| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
openSUSE Security Update: openssl: fixed elliptic curve handshake failure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1474-1
Rating: low
References: #905037
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This openssl update fixes a TLS handshake problem when elliptic curves are
in use.
|
|
|
|
openSUSE Security Update: Security update for dbus-1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1455-1
Rating: moderate
References:
Cross-References: CVE-2014-7824
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
dbus-1 was updated to version 1.8.10 to fix one security issue and several
other issues.
This security issue was fixed:
- Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker
from exhausting the system bus' file descriptors (CVE-2014-7824).
|
|
* Crucial bug that would cause segmentation fault fixed.
* Fixed crucial bug related to Assembly core declarations.
* Fixed not applying default configurations on first execution.
|
|
openSUSE Security Update: update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1331-1
Rating: important
References: #901223 #901277
Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
CVE-2014-3568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following issues were fixed in this release:
CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,
CVE-2014-3567: DTLS memory leak and session ticket memory leak
|
|
openSUSE Recommended Update: Fix a crash when removing an already removed handle.
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1274-1
Rating: low
References: #897816
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
No description available.
|
|
openSUSE Recommended Update: libqt4: fix cirrus driver issues
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1251-1
Rating: moderate
References: #847880
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
libqt4 was updated to fix the following bug:
When extracting a region of a QRasterPixmapData an optimization was using
the wrong bit depth for some calculations thus copying a different section
of the image than requested. This breaks specially the oxygen kde theme
under qemu when using a cirrus driver.
|
|
openSUSE Security Update: dbus-1: security and bugfix update to 1.8
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1228-1
Rating: moderate
References: #896453
Cross-References: CVE-2012-3524 CVE-2014-3635 CVE-2014-3636
CVE-2014-3637 CVE-2014-3638 CVE-2014-3639
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
DBUS-1 was upgraded to upstream release 1.8.
This brings the version of dbus to the latest stable release from an
unstable snapshot 1.7.4 that is know to have several regressions
- Upstream changes since 1.7.4:
+ Security fixes:
- Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
fdo#83622; Simon McVittie)
- Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with
a restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service in
which the dbus-daemon can be made to exceed the maximum number of
fds per sendmsg() and disconnect the process that would have
received them. (CVE-2014-3636, fdo#82820; Alban Crequy)
- Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to
150 seconds), removing the possibility of creating an abusive
connection that cannot be disconnected by setting up a circular
reference to a connection's file descriptor. (CVE-2014-3637,
fdo#80559; Alban Crequy)
- Reduce default for maximum pending replies per connection from 8192
to 128, mitigating an algorithmic complexity denial-of-service
attack (CVE-2014-3638, fdo#81053; Alban Crequy)
- Reduce default for authentication timeout on the system bus from 30
seconds to 5 seconds, avoiding denial of service by using up all
unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban
Crequy)
- On Linux >0 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
silently drop the message. This prevents an attack in which a
malicious client can make dbus-daemon disconnect a system service,
which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban
Crequy)
- Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another
attack in which a malicious client can make dbus-daemon disconnect a
system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
Martinez Suarez, Simon McVittie, Alban Crequy)
- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual
environments the same flaw could lead to a side channel between
processes that should not be able to communicate. (CVE-2014-3477,
fdo#78979)
+ Other fixes and enhancements:
- Check for libsystemd from systemd >= 209, falling back to the
older separate libraries if not found (Umut Tezduyar Lindskog, Simon
McVittie)
- On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fdo#83772, Simon McVittie)
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
Alban Crequy)
- Improve documentation for running tests on Windows (fdo#41252, Ralf
Habacker)
- When dbus-launch --exit-with-session starts a dbus-daemon but then
cannot attach to a session, kill the dbus-daemon as intended
(fdo#74698, Роман Донченко)
- in the CMake build system, add some hints for Linux users
cross-compiling Windows D-Bus binaries to be able to run tests under
Wine (fdo#41252, Ralf Habacker)
- add Documentation key to dbus.service (fdo#77447, Cameron Norman)
- in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id to
/var/lib/dbus/machine-id instead of generating an entirely new ID
(fdo#77941, Simon McVittie)
- if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fdo#74698, Роман Донченко)
- on Windows, allow up to 8K connections to the dbus-daemon, instead
of the previous 64 (fdo#71297; Cristian Onet, Ralf Habacker)
- cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fdo#75863, Руслан
Ижбулатов)
- Enhance the CMake build system to check for GLib and compile/run a
subset of the regression tests (fdo#41252, fdo#73495; Ralf Habacker)
- don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840, Ralf
Habacker)
- fix compilation of systemd journal support on older systemd versions
where sd-journal.h doesn't include syslog.h (fdo#73455, Ralf
Habacker)
- fix compilation on older MSVC versions by including stdlib.h
(fdo#73455, Ralf Habacker)
- Allow <allow_anonymous/> to appear in an included configuration file
(fdo#73475, Matt Hoosier)
- If the tests crash with an assertion failure, they no longer default
to blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT
in the environment if you want the old behaviour.
- To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop
tests can be run with an external dbus-daemon by setting
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
an unusually-configured dbus-daemon are skipped.
- don't require messages with no INTERFACE to be dispatched
(fdo#68597, Simon McVittie)
- document "tcp:bind=..." and "nonce-tcp:bind=..." (fdo#72301,
Chengwei Yang)
- define "listenable" and "connectable" addresses, and discuss the
difference (fdo#61303, Simon McVittie)
- support printing Unix file descriptors in dbus-send, dbus-monitor
(fdo#70592, Robert Ancell)
- don't install systemd units if --disable-systemd is given
(fdo#71818, Chengwei Yang)
- don't leak memory on out-of-memory while listing activatable or
active services (fdo#71526, Radoslaw Pajak)
- fix undefined behaviour in a regression test (fdo#69924, DreamNik)
- escape Unix socket addresses correctly (fdo#46013, Chengwei Yang)
- on SELinux systems, don't assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to their
values in the reference policy (fdo#88719, osmond sun)
- define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4
headers (fdo#71366, Matt Fischer)
- define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
winsock2.h (fdo#71405, Matt Fischer)
- do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fdo#72298, Chengwei Yang)
- on BSD systems, avoid some O(1)-per-process memory and fd leaks in
kqueue, preventing test failures (fdo#69332, fdo#72213; Chengwei
Yang)
- fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix
sockets, which doesn't do anything anyway on at least Linux and
FreeBSD (fdo#69492, Simon McVittie)
- fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
for credentials more correctly (fdo#69492, Simon McVittie)
- ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fdo#61301, Simon
McVittie)
- refresh cached policy rules for existing connections when bus
configuration changes (fdo#39463, Chengwei Yang)
- If systemd support is enabled, libsystemd-journal is now required.
