Packages changed: MozillaFirefox (48.0.1 -> 48.0.2) MozillaThunderbird (45.2 -> 45.3.0) binutils (2.26.1 -> 2.27) elfutils (0.166 -> 0.167) gcc6 (6.1.1+r239476 -> 6.2.1+r239849) grub2 libgcj-gcc6 (6.1.1+r239476 -> 6.2.1+r239849) lsof mailman (2.1.22 -> 2.1.23) python-setuptools (23.1.0 -> 26.1.1) systemd === Details === ==== MozillaFirefox ==== Version update (48.0.1 -> 48.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 48.0.2: * Mitigate a startup crash issue caused on Windows (bmo#1291738) ==== MozillaThunderbird ==== Version update (45.2 -> 45.3.0) Subpackages: MozillaThunderbird-translations-common - update to Thunderbird 45.3.0 (boo#991809) * Disposition-Notification-To could not be used in mail.compose.other.header * "edit as new message" on a received message pre-filled the sender as the composing identity. * Certain messages caused corruption of the drafts summary database. security fixes: * MFSA 2016-62/CVE-2016-2836 Miscellaneous memory safety hazards * MFSA 2016-63/CVE-2016-2830 (bmo#1255270) Favicon network connection can persist when page is closed * MFSA 2016-64/CVE-2016-2838 (bmo#1279814) Buffer overflow rendering SVG with bidirectional content * MFSA 2016-65/CVE-2016-2839 (bmo#1275339) Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 * MFSA 2016-67/CVE-2016-5252 (bmo#1268854) Stack underflow during 2D graphics rendering * MFSA 2016-70/CVE-2016-5254 (bmo#1266963) Use-after-free when using alt key and toplevel menus * MFSA 2016-72/CVE-2016-5258 (bmo#1279146) Use-after-free in DTLS during WebRTC session shutdown * MFSA 2016-73/CVE-2016-5259 (bmo#1282992) Use-after-free in service workers with nested sync events * MFSA 2016-76/CVE-2016-5262 (bmo#1277475) Scripts on marquee tag can execute in sandboxed iframes * MFSA 2016-77/CVE-2016-2837 (bmo#1274637) Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback * MFSA 2016-78/CVE-2016-5263 (bmo#1276897) Type confusion in display transformation * MFSA 2016-79/CVE-2016-5264 (bmo#1286183) Use-after-free when applying SVG effects * MFSA 2016-80/CVE-2016-5265 (bmo#1278013) Same-origin policy violation using local HTML file and saved shortcut file ==== binutils ==== Version update (2.26.1 -> 2.27) Subpackages: binutils-devel - Update to binutils 2.27. * Add a configure option, --enable-64-bit-archive, to force use of a 64-bit format when creating an archive symbol index. * Add --elf-stt-common= option to objcopy for ELF targets to control whether to convert common symbols to the STT_COMMON type. GAS: * Default to --enable-compressed-debug-sections=gas for Linux/x86 targets. * Add --no-pad-sections to stop the assembler from padding the end of output sections up to their alignment boundary. * Support for the ARMv8-M architecture has been added to the ARM port. Support for the ARMv8-M Security and DSP Extensions has also been added to the ARM port. * ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and .extCoreRegister pseudo-ops that allow an user to define custom instructions, conditional codes, auxiliary and core registers. * Add a configure option --enable-elf-stt-common to decide whether ELF assembler should generate common symbols with the STT_COMMON type by default. Default to no. * New command line option --elf-stt-common= for ELF targets to control whether to generate common symbols with the STT_COMMON type. * Add ability to set section flags and types via numeric values for ELF based targets. * Add a configure option --enable-x86-relax-relocations to decide whether x86 assembler should generate relax relocations by default. Default to yes, except for x86 Solaris targets older than Solaris 12. * New command line option -mrelax-relocations= for x86 target to control whether to generate relax relocations. * New command line option -mfence-as-lock-add=yes for x86 target to encode lfence, mfence and sfence as "lock addl $0x0, (%[re]sp)". * Add assembly-time relaxation option for ARC cpus. * Add --with-cpu=TYPE configure option for ARC gas. This allows the default cpu type to be adjusted at configure time. GOLD: * Add a configure option --enable-relro to decide whether -z relro should be enabled by default. Default to yes. * Add support for s390, MIPS, AArch64, and TILE-Gx architectures. * Add support for STT_GNU_IFUNC symbols. * Add support for incremental linking (--incremental). GNU ld: * Add a configure option --enable-relro to decide whether -z relro should be