Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the gstreamer shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the gstreamer shared libraries.
Bump PKGREVISION to 4.
openSUSE Security Update: Security update for jasper
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1644-1
Rating: moderate
References: #906364
Cross-References: CVE-2014-9029
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
jasper was updated to fix one security issue.
This security issue was fixed:
- Heap overflows in libjasper (CVE-2014-9029).
Changelog:
# System emulation
## Future incompatible changes
* Three options are using different names on the command line and in configuration file. In particular:
** The "acpi" configuration file section matches command-line option "acpitable";
** The "boot-opts" configuration file section matches command-line option "boot";
** The "smp-opts" configuration file section matches command-line option "smp".
Starting with QEMU xyz.jkl, -readconfig will standardize on the name for the command line option.
## ARM
* Support for loading a device tree even with no -kernel option or when booting ELF images
* Support for input interrupts in the PL061 GPIO controller
* TCG can emulate breakpoints and watchpoints.
* Support for PSCI firmware interface emulating in TCG
** enables clean shutdown from non-kvm guests
## MIPS
* Support for MIPS64 Release 6 emulation.
* Support for MIPS SIMD Architecture emulation.
* Fix for incorrectly handled delay slots in MIPS16 and microMIPS.
## PowerPC
* Mac OS X 10.2, 10.3 and 10.4 guests run with the mac99 machine type.
* Bugfixes and optimization for TCG emulation of PowerPC targets.
### IBM (pSeries)
* Support for the "nmi" monitor command, to enter the kernel debugger.
* Live migration support for NVRAM
### Freescale (BookE)
* Breakpoint support on KVM.
* Support for the e500 platform bus and dynamic instantiation of FreeScale eTSEC devices (-device eTSEC).
* Support for MPC8XXX gpio controller to enable shutdown with 3.19+ Linux guests
## s390
* Enhance support for boot from DASD to handle more formats.
* Support for memory hotplug.
* Support for cpu state handling and migration.
* Support for booting newer kernels under TCG.
* Improved SMP startup and cpu online/offline performance especially for large guests
## SPARC
* Emulation of TCX hardware acceleration (allows X to run under NetBSD and Solaris)
* NetBSD and OpenBSD can now run under qemu-system-sparc64 in -nographic mode
## TriCore
* New target.
## x86
* Support for IOMMU (VT-d) emulation on the Q35 machine type, enabled with "-machine iommu=on".
* Support for specifying drives in short form on the command-line (i.e. using -cdrom, -hda, -drive if=ide) on the Q35 machine type.
* TCG is reported to run QNX.
* All CPUs now work with "-cpu MODEL,enforce", of course as long as TCG or KVM support the CPU's set of features. Previously, a few CPUs included extraneous CPUID flags that cause "-cpu MODEL,enforce" to fail.
## KVM
* More robust live migration of the kvm pv clock
* Support for AVX512
## Xen
* QEMU can now boot a bzImage or multiboot kernel under Xen, using the command line option -kernel.
## Xtensa
* New script for automatic core import from xtensa configuration overlay.
## Device emulation and assignment
* The boot order set for hot-plugged devices will take effect during reboot. In addition, the boot order can be dynamically modified via QOM.
### IDE
* More accurate emulation of AHCI, especially visible with Windows guests.
### SCSI
* Passthrough of vendor-specific commands now works (only with the virtio-scsi HBA).
* Initial support in virtio-scsi for a threaded backend, which is used in the same way as virtio-blk ("-object iothread,id=id" and "-device virtio-scsi-pci,iothread=id"). Note that the code has known thread-safety problems that can lead to QEMU using freed memory. They should not happen in normal use, they can be triggered easily by malicious guests. This option should only be used if you are interested in making relevant parts of QEMU thread safe.
* Support for LSI MegaRAID SAS 2108 HBAs (-device megasas-gen2). Note that booting from this device does not work yet.
* virtio-scsi can now execute Abort Task and Abort Task Set task management functions asynchronously.
### PCI/PCIe
* MSIs are now (correctly) disabled until bus master DMA is enabled for the device.
* Support for ARI forwarding on PCIe root ports.
### USB
* Support for hot-plugging XHCI/EHCI/UHCI controllers (in the case of EHCI/UHCI, only if there are no companion controllers).
* Support for USB 2.0 (high speed) mice and keyboards, complementing the existing support for high speed USB tablets. High speed devices avoid the less efficient UHCI controller, and thus use less CPU on the host.
### VGA
* The default vga device on x86 has been switched from cirrus to stdvga, which works better for most guests. However, Windows XP will not suspend to RAM anymore; the change can be undone with "-vga cirrus" and does not affect PC machine types of versions 2.1 and earlier.
## Character devices
* Support for automatic reconnection of client sockets (e.g. "-chardev socket,host=localhost,port=12345,nowait,reconnect=5").
## GUI
### Monitor
* The "info pcmcia" command was removed. PCMCIA hotplug was never implemented, and thus the command could only return static information.
## Network
* Samba 4.1 is now supported.
## Block devices in system emulation
* The list of functionality now supported in threaded virtio-blk backend is growing: new in 2.2 are resizing of disks, device hot-unplug, the embedded NBD server, and background jobs (backup, stream, mirror, commit).
# Block devices and tools
* QEMU is more resistent against failure of large allocations in the block layer
* Support for Archipelago as a QEMU block backend
* Support for Parallels images larger than 2TB.
* Migration now works when using qcow2 over Ceph.
* Network-based drivers (NBD, libiscsi, etc.) now work on Win32 hosts too.
* Source image cache mode can be set for qemu-img check, convert and rebase
* qemu-nbd has a new --detect-zeroes option.
* Progress report for qemu-img commit and qemu-img amend
# TCG
* In icount mode, it is possible to slow down emulation to match the requested CPU frequency (thus ensuring that the host and guest clocks remain aligned). This is enabled with "-icount N,align=on".
* A new "victim TLB" provides a 5-10% performance improvement.
# Tracing
* QEMU provides a SystemTap script that outputs binary trace data, for use in flight-recorder mode. The resulting traces can be parsed with QEMU's simpletrace.py script (using the --no-header command-line option).
# User-mode emulation
* New option: setting AT_RANDOM auxval with -seed option or QEMU_RAND_SEED env variable
* New system calls supported
** timerfd_create, timerfd_gettime and timerfd_settime
** ioprio_get and ioprio_set
** setns
** unshare
* epoll_pwait has been enabled on ARM
* Signal handling support added for PPC64
* Emulated contents of /proc/self/maps fixed
Changelog:
[20140817] Release 0.6.0.1. It has been a while since the last
release, and the SVN repository mirror at Sourceforge seems to be
broken, so it felt reasonable to package the current code into a
patch release. Not much has happened feature-wise since 0.6.0.
[20140816] On FreeBSD/amd64 with GCC 4.2.1 as the default compiler,
you may need to install GCC 4.8.4 and run the configure script like
this to avoid triggering a bug in the default compiler:
CXX=c++48 CXXFLAGS=-Wl,-rpath,/usr/local/lib/gcc48 ./configure
[20110820] Not much coding lately. The only thing worth mentioning
is that the Dreamcast emulation mode now gets further when running
Marcus Comstedt's test programs, and also shows "something" when
booting the PROM from my real Dreamcast. (This was in the legacy
Dreamcast mode, for fun. I haven't had time to work on the new
framework at all.)
[20100729] Uploaded a clip to YouTube, showing the NetBSD/pmax
install procedure in GXemul.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the gstreamer shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the gstreamer shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.
This package supports running ELF binaries linked with glibc2 that
require the sqlite3 shared libraries.
openSUSE Recommended Update: dbus-1
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1548-1
Rating: moderate
References:
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This recommended update for dbus-1 fixes the following issues:
- Update to 1.8.12:
+ Partially revert the CVE-2014-3639 patch by increasing the default
authentication timeout on the system bus from 5 seconds back to 30
seconds, since this has been reported to cause boot regressions for
some users, mostly with parallel boot (systemd) on slower hardware. On
fast systems where local users are considered particularly hostile,
administrators can return to the 5 second timeout (or any other value
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
<busconfig> <limit name="auth_timeout">5000</limit> </busconfig>
(fdo#86431)
+ Add a message in syslog/the Journal when the auth_timeout is exceeded
(fdo#86431)
+ Send back an AccessDenied error if the addressed recipient is not
allowed to receive a message (and in builds with assertions enabled,
don't assert under the same conditions). (fdo#86194)
Huge improvements to the FDC emulation
Support for STX files on any OS (with Hatari's own open source code), as well as support for IPF/CTR files
Write support for STX files, using .wd1772 files
Some various fixes to the video emulation
Many changes to the CPU related to prefetch
Some fixes to STE sound (microwire and LMC) and to Falcon sound
Some fixes to Gemdos HD emulation : clip filenames, autostart
Some fixes to ASCI HD : larger image, improve some commands
Changes to the UI : 2nd line of information at the bottom, better performances under SDL, more options in some screens
For developpers : more Natfeats commands, better tracing of OS calls (bios, xbios, ...), many additions to the debugger
-------------------
User-visible changes in version 1.5 (since version 1.4.1):
* New features/improvements:
* VMIPS now includes a basic direct-mapped cache simulation. The
cache isolation and cache swap bits in the CP0 Status register are
now honored.