- When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will still
be logged as if it had dbus-daemon's process ID and user ID.
(fdo#68559, Chengwei Yang)
- Document more configuration elements in dbus-daemon(1) (fdo#69125,
Chengwei Yang)
- Don't leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and then encounters
an error (fdo#21259, Chengwei Yang)
- If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in
1.7.6 (fdo#49062, Colin Walters)
- path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fdo#70799, Simon McVittie)
- Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need to
send SIGHUP to the dbus-daemon when its configuration changes.
(fdo#33001, Chengwei Yang)
- Compiling with --disable-userdb-cache is no longer supported; it
didn't work since at least 2008, and would lead to an extremely slow
dbus-daemon even it worked. (fdo#15589, fdo#17133, fdo#66947;
Chengwei Yang)
- The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be
consistent with the Autotools build system. (fdo#66142, Chengwei
Yang)
- --with-valgrind=auto enables Valgrind instrumentation if and only if
valgrind headers are available. The default is still
--with-valgrind=no. (fdo#56925, Simon McVittie)
- Platforms with no 64-bit integer type are no longer supported.
(fdo#65429, Simon McVittie)
- GNU make is now (documented to be) required. (fdo#48277, Simon
McVittie)
- Full test coverage no longer requires dbus-glib, although the tests
do not exercise the shared library (only a static copy) if dbus-glib
is missing. (fdo#68852, Simon McVittie)
- D-Bus Specification 0.22
* Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)
* Fix example .service file (fdo#66481, Chengwei Yang)
* Don't claim D-Bus is "low-latency" (lower than what?), just give
factual statements about it supporting async use (fdo#65141, Justin Lee)
* Document the contents of .service files, and the fact that system
services' filenames are constrained (fdo#66608; Simon McVittie, Chengwei
Yang)
- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility
with older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so. (fdo#54972,
Simon McVittie)
- Add GetConnectionCredentials() method (fdo#54445, Simon)
- New API: dbus_setenv(), a simple wrapper around setenv(). Note that
this is not thread-safe. (fdo#39196, Simon)
- Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
connection, like --address=ADDRESS in previous versions) and
dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor
--address=ADDRESS). dbus-send --address still exists for backwards
compatibility, but is no longer documented. (fdo#48816, Andrey Mazo)
- "dbus-daemon --nofork" is allowed on Windows again. (fdo#68852,
Simon McVittie)
- Avoid an infinite busy-loop if a signal interrupts waitpid()
(fdo#68945, Simon McVittie)
- Clean up memory for parent nodes when objects are unexported
(fdo#60176, Thomas Fitzsimmons)
- Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fdo#69165, Chengwei Yang)
- Escape addresses containing non-ASCII characters correctly
(fdo#53499, Chengwei Yang)
- Document <servicedir> search order correctly (fdo#66994, Chengwei
Yang)
- Don't crash on "dbus-send --session / x.y.z" which regressed in
1.7.4. (fdo#65923, Chengwei Yang)
- If malloc() returns NULL in _dbus_string_init() or similar, don't
free an invalid pointer if the string is later freed (fdo#65959,
Chengwei Yang)
- If malloc() returns NULL in dbus_set_error(), don't va_end() a
va_list that was never va_start()ed (fdo#66300, Chengwei Yang)
- fix build failure with --enable-stats (fdo#66004, Chengwei Yang)
- fix a regression test on platforms with strict alignment (fdo#67279,
Colin Walters)
- Avoid calling function parameters "interface" since certain Windows
headers have a namespace-polluting macro of that name (fdo#66493,
Ivan Romanov)
- Assorted Doxygen fixes (fdo#65755, Chengwei Yang)
- Various thread-safety improvements to static variables (fdo#68610,
Simon McVittie)
- Make "make -j check" work (fdo#68852, Simon McVittie)
- Fix a NULL pointer dereference on an unlikely error path (fdo#69327,
Sviatoslav Chagaev)
- Improve valgrind memory pool tracking (fdo#69326, Sviatoslav Chagaev)
- Don't over-allocate memory in dbus-monitor (fdo#69329, Sviatoslav
Chagaev)
- dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107,
Chengwei Yang)
- If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fdo#69026, Chengwei Yang)
- If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for
instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang)
- Fix a file descriptor leak on an error code path. (fdo#69182,
Sviatoslav Chagaev)
- dbus-run-session: clear some unwanted environment variables
(fdo#39196, Simon)
- dbus-run-session: compile on FreeBSD (fdo#66197, Chengwei Yang)
- Don't fail the autolaunch test if there is no DISPLAY (fdo#40352,
Simon)
- Use dbus-launch from the builddir for testing, not the installed
copy (fdo#37849, Chengwei Yang)
- Fix compilation if writev() is unavailable (fdo#69409, Vasiliy
Balyasnyy)
- Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fdo#60340,
Simon McVittie)
- Make autogen.sh work on *BSD by not assuming GNU coreutils
functionality fdo#35881, fdo#69787; Chengwei Yang)
- dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei Yang)
- dbus-launch: stop using non-portable asprintf (fdo#37849, Simon)
- Improve error reporting from the setuid activation helper
(fdo#66728, Chengwei Yang)
- Remove unavailable command-line options from 'dbus-daemon --help'
(fdo#42441, Ralf Habacker)
- Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fdo#66060, Ralf Habacker)
- Fix insufficient dependency-tracking (fdo#68505, Simon McVittie)
- Don't include wspiapi.h, fixing a compiler warning (fdo#68852, Simon
McVittie)
- add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
conditionals (fdo#66142, Chengwei Yang)
- improve verbose-mode output (fdo#63047, Colin Walters)
- consolidate Autotools and CMake build (fdo#64875, Ralf Habacker)
- fix various unused variables, unusual build configurations etc.
(fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410,
fdo#70218; Chengwei Yang, Vasiliy Balyasnyy)
- dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to fix (fdo#63127)
? CVE-2012-3524: Don't access environment variables (fdo#52202)
(fdo#51521, Dave Reisner) ? Remove an incorrect assertion from
DBusTransport (fdo#51657, (fdo#51406, Simon McVittie) (fdo#51032, Simon
McVittie) (fdo#34671, Simon McVittie) ・ Check for libpthread under
CMake on Unix (fdo#47237, Simon McVittie) spec-compliance (fdo#48580,
David Zeuthen) non-root when using OpenBSD install(1) (fdo#48217,
Antoine Jacoutot) (fdo#45896, Simon McVittie) (fdo#39549, Simon
McVittie) invent their own "union of everything" type (fdo#11191, Simon
find(1) (fdo#33840, Simon McVittie) (fdo#46273, Alban Crequy) again on
Win32, but not on WinCE (fdo#46049, Simon (fdo#47321, Andoni Morales
Alastruey) (fdo#39231, fdo#41012; Simon McVittie)
* Add a regression test for fdo#38005 (fdo#39836, Simon McVittie) a
service file entry for activation (fdo#39230, Simon McVittie)
(fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) and
document it better (fdo#31818, Will Thompson) ? Let the bus daemon
implement more than one interface (fdo#33757, ? Optimize
_dbus_string_replace_len to reduce waste (fdo#21261, (fdo#35114, Simon
McVittie) ? Add dbus_type_is_valid as public API (fdo#20496, Simon
McVittie) to unknown interfaces in the bus daemon (fdo#34527, Lennart
Poettering) (fdo#32245; Javier Jardon, Simon McVittie) ? Correctly
give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, in embedded
environments (fdo#19997, NB#219964; Simon McVittie) ? Install the
documentation, and an index for Devhelp (fdo#13495, booleans when
sending them (fdo#16338, NB#223152; Simon McVittie) errors to
dbus-shared.h (fdo#34527, Lennart Poettering) data (fdo#10887, Simon
McVittie) .service files (fdo#19159, Sven Herzberg) (fdo#35750, Colin
Walters) (fdo#32805, Mark Brand) which could result in a busy-loop
(fdo#32992, NB#200248; possibly ? Fix failure to detect abstract
socket support (fdo#29895) (fdo#32262, NB#180486) ? Improve some
error code paths (fdo#29981, fdo#32264, fdo#32262, fdo#33128,
fdo#33277, fdo#33126, NB#180486) ? Avoid possible symlink attacks in
/tmp during compilation (fdo#32854) ? Tidy up dead code (fdo#25306,
fdo#33128, fdo#34292, NB#180486) ? Improve gcc malloc annotations
(fdo#32710) ? Documentation improvements (fdo#11190) ? Avoid
readdir_r, which is difficult to use correctly (fdo#8284, fdo#15922,
LP#241619) ? Cope with invalid files in session.d, system.d
(fdo#19186, ? Don't distribute generated files that embed our
builddir (fdo#30285, fdo#34292) (fdo#33474, LP#381063) with lcov HTML
reports and --enable-compiler-coverage (fdo#10887) ・ support
credentials-passing (fdo#32542) ・ opt-in to thread safety (fdo#33464)
|
|
openSUSE Recommended Update: alsa-utils: Fixes a few alsactl bugs
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1134-1
Rating: low
References: #895581
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with alsa-utils:
- bnc#895581: Fixes a few alsactl bugs (bnc#895581)
- now the lock file is created in /var/lock directory instead of /var/lib
|
|
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370 #896624 #897890 #900941 #901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nspr:
- update to version 4.10.7
* bmo#836658: VC11+ defaults to SSE2 builds by default.
* bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103
PR_NewThreadPrivateIndex.
* bmo#1026129: Replace some manual declarations of MSVC intrinsics with
#include <intrin.h>.
* bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip
compiler checks when using MSVC, even when $CC is not literally "cl".
* bmo#1034415: NSPR hardcodes the C compiler to cl on Windows.
* bmo#1042408: Compilation fix for Android > API level 19.
* bmo#1043082: NSPR's build system hardcodes -MD.
|
|
==============================================================================
openSUSE Security Update: MozillaFirefox to Firefox 32
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1099-1
Rating: moderate
References: #894201 #894370
Cross-References: CVE-2014-1553 CVE-2014-1562 CVE-2014-1563
CVE-2014-1564 CVE-2014-1565 CVE-2014-1567
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
...
Mozilla NSS was updated to 3.16.4: Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
==============================================================================
openSUSE Security Update: mozilla-nss: update to avoid signature forgery
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1232-1
Rating: critical
References: #897890
Cross-References: CVE-2014-1568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mozilla NSS is vulnerable to a variant of a signature forgery attack
previously published by Daniel Bleichenbacher. This is due to lenient
parsing of ASN.1 values involved in a signature and could lead to the
forging of RSA certificates.
==============================================================================
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370 #896624 #897890 #900941 #901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nss:
- update to 3.17.1 (bnc#897890)
* Change library's signature algorithm default to SHA256
* Add support for draft-ietf-tls-downgrade-scsv
* Add clang-cl support to the NSS build system
* Implement TLS 1.3:
* Part 1. Negotiate TLS 1.3
* Part 2. Remove deprecated cipher suites andcompression.
* Add support for little-endian powerpc64
- update to 3.17
* required for Firefox 33 New functionality:
* When using ECDHE, the TLS server code may be configured to generate a
fresh ephemeral ECDH key for each handshake, by setting the
SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the
server's ephemeral ECDH key is reused for multiple handshakes. This
option does not affect the TLS client code, which always generates a
fresh ephemeral ECDH key for each handshake. New Macros
* SSL_REUSE_SERVER_ECDHE_KEY Notable Changes:
* The manual pages for the certutil and pp tools have been updated to
document the new parameters that had been added in NSS 3.16.2.
