vulnerability by a NULL-pointer dereference (CVE-2014-2891). - Fix for a authentication bypass vulnerability in the IKEv2 code (CVE-2014-2338). openSUSE 12.3 Update perl-LWP-Protocol-https was updated to prevent a possible MITM if the environment variables HTTPS_CA_DIR or HTTPS_CA_FILE were set (CVE-2014-3230). openSUSE 12.3 Update mumble was updated to fix two security issues. - The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context (CVE-2014-3756). - SVG images with local file references could trigger client DoS (CVE-2014-3755). openSUSE 12.3 Update libxfont was updated to fix multiple vulnerabilities: - Integer overflow of allocations in font metadata file parsing (CVE-2014-0209). - Unvalidated length fields when parsing xfs protocol replies (CVE-2014-0210). - Integer overflows calculating memory needs for xfs replies (CVE-2014-0211). These vulnerabilities could be used by a local, authenticated user to raise privileges or by a remote attacker with control of the font server to execute code with the privileges of the X server. openSUSE 12.3 Update Update PostfixAdmin to 2.3.7: - fix a SQL injection in list-virtual.php (CVE-2014-2655, bnc#870434) - add support for new longer TLDs like .international - fix various small bugs - translation updates for lt and da - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22 (you can re-enable it with $smtp_tls_allowed) openSUSE 12.3 Update - fix CVE-2014-0130: rubygem-actionpack: directory traversal issue (bnc#876714) CVE-2014-0130.patch: contains the fix openSUSE 12.3 Update - tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x: - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based limit to time-based limit - many bug fixes and minor features - changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL "heartbleed" bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM. - Major features (security) - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). - Major bugfixes (security, OOM): - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - Major bugfixes (TLS cipher selection): - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. - includes changes from 0.2.4.21: Further improves security against potential adversaries who find breaking 1024-bit crypto doable, and backports several stability and robustness patches from the 0.2.5 branch. - Major features (client security): - When we choose a path for a 3-hop circuit, make sure it contains at least one relay that supports the NTor circuit extension handshake. Otherwise, there is a chance that we're building a circuit that's worth attacking by an adversary who finds breaking 1024-bit crypto doable, and that chance changes the game theory. - Major bugfixes: - Do not treat streams that fail with reason END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, since it could also indicate an ENETUNREACH connection error - includes changes from 0.2.4.20: - Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set. - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 address. - Avoid launching spurious extra circuits when a stream is pending. - packaging changes: - remove init script shadowing systemd unit - general cleanup - Add tor-fw-helper for UPnP port forwarding; not used by default - fix logrotate on systemd-only setups without init scripts, work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch - verify source tarball signature openSUSE 12.3 Update Besides other enhancements, this version update contains: - fix for CVE-2014-3215 (bnc#876832) * use PR_SET_NO_NEW_PRIVS to prevent gain of new privileges * added libcap-ng-CVE-2014-3215.patch openSUSE 12.3 Update - Update to version 1.11.4, bugfix release: + Fix buffer overflow with remote code execution potential. Only triggerable by a Gadu-Gadu server or a man-in-the-middle. CVE-2013-6487 (bnc#861019, bnc#878540) + Fix memory overwrite in file transfer with proxy server. CVE-2014-3775 (bnc#878540) + Minor fixes reported by Pidgin project members. openSUSE 12.3 Update python-lxml was fixed to ensure proper input sanitization in clean_html (CVE-2014-3146). openSUSE 12.3 Update Updated fix for openSUSE-SU-2014:0645-1 because of a regression that caused xmllint to break. openSUSE 12.3 Update chromium was updated to version 35.0.1916.114 to fix various security issues. Security fixes: * CVE-2014-1743: Use-after-free in styles * CVE-2014-1744: Integer overflow in audio * CVE-2014-1745: Use-after-free in SVG * CVE-2014-1746: Out-of-bounds read in media filters * CVE-2014-1747: UXSS with local MHTML file * CVE-2014-1748: UI spoofing with scrollbar * CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives * CVE-2014-3152: Integer underflow in V8 fixed * CVE-2014-1740: Use-after-free in WebSockets * CVE-2014-1741: Integer overflow in DOM range * CVE-2014-1742: Use-after-free in editing and 17 more for which no detailed information is given. openSUSE 12.3 Update apache2-mod_wsgi was updated to fix two security issues. These security issues were fixed: - Information exposure (CVE-2014-0242) - Local privilege escalation (CVE-2014-0240) openSUSE 12.3 Update Removed fix for CVE-2014-0191. This fix breaks existing applications and there's currently no way to prevent that. openSUSE 12.3 Update gnutls was patched to fix two security vulnerabilities that could be used to disrupt service or potentially allow remote code execution. - Memory corruption during connect (CVE-2014-3466) - NULL pointer dereference in gnutls_x509_dn_oid_name (CVE-2014-3465) openSUSE 12.3 Update php5 was updated to fix several security issues. These issues were fixed: * Performance degradation by too many file_printf calls (CVE-2014-0237) * DoS in Fileinfo component (CVE-2014-0238) * NULL pointer dereference in GD XPM decoder (CVE-2014-2497) * Privilege escalation due to insecure default config (CVE-2014-0185) openSUSE 12.3 Update The openssl library was updated to version 1.0.1h fixing various security issues and bugs: Security issues fixed: - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. openSUSE 12.3 Update sendmail was updated to properly close file descriptors before executing programs. These security issues were fixed: - Not properly closing file descriptors before executing programs (CVE-2014-3956). openSUSE 12.3 Update typo3-cms-4_5 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed: * Add trusted HTTP_HOST configuration (CVE-2014-3941) * XSS in (old) extension manager information function (CVE-2014-3943) * XSS in new content element wizard (CVE-2014-3943) * XSS in template tools on root page (CVE-2014-3943) * XSS in Backend Layout Wizard (CVE-2014-3943) * Encode URL for use in JavaScript (CVE-2014-3943) * Fix insecure unserialize in colorpicker (CVE-2014-3942) * Remove charts.swf to get rid of XSS vulnerability (CVE-2014-3943) openSUSE 12.3 Update rxvt-unicode was patched to ensure that window property values can not be queried in secure mode (CVE-2014-3121). openSUSE 12.3 Update miniupnpc was updated to 1.9 to fix a potential buffer overrun in miniwget.c (CVE-2014-3985). Besides that the following issues were fixed: * added argument remoteHost to UPNP_GetSpecificPortMappingEntry() * increment API_VERSION to 10 * --help and -h arguments in upnpc.c * define MAXHOSTNAMELEN if not already done * update upnpreplyparse to allow larger values (128 chars instead of 64) * Update upnpreplyparse to take into account "empty" elements * validate upnpreplyparse.c code with "make check" * Fix Solaris build thanks to Maciej Małecki * Fix testminiwget.sh for BSD * Fixed Makefile for *BSD * Update Makefile to use JNAerator version 0.11 * Fix testminiwget.sh for use with dash * Use $(DESTDIR) in Makefile openSUSE 12.3 Update mozilla-nspr was updated to version 4.10.6 to fix one security issue: * OOB write with sprintf and console functions (CVE-2014-1545) MozillaFirefox was updated to version 30.0 to fix eight security issues: * Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538) * Use-after-free in Event Listener Manager (CVE-2014-1540) * Use-after-free with SMIL Animation Controller (CVE-2014-1541) * Buffer overflow in Web Audio Speex resampler (CVE-2014-1542) Several non-security bugs were also fixed in this release. openSUSE 12.3 Update MozillaThunderbird was updated to version 24.6.0 to fix six security issues: * Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538) * Use-after-free with SMIL Animation Controller (CVE-2014-1541) openSUSE 12.3 Update dbus-1 was updated to fix a possible DoS (CVE-2014-3477). openSUSE 12.3 Update ctdb was updated to version 2.3 to fix several temp file vulnerabilities (CVE-2013-4159). Various other bugs were fixed by this upgrade, most notably bnc#867815: Avoid lockwait congestion by using an overflow queue. openSUSE 12.3 Update castor was updated to prevent XXE attacks via crafted XML documents (CVE-2014-3004). openSUSE 12.3 Update The Linux kernel was updated to fix security issues and bugs: Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Bugs fixed: - memcg: deprecate memory.force_empty knob (bnc#878274). openSUSE 12.3 Update seamonkey was updated to version 2.26.1 to fix nine security issues. These security issues were fixed: * Miscellaneous memory safety hazards (CVE-2014-1533/CVE-2014-1534) * Use-after-free and out of bounds issues found using Address Sanitizer (CVE-2014-1536/CVE-2014-1537/CVE-2014-1538) * Use-after-free in Event Listener Manager (CVE-2014-1540) * Use-after-free with SMIL Animation Controller (CVE-2014-1541) * Buffer overflow in Web Audio Speex resampler (CVE-2014-1542) * Out of bounds write in NSPR (CVE-2014-1545) openSUSE 12.3 Update php5 was updated to prevent insecure DNS TXT record parsing. This security issue was fixed: - Heap-based buffer overflow in DNS TXT record parsing (CVE-2014-4049) openSUSE 12.3 Update xalan-j2 was updated to ensure secure processing can't be circumvented (CVE-2014-0107). openSUSE 12.3 Update samba was updated to fix three security issues and two non-security issues. These security issues were fixed: - Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler (CVE-2014-3493) - Fix nmbd denial of service (CVE-2014-0244) - Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response (CVE-2014-0178) These non-security issues were fixed: - Fix printer job purging; (bso#10612); (bnc#879390). - Package the get_printing_ticket binary with 0700 permissions on post-11.4 systems; (bnc#685093). openSUSE 12.3 Update freerdp was patched to fix several integer overflows. These security issues were fixed: * Integer overflow (CVE-2014-0791) * Integer overflows in memory allocations in client/X11/xf_graphics.c (CVE-2014-0250) openSUSE 12.3 Update memcached was updated to version 1.4.20 to fix five security issues. These security issues were fixed: - DoS when printing out keys to be deleted in verbose mode (CVE-2013-0179) - Remote DoS (crash) via a request that triggers "unbounded key print" (CVE-2013-7291) - Remote DoS (segmentation fault) via a request to delete a key (CVE-2013-7290) - SASL authentication allows wrong credentials to access memcache (CVE-2013-7239) - Remote DoS (CVE-2011-4971) openSUSE 12.3 Update gpg2 was patched to fix a possible DoS. This security issue was fixed: - Denial of service through infinite loop with garbled compressed data packets (CVE-2014-4617) openSUSE 12.3 Update python and python3 were updated to fix one security issue. This security issue was fixed: - Missing boundary check in JSON module (CVE-2014-4616) openSUSE 12.3 Update This update fixes the following security issues with php, php5 and php53: - bnc#884986, CVE-2014-0207: file: php5: cdf_read_short_sector insufficient boundary check - bnc#884987, CVE-2014-3478: file: mconvert incorrect handling of truncated pascal string size - bnc#884989, CVE-2014-3479: php53: file: cdf_check_stream_offset insufficient boundary check - bnc#884990, CVE-2014-3480: php53: file: cdf_count_chain insufficient boundary check - bnc#884991, CVE-2014-3487: php53: file: cdf_read_property_info insufficient boundary check - bnc#884992, CVE-2014-3515: php5: unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion openSUSE 12.3 Update bnc#883947: CVE-2014-4607: lzo: DoS or possible RCE by allowing an attacker to change controllflow openSUSE 12.3 Update CVE-2014-3532 denial of service in file descriptor passing feature CVE-2014-3533 local denial of service (force system services to exit) openSUSE 12.3 Update - lz4.patch security fix for CVE-2014-4611 openSUSE 12.3 Update php5 was updated to fix security issues: CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. openSUSE 12.3 Update The NTP time service could be used for remote denial of service amplification attacks. This issue can be fixed by the administrator as we described in our security advisory SUSE-SA:2014:001 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00005.html and on http://support.novell.com/security/cve/CVE-2013-5211.html This update now also replaces the default ntp.conf template to fix this problem. Please note that if you have touched