* The boot monitor distributed with VMIPS now sets up a dummy
`argv[0]' value for the loaded program. Also, it halts by entering
an infinite loop rather than attempting to execute a `break'
instruction when it encounters an unexpected exception.
* The setup assembly routine distributed with VMIPS has been made
more TLB-friendly. Identity virtual-to-physical mappings for the
first few pages of physical RAM are installed in the TLB at program
start time.
* When `-o excmsg' is on, TLB miss addresses will be printed to
stderr.
* When `-o ttydev=stdout' is specified, simulated program output
will be sent to VMIPS's standard output, even if it is not a tty.
* The interactor can now disassemble memory. Also, stepping in the
interactor now prints the PC after each step.
* VMIPS now supports more of the GDB remote serial protocol, in
support of the GDB `info threads' and `detach' commands. The debug
protocol TCP port is now configurable via the `-o debugport'
option. Also, if something halts the program while the debugger
interface is active, VMIPS will tell GDB that the program exited.
* Bug fixes:
* A bug was fixed in the debugger interface where disconnecting from
the debugger socket could cause vmips to enter an infinite loop.
* The interactor will refuse to dump raw memory words at
non-word-aligned addresses.
* The CP0 Cause register IP field is now recomputed whenever the
register is read, rather than only when exceptions happen. This
makes polling loops with interrupts disabled work correctly.
* A bug was fixed in the DECstation-compatible clock device which was
preventing some of its registers from being zeroed properly.
* Some endianness bugs were fixed in the generic memory-mapped device
code and in the DECstation-compatible serial device.
openSUSE Security Update: openssl: fixed elliptic curve handshake failure
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1474-1
Rating: low
References: #905037
Affected Products:
openSUSE 13.2
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This openssl update fixes a TLS handshake problem when elliptic curves are
in use.
openSUSE Security Update: Security update for dbus-1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1455-1
Rating: moderate
References:
Cross-References: CVE-2014-7824
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
dbus-1 was updated to version 1.8.10 to fix one security issue and several
other issues.
This security issue was fixed:
- Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker
from exhausting the system bus' file descriptors (CVE-2014-7824).
* Crucial bug that would cause segmentation fault fixed.
* Fixed crucial bug related to Assembly core declarations.
* Fixed not applying default configurations on first execution.
openSUSE Security Update: update for openssl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1331-1
Rating: important
References: #901223#901277
Cross-References: CVE-2014-3513 CVE-2014-3566 CVE-2014-3567
CVE-2014-3568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following issues were fixed in this release:
CVE-2014-3566: SSLv3 POODLE attack (bnc#901223) CVE-2014-3513,
CVE-2014-3567: DTLS memory leak and session ticket memory leak
openSUSE Recommended Update: Fix a crash when removing an already removed handle.
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1274-1
Rating: low
References: #897816
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
No description available.
openSUSE Recommended Update: libqt4: fix cirrus driver issues
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1251-1
Rating: moderate
References: #847880
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
libqt4 was updated to fix the following bug:
When extracting a region of a QRasterPixmapData an optimization was using
the wrong bit depth for some calculations thus copying a different section
of the image than requested. This breaks specially the oxygen kde theme
under qemu when using a cirrus driver.
openSUSE Security Update: dbus-1: security and bugfix update to 1.8
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1228-1
Rating: moderate
References: #896453
Cross-References: CVE-2012-3524 CVE-2014-3635 CVE-2014-3636
CVE-2014-3637 CVE-2014-3638 CVE-2014-3639
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
DBUS-1 was upgraded to upstream release 1.8.
This brings the version of dbus to the latest stable release from an
unstable snapshot 1.7.4 that is know to have several regressions
- Upstream changes since 1.7.4:
+ Security fixes:
- Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
fdo#83622; Simon McVittie)
- Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with
a restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service in
which the dbus-daemon can be made to exceed the maximum number of
fds per sendmsg() and disconnect the process that would have
received them. (CVE-2014-3636, fdo#82820; Alban Crequy)
- Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to
150 seconds), removing the possibility of creating an abusive
connection that cannot be disconnected by setting up a circular
reference to a connection's file descriptor. (CVE-2014-3637,
fdo#80559; Alban Crequy)
- Reduce default for maximum pending replies per connection from 8192
to 128, mitigating an algorithmic complexity denial-of-service
attack (CVE-2014-3638, fdo#81053; Alban Crequy)
- Reduce default for authentication timeout on the system bus from 30
seconds to 5 seconds, avoiding denial of service by using up all
unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban
Crequy)
- On Linux >0 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
silently drop the message. This prevents an attack in which a
malicious client can make dbus-daemon disconnect a system service,
which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban
Crequy)
- Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another
attack in which a malicious client can make dbus-daemon disconnect a
system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
Martinez Suarez, Simon McVittie, Alban Crequy)
- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual
environments the same flaw could lead to a side channel between
processes that should not be able to communicate. (CVE-2014-3477,
fdo#78979)
+ Other fixes and enhancements:
- Check for libsystemd from systemd >= 209, falling back to the
older separate libraries if not found (Umut Tezduyar Lindskog, Simon
McVittie)
- On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fdo#83772, Simon McVittie)
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
Alban Crequy)
- Improve documentation for running tests on Windows (fdo#41252, Ralf
Habacker)
- When dbus-launch --exit-with-session starts a dbus-daemon but then
cannot attach to a session, kill the dbus-daemon as intended
(fdo#74698, Роман Донченко)
- in the CMake build system, add some hints for Linux users
cross-compiling Windows D-Bus binaries to be able to run tests under
Wine (fdo#41252, Ralf Habacker)
- add Documentation key to dbus.service (fdo#77447, Cameron Norman)
- in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id to
/var/lib/dbus/machine-id instead of generating an entirely new ID
(fdo#77941, Simon McVittie)
- if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fdo#74698, Роман Донченко)
- on Windows, allow up to 8K connections to the dbus-daemon, instead
of the previous 64 (fdo#71297; Cristian Onet, Ralf Habacker)
- cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fdo#75863, Руслан
Ижбулатов)
- Enhance the CMake build system to check for GLib and compile/run a
subset of the regression tests (fdo#41252, fdo#73495; Ralf Habacker)
- don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840, Ralf
Habacker)
- fix compilation of systemd journal support on older systemd versions
where sd-journal.h doesn't include syslog.h (fdo#73455, Ralf
Habacker)
- fix compilation on older MSVC versions by including stdlib.h
(fdo#73455, Ralf Habacker)
- Allow <allow_anonymous/> to appear in an included configuration file
(fdo#73475, Matt Hoosier)
- If the tests crash with an assertion failure, they no longer default
to blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT
in the environment if you want the old behaviour.
- To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop
tests can be run with an external dbus-daemon by setting
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
an unusually-configured dbus-daemon are skipped.
- don't require messages with no INTERFACE to be dispatched
(fdo#68597, Simon McVittie)
- document "tcp:bind=..." and "nonce-tcp:bind=..." (fdo#72301,
Chengwei Yang)
- define "listenable" and "connectable" addresses, and discuss the
difference (fdo#61303, Simon McVittie)
- support printing Unix file descriptors in dbus-send, dbus-monitor
(fdo#70592, Robert Ancell)
- don't install systemd units if --disable-systemd is given
(fdo#71818, Chengwei Yang)
- don't leak memory on out-of-memory while listing activatable or
active services (fdo#71526, Radoslaw Pajak)
- fix undefined behaviour in a regression test (fdo#69924, DreamNik)
- escape Unix socket addresses correctly (fdo#46013, Chengwei Yang)
- on SELinux systems, don't assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to their
values in the reference policy (fdo#88719, osmond sun)
- define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4
headers (fdo#71366, Matt Fischer)
- define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
winsock2.h (fdo#71405, Matt Fischer)
- do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fdo#72298, Chengwei Yang)
- on BSD systems, avoid some O(1)-per-process memory and fd leaks in
kqueue, preventing test failures (fdo#69332, fdo#72213; Chengwei
Yang)
- fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix
sockets, which doesn't do anything anyway on at least Linux and
FreeBSD (fdo#69492, Simon McVittie)
- fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
for credentials more correctly (fdo#69492, Simon McVittie)
- ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fdo#61301, Simon
McVittie)
- refresh cached policy rules for existing connections when bus
configuration changes (fdo#39463, Chengwei Yang)
- If systemd support is enabled, libsystemd-journal is now required.
- When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will still
be logged as if it had dbus-daemon's process ID and user ID.
(fdo#68559, Chengwei Yang)
- Document more configuration elements in dbus-daemon(1) (fdo#69125,
Chengwei Yang)
- Don't leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and then encounters
an error (fdo#21259, Chengwei Yang)
- If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in
1.7.6 (fdo#49062, Colin Walters)
- path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fdo#70799, Simon McVittie)
- Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need to
send SIGHUP to the dbus-daemon when its configuration changes.