* On Windows, the new build variable USE_STATIC_RTL can be used to
specify the static C runtime library should be used. By default the
dynamic C runtime library is used.
|
|
openSUSE Security Update: update for krb5, krb5-doc, krb5-mini
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1043-1
Rating: moderate
References: #891082
Cross-References: CVE-2014-4345
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Thit MIT krb5 update fixes the following security issue:
- buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345)
|
|
==============================================================================
openSUSE Security Update: update for pulseaudio
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0946-1
Rating: moderate
References:
Cross-References: CVE-2014-3970
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issue: (bnc#881524)
CVE-2014-3970 - Denial of service in module-rtp-recv
==============================================================================
openSUSE Recommended Update: pulseaudio: Fixes resource leak
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1323-1
Rating: low
References:
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update fixes the following issue with pulseaudio:
- Fixes resource leak
|
|
Bump PKGREVISION to 3.
==============================================================================
openSUSE Security Update: libxml2, python-libxml2: Reverted patch for CVE-2014-0191
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0753-1
Rating: moderate
References: #876652
Cross-References: CVE-2014-0191
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Removed fix for CVE-2014-0191. This fix breaks existing applications and
there's currently no way to prevent that.
==============================================================================
openSUSE Security Update: update to fix CVE-2014-3660
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1330-1
Rating: moderate
References: #901546
Cross-References: CVE-2014-3660
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes a denial of service vulnerability when expanding
recursive entity (CVE-2014-3660) bnc#901546
|
|
==============================================================================
openSUSE Recommended Update: aaa_base: fixed xdg-environment.sh zsh compatibility
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0778-1
Rating: low
References: #875118
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
The xdg-environment.sh script in aaa_base was not able to be used with the
zsh shell. This was fixed.
==============================================================================
openSUSE Recommended Update: aaa_base: remove "text/js" from mime.types
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0918-1
Rating: low
References: #812427
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with aaa_base:
- bnc#812427: remove "text/js" from mime.types
=============================================================================
openSUSE Recommended Update: aaa_base: various bugfixes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1262-1
Rating: moderate
References: #721682 #860083 #861124 #880103 #882918
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
The system base scripts in aaa_base were updated to fix various bugs:
- remove no longer supported sysconfig settings (bnc#721682)
- update service man page
- always pass --full to systemctl (bnc#882918)
- Enable service script to return LSB status exit values (bnc#880103)
- implement legacy actions (bnc#861124)
- Enable service script to reload systemd if required
- handle targets in /sbin/service as well
- Check systemd service using LoadState (bnc#860083)
|
|
0.155
-------
MAMETesters Bugs Fixed
----------------------
- 01007: [Sound] (simpsons.c) simpsons: Some in-game samples such as
"maggie" and "that's my sister mister" sound bad. (Alex Jackson)
- 05705: [DIP/Input] (segas18.c) ddcrew: Player 3 buttons not working (Osso)
- 05700: [Graphics] (terracre.c) amazon, amatelas: lag/desync between
sprites and background (Alex Jackson)
- 03395: [Sound] (nmk16.c) macross2: Music emulation is not 100% perfect
(a balance issue) (trap15)
- 02422: [Sound] (nmk16.c) mustang: Sound communication might be incorrectly
implemented. (trap15)
- 02417: [Sound] (nmk16.c) NMK004 sound CPU is just (imperfectly) simulated
for now. (trap15)
- 01117: [Graphics] (nmk16.c) macross2: After some versions, I noticed a different
gfx overlap priority between hugest ships and weapon pickups in Macross2. (trap15)
- 05493: [Crash/Freeze] (itgambl2.c) All sets in itgambl2.c: Crash before OK
(Olivier Galibert)
- 05697: [DIP/Input] (flyball.c) All sets in flyball.c: Controls for Batter and
Pitcher are intertwined (hap)
- 05693: [Graphics] (ddragon3.c) wwfwfest: Wrestler Entrance does not show graphics
(hap)
- 05689: [Misc.] (williams.c) All sets in williams.c: Utility panel buttons not
working correctly compared to real game
- 05683: [Interface] SDL-based: -watchdog command not operable in SDLMAME (R. Belmont)
- 05681: [Crash/Freeze] SDL-based: Most Laserdisc CHD games either do not boot or
have other issues (R. Belmont)
- 05688: [Crash/Freeze] (psikyo4.c) hgkairak, hotgm4ev, hotgmck, hotgmck3, hotgmcki:
MAME crashes when enabling flip screen in psikyo4 games (Osso)
- 02124: [Graphics] (namconb1.c) nebulray, nebulrayj: Nebulas Ray is missing a rotation
effect in the first level (Phil Bennett)
- 05686: [Documentation] (model2.c) vcopa: missing relationship (Tafoid)
- 05685: [Documentation] (alg.c) maddog22: maddog22 is missing relationship with other
maddog2 sets (JWallace)
- 05676: [Sound] (eolith.c) candy: Loss of in-game sound (Wilbert Pol)
- 05675: [Color/Palette] (highvdeo.c) newmcard, record: Palette problems (David Haywood)
- 05666: [Crash/Freeze] (cswat.c) cswat: AddressSanitizer: heap-buffer-overflow with
-aviwrite (hap)
- 05350: [Core] Systems using M6809 with M6809_HOLD_LINE: CWAI doesn't acknowledge
interrupts while polling for them (hap)
- 05629: [Color/Palette] hangplt, hangpltu, thrilld: Voodoo 3D graphics have no palette
(Phil Bennett)
- 05637: [Crash/Freeze] (vegas.c) gauntdl, gauntdl24: Emulation hangs after initialization
(Phil Bennett)
- 05638: [Crash/Freeze] (seattle.c) vaportrx, vaportrxp: Emulation hangs during INIT
(Phil Bennett)
- 05636: [Sound] (vegas.c) gauntleg, gauntdl, carnevil and clones: Missing streaming
BGM/Sounds during gameplay (Phil Bennett)
- 05634: [Crash/Freeze] (tasman.c) All sets in tasman.c: [debug] Assertion in Debug
(Alex Jackson)
- 05644: [Graphics] (homerun.c) ganjaja: Line glitches at top of screen (hap)
- 05631: [Crash/Freeze] mquake.c, upscope.c: Crash shortly after start (Osso)
- 05633: [Crash/Freeze] (pcxt.c) tetriskr: [debug] Crash in Debug at start (crazyc)
- 00386: [Graphics] (battlera.c) battlera, bldwolf, bldwolfj: Sprites in the same player
where the black box with text that appears sometimes are printed in front of them.