enabled in ELF linker by default. Default to yes for all Linux targets except FRV, HPPA, IA64 and MIPS. * Support for -z noreloc-overflow in the x86-64 ELF linker to disable relocation overflow check. * Add -z common/-z nocommon options for ELF targets to control whether to convert common symbols to the STT_COMMON type during a relocatable link. * Support for -z nodynamic-undefined-weak in the x86 ELF linker, which avoids dynamic relocations against undefined weak symbols in executable. * The NOCROSSREFSTO command was added to the linker script language. * Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply link-time values for dynamic relocations. - Add binutils-2.27-branch.diff with fixes on the branch sofar. - Remove gold-relocate-tls.patch, included in binutils 2.27. ==== elfutils ==== Version update (0.166 -> 0.167) Subpackages: libasm1 libdw1 libelf1 libelf1-32bit - Update to version 0.167: libasm: Add eBPF disassembler for EM_BPF files. backends: Add m68k and BPF backends. ld: Removed. dwelf: Add ELF/DWARF string table creation functions. dwelf_strtab_init, dwelf_strtab_add, dwelf_strtab_add_len, dwelf_strtab_finalize, dwelf_strent_off, dwelf_strent_str and dwelf_strtab_free. Support compressed sections from binutils 2.27. - Remove patch elfutils-0.166-elfcmp-comp-gcc6.patch: included upstream. ==== gcc6 ==== Version update (6.1.1+r239476 -> 6.2.1+r239849) Subpackages: cpp6 gcc6-c++ gcc6-fortran gcc6-info gcc6-locale gcc6-objc libasan3 libatomic1 libcilkrts5 libgcc_s1 libgcc_s1-32bit libgfortran3 libgomp1 libitm1 liblsan0 libmpx2 libmpxwrappers2 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc6 libtsan0 libubsan0 - Update to gcc-6-branch head (r239849). * Includes GCC 6.2 release. * Includes fix for OVMF compilation. - Refresh gcc-dir-version.patch. - gcc6-devel: require gmp-devel and mpc-devel - Update HSA_RUNTINE_LIB in gcc6-hsa-enablement.patch ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - binutils 2.27 creates empty modules without a symtab. Add patch grub2-accept-empty-module.patch to not reject them. ==== libgcj-gcc6 ==== Version update (6.1.1+r239476 -> 6.2.1+r239849) Subpackages: gcc6-gij gcc6-java libgcj-devel-gcc6 libgcj-jar-gcc6 libgcj_bc1 - Update to gcc-6-branch head (r239849). * Includes GCC 6.2 release. * Includes fix for OVMF compilation. - Refresh gcc-dir-version.patch. - gcc6-devel: require gmp-devel and mpc-devel - Update HSA_RUNTINE_LIB in gcc6-hsa-enablement.patch ==== lsof ==== - modify lsof_4.89-nfs_hanging.patch and add a check for HasNFS variable as HasNFS may already have been set to 2 in the readmnt() function [bsc#995061] ==== mailman ==== Version update (2.1.22 -> 2.1.23) - update to 2.1.23 * CSRF protection in user options page (CVE-2016-6893) * header_filter_rules matching: headers and patterns are all decoded to unicode * another possible REMOVE_DKIM_HEADERS setting * SMTPDirect.py can now do SASL authentication and STARTTLS * bug fixes, i18n updates * for further details see NEWS ==== python-setuptools ==== Version update (23.1.0 -> 26.1.1) - fix certificate handling with certifi, add support for SUSE's CA bundle (setuptools-certpath.patch, fixes boo#993968) - remove shebang lines, strip executable bit from README, to silence the easy rpmlint warnings - update to 26.1.1: * Re-release of 26.1.0 with pytest pinned to allow for automated deployement and thus proper packaging environment variables, fixing issues with missing executable launchers. * #763: ``pkg_resources.get_default_cache`` now defers to the `appdirs project <https://pypi.org/project/appdirs>`_ to resolve the cache directory. Adds a vendored dependency on appdirs to pkg_resources. * #748: By default, sdists are now produced in gzipped tarfile format by default on all platforms, adding forward compatibility for the same behavior in Python 3.6 (See Python #27819). * #459 via #736: On Windows with script launchers, sys.argv[0] now reflects the name of the entry point, consistent with the behavior in distlib and pip wrappers. * #752 via #753: When indicating ``py_limited_api`` to Extension, it must be passed as a keyword argument. * Add Extension(py_limited_api=True). When set to a truthy value, that extension gets a filename apropriate for code using Py_LIMITED_API. When used correctly this allows a single compiled extension to work on all future versions of CPython 3. The py_limited_api argument only controls the