(fdo#33001, Chengwei Yang)
- Compiling with --disable-userdb-cache is no longer supported; it
didn't work since at least 2008, and would lead to an extremely slow
dbus-daemon even it worked. (fdo#15589, fdo#17133, fdo#66947;
Chengwei Yang)
- The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be
consistent with the Autotools build system. (fdo#66142, Chengwei
Yang)
- --with-valgrind=auto enables Valgrind instrumentation if and only if
valgrind headers are available. The default is still
--with-valgrind=no. (fdo#56925, Simon McVittie)
- Platforms with no 64-bit integer type are no longer supported.
(fdo#65429, Simon McVittie)
- GNU make is now (documented to be) required. (fdo#48277, Simon
McVittie)
- Full test coverage no longer requires dbus-glib, although the tests
do not exercise the shared library (only a static copy) if dbus-glib
is missing. (fdo#68852, Simon McVittie)
- D-Bus Specification 0.22
* Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)
* Fix example .service file (fdo#66481, Chengwei Yang)
* Don't claim D-Bus is "low-latency" (lower than what?), just give
factual statements about it supporting async use (fdo#65141, Justin Lee)
* Document the contents of .service files, and the fact that system
services' filenames are constrained (fdo#66608; Simon McVittie, Chengwei
Yang)
- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility
with older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so. (fdo#54972,
Simon McVittie)
- Add GetConnectionCredentials() method (fdo#54445, Simon)
- New API: dbus_setenv(), a simple wrapper around setenv(). Note that
this is not thread-safe. (fdo#39196, Simon)
- Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
connection, like --address=ADDRESS in previous versions) and
dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor
--address=ADDRESS). dbus-send --address still exists for backwards
compatibility, but is no longer documented. (fdo#48816, Andrey Mazo)
- "dbus-daemon --nofork" is allowed on Windows again. (fdo#68852,
Simon McVittie)
- Avoid an infinite busy-loop if a signal interrupts waitpid()
(fdo#68945, Simon McVittie)
- Clean up memory for parent nodes when objects are unexported
(fdo#60176, Thomas Fitzsimmons)
- Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fdo#69165, Chengwei Yang)
- Escape addresses containing non-ASCII characters correctly
(fdo#53499, Chengwei Yang)
- Document <servicedir> search order correctly (fdo#66994, Chengwei
Yang)
- Don't crash on "dbus-send --session / x.y.z" which regressed in
1.7.4. (fdo#65923, Chengwei Yang)
- If malloc() returns NULL in _dbus_string_init() or similar, don't
free an invalid pointer if the string is later freed (fdo#65959,
Chengwei Yang)
- If malloc() returns NULL in dbus_set_error(), don't va_end() a
va_list that was never va_start()ed (fdo#66300, Chengwei Yang)
- fix build failure with --enable-stats (fdo#66004, Chengwei Yang)
- fix a regression test on platforms with strict alignment (fdo#67279,
Colin Walters)
- Avoid calling function parameters "interface" since certain Windows
headers have a namespace-polluting macro of that name (fdo#66493,
Ivan Romanov)
- Assorted Doxygen fixes (fdo#65755, Chengwei Yang)
- Various thread-safety improvements to static variables (fdo#68610,
Simon McVittie)
- Make "make -j check" work (fdo#68852, Simon McVittie)
- Fix a NULL pointer dereference on an unlikely error path (fdo#69327,
Sviatoslav Chagaev)
- Improve valgrind memory pool tracking (fdo#69326, Sviatoslav Chagaev)
- Don't over-allocate memory in dbus-monitor (fdo#69329, Sviatoslav
Chagaev)
- dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107,
Chengwei Yang)
- If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fdo#69026, Chengwei Yang)
- If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for
instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang)
- Fix a file descriptor leak on an error code path. (fdo#69182,
Sviatoslav Chagaev)
- dbus-run-session: clear some unwanted environment variables
(fdo#39196, Simon)
- dbus-run-session: compile on FreeBSD (fdo#66197, Chengwei Yang)
- Don't fail the autolaunch test if there is no DISPLAY (fdo#40352,
Simon)
- Use dbus-launch from the builddir for testing, not the installed
copy (fdo#37849, Chengwei Yang)
- Fix compilation if writev() is unavailable (fdo#69409, Vasiliy
Balyasnyy)
- Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fdo#60340,
Simon McVittie)
- Make autogen.sh work on *BSD by not assuming GNU coreutils
functionality fdo#35881, fdo#69787; Chengwei Yang)
- dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei Yang)
- dbus-launch: stop using non-portable asprintf (fdo#37849, Simon)
- Improve error reporting from the setuid activation helper
(fdo#66728, Chengwei Yang)
- Remove unavailable command-line options from 'dbus-daemon --help'
(fdo#42441, Ralf Habacker)
- Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fdo#66060, Ralf Habacker)
- Fix insufficient dependency-tracking (fdo#68505, Simon McVittie)
- Don't include wspiapi.h, fixing a compiler warning (fdo#68852, Simon
McVittie)
- add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
conditionals (fdo#66142, Chengwei Yang)
- improve verbose-mode output (fdo#63047, Colin Walters)
- consolidate Autotools and CMake build (fdo#64875, Ralf Habacker)
- fix various unused variables, unusual build configurations etc.
(fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410,
fdo#70218; Chengwei Yang, Vasiliy Balyasnyy)
- dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to fix (fdo#63127)
? CVE-2012-3524: Don't access environment variables (fdo#52202)
(fdo#51521, Dave Reisner) ? Remove an incorrect assertion from
DBusTransport (fdo#51657, (fdo#51406, Simon McVittie) (fdo#51032, Simon
McVittie) (fdo#34671, Simon McVittie) ・ Check for libpthread under
CMake on Unix (fdo#47237, Simon McVittie) spec-compliance (fdo#48580,
David Zeuthen) non-root when using OpenBSD install(1) (fdo#48217,
Antoine Jacoutot) (fdo#45896, Simon McVittie) (fdo#39549, Simon
McVittie) invent their own "union of everything" type (fdo#11191, Simon
find(1) (fdo#33840, Simon McVittie) (fdo#46273, Alban Crequy) again on
Win32, but not on WinCE (fdo#46049, Simon (fdo#47321, Andoni Morales
Alastruey) (fdo#39231, fdo#41012; Simon McVittie)
* Add a regression test for fdo#38005 (fdo#39836, Simon McVittie) a
service file entry for activation (fdo#39230, Simon McVittie)
(fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) and
document it better (fdo#31818, Will Thompson) ? Let the bus daemon
implement more than one interface (fdo#33757, ? Optimize
_dbus_string_replace_len to reduce waste (fdo#21261, (fdo#35114, Simon
McVittie) ? Add dbus_type_is_valid as public API (fdo#20496, Simon
McVittie) to unknown interfaces in the bus daemon (fdo#34527, Lennart
Poettering) (fdo#32245; Javier Jardon, Simon McVittie) ? Correctly
give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, in embedded
environments (fdo#19997, NB#219964; Simon McVittie) ? Install the
documentation, and an index for Devhelp (fdo#13495, booleans when
sending them (fdo#16338, NB#223152; Simon McVittie) errors to
dbus-shared.h (fdo#34527, Lennart Poettering) data (fdo#10887, Simon
McVittie) .service files (fdo#19159, Sven Herzberg) (fdo#35750, Colin
Walters) (fdo#32805, Mark Brand) which could result in a busy-loop
(fdo#32992, NB#200248; possibly ? Fix failure to detect abstract
socket support (fdo#29895) (fdo#32262, NB#180486) ? Improve some
error code paths (fdo#29981, fdo#32264, fdo#32262, fdo#33128,
fdo#33277, fdo#33126, NB#180486) ? Avoid possible symlink attacks in
/tmp during compilation (fdo#32854) ? Tidy up dead code (fdo#25306,
fdo#33128, fdo#34292, NB#180486) ? Improve gcc malloc annotations
(fdo#32710) ? Documentation improvements (fdo#11190) ? Avoid
readdir_r, which is difficult to use correctly (fdo#8284, fdo#15922,
LP#241619) ? Cope with invalid files in session.d, system.d
(fdo#19186, ? Don't distribute generated files that embed our
builddir (fdo#30285, fdo#34292) (fdo#33474, LP#381063) with lcov HTML
reports and --enable-compiler-coverage (fdo#10887) ・ support
credentials-passing (fdo#32542) ・ opt-in to thread safety (fdo#33464)
openSUSE Recommended Update: alsa-utils: Fixes a few alsactl bugs
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1134-1
Rating: low
References: #895581
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with alsa-utils:
- bnc#895581: Fixes a few alsactl bugs (bnc#895581)
- now the lock file is created in /var/lock directory instead of /var/lib
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370#896624#897890#900941#901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nspr:
- update to version 4.10.7
* bmo#836658: VC11+ defaults to SSE2 builds by default.
