Packages changed: ImageMagick (6.9.6.5 -> 6.9.6.6) MozillaThunderbird (45.5.0 -> 45.5.1) cheese flatpak (0.6.13 -> 0.6.14) kernel-source (4.8.11 -> 4.8.12) libarchive libgit2 (0.24.1 -> 0.24.3) libinput (1.5.1 -> 1.5.2) mutter npth (1.2 -> 1.3) ostree (2016.12 -> 2016.14) === Details === ==== ImageMagick ==== Version update (6.9.6.5 -> 6.9.6.6) Subpackages: ImageMagick-devel ImageMagick-extra libMagick++-6_Q16-6 libMagickCore-6_Q16-2 libMagickWand-6_Q16-2 perl-PerlMagick - updated to 6.9.6-6 * If a convenient line break is not found, force it for caption: (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30887). * Off by 1 error when computing the standard deviation (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=30866). * Apply Debian patches, (reference https://github.com/ImageMagick/ImageMagick/issues/304). * Permit EPT images with just a TIFF or EPS image, not both (reference https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30921). * The -clone option no longer leak memory. - turn on make check along perl test ==== MozillaThunderbird ==== Version update (45.5.0 -> 45.5.1) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 45.5.1: * CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) ==== cheese ==== Subpackages: libcheese-common libcheese-gtk25 libcheese8 - Move to the rpm group "Productivity/Multimedia/Other": This is more consistent with the place Cheese is represented in structured menus (like on KDE), where it is listed in "Multimedia" (extracted as a 'bug'/'annoyance' from a Leap 42.2 review). ==== flatpak ==== Version update (0.6.13 -> 0.6.14) - Update to version 0.6.14: + Update bundled bubblewrap to 0.1.4 which has some nice bugfixes. + Requires OSTree 2016.14, which allows us to drop some old workarounds. + When installing an application system-wide, don't consider dependencies that are installed for the user only. + Flatpak install --from now tries to re-use existing remotes to avoid creating unnecessary origin remotes. + Using --filesystem=$dir when $dir is a symlink-to-directory now works. + Using --filesystem=$file to expose unix sockets to the app is now allowed. + By default all the directories in ~/.var/app (except the app), as well as ~/.local/share/flatpak are hidden in the sandbox. + New option --filesystem=$dir:create which will create the destination if it did not previously exist. + --filesystem= now supports for xdg-[config|cache|data]. This allows you access to the host versions of these xdg dirs. Additionally if you use these with a subdirectory, like: - -filesystem=xdg-config/subdir then that subdirectory on the host will be shared with the per-app instance of the xdg-dir. + Builder now correctly handles app-ids that have dashes in them. Previously this generated invalid ids for the debuginfo and locale extensions. + The experimental OCI file format support was changed from creating an OCI container to creating an OCI image. + Fix regression where "flatpak update --appstream remotename" broke. ==== kernel-source ==== Version update (4.8.11 -> 4.8.12) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-docs kernel-macros kernel-syms - Linux 4.8.12 (CVE-2016-7913 bnc#1012628 bsc#1010478 bsc#1000287). - Delete patches.apparmor/apparmor-fix-change_hat-not-finding-hat-after-policy-replacement.patch. - Delete patches.fixes/xc2028-Fix-use-after-free-bug-properly. - commit f8adb5a - drm/i915: Mark CPU cache as dirty when used for rendering (bnc#931300). - commit 04f28df - Fix bug reference in patches.fixes/Revert-ACPI-Execute-_PTS-before-system-reboot (bsc#1012220). - commit e617052 ==== libarchive ==== Subpackages: bsdtar libarchive-devel libarchive13 - fix extracting over symlinks: fix-extract-over-links.patch the problem is solved upstream different, but git master is too different atm. ==== libgit2 ==== Version update (0.24.1 -> 0.24.3) - libgit2 0.24.3, fixing the following vulnerabilities: * CVE-2016-8568, CVE-2016-8569: invalid memory accesses parsing object files (bsc#1003810) * various bug fixes from the 0.24.2 release ==== libinput ==== Version update (1.5.1 -> 1.5.2) Subpackages: libinput-udev libinput10 - Update to new upstream release 1.5.2 * Tweak the handling of touchpad deltas which leads to much more responsive pointer motion. * A custom quirk for the HP Zbook Studio G3 was added. ==== mutter ==== Subpackages: libmutter0 mutter-data - Add mutter-x11-meta.patch: Don't try setting unavailable scroll methods; libinput acts really bad on it (bgo#775337, bgo#771744, boo#1011356). ==== npth ==== Version update (1.2 -> 1.3) - update to 1.3: * Bypass npth_protect/npth_unprotect iff the library has not yet been initialized. * Improve detection of clock_gettime - use reproducible build timestamp ==== ostree ==== Version update (2016.12 -> 2016.14) - Update to version 2016.14: + otutil: Note that ot_log_structured takes a printf format. + libglnx: Bump to master (for -fsanitize fixes). + Distribute test scripts even if we wouldn't run them. + Distribute valgrind suppressions in tarballs. + Filter bootloader supplied kernel cmdline options. + repo: Don't put remote refs in the summary file. + pull: Don't do deltas with --commit-metadata-only. + pull: Add per-remote cookie jar. + remote: Add command to list cookies. + remote: Add commands to add and remove cookies for a remote. + OsreeFetcher: Treat 403 as not found. + trivial-httpd: Add support for checking cookies. + Update documentation for cookie handling commands. + deltas: Only keep one file open at a time during compilation. - Changes from version 2016.13: + pull: Add support for `http-headers` option. + pull: Redo logic for "scanning". + commit: Fix reading xattrs from OstreeRepoFile:s. + lib: Define and use cleanup functions for gpgme. + lib: Split out helper function to create GPG context. + Add "gpgkeypath" option to remotes. + lib: Add an API to GPG verify a commit given a remote. + pull: Do GPG verify commit objects when using deltas.