or modified ntp.conf yourself, it will not be automatically fixed, you need to merge the changes manually as described. openSUSE 12.3 Update The Linux Kernel was updated to fix various bugs and security issues. CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4014: The capabilities implementation in the Linux kernel did not properly consider that namespaces are inapplicable to inodes, which allowed local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. Additional Bug fixed: - HID: logitech-dj: Fix USB 3.0 issue (bnc#788080). openSUSE 12.3 Update MozillaFirefox was updated to version 31 to fix various security issues and bugs: * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-57/CVE-2014-1549 (bmo#1020205) Buffer overflow during Web Audio buffering for playback * MFSA 2014-58/CVE-2014-1550 (bmo#1020411) Use-after-free in Web Audio due to incorrect control message ordering * MFSA 2014-60/CVE-2014-1561 (bmo#1000514, bmo#910375) Toolbar dialog customization event spoofing * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images * MFSA 2014-65/CVE-2014-1558/CVE-2014-1559/CVE-2014-1560 (bmo#1015973, bmo#1026022, bmo#997795) Certificate parsing broken by non-standard character encoding * MFSA 2014-66/CVE-2014-1552 (bmo#985135) IFRAME sandbox same-origin access through redirect Mozilla-nss was updated to 3.16.3: New Functions: * CERT_GetGeneralNameTypeFromString (This function was already added in NSS 3.16.2, however, it wasn't declared in a public header file.) Notable Changes: * The following 1024-bit CA certificates were removed - Entrust.net Secure Server Certification Authority - GTE CyberTrust Global Root - ValiCert Class 1 Policy Validation Authority - ValiCert Class 2 Policy Validation Authority - ValiCert Class 3 Policy Validation Authority * Additionally, the following CA certificate was removed as requested by the CA: - TDC Internet Root CA * The following CA certificates were added: - Certification Authority of WoSign - CA 沃通根证书 - DigiCert Assured ID Root G2 - DigiCert Assured ID Root G3 - DigiCert Global Root G2 - DigiCert Global Root G3 - DigiCert Trusted Root G4 - QuoVadis Root CA 1 G3 - QuoVadis Root CA 2 G3 - QuoVadis Root CA 3 G3 * The Trust Bits were changed for the following CA certificates - Class 3 Public Primary Certification Authority - Class 3 Public Primary Certification Authority - Class 2 Public Primary Certification Authority - G2 - VeriSign Class 2 Public Primary Certification Authority - G3 - AC Ra?z Certic?mara S.A. - NetLock Uzleti (Class B) Tanusitvanykiado - NetLock Expressz (Class C) Tanusitvanykiado changes in 3.16.2 New functionality: * DTLS 1.2 is supported. * The TLS application layer protocol negotiation (ALPN) extension is also supported on the server side. * RSA-OEAP is supported. Use the new PK11_PrivDecrypt and PK11_PubEncrypt functions with the CKM_RSA_PKCS_OAEP mechanism. * New Intel AES assembly code for 32-bit and 64-bit Windows, contributed by Shay Gueron and Vlad Krasnov of Intel. Notable Changes: * The btoa command has a new command-line option -w suffix, which causes the output to be wrapped in BEGIN/END lines with the given suffix * The certutil commands supports additionals types of subject alt name extensions. * The certutil command supports generic certificate extensions, by loading binary data from files, which have been prepared using external tools, or which have been extracted from other existing certificates and dumped to file. * The certutil command supports three new certificate usage specifiers. * The pp command supports printing UTF-8 (-u). * On Linux, NSS is built with the -ffunction-sections -fdata-sections compiler flags and the --gc-sections linker flag to allow unused functions to be discarded. changes in 3.16.1 New functionality: * Added the "ECC" flag for modutil to select the module used for elliptic curve cryptography (ECC) operations. New Macros * PUBLIC_MECH_ECC_FLAG a public mechanism flag for elliptic curve cryptography (ECC) operations * SECMOD_ECC_FLAG an NSS-internal mechanism flag for elliptic curve cryptography (ECC) operations. This macro has the same numeric value as PUBLIC_MECH_ECC_FLAG. Notable Changes: * Imposed name constraints on the French government root CA ANSSI (DCISS). openSUSE 12.3 Update MozillaThunderbird was updated to Thunderbird 24.7.0 (bnc#887746) * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images A standalone enigmail 1.7 package that was previously built as part of MozillaThunderbird was added. openSUSE 12.3 Update This update fixes the following security issue: (bnc#881524) CVE-2014-3970 - Denial of service in module-rtp-recv openSUSE 12.3 Update Changes in exim: - Silence static checkers; (beo#1506). - update to 4.83 This release of Exim includes one incompatible fix: + the behavior of expansion of arguments to math comparison functions (<, <=, =, =>, >) was unexpected, expanding the values twice; CVE-2014-2972; (bnc#888520) This release contains the following enhancements and bugfixes: + PRDR was promoted from Experimental to mainline + OCSP Stapling was promoted from Experimental to mainline + new Experimental feature Proxy Protocol + new Experimental feature DSN (Delivery Status Notifications) + TLS session improvements + TLS SNI fixes + LDAP enhancements + DMARC fixes (previous CVE-2014-2957) and new $dmarc_domain_policy + several new operations (listextract, utf8clean, md5, sha1) + enforce header formatting with verify=header_names_ascii + new commandline option -oMm + new TLSA dns lookup + new malware "sock" type + cutthrough routing enhancements + logging enhancements + DNSSEC enhancements + exiqgrep enhancements + deprecating non-standard SPF results + build and portability fixes + documentation fixes and enhancements - Verify source tar ball gpg signature. - Refresh exim-enable_ecdh_openssl.patch and strip version number from the patch filename. - exim482-enable_ecdh_openssl.patch: Enable ECDH (elliptic curve diffie hellman) support, taken from http://bugs.exim.org/show_bug.cgi?id=1397 - BuildRequire libopenssl-devel only on SUSE systems. - Fix suse_version condition of the pre- and postun scriptlets. - Call service_add_pre from pre scriptlet on post-12.2 systems. - update to 4.82 - Add -bI: framework, and -bI:sieve for querying sieve capabilities. - Make -n do something, by making it not do something. When combined with -bP, the name of an option is not output. - Added tls_dh_min_bits SMTP transport driver option, only honoured by GnuTLS. - First step towards DNSSEC, provide $sender_host_dnssec for $sender_host_name and config options to manage this, and basic check routines. - DSCP support for outbound connections and control modifier for inbound. - Cyrus SASL: set local and remote IP;port properties for driver. (Only plugin which currently uses this is kerberos4, which nobody should be using, but we should make it available and other future plugins might conceivably use it, even though it would break NAT; stuff *should* be using channel bindings instead). - Handle "exim -L <tag>" to indicate to use syslog with tag as the process name; added for Sendmail compatibility; requires admin caller. Handle -G as equivalent to "control = suppress_local_fixups" (we used to just ignore it); requires trusted caller. Also parse but ignore: -Ac -Am -X<logfile> Bugzilla 1117. - Bugzilla 1258 - Refactor MAIL FROM optional args processing. - Add +smtp_confirmation as a default logging option. - Bugzilla 198 - Implement remove_header ACL modifier. - Bugzilla 1197, 1281, 1283 - Spec typo. - Bugzilla 1290 - Spec grammar fixes. - Bugzilla 1285 - Spec omission, fix docbook errors for spec.txt creation. - Add Experimental DMARC support using libopendmarc libraries. - Fix an out of order global option causing a segfault. Reported to dev mailing list by by Dmitry Isaikin. - Bugzilla 1201 & 304 - New cutthrough-delivery feature, with TLS support. - Support "G" suffix to numbers in ${if comparisons. - Handle smtp transport tls_sni option forced-fail for OpenSSL. - Bugzilla 1196 - Spec examples corrections - Add expansion operators ${listnamed:name} and ${listcount:string} - Add gnutls_allow_auto_pkcs11 option (was originally called gnutls_enable_pkcs11, but renamed to more accurately indicate its function. - Let Linux makefile inherit CFLAGS/CFLAGS_DYNAMIC. Pulled from Debian 30_dontoverridecflags.dpatch by Andreas Metzler. - Add expansion item ${acl {name}{arg}...}, expansion condition "acl {{name}{arg}...}", and optional args on acl condition "acl = name arg..." - Permit multiple router/transport headers_add/remove lines. - Add dnsdb pseudo-lookup "a+" to do an "aaaa" + "a" combination. - Avoid using a waiting database for a single-message-only transport. Performance patch from Paul Fisher. Bugzilla 1262. - Strip leading/trailing newlines from add_header ACL modifier data. Bugzilla 884. - Add $headers_added variable, with content from use of ACL modifier add_header (but not yet added to the message). Bugzilla 199. - Add 8bitmime log_selector, for 8bitmime status on the received line. Pulled from Bugzilla 817 by Wolfgang Breyha. - SECURITY: protect DKIM DNS decoding from remote exploit. CVE-2012-5671 (nb: this is the same fix as in Exim 4.80.1) - Add A= logging on delivery lines, and a client_set_id option on authenticators. - Add optional authenticated_sender logging to A= and a log_selector for control. - Unbreak server_set_id for NTLM/SPA auth, broken by 4.80 PP/29. - Dovecot auth: log better reason to rejectlog if Dovecot did not advertise SMTP AUTH mechanism to us, instead of a generic protocol violation error. Also, make Exim more robust to bad data from the Dovecot auth socket. - Fix ultimate retry timeouts for intermittently deliverable recipients. - When a queue runner is handling a message, Exim first routes the recipient addresses, during which it prunes them based on the retry hints database. After that it attempts to deliver the message to any remaining recipients. It then updates the hints database using the retry rules. - So if a recipient address works intermittently, it can get repeatedly deferred at routing time. The retry hints record remains fresh so the address never reaches the final cutoff time. - This is a fairly common occurrence when a user is bumping up against their storage quota. Exim had some logic in its local delivery code to deal with this. However it did not apply to per-recipient defers in remote deliveries, e.g. over LMTP to a separate IMAP message store. - This change adds a proper retry rule check during routing so that the final cutoff time is checked against the message's age. We only do this check if there is an address retry record and there is not a domain retry record; this implies that previous attempts to handle the address had the retry_use_local_parts option turned on. We use this as an approximation for the destination being like a local delivery, as in LMTP. - I suspect this new check makes the old local delivery cutoff check redundant, but I have not verified this so I left the code in place. - Correct gecos expansion when From: is a prefix of the username. - Test 0254 submits a message to Exim with the header Resent-From: f - When I ran the test suite under the user fanf2, Exim expanded the header to contain my full name, whereas it should have added a Resent-Sender: header. It erroneously treats any prefix of the username as equal to the username. This change corrects that bug. - DCC debug and logging tidyup Error conditions log to paniclog rather than rejectlog. Debug lines prefixed by "DCC: " to remove any ambiguity. - Avoid unnecessary rebuilds of lookup-related code. - Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. Bug spotted by Jeremy Harris; was flawed since initial commit. Would have resulted in OCSP responses post-SNI triggering an Exim NULL dereference and crash. - Add $router_name and $transport_name variables. Bugzilla 308. - Define SIOCGIFCONF_GIVES_ADDR for GNU Hurd. Bug detection, analysis and fix by Samuel Thibault. Bugzilla 1331, Debian bug #698092. - Update eximstats to watch out for senders sending 'HELO [IpAddr]' - SMTP PRDR (http://www.eric-a-hall.com/specs/draft-hall-prdr-00.txt). Server implementation by Todd Lyons, client by JH. Only enabled when compiled with EXPERIMENTAL_PRDR. A new config variable "prdr_enable" controls whether the server advertises the facility. If the client requests PRDR a new acl_data_smtp_prdr ACL is called once for each recipient, after the body content is received and before the acl_smtp_data ACL. The client is controlled by bolth of: a hosts_try_prdr option on the smtp transport, and the server advertisement. Default client logging of deliveries and rejections involving PRDR are flagged with the string "PRDR". - Fix problems caused by timeouts during quit ACLs trying to double fclose(). Diagnosis by Todd Lyons. Update configure.default to handle IPv6 localhost better. Patch by Alain Williams (plus minor tweaks). Bugzilla 880. - OpenSSL made graceful with empty