* bmo#979278: TSan: data race nsprpub/pr/src/threads/prtpd.c:103
PR_NewThreadPrivateIndex.
* bmo#1026129: Replace some manual declarations of MSVC intrinsics with
#include <intrin.h>.
* bmo#1026469: Use AC_CHECK_LIB instead of MOZ_CHECK_PTHREADS. Skip
compiler checks when using MSVC, even when $CC is not literally "cl".
* bmo#1034415: NSPR hardcodes the C compiler to cl on Windows.
* bmo#1042408: Compilation fix for Android > API level 19.
* bmo#1043082: NSPR's build system hardcodes -MD.
==============================================================================
openSUSE Security Update: MozillaFirefox to Firefox 32
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1099-1
Rating: moderate
References: #894201#894370
Cross-References: CVE-2014-1553 CVE-2014-1562 CVE-2014-1563
CVE-2014-1564 CVE-2014-1565 CVE-2014-1567
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
...
Mozilla NSS was updated to 3.16.4: Notable Changes:
* The following 1024-bit root CA certificate was restored to allow more
time to develop a better transition strategy for affected sites. It was
removed in NSS 3.16.3, but discussion in the mozilla.dev.security.policy
forum led to the decision to keep this root included longer in order to
give website administrators more time to update their web servers.
- CN = GTE CyberTrust Global Root
* In NSS 3.16.3, the 1024-bit "Entrust.net Secure Server Certification
Authority" root CA certificate was removed. In NSS 3.16.4, a 2048-bit
intermediate CA certificate has been included, without explicit trust.
The intention is to mitigate the effects of the previous removal of the
1024-bit Entrust.net root certificate, because many public Internet
sites still use the "USERTrust Legacy Secure Server CA" intermediate
certificate that is signed by the 1024-bit Entrust.net root certificate.
The inclusion of the intermediate certificate is a temporary measure to
allow those sites to function, by allowing them to find a trust path to
another 2048-bit root CA certificate. The temporarily included
intermediate certificate expires November 1, 2015.
==============================================================================
openSUSE Security Update: mozilla-nss: update to avoid signature forgery
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1232-1
Rating: critical
References: #897890
Cross-References: CVE-2014-1568
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Mozilla NSS is vulnerable to a variant of a signature forgery attack
previously published by Daniel Bleichenbacher. This is due to lenient
parsing of ASN.1 values involved in a signature and could lead to the
forging of RSA certificates.
==============================================================================
openSUSE Security Update: update for firefox, mozilla-nspr, mozilla-nss and seamonkey
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1345-1
Rating: moderate
References: #894370#896624#897890#900941#901213
Cross-References: CVE-2014-1554 CVE-2014-1574 CVE-2014-1575
CVE-2014-1576 CVE-2014-1577 CVE-2014-1578
CVE-2014-1580 CVE-2014-1581 CVE-2014-1582
CVE-2014-1583 CVE-2014-1584 CVE-2014-1585
CVE-2014-1586
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that fixes 13 vulnerabilities is now available.
Description:
...
Changes in mozilla-nss:
- update to 3.17.1 (bnc#897890)
* Change library's signature algorithm default to SHA256
* Add support for draft-ietf-tls-downgrade-scsv
* Add clang-cl support to the NSS build system
* Implement TLS 1.3:
* Part 1. Negotiate TLS 1.3
* Part 2. Remove deprecated cipher suites andcompression.
* Add support for little-endian powerpc64
- update to 3.17
* required for Firefox 33 New functionality:
* When using ECDHE, the TLS server code may be configured to generate a
fresh ephemeral ECDH key for each handshake, by setting the
SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The
SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE, which means the
server's ephemeral ECDH key is reused for multiple handshakes. This
option does not affect the TLS client code, which always generates a
fresh ephemeral ECDH key for each handshake. New Macros
* SSL_REUSE_SERVER_ECDHE_KEY Notable Changes:
* The manual pages for the certutil and pp tools have been updated to
document the new parameters that had been added in NSS 3.16.2.
* On Windows, the new build variable USE_STATIC_RTL can be used to
specify the static C runtime library should be used. By default the
dynamic C runtime library is used.
openSUSE Security Update: update for krb5, krb5-doc, krb5-mini
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1043-1
Rating: moderate
References: #891082
Cross-References: CVE-2014-4345
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Thit MIT krb5 update fixes the following security issue:
- buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345)
==============================================================================
openSUSE Security Update: update for pulseaudio
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0946-1
Rating: moderate
References:
Cross-References: CVE-2014-3970
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes the following security issue: (bnc#881524)
CVE-2014-3970 - Denial of service in module-rtp-recv
==============================================================================
openSUSE Recommended Update: pulseaudio: Fixes resource leak
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1323-1
Rating: low
References:
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update fixes the following issue with pulseaudio:
- Fixes resource leak
Bump PKGREVISION to 3.
==============================================================================
openSUSE Security Update: libxml2, python-libxml2: Reverted patch for CVE-2014-0191
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0753-1
Rating: moderate
References: #876652
Cross-References: CVE-2014-0191
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
Removed fix for CVE-2014-0191. This fix breaks existing applications and
there's currently no way to prevent that.
==============================================================================
openSUSE Security Update: update to fix CVE-2014-3660
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1330-1
Rating: moderate
References: #901546
Cross-References: CVE-2014-3660
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update fixes a denial of service vulnerability when expanding
recursive entity (CVE-2014-3660) bnc#901546
==============================================================================
openSUSE Recommended Update: aaa_base: fixed xdg-environment.sh zsh compatibility
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0778-1
Rating: low
References: #875118
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
The xdg-environment.sh script in aaa_base was not able to be used with the
zsh shell. This was fixed.
==============================================================================
openSUSE Recommended Update: aaa_base: remove "text/js" from mime.types
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:0918-1
Rating: low
References: #812427
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update fixes the following issues with aaa_base:
- bnc#812427: remove "text/js" from mime.types
=============================================================================
openSUSE Recommended Update: aaa_base: various bugfixes
______________________________________________________________________________
Announcement ID: openSUSE-RU-2014:1262-1
Rating: moderate
References: #721682#860083#861124#880103#882918
Affected Products:
openSUSE 13.1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
The system base scripts in aaa_base were updated to fix various bugs:
- remove no longer supported sysconfig settings (bnc#721682)
- update service man page
- always pass --full to systemctl (bnc#882918)
- Enable service script to return LSB status exit values (bnc#880103)
- implement legacy actions (bnc#861124)
- Enable service script to reload systemd if required
- handle targets in /sbin/service as well
- Check systemd service using LoadState (bnc#860083)
0.155
-------
MAMETesters Bugs Fixed
----------------------
- 01007: [Sound] (simpsons.c) simpsons: Some in-game samples such as
"maggie" and "that's my sister mister" sound bad. (Alex Jackson)
- 05705: [DIP/Input] (segas18.c) ddcrew: Player 3 buttons not working (Osso)
- 05700: [Graphics] (terracre.c) amazon, amatelas: lag/desync between
sprites and background (Alex Jackson)
- 03395: [Sound] (nmk16.c) macross2: Music emulation is not 100% perfect
(a balance issue) (trap15)
- 02422: [Sound] (nmk16.c) mustang: Sound communication might be incorrectly
implemented. (trap15)
- 02417: [Sound] (nmk16.c) NMK004 sound CPU is just (imperfectly) simulated
for now. (trap15)
- 01117: [Graphics] (nmk16.c) macross2: After some versions, I noticed a different
gfx overlap priority between hugest ships and weapon pickups in Macross2. (trap15)
- 05493: [Crash/Freeze] (itgambl2.c) All sets in itgambl2.c: Crash before OK
(Olivier Galibert)
- 05697: [DIP/Input] (flyball.c) All sets in flyball.c: Controls for Batter and
Pitcher are intertwined (hap)
- 05693: [Graphics] (ddragon3.c) wwfwfest: Wrestler Entrance does not show graphics
(hap)
- 05689: [Misc.] (williams.c) All sets in williams.c: Utility panel buttons not
working correctly compared to real game
- 05683: [Interface] SDL-based: -watchdog command not operable in SDLMAME (R. Belmont)
- 05681: [Crash/Freeze] SDL-based: Most Laserdisc CHD games either do not boot or
have other issues (R. Belmont)
- 05688: [Crash/Freeze] (psikyo4.c) hgkairak, hotgm4ev, hotgmck, hotgmck3, hotgmcki:
MAME crashes when enabling flip screen in psikyo4 games (Osso)
- 02124: [Graphics] (namconb1.c) nebulray, nebulrayj: Nebulas Ray is missing a rotation
effect in the first level (Phil Bennett)
- 05686: [Documentation] (model2.c) vcopa: missing relationship (Tafoid)
- 05685: [Documentation] (alg.c) maddog22: maddog22 is missing relationship with other
maddog2 sets (JWallace)
- 05676: [Sound] (eolith.c) candy: Loss of in-game sound (Wilbert Pol)
- 05675: [Color/Palette] (highvdeo.c) newmcard, record: Palette problems (David Haywood)
- 05666: [Crash/Freeze] (cswat.c) cswat: AddressSanitizer: heap-buffer-overflow with
-aviwrite (hap)
- 05350: [Core] Systems using M6809 with M6809_HOLD_LINE: CWAI doesn't acknowledge
interrupts while polling for them (hap)
- 05629: [Color/Palette] hangplt, hangpltu, thrilld: Voodoo 3D graphics have no palette
(Phil Bennett)
- 05637: [Crash/Freeze] (vegas.c) gauntdl, gauntdl24: Emulation hangs after initialization
(Phil Bennett)
- 05638: [Crash/Freeze] (seattle.c) vaportrx, vaportrxp: Emulation hangs during INIT
(Phil Bennett)
- 05636: [Sound] (vegas.c) gauntleg, gauntdl, carnevil and clones: Missing streaming
BGM/Sounds during gameplay (Phil Bennett)
- 05634: [Crash/Freeze] (tasman.c) All sets in tasman.c: [debug] Assertion in Debug
(Alex Jackson)
- 05644: [Graphics] (homerun.c) ganjaja: Line glitches at top of screen (hap)
- 05631: [Crash/Freeze] mquake.c, upscope.c: Crash shortly after start (Osso)
- 05633: [Crash/Freeze] (pcxt.c) tetriskr: [debug] Crash in Debug at start (crazyc)
- 00386: [Graphics] (battlera.c) battlera, bldwolf, bldwolfj: Sprites in the same player
where the black box with text that appears sometimes are printed in front of them.
