------------------------------------------------------------------ --- Changelog.all ----------- Mon Dec 8 01:35:39 CET 2008 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2008-11-19 - Nov 19 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - define default fonts for better integration into desktop ++++ opera: - define default fonts for better integration into desktop ------------------------------------------------------------------ ------------------ 2008-11-12 - Nov 12 2008 ------------------- ------------------------------------------------------------------ ++++ flash-player: - require libcurl.so.4 (bnc#443772) ------------------------------------------------------------------ ------------------ 2008-11-10 - Nov 10 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - timezone update to 1_3_9-2008g (bnc#427616) - defined tzversion macro for better maintenance in future. ++++ java-1_5_0-sun: - timezone update to 1_3_9-2008g (bnc#427616) - defined tzversion macro for better maintenance in future. ++++ java-1_6_0-sun: - timezone update to 1_3_9-2008g (bnc#427616) - defined tzversion macro for better maintenance in future. ++++ java-1_6_0-sun: - timezone update to 1_3_9-2008g (bnc#427616) - defined tzversion macro for better maintenance in future. ------------------------------------------------------------------ ------------------ 2008-11-5 - Nov 5 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#441739, bnc#397839: update to 8.1.3 for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-19.html CVE-2008-2992, CVE-2008-2549, CVE-2008-4812, CVE-2008-4813, CVE-2008-4817, CVE-2008-4816, CVE-2008-4814, CVE-2008-4815 ++++ sesam_srv: - fix init script headers ++++ sesam_srv: - fix init script headers ------------------------------------------------------------------ ------------------ 2008-11-3 - Nov 3 2008 ------------------- ------------------------------------------------------------------ ++++ flash-player: - strip rpath from standalone player as well ------------------------------------------------------------------ ------------------ 2008-10-30 - Oct 30 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - updated to 9.62 (aka build 2466) o Security * Fixed an issue where History Search could be used to execute arbitrary code, as discovered by Aviv Raff; see our advisory * The links panel no longer allows cross-site scripting; see our advisory ++++ opera: - updated to 9.62 (aka build 2466) o Security * Fixed an issue where History Search could be used to execute arbitrary code, as discovered by Aviv Raff; see our advisory * The links panel no longer allows cross-site scripting; see our advisory ------------------------------------------------------------------ ------------------ 2008-10-27 - Oct 27 2008 ------------------- ------------------------------------------------------------------ ++++ flash-player: - fix typo in specfile ------------------------------------------------------------------ ------------------ 2008-10-21 - Oct 21 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - updated to 9.61 (aka build 2456) o User Interface * Fixed an issue with Opera Link which could generate duplicate bookmarks during the synchronization process * The image toggle button on the status bar is now a normal button, and does not have a menu o Security * Fixed an issue where History Search could be used to reveal browsing history, as reported by Roberto Suggi Liverani of Security-Assessment.com; see our advisory * Fast Forward can no longer allow cross-site scripting, as reported by David Bloom; see our advisory * Prevented news feed preview from revealing the contents of unrelated news feeds, as reported by David Bloom; see our advisory ++++ opera: - updated to 9.61 (aka build 2456) o User Interface * Fixed an issue with Opera Link which could generate duplicate bookmarks during the synchronization process * The image toggle button on the status bar is now a normal button, and does not have a menu o Security * Fixed an issue where History Search could be used to reveal browsing history, as reported by Roberto Suggi Liverani of Security-Assessment.com; see our advisory * Fast Forward can no longer allow cross-site scripting, as reported by David Bloom; see our advisory * Prevented news feed preview from revealing the contents of unrelated news feeds, as reported by David Bloom; see our advisory ------------------------------------------------------------------ ------------------ 2008-10-15 - Oct 15 2008 ------------------- ------------------------------------------------------------------ ++++ flash-player: - update to 10.0.12.36 (bnc#435201): * fixes for CVE-2007-6243, CVE-2008-3873, CVE-2007-4324, CVE-2008-4401, CVE-2008-4503 * http://www.adobe.com/products/flashplayer/ ------------------------------------------------------------------ ------------------ 2008-10-8 - Oct 8 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - updated to 9.60 (aka build 2444) o User Interface * Opera now remembers the bookmark panel position after restart * Added a setting opera:config#UserPrefs|ShowBookmarksInAddressfield- Autocompletion to prevent bookmarks from showing in the Address field auto-completion drop-down * When setting opera:config#TransferWindow|KeepEntriesDays to 0, Opera now removes the transfer history when restarting * Sites using HTTP Auth are now saved in typed history * Opera now stops loading pages with iframes when closing the page or pressing stop * Page encoding in site preferences can now be reset to automatic * Browsing Intranet sites now works after changing proxies in a running session * Improvements to Opera Link include the synchronization of search engines and typed history * Changed the default global history to 1000 * Added a new default speedial.ini * Fixed sorting by progress in Transfers * Fixed copying of multiple entries from the history manager * Fixed a bug that could cause notes to be lost when using certain characters * Fixed dataloss situation when note folders had more than one line in their name * Fixed spurious highlighting when using the space character in inline find * Fixed an issue that would prevent links in frames from being opened by the keyboard o Mail, News, Chat * Added popular Chinese providers in mailproviders.xml * Made all top-level access points (except All Messages) selectable * Now copes better with broken POP servers that send empty UIDLs * The "Large font" setting is now respected for subjects * Cache files from feeds no longer show up in Transfers * Feeds are now detected even when served as text/html * Fixed the synchronization of removed labels for IMAP accounts * Fixed an issue where the signatures wouldn't change if the default account