(David Haywood)
- 00385: [Graphics] (battlera.c) battlera: When you are fighting against the first final
boss, you can see it even if it is under the water. (David Haywood)
Source Changes
--------------
-tourvis.c: Added version 5.3 BIOS to the Tourvision driver. [system11]
-m68kmake.c: change overlapping memcpy() to memmove() [Casper Ti. Vector]
-Changed set mpoker and driver to mgames. Also description from
Multi-Poker to Match Games accordingly with the official flyer.
http://flyers.arcade-museum.com/?page=thumbs&db=videodb&id=6500 In
fact, these are skill instead of poker games. Also added way more
documentation and some cosmetic fixes. [Roberto Fresca]
-Unknown Pac-Man gambling game: Rename and redefine the inputs to match
the behavior of both games. Added complete instructions to play the
stealth gambling game. [Roberto Fresca]
-Unknown Pac-Man gambling game: Added proper sound support. Rearranged
some inputs and hooked extra port. Found some DIP switches. Added
technical notes and instructions. Cleaned up the whole driver.
[Roberto Fresca]
-k053246_k053247_k055673.c: Make 8-bit-per-pixel ROM readback work;
hook up ROM readback properly in rungun.c; hook up registers properly
in tasman.c (sprite ROM tests pass now, still doesn't draw anything)
[Alex Jackson]
-fm2612: fixed missing dac channel on savestate load
[dink (FB Alpha project)]
-Added decryption support for Music Ball [Andreas Naive]
-speedbal.c: Give Music Ball it's own correct Bonus dipswitch settings.
Add dipswitch locations to Speed Ball & Music Ball. [Brian Troha]
-improve Funny Strip / Puck People protection simulation [iq_132]
-tatsumi.c: Fixed Cycle Warriors (set 1) hangs at boot. [MASH]
-k005289: fix off-by-one frequency; adds missing detune effect to
nemesis BGM [Alex Jackson]
-floppy: Handle half and quarter tracks [O. Galibert]
-williams.c - Added missing video board PROM to Joust 2 [Joe Magiera]
-flopimg: don't trash a bunch of memory when loading legacy floppies.
[R. Belmont]
-gcpinbal.c: Added PCB layout for Grand Cross Pinball
[Brian Troha, system11]
-ssv.c: Add PCB for the Storm Blade game rom board.
[Brian Troha, ShouTime]
-Laserdisc titles added and reorganised to include dumps from other
sources. ALG titles in particular have been heavily reorganised
[Dragon's Lair Project, J. Wallace]
-taito_b.c: Verified clock speeds for the East Technology's ET910000A
PCB used by Sel Feena and Ryu Jin. [system11]
-namconb1.c - Improved interrupt handling, fixing raster-effects (used
by nebulray and machbrkr) and nebulray test mode. [Phil Bennett]
-Implemented the Namco Custom 116 palette and raster IRQ controller as
a device, and hooked it up to the namcos1, namconb1 and namcofl
drivers [Alex Jackson]
-digfx.c: Make some members protected instead of private to be less
fascistic and more consistent with other device_interfaces. [Alex Jackson]
-SDL: update manpages [Cesare Falco]
-Allow use of external SQLite3 [Cesare Falco]
-coinmvga.c driver: Minor cleanup, new set added, and changed game
descriptions. [Roberto Fresca]
-msm5832: day of week is 0-6, not 1-7 [R. Belmont]
-galaxian.c: redumped atlantis2. [system11]
-Preliminary IGS029 protection simulation for mgcs: [Luca Elia]
fixes sound, dips and crash at game start.
-bwidow.c - Various changes: [Phil Bennett]
* Added address decoder PROMs to Gravitar and clones.
* Renamed ROMs to include correct part numbers and locations.
* Renamed set gravp to gravitar1.
-centiped.c - Various changes: [Phil Bennett]
* Made centtime the parent (this is actually revision 4)
* Renamed ROMs to include correct part numbers and locations.
* Added sync PROM to Warlords
-fuukifg2.c: Correct clock speeds for the Susume! Mile Smile / Go Go!
Mile Smile and Gyakuten!! Puzzle Bancho sets. [system11]
-added decryption for Gundam Wing: Endless Duel (SNES bootleg) [iq_132]
-floppy: Don't infloop in set_write_splice when there's no floppy
(fixes MT5672) [O. Galibert]
-mips3drc: Throw badcop exceptions on COP1 accesses while the COP1
status bit is not enabled [MarathonMan]
-segaybd.c: Give the new Power Drift (Japan, Link Version) it's own
correct dipswitch settings. [Brian Troha]
-ymf278b: Use the memory system to access wavetable data. This should
make it possible to hook up RAM as well as ROM to the device, e.g. for
computer sound cards in MESS. [Alex Jackson]
-psikyo4: Improve and clean up wavetable ROM banking. The mask ROM
tests in hotgm4ev and hotgmcki pass now. loderndf still fails for
unknown reasons. Miscellaneous cleanups as well. [Alex Jackson]
-mfi_dsk: Fix leaks [O. Galibert]
-SDL: fall through to the baseline Win32 implementations for file,
socket, and pty/named pipe I/O. [R. Belmont]
-SDL: init timebase the first time it's needed on Windows, Mac, and
OS/2 targets. [R. Belmont]
-Fixed sprite DMA for Raiden 2, bullets are now visible
[Angelo Salese, Olivier Galibert]
-SDL: remove dead code from SDL2 renderer, fix laserdisc crash with
SDL2 -video accel rendering. [R. Belmont]
-replace rom in ryukendna set [system11]
-SDL: link properly on OS X for SDL2. [R. Belmont]
-SDL: Use the same screen selection method for SDL2 as Windows.