(David Haywood)
- 00385: [Graphics] (battlera.c) battlera: When you are fighting against the first final
boss, you can see it even if it is under the water. (David Haywood)
Source Changes
--------------
-tourvis.c: Added version 5.3 BIOS to the Tourvision driver. [system11]
-m68kmake.c: change overlapping memcpy() to memmove() [Casper Ti. Vector]
-Changed set mpoker and driver to mgames. Also description from
Multi-Poker to Match Games accordingly with the official flyer.
http://flyers.arcade-museum.com/?page=thumbs&db=videodb&id=6500 In
fact, these are skill instead of poker games. Also added way more
documentation and some cosmetic fixes. [Roberto Fresca]
-Unknown Pac-Man gambling game: Rename and redefine the inputs to match
the behavior of both games. Added complete instructions to play the
stealth gambling game. [Roberto Fresca]
-Unknown Pac-Man gambling game: Added proper sound support. Rearranged
some inputs and hooked extra port. Found some DIP switches. Added
technical notes and instructions. Cleaned up the whole driver.
[Roberto Fresca]
-k053246_k053247_k055673.c: Make 8-bit-per-pixel ROM readback work;
hook up ROM readback properly in rungun.c; hook up registers properly
in tasman.c (sprite ROM tests pass now, still doesn't draw anything)
[Alex Jackson]
-fm2612: fixed missing dac channel on savestate load
[dink (FB Alpha project)]
-Added decryption support for Music Ball [Andreas Naive]
-speedbal.c: Give Music Ball it's own correct Bonus dipswitch settings.
Add dipswitch locations to Speed Ball & Music Ball. [Brian Troha]
-improve Funny Strip / Puck People protection simulation [iq_132]
-tatsumi.c: Fixed Cycle Warriors (set 1) hangs at boot. [MASH]
-k005289: fix off-by-one frequency; adds missing detune effect to
nemesis BGM [Alex Jackson]
-floppy: Handle half and quarter tracks [O. Galibert]
-williams.c - Added missing video board PROM to Joust 2 [Joe Magiera]
-flopimg: don't trash a bunch of memory when loading legacy floppies.
[R. Belmont]
-gcpinbal.c: Added PCB layout for Grand Cross Pinball
[Brian Troha, system11]
-ssv.c: Add PCB for the Storm Blade game rom board.
[Brian Troha, ShouTime]
-Laserdisc titles added and reorganised to include dumps from other
sources. ALG titles in particular have been heavily reorganised
[Dragon's Lair Project, J. Wallace]
-taito_b.c: Verified clock speeds for the East Technology's ET910000A
PCB used by Sel Feena and Ryu Jin. [system11]
-namconb1.c - Improved interrupt handling, fixing raster-effects (used
by nebulray and machbrkr) and nebulray test mode. [Phil Bennett]
-Implemented the Namco Custom 116 palette and raster IRQ controller as
a device, and hooked it up to the namcos1, namconb1 and namcofl
drivers [Alex Jackson]
-digfx.c: Make some members protected instead of private to be less
fascistic and more consistent with other device_interfaces. [Alex Jackson]
-SDL: update manpages [Cesare Falco]
-Allow use of external SQLite3 [Cesare Falco]
-coinmvga.c driver: Minor cleanup, new set added, and changed game
descriptions. [Roberto Fresca]
-msm5832: day of week is 0-6, not 1-7 [R. Belmont]
-galaxian.c: redumped atlantis2. [system11]
-Preliminary IGS029 protection simulation for mgcs: [Luca Elia]
fixes sound, dips and crash at game start.
-bwidow.c - Various changes: [Phil Bennett]
* Added address decoder PROMs to Gravitar and clones.
* Renamed ROMs to include correct part numbers and locations.
* Renamed set gravp to gravitar1.
-centiped.c - Various changes: [Phil Bennett]
* Made centtime the parent (this is actually revision 4)
* Renamed ROMs to include correct part numbers and locations.
* Added sync PROM to Warlords
-fuukifg2.c: Correct clock speeds for the Susume! Mile Smile / Go Go!
Mile Smile and Gyakuten!! Puzzle Bancho sets. [system11]
-added decryption for Gundam Wing: Endless Duel (SNES bootleg) [iq_132]
-floppy: Don't infloop in set_write_splice when there's no floppy
(fixes MT5672) [O. Galibert]
-mips3drc: Throw badcop exceptions on COP1 accesses while the COP1
status bit is not enabled [MarathonMan]
-segaybd.c: Give the new Power Drift (Japan, Link Version) it's own
correct dipswitch settings. [Brian Troha]
-ymf278b: Use the memory system to access wavetable data. This should
make it possible to hook up RAM as well as ROM to the device, e.g. for
computer sound cards in MESS. [Alex Jackson]
-psikyo4: Improve and clean up wavetable ROM banking. The mask ROM
tests in hotgm4ev and hotgmcki pass now. loderndf still fails for
unknown reasons. Miscellaneous cleanups as well. [Alex Jackson]
-mfi_dsk: Fix leaks [O. Galibert]
-SDL: fall through to the baseline Win32 implementations for file,
socket, and pty/named pipe I/O. [R. Belmont]
-SDL: init timebase the first time it's needed on Windows, Mac, and
OS/2 targets. [R. Belmont]
-Fixed sprite DMA for Raiden 2, bullets are now visible
[Angelo Salese, Olivier Galibert]
-SDL: remove dead code from SDL2 renderer, fix laserdisc crash with
SDL2 -video accel rendering. [R. Belmont]
-replace rom in ryukendna set [system11]
-SDL: link properly on OS X for SDL2. [R. Belmont]
-SDL: Use the same screen selection method for SDL2 as Windows.
[R. Belmont]
-Various pinballs working (see list below) [Robbbert]
-Sound for Atari pinball machines [Robbbert]
-gtia.c: converted to be a device. [Fabio Priuli]
-hikaru: add mask dumps for podrace [Cah4e3]
-voodoo.c, vooddefs.h: Added support for writes to trexInit1 register,
to return TMU configuration data. [Peter Ferrie]
-antic.c: converted to be a device. [Fabio Priuli]
-SDL: Allow -sound dsound on SDL Windows builds. [R. Belmont]
-Removed legacy_cpu_device. [Wilbert Pol]
-Added proper NMK004 internal rom [trap15]
-Hooked up support for NMK004 internal rom in MAME, replacing Nicola's
old simulation code [trap15, David Haywood]
-Fixed TLCS90 16-bit timers & support NMI in the core [trap15]
-Various tweaks and improvements in nmk16.c (timings, sound balance,
etc.): [trap15, David Haywood]
* US AAF Mustang now has sound / music for the first time
* Much better sound / music in the following games Bio-ship Paladin,
Vandyke, Black Heart, Acrobat Mission, Koutetsu Yousai Strahl, Thunder
Dragon, Hacha Mecha Fighter, Super Spacefortress Macross, GunNail
-SDL: use Windows OSD's font-selection semantics for SDL Windows
builds. [R. Belmont]
-softlist: fixed inconsistent -listsoftware output. [phulshof]
-ui: fixed crash when loading floppies with no parent software from
softlist (only via internal File Manager, though) [Fabio Priuli]
-added generic cartslot / ROM socket slot device, which offers basic
allocation and access handlers, and converted a few drivers to use
this instead of code from cartslot.c [Fabio Priuli]
-softlist: restored the support for loading games from compatible
softlists (like gbcolor games in gameboy, and viceversa, msx1 carts in
msx2, etc.) by using the syntax mess system -media list:gamename You
can now for instance use again "mess gbcolor -cart gameboy:sml" to
play "Super Mario Land" with the custom palettes of the Game Boy
Color. [Fabio Priuli]
-NS8250 Fixes [smf]
* Loopback: tx goes high and data is clocked at the
correct rate instead of appearing instantly Modem status register:
don't lose track of external signals when starting, resetting,
switching loopback off, writing to register Handshaking: active low
for consistency (RS232 port now defaults handshaking lines high and
serial mouse dtr/rts handling has been adjusted).