tls_verify_certificates setting. This is now consistent with GnuTLS, and is now documented: the previous undocumented portable approach to treating the option as unset was to force an expansion failure. That still works, and an empty string is now equivalent. - Renamed DNSSEC-enabling option to "dns_dnssec_ok", to make it clearer that Exim is using the DO (DNSSEC OK) EDNS0 resolver flag, not performing validation itself. - Added force_command boolean option to pipe transport. Patch from Nick Koston, of cPanel Inc. - AUTH support on callouts (and hence cutthrough-deliveries). Bugzilla 321, 823. - Added udpsend ACL modifer and hexquote expansion operator - Fix eximon continuous updating with timestamped log-files. Broken in a format-string cleanup in 4.80, missed when I repaired the other false fix of the same issue. Report and fix from Heiko Schlichting. Bugzilla 1363. - Guard LDAP TLS usage against Solaris LDAP variant. Report from Prashanth Katuri. - Support safari_ecdhe_ecdsa_bug for openssl_options. It's SecureTransport, so affects any MacOS clients which use the system-integrated TLS libraries, including email clients. - Fix segfault from trying to fprintf() to a NULL stdio FILE* if using a MIME ACL for non-SMTP local injection. Report and assistance in diagnosis by Warren Baker. - Adjust exiqgrep to be case-insensitive for sender/receiver. - Fix comparisons for 64b. Bugzilla 1385. - Add expansion variable $authenticated_fail_id to keep track of last id that failed so it may be referenced in subsequent ACL's. - Bugzilla 1375 - Prevent TLS rebinding in ldap. Patch provided by Alexander Miroch. - Bugzilla 1382 - Option ldap_require_cert overrides start_tls ldap library initialization, allowing self-signed CA's to be used. Also properly sets require_cert option later in code by using NULL (global ldap config) instead of ldap handle (per session). Bug diagnosis and testing by alxgomz. - Enhanced documentation in the ratelimit.pl script provided in the src/util/ subdirectory. - Bug 1301 - Imported transport SQL logging patch from Axel Rau renamed to Transport Post Delivery Action by Jeremy Harris, as EXPERIMENTAL_TPDA. - Bugzilla 1217 - Redis lookup support has been added. It is only enabled when Exim is compiled with EXPERIMENTAL_REDIS. A new config variable redis_servers = needs to be configured which will be used by the redis lookup. Patch from Warren Baker, of The Packet Hub. - Fix exiqsumm summary for corner case. Patch provided by Richard Hall. - Bugzilla 1289 - Clarify host/ip processing when have errors looking up a hostname or reverse DNS when processing a host list. Used suggestions from multiple comments on this bug. - Bugzilla 1057 - Multiple clamd TCP targets patch from Mark Zealey. - Had previously added a -CONTINUE option to runtest in the test suite. Missed a few lines, added it to make the runtest require no keyboard interaction. - Bugzilla 1402 - Test 533 fails if any part of the path to the test suite contains upper case chars. Make router use caseful_local_part. - Bugzilla 1400 - Add AVOID_GNUTLS_PKCS11 build option. Allows GnuTLS support when GnuTLS has been built with p11-kit. - Add systemd support for openSUSE > 12.2 - Remove some obsolete conditionnal macros - exim.spec forces the use of SSL libraries, so make sure the BuildRequires are there. Also add previously implicit cyrus-sasl back. - Fixed another remote code execution issue (CVE-2011-1407 / bnc#694798) - Fixed STARTTLS command injection (bnc#695144) openSUSE 12.3 Update Chromium was updated to version 36.0.1985.125. New Functionality: * Rich Notifications Improvements * An Updated Incognito / Guest NTP design * The addition of a Browser crash recovery bubble * Chrome App Launcher for Linux * Lots of under the hood changes for stability and performance Security Fixes (bnc#887952,bnc#887955): * CVE-2014-3160: Same-Origin-Policy bypass in SVG * CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives and 24 more fixes for which no description was given. Packaging changes: * Switch to newer method to retrieve toolchain packages. Dropping the three naclsdk_*tgz files. Everything is now included in the toolchain_linux_x86.tar.bz2 tarball * Add Courgette.tar.xz as that the build process now requires some files from Courgette in order to build succesfully. This does not mean that Courgette is build/delivered. Includes also an update to Chromium 35.0.1916.153 Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263): * CVE-2014-3154: Use-after-free in filesystem api * CVE-2014-3155: Out-of-bounds read in SPDY * CVE-2014-3156: Buffer overflow in clipboard * CVE-2014-3157: Heap overflow in media openSUSE 12.3 Update The following security isses are fixed in this update: CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC 1964 tokens (bnc#886016) CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697) openSUSE 12.3 Update The following security issue is fixed in this update - [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow openSUSE 12.3 Update Fix integer overflow in check_section (CVE-2014-0172, bnc#872785) openSUSE 12.3 Update - Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series. - Major features: - Clients now look at the "usecreatefast" consensus parameter to decide whether to use CREATE_FAST or CREATE cells for the first hop of their circuit. This approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels, but the tradeoff is more computational load on guard relays. - Make the number of entry guards configurable via a new NumEntryGuards consensus parameter, and the number of directory guards configurable via a new NumDirectoryGuards consensus parameter. - Major bugfixes: - Fix a bug in the bounds-checking in the 32-bit curve25519-donna implementation that caused incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys. - Minor bugfixes: - Warn and drop the circuit if we receive an inbound 'relay early' cell. - Correct a confusing error message when trying to extend a circuit via the control protocol but we don't know a descriptor or microdescriptor for one of the specified relays. - Avoid an illegal read from stack when initializing the TLS module using a version of OpenSSL without all of the ciphers used by the v2 link handshake. openSUSE 12.3 Update This is apache2-mod_security2 update fixes the following security issue: - Specially drafted chunked http requests allow to bypass filters configured in mod_security2. This vulnerability is known as CVE-2013-5705 and was handled in bnc#871309. openSUSE 12.3 Update This apache2 update fixes the following security issues: - CRIME types of attack, based on size and timing analysis of compressed content, are now mitigated by the new SSLCompression directive, set to "no" in /etc/apache2/ssl-global.conf - ssl-global.conf: SSLHonorCipherOrder set to on - SSLCipherSuite updates to vhosts.d/vhost-ssl.template and apache2-default-vhost-ssl.conf - new config option CGIDScriptTimeout set to 60s in new file conf.d/cgid-timeout.conf, preventing worker processes hanging forever if a cgi launched from them has stopped reading input from the server. (bnc#887768, CVE-2014-0231) - fix for mod_status race condition in scoreboard handling and consecutive heap overflow and information disclosure if access to mod_status is granted to a potential attacker. (bnc#887765, CVE-2014-0226) - fixed improperly handled whitespace characters in CDATA sections of requests to mod_dav can lead to a crash, resulting in a DoS against the server. (bnc#869105, CVE-2013-6438) - fix for crash in parsing cookie content, resulting in a DoS against the server. (bnc#869106, CVE-2014-0098) openSUSE 12.3 Update This python update fixes the following security and non security issues: - CGIHTTPServer file disclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - remove link count optimizations that are incorrect on btrfs (and possibly other filesystems) openSUSE 12.3 Update This python3 update fixes the following security and non security issues: - CGIHTTPServer filedisclosure and directory traversal through URL-encoded characters (CVE-2014-4650, bnc#885882) - DoS on ssl.match_hostname via a crafted certificate with too many wildcards (CVE-2013-2099, bnc#886001) - fix import_failed hook file names openSUSE 12.3 Update This gpgme update to version 1.4.4 fixes the following security and non i security issues: - Fixed possible overflow in gpgsm and uiserver engines. (CVE-2014-3564, bnc#890123) - Fixed possibled segv in gpgme_op_card_edit. - Fixed minor memleaks and possible zombie processes. - Fixed prototype inconsistencies and void pointer arithmetic. openSUSE 12.3 Update Thit MIT krb5 update fixes the following security issue: - buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345) openSUSE 12.3 Update This openssl update fixes the following security issues: - openssl 1.0.1i * Information leak in pretty printing functions (CVE-2014-3508) * Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139) * Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509) * Double Free when processing DTLS packets (CVE-2014-3505) * DTLS memory exhaustion (CVE-2014-3506) * DTLS memory leak from zero-length fragments (CVE-2014-3507) * OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510) * OpenSSL TLS protocol downgrade attack (CVE-2014-3511) * SRP buffer overrun (CVE-2014-3512) openSUSE 12.3 Update This subversion and libserf update fixes several security and non security issues: - subversion: guard against md5 hash collisions when finding cached credentials [bnc#889849] [CVE-2014-3528] - subversion: ra_serf: properly match wildcards in SSL certs. [bnc#890511] [CVE-2014-3522] - libserf: Handle NUL bytes in fields of an X.509 certificate. [bnc#890510] [CVE-2014-3504] openSUSE 12.3 Update This IPython update fixes the following security issue: - RCE in IPython Notebook via cross-origin websocket connection (CVE-2014-3429, bnc#887577) openSUSE 12.3 Update libgcrypt was updated to 1.5.4 to prevent a side-channel attack on Elgamal encryption subkeys. Besides that the following issues were resolved: - Improved performance of RSA, DSA, and Elgamal by using a new exponentiation algorithm. - Fixed a subtle bug in mpi_set_bit which could set spurious bits. - Fixed a bug in an internal division function. openSUSE 12.3 Update This phpMyAdmin update addresses several security and non security issues: - This is a phpMyAdmin version upgrade (bnc#892401): (From 4.1.14.3): * sf#4501 [security] XSS in table browse page (CVE-2014-5273) * sf#4502 [security] Self-XSS in enum value editor (CVE-2014-5273) * sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273) * sf#4505 [security] XSS in view operations page (CVE-2014-5274) * sf#4504 [security] Self-XSS in query charts (CVE-2014-5273) * sf#4517 [security] XSS in relation view (CVE-2014-5273) (From 4.1.14.2): * sf#4488 [security] XSS injection due to unescaped table name (triggers)(CVE-2014-4955) * sf#4492 [security] XSS in AJAX confirmation messages (CVE-2014-4986) * sf#4491 [security] Missing validation for accessing User groups feature (CVE-2014-4987) (From 4.1.14.1): * sf#4464 [security] XSS injection due to unescaped db/table name in navigation hiding (CVE-2014-4349) (From 4.1.14.0 through 4.1.9.0): * Numerous non-security bugfixes are listed at https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog openSUSE 12.3 Update glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325) openSUSE 12.3 Update enigmail was updated to version 1.7.2 (bnc#893330) * bugfix release which contains several bugfixes including mail with only Bcc recipients sent in plain text (CVE-2014-5369) openSUSE 12.3 Update This update fixes memory corruption vulnerability in DOCM import and data exposure using crafted OLE objects. openSUSE 12.3 Update Mozilla Firefox was updated to Firefox 32 fixing security issues and bugs. Security issues fixed: MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this unitialized memory using the <canvas> feature. MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash. MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562) Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, and JW Wang reported memory safety problems and crashes that affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553) Gary Kwong, Christian Holler, and David Weir reported memory safety problems and crashes that affect Firefox 31. (CVE-2014-1554) Mozilla NSS was updated to 3.16.4: Notable Changes: * The following 1024-bit root CA certificate was restored to allow more time to develop a better transition strategy for affected sites. It was removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy forum led to the decision to keep this root included longer in order to give website administrators more time to update their web servers. - CN = GTE CyberTrust Global Root * In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit intermediate CA certificate has been included, without explicit trust. The intention is to mitigate the effects of the previous removal of the 1024-bit Entrust.net root certificate, because many public Internet sites still use the "USERTrust Legacy Secure Server CA" intermediate certificate that is signed by the 1024-bit Entrust.net root certificate. The inclusion of the intermediate certificate is a temporary measure to allow those sites to function, by allowing them to find a trust path to another 2048-bit root CA certificate. The temporarily included intermediate certificate expires November 1, 2015. openSUSE 12.3 Update net-snmp was updated to fix a remote denial of service problem inside snmptrapd when started with the "-OQ" option (CVE-2014-3565)(bnc#894361) openSUSE 12.3 Update MozillaThunderbird was updated to Thunderbird 31.1.0 (bnc#894370), fixinfg security issues: * MFSA 2014-67/CVE-2014-1553/CVE-2014-1562 Miscellaneous memory safety hazards * MFSA 2014-68/CVE-2014-1563 (bmo#1018524) Use-after-free during DOM interactions with SVG * MFSA 2014-69/CVE-2014-1564 (bmo#1045977) Uninitialized memory use during GIF rendering * MFSA 2014-70/CVE-2014-1565 (bmo#1047831) Out-of-bounds read in Web Audio audio timeline * MFSA 2014-72/CVE-2014-1567 (bmo#1037641) Use-after-free setting text directionality - update to Thunderbird 31.0 * based on Gecko 31 * Autocompleting email addresses now matches against any part of the name or email * Composing a mail to a newsgroup will now autocomplete newsgroup names * Insecure NTLM (pre-NTLMv2) authentication disabled openSUSE 12.3 Update Chromium was updated to 37.0.2062.94 containing security Fixes (bnc#893720). A full list of changes is available in the log: https://chromium.googlesource.com/chromium/src/+log/36.0.1985.0..37.0.2062.0?pretty=full This update includes 50 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information. Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer. High CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak. High CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu. High CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer. Medium CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey. Medium CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar. Medium CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG. We would also like to thank Collin Payne, Christoph Diehl, Sebastian Mauer, Atte Kettunen, and cloudfuzzer for working with us during the development cycle to prevent security bugs from ever reaching the stable channel. $8000 in additional rewards were issued. As usual, our ongoing internal security work responsible for a wide range of fixes: CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37). Many of the above bugs were detected using AddressSanitizer. openSUSE 12.3 Update procmail was updated to fix a heap-overflow in procmail's formail utility when processing specially-crafted email headers (bnc#894999, CVE-2014-3618) openSUSE 12.3 Update This update fixes the following security issues and bugs with squid: A denial of Service in Range header processing was fixed that could be used by proxy users to crash squid. (CVE-2014-3609) Also the following bugs were fixed: - bnc#894840: removed unnecessary 'sharedscripts' in squid's logrotate snippet - bnc#894636: fixes run of init script when logrotate is called openSUSE 12.3 Update Python Django was updated to fix security issues and bugs. Update to version 1.4.15 on openSUSE 12.3: + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerabilty in URL reversing (bnc#874950, CVE-2014-0472) Update to version 1.5.10 on openSUSE 13.1: + Prevented reverse() from generating URLs pointing to other hosts to prevent phishing attacks (bnc#893087, CVE-2014-0480) + Removed O(n) algorithm when uploading duplicate file names to fix file upload denial of service (bnc#893088, CVE-2014-0481) + Modified RemoteUserMiddleware to logout on REMOTE_USE change to prevent session hijacking (bnc#893089, CVE-2014-0482) + Prevented data leakage in contrib.admin via query string manipulation (bnc#893090, CVE-2014-0483) - Update to version 1.5.8: + Fixed: Caches may incorrectly be allowed to store and serve private data (bnc#877993, CVE-2014-1418) + Fixed: Malformed redirect URLs from user input not correctly validated (bnc#878641, CVE-2014-3730) + Fixed queries that may return unexpected results on MySQL due to typecasting (bnc#874956, CVE-2014-0474) + Prevented leaking the CSRF token through caching (bnc#874955, CVE-2014-0473) + Fixed a remote code execution vulnerabilty in URL reversing (bnc#874950, CVE-2014-0472) openSUSE 12.3 Update ppp was updated to fix an integer overflow in option parsing. (CVE-2014-3158, bnc#891489). openSUSE 12.3 Update php5 was updated to fix three security issues: - Insecure temporary file use for cache data was fixed by switching to a different root only directory /var/cache/php-pear (CVE-2014-5459) - An incomplete fix for CVE-2014-4049 (CVE-2014-3597) - gd extension: NUL byte injection in filenames passed to image handling functions was fixed (CVE-2014-5120) Also a bug was fixed: - fixed suhosin crash if used with php session_set_save_handler() [bnc#895658] openSUSE 12.3 Update libcurl was updated to fix security issues: CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned or used for other numeric IP hosts if portions of the numerics were the same. CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains, making them to broad. openSUSE 12.3 Update lua was updated to fix an overflow in varargs functions (CVE-2014-5461 ,bnc#893824) openSUSE 12.3 Update phpMyAdmin was updated to 4.1.14.4 (2014-09-13) fixing bugs and security issues. * PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php A DOM based XSS was fixed that resulted to a CSRF that creates a ROOT account in certain conditions. openSUSE 12.3 Update The DBUS-1 service and libraries were updated to upstream release 1.6.24 fixing security issues and bugs. Upstream changes since dbus 1.6.8 + Security fixes - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit. Distributors or system administrators with a more restrictive fd limit may wish to reduce these limits further. Additionally, on Linux this prevents a second denial of service in which the dbus-daemon can be made to exceed the maximum number of fds per sendmsg() and disconnect the process that would have received them. (CVE-2014-3636, fdo#82820; Alban Crequy) - Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor. (CVE-2014-3637, fdo#80559; Alban Crequy) - Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638, fdo#81053; Alban Crequy) - Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban Crequy) - On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban Crequy) - Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack which a malicious client can make dbus-daemon disconnect a system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro Mart?nez Su?rez, Simon McVittie, Alban Crequy) - Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. (CVE-2014-3477, fdo#78979) - CVE-2013-2168: Fix misuse of va_list that could be used as a denial of service for system services. Vulnerability reported by Alexandru Cornea. (Simon) + Other fixes - Don't leak memory on out-of-memory while listing activatable or active services (fdo#71526, Radoslaw Pajak) - fix undefined behaviour in a regression test (fdo#69924, DreamNik) - path_namespace='/' in match rules incorrectly matched nothing; it now matches everything. (fdo#70799, Simon McVittie) - Make dbus_connection_set_route_peer_messages(x, FALSE) behave as documented. Previously, it assumed its second parameter was TRUE. (fdo#69165, Chengwei Yang) - Fix a NULL pointer dereference on an unlikely error path (fdo#69327, Sviatoslav Chagaev) - If accept4() fails with EINVAL, as it can on older Linux kernels with newer glibc, try accept() instead of going into a busy-loop. (fdo#69026, Chengwei Yang) - If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for instance on Hurd or older Linux with a new glibc, try without SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang) - Fix a file descriptor leak on an error code path. (fdo#69182, Sviatoslav Chagaev) - Fix compilation if writev() is unavailable (fdo#69409, Vasiliy Balyasnyy) - Avoid an infinite busy-loop if a signal interrupts waitpid() (fdo#68945, Simon McVittie) - Escape addresses containing non-ASCII characters correctly (fdo#53499, Chengwei Yang) - If malloc() returns NULL in _dbus_string_init() or similar, don't free an invalid pointer if the string is later freed (fdo#65959, Chengwei Yang) - If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list that was never va_start()ed (fdo#66300, Chengwei Yang) - Fix a regression test on platforms with strict alignment (fdo#67279, Colin Walters) - Avoid calling function parameters "interface" since certain Windows headers have a namespace-polluting macro of that name (fdo#66493, Ivan Romanov) - Make "make -j check" work (fdo#68852, Simon McVittie) - In dbus-daemon, don't crash if a .service file starts with key=value (fdo#60853, Chengwei Yang) - Fix an assertion failure if we try to activate systemd services before systemd connects to the bus (fdo#50199, Chengwei Yang) - Avoid compiler warnings for ignoring the return from write() (Chengwei Yang) - Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF, U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fdo#63072, Simon McVittie) - Diagnose incorrect use of dbus_connection_get_data() with negative slot (i.e. before allocating the slot) rather than returning junk (fdo#63127, Dan Williams) - In the activation helper, when compiled for tests, do not reset the system bus address, fixing the regression tests. (fdo#52202, Simon) - Fix building with Valgrind 3.8, at the cost of causing harmless warnings with Valgrind 3.6 on some compilers (fdo#55932, Arun Raghavan) - Don't leak temporary fds pointing to /dev/null (fdo#56927, Michel HERMIER) - Create session.d, system.d directories under CMake (fdo#41319, Ralf Habacker) - Include alloca.h for alloca() if available, fixing compilation on Solaris 10 (fdo#63071, Dagobert Michelsen) openSUSE 12.3 Update Wireshark was update to 1.10.10 [bnc#897055] On openSUSE 12.3, the package was upgraded to 1.10.x from 1.8.x as it was discontinued. This update fixes vulnerabilities in Wireshark that could allow an attacker to crash Wireshark or make it become unresponsive by sending specific packages onto the network or have it loaded via a capture file while the dissectors are running. It also contains a number of other bug fixes. * RTP dissector crash wnpa-sec-2014-12 CVE-2014-6421 CVE-2014-6422 * MEGACO dissector infinite loop wnpa-sec-2014-13 CVE-2014-6423 * Netflow dissector crash wnpa-sec-2014-14 CVE-2014-6424 * RTSP dissector crash wnpa-sec-2014-17 CVE-2014-6427 * SES dissector crash wnpa-sec-2014-18 CVE-2014-6428 * Sniffer file parser crash wnpa-sec-2014-19 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432 - Further bug fixes as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.10.html - includes changes from 1.10.9: fixes several crashes triggered by malformed protocol packages - vulnerabilities fixed: * The Catapult DCT2000 and IrDA dissectors could underrun a buffer wnpa-sec-2014-08 CVE-2014-5161 CVE-2014-5162 (bnc#889901) * The GSM Management dissector could crash wnpa-sec-2014-09 CVE-2014-5163 (bnc#889906) * The RLC dissector could crash wnpa-sec-2014-10 CVE-2014-5164 (bnc#889900) * The ASN.1 BER dissector could crash wnpa-sec-2014-11 CVE-2014-5165 (bnc#889899) - Further bug fixes as listed in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.9.html openSUSE 12.3 Update XEN was updated to fix various bugs and security issues. Security issues fixed: - bnc#897657 - CVE-2014-7188: XSA-108 Improper MSR range used for x2APIC emulation - bnc#895802 - CVE-2014-7156: XSA-106: Missing privilege level checks in x86 emulation of software interrupts - bnc#895799 - CVE-2014-7155: XSA-105: Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation - bnc#895798 - CVE-2014-7154: XSA-104: Race condition in HVMOP_track_dirty_vram - bnc#864801 - CVE-2013-4540: qemu: zaurus: buffer overrun on invalid state load - bnc#880751 - CVE-2014-4021: XSA-100: Hypervisor heap contents leaked to guests - bnc#878841 - CVE-2014-3967,CVE-2014-3968: XSA-96: Vulnerabilities in HVM MSI injection - bnc#867910 - CVE-2014-2599: XSA-89: HVMOP_set_mem_access is not preemptible - bnc#842006 - CVE-2013-4344: XSA-65: xen: qemu SCSI REPORT LUNS buffer overflow Other bugs fixed: - bnc#896023 - Adjust xentop column layout - bnc#891539 - xend: fix netif convertToDeviceNumber for running domains - bnc#820873 - The "long" option doesn't work with "xl list" - bnc#881900 - XEN kernel panic do_device_not_available() - bnc#833483 - Boot Failure with xen kernel in UEFI mode with error "No memory for trampoline" - bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support when released - bnc#858178 - [HP HPS Bug]: SLES11sp3 XEN kiso version cause softlockup on 8 blades npar(480 cpu) - bnc#865682 - Local attach support for PHY backends using scripts - bnc#798770 - Improve