signature ended with a space * Fixed an issue where sent message bodies could disappear under certain circumstances * Fixed DCC transfers in IRC o Display and Scripting * Improved Acid3 support: The document property has been removed from iframe objects for compatibility with Gecko, WebKit, and the Acid3 test * Added support for the caller property on functions: http://developer.mozilla.org/En/Core_JavaScript_1.5_Reference:Global_Objects:Function:caller * Special characters are now displayed properly in the Address bar drop-down * Opera Dragonfly element highlighting no longer stays on the page after closing the developer tools window * Script focused elements are no longer highlighted * Fixed saving of SVG when right clicking * Fixed an issue where custom search engines would not get a favicon o Security * Verisign and Comodo are now formally EV-enabled: see Yngve's blog post * Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory * Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory o Miscellaneous * Added the Opera Core version (currently "Presto/2.1.1") to the User Agent header * Improved performance with large wand.dat files * Fixed Fast Forward on Google search results pages o Unix-specific changes * Upgrading Opera on Debian no longer resets default x-www-browser * Fixed an issue where text with specified size suddenly disappears on Qt4 builds ++++ opera: - updated to 9.60 (aka build 2444) o User Interface * Opera now remembers the bookmark panel position after restart * Added a setting opera:config#UserPrefs|ShowBookmarksInAddressfield- Autocompletion to prevent bookmarks from showing in the Address field auto-completion drop-down * When setting opera:config#TransferWindow|KeepEntriesDays to 0, Opera now removes the transfer history when restarting * Sites using HTTP Auth are now saved in typed history * Opera now stops loading pages with iframes when closing the page or pressing stop * Page encoding in site preferences can now be reset to automatic * Browsing Intranet sites now works after changing proxies in a running session * Improvements to Opera Link include the synchronization of search engines and typed history * Changed the default global history to 1000 * Added a new default speedial.ini * Fixed sorting by progress in Transfers * Fixed copying of multiple entries from the history manager * Fixed a bug that could cause notes to be lost when using certain characters * Fixed dataloss situation when note folders had more than one line in their name * Fixed spurious highlighting when using the space character in inline find * Fixed an issue that would prevent links in frames from being opened by the keyboard o Mail, News, Chat * Added popular Chinese providers in mailproviders.xml * Made all top-level access points (except All Messages) selectable * Now copes better with broken POP servers that send empty UIDLs * The "Large font" setting is now respected for subjects * Cache files from feeds no longer show up in Transfers * Feeds are now detected even when served as text/html * Fixed the synchronization of removed labels for IMAP accounts * Fixed an issue where the signatures wouldn't change if the default account signature ended with a space * Fixed an issue where sent message bodies could disappear under certain circumstances * Fixed DCC transfers in IRC o Display and Scripting * Improved Acid3 support: The document property has been removed from iframe objects for compatibility with Gecko, WebKit, and the Acid3 test * Added support for the caller property on functions: http://developer.mozilla.org/En/Core_JavaScript_1.5_Reference:Global_Objects:Function:caller * Special characters are now displayed properly in the Address bar drop-down * Opera Dragonfly element highlighting no longer stays on the page after closing the developer tools window * Script focused elements are no longer highlighted * Fixed saving of SVG when right clicking * Fixed an issue where custom search engines would not get a favicon o Security * Verisign and Comodo are now formally EV-enabled: see Yngve's blog post * Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory * Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory o Miscellaneous * Added the Opera Core version (currently "Presto/2.1.1") to the User Agent header * Improved performance with large wand.dat files * Fixed Fast Forward on Google search results pages o Unix-specific changes * Upgrading Opera on Debian no longer resets default x-www-browser * Fixed an issue where text with specified size suddenly disappears on Qt4 builds ++++ xv: - Make code of xwd work (bnc#426582) ++++ xv: - Make code of xwd work (bnc#426582) ------------------------------------------------------------------ ------------------ 2008-10-2 - Oct 2 2008 ------------------- ------------------------------------------------------------------ ++++ iscan: - Don't run autoreconf ------------------------------------------------------------------ ------------------ 2008-10-1 - Oct 1 2008 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - use a antlr-bootstrap do avoid another cycle ++++ javamail: - use a gcj instead of java-devel for build ------------------------------------------------------------------ ------------------ 2008-9-30 - Sep 30 2008 ------------------- ------------------------------------------------------------------ ++++ ivtv: - update to 1.3.0 (upstream name is now ivtv-utils) * ivtvctl has been renamed to ivtv-ctl. This makes it consistent with the naming of other v4l2 utilities. - kmp packages (drivers) are now gone, all in upstream kernel ++++ ivtv: - update to 1.3.0 (upstream name is now ivtv-utils) * ivtvctl has been renamed to ivtv-ctl. This makes it consistent with the naming of other v4l2 utilities. - kmp packages (drivers) are now gone, all in upstream kernel ------------------------------------------------------------------ ------------------ 2008-9-19 - Sep 19 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - Fixed [bnc#394974]: Missing .systemPrefs ++++ java-1_5_0-sun: - Fixed [bnc#394974]: Missing .systemPrefs ++++ java-1_6_0-sun: - Fixed [bnc#394974]: Missing .systemPrefs ++++ java-1_6_0-sun: - Fixed [bnc#394974]: Missing .systemPrefs ------------------------------------------------------------------ ------------------ 2008-9-9 - Sep 9 2008 ------------------- ------------------------------------------------------------------ ++++ netbeans: - fix filelist broken in last change ++++ netbeans: - fix filelist broken in last change ------------------------------------------------------------------ ------------------ 2008-9-4 - Sep 4 2008 ------------------- ------------------------------------------------------------------ ++++ netbeans: - do not pack