-Memory system and Namco improvements: [Alex Jackson]
* Explicit regions in address maps (AM_REGION) are now looked up
relative to the device rather than as siblings when in an internal
address map (similar to devices and shared pointers) Besides being
more orthogonal than before, this allows internal ROMs of MCUs and
similar devices to be hooked up in a nicer and more foolproof way.
Updated the m37710 and m5074x (m6502 derivative) to take advantage of
this.
* Divided the M37702/M37710 into specific models, with each model having
its own internal address map containing the correct amounts of
internal RAM and ROM.
* M37702 MCUs found on various Namco PCBs are now all unique devices and
have their respective internal ROMs loaded as device ROMs.
-namcops2: Documentation fixes [Guru]
-addrmap.c: Only install the default device address map if the owner
didn't provide one [Alex Jackson]
-8250: call interrupt callback after clearing internal interrupt state
when resetting [smf]
-added workaround to build with XCode 6.0.1 out-of-the-box
[Oliver Stöneberg]
-wd_fdc: Hopefully fix reading sectors with DDAM [lowen, O. Galibert]
-Moved protection vectors from hachamfb to hachamf, making the latter
to work properly too [Angelo Salese]
-web: allow pasting in text. [Firehawke]
-Gundam Wing: Endless Duel updates: [Peter Ferrie]
* added additional shared memory block
* added protection handlers
* corrected reset vector
* worked around bad startup
Game now boots but doesn't coin up.
-fix compile on MSVC 2012 & 2013 [Peter Ferrie]
-snesb.c: Add coin/DSW inputs to Gundam Wing, game is now playable.
[stephh]
-s4.c : fixed sound, 4 games marked as working (Flash,Stellar
Wars,TriZone,TimeWarp)
-snesb: Set up dip switches for Gundam Wing. [stephh]
-peplus.c: Various fixes, all sets should be working now. [BrianT]
-WebUI: clean up and fixed HTML compliance. [Firehawke]
-added makefile variable OPENMP to enable usage of OpenMP (includes
vconv support of -fopenmp) [Oliver Stöneberg]
-blktiger priority fixes [Mamesick]
-dragrace.c: Added tachometer outputs. [Comboman]
-Handcrafted PAL for actual Varth US PCB. [Palindrome]
-awboard: add "offset protection" used by some carts. samsptk and
kofxi boot now. [R. Belmont, MetalliC]
-model3: Rewrote 2D tilemap rendering. [Ville Linde]
-Rewrite k053260 sound device [Alex Jackson]
-Make cheat initialization debugger message more verbose. [Pugsy]
-make the orlegend111t set work [iq_132]
-chqflag.c: improve k007232 volume/pan controls, still largely
guesswork [Alex Jackson]
-wecleman.c: add missing k007232 volume callback [Alex Jackson]
-naomi.c:
* M2-type cartridges 4/8MB mode mapping documentation/code
[MetalliC, rtw]
* F355 protection key, small docs update/corrections [MetalliC]
* Atomiswave controller type register [MetalliC]
* Added InitialD Ver3 Cycraft PIC key [anonymous, MetalliC]
-eepromuser.c: Added Support for MSM16911 Serial eeprom [Felipe Sanches]
-mb88xx.c: Added support for Fujitsu M88201-202 MCU [Felipe Sanches]
-model3: New 3D renderer + various fixes (still heavily WIP) [Ville Linde]
-Beatmania IIDX Twinkle hardware: The IDE DMA is now hooked up, but the
sound board isn't running well enough yet for it to make a difference.
Hooked up the FDC37665GT and HLE the XVD701 and the 68k sound board
responses to get most of the games booting. There is no sound and the
games all fail with a hdd error when you start a stage. Beatmania IIDX
with DDR 2nd Club Version wants the GQ863 hard disk. [smf]
-Beatmania IIDX Twinkle hardware: beatmania IIDX Substream with DDR 2nd
Club Version 2 wants the harddisk from beatmania IIDX Substream. Added
missing 3rd & 6th style CD images & replaced 5th style images. [smf]
-upd7220: add Bresenham arc and complete char drawing [Carl]
-m68000: add missing item to save state [Alex Jackson]
- Converted battlera.c driver to use real PCE video code, fixing several
longstanding bugs (present since driver was added in 0.37b2 era)
[David Haywood]
- Reorganized ST0016 code, detangling several drivers, and fixing a some
missing video features used by gostop [David Haywood]
- Refactored legionna.c COP code to use new Raiden II implementation
fixing several bugs along the way [David Haywood]
- Tweaked Raiden II collision detection based on user feedback citing
specific bullet patterns and expected hitbox sizes [David Haywood]
- Added note about tharrier Dipswitches being likely read via the
protection device (not yet hooked up) [David Haywood]
- Fix girls 4,5,6 in the 'popbingo' bonus rounds [David Haywood]
- Fix what appears to be bad sound ROM banking in sandscrp
[Dink, David Haywood]
9a72433: slirp: udp: fix NULL pointer dereference because of uninitialized socket (Petr Matousek)
00dd2b2: pc: leave more space for BIOS allocations (Michael S. Tsirkin)
80f4d02: Revert "virtio: don't call device on !vm_running" (Michael S. Tsirkin)
074e347: virtio-net: drop assert on vm stop (Michael S. Tsirkin)
9e8d994: Revert "rng-egd: remove redundant free" (Eduardo Habkost)
a56b9cf: hw/machine: Free old values of string properties (Eduardo Habkost)
0717855: Revert "spapr_pci: map the MSI window in each PHB" (Greg Kurz)
82d80e1: target-i386: Support migratable=no properly (Eduardo Habkost)
5dd076a: exec: Save CPUState::exception_index field (Pavel Dovgaluk)
257e9cf: pty: Fix byte loss bug when connecting to pty (Sebastian Tanase)
1aa87d3: spice: make sure we don't overflow ssd->buf (Gerd Hoffmann)
7fe5418: vbe: rework sanity checks (Gerd Hoffmann)
c5042f0: vbe: make bochs dispi interface return the correct memory size with qxl (Gerd Hoffmann)
cf29a88: virtio-net: purge outstanding packets when starting vhost (Michael S. Tsirkin)
08743db: net: complete all queued packets on VM stop (Michael S. Tsirkin)
d9c06c0: net: invoke callback when purging queue (Michael S. Tsirkin)
f321710: virtio: don't call device on !vm_running (Michael S. Tsirkin)
ec48bfd: net: Forbid dealing with packets when VM is not running (zhanghailiang)
eb36f79: acpi-build: Set FORCE_APIC_CLUSTER_MODEL bit for FADT flags (zhanghailiang)
34d41c1: vhost-scsi: init backend features earlier (Michael S. Tsirkin)
6f8d05a: vhost_net: init acked_features to backend_features (Jason Wang)
5e83dae: vhost_net: start/stop guest notifiers properly (Jason Wang)
ff34ca0: pci: avoid losing config updates to MSI/MSIX cap regs (Knut Omang)
e685d2a: virtio-net: don't run bh on vm stopped (Michael S. Tsirkin)
67cfda8: qxl-render: add more sanity checks (Gerd Hoffmann)
4fd144f: target-arm: Correct Cortex-A57 ISAR5 and AA64ISAR0 ID register values (Peter Maydell)
ea774b8: target-arm: Fix regression that disabled VFP for ARMv5 CPUs (Peter Maydell)
3e8966d: x86: Clear MTRRs on vCPU reset (Alex Williamson)
ba8576f: x86: kvm: Add MTRR support for kvm_get|put_msrs() (Alex Williamson)
07f8c97: x86: Use common variable range MTRR counts (Alex Williamson)
72c9c9a: target-i386: Don't forbid NX bit on PAE PDEs and PTEs (William Grant)
3d8cc86: vl: process -object after other backend options (Paolo Bonzini)
0824ca6: spapr_pci: map the MSI window in each PHB (Greg Kurz)
feb6334: thread-pool: avoid deadlock in nested aio_poll() calls (Stefan Hajnoczi)
75ada6b: thread-pool: avoid per-thread-pool EventNotifier (Stefan Hajnoczi)
be3af75: pc: reserve more memory for ACPI for new machine types (Michael S. Tsirkin)
bfe3e6f: pcihp: fix possible array out of bounds (Gonglei)
cd4acff: hostmem: set MPOL_MF_MOVE (Michael S. Tsirkin)
4b59161: vmxnet3: Pad short frames to minimum size (60 bytes) (Ben Draper)
fab7560: blkdebug: Delete BH in bdrv_aio_cancel (Fam Zheng)
16c92cd: qemu-iotests: add test case 101 for short file I/O (Stefan Hajnoczi)
dea6efe: raw-posix: fix O_DIRECT short reads (Stefan Hajnoczi)
8c4edd7: block/iscsi: fix memory corruption on iscsi resize (Peter Lieven)
504e2a7: arm/virt: Use PSCI v0.2 function IDs in the DT when KVM uses PSCI v0.2 (Christoffer Dall)
2f6d5e1: target-arm: Rename QEMU PSCI v0.1 definitions (Christoffer Dall)
20463dc: target-arm: Fix return address for A64 BRK instructions (Peter Maydell)
2a575c4: virtio-blk: fix reference a pointer which might be freed (zhanghailiang)
1ad9dce: acpi: align RSDP (Michael S. Tsirkin)
ba1bc81: numa: show hex number in error message for consistency and prefix them with 0x (Hu Tao)
948574e: pc-dimm: fix up error message (Michael S. Tsirkin)
044af98: pc-dimm: validate node property (Hu Tao)
7c68c54: hw:i386: typo fix: MEMORY_HOPTLUG_DEVICE -> MEMORY_HOTPLUG_DEVICE (Hu Tao)
bd47406: ide: only constrain read/write requests to drive size, not other types (Michael Tokarev)
e22d5dc: l2tpv3 (configure): it is linux-specific (Michael Tokarev)
dfd4808: vfio: Fix MSI-X vector expansion (Alex Williamson)
5f26e63: qdev-monitor: include QOM properties in -device FOO, help output (Stefan Hajnoczi)
42f7a13: qmp: hide "hotplugged" device property from device-list-properties (Stefan Hajnoczi)
- Added knowledge of old v2 sound ROM from sonicwi2 (various emus).