multipath support for npiv devices openSUSE 12.3 Update bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Fixed a temporary file misuse in _rl_tropen (bnc#868822) Even if used only by developers to debug readline library do not open temporary files from public location without O_EXCL (CVE-2014-2524) Additional bugfixes: - Backported corrected german error message for a failing getpwd (bnc#895475) - Add bash upstream patch 47 to fix a problem where the function that shortens pathnames for $PS1 according to the value of $PROMPT_DIRTRIM uses memcpy on potentially-overlapping regions of memory, when it should use memmove. The result is garbled pathnames in prompt strings. - Add bash upstream patch 46 to fix a problem introduced by patch 32 a problem with "$@" and arrays expanding empty positional parameters or array elements when using substring expansion, pattern substitution, or case modfication. The empty parameters or array elements are removed instead of expanding to empty strings (""). - Add bash-4.2-strcpy.patch from upstream mailing list to patch collection tar ball to avoid when using \w in the prompt and changing the directory outside of HOME the a strcpy work on overlapping memory areas. openSUSE 12.3 Update Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. openSUSE 12.3 Update The command-line shell 'bash' evaluates environment variables, which allows the injection of characters and might be used to access files on the system in some circumstances (CVE-2014-7169). Please note that this issue is different from a previously fixed vulnerability tracked under CVE-2014-6271 and it is less serious due to the special, non-default system configuration that is needed to create an exploitable situation. To remove further exploitation potential we now limit the function-in-environment variable to variables prefixed with BASH_FUNC_ . This hardening feature is work in progress and might be improved in later updates. Additionaly two more security issues were fixed in bash: CVE-2014-7186: Nested HERE documents could lead to a crash of bash. CVE-2014-7187: Nesting of for loops could lead to a crash of bash. openSUSE 12.3 Update phpMyAdmin was updated fix a security issues [CVE-2014-7217] This update contains a fix for a cross-site scripting vulnerability in the table search and table structure pages which could be trigged with a crafted ENUM value. openSUSE 12.3 Update - CVE-2014-3657: Fix domain deadlock fc22b2e7-CVE-2014-3657.patch bsc#899484 - CVE-2014-3633: Use correct definition when looking up disk in qemu blkiotune 3e745e8f-CVE-2014-3633.patch bsc#897783 openSUSE 12.3 Update - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) - CVE-2014-7185-buffer-wraparound.patch: potential wraparound/overflow in buffer() (CVE-2014-7185, bnc#898572) openSUSE 12.3 Update - Update to version 3.10.1(bnc#870858): + Add an account preference to allow automatically accepting unknown and changed SSL certificates, if they're valid (that is, if the root CA is trusted by the distro). + RFE 3196, 'When changing quicksearch Search Type, set focus to search input box'. + PGP/Core plugin: Generate 2048 bit RSA keys. + Major code cleanup. + Extended claws-mail.desktop with Compose and Receive actions. + Fix GConf use with newer Glib. + Fix the race fix, now preventing the compose window to be closed. + Fix "File (null) doesn't exist" error dialog, when attaching a non-existing file via --attach + Fix spacing in Folderview if the font is far from the system font. + RSSyl: - When parsing RSS 2.0, ignore tags with a namespace prefix. - Check for existence of xmlNode namespace, to prevent NULL pointer crashes. + Bugs fixed: claws#2728, claws#2981, claws#3170, claws#3179, claws#3201, deb#730050. + Updated translations. - Drop claws-mail-3.10.0_uninitialized_variable_git51af19b.patch as fixed upstream. This also fixes CVE-2014-2576. openSUSE 12.3 Update - Fixed remote PRI DoS vulnerability patch (CVE-2014-3683,bnc#899756) [* rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] - Removed broken, unsupported and dropped by upstream zpipe utility from rsyslog-diag-tools package (bnc#890228) - Remote syslog PRI DoS vulnerability fix (CVE-2014-3634,bnc#897262) [+ rsyslog-7.2.7-remote-PRI-DoS-fix-backport_CVE-2014-3634.patch] openSUSE 12.3 Update This update fixes a denial of service vulnerability when parsing an empty quoted string (CVE-2014-0477) openSUSE 12.3 Update - Replace patches bash-4.2-heredoc-eof-delim.patch and bash-4.2-parse-exportfunc.patch with the official upstream patch levels bash42-052 and bash42-053 - Replace patch bash-4.2-CVE-2014-7187.patch with upstream patch level bash42-051 - Make bash-4.2-extra-import-func.patch an optional patch due instruction - Remove and replace patches bash-4.2-CVE-2014-6271.patch bash-4.2-BSC898604.patch bash-4.2-CVE-2014-7169.patch with bash upstream patch 48, patch 49, and patch 50 - Add patch bash-4.2-extra-import-func.patch which is based on the BSD patch of Christos. As further enhancements the option import-functions is mentioned in the manual page and a shopt switch is added to enable and disable import-functions on the fly openSUSE 12.3 Update - getmail 4.46.0 [bnc#900217] This release fixes several similar vulnerabilities that could allow a man-in-the-middle attacker to read encrypted traffic due to pack of certificate verification against the hostname. * fix --idle checking Python version incorrectly, resulting in incorrect warning about running with Python < 2.5 * add missing support for SSL certificate checking in POP3 which broke POP retrieval in v4.45.0 [CVE-2014-7275] - includes changes from 4.45.0: * perform hostname-vs-certificate matching of SSL certificate if validating the certifcate [CVE-2014-7274] * fix missing plaintext versions of documentation - includes changes from 4.44.0: * add extended SSL options for IMAP retrievers, allowing certificate verification and other features [CVE-2014-7273] * fix missing plaintext versions of documentation * fix "Header instance has no attribute 'strip'" error which cropped up in some configurations openSUSE 12.3 Update - add 0001-Add-os_exec-helper-to-run-external-programs.patch - add 0002-wpa_cli-Use-os_exec-for-action-script-execution.patch - fixing CVE-2014-3686 (bnc#900611) trying to abuse the action scripts in wpa_cli openSUSE 12.3 Update - update to Firefox 33.0 (bnc#900941) New features: * OpenH264 support (sandboxed) * Enhanced Tiles * Improved search experience through the location bar * Slimmer and faster JavaScript strings * New CSP (Content Security Policy) backend * Support for connecting to HTTP proxy over HTTPS * Improved reliability of the session restoration * Proprietary window.crypto properties/functions removed Security: * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch - added basic appdata information - update to SeaMonkey 2.30 (bnc#900941) * venkman debugger removed from application and therefore obsolete package seamonkey-venkman * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-78/CVE-2014-1580 (bmo#1063733) Further uninitialized memory use during GIF rendering * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-80/CVE-2014-1582/CVE-2014-1584 (bmo#1049095, bmo#1066190) Key pinning bypasses * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) - requires NSPR 4.10.7 - requires NSS 3.17.1 - removed obsolete patches: * mozilla-ppc.patch * mozilla-libproxy-compat.patch Changes in mozilla-nss: - update to 3.17.1 (bnc#897890) * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64 - update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE, the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake, by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code, which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2. * On Windows, the new build variable USE_STATIC_RTL can be used to specify the static C runtime library should be used. By default the dynamic C runtime library is used. Changes in mozilla-nspr: - update to version 4.10.7 * bmo#836658: VC11+ defaults to SSE2 builds by default. * bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103 PR_NewThreadPrivateIndex. * bmo#1026129: Replace some manual declarations of MSVC intrinsics with #include <intrin.h>. * bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip compiler checks when using MSVC, even when $CC is not literally "cl". * bmo#1034415: NSPR hardcodes the C compiler to cl on Windows. * bmo#1042408: Compilation fix for Android > API level 19. * bmo#1043082: NSPR's build system hardcodes -MD. openSUSE 12.3 Update - update to Thunderbird 31.2.0 (bnc#900941) * MFSA 2014-74/CVE-2014-1574 Miscellaneous memory safety hazards * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe openSUSE 12.3 Update This udpate for zeromq fixes the following non-security and security-issues: Update to version 4.0.4, for a detailed description see /usr/share/doc/packages/zeromq-devel/NEWS - Add libsodium dep for testsuite where possible - Version bump to 4.0.5 fixes bnc#898917 CVE-2014-7202 and CVE-2014-7203: * Fixed CURVE mechanism does not verify short term nonces. * Fixed stream_engine is vulnerable to downgrade attacks. * Fixed assertion failure for WSAENOTSOCK on Windows. * Fixed race condition while connecting inproc sockets. * Fixed bump so library number to 4.0.0 * Fixed assertion failed: !more (fq.cpp:99) after many ZAP requests. * Fixed lost first part of message over inproc://. * Fixed keep-alive on Windows. - Enable tests. - Move to 'download_files' source service which is in better shap and easier to use openSUSE 12.3 Update The following issues were fixed in this release: CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513, CVE-2014-3567: DTLS memory leak and session ticket memory leak openSUSE 12.3 Update This update fixes a denial of service vulnerability when expanding recursive entity (CVE-2014-3660) bnc#901546 openSUSE 12.3 Update - phpMyAdmin 4.1.14.6 [boo#902154] [CVE-2014-8326] This release fixes cross-site scripting vulnerabilities in the SQL debug output and server monitor pages. This developer option is not enabled by default. - sf#4562 [security] XSS in debug SQL output - sf#4563 [security] XSS in monitor query analyzer openSUSE 12.3 Update shim was updated to fix several security issues. - OOB read access when parsing DHCPv6 packets (remote DoS) (CVE-2014-3675). - Heap overflow when parsing IPv6 addresses provided by tftp:// DHCPv6 boot option (RCE) (CVE-2014-3676). - Memory corruption when processing user provided MOK lists (CVE-2014-3677). More information is available at https://bugzilla.novell.com/show_bug.cgi?id=889332 To enable this update gnu-efi was updated to 3.0u and pesign to version 0.109 openSUSE 12.3 Update The following issues were fixed in this update: + General: - Check the basic constraints extension when validating SSL/TLS certificates. This fixes a security hole that allowed a malicious man-in-the-middle to impersonate an IM server or any other https endpoint. This affected both the NSS and GnuTLS plugins (CVE-2014-3694, boo#902495). - Allow and prefer TLS 1.2 and 1.1 when using the NSS plugin for SSL (im#15909). + libpurple3 compatibility: - Encrypted account passwords are preserved until the new one is set. - Fix loading Google Talk and Facebook XMPP accounts. + Groupwise: Fix potential remote crash parsing server message that indicates that a large amount of memory should be allocated (CVE-2014-3696, boo#902410). + IRC: Fix a possible leak of unencrypted data when using /me command with OTR (im#15750). + MXit: Fix potential remote crash parsing a malformed emoticon response (CVE-2014-3695, boo#902409). + XMPP: - Fix potential information leak where a malicious XMPP server and possibly even a malicious remote user could create a carefully crafted XMPP message that causes libpurple to send an XMPP message containing arbitrary memory (CVE-2014-3698, boo#902408). + Yahoo: Fix login when using the GnuTLS library for TLS connections (im#16172, boo#874606). openSUSE 12.3 Update - security update: * CVE-2014-3670 [bnc#902357] * CVE-2014-3669 [bnc#902360] * CVE-2014-3668 [bnc#902368] - added patches: * php-CVE-2014-3670.patch * php-CVE-2014-3669.patch * php-CVE-2014-3668.patch openSUSE 12.3 Update libserf was updated to disable SSLv2 and SSLv3. libserf was updated to version 1.3.8 on openSUSE 13.1 and 13.2. This release also fixes a problem with handling very large gzip-encoded HTTP responses. For openSUSE 12.3 libserf 1.1.1 was patched to disable SSLv2 and SSLv3. openSUSE 12.3 Update quassel was updated to fix an out-of-bound read (CVE-2014-8483). openSUSE 12.3 Update wget was updated to version 1.16 to fix one security issue. The following security issue was fixed: - Fix for symlink attack which could allow a malicious ftp server to create arbitrary files, directories or symbolic links and set their permissions when retrieving a directory recursively through FTP (CVE-2014-4877). openSUSE 12.3 Update ImageMagick was updated to fix three security issues. These security issues