[R. Belmont]
-Various pinballs working (see list below) [Robbbert]
-Sound for Atari pinball machines [Robbbert]
-gtia.c: converted to be a device. [Fabio Priuli]
-hikaru: add mask dumps for podrace [Cah4e3]
-voodoo.c, vooddefs.h: Added support for writes to trexInit1 register,
to return TMU configuration data. [Peter Ferrie]
-antic.c: converted to be a device. [Fabio Priuli]
-SDL: Allow -sound dsound on SDL Windows builds. [R. Belmont]
-Removed legacy_cpu_device. [Wilbert Pol]
-Added proper NMK004 internal rom [trap15]
-Hooked up support for NMK004 internal rom in MAME, replacing Nicola's
old simulation code [trap15, David Haywood]
-Fixed TLCS90 16-bit timers & support NMI in the core [trap15]
-Various tweaks and improvements in nmk16.c (timings, sound balance,
etc.): [trap15, David Haywood]
* US AAF Mustang now has sound / music for the first time
* Much better sound / music in the following games Bio-ship Paladin,
Vandyke, Black Heart, Acrobat Mission, Koutetsu Yousai Strahl, Thunder
Dragon, Hacha Mecha Fighter, Super Spacefortress Macross, GunNail
-SDL: use Windows OSD's font-selection semantics for SDL Windows
builds. [R. Belmont]
-softlist: fixed inconsistent -listsoftware output. [phulshof]
-ui: fixed crash when loading floppies with no parent software from
softlist (only via internal File Manager, though) [Fabio Priuli]
-added generic cartslot / ROM socket slot device, which offers basic
allocation and access handlers, and converted a few drivers to use
this instead of code from cartslot.c [Fabio Priuli]
-softlist: restored the support for loading games from compatible
softlists (like gbcolor games in gameboy, and viceversa, msx1 carts in
msx2, etc.) by using the syntax mess system -media list:gamename You
can now for instance use again "mess gbcolor -cart gameboy:sml" to
play "Super Mario Land" with the custom palettes of the Game Boy
Color. [Fabio Priuli]
-NS8250 Fixes [smf]
* Loopback: tx goes high and data is clocked at the
correct rate instead of appearing instantly Modem status register:
don't lose track of external signals when starting, resetting,
switching loopback off, writing to register Handshaking: active low
for consistency (RS232 port now defaults handshaking lines high and
serial mouse dtr/rts handling has been adjusted).
-Memory system and Namco improvements: [Alex Jackson]
* Explicit regions in address maps (AM_REGION) are now looked up
relative to the device rather than as siblings when in an internal
address map (similar to devices and shared pointers) Besides being
more orthogonal than before, this allows internal ROMs of MCUs and
similar devices to be hooked up in a nicer and more foolproof way.
Updated the m37710 and m5074x (m6502 derivative) to take advantage of
this.
* Divided the M37702/M37710 into specific models, with each model having
its own internal address map containing the correct amounts of
internal RAM and ROM.
* M37702 MCUs found on various Namco PCBs are now all unique devices and
have their respective internal ROMs loaded as device ROMs.
-namcops2: Documentation fixes [Guru]
-addrmap.c: Only install the default device address map if the owner
didn't provide one [Alex Jackson]
-8250: call interrupt callback after clearing internal interrupt state
when resetting [smf]
-added workaround to build with XCode 6.0.1 out-of-the-box
[Oliver Stöneberg]
-wd_fdc: Hopefully fix reading sectors with DDAM [lowen, O. Galibert]
-Moved protection vectors from hachamfb to hachamf, making the latter
to work properly too [Angelo Salese]
-web: allow pasting in text. [Firehawke]
-Gundam Wing: Endless Duel updates: [Peter Ferrie]
* added additional shared memory block
* added protection handlers
* corrected reset vector
* worked around bad startup
Game now boots but doesn't coin up.
-fix compile on MSVC 2012 & 2013 [Peter Ferrie]
-snesb.c: Add coin/DSW inputs to Gundam Wing, game is now playable.
[stephh]
-s4.c : fixed sound, 4 games marked as working (Flash,Stellar
Wars,TriZone,TimeWarp)
-snesb: Set up dip switches for Gundam Wing. [stephh]
-peplus.c: Various fixes, all sets should be working now. [BrianT]
-WebUI: clean up and fixed HTML compliance. [Firehawke]
-added makefile variable OPENMP to enable usage of OpenMP (includes
vconv support of -fopenmp) [Oliver Stöneberg]
-blktiger priority fixes [Mamesick]
-dragrace.c: Added tachometer outputs. [Comboman]
-Handcrafted PAL for actual Varth US PCB. [Palindrome]
-awboard: add "offset protection" used by some carts. samsptk and
kofxi boot now. [R. Belmont, MetalliC]
-model3: Rewrote 2D tilemap rendering. [Ville Linde]
-Rewrite k053260 sound device [Alex Jackson]
-Make cheat initialization debugger message more verbose. [Pugsy]
-make the orlegend111t set work [iq_132]
-chqflag.c: improve k007232 volume/pan controls, still largely
guesswork [Alex Jackson]
-wecleman.c: add missing k007232 volume callback [Alex Jackson]
-naomi.c:
* M2-type cartridges 4/8MB mode mapping documentation/code
[MetalliC, rtw]
* F355 protection key, small docs update/corrections [MetalliC]
* Atomiswave controller type register [MetalliC]
* Added InitialD Ver3 Cycraft PIC key [anonymous, MetalliC]
-eepromuser.c: Added Support for MSM16911 Serial eeprom [Felipe Sanches]
-mb88xx.c: Added support for Fujitsu M88201-202 MCU [Felipe Sanches]
-model3: New 3D renderer + various fixes (still heavily WIP) [Ville Linde]
-Beatmania IIDX Twinkle hardware: The IDE DMA is now hooked up, but the
sound board isn't running well enough yet for it to make a difference.
