openSUSE Recommended Update: alsa-utils: Fixes a few alsactl bugs
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1134-1
Rating: low
References: #895581
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with alsa-utils:
- bnc#895581: Fixes a few alsactl bugs (bnc#895581)
- now the lock file is created in /var/lock directory instead of /var/lib
Release 1.9.0
Redesign the property menus, use sub-menus instead of toggles
The toogles are very confusing, one cannot easily see to which
mode one will switch when a toggle is clicked. When the floating panel
is shown, tooltips explain to which mode will switch. But the floating
panel is never shown in Gnome3, so this does not help for Gnome3.
User feedback also shows that many users are confused whether the
currently visible menu entry in case of a toggles shows the state
which is currently used or the state one will switch to when that
toggle is clicked.
For toggles which have more than 2 values, for example the Chinese mode:
0 means to show simplified Chinese only
1 means to show traditional Chinese only
2 means to show all characters but show simplified Chinese first
3 means to show all characters but show traditional Chinese first
4 means to show all characters
it is tedious to change from mode 0 to mode 4 for example:
Open the menu, click on the toggle, menu closes and one has
changed to mode 1. Repeat 3 more times to get to mode 4.
The new system to use sub-menus instead of toogles also agrees better
with:
https://wiki.gnome.org/AllanDay/IMEGuidelines
> Avoid mutable menu items (menu items whose label changes after it has
> been selected). Instead, consider providing two adjacent menu items
> for the commands. Then make the items sensitive or insensitive as the
> situation demands.
>
> Do not use mutable menu items to toggle a two-state setting (for
> example, Show and Hide). Use a check box or radio buttons instead.
* Fixed deprecated GtkHBox, GtkVBox and GtkStock since GTK+ 3.10.
* Fixed deprecated warnings with python3-gobject 3.13.3.
* Set max-width-chars property in ibus-anthy-setup wrapped GtkLabel.
* Set a parent window from 'IBUS_SETUP_XID' environment variable in setup.
* Replare FileNotFoundError with IOError for python2 compatibility. (#1736)
* Changed fequency 500 to 0.
* Added Emoji dictionary.
* Set preview_lines to -1 in zip code.
* Added search entry in view dictionary dialog.
* Fixed Gtk.SearchEntry.search-changed signal for gtk 3.8.
* Enable preedit color on external preedit window with x11 applications. 2e8de03
* Do not fail ibus-setup when en_US.UTF-8 is not installed. a78c0b8
* Fix compose keys in French layout bepo variant. 6dcb2dd
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370#896624#897890#900941#901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nspr:
- update to version 4.10.7
* bmo#836658: VC11+ defaults to SSE2 builds by default.
* bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103
PR_NewThreadPrivateIndex.
* bmo#1026129: Replace some manual declarations of MSVC intrinsics with
#include <intrin.h>.
* bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip
compiler checks when using MSVC, even when $CC is not literally "cl".
* bmo#1034415: NSPR hardcodes the C compiler to cl on Windows.
* bmo#1042408: Compilation fix for Android > API level 19.
* bmo#1043082: NSPR's build system hardcodes -MD.
==============================================================================
openSUSE Security Update: MozillaFirefox to Firefox 32
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1099-1
Rating: moderate
References: #894201#894370
Cross-References: CVE-2014-1553 CVE-2014-1562 CVE-2014-1563
CVE-2014-1564 CVE-2014-1565 CVE-2014-1567
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
...
Mozilla NSS was updated to 3.16.4: Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
==============================================================================
openSUSE Security Update: mozilla-nss: update to avoid signature forgery
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1232-1
Rating: critical
References: #897890
Cross-References: CVE-2014-1568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mozilla NSS is vulnerable to a variant of a signature forgery attack
previously published by Daniel Bleichenbacher. This is due to lenient
parsing of ASN.1 values involved in a signature and could lead to the
forging of RSA certificates.
==============================================================================
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370#896624#897890#900941#901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nss:
- update to 3.17.1 (bnc#897890)
* Change library's signature algorithm default to SHA256
* Add support for draft-ietf-tls-downgrade-scsv
* Add clang-cl support to the NSS build system
* Implement TLS 1.3:
* Part 1. Negotiate TLS 1.3
* Part 2. Remove deprecated cipher suites andcompression.
* Add support for little-endian powerpc64
- update to 3.17
* required for Firefox 33 New functionality:
* When using ECDHE, the TLS server code may be configured to generate a
fresh ephemeral ECDH key for each handshake, by setting the
SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the
server's ephemeral ECDH key is reused for multiple handshakes. This
option does not affect the TLS client code, which always generates a
fresh ephemeral ECDH key for each handshake. New Macros
* SSL_REUSE_SERVER_ECDHE_KEY Notable Changes:
* The manual pages for the certutil and pp tools have been updated to
document the new parameters that had been added in NSS 3.16.2.
