Upstream changes:
- Support the CACHE instruction as (for now) a nop.
- Provide the MIPS32 config0 and config1 registers, and pretend to
have 4K each L1 I/D caches. The cache remains fully coherent.
- Don't allow r2000/r3000 (mips-I) style cache flushes.
- Add a disk161 utility for manipulating disk images, and don't
keep disk image sizes in sys161.conf any more.
- Edit/revise the processor docs.
- Fix build with gcc 4.8.
- Provide flock() compat for legacy OSes without it. (Hi, Solaris.)
openSUSE Security Update: curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1139-1
Rating: important
References: #894575#895991
Cross-References: CVE-2014-3613 CVE-2014-3620
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
libcurl was updated to fix security issues:
CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned
or used for other numeric IP hosts if portions of the numerics were the
same.
CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains,
making them to broad.
openSUSE Security Update: glibc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1115-1
Rating: important
References: #887022#892073#894553
Cross-References: CVE-2014-0475 CVE-2014-5119 CVE-2014-6040
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
LibDsk is a library intended to give transparent access to floppy
drives and to the "disc image files" used by emulators to represent
floppy drives. It currently supports the following disc image
formats:
- Raw "dd if=foo of=bar" images;
- Raw images in logical filesystem order;
- CPCEMU-format .DSK images (normal and extended);
- CFI-format disc images, as produced by FDCOPY.COM;
- ApriDisk-format disc images;
- NanoWasp-format disc images, used by the eponymous emulator;
- Yaze 'ydsk' disc images, created by the 'yaze' emulators;
- Disc images created by Teledisk and CopyQM (read only);
- The floppy drive under Linux.
simulavr asks for libiberty.a.
With avr-gcc 4.5.3 and avr-binutils-2.23.2, binutils is installing
libiberty.a
But with new binutils-2.24, it won't install libiberty. Instead,
avr-gcc-4.8.3 will provied libiberty.
Makefile (of simulavr) now has pointer to PATH of libiberty now
as:
CONFIGURE_ARGS+= --with-libiberty=${PREFIX}/lib/gcc/avr
(Add patches)
patch-src_systemclock_cpp (rename from patch-src_systemclock.cpp)
patch-src_systemclock_h
patch-src_traceval_cpp
patch-src_traceval_h
clang flags as resize unresolved reference,
backport from git repository (as of 2013-09-15).
patch-examples_atmel_key_StdDefs_c Status: Locally Added
passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
Changes:
- use flock() on disk images to avoid accidents
- improve gdb interface to treat CPUs as "threads"
- rework tty handling; now behaves when backgrounded
- change disk image names in sample config to match OS/161 usage
- rework timing code and fix bug with bogus large idle counts
- rework and retune main loop; much faster
- use more gcc warnings
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0977-1
Rating: low
References: #886016#888697
Cross-References: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343
CVE-2014-4344
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following security isses are fixed in this update:
CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC
1964 tokens (bnc#886016)
CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0978-1
Rating: moderate
References: #870855
Cross-References: CVE-2013-6369
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The following security issue is fixed in this update
- [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow
Incompatible changes:
---------------------
The 82573L NIC was incorrectly treated as an 8254xx model. It no longer works correctly on either Linux (3.14.*) or Windows 7 and has been removed.
On x86, migration from QEMU 1.7 to QEMU 2.0 was broken if the guest had PCI bridges or for some number of CPUs (12, 13, 14, 54, 55, 56, 97, 98, 99, 139, 140) are the only ones). QEMU 2.1 fixes this, so that migration from QEMU 1.7 to QEMU 2.1 should always work. However, the fix breaks the following scenarios instead:
migration from QEMU 2.0 to QEMU 2.1 with PCI bridges and machine types pc-i440fx-1.7/pc-i440fx-2.0
migration from QEMU 2.0 to QEMU 2.1 with the aforementioned number of CPUs and machine type pc-i440fx-1.7
Future incompatible changes:
----------------------------
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
Starting with QEMU xyz.jkl, -readconfig will standardize on the name for the command line option.
ARM
---
Firmware can be passed to the vexpress machine via -bios.
Improvements to Allwinner SoC emulation.
AArch64 TCG system emulation support.
AArch64 SHA and Crypto instruction support.
LM32
----
Support for semihosting.
Microblaze
----------
Support for u-boot initrd images.
MIPS
----
Support for KVM in the Malta board.
more...
* Update EmuTOS image to 0.9.3
Changelog:
2013/04/12 - version 0.9.16 released @ atariada.cz
Major highlights of this release:
o JIT CPU compiler supported on 64-bit Linux and Mac OS X now!
(Jens made a miracle)
o MFPR FPU emulation should be perfect
(Andreas ironed out few remainings bugs)
o Ethernet support under Mac OS X should be way better
(Philipp added support for big packets and multi-packets)
o ARAnyM (with JIT?) now runs also on ARM platform driven by Linux
(is Jens planning on making a blazing fast ARAnyM on Android?)
o new config setting "LoadToFastRAM" to load kernel in FastRAM
(is Andreas working on fixing Linux-m68k issues in FastRAM?)
o David Gálvez improved NatFeat USB support (now requires FreeMiNT 1.17+)
There's also a small set of bugs fixed in this release - mainly in Mac OS X
thanks to Philipp but also some generic things like GPIP (Patrice).
Update fixes nine security issues
Announcement ID: openSUSE-SU-2014:0819-1
Description:
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
Bump PKGREVISION.
Upstream changes (no English changelog):
20140607:
X11 dependent part:
Change filenames of config file and status files for xnp21 binary
built by --enable-build-all:
- config files
$(HOME)/.np2/np21rc
- status files
$(HOME)/.np2/sav/np21.sav
$(HOME)/.np2/sav/np21.s00 etc.
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
pkgsrc changes:
- remove xnp2-ia32 option
- always build both xnp2 (80286 core) and xnp21 (IA-32 core) binaries
Upstream changes (no English changelog):
- --enable-build-all option to configure that enables to build
both 80286 core and IA-32 core binaries is added
(per my request, thanks nonaka@)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
libxml2, python-libxml2: Prevent external entities from being loaded
Description:
Updated fix for openSUSE-SU-2014:0645-1 because of a regression that
caused xmllint to break.
Bump PKGREVISION.
libXfont: Fixed multiple vulnerabilities
An update that fixes three vulnerabilities is now available.
Description:
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing
(CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies
(CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies
(CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to
raise privileges
or by a remote attacker with control of the font server to execute code
with the privileges of the X server.