Hooked up the FDC37665GT and HLE the XVD701 and the 68k sound board
responses to get most of the games booting. There is no sound and the
games all fail with a hdd error when you start a stage. Beatmania IIDX
with DDR 2nd Club Version wants the GQ863 hard disk. [smf]
-Beatmania IIDX Twinkle hardware: beatmania IIDX Substream with DDR 2nd
Club Version 2 wants the harddisk from beatmania IIDX Substream. Added
missing 3rd & 6th style CD images & replaced 5th style images. [smf]
-upd7220: add Bresenham arc and complete char drawing [Carl]
-m68000: add missing item to save state [Alex Jackson]
- Converted battlera.c driver to use real PCE video code, fixing several
longstanding bugs (present since driver was added in 0.37b2 era)
[David Haywood]
- Reorganized ST0016 code, detangling several drivers, and fixing a some
missing video features used by gostop [David Haywood]
- Refactored legionna.c COP code to use new Raiden II implementation
fixing several bugs along the way [David Haywood]
- Tweaked Raiden II collision detection based on user feedback citing
specific bullet patterns and expected hitbox sizes [David Haywood]
- Added note about tharrier Dipswitches being likely read via the
protection device (not yet hooked up) [David Haywood]
- Fix girls 4,5,6 in the 'popbingo' bonus rounds [David Haywood]
- Fix what appears to be bad sound ROM banking in sandscrp
[Dink, David Haywood]
|
|
Fix bash vulnerabilities.
|
|
9a72433: slirp: udp: fix NULL pointer dereference because of uninitialized socket (Petr Matousek)
00dd2b2: pc: leave more space for BIOS allocations (Michael S. Tsirkin)
80f4d02: Revert "virtio: don't call device on !vm_running" (Michael S. Tsirkin)
074e347: virtio-net: drop assert on vm stop (Michael S. Tsirkin)
9e8d994: Revert "rng-egd: remove redundant free" (Eduardo Habkost)
a56b9cf: hw/machine: Free old values of string properties (Eduardo Habkost)
0717855: Revert "spapr_pci: map the MSI window in each PHB" (Greg Kurz)
82d80e1: target-i386: Support migratable=no properly (Eduardo Habkost)
5dd076a: exec: Save CPUState::exception_index field (Pavel Dovgaluk)
257e9cf: pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
1aa87d3: spice: make sure we don't overflow ssd->buf (Gerd Hoffmann)
7fe5418: vbe: rework sanity checks (Gerd Hoffmann)
c5042f0: vbe: make bochs dispi interface return the correct memory size with qxl (Gerd Hoffmann)
cf29a88: virtio-net: purge outstanding packets when starting vhost (Michael S. Tsirkin)
08743db: net: complete all queued packets on VM stop (Michael S. Tsirkin)
d9c06c0: net: invoke callback when purging queue (Michael S. Tsirkin)
f321710: virtio: don't call device on !vm_running (Michael S. Tsirkin)
ec48bfd: net: Forbid dealing with packets when VM is not running (zhanghailiang)
eb36f79: acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
34d41c1: vhost-scsi: init backend features earlier (Michael S. Tsirkin)
6f8d05a: vhost_net: init acked_features to backend_features (Jason Wang)
5e83dae: vhost_net: start/stop guest notifiers properly (Jason Wang)
ff34ca0: pci: avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
e685d2a: virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
67cfda8: qxl-render: add more sanity checks (Gerd Hoffmann)
4fd144f: target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values (Peter Maydell)
ea774b8: target-arm: Fix regression that disabled VFP for ARMv5 CPUs (Peter Maydell)
3e8966d: x86: Clear MTRRs on vCPU reset (Alex Williamson)
ba8576f: x86: kvm: Add MTRR support for kvm_get|put_msrs() (Alex Williamson)
07f8c97: x86: Use common variable range MTRR counts (Alex Williamson)
72c9c9a: target-i386: Don't forbid NX bit on PAE PDEs and PTEs (William Grant)
3d8cc86: vl: process -object after other backend options (Paolo Bonzini)
0824ca6: spapr_pci: map the MSI window in each PHB (Greg Kurz)
feb6334: thread-pool: avoid deadlock in nested aio_poll() calls (Stefan Hajnoczi)
75ada6b: thread-pool: avoid per-thread-pool EventNotifier (Stefan Hajnoczi)
be3af75: pc: reserve more memory for ACPI for new machine types (Michael S. Tsirkin)
bfe3e6f: pcihp: fix possible array out of bounds (Gonglei)
cd4acff: hostmem: set MPOL_MF_MOVE (Michael S. Tsirkin)
4b59161: vmxnet3: Pad short frames to minimum size (60 bytes) (Ben Draper)
fab7560: blkdebug: Delete BH in bdrv_aio_cancel (Fam Zheng)
16c92cd: qemu-iotests: add test case 101 for short file I/O (Stefan Hajnoczi)
dea6efe: raw-posix: fix O_DIRECT short reads (Stefan Hajnoczi)
8c4edd7: block/iscsi: fix memory corruption on iscsi resize (Peter Lieven)
504e2a7: arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2 (Christoffer Dall)
2f6d5e1: target-arm: Rename QEMU PSCI v0.1 definitions (Christoffer Dall)
20463dc: target-arm: Fix return address for A64 BRK instructions (Peter Maydell)
2a575c4: virtio-blk: fix reference a pointer which might be freed (zhanghailiang)
1ad9dce: acpi: align RSDP (Michael S. Tsirkin)
ba1bc81: numa: show hex number in error message for consistency and prefix them with 0x (Hu Tao)
948574e: pc-dimm: fix up error message (Michael S. Tsirkin)
044af98: pc-dimm: validate node property (Hu Tao)
7c68c54: hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE (Hu Tao)
bd47406: ide: only constrain read/write requests to drive size, not other types (Michael Tokarev)
e22d5dc: l2tpv3 (configure): it is linux-specific (Michael Tokarev)
dfd4808: vfio: Fix MSI-X vector expansion (Alex Williamson)
5f26e63: qdev-monitor: include QOM properties in -device FOO, help output (Stefan Hajnoczi)
42f7a13: qmp: hide "hotplugged" device property from device-list-properties (Stefan Hajnoczi)
|
|
|
|
|
|
- use DatLib 2.36
|
|
- Added knowledge of old v2 sound ROM from sonicwi2 (various emus).
- Updated a few existing definitions to account for MAME ROM renames
(up to MAME 0.135).
|
|
- Fixed de-duplication of "nodump" ROMs and disks for MAMEDiff.
- Log file now shows the MAMEDiff version as well as the options.
- Changed the directory scanner to process zero byte files / roms.
|
|
- Added date, email, homepage, url, comment, forcenodump to CMPro.
- Added category to RomCenter header (for completeness).
- Added the Generic XML format.
- Added automatic date population (based on the version number).
|
|
- Fixed crash when loading full MESS XML (0.105 upwards).