* On Windows, the new build variable USE_STATIC_RTL can be used to
specify the static C runtime library should be used. By default the
dynamic C runtime library is used.
Update DEPENDS
Upstream changes:
2.1400 2014-10-31
[BUG FIXES]
- Moose exception classes now stringify all stack frames, to avoid issues
in global destruction (see RT#99811)
2.1307 2014-10-26 (TRIAL RELEASE)
[ENHANCEMENTS]
- Support added to Moose::Exporter for exporting subs by their fully
qualified name, as well as coderefs. This avoids internal breakage if some
other module has monkey-patched a sub to be exported and left it anonymous
(e.g. RT#88669). (Graham Knop)
[BUG FIXES]
- Further refined the overloading fixes from 2.1306, fixing fallback
handling on older perl versions (Dave Rolsky)
2.1306 2014-10-25 (TRIAL RELEASE)
[ENHANCEMENTS]
- Rewrote overloading implementation to use a new Class::MOP::Overload
object. This object properly captures all overloading information. The
Class::MOP::Method::Overload class has been removed. (Dave Rolsky)
[BUG FIXES]
- If a role had method-based overloading but did not actually implement the
specified method, its overloading was simply ignored when applying
overloading to other roles or classes. Reported by rjbs. RT #98531.
2.1305 2014-10-22 (TRIAL RELEASE)
[ENHANCEMENTS]
- By default, exceptions thrown from inside Moose now remove most of the
Moose internals from their stack trace when stringifying. This makes for
much more readable error messages in most cases. Set the
MOOSE_FULL_EXCEPTION env var to true to get the complete stack trace.
2.1304 2014-09-25 (TRIAL RELEASE)
[BUG FIXES]
- closed a memory leak in Moose exception objects where captured stack
trace frames would contain circular references to the exception objects
themselves (Graham Knop)
2.1303 2014-09-19 (TRIAL RELEASE)
[TEST FIXES]
- fix tests that fail on altered warning messages in perl 5.21.4 (RT#98987)
2.1302 2014-08-19 (TRIAL RELEASE)
[BUG FIXES]
- When a role consumes another role and they differ in their overloading
fallback settings, the consuming role now silently wins instead of
throwing an exception. This is consistent with how other
role-consumes-role conflicts are handled.
- Fixed the docs for overloading conflicts to match reality.
2.1301 2014-08-19 (TRIAL RELEASE)
[BUG FIXES]
- Conflict detection for overloading operators is now more correct. If a
class consumed two roles that both had identical overloading methods
(because they got them from some other role, for example), this caused an
error, but it shouldn't. GH #4. (rjbs)
- Similarly, when a role consumes another role, conflicts in overloading
operators are now silently resolved in favor of the consuming role, just
as they are with methods. Note that conflicts between the fallback setting
for roles are still an error.
2.1300 2014-08-11 (TRIAL RELEASE)
[ENHANCEMENTS]
- Moose now has core support for overloading in roles. When a role with
overloading is applied to classes or other roles, the overloading settings
are transferred to the consumer. Conflicts between roles are treated much
like method conflicts. This obviates the need for
MooseX::Role::WithOverloading. If you are using
MooseX::Role::WithOverloading, upgrade to version 0.15+ and it will simply
become a no-op when used with this version of Moose.
[OTHER]
- The overloading info methods for roles and classes no longer treat
"fallback" as an overloaded op. Instead, there are new
get_overload_fallback_value() and set_overload_fallback_value() methods to
deal with this explicitly. This is arguably a bug fix.
openSUSE Security Update: update for krb5, krb5-doc, krb5-mini
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1043-1
Rating: moderate
References: #891082
Cross-References: CVE-2014-4345
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Thit MIT krb5 update fixes the following security issue:
- buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345)
==============================================================================
openSUSE Security Update: update for pulseaudio
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0946-1
Rating: moderate
References:
Cross-References: CVE-2014-3970
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issue: (bnc#881524)
CVE-2014-3970 - Denial of service in module-rtp-recv
==============================================================================
openSUSE Recommended Update: pulseaudio: Fixes resource leak
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1323-1
Rating: low
References:
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update fixes the following issue with pulseaudio:
- Fixes resource leak
Bump PKGREVISION to 3.
==============================================================================
openSUSE Security Update: libxml2, python-libxml2: Reverted patch for CVE-2014-0191
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0753-1
Rating: moderate
References: #876652
Cross-References: CVE-2014-0191
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Removed fix for CVE-2014-0191. This fix breaks existing applications and
there's currently no way to prevent that.
