| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Announcement ID: openSUSE-SU-2014:0821-1
Description:
dbus-1 was updated to fix a possible DoS (CVE-2014-3477).
Bump PKGREVISION.
|
|
Update fixes nine security issues
Announcement ID: openSUSE-SU-2014:0819-1
Description:
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
Bump PKGREVISION.
|
|
Upstream changes (no English changelog):
20140607:
X11 dependent part:
Change filenames of config file and status files for xnp21 binary
built by --enable-build-all:
- config files
$(HOME)/.np2/np21rc
- status files
$(HOME)/.np2/sav/np21.sav
$(HOME)/.np2/sav/np21.s00 etc.
|
|
|
|
|
|
|
|
PDF, there's no point in building it, so disable TeX auto-detection.
|
|
|
|
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
|
|
|
|
|
|
pkgsrc changes:
- remove xnp2-ia32 option
- always build both xnp2 (80286 core) and xnp21 (IA-32 core) binaries
Upstream changes (no English changelog):
- --enable-build-all option to configure that enables to build
both 80286 core and IA-32 core binaries is added
(per my request, thanks nonaka@)
|
|
expired (about 10 years ago).
Unconditionally switch to libgif.
As discussed on tech-pkg without dissent.
Bump PKGREVISION.
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
libxml2, python-libxml2: Prevent external entities from being loaded
Description:
Updated fix for openSUSE-SU-2014:0645-1 because of a regression that
caused xmllint to break.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
libXfont: Fixed multiple vulnerabilities
An update that fixes three vulnerabilities is now available.
Description:
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing
(CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies
(CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies
(CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to
raise privileges
or by a remote attacker with control of the font server to execute code
with the privileges of the X server.
|
|
Fixes big-endian runtime failure, PR pkg/48823.
Bump PKGREVISION.
|
|
|
|
|
|
easier.
|
|
of "man".
|
|
|
|
python3, since the default changed from python33 to python34.
I probably bumped too many. I hope I got them all.
|
|
|
|
|
|
Congratulations.
Bump PKGREVISION.
|
|
alsa-oss: bugfix update
Description:
The ALSA OSS plugin was updated to fix bugs:
- Fix for dmix with unaligned sample rate:
- Revert patch 0001-Fix-path-to-libaoss.so.patch, as this
causes regressions on multi-arch (bnc#874331)
Bump PKGREVISION.
|
|
libxml2
Description:
- fix for CVE-2014-0191 (bnc#876652)
* libxml2: external parameter entity loaded when entity substitution is
disabled
* added libxml2-CVE-2014-0191.patch
Bump PKGREVISION.
|
|
update for openssl
Description:
- Fixed bug[ bnc#876282], CVE-2014-0198 openssl: OpenSSL NULL pointer
dereference in do_ssl3_write Add file: CVE-2014-0198.patch
Bump PKGREVISION.
|
|
until proven otherwise.
|
|
update for libpng12
Description:
This libpng12 update fixes the following two security
issues.
- bnc#873123: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_sPLT() and
png_set_text_2() (CVE-2013-7354).
- bnc#873124: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).
Bump PKGREVISION.
|
|
|
|
|
|
|
|
Fix PR pkg/48777
|
|
|
|
update for MozillaFirefox
Description:
This is also a mozilla-nss update to version 3.16:
* required for Firefox 29
* bmo#903885 - (CVE-2014-1492) In a wildcard certificate,
the wildcard character should not be embedded within
the U-label of an internationalized domain name. See
the last bullet point in RFC 6125, Section 7.2.
* Supports the Linux x32 ABI. To build for the Linux x32
target, set the environment variable USE_X32=1 when
building NSS. New Functions:
* NSS_CMSSignerInfo_Verify New Macros
* TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that
were first defined in SSL 3.0 can now be referred to
with their official IANA names in TLS, with the TLS_
prefix. Previously, they had to be referred to with
their names in SSL 3.0, with the SSL_ prefix. Notable
Changes:
* ECC is enabled by default. It is no longer necessary to
set the environment variable NSS_ENABLE_ECC=1 when
building NSS. To disable ECC, set the environment
variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS
names when evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for
invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set,
skip the runtime test sdb_measureAccess.
* The built-in roots module has been updated to version
1.97, which adds, removes, and distrusts several
certificates.
* The atob utility has been improved to automatically
ignore lines of text that aren't in base64 format.
* The certutil utility has been improved to support
creation of version 1 and version 2 certificates, in
addition to the existing version 3 support.
Bump PKGREVISION.
|
|
update for curl
Description:
This curl update fixes two security issues:
- bnc#868627: Fixed wrong re-use of connections
(CVE-2014-0138).
- bnc#868629: Fixed IP address wildcard certificate
validation (CVE-2014-0139).
Bump PKGREVISION.
|
|
OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
Description:
A use-after-free race condition in OpenSSL's read buffer
was fixed that could cause connections to drop
(CVE-2010-5298).
Bump PKGREVISION.
|
|
|
|
|
|
update for openssl
This is an openssl version update to 1.0.1g.
- The main reason for this upgrade was to be clear about
the TLS heartbeat problem know as "Heartbleed"
(CVE-2014-0160). That problem was already fixed in our
previous openssl update.
Bump PKGREVISION.
|
|
update for json-c
This json-c update fixes the following two security issue:
- bnc#870147: Fixed buffer overflow if size_t is larger
than int (CVE-2013-6370).
- bnc#870147: Fixed possible hash collision DoS
(CVE-2013-6371).
Bump PKGREVISION.
|
|
|
|
coreutils: Several upstream-bugfixes
Bump PKGREVISION.
|
|
|
