Packages changed: aria2 (1.28.0 -> 1.29.0) libvirt logrotate open-iscsi perl-DBD-mysql (4.037 -> 4.039) perl-JSON-XS (3.02 -> 3.03) perl-Log-Dispatch (2.57 -> 2.58) python-ldap (2.4.27 -> 2.4.28) python-pyOpenSSL (16.0.0 -> 16.2.0) python3-cffi (1.8.3 -> 1.9.1) whois (5.2.12 -> 5.2.13) wireshark (2.2.1 -> 2.2.2) === Details === ==== aria2 ==== Version update (1.28.0 -> 1.29.0) Subpackages: aria2-lang libaria2-0 - Update to version 0.29.0: * WinTLS: Fix busy loop on write error * Support 1xx non-final response * Update wslay * Don't download piece which is filtered out (e.g., --select-file) ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - spec: explicitly set qemu-bridge-helper path to /usr/lib/ bsc#999070 ==== logrotate ==== - Move logrotate.status to /var/lib/misc following FHS/LSB and making implementing read-only root filesystem much easier. [FATE#322036] - Add patch: * logrotate-var-lib-misc.patch ==== open-iscsi ==== Subpackages: iscsiuio - Updated to upstream version 2.0-874, but still includes (very few) SUSE-specific changes. This replaced the 2.0-873 tarball with a 2.0-874 tarball, but still includes the Factory-latest compressed diff patch file, though it is now empty. See Changes file for functional change details. ==== perl-DBD-mysql ==== Version update (4.037 -> 4.039) - updated to 4.039 see /usr/share/doc/packages/perl-DBD-mysql/Changes 2016-11-15 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.039) * Fix for security issue Out-of-bounds read by DBD::mysql CVE-2016-1249 (pali) 2016-10-30 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038_01) * Fix compilation of embedded server (pali) (https://github.com/perl5-dbi/DBD-mysql/pull/68) * Fix compilation against libmariadbclient. First version by H.Merijn Brand, improved by Bernt Johnsen @ Oracle. * For efficiency use newSVpvn() instead newSVpv() where possible (pali) * Correctly coerce fetched scalar values when mysql_server_prepare is not used (pali) * Add support for fetching columns of BIT type with mysql_server_prepare = 1 (pali) Fixes https://rt.cpan.org/Public/Bug/Display.html?id=88006 * Use correct format in printf instead of casting variable types (pali) * Include errno.h for MYSQL_ASYNC because it uses errno variable (pali) * Travis: also test on perl 5.22 and 5.24. - updated to 4.038 see /usr/share/doc/packages/perl-DBD-mysql/Changes 2016-10-19 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.038) * Version 4.037_1 had fixes for MySQL 8.0 provided Bernt Johnsen @ Oracle that were not in the Changelogs (https://github.com/perl5-dbi/DBD-mysql/pull/56) * Fixes for compiling against newer libmysqlclient on Windows (kmx) * Fix unit test for 40server_prepare_crash on Windows (pali) * Perl's IV in scalar can store 64bit integer when perl was compiled with 64 bit support (default on 64bit linux with gcc). Use this feature and stores MYSQL_TYPE_LONGLONG as integers instead of strings when possible. (pali, https://github.com/perl5-dbi/DBD-mysql/pull/57) 2016-10-14 Patrick Galbraith, Michiel Beijen, DBI/DBD community (4.037_01) * Newest versions of libmysqlclient and the MariaDB C connector no longer export the __WIN__ macro. If this macro is not present we would not compile in the poll.h-based async-support. Changed to use the _WIN32 macro instead. Thanks to Sergei Golubchik for suggesting the fix. * Fix from Pali Rohár to not use unsafe sprintf with variable lengt, changes to bind logic, and added test 40server_prepare_crash. ==== perl-JSON-XS ==== Version update (3.02 -> 3.03) - updated to 3.03 see /usr/share/doc/packages/perl-JSON-XS/Changes TODO: rfc7464 TODO: Victor Efimov 3.03 Wed Nov 16 20:20:59 CET 2016 - fix a bug introduced by a perl bug workaround that would cause incremental parsing to fail with