==============================================================================
openSUSE Security Update: update to fix CVE-2014-3660
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1330-1
Rating: moderate
References: #901546
Cross-References: CVE-2014-3660
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes a denial of service vulnerability when expanding
recursive entity (CVE-2014-3660) bnc#901546
Update DEPENDS
Upstream changes:
1.00 2014-08-22
- bump version to 1.00
0.06 2014-08-19
- add JSON Prereq as AutoPrereqs does not find it
0.05 2014-08-18
- work around namespace problems in older perls ( < 5.18.0 )
0.04 2014-08-16
- dropped dependency on JSON::XS
==============================================================================
openSUSE Recommended Update: aaa_base: fixed xdg-environment.sh zsh compatibility
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0778-1
Rating: low
References: #875118
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
The xdg-environment.sh script in aaa_base was not able to be used with the
zsh shell. This was fixed.
==============================================================================
openSUSE Recommended Update: aaa_base: remove "text/js" from mime.types
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0918-1
Rating: low
References: #812427
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with aaa_base:
- bnc#812427: remove "text/js" from mime.types
=============================================================================
openSUSE Recommended Update: aaa_base: various bugfixes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1262-1
Rating: moderate
References: #721682#860083#861124#880103#882918
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
The system base scripts in aaa_base were updated to fix various bugs:
- remove no longer supported sysconfig settings (bnc#721682)
- update service man page
- always pass --full to systemctl (bnc#882918)
- Enable service script to return LSB status exit values (bnc#880103)
- implement legacy actions (bnc#861124)
- Enable service script to reload systemd if required
- handle targets in /sbin/service as well
- Check systemd service using LoadState (bnc#860083)
Upstream changes:
0.12 2014-01-11 15:52:52
- fix bogus prereqs, PR from felliott (Fitz Elliott)
0.11 2014-01-07 16:04:55
- add +_traits_behave_like_roles config attribute which prevents roles from
overriding class methods, matching the behavior of regular Moose roles
- remove Class::MOP::load_class and use Class::Load due to deprecation
warning
Upstream changes:
0.29 2011-12-08
- Fix warnings_once.t to not die if Test::NoWarnings isn't installed (Kaare)
0.28 2011-12-05
- Fix RT Bug #46086, "name used only once" (Thanks chisel for the patch and
the test)
Upstream changes:
0.10 2013-11-13 01:13:05Z
- repository migrated from shadowcat to the github moose organization
- eliminate race conditions between tests by using separate tempdirs for
config files
- resolve failing test report by removing unnecessary and undeclared prereq
Upstream changes:
0.15 2014-08-12 05:16:31Z
- forward-compat mode added for Moose 2.1300, which cores all of
this distribution's functionality
0.14 2014-07-30 20:05:32Z
- Fixed a bug with Perl 5.18+ that caused this module to simply blow
up with an error like "Use of uninitialized value in subroutine
entry at .../Class/MOP/Package.pm ..." (Dave Rolsky)
- Line numbers in shipped code are now almost the same (within 3) as
the repository source, for easier debugging
- Repository migrated to the github moose organization
- Unneeded init_meta method removed (Dave Rolsky)
Upstream changes:
1.08 2014-08-23 22:38:12Z
- add x_breaks metadata for incompatibility issue with MooseX::Storage
(now resolved with MooseX-Storage-0.47)
1.07 2014-08-06 05:44:11Z
- re-release to remove README.pod from shipped dist
1.06 2014-08-02 04:34:06Z
- Restored MooseX::Role::Parameterized->current_metaclass as a public
method. Apparently there is code on CPAN that relies on this.
1.05 2014-07-31 18:26:03Z
- If a parameterizable role was reinitialized after any parameters or a
role block was declared, those declarations were lost. Reinitialization
usually occurs when new metaroles are applied to the role by other
MooseX modules.
1.04 2014-07-31 14:53:26Z
- Convert this distribution to Dist::Zilla to resolve packaging insanity
1.03 2014-07-30
- This extension is now implemented as a role metarole, which means it can
(mostly) cooperate with other role extensions, such as
MooseX::Role::WithOverloading. Note that you should load
MooseX::Role::Parameterized _after_ other extensions.
- This module no longer supports passing a "-metaclass" parameter when you
load it. This was an artifact from a much earlier era of Moose
extensions.
- repository migrated to the github moose organization
Upstream changes:
2.00 2014-11-01
[BACKWARDS INCOMPATIBILITIES]
- The no_refs constructor parameter is now deprecated, and has been replace by
a new unsafe_ref_capture parameter that defaults to false, meaning no
references are captured by default. Capturing references by default caused
too many issues that couldn't be worked around, including running DESTROY
blocks multiple times on captured objects in the worst case.
- Removed support for the long-deprecated no_object_refs constructor parameter
(deprecated in 2002!).
