Packages changed: bind installation-images-openSUSE (14.269 -> 14.270) kernel-source (4.7.4 -> 4.7.5) meld (3.16.2 -> 3.16.3) openssl (1.0.2h -> 1.0.2j) python-cryptography wxWidgets-3_0 === Details === ==== bind ==== Subpackages: bind-chrootenv bind-doc bind-utils idnkit libbind9-140 libdns162 libidnkit1 libirs141 libisc160 libisccc140 libisccfg140 liblwres141 - Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362). ==== installation-images-openSUSE ==== Version update (14.269 -> 14.270) - adjust to release package changes - update documentation - extend file list syntax - adjust to obs api change - 14.270 ==== kernel-source ==== Version update (4.7.4 -> 4.7.5) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - rpm/package-descriptions: Add 64kb kernel flavor description - commit 8462c50 - scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (bsc#999932 CVE-2016-7425). - commit 135aa22 - Linux 4.7.5 (CVE-2016-6828 bnc#994066 bsc#993996 bsc#994296). - Delete patches.fixes/drm-i915-Ignore-OpRegion-panel-type-except-on-select. - Delete patches.fixes/mm-oom-prevent-premature-OOM-killer-invocation-for-h.patch. - Delete patches.fixes/tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch. - Delete patches.rpmify/i915-fix-build-error-with-werror. - commit c7aed11 - arm64: disable hvc_dcc - commit 89df77c - arm64: Relocate screen_info.lfb_base on PCI BAR allocation (bsc#975159). - commit c3f6949 - arm64: Refuse to install 4k kernel on 64k system - commit 5565330 - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - commit cf44e6a ==== meld ==== Version update (3.16.2 -> 3.16.3) Subpackages: meld-lang - Update to version 3.16.3: + Fix bad scroll syncing and inability to move between comparison chunks in file comparisons. + Improve version control view behaviour when opening missing paths. + Fix saving of text created in blank comparison. + GTK+ 3.22 compatibility fixes for saving window size. + Fix formatted patches missing newlines in certain cases. + Silence GTK+ warning logging if not running in uninstalled (i.e. development) mode. + Update AppData. + Updated translations. ==== openssl ==== Version update (1.0.2h -> 1.0.2j) Subpackages: libopenssl-devel libopenssl1_0_0 libopenssl1_0_0-32bit - update to openssl-1.0.2j * Missing CRL sanity check (CVE-2016-7052 bsc#1001148) - OpenSSL Security Advisory [22 Sep 2016] (bsc#999665) Severity: High * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) (bsc#999666) Severity: Low * Pointer arithmetic undefined behaviour (CVE-2016-2177) (bsc#982575) * Constant time flag not preserved in DSA signing (CVE-2016-2178) (bsc#983249) * DTLS buffered message DoS (CVE-2016-2179) (bsc#994844) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) (bsc#990419) * DTLS replay protection DoS (CVE-2016-2181) (bsc#994749) * OOB write in BN_bn2dec() (CVE-2016-2182) (bsc#993819) * Birthday attack against 64-bit block ciphers (SWEET32) (CVE-2016-2183) (bsc#995359) * Malformed SHA512 ticket DoS (CVE-2016-6302) (bsc#995324) * OOB write in MDC2_Update() (CVE-2016-6303) (bsc#995377) * Certificate message OOB reads (CVE-2016-6306) (bsc#999668) - update to openssl-1.0.2i * remove patches: openssl-1.0.2a-new-fips-reqs.patch openssl-1.0.2e-fips.patch * add patches: openssl-1.0.2i-fips.patch openssl-1.0.2i-new-fips-reqs.patch - fix crash in print_notice (bsc#998190) * add openssl-print_notice-NULL_crash.patch ==== python-cryptography ==== - python-cryptography-enable-gost.patch: temporary patch to run tests against 1.0.2i, GOST cert extraction now works. ==== wxWidgets-3_0 ==== Subpackages: libwx_baseu-suse1 libwx_baseu_net-suse1 libwx_baseu_xml-suse1 libwx_gtk2u_adv-suse1 libwx_gtk2u_aui-suse1 libwx_gtk2u_core-suse1 libwx_gtk2u_gl-suse1 libwx_gtk2u_html-suse1 libwx_gtk2u_media-suse1 libwx_gtk2u_propgrid-suse1 libwx_gtk2u_qa-suse1 libwx_gtk2u_richtext-suse1 libwx_gtk2u_stc-suse1 libwx_gtk2u_webview-suse1 libwx_gtk2u_xrc-suse1 - Also apply wxWidgets-3_0-gstreamer-1.0.patch to -nostl specfile, and switch its BR to gstreamer-1.0 too; this was missed in the previous submission.