- MESS: Support for new device attributes (type, tag and mandatory).
- MESS: Support for machine "RAM options".
- Added support for 64-bit ROM sizes (n.b. not for directory scan).
- Added the DTD for ROM Management Datafiles (revision 1.1).
- Added support for Game Launcher and GameEx Map Files (untested).
- Added load / support for AAE RomList.
- Added save support for the Hyperspin Database format.
|
|
|
|
|
|
Upstream changes:
- Support the CACHE instruction as (for now) a nop.
- Provide the MIPS32 config0 and config1 registers, and pretend to
have 4K each L1 I/D caches. The cache remains fully coherent.
- Don't allow r2000/r3000 (mips-I) style cache flushes.
- Add a disk161 utility for manipulating disk images, and don't
keep disk image sizes in sys161.conf any more.
- Edit/revise the processor docs.
- Fix build with gcc 4.8.
- Provide flock() compat for legacy OSes without it. (Hi, Solaris.)
|
|
|
|
|
|
Ok jperkin
|
|
|
|
|
|
|
|
openSUSE Security Update: curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1139-1
Rating: important
References: #894575 #895991
Cross-References: CVE-2014-3613 CVE-2014-3620
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
libcurl was updated to fix security issues:
CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned
or used for other numeric IP hosts if portions of the numerics were the
same.
CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains,
making them to broad.
|
|
openSUSE Security Update: glibc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1115-1
Rating: important
References: #887022 #892073 #894553
Cross-References: CVE-2014-0475 CVE-2014-5119 CVE-2014-6040
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
|
|
|
|
|
|
|
|
LibDsk is a library intended to give transparent access to floppy
drives and to the "disc image files" used by emulators to represent
floppy drives. It currently supports the following disc image
formats:
- Raw "dd if=foo of=bar" images;
- Raw images in logical filesystem order;
- CPCEMU-format .DSK images (normal and extended);
- CFI-format disc images, as produced by FDCOPY.COM;
- ApriDisk-format disc images;
- NanoWasp-format disc images, used by the eponymous emulator;
- Yaze 'ydsk' disc images, created by the 'yaze' emulators;
- Disc images created by Teledisk and CopyQM (read only);
- The floppy drive under Linux.
|
|
simulavr asks for libiberty.a.
With avr-gcc 4.5.3 and avr-binutils-2.23.2, binutils is installing
libiberty.a
But with new binutils-2.24, it won't install libiberty. Instead,
avr-gcc-4.8.3 will provied libiberty.
Makefile (of simulavr) now has pointer to PATH of libiberty now
as:
CONFIGURE_ARGS+= --with-libiberty=${PREFIX}/lib/gcc/avr
(Add patches)
patch-src_systemclock_cpp (rename from patch-src_systemclock.cpp)
patch-src_systemclock_h
patch-src_traceval_cpp
patch-src_traceval_h
clang flags as resize unresolved reference,
backport from git repository (as of 2013-09-15).
patch-examples_atmel_key_StdDefs_c Status: Locally Added
passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
|
|
Changes:
- use flock() on disk images to avoid accidents
- improve gdb interface to treat CPUs as "threads"
- rework tty handling; now behaves when backgrounded
- change disk image names in sample config to match OS/161 usage
- rework timing code and fix bug with bogus large idle counts
- rework and retune main loop; much faster
- use more gcc warnings
|
|
|
|
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0977-1
Rating: low
References: #886016 #888697
Cross-References: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343
CVE-2014-4344
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following security isses are fixed in this update:
CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC
1964 tokens (bnc#886016)
CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697)
|
|
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0978-1
Rating: moderate
References: #870855
Cross-References: CVE-2013-6369
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The following security issue is fixed in this update
- [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow
|
|
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1052-1
Rating: moderate
References: #890764 #890765 #890766 #890767 #890768 #890769
#890770 #890771 #890772
Cross-References: CVE-2014-3505 CVE-2014-3506 CVE-2014-3507
CVE-2014-3508 CVE-2014-3509 CVE-2014-3510
CVE-2014-3511 CVE-2014-3512 CVE-2014-5139
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This openssl update fixes the following security issues:
- openssl 1.0.1i
* Information leak in pretty printing functions (CVE-2014-3508)
* Crash with SRP ciphersuite in Server Hello message (CVE-2014-5139)
* Race condition in ssl_parse_serverhello_tlsext (CVE-2014-3509)
* Double Free when processing DTLS packets (CVE-2014-3505)
* DTLS memory exhaustion (CVE-2014-3506)
* DTLS memory leak from zero-length fragments (CVE-2014-3507)
* OpenSSL DTLS anonymous EC(DH) denial of service (CVE-2014-3510)
* OpenSSL TLS protocol downgrade attack (CVE-2014-3511)
* SRP buffer overrun (CVE-2014-3512)
|
|
|
|
Incompatible changes:
---------------------
The 82573L NIC was incorrectly treated as an 8254xx model. It no longer works correctly on either Linux (3.14.*) or Windows 7 and has been removed.
On x86, migration from QEMU 1.7 to QEMU 2.0 was broken if the guest had PCI bridges or for some number of CPUs (12, 13, 14, 54, 55, 56, 97, 98, 99, 139, 140) are the only ones). QEMU 2.1 fixes this, so that migration from QEMU 1.7 to QEMU 2.1 should always work. However, the fix breaks the following scenarios instead:
migration from QEMU 2.0 to QEMU 2.1 with PCI bridges and machine types pc-i440fx-1.7/pc-i440fx-2.0
migration from QEMU 2.0 to QEMU 2.1 with the aforementioned number of CPUs and machine type pc-i440fx-1.7
Future incompatible changes:
----------------------------
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
Starting with QEMU xyz.jkl, -readconfig will standardize on the name for the command line option.
ARM
---
Firmware can be passed to the vexpress machine via -bios.
Improvements to Allwinner SoC emulation.
AArch64 TCG system emulation support.
AArch64 SHA and Crypto instruction support.
LM32
----
Support for semihosting.
Microblaze
----------
Support for u-boot initrd images.
MIPS
----
Support for KVM in the Malta board.
more...
|
|
Bump PKGREVISION.
|
|
Changes: the usual, better emulation for more systems.
|