- Updated a few existing definitions to account for MAME ROM renames
(up to MAME 0.135).
- Fixed de-duplication of "nodump" ROMs and disks for MAMEDiff.
- Log file now shows the MAMEDiff version as well as the options.
- Changed the directory scanner to process zero byte files / roms.
- Added date, email, homepage, url, comment, forcenodump to CMPro.
- Added category to RomCenter header (for completeness).
- Added the Generic XML format.
- Added automatic date population (based on the version number).
- Fixed crash when loading full MESS XML (0.105 upwards).
- MESS: Support for new device attributes (type, tag and mandatory).
- MESS: Support for machine "RAM options".
- Added support for 64-bit ROM sizes (n.b. not for directory scan).
- Added the DTD for ROM Management Datafiles (revision 1.1).
- Added support for Game Launcher and GameEx Map Files (untested).
- Added load / support for AAE RomList.
- Added save support for the Hyperspin Database format.
Upstream changes:
- Support the CACHE instruction as (for now) a nop.
- Provide the MIPS32 config0 and config1 registers, and pretend to
have 4K each L1 I/D caches. The cache remains fully coherent.
- Don't allow r2000/r3000 (mips-I) style cache flushes.
- Add a disk161 utility for manipulating disk images, and don't
keep disk image sizes in sys161.conf any more.
- Edit/revise the processor docs.
- Fix build with gcc 4.8.
- Provide flock() compat for legacy OSes without it. (Hi, Solaris.)
openSUSE Security Update: curl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1139-1
Rating: important
References: #894575#895991
Cross-References: CVE-2014-3613 CVE-2014-3620
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
libcurl was updated to fix security issues:
CVE-2014-3613: Cookies for hosts specified by numeric IP could be assigned
or used for other numeric IP hosts if portions of the numerics were the
same.
CVE-2014-3620: libcurl allowed cookies to be set for toplevel domains,
making them to broad.
openSUSE Security Update: glibc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:1115-1
Rating: important
References: #887022#892073#894553
Cross-References: CVE-2014-0475 CVE-2014-5119 CVE-2014-6040
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
LibDsk is a library intended to give transparent access to floppy
drives and to the "disc image files" used by emulators to represent
floppy drives. It currently supports the following disc image
formats:
- Raw "dd if=foo of=bar" images;
- Raw images in logical filesystem order;
- CPCEMU-format .DSK images (normal and extended);
- CFI-format disc images, as produced by FDCOPY.COM;
- ApriDisk-format disc images;
- NanoWasp-format disc images, used by the eponymous emulator;
- Yaze 'ydsk' disc images, created by the 'yaze' emulators;
- Disc images created by Teledisk and CopyQM (read only);
- The floppy drive under Linux.
simulavr asks for libiberty.a.
With avr-gcc 4.5.3 and avr-binutils-2.23.2, binutils is installing
libiberty.a
But with new binutils-2.24, it won't install libiberty. Instead,
avr-gcc-4.8.3 will provied libiberty.
Makefile (of simulavr) now has pointer to PATH of libiberty now
as:
CONFIGURE_ARGS+= --with-libiberty=${PREFIX}/lib/gcc/avr
(Add patches)
patch-src_systemclock_cpp (rename from patch-src_systemclock.cpp)
patch-src_systemclock_h
patch-src_traceval_cpp
patch-src_traceval_h
clang flags as resize unresolved reference,
backport from git repository (as of 2013-09-15).
patch-examples_atmel_key_StdDefs_c Status: Locally Added
passing argument 1 of 'strlen' differ in signedness [-Wpointer-sign]
Changes:
- use flock() on disk images to avoid accidents
- improve gdb interface to treat CPUs as "threads"
- rework tty handling; now behaves when backgrounded
- change disk image names in sample config to match OS/161 usage
- rework timing code and fix bug with bogus large idle counts
- rework and retune main loop; much faster
- use more gcc warnings
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0977-1
Rating: low
References: #886016#888697
Cross-References: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343
CVE-2014-4344
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
The following security isses are fixed in this update:
CVE-2014-4341 CVE-2014-4342: denial of service flaws when handling RFC
1964 tokens (bnc#886016)
CVE-2014-4343 CVE-2014-4344: multiple flaws in SPNEGO (bnc#888697)
______________________________________________________________________________
Announcement ID: openSUSE-SU-2014:0978-1
Rating: moderate
References: #870855
Cross-References: CVE-2013-6369
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
The following security issue is fixed in this update
- [bnc#870855] - CVE-2013-6369: jbigkit buffer overflow
Incompatible changes:
---------------------
The 82573L NIC was incorrectly treated as an 8254xx model. It no longer works correctly on either Linux (3.14.*) or Windows 7 and has been removed.
On x86, migration from QEMU 1.7 to QEMU 2.0 was broken if the guest had PCI bridges or for some number of CPUs (12, 13, 14, 54, 55, 56, 97, 98, 99, 139, 140) are the only ones). QEMU 2.1 fixes this, so that migration from QEMU 1.7 to QEMU 2.1 should always work. However, the fix breaks the following scenarios instead:
migration from QEMU 2.0 to QEMU 2.1 with PCI bridges and machine types pc-i440fx-1.7/pc-i440fx-2.0
migration from QEMU 2.0 to QEMU 2.1 with the aforementioned number of CPUs and machine type pc-i440fx-1.7
Future incompatible changes:
----------------------------
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
Starting with QEMU xyz.jkl, -readconfig will standardize on the name for the command line option.
ARM
---
Firmware can be passed to the vexpress machine via -bios.
Improvements to Allwinner SoC emulation.
AArch64 TCG system emulation support.
AArch64 SHA and Crypto instruction support.
LM32
----
Support for semihosting.
Microblaze
----------
Support for u-boot initrd images.
MIPS
----
Support for KVM in the Malta board.
more...
* Update EmuTOS image to 0.9.3
Changelog:
2013/04/12 - version 0.9.16 released @ atariada.cz
Major highlights of this release:
o JIT CPU compiler supported on 64-bit Linux and Mac OS X now!
(Jens made a miracle)
o MFPR FPU emulation should be perfect
(Andreas ironed out few remainings bugs)
o Ethernet support under Mac OS X should be way better
(Philipp added support for big packets and multi-packets)
o ARAnyM (with JIT?) now runs also on ARM platform driven by Linux
(is Jens planning on making a blazing fast ARAnyM on Android?)
o new config setting "LoadToFastRAM" to load kernel in FastRAM
(is Andreas working on fixing Linux-m68k issues in FastRAM?)
o David Gálvez improved NatFeat USB support (now requires FreeMiNT 1.17+)
There's also a small set of bugs fixed in this release - mainly in Mac OS X
thanks to Philipp but also some generic things like GPIP (Patrice).
Update fixes nine security issues
Announcement ID: openSUSE-SU-2014:0819-1
Description:
mozilla-nspr was updated to version 4.10.6 to fix one security issue:
* OOB write with sprintf and console functions (CVE-2014-1545)
Bump PKGREVISION.