filename. To be compatible with multiple versions of Python 3, the C extension will also need to set -DPy_LIMITED_API=... and be modified to use only the functions in the limited API. * #739 Fix unquoted libpaths by fixing compatibility between `numpy.distutils` and `distutils._msvccompiler` for numpy < 1.11.2 (Fix issue #728, error also fixed in Numpy). * #731: Bump certifi. * Style updates. See #740, #741, #743, #744, #742, #747. * #735: include license file. * #612 via #730: Add a LICENSE file which needs to be provided by the terms of the MIT license. * #725: revert `library_dir_option` patch (Error is related to `numpy.distutils` and make errors on non Numpy users). * #720 * #723: Improve patch for `library_dir_option`. * #717 * #713 * #707: Fix Python 2 compatibility for MSVC by catching errors properly. * #715: Fix unquoted libpaths by patching `library_dir_option`. * #714 and #704: Revert fix as it breaks other components downstream that can't handle unicode. See #709, #710, and #712. * #704: Fix errors when installing a zip sdist that contained files named with non-ascii characters on Windows would crash the install when it attempted to clean up the build. * #646: MSVC compatibility - catch errors properly in RegistryInfo.lookup. * #702: Prevent UnboundLocalError when initial working_set is empty. * #686: Fix issue in sys.path ordering by pkg_resources when rewrite technique is "raw". * #699: Fix typo in msvc support. * #609: Setuptools will now try to download a distribution from the next possible download location if the first download fails. This means you can now specify multiple links as ``dependency_links`` and all links will be tried until a working download link is encountered. * #688: Fix AttributeError in setup.py when invoked not from the current directory. * Cleanup of setup.py script. * Fixed documentation builders by allowing setup.py to be imported without having bootstrapped the metadata. * More style cleanup. See #677, #678, #679, #681, #685. * #674: Default ``sys.path`` manipulation by easy-install.pth is now "raw", meaning that when writing easy-install.pth during any install operation, the ``sys.path`` will not be rewritten and will no longer give preference to easy_installed packages. To retain the old behavior when using any easy_install operation (including ``setup.py install`` when setuptools is present), set the environment variable: SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite This project hopes that that few if any environments find it necessary to retain the old behavior, and intends to drop support for it altogether in a future release. Please report any relevant concerns in the ticket for this change. * #398: Fix shebang handling on Windows in script headers where spaces in ``sys.executable`` would produce an improperly-formatted shebang header, introduced in 12.0 with the fix for #188. * #663, #670: More style updates. * #516: Disable ``os.link`` to avoid hard linking in ``sdist.make_distribution``, avoiding errors on systems that support hard links but not on the file system in which the build is occurring. * #667: Update Metadata-Version to 1.2 when ``python_requires`` is supplied. * #631: Add support for ``python_requires`` keyword. * More style updates. See #660, #661, #641. * #659: ``setup.py`` now will fail fast and with a helpful error message when the necessary metadata is missing. * More style updates. See #656, #635, #640, [#644], #650, #652, and #655. * Updated style in much of the codebase to match community expectations. See #632, #633, #634, [#637], #639, #638, #642, #648. * If MSVC++14 is needed ``setuptools.msvc`` now redirect user to Visual C++ Build Tools web page. * #625 and #626: Fixes on ``setuptools.msvc`` mainly for Python 2 and Linux. * Pull Request #174: Add more aggressive support for standalone Microsoft Visual C++ compilers in msvc9compiler patch. Particularly : Windows SDK 6.1 and 7.0 (MSVC++ 9.0), Windows SDK 7.1 (MSVC++ 10.0), Visual C++ Build Tools 2015 (MSVC++14) * Renamed ``setuptools.msvc9_support`` to ``setuptools.msvc``. Re-release of v23.2.0, which was missing the intended commits. * #623: Remove used of deprecated 'U' flag when reading manifests. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-bash-completion systemd-logger systemd-sysvinit udev - Add a script to fix /var/lib/machines to make it suitable for rollbacks (bsc#992573992573)