everything below libdir ++++ netbeans: - do not pack everything below libdir ------------------------------------------------------------------ ------------------ 2008-9-3 - Sep 3 2008 ------------------- ------------------------------------------------------------------ ++++ xv: - Do not deleted PNG window twice (bnc#419422) ++++ xv: - Do not deleted PNG window twice (bnc#419422) ------------------------------------------------------------------ ------------------ 2008-8-22 - Aug 22 2008 ------------------- ------------------------------------------------------------------ ++++ antivir: - removed deprecated startvar from fillup_and_insserv call ------------------------------------------------------------------ ------------------ 2008-8-20 - Aug 20 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - RC2 is final: adjusted version number - security fixes in opera 9.52: * Sites can no longer change framed content on other sites * Fixed an issue that could allow cross-site scripting * Custom shortcuts no longer pass the wrong parameters to applications, as reported by Michael A. Puls II * Prevented insecure pages from showing incorrect security information, as reported by Lars Kleinschmidt * Feed links can no longer link to local files * Feed subscription can no longer cause the wrong page address to be displayed - other stability upgrades and features (See Changelog) ++++ opera: - RC2 is final: adjusted version number - security fixes in opera 9.52: * Sites can no longer change framed content on other sites * Fixed an issue that could allow cross-site scripting * Custom shortcuts no longer pass the wrong parameters to applications, as reported by Michael A. Puls II * Prevented insecure pages from showing incorrect security information, as reported by Lars Kleinschmidt * Feed links can no longer link to local files * Feed subscription can no longer cause the wrong page address to be displayed - other stability upgrades and features (See Changelog) ------------------------------------------------------------------ ------------------ 2008-8-15 - Aug 15 2008 ------------------- ------------------------------------------------------------------ ++++ iscan: - add ExclusiveArch to specfile ++++ opera: - update to 9.52 RC2 build 2091 * Added Help button to "Engine Init() Failed" error message on start-up to inform users about problem. * Fixed a problem with M&T Bank. * Fixed a problem with POP accounts where message bodies weren't downloaded. * Fixed a small memory leak in the BitTorrent code. * Added bookmark path to autocompleted bookmarks in the address bar to better distinguish them from visited pages. * Disabled APOP authentication for new accounts at online.no (not supported by them). Users experiencing problems with online.no account should switch to Plaintext authentication. * Fixed a crash that could occur when opening mail notification popups on a secondary monitor. * Fixed a few icon/skin issues. * Added a "Close Tab" entry to the File menu on Windows and Linux. * Fixed some translation errors. ++++ opera: - update to 9.52 RC2 build 2091 * Added Help button to "Engine Init() Failed" error message on start-up to inform users about problem. * Fixed a problem with M&T Bank. * Fixed a problem with POP accounts where message bodies weren't downloaded. * Fixed a small memory leak in the BitTorrent code. * Added bookmark path to autocompleted bookmarks in the address bar to better distinguish them from visited pages. * Disabled APOP authentication for new accounts at online.no (not supported by them). Users experiencing problems with online.no account should switch to Plaintext authentication. * Fixed a crash that could occur when opening mail notification popups on a secondary monitor. * Fixed a few icon/skin issues. * Added a "Close Tab" entry to the File menu on Windows and Linux. * Fixed some translation errors. ------------------------------------------------------------------ ------------------ 2008-8-13 - Aug 13 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - add exclusivearch ------------------------------------------------------------------ ------------------ 2008-8-1 - Aug 1 2008 ------------------- ------------------------------------------------------------------ ++++ xv: - In jpeg library the numbers of out_color_components and color_components are diffenrent for quantize_colors, that is that color_components is the colormap (normally 1) (bnc#412491) ++++ xv: - In jpeg library the numbers of out_color_components and color_components are diffenrent for quantize_colors, that is that color_components is the colormap (normally 1) (bnc#412491) ------------------------------------------------------------------ ------------------ 2008-7-21 - Jul 21 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#404976: security update, CVS-2008-2641. - remove hunks to use mktemp from acroread.patch, the problem has been fixed upstream now, mktemp is used if available. ------------------------------------------------------------------ ------------------ 2008-7-16 - Jul 16 2008 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - avoid another build cycle ------------------------------------------------------------------ ------------------ 2008-7-14 - Jul 14 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - updated to 1.5.0u16 (bnc#407935) - updated timezone data ++++ java-1_5_0-sun: - updated to 1.5.0u16 (bnc#407935) - updated timezone data ++++ java-1_6_0-sun: - updated to 1.6.0u7 (bnc#407935) - updated timezone data ++++ java-1_6_0-sun: - updated to 1.6.0u7 (bnc#407935) - updated timezone data ------------------------------------------------------------------ ------------------ 2008-7-4 - Jul 4 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - update to version 9.51 * Lot's of security and bug fixes. See Changelog for more details. - changing filehandler.ini inside spec file, erased external source - erased external lang files cause they are included in the tarball ++++ opera: - update to version 9.51 * Lot's of security and bug fixes. See Changelog for more details. - changing filehandler.ini inside spec file, erased external source - erased external lang files cause they are included in the tarball ------------------------------------------------------------------ ------------------ 2008-6-16 - Jun 16 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - security update to version 9.50 [bnc#400367] * Lot's of security and bug fixes and new features. See Changelog for more details. - all archs (i386, ppc, x86_64) use shared qt3 library and gcc4 - enabled native 64bit build [bnc#204729] - dropped sparc arch - Opera now works with Flash plug-in also on 64bit [bnc#336213] - deleted