Upstream changes (no English changelog):
20140607:
X11 dependent part:
Change filenames of config file and status files for xnp21 binary
built by --enable-build-all:
- config files
$(HOME)/.np2/np21rc
- status files
$(HOME)/.np2/sav/np21.sav
$(HOME)/.np2/sav/np21.s00 etc.
openSUSE Security Update: openssl: update to version 1.0.1h
Description:
The openssl library was updated to version 1.0.1h fixing various security
issues and bugs:
Security issues fixed:
- CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully
crafted handshake can force the use of weak keying material in OpenSSL
SSL/TLS clients and servers.
- CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS
handshake to an OpenSSL DTLS client the code can be made to recurse
eventually crashing in a DoS attack.
- CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
overrun attack can be triggered by sending invalid DTLS fragments to an
OpenSSL DTLS client or server. This is potentially exploitable to run
arbitrary code on a vulnerable client or server.
- CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH
ciphersuites are subject to a denial of service attack.
Bump PKGREVISION.
pkgsrc changes:
- remove xnp2-ia32 option
- always build both xnp2 (80286 core) and xnp21 (IA-32 core) binaries
Upstream changes (no English changelog):
- --enable-build-all option to configure that enables to build
both 80286 core and IA-32 core binaries is added
(per my request, thanks nonaka@)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
libxml2, python-libxml2: Prevent external entities from being loaded
Description:
Updated fix for openSUSE-SU-2014:0645-1 because of a regression that
caused xmllint to break.
Bump PKGREVISION.
libXfont: Fixed multiple vulnerabilities
An update that fixes three vulnerabilities is now available.
Description:
libxfont was updated to fix multiple vulnerabilities:
- Integer overflow of allocations in font metadata file parsing
(CVE-2014-0209).
- Unvalidated length fields when parsing xfs protocol replies
(CVE-2014-0210).
- Integer overflows calculating memory needs for xfs replies
(CVE-2014-0211).
These vulnerabilities could be used by a local, authenticated user to
raise privileges
or by a remote attacker with control of the font server to execute code
with the privileges of the X server.
alsa-oss: bugfix update
Description:
The ALSA OSS plugin was updated to fix bugs:
- Fix for dmix with unaligned sample rate:
- Revert patch 0001-Fix-path-to-libaoss.so.patch, as this
causes regressions on multi-arch (bnc#874331)
Bump PKGREVISION.
update for libpng12
Description:
This libpng12 update fixes the following two security
issues.
- bnc#873123: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_sPLT() and
png_set_text_2() (CVE-2013-7354).
- bnc#873124: Fixed integer overflow leading to a
heap-based buffer overflow in png_set_unknown_chunks()
(CVE-2013-7353).
Bump PKGREVISION.
update for MozillaFirefox
Description:
This is also a mozilla-nss update to version 3.16:
* required for Firefox 29
* bmo#903885 - (CVE-2014-1492) In a wildcard certificate,
the wildcard character should not be embedded within
the U-label of an internationalized domain name. See
the last bullet point in RFC 6125, Section 7.2.
* Supports the Linux x32 ABI. To build for the Linux x32
target, set the environment variable USE_X32=1 when
building NSS. New Functions:
* NSS_CMSSignerInfo_Verify New Macros
* TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA, etc., cipher suites that
were first defined in SSL 3.0 can now be referred to
with their official IANA names in TLS, with the TLS_
prefix. Previously, they had to be referred to with
their names in SSL 3.0, with the SSL_ prefix. Notable
Changes:
* ECC is enabled by default. It is no longer necessary to
set the environment variable NSS_ENABLE_ECC=1 when
building NSS. To disable ECC, set the environment
variable NSS_DISABLE_ECC=1 when building NSS.
* libpkix should not include the common name of CA as DNS
names when evaluating name constraints.
* AESKeyWrap_Decrypt should not return SECSuccess for
invalid keys.
* Fix a memory corruption in sec_pkcs12_new_asafe.
* If the NSS_SDB_USE_CACHE environment variable is set,
skip the runtime test sdb_measureAccess.
* The built-in roots module has been updated to version
1.97, which adds, removes, and distrusts several
certificates.
* The atob utility has been improved to automatically
ignore lines of text that aren't in base64 format.
* The certutil utility has been improved to support
creation of version 1 and version 2 certificates, in
addition to the existing version 3 support.
Bump PKGREVISION.
OpenSSL: Fixed a use-after-free race condition in OpenSSL's read buffer.
Description:
A use-after-free race condition in OpenSSL's read buffer
was fixed that could cause connections to drop
(CVE-2010-5298).
Bump PKGREVISION.
update for openssl
This is an openssl version update to 1.0.1g.
- The main reason for this upgrade was to be clear about
the TLS heartbeat problem know as "Heartbleed"
(CVE-2014-0160). That problem was already fixed in our
previous openssl update.
Bump PKGREVISION.
update for json-c
This json-c update fixes the following two security issue:
- bnc#870147: Fixed buffer overflow if size_t is larger
than int (CVE-2013-6370).
- bnc#870147: Fixed possible hash collision DoS
(CVE-2013-6371).
Bump PKGREVISION.
Incompatible changes
All onboard buses now have distinct names, so that all of them can be reached with "-device bus=...". As a result of this, some buses that used to have duplicates got renamed:
i2c-bus.0 to i2c-bus.1 for machines n800, n810;
virtio-mmio-bus.0 to virtio-mmio-bus.3 for vexpress-a15, vexpress-a9;
virtio-mmio-bus.0 to virtio-mmio-bus.31 for virt;
usb-bus.0 to usb-bus.1 for xilinx-zynq-a9, fulong2e;
ide.0 to ide.1 for isapc, mips, g3beige, mac99, prep;
This change requires care when doing migration from 1.x to 2.x QEMU; you need to specify bus=NEW explicitly on the destination for devices on the renamed bus.
Another bus rename is pci to pci.0 for pseries. This does not require as much care on migration; if you were specifying "bus=pci" explicitly, QEMU will not start unless you change that to "bus=pci.0".
qemu-system-arm no longer defaults to the obsolete "integratorcp" if no machine is specified on the command line (this was a recurring source of confusion). Users with existing integratorcp images will need to add "-M integratorcp" to the command line if it is not already present.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
Starting with QEMU 2.1, -readconfig will standardize on the name fo the command line option.
ARM
Support for "-M virt", a board type that only uses virtio devices
Support for "-cpu host" when running under KVM
Support for new 32-bit mode ARMv8 instructions in TCG
Support for all 64-bit mode ARMV8 user-accessible instructions except for the optional CRC and crypto extensions
Support for AArch64 disassembling (requires a C++ compiler to be installed on the host)
Initial support for KVM on AArch64 systems (some features such as migration are not yet implemented)
Support for the Canon PowerShot A1100 DIGIC board using "-M canon-a1100"
Support for the allwinner-a10-based board "-M cubieboard"
Support for flow control in the Cadence UART
"integratorcp" is no longer the default machine (see the 'incompatible changes' section above)
Power
Support for Altivec 2.07 and VSX instructions when running under TCG
Support for ISA 2.06 "load/store quadword instructions", "divide extended instructions" and "floating-point test instructions" when running under TCG
PReP is not anymore (incorrectly) included in qemu-system-ppcemb
Improved support for "-nodefaults" on the pSeries machine. Display devices created with "-device VGA" will be handled correctly in the device tree.
Support for boot order in pSeries emulation
s390
Support for adapter interrupts in virtio-cc2
SPARC
Support for Sun CG3 framebuffer with the Sun4m machine. The CG3 framebuffer can be requested with "-vga cg3".
Support for the CASA compare-and-swap instruction in TCG.
x86
On the Q35 machine, the HPET interrupt can now be attached to GSIs 16-23, like on real hardware.
The Q35 machine now supports CPU hotplug.
Two flash chips can be specified using the "-drive if=pflash" or "-pflash" options twice.
Memory layout has changed slightly; to improve performance, the PIIX4 machine ("-M pc") now has 3GB of low memory instead of 3.5GB if the guest has more than 3.5GB of memory. Similarly, the Q35 machine ("-M q35") now has 2GB instead of 2.75GB of low memory if the guest has more than 2.75GB of overall memory.
Support for migration of Intel MPX registers.
The Apple SMC device is now exposed in the ACPI tables.
On the PIIX machine, PCI hotplug now supports devices behind a bridge (only for bridges not added by hotplug; hot-plugged bridges can still use the PCI Standard Hot-Plug Controller).
Support for the Hyper-V reference time counter via the "hv-time" suboption of "-cpu". This can improve performance of Windows guests substantially for applications that do many floating-point or SIMD operations. (Requires KVM and Linux 3.14).
The distributed qemupciserial.inf file now allows installing multiport PCI serial devices on Windows too.
ACPI tables generated by QEMU can now be used by OVMF firmware. OVMF starting with SVN r15420 is needed. In particular hotplug, pvpanic device and other ACPI based features now work for OVMF.
KVM
x2apic is now enabled by default when KVM is in use.
Xen
PCI passthrough of devices with a ROM now works.
Xtensa
added support for ML605 and KC705 FPGA boards.
Cache-related opcodes now correctly check privilege level/memory accessibility.