were fixed: - Out-of-bounds memory access in PCX parser (CVE-2014-8355). - Out-of-bounds memory access in resize code (CVE-2014-8354). - Out-of-bounds memory error in DCM decode (CVE-2014-8562). openSUSE 12.3 Update libvirt was updated to fix one security issue. This security issue was fixed: - Security issue with migratable flag (CVE-2014-7823). openSUSE 12.3 Update dbus-1 was updated to version 1.6.26 to fix one security issue and several other issues. This security issue was fixed: - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker from exhausting the system bus' file descriptors (CVE-2014-7824). openSUSE 12.3 Update This openssl update fixes a TLS handshake problem when elliptic curves are in use. openSUSE 12.3 Update gnutls was updated to fix one security issue. This security issue was fixed: - Parsing problem in elliptic curve blobs over TLS that could lead to remote crashes (CVE-2014-8564). openSUSE 12.3 Update rubygem-sprockets-2_2 was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). openSUSE 12.3 Update rubygem-sprockets-2_1 was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). openSUSE 12.3 Update wireshark was updated to fix five security issues. These security issues were fixed: - SigComp UDVM buffer overflow (CVE-2014-8710). - AMQP crash (CVE-2014-8711). - NCP crashes (CVE-2014-8712, CVE-2014-8713). - TN5250 infinite loops (CVE-2014-8714). For openSUSE 12.3 and 13.1 further bug fixes and updated protocol support are described in: https://www.wireshark.org/docs/relnotes/wireshark-1.10.11.html For openSUSE 13.2 further bug fixes and updated protocol support are described in: https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html openSUSE 12.3 Update ImageMagick was updated to fix one security issue. This security issue was fixed: - Crafted jpeg file could lead to DOS (CVE-2014-8716). openSUSE 12.3 Update rubygem-sprockets was updated to fix one security issue. This security issue was fixed: - Arbitrary file existence disclosure (CVE-2014-7819). openSUSE 12.3 Update file was updated to fix one security issue. This security issue was fixed: - Out-of-bounds read in elf note headers (CVE-2014-3710). openSUSE 12.3 Update clamav was updated to version 0.98.5 to fix two security issues. These security issues were fixed: - Segmentation fault when processing certain files (CVE-2013-6497). - Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). The following non-security issues were fixed: - Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. - Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. - Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. - Resolution of many of the warning messages from ClamAV compilation. - Improved detection of malicious PE files. - ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode (bnc#904207). - Fix server socket setup code in clamd (bnc#903489). - Change updateclamconf to prefer the state of the old config file even for commented-out options (bnc#903719). openSUSE 12.3 Update rubygem-actionpack-3_2 was updated to fix two security issues. These security issues were fixed: - Arbitrary file existence disclosure (CVE-2014-7829). - Arbitrary file existence disclosure (CVE-2014-7818). openSUSE 12.3 Update phpMyAdmin was updated to fix four security issues. For openSUSE 12.3 and 13.1, phpMyAdmin was updated to 4.1.14.7. For openSUSE 13.2, phpMyAdmin was updated to to 4.2.12. These security issues were fixed: - XSS vulnerability in error reporting functionality (CVE-2014-8960). - Local file inclusion vulnerability (CVE-2014-8959). - Multiple XSS vulnerabilities (CVE-2014-8958). - Leakage of line count of an arbitrary file (CVE-2014-8961). openSUSE 12.3 Update apache2-mod_wsgi was updated to fix one security issue. This security issue was fixed: - Failure to handle errors when attempting to drop group privileges (CVE-2014-8583). openSUSE 12.3 Update icecast was updated to fix two security issues. These security issues were fixed: - Supplementary groups were not overriden (CVE-2014-9091). - Possible leak of on-connect scripts (CVE-2014-9018). openSUSE 12.3 Update flac was updated to fix two security issues. These security issues were fixed: - Stack overflow may result in arbitrary code execution (CVE-2014-8962). - Heap overflow via specially crafted .flac files (CVE-2014-9028). openSUSE 12.3 Update ruby19 was updated to fix two security issues. These security issues were fixed: - Denial Of Service XML Expansion (CVE-2014-8080). - Denial Of Service XML Expansion (CVE-2014-8090). Note: These are two separate issues. openSUSE 12.3 Update openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT (bnc#907764,CVE-2014-8104), openSUSE 12.3 Update This apache version update fixes various security and non security issues. - Updated to the 2.2.29 * Changes between 2.2.22 and 2.2.29: http://www.apache.org/dist/httpd/CHANGES_2.2 * The following patches are no longer needed and were removed: * httpd-2.2.x-bnc798733-SNI_ignorecase.diff * httpd-2.2.x-bnc806458-mod_imagemap-xss.diff * httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff * httpd-2.2.x-bnc806458-mod_proxy_ftp-xss.diff * httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff * httpd-2.2.x-bnc807152-mod_balancer_handler_xss.diff * httpd-mod_deflate_head.patch * httpd-new_pcre.patch * httpd-2.2.22-SSLCompression_CRIME_mitigation.patch * httpd-2.2.19-linux3.patch * httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff * httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff * httpd-2.2.x-bnc869105-CVE-2013-6438-mod_dav-dos.diff * httpd-2.2.x-bnc869106-CVE-2014-0098-log_cookie_c.diff * httpd-2.2.x-bnc887765-CVE-2014-0226-mod_status_race.diff * httpd-2.2.x-bnc887768-CVE-2014-0231_mod_cgid_DoS_via_no_stdin_read.diff * httpd-2.2.x-bnc777260-CVE-2012-2687-mod_negotiation_filename_xss.diff * httpd-2.2.x-CVE-2011-3368-server_protocl_c.diff * The following patches were updated for the current Apache version: * apache2-mod_ssl_npn.patch * httpd-2.0.54-envvars.dif * httpd-2.2.x-bnc690734.patch * ssl-mode-release-buffers.patch * bnc#871310 fixed in Apache httpd 2.2.29 openSUSE 12.3 Update This cpio update fixes the following secuirty issue: - fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112) openSUSE 12.3 Update This libyaml update fixes the following security issue: - bnc#907809: assert failure when processing wrapped strings (CVE-2014-9130) openSUSE 12.3 Update This openjdk update fixes the following security and non security issues: - Upgrade to 2.4.8 (bnc#887530) * Changed back from gzipped tarball to xz * Changed the keyring file to add Andrew John Hughes that signed the icedtea package * Change ZERO to AARCH64 tarball - Removed patches: * gstackbounds.patch * java-1.7.0-openjdk-ppc-zero-jdk.patch * java-1.7.0-openjdk-ppc-zero-hotspot.patch - Integrated in upstream icedtea * java-1.7.0-openjdk-makefiles-zero.patch - Does not apply on the AARCH64 tarball, since the change from DEFAULT and ZERO tarball to DEFAULT and AARCH64 - Upstream changes since 2.4.4: * Security fixes - S8029755, CVE-2014-4209: Enhance subject class - S8030763: Validate global memory allocation - S8031340, CVE-2014-4264: Better TLS/EC management - S8031346, CVE-2014-4244: Enhance RSA key handling - S8031540: Introduce document horizon - S8032536: JVM resolves wrong method in some unusual cases - S8033055: Issues in 2d - S8033301, CVE-2014-4266: Build more informative InfoBuilder - S8034267: Probabilistic native crash - S8034272: Do not cram data into CRAM arrays - S8034985, CVE-2014-2483: Better form for Lambda Forms - S8035004, CVE-2014-4252: Provider provides less service - S8035009, CVE-2014-4218: Make Proxy representations consistent - S8035119, CVE-2014-4219: Fix exceptions to bytecode verification - S8035699, CVE-2014-4268: File choosers should be choosier - S8035788. CVE-2014-4221: Provide more consistency for lookups - S8035793, CVE-2014-4223: Maximum arity maxed out - S8036571: (process) Process process arguments carefully - S8036800: Attribute OOM to correct part of code - S8037046: Validate libraries to be loaded - S8037076, CVE-2014-2490: Check constant pool constants - S8037157: Verify <init> call - S8037162, CVE-2014-4263: More robust DH exchanges - S8037167, CVE-2014-4216: Better method signature resolution - S8039520, CVE-2014-4262: More atomicity of atomic updates - S8023046: Enhance splashscreen support - S8025005: Enhance CORBA initializations - S8025010, CVE-2014-2412: Enhance AWT contexts - S8025030, CVE-2014-2414: Enhance stream handling - S8025152, CVE-2014-0458: Enhance activation set up - S8026067: Enhance signed jar verification - S8026163, CVE-2014-2427: Enhance media provisioning - S8026188, CVE-2014-2423: Enhance envelope factory - S8026200: Enhance RowSet Factory - S8026716, CVE-2014-2402: (aio) Enhance asynchronous channel handling - S8026736, CVE-2014-2398: Enhance Javadoc pages - S8026797, CVE-2014-0451: Enhance data transfers - S8026801, CVE-2014-0452: Enhance endpoint addressing - S8027766, CVE-2014-0453: Enhance RSA processing - S8027775: Enhance ICU code. - S8027841, CVE-2014-0429: Enhance pixel manipulations - S8028385: Enhance RowSet Factory - S8029282, CVE-2014-2403: Enhance CharInfo set up - S8029286: Enhance subject delegation - S8029699: Update Poller demo - S8029730: Improve audio device additions - S8029735: Enhance service mgmt natives - S8029740, CVE-2014-0446: Enhance handling of loggers - S8029745, CVE-2014-0454: Enhance algorithm checking - S8029750: Enhance LCMS color processing (in-tree LCMS) - S8029760, CVE-2013-6629: Enhance AWT image libraries (in-tree libjpeg) - S8029844, CVE-2014-0455: Enhance argument validation - S8029854, CVE-2014-2421: Enhance JPEG decodings - S8029858, CVE-2014-0456: Enhance array copies - S8030731, CVE-2014-0460: Improve name service robustness - S8031330: Refactor ObjectFactory - S8031335, CVE-2014-0459: Better color profiling (in-tree LCMS) - S8031352, CVE-2013-6954: Enhance PNG handling (in-tree libpng) - S8031394, CVE-2014-0457: (sl) Fix exception handling in ServiceLoader - S8031395: Enhance LDAP processing - S8032686, CVE-2014-2413: Issues with method invoke - S8033618, CVE-2014-1876: Correct logging output - S8034926, CVE-2014-2397: Attribute classes properly - S8036794, CVE-2014-0461: Manage JavaScript instances * Backports - S5049299: (process) Use posix_spawn, not fork, on S10 to avoid swap exhaustion - S6571600: JNI use results in UnsatisfiedLinkError looking for libmawt.so - S7131153: GetDC called way too many times - causes bad performance. - S7190349: [macosx] Text (Label) is incorrectly drawn with a rotated g2d - S8001108: an attempt to use "<init>" as a method name should elicit NoSuchMethodException - S8001109: arity mismatch on a call to spreader method handle should elicit IllegalArgumentException - S8008118: (process) Possible null pointer dereference in jdk/src/solaris/native/java/lang/UNIXProcess_md.c - S8013611: Modal dialog fails to obtain keyboard focus - S8013809: deadlock in SSLSocketImpl between between write and close - S8013836: getFirstDayOfWeek reports wrong day for pt-BR locale - S8014460: Need to check for non-empty EXT_LIBS_PATH before using it - S8019853: Break logging and AWT circular dependency - S8019990: IM candidate window appears on the South-East corner of the display. - S8020191: System.getProperty("os.name") returns "Windows NT (unknown)" on Windows 8.1 - S8022452: Hotspot needs to know about Windows 8.1 and Windows Server 2012 R2 - S8023990: Regression: postscript size increase from 6u18 - S8024283: 10 nashorn tests fail with similar stack trace InternalError with cause being NoClassDefFoundError - S8024616: JSR292: lazily initialize core NamedFunctions used for bootstrapping - S8024648: 7141246 & 8016131 break Zero port (AArch64 only) - S8024830: SEGV in org.apache.lucene.codecs.compressing.CompressingTermVectorsReader.get - S8025588: [macosx] Frozen AppKit thread in 7u40 - S8026404: Logging in Applet can trigger ACE: access denied ("java.lang.RuntimePermission" "modifyThreadGroup") - S8026705: [TEST_BUG] java/beans/Introspector/TestTypeResolver.java failed - S8027196: Increment minor version of HSx for 7u55 and initialize the build number - S8027212: java/nio/channels/Selector/SelectAfterRead.java fails intermittently - S8028285: RMI Thread can no longer call out to AWT - S8029177: [Parfait] warnings from b117 for jdk.src.share.native.com.sun.java.util.jar: JNI exception pending - S8030655: Regression: 14_01 Security fix 8024306 causes test failures - S8030813: Signed applet fails to load when CRLs are stored in an LDAP directory - S8030822: (tz) Support tzdata2013i - S8031050: (thread) Change Thread initialization so that thread name is set before invoking SecurityManager - S8031075: [Regression] focus disappears with shift+tab on dialog having one focus component - S8031462: Fonts with morx tables are broken with latest ICU fixes - S8032585: JSR292: IllegalAccessError when attempting to invoke protected method from different package - S8032740: Need to create SE