bugzilla-300536-oneclick.patch because file associations are rewritten manually in spec file - applying bugzilla-208048-scim-qtimm-problem.patch for all archs - deleted unused and obsolete extra file search.ini - using AutopreReq on ++++ opera: - security update to version 9.50 [bnc#400367] * Lot's of security and bug fixes and new features. See Changelog for more details. - all archs (i386, ppc, x86_64) use shared qt3 library and gcc4 - enabled native 64bit build [bnc#204729] - dropped sparc arch - Opera now works with Flash plug-in also on 64bit [bnc#336213] - deleted bugzilla-300536-oneclick.patch because file associations are rewritten manually in spec file - applying bugzilla-208048-scim-qtimm-problem.patch for all archs - deleted unused and obsolete extra file search.ini - using AutopreReq on ------------------------------------------------------------------ ------------------ 2008-6-2 - Jun 2 2008 ------------------- ------------------------------------------------------------------ ++++ moneyplex: - update to 2008 version ++++ moneyplex: - update to 2008 version ------------------------------------------------------------------ ------------------ 2008-5-27 - May 27 2008 ------------------- ------------------------------------------------------------------ ++++ xv: - Switch over to jumbo patch 20070520 as this includes not only all of our security patches but also those from debian - Avoid to be fooled on new gcc as the overflow detection with signed integers hadn't worked anymore - Avoid to be fooled on boundary check of new glibc on counting the pointer up and behind the upper boundary ++++ xv: - Switch over to jumbo patch 20070520 as this includes not only all of our security patches but also those from debian - Avoid to be fooled on new gcc as the overflow detection with signed integers hadn't worked anymore - Avoid to be fooled on boundary check of new glibc on counting the pointer up and behind the upper boundary ------------------------------------------------------------------ ------------------ 2008-5-23 - May 23 2008 ------------------- ------------------------------------------------------------------ ++++ xv: - Never call X11 functions from within siganl handler (bnc#283914) ++++ xv: - Never call X11 functions from within siganl handler (bnc#283914) ------------------------------------------------------------------ ------------------ 2008-5-7 - May 7 2008 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - build using gcj, to allow a openjdk6 bootstrap - change a source and a target level to 1.5 in build.xml ------------------------------------------------------------------ ------------------ 2008-4-30 - Apr 30 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - added hicolor opera icon [bnc#384209] * created by Aakash Soneri (http://www.akkasone.com/) * redistributed with written permission of the author * http://akkasone.deviantart.com/art/Opera-8-Browser-Icon-22991716 - registration file opera.reg no longer needed - refactored spec file ++++ opera: - added hicolor opera icon [bnc#384209] * created by Aakash Soneri (http://www.akkasone.com/) * redistributed with written permission of the author * http://akkasone.deviantart.com/art/Opera-8-Browser-Icon-22991716 - registration file opera.reg no longer needed - refactored spec file ------------------------------------------------------------------ ------------------ 2008-4-28 - Apr 28 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#382739: use more robust code in the startscript to find libgtkembedmoz.so. Only use the value found in ~/.adobe/ if it really points to a libgtkembedmoz.so, if not search anew in the system. ++++ java-1_6_0-sun: - update to 1.6.0u6: VUL-0: java 1.6.0 update 6 security update available [bnc#383674] - xcb_xlib.c:50: xcb_xlib_unlock: Assertion 'c->xlib.lock' failed. - HttpClient and HttpsClient should not try to reverse lookup IP address of a proxy server - REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC - (tz) Support tzdata2008a - Incorrect locale specified in the URL embedded in the register[_].html - FontConfiguration exception preventing applets from loading - Java 6 JavaWebstart increases footprint by factor 2 - JWS can't find cache file after network crash - javax.xml.ws.wsaddressing not included in make/docs/CORE_PKGS.gmk - com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext - fix the java 1.6.0_01-b06 getPackage isCompatibleWith Empty version string AMD86 [bnc#331680] ++++ java-1_6_0-sun: - update to 1.6.0u6: VUL-0: java 1.6.0 update 6 security update available [bnc#383674] - xcb_xlib.c:50: xcb_xlib_unlock: Assertion 'c->xlib.lock' failed. - HttpClient and HttpsClient should not try to reverse lookup IP address of a proxy server - REGRESSION: setting -Djava.security.debug=failure result in NPE in ACC - (tz) Support tzdata2008a - Incorrect locale specified in the URL embedded in the register[_].html - FontConfiguration exception preventing applets from loading - Java 6 JavaWebstart increases footprint by factor 2 - JWS can't find cache file after network crash - javax.xml.ws.wsaddressing not included in make/docs/CORE_PKGS.gmk - com.sun.crypto.provider.SunJCE instance leak using KRB5 and LoginContext - fix the java 1.6.0_01-b06 getPackage isCompatibleWith Empty version string AMD86 [bnc#331680] ------------------------------------------------------------------ ------------------ 2008-4-23 - Apr 23 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#382777: do not replace the libcurl.so.3.0.0 which comes with the acroread tarball with symbolic links to libcurl.so.4.0.0 in the system, apparently these are *not* compatible. ------------------------------------------------------------------ ------------------ 2008-4-10 - Apr 10 2008 ------------------- ------------------------------------------------------------------ ++++ cg: - added baselibs.conf file to build xxbit packages for multilib support ++++ cg: - added baselibs.conf file to build xxbit packages for multilib support ++++ iscan-proprietary-drivers: - Updated to match our current iscan package version 2.10.0.1. There is one new proprietary driver: iscan-plugin-cx4400 ++++ iscan-proprietary-drivers: - Updated to match our current iscan package version 2.10.0.1. There is one new proprietary driver: iscan-plugin-cx4400 ------------------------------------------------------------------ ------------------ 2008-4-9 - Apr 9 2008 ------------------- ------------------------------------------------------------------ ++++ flash-player: - update to 9.0.124.0 (bnc#376639) * CVE-2007-6637 ++++ iscan: - Updated to version 2.10.0-1 (results package version 2.10.0.1): This package still contains /usr/bin/iscan and libesmod. There are many more