a sv_chop panic. - json_xs: toformat failure error message fixed. - json_xs: allow cyclic data structures in CBOR. ==== perl-Log-Dispatch ==== Version update (2.57 -> 2.58) - updated to 2.58 see /usr/share/doc/packages/perl-Log-Dispatch/Changes 2.58 2016-11-13 - Switched from RT to the GitHub issue tracker. ==== python-ldap ==== Version update (2.4.27 -> 2.4.28) - Update to upstream release 2.4.28 ==== python-pyOpenSSL ==== Version update (16.0.0 -> 16.2.0) - fix source url - Change source url to pypi.io * version 16.2.0 source tarball failed to download from pypi.python.org - Update to 16.2.0 * Deprecations * * Dropped support for OpenSSL 0.9.8. * Changes * * Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496 * * Enable use of CRL (and more) in verify context. #483 * * OpenSSL.crypto.PKey can now be constructed from cryptography objects and also exported as such. #439 * * Support newer versions of cryptography which use opaque structs for OpenSSL 1.1.0 compatibility. * * Fixed compatibility errors with OpenSSL 1.1.0. * * Fixed an issue that caused failures with subinterpreters and embedded Pythons. [#552] ==== python3-cffi ==== Version update (1.8.3 -> 1.9.1) - update to version 1.9.1: (no changelog available) - changes from version 1.9: * Structs with variable-sized arrays as their last field: now we track the length of the array after ffi.new() is called, just like we always tracked the length of ffi.new("int[]", 42). This lets us detect out-of-range accesses to array items. This also lets us display a better repr(), and have the total size returned by ffi.sizeof() and ffi.buffer(). Previously both functions would return a result based on the size of the declared structure type, with an assumed empty array. (Thanks andrew for starting this refactoring.) * Add support in cdef()/set_source() for unspecified-length arrays in typedefs: typedef int foo_t[...];. It was already supported for global variables or structure fields. * I turned in v1.8 a warning from cffi/model.py into an error: 'enum xxx' has no values explicitly defined: refusing to guess which integer type it is meant to be (unsigned/signed, int/long). Now I?m turning it back to a warning again; it seems that guessing that the enum has size int is a 99%-safe bet. (But not 100%, so it stays as a warning.) * Fix leaks in the code handling FILE * arguments. In CPython 3 there is a remaining issue that is hard to fix: if you pass a Python file object to a FILE * argument, then os.dup() is used and the new file descriptor is only closed when the GC reclaims the Python file object?and not at the earlier time when you call close(), which only closes the original file descriptor. If this is an issue, you should avoid this automatic convertion of Python file objects: instead, explicitly manipulate file descriptors and call fdopen() from C (...via cffi). ==== whois ==== Version update (5.2.12 -> 5.2.13) - whois 5.2.13: * Use "domain" instead of "=" for default verisign-grs queries, to ignore the name server names spam. * Fixed make_ip_del_recovered.pl, which generated non-functioningi data. * Added the .xn--90ae (??, Bulgaria) TLD server. * Updated the .bd, .jobs and .mobi TLD servers. * Added new ASN allocations. * Added new recovered IPv4 allocations. * Updated the crsnic.net hiding string to fix hiding for .bi. * Updated the list of new gTLDs. ==== wireshark ==== Version update (2.2.1 -> 2.2.2) Subpackages: wireshark-ui-gtk - Wireshark 2.2.2: * CVE-2016-9372: Profinet I/O long loop (boo#1010807) * CVE-2016-9374: AllJoyn crash (boo#1010752) * CVE-2016-9376: OpenFlow crash (boo#1010735) * CVE-2016-9373: DCERPC crash (boo#1010754) * CVE-2016-9375: DTN infinite loop (boo#1010740) * Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html