Embedded Source Bundles in 7 Release - S8033278: Missed access checks for Lookup.unreflect* after 8032585 - S8034772: JDK-8028795 brought a specification change to 7u55 release and caused JCK7 signature test failure - S8035283: Second phase of branch shortening doesn't account for loop alignment - S8035613: With active Securitymanager JAXBContext.newInstance fails - S8035618: Four api/org_omg/CORBA TCK tests fail under plugin only - S8036147: Increment hsx 24.55 build to b02 for 7u55-b11 - S8036786: Update jdk7 testlibrary to match jdk8 - S8036837: Increment hsx 24.55 build to b03 for 7u55-b12 - S8037012: (tz) Support tzdata2014a - S8038306: (tz) Support tzdata2014b - S8038392: Generating prelink cache breaks JAVA 'jinfo' utility normal behavior - S8042264: 7u65 l10n resource file translation update 1 - S8042582: Test java/awt/KeyboardFocusmanager/ChangeKFMTest/ChangeKFMTest.html fails on Windows x64 - S8042590: Running form URL throws NPE - S8042789: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader - S8043012: (tz) Support tzdata2014c - S8004145: New improved hgforest.sh, ctrl-c now properly terminates mercurial processes. - S8007625: race with nested repos in /common/bin/hgforest.sh - S8011178: improve common/bin/hgforest.sh python detection (MacOS) - S8011342: hgforest.sh : 'python --version' not supported on older python - S8011350: hgforest.sh uses non-POSIX sh features that may fail with some shells - S8024200: handle hg wrapper with space after #! - S8025796: hgforest.sh could trigger unbuffered output from hg without complicated machinations - S8028388: 9 jaxws tests failed in nightly build with java.lang.ClassCastException - S8031477: [macosx] Loading AWT native library fails - S8032370: No "Truncated file" warning from IIOReadWarningListener on JPEGImageReader - S8035834: InetAddress.getLocalHost() can hang after JDK-8030731 was fixed - S8009062: poor performance of JNI AttachCurrentThread after fix for 7017193 - S8035893: JVM_GetVersionInfo fails to zero structure - Re-enable the 'gamma' test at the end of the HotSpot build, but only for HotSpot based bootstrap JDKs. - S8015976: OpenJDK part of bug JDK-8015812 [TEST_BUG] Tests have conflicting test descriptions - S8022698: javax/script/GetInterfaceTest.java fails since 7u45 b04 with -agentvm option - S8022868: missing codepage Cp290 at java runtime - S8023310: Thread contention in the method Beans.IsDesignTime() - S8024461: [macosx] Java crashed on mac10.9 for swing and 2d function manual test - S8025679: Increment minor version of HSx for 7u51 and initialize the build number - S8026037: [TESTBUG] sun/security/tools/jarsigner/warnings.sh test fails on Solaris - S8026304: jarsigner output bad grammar - S8026772: test/sun/util/resources/TimeZone/Bug6317929.java failing - S8026887: Make issues due to failed large pages allocations easier to debug - S8027204: Revise the update of 8026204 and 8025758 - S8027224: test regression - ClassNotFoundException - S8027370: Support tzdata2013h - S8027378: Two closed/javax/xml/8005432 fails with jdk7u51b04 - S8027787: 7u51 l10n resource file translation update 1 - S8027837: JDK-8021257 causes CORBA build failure on emdedded platforms - S8027943: serial version of com.sun.corba.se.spi.orbutil.proxy.CompositeInvocationHandlerImpl changed in 7u45 - S8027944: Increment hsx 24.51 build to b02 for 7u51-b07 - S8028057: Modify jarsigner man page documentation to document CCC 8024302: Clarify jar verifications - S8028090: reverting change - changeset pushed with incorrect commit message, linked to wrong issue - S8028111: XML readers share the same entity expansion counter - S8028215: ORB.init fails with SecurityException if properties select the JDK default ORB - S8028293: Check local configuration for actual ephemeral port range - S8028382: Two javax/xml/8005433 tests still fail after the fix JDK-8028147 - S8028453: AsynchronousSocketChannel.connect() requires SocketPermission due to bind to local address (win) - S8028823: java/net/Makefile tabs converted to spaces - S8029038: Revise fix for XML readers share the same entity expansion counter - S8029842: Increment hsx 24.51 build to b03 for 7u51-b11 * Bug fixes - Fix accidental reversion of PR1188 for armel - PR1781: NSS PKCS11 provider fails to handle multipart AES encryption - PR1830: Drop version requirement for LCMS 2 - PR1833, RH1022017: Report elliptic curves supported by NSS, not the SunEC library - RH905128: [CRASH] OpenJDK-1.7.0 while using NSS security provider and kerberos - PR1393: JPEG support in build is broken on non-system-libjpeg builds - PR1726: configure fails looking for ecj.jar before even trying to find javac - Red Hat local: Fix for repo with path statting with / . - Remove unused hgforest script - PR1101: Undefined symbols on GNU/Linux SPARC - PR1659: OpenJDK 7 returns incorrect TrueType font metrics when bold style is set - PR1677, G498288: Update PaX support to detect running PaX kernel and use newer tools - PR1679: Allow OpenJDK to build on PaX-enabled kernels - PR1684: Build fails with empty PAX_COMMAND - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError (revised fix) - Link against $(LIBDL) if SYSTEM_CUPS is not true - Perform configure checks using ecj.jar when --with-gcj (native ecj build) is enabled. - Fix broken bootstrap build by updating ecj-multicatch.patch - PR1653: Support ppc64le via Zero - PR1654: ppc32 needs a larger ThreadStackSize to build - RH1015432: java-1.7.0-openjdk: Fails on PPC with StackOverflowError - RH910107: fail to load PC/SC library * ARM32 port - Add arm_port from IcedTea 6 - Add patches/arm.patch from IcedTea 6 - Add patches/arm-debug.patch from IcedTea 6 - Add patches/arm-hsdis.patch from IcedTea 6 - added jvmti event generation for dynamic_generate and compiled_method_load events to ARM JIT compiler - Adjust saved SP when safepointing. - First cut of invokedynamic - Fix trashed thread ptr after recursive re-entry from asm JIT. - JIT-compilation of ldc methodHandle - Rename a bunch of misleadingly-named functions - Changes for HSX22 - Rename a bunch of misleadingly-named functions - Patched method handle adapter code to deal with failures in TCK - Phase 1 - Phase 2 - RTC Thumb2 JIT enhancements. - Zero fails to build in hsx22+, fix for hsx22 after runs gamma OK, hsx23 still nogo. - Use ldrexd for atomic reads on ARMv7. - Use unified syntax for thumb code. - Corrected call from fast_method_handle_entry to CppInterpreter::method_handle_entry so that thread is loaded into r2 - Don't save locals at a return. - Fix call to handle_special_method(). Fix compareAndSwapLong. - Fix JIT bug that miscompiles org.eclipse.ui.internal.contexts.ContextAuthority.sourceChanged - invokedynamic and aldc for JIT - Modified safepoint check to rely on memory protect signal instead of polling - Minor review cleanups. - PR1188: ASM Interpreter and Thumb2 JIT javac miscompile modulo reminder on armel - PR1363: Fedora 19 / rawhide FTBFS SIGILL - Changes for HSX23 - Remove fragment from method that has been removed - Remove C++ flags from CC_COMPILE and fix usage in zeroshark.make. - Use $(CC) to compile mkbc instead of $(CC_COMPILE) to avoid C++-only flags - Add note about use of $(CFLAGS)/$(CXXFLAGS)/$(CPPFLAGS) at present. - Override automatic detection of source language for bytecodes_arm.def - Include $(CFLAGS) in assembler stage - PR1626: ARM32 assembler update for hsx24. Use ARM32JIT to turn it on/off. - Replace literal offsets for METHOD_SIZEOFPARAMETERS and ISTATE_NEXT_FRAME with correct symbolic names. - Turn ARM32 JIT on by default * AArch64 port - AArch64 C2 instruct for smull - Add a constructor as a conversion from Register - RegSet. Use it. - Add RegSet::operator+=. - Add support for a few simple intrinsics - Add support for builtin crc32 instructions - Add support for CRC32 intrinsic - Add support for Neon implementation of CRC32 - All address constants are 48 bits in size. - C1: Fix offset overflow when profiling. - Common frame handling for C1/C2 which correctly handle all frame sizes - Correct costs for operations with shifts. - Correct OptoAssembly for prologs and epilogs. - Delete useless instruction. - Don't use any form of _call_VM_leaf when we're calling a stub. - Fast string comparison - Fast String.equals() - Fix a tonne of bogus comments. - Fix biased locking and enable as default - Fix instruction size from 8 to 4 - Fix opto assembly for shifts. - Fix register misuse in verify_method_data_pointer - Fix register usage in generate_verify_oop(). - Implement various locked memory operations. - Improve C1 performance improvements in ic_cache checks - Improve code generation for pop(), as suggested by Edward Nevill. - Improvements to safepoint polling - Make code entry alignment 64 for C2 - Minor optimisation for divide by 2 - New cost model for instruction selection. - Offsets in lookupswitch instructions should be signed. - Optimise addressing of card table byte map base - Optimise C2 entry point verification - Optimise long divide by 2 - Performance improvement and ease of use changes pulled from upstream - Preserve callee save FP registers around call to java code - Remove obsolete C1 patching code. - Remove special-case handling of division arguments. AArch64 doesn't need it. - Remove unnecessary memory barriers around CAS operations - Restore sp from sender sp, r13 in crc32 code - Restrict default ReservedCodeCacheSize to 128M - Rewrite CAS operations to be more conservative - Save intermediate state before removing C1 patching code. - Tidy up register usage in push/pop instructions. - Tidy up stack frame handling. - Use 2- and 3-instruction immediate form of movoop and mov_metadata in C2-generated code. - Use an explicit set of registers rather than a bitmap for psh and pop operations. - Use explicit barrier instructions in C1. - Use gcc __clear_cache instead of doing it ourselves - PR1713: Support AArch64 Port * Shark - Add Shark definitions from 8003868 - Drop compile_method argument removed in 7083786 from sharkCompiler.cpp openSUSE 12.3 Update This MozillaFirefox update fixes several security and non security issues. Changes in MozillaFirefox: - update to Firefox 34.0.5 (bnc#908009) * Default search engine changed to Yahoo! for North America * Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales * Improved search bar (en-US only) * Firefox Hello real-time communication client * Easily switch themes/personas directly in the Customizing mode * Implementation of HTTP/2 (draft14) and ALPN * Disabled SSLv3 * MFSA 2014-83/CVE-2014-1587/CVE-2014-1588 Miscellaneous memory safety hazards * MFSA 2014-84/CVE-2014-1589 (bmo#1043787) XBL bindings accessible via improper CSS declarations * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-86/CVE-2014-1591 (bmo#1069762) CSP leaks redirect data via violation reports * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - rebased patches - limit linker memory usage for %ix86 - update to Firefox 33.1 * Adding DuckDuckGo as a search option (upstream) * Forget Button added * Enhanced Tiles * Privacy tour introduced - fix typo in GStreamer Recommends - Disable elf-hack for aarch64 - Enable EGL for aarch64 - Limit RAM usage during link for %arm - Fix _constraints for ARM - use proper macros for ARM - use '--disable-optimize' not only on 32-bit x86, but on 32-bit arm too to fix compiling. - pass '-Wl,--no-keep-memory' to linker to reduce required memory during linking on arm. - update to Firefox 33.0.2 * Fix a startup crash with some combination of hardware and drivers 33.0.1 * Firefox displays a black screen at start-up with certain graphics drivers - adjusted _constraints for ARM - added mozilla-bmo1088588.patch to fix build with EGL (bmo#1088588) - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639) - use Firefox default optimization flags instead of -Os - specfile cleanup openSUSE 12.3 Update This MozillaThunderbird update fixes several security and non security issues: Changes in MozillaThunderbird: - update to Thunderbird 31.3.0 (bnc#908009) * MFSA 2014-83/CVE-2014-1587 Miscellaneous memory safety hazards * MFSA 2014-85/CVE-2014-1590 (bmo#1087633) XMLHttpRequest crashes with some input streams * MFSA 2014-87/CVE-2014-1592 (bmo#1088635) Use-after-free during HTML5 parsing * MFSA 2014-88/CVE-2014-1593 (bmo#1085175) Buffer overflow while parsing media content * MFSA 2014-89/CVE-2014-1594 (bmo#1074280) Bad casting from the BasicThebesLayer to BasicContainerLayer - fix bashism in mozilla.sh script - Limit RAM usage during link for ARM - remove add-plugins.sh and use /usr/share/myspell directly (bnc#900639) openSUSE 12.3 Update This libjpeg update fixes several security and non security issues: - bnc#906761: Passing special crafted jpeg file smashes stack (CVE-2014-9092) - bnc#771791: Fixed heap overflow openSUSE 12.3 Update phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8. This update fixes one vulnerability. - Security fixes: * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03) - Security fixes: * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364] http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php - sf#4612 [security] XSS vulnerability in redirection mechanism * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363] http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php - sf#4611 [security] DOS attack with long passwords - Bugfixes: - sf#4604 Query history not being deleted - sf#4057 db/table query string parameters no longer work - sf#4605 Unseen messages in tracking - sf#4606 Tracking report export as SQL dump does not work - sf#4607 Syntax error during db_copy operation - sf#4608 SELECT permission issues with relations and restricted access openSUSE 12.3 Update rrdtools was updated to add check to the imginfo format to prevent crash or code execution. (bnc#828003, CVE-2013-2131.) openSUSE 12.3 Update mutt was updated to fix a security issue with a heap-based buffer overflow in mutt_substrdup() (CVE-2014-9116). openSUSE 12.3 Update Firebird server crashes when handling a malformed network packet. openSUSE 12.3 Update jasper was updated to fix one security issue. This security issue was fixed: - Heap overflows in libjasper (CVE-2014-9029). openSUSE 12.3 Update seamonkey was updated to version 2.31 to fix eight security issues. These security issues were fixed: - Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588). - XBL bindings accessible via improper CSS declarations (CVE-2014-1589). - XMLHttpRequest crashes with some input streams (CVE-2014-1590). - CSP leaks redirect data via violation reports (CVE-2014-1591). - Use-after-free during HTML5 parsing (CVE-2014-1592). - Buffer overflow while parsing media content (CVE-2014-1593). - Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594). This non-security issue was fixed: - define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639). openSUSE 12.3 Update This pdns-recursor version update fixes the following security issue and non secuirty issues. Update to upstream release 3.6.2. - boo#906583: Degraded service through queries to queries to specific domains (CVE-2014-8601) - Fixed broken _localstatedir Update to upstream release 3.6.1. - gab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries) - g42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, "Security polling". - g5027429: We did not transmit the right 'local' socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn't there in an unlocked map which could conceivably lead to crashes. Closes t1828, thanks Winfried for reporting - g752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header - g6fdd40d: add missing #include <pthread.h> to rec-channel.hh (this fixes building on OS X). - sync permissions/ownership of home and config dir with the pdns package - added systemd support for 12.3 and newer Update to upstrean release 3.5.3. - This is a bugfix and performance update to 3.5.2. It brings serious performance improvements for dual stack users. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.3 - Remove patch (pdns-recursor-3.3_config.patch) - Add patch (pdns-recursor-3.5.3_config.patch) Update to upstrean release 3.5.2. - Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout. - The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection. - Slightly improved logging to aid debugging. Update to upstream version 3.5.1. - This is a stability and bugfix update to 3.5. It contains important fixes that improve operation for certain domains. This is a stability, security and bugfix update to 3.3/3.3.1. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. For all details see http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.1 - adapted patches: pdns-rec-lua52.patch pdns-recursor-3.5.1_config.patch - fixed conditional for different lua versions - started some basic support to build packages for non suse distros openSUSE 12.3 Update This libksba update fixes the following security issue: - bnc#907074: buffer overflow in OID processing (CVE-2014-9087) openSUSE 12.3 Update This mailx update fixes the following security issue: bsc#909208: shell command injection via crafted email addresses (CVE-2004-2771, CVE-2014-7844) openSUSE 12.3 Update The openSUSE 12.3 kernel was updated to fix security issues: This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015. CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-8884: Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. CVE-2014-3182: Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2013-7263: The Linux kernel updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port number when using ipv6 sockets. (bsc#853040). CVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux kernel did not restrict the amount of ICB indirection, which allowed physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel, when SCTP authentication is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2013-2888, CVE-2013-2889, CVE-2013-2890, CVE-2013-2891, CVE-2013-2892, CVE-2013-2893, CVE-2013-2894, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2898, CVE-2013-2899: Multiple issues in the Human Interface Device (HID) subsystem in the Linux kernel allowed physically proximate attackers to cause a denial of service or system crash via (heap-based out-of-bounds write) via a crafted device. (Not seperately listed.) Other bugfixes: - xfs: mark all internal workqueues as freezable (bnc#899785). - target/rd: Refactor rd_build_device_space + rd_release_device_space (bnc#882639) - Enable CONFIG_ATH9K_HTC for armv7hl/omap2plus config (bnc#890624) - swiotlb: don't assume PA 0 is invalid (bnc#865882). - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d (bnc#818561). - tg3: Change nvram command timeout value to 50ms (bnc#768714). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#768714). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#768714). openSUSE 12.3 Update This X.Org update fixes the following security and non security issues: - Add and update security patches. (bnc#907268, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) http://lists.x.org/archives/xorg-announce/2014-December/002501.html - Fixes rendering of some icewm and xfwm themes. (bnc#908258, bnc#856931) openSUSE 12.3 Update This rpm update fixes the following security and non security issues: - honor --noglob in install mode [bnc#892431] - check for bad invalid name sizes [bnc#908128] [CVE-2014-8118] - create files with mode 0 [bnc#906803] [CVE-2013-6435] This update also includes version updates of rpm-python and python3-rpm. openSUSE 12.3 Update This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] * CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. * CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes: * checkout/update: fix file externals failing to follow history and subsequently silently failing * patch: don't skip targets in valid --git difs * diff: make property output in diffs stable * diff: fix diff of local copied directory with props * diff: fix changelist filter for repos-WC and WC-WC * remove broken conflict resolver menu options that always error out * improve gpg-agent support * fix crash in eclipse IDE with GNOME Keyring * fix externals shadowing a versioned directory * fix problems working on unix file systems that don't support permissions * upgrade: keep external registrations * cleanup: iprove performance of recorded timestamp fixups * translation updates for German - Server-side bugfixes: * disable revprop caching feature due to cache invalidation problems * skip generating uniquifiers if rep-sharing is not supported * mod_dav_svn: reject requests with missing repository paths * mod_dav_svn: reject requests with invalid virtual transaction names * mod_dav_svn: avoid unneeded memory growth in resource walking openSUSE 12.3 Update The network timeservice ntp was updated to fix critical security issues (bnc#910764, CERT VU#852879) * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) openSUSE 12.3 Update Apache2 was updated to fix bugs and security issues. Security issues fixed: CVE-2013-5704: Added a change to fix a flaw in the way mod_headers handled chunked requests. Adds "MergeTrailers" directive to restore legacy behavior [bnc#871310], CVE-2014-8109: Fixes handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. Bugfixes: - changed apache2.service file to fix situation where apache won't start at boot when using an encrypted certificate because user isn't prompted for password during boot [bnc#792309]. - added <IfModule> around SSLSessionCache to avoid failing to start [bnc#842377], [bnc#849445] and [bnc#864166]. openSUSE 12.3 Update This update fixed the following security issue: - Fix CVE-2014-8132: Double free on dangling pointers in initial key exchange packet; (bsc#910790). openSUSE 12.3 Update The follow issues were fixed with this update: - CVE-2014-8137 double-free in jas_iccattrval_destroy()(bnc#909474) - CVE-2014-8138 heap overflow in jas_decode() (bnc#909475) openSUSE 12.3 Update This update for glibc fixes the following security issue: CVE-2015-0235: A vulnerability was found and fixed in the GNU C Library, specifically in the function gethostbyname(), that could lead to a local or remote buffer overflow. (bsc#913646) openSUSE 12.3 Update Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in seamonkey: - update to SeaMonkey 2.20 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - removed obsolete seamonkey-shared-nss-db.patch Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in xulrunner: - update to 17.0.8esr (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in MozillaThunderbird: - update to Thunderbird 17.0.8 (bnc#833389) * MFSA 2013-63/CVE-2013-1701 Miscellaneous memory safety hazards * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - update Enigmail to 1.5.2 * bugfix release Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nss: - fix 32bit requirement, it's without () actually - update to 3.15.1 * TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported. * some bugfixes and improvements - require libnssckbi instead of mozilla-nss-certs so p11-kit can conflict with the latter (fate#314991) - update to 3.15 * Packaging + removed obsolete patches * nss-disable-expired-testcerts.patch * bug-834091.patch * New Functionality + Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE); + Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete. + Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt. + certutil has been updated to support creating name constraints extensions. * New Functions in ssl.h SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension. SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension. in ocsp.h CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses. in secpkcs7.h SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time. in xconst.h CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10. in secitem.h SECITEM_AllocArray SECITEM_DupArray SECITEM_FreeArray SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938. in pk11pub.h PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM. * New Types in secitem.h SECItemArray - Represents a variable-length array of SECItems. * New Macros in ssl.h SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE * Notable changes + SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code. + The list of root CA certificates in the nssckbi module has been updated. + The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache. * a lot of bugfixes - Add Source URL, see https://en.opensuse.org/SourceUrls Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in mozilla-nspr: - update to version 4.10 * bmo#844513: Add AddressSanitizer (ASan) memory check annotations to PLArena. * bmo#849089: Simple changes to make NSPR's configure.in work with the current version of autoconf. * bmo#856196: Fix compiler warnings and clean up code in NSPR 4.10. * bmo#859066: Fix warning in nsprpub/pr/src/misc/prnetdb.c. * bmo#859830: Deprecate ANDROID_VERSION in favor of android/api-level.h. * bmo#861434: Make PR_SetThreadPriority() change priorities relatively to the main process instead of using absolute values on Linux. * bmo#871064L: _PR_InitThreads() should not call PR_SetThreadPriority. Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/) Changes in MozillaFirefox: - update to Firefox 23.0 (bnc#833389) * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 Miscellaneous memory safety hazards * MFSA 2013-64/CVE-2013-1704 (bmo#883313) Use after free mutating DOM during SetBody * MFSA 2013-65/CVE-2013-1705 (bmo#882865) Buffer underflow when generating CRMF requests * MFSA 2013-67/CVE-2013-1708 (bmo#879924) Crash during WAV audio file decoding * MFSA 2013-68/CVE-2013-1709 (bmo#838253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-70/CVE-2013-1711 (bmo#843829) Bypass of XrayWrappers using XBL Scopes * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541, bmo#738397) Local Java applets may read contents of local file system - requires NSPR 4.10 and NSS 3.15 - fix build on ARM (/-g/ matches /-grecord-switches/)