supported scanners (for details see the NEWS file). ++++ java-1_6_0-sun: - fixed names of java-1.6.0-sun and java-1.6.0-sun-devel provides, fixed directory names (removed update number) ++++ java-1_6_0-sun: - fixed names of java-1.6.0-sun and java-1.6.0-sun-devel provides, fixed directory names (removed update number) ------------------------------------------------------------------ ------------------ 2008-4-4 - Apr 4 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#375551: use LD_PRELOAD to prevent acroread from using XGrabServer and XUngrabServer. - bnc#373590: add symlinks to libicu*.so.34 for suse_version < 1030 where libicu* has been deleted from the acroread package. ------------------------------------------------------------------ ------------------ 2008-4-3 - Apr 3 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - security update to 9.27 [bnc#376714] * Fixed an issue where newsfeed prompts could cause Opera to execute arbitrary code. * Solved an issue where resized canvas patterns could cause Opera to execute arbitrary code. * Improved keyboard handling of password inputs. * Fixed a BitTorrent transfer stability issue. * Resolved stablity issues with the Acid 3 test. * Additional stability fixes. ++++ opera: - security update to 9.27 [bnc#376714] * Fixed an issue where newsfeed prompts could cause Opera to execute arbitrary code. * Solved an issue where resized canvas patterns could cause Opera to execute arbitrary code. * Improved keyboard handling of password inputs. * Fixed a BitTorrent transfer stability issue. * Resolved stablity issues with the Acid 3 test. * Additional stability fixes. ------------------------------------------------------------------ ------------------ 2008-3-31 - Mar 31 2008 ------------------- ------------------------------------------------------------------ ++++ jms: - added COPYING file with LGPLv2.1, fixes (bnc#372253) ------------------------------------------------------------------ ------------------ 2008-3-26 - Mar 26 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - update to 1.5.0u15: VUL-0: java: multiple vulnerabilities [bnc#368134] - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. - CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185. - CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. - CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189. - CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. - CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191. - CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. - CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. - CVE-2008-1194: Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. - CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. - CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. ++++ java-1_5_0-sun: - update to 1.5.0u15: VUL-0: java: multiple vulnerabilities [bnc#368134] - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. - CVE-2008-1186: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185. - CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. - CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189. - CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. - CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191. - CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. - CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. - CVE-2008-1194: Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. - CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. - CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. ++++ java-1_6_0-sun: - update to 1.6.0u5: VUL-0: java: multiple vulnerabilities [bnc#368134] - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. - CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. - CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189. - CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. - CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191. - CVE-2008-1191: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190. - CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. - CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. - CVE-2008-1194: Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. - CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. - CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. ++++ java-1_6_0-sun: - update to 1.6.0u5: VUL-0: java: multiple vulnerabilities [bnc#368134] - CVE-2008-1158: Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers should gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186. - CVE-2008-1187: Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. - CVE-2008-1188: Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1189. - CVE-2008-1189: Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188. - CVE-2008-1190: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191. - CVE-2008-1191: Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190. - CVE-2008-1192: Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. - CVE-2008-1193: Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application. - CVE-2008-1194: Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. - CVE-2008-1195: Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. - CVE-2008-1196: Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. ------------------------------------------------------------------ ------------------ 2008-3-17 - Mar 17 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#370330 and bnc#353251: add a workaround to the start script /usr/bin/acroread to make input via XIM work when acroread is started in an UTF-8 locale (.UTF-8 is cut off from the locale name then to “fix” the problem). ------------------------------------------------------------------ ------------------ 2008-3-6 - Mar 6 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_6_0-sun: - removed Provides and Obsoletes of java-1.5.0-plugin in plugin subpackage: [bnc#365768] ++++ java-1_6_0-sun: - removed Provides and Obsoletes of java-1.5.0-plugin in plugin subpackage: [bnc#365768] ------------------------------------------------------------------ ------------------ 2008-2-28 - Feb 28 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so to Requires: unixODBC (bnc#326751) ++++ java-1_5_0-sun: - changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so to Requires: unixODBC (bnc#326751) ++++ java-1_6_0-sun: - changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so to Requires: unixODBC [#326751] ++++ java-1_6_0-sun: - changed Requires: %{_libdir}/libodbc.so, %{_libdir}/libodbcinst.so to Requires: unixODBC [#326751] ------------------------------------------------------------------ ------------------ 2008-2-21 - Feb 21 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - security update to 9.26 [bnc#363574] * Fixed an issue where simulated text inputs could trick users into uploading arbitrary files. * Image properties can no longer be used to execute scripts. * Fixed an issue where the representation of DOM attribute values could allow cross site scripting. * Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects securely to Windows Server 2008 or other servers supporting the TLS Certificate Status extension. * Additional stability fixes. ++++ opera: - security update to 9.26 [bnc#363574] * Fixed an issue where simulated text inputs could trick users into uploading arbitrary files. * Image properties can no longer be used to execute scripts. * Fixed an issue where the representation of DOM attribute values could allow cross site scripting. * Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects securely to Windows Server 2008 or other servers supporting the TLS Certificate Status extension. * Additional stability fixes. ------------------------------------------------------------------ ------------------ 2008-2-20 - Feb 20 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#362926: use "mktemp" to create temporary files in a secure way. - detect the correct directory for the 32bit libgtkembedmoz.so on x86_64 systems. - bnc#353251: remove duplicated system libraries (because of security considerations and compatibility problems). ------------------------------------------------------------------ ------------------ 2008-2-17 - Feb 17 2008 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - fix changelog for build service ------------------------------------------------------------------ ------------------ 2008-2-15 - Feb 15 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - owning directories /usr/share/icons/hicolor/*/* - added missing coreutils PreReq - set Requires: on qt3 only for build with shared libs ++++ opera: - owning directories /usr/share/icons/hicolor/*/* - added missing coreutils PreReq - set Requires: on qt3 only for build with shared libs ------------------------------------------------------------------ ------------------ 2008-2-14 - Feb 14 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#358438 comment #31-#33: Workaround to make acroread start when XInputExtension is missing on an X-server (this is missing on VNC X-servers) and the theme package gtk-qt-engine is installed. ------------------------------------------------------------------ ------------------ 2008-2-13 - Feb 13 2008 ------------------- ------------------------------------------------------------------ ++++ jms: - remove NoSource flag, this is free software ------------------------------------------------------------------ ------------------ 2008-2-7 - Feb 7 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - bnc#275088, commment #134-#139: set ACRO_ENABLE_FONT_CONFIG=1 in the acroread start script. ------------------------------------------------------------------ ------------------ 2008-2-5 - Feb 5 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - update to final release of 8.1.2. Fixes bnc#358438, bnc#275088, bnc#353927. Official announcement by Adobe is here: http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html “Version 8.1.2 contains scores of bug fixes including security vulnerability fixes.” ------------------------------------------------------------------ ------------------ 2008-1-28 - Jan 28 2008 ------------------- ------------------------------------------------------------------ ++++ gst-fluendo-mp3: - added gstreamer-utils to BuildRequres. gst-inspect moved there. ++++ gst-fluendo-mp3: - added gstreamer-utils to BuildRequres. gst-inspect moved there. ------------------------------------------------------------------ ------------------ 2008-1-23 - Jan 23 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_6_0-sun: - New update - 1.6.0u4 - The better alternatives script - Updated the timezone info to 2007k - avoid the building of a src subpackage in BuildService (licencing problems) - added %{bits} to requires of subpackage [#354123] ++++ java-1_6_0-sun: - New update - 1.6.0u4 - The better alternatives script - Updated the timezone info to 2007k - avoid the building of a src subpackage in BuildService (licencing problems) - added %{bits} to requires of subpackage [#354123] ------------------------------------------------------------------ ------------------ 2008-1-22 - Jan 22 2008 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - New update - 1.5.0_update14 - The better alternatives script - Updated the timezone info to 2007k ++++ java-1_5_0-sun: - New update - 1.5.0_update14 - The better alternatives script - Updated the timezone info to 2007k ------------------------------------------------------------------ ------------------ 2008-1-16 - Jan 16 2008 ------------------- ------------------------------------------------------------------ ++++ netbeans: - update to version 6.0 ++++ netbeans: - update to version 6.0 ------------------------------------------------------------------ ------------------ 2008-1-11 - Jan 11 2008 ------------------- ------------------------------------------------------------------ ++++ acroread: - use fdupes only for openSUSE >= 10.3. - update to 8.1.2 (fixes bugzilla #275088). ------------------------------------------------------------------ ------------------ 2008-1-2 - Jan 2 2008 ------------------- ------------------------------------------------------------------ ++++ opera: - applying oneclick patch also on ppc arch - security update to 9.25 [#350579] CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6523, CVE-2007-6524 * Fixed an issue where plug-ins could be used to allow cross domain scripting. * Fixed an issue with TLS certificates that could be used to execute arbitrary code. * Rich text editing can no longer be used to allow cross domain scripting. * Fixed a problem where malformed BMP files could cause Opera to temporarily freeze. * Prevented bitmaps from revealing random data from memory. ++++ opera: - applying oneclick patch also on ppc arch - security update to 9.25 [#350579] CVE-2007-6520, CVE-2007-6521, CVE-2007-6522, CVE-2007-6523, CVE-2007-6524 * Fixed an issue where plug-ins could be used to allow cross domain scripting. * Fixed an issue with TLS certificates that could be used to execute arbitrary code. * Rich text editing can no longer be used to allow cross domain scripting. * Fixed a problem where malformed BMP files could cause Opera to temporarily freeze. * Prevented bitmaps from revealing random data from memory. ------------------------------------------------------------------ ------------------ 2007-12-20 - Dec 20 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_6_0-sun: - added 32-bit and 64-bit specific provides (jre-32, jre-64) ++++ java-1_6_0-sun: - added 32-bit and 64-bit specific provides (jre-32, jre-64) ------------------------------------------------------------------ ------------------ 2007-12-12 - Dec 12 2007 ------------------- ------------------------------------------------------------------ ++++ cg: - #331539: Add Obsoletes/Provides for Cg (compatibility to Packman packages) ++++ cg: - #331539: Add Obsoletes/Provides for Cg (compatibility to Packman packages) ------------------------------------------------------------------ ------------------ 2007-12-4 - Dec 4 2007 ------------------- ------------------------------------------------------------------ ++++ flash-player: - update to 9.0.115.0 (#310213) ------------------------------------------------------------------ ------------------ 2007-11-28 - Nov 28 2007 ------------------- ------------------------------------------------------------------ ++++ netbeans: - updated to version 5.5.1 - build from source - added netbeans-build.patch ++++ netbeans: - updated to version 5.5.1 - build from source - added netbeans-build.patch ------------------------------------------------------------------ ------------------ 2007-11-20 - Nov 20 2007 ------------------- ------------------------------------------------------------------ ++++ acroread: - apply patch to start script again to use XIM and to add the most important directories to PSRESOURCEPATH. - use fdupes only in %INSTALL_DIR (/usr/lib) to avoid hardlinks to /usr/share which might be on a different partition. ------------------------------------------------------------------ ------------------ 2007-11-9 - Nov 9 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - Fixed a perin script, beta build fail ++++ java-1_5_0-sun: - Fixed a perin script, beta build fail ------------------------------------------------------------------ ------------------ 2007-11-6 - Nov 6 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - Fixed a manual status of symlinks in /etc/alternatives [#334783] ++++ java-1_5_0-sun: - Fixed a manual status of symlinks in /etc/alternatives [#334783] ++++ java-1_6_0-sun: - Fixed a manual state in /etc/alternatives after update [#334783] ++++ java-1_6_0-sun: - Fixed a manual state in /etc/alternatives after update [#334783] ------------------------------------------------------------------ ------------------ 2007-10-22 - Oct 22 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - Fixed bug [#334783] bad symlinks in /etc/alternatives after update - Fixed bug [#334783] bad symlinks in /etc/alternatives after update ++++ java-1_5_0-sun: - Fixed bug [#334783] bad symlinks in /etc/alternatives after update - Fixed bug [#334783] bad symlinks in /etc/alternatives after update ++++ java-1_6_0-sun: - Fixed bug [#334783] bad symlinks in /etc/alternatives after update ++++ java-1_6_0-sun: - Fixed bug [#334783] bad symlinks in /etc/alternatives after update ++++ opera: - security update to 9.24 CVE-2007-5540, CVE-2007-5541 [#334832] * Fixed an issue where external news readers and e-mail clients could be used to execute arbitrary code * Fixed an issue where scripts could overwrite functions on pages from other domains. - updated language files to meet the version [#331913] ++++ opera: - security update to 9.24 CVE-2007-5540, CVE-2007-5541 [#334832] * Fixed an issue where external news readers and e-mail clients could be used to execute arbitrary code * Fixed an issue where scripts could overwrite functions on pages from other domains. - updated language files to meet the version [#331913] ------------------------------------------------------------------ ------------------ 2007-10-18 - Oct 18 2007 ------------------- ------------------------------------------------------------------ ++++ opera: - don't build on x86_64, let's use the x86 version until we get something native ++++ opera: - don't build on x86_64, let's use the x86 version until we get something native ------------------------------------------------------------------ ------------------ 2007-10-17 - Oct 17 2007 ------------------- ------------------------------------------------------------------ ++++ ivtv: - update to 1.0.3, the main driver is now upstream and built in the kernel source - here are the ivtvfb and saa717x drivers ++++ ivtv: - update to 1.0.3, the main driver is now upstream and built in the kernel source - here are the ivtvfb and saa717x drivers ------------------------------------------------------------------ ------------------ 2007-10-16 - Oct 16 2007 ------------------- ------------------------------------------------------------------ ++++ acroread: - add "Requires: libgtkembedmoz.so". ++++ iscan: - Changed fixes-for-GCC43.patch as suggested by Olaf Meeuwissen so that it also works for GCC before 4.3. With the previous fixes-for-GCC43.patch GCC before 4.3 showed: "pisa_tool.h:59: multiple definition of 'double similarity..." and for GCC 4.3 the error was "pisa_tool.h:69: error: explicit template specialization cannot have a storage class". ------------------------------------------------------------------ ------------------ 2007-10-11 - Oct 11 2007 ------------------- ------------------------------------------------------------------ ++++ iscan: - fixes-for-GCC43.patch applies fixes for GCC 4.3, see http://en.opensuse.org/GCC_4.3_Transition ------------------------------------------------------------------ ------------------ 2007-10-10 - Oct 10 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - update to 1.5.0_update13 [#332137] - Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240 ++++ java-1_5_0-sun: - update to 1.5.0_update13 [#332137] - Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240 ++++ java-1_6_0-sun: - update to 1.6.0_update3 [#332137] - Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240 ++++ java-1_6_0-sun: - update to 1.6.0_update3 [#332137] - Fixed vulnerabilities: CVE-2007-5232, CVE-2007-5236, CVE-2007-523, CVE-2007-523, CVE-2007-5240 ------------------------------------------------------------------ ------------------ 2007-10-9 - Oct 9 2007 ------------------- ------------------------------------------------------------------ ++++ gst-fluendo-mp3: - conflicts gst-fluendo-plugins, [Bug 331780] ++++ gst-fluendo-mp3: - conflicts gst-fluendo-plugins, [Bug 331780] ------------------------------------------------------------------ ------------------ 2007-10-8 - Oct 8 2007 ------------------- ------------------------------------------------------------------ ++++ acroread: - update to 8.1.1. - fix automatic provides and requires. - use fdupes. ------------------------------------------------------------------ ------------------ 2007-9-22 - Sep 