Packages changed: acpid branding-openSUSE installation-images-openSUSE (14.278 -> 14.279) kde-branding-openSUSE lightdm (1.20.0 -> 1.21.1) nghttp2 (1.15.0 -> 1.16.1) openvpn p7zip perl-DBD-mysql (4.040 -> 4.041) systemd xfce4-vala xfdesktop (4.12.2 -> 4.12.3) === Details === ==== acpid ==== - Remove ExclusiveArch. At least some ARM boards emulate ACPI events with their power button driver. At worst the daemon will be superfluous on some systems. (bsc#1012325) ==== branding-openSUSE ==== Subpackages: gfxboot-branding-openSUSE grub2-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE xfce4-splash-branding-openSUSE - enable grub2-branding-openSUSE also for %%arm ==== installation-images-openSUSE ==== Version update (14.278 -> 14.279) - removed local alias - 14.279 ==== kde-branding-openSUSE ==== Subpackages: kdelibs4-branding-openSUSE ksplash-qml-branding-openSUSE ksplashx-branding-openSUSE - Change version back to 13.3 ==== lightdm ==== Version update (1.20.0 -> 1.21.1) Subpackages: liblightdm-gobject-1-0 lightdm-lang - Update to version 1.21.1 (changes since 1.20.0): * Add liblightdm functions for getting OS release information and the message of the day. * Warn if we find unknown keys in configuration. * Fix .profile errors not showing in .xsession-errors log. * Remove a duplicate Qt property in liblightdm. * Fix and improve liblightdm API documentation. * Minor GIR annotation fixes. * Fix greeters crashing with unknown configuration keys (regression from 1.12.0) * Add an API verison to the greeter-daemon protocol for future enhancements. * More regression tests. ==== nghttp2 ==== Version update (1.15.0 -> 1.16.1) - Update to version 1.16.1: * lib: Prevent undefined behavior in decode_length * nghttpx: Fix bug which may crash nghttpx if non-final response is forwarded from origin server to HTTP/1.1 client - Changes for version 1.16.0: * lib: Add nghttp2_set_debug_vprintf_callback to take advantage of DEBUGF statements in when building DEBUGBUILD. * Update .clang-format for clang-format-3.9 * build: Make it possible to include nghttp2/CMakeLists.txt in another project using add_subdirectory. * third-party: Update http-parser to feae95a3a69f111bc1897b9048d9acbc290992f9 * asio: Fix crash when end() is called outside nghttp2 callback * nghttpx: Add --backend-connect-timeout option * nghttpx: Add TLS signed_certificate_timestamp extension support * nghttpx: Add --ecdh-curves option to specify list of named curves * h2load: Add --header-table-size and --encoder-header-table-size options ==== openvpn ==== - Require iproute2 explicitly. openvpn uses /bin/ip from iproute2, so it should be installed ==== p7zip ==== - Add CVE-2016-9296.patch to fix a null pointer dereference problem (CVE-2016-9296) ==== perl-DBD-mysql ==== Version update (4.040 -> 4.041) - updated to 4.041 see /usr/share/doc/packages/perl-DBD-mysql/Changes 2016-11-28 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.041) * Fix use-after-free for repeated fetchrow_arrayref calls when mysql_server_prepare=1 Function dbd_st_fetch() via Renew() can reallocate output buffer for mysql_stmt_fetch() call. But it does not update pointer to that buffer in imp_sth->stmt structure initialized by mysql_stmt_bind_result() function. That leads to use-after-free in any mysql function which access imp_sth->stmt structure (e.g. mysql_stmt_fetch()). This patch fix this problem and properly updates pointer in imp_sth->stmt structure after Renew() call. This is a medium level security issue to which the Debian security team assigned identifier CVE-2016-1251. Discovered and fixed by Pali Rohár. * auto_reconnect now also matches CR_SERVER_LOST, previously this only matched CR_SERVER_GONE. Fixes http://bugs.mysql.com/bug.php?id=27613 Fix suggested by Wouter de Jong. * Fix compilation fixes (Pali Rohár). ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - libudev-devel 32bit is needed for building 32bit wine now. ==== xfce4-vala ==== - fix build on Leap 42.2 (vala version 0.32) ==== xfdesktop ==== Version update (4.12.2 -> 4.12.3) Subpackages: xfdesktop-lang - update to version 4.12.3 - rotate wallpaper images if they contain rotation information - Settings: Fix loading of wallpaper previews - fix setting of wallpaper if monitor name contains whitespace - translation updates