22 2007 ------------------- ------------------------------------------------------------------ ++++ moneyplex: - update to 2007 version ++++ moneyplex: - update to 2007 version ------------------------------------------------------------------ ------------------ 2007-9-3 - Sep 3 2007 ------------------- ------------------------------------------------------------------ ++++ gst-fluendo-mp3: - initial checkin of free binaries for i386, x68_64, ppc, version 2. Sources tarred from svn. ++++ gst-fluendo-mp3: - initial checkin of free binaries for i386, x68_64, ppc, version 2. Sources tarred from svn. ------------------------------------------------------------------ ------------------ 2007-8-31 - Aug 31 2007 ------------------- ------------------------------------------------------------------ ++++ acroread: - Bugzilla #275088: add important font directories to the default PSRESOURCEPATH. ++++ antivir: - updated to antivir-server-prof-2.1.10-15 released on 06.03.2007 - new eval license key for openSUSE-10.3 provided by Avira (valid up to 31 January 2008), updated README files. ++++ opera: - fix #300536 add one-click installation associations to opera ++++ opera: - fix #300536 add one-click installation associations to opera ------------------------------------------------------------------ ------------------ 2007-8-16 - Aug 16 2007 ------------------- ------------------------------------------------------------------ ++++ opera: - update to 9.23 (#300605 - VUL-0: opera: a specially crafted JavaScript can make Opera execute arbitrary code) - #300536 - add one-click installation associations to opera ++++ opera: - update to 9.23 (#300605 - VUL-0: opera: a specially crafted JavaScript can make Opera execute arbitrary code) - #300536 - add one-click installation associations to opera ++++ sesam_srv: - fix macro usage for insserv_cleanup ++++ sesam_srv: - fix macro usage for insserv_cleanup ------------------------------------------------------------------ ------------------ 2007-8-8 - Aug 8 2007 ------------------- ------------------------------------------------------------------ ++++ AdobeICCProfiles: - Repackaged using new official source (no change in files). ------------------------------------------------------------------ ------------------ 2007-8-2 - Aug 2 2007 ------------------- ------------------------------------------------------------------ ++++ iscan: - Updated to version 2.8.0-1 (results package version 2.8.0.1): This package still contains /usr/bin/iscan and libesmod. There are several more supported scanners. ++++ iscan-firmware: - Updated to match our current iscan package version 2.8.0.1 and our current iscan-proprietary-drivers package version 2.8.0.1 There is one new firmware file: esfw7A.bin ++++ iscan-proprietary-drivers: - Updated to match our current iscan package version 2.8.0.1. There is one new proprietary driver: iscan-plugin-gt-f670 ++++ iscan-proprietary-drivers: - Updated to match our current iscan package version 2.8.0.1. There is one new proprietary driver: iscan-plugin-gt-f670 ------------------------------------------------------------------ ------------------ 2007-7-23 - Jul 23 2007 ------------------- ------------------------------------------------------------------ ++++ opera: - update to 9.22 (#293101 VUL-0: opera 9.22 fixes double free bug) Crafted torrent files can execute arbitrary code; CVE-2007-2809 ++++ opera: - update to 9.22 (#293101 VUL-0: opera 9.22 fixes double free bug) Crafted torrent files can execute arbitrary code; CVE-2007-2809 ------------------------------------------------------------------ ------------------ 2007-7-19 - Jul 19 2007 ------------------- ------------------------------------------------------------------ ++++ java-1_5_0-sun: - fix suse_update_desktop_file call ++++ java-1_5_0-sun: - fix suse_update_desktop_file call ++++ java-1_6_0-sun: - fix suse_update_desktop_file call ++++ java-1_6_0-sun: - fix suse_update_desktop_file call ------------------------------------------------------------------ ------------------ 2007-7-13 - Jul 13 2007 ------------------- ------------------------------------------------------------------ ++++ sesam_srv: - adapt the spec file for openSUSE 10.3 ++++ sesam_srv: - adapt the spec file for openSUSE 10.3 ------------------------------------------------------------------ ------------------ 2007-7-11 - Jul 11 2007 ------------------- ------------------------------------------------------------------ ++++ flash-player: - update to 9.0.48.0 (#257905, CVE-2007-3456, CVE-2007-3457, CVE-2007-2022) ++++ iscan: - Updated to version 2.7.0-1 (results package version 2.7.0.1): This package still contains /usr/bin/iscan and libesmod. There are several more supported scanners. ------------------------------------------------------------------ ------------------ 2007-7-10 - Jul 10 2007 ------------------- ------------------------------------------------------------------ ++++ opera: - fix #289701 – old opera icons ++++ opera: - fix #289701 – old opera icons ------------------------------------------------------------------ ------------------ 2007-7-8 - Jul 8 2007 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - add links to jar files in /usr/share/ant/lib ------------------------------------------------------------------ ------------------ 2007-7-6 - Jul 6 2007 ------------------- ------------------------------------------------------------------ ++++ ant-antlr: - make packages noarch, as jai was removed - update to version 1.7.0 major changes are (for a complete list, consult /usr/share/doc/packages/ant/WHATSNEW): Changes that could break older environments: - ------------------------------------------ * Initial support for JDK 6 (JSR 223) scripting. <*script*> tasks will now use javax.scripting if BSF is not available, or if explicitly requested by using a "manager" attribute. * The -noproxy option which was in the previous 1.7 alpha and beta releases has been removed. It is the default behavior and not needed. * Removed launcher classes from nodeps jar. * filter reader uses ISO-8859-1 encoding to read the java class file. Bugzilla report 33604. * Defer reference process. Bugzilla 36955, 34458, 37688. This may break build files in which a reference was set in a target which was never executed. Historically, Ant would set the reference early on, during parse time, so the datatype would be defined. Now it requires the reference to have been in a bit of the build file which was actually executed. If you get an error about an undefined reference, locate the reference and move it somewhere where it is used, or fix the depends attribute of the target in question to depend on the target which defines the reference/datatype. *