9377 moderate openSUSE Backports SLE-15 Update This update for icingaweb2 to version 2.6.2 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-18246: Fixed a Cross-Site request forgery (CSRF), which could be used to enable or disable modules (boo#1119784) - CVE-2018-18247: Fixed a Cross-Site scripting (XSS) vulnerability via the /icingaweb2/navigation/add icon parameter (boo#1119785) - CVE-2018-18248: Fixed a Cross-Site scripting (XSS) vulnerability via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string (boo#1119801) - CVE-2018-18249: Fixed injection of PHP ini-file directives via vectors involving environment variables (boo#1119799) - CVE-2018-18250: Fixed allowance of parameters that break navigation dashlets (boo#1119800) Other bugs fixed: - Database connections to MySQL 8 no longer fail - LDAP connections now have a timeout configuration which defaults to 5 seconds - User groups are now correctly loaded for externally authenticated users - Filters are respected for all links in the host and service group overviews - Fixed permission problems where host and service actions provided by modules were missing - Fixed an SQL error in the contact list view when filtering for host groups - Fixed time zone (DST) detection - Fixed the contact details view if restrictions are active - Add README.SUSE. - The command audit now logs a command's payload as JSON - Support for PHP 7.2 added - Support for SQLite resources added - Removed support for PHP < 5.6 - Removed support for persistent database connections - Login and Command (monitoring) auditing added with the help of a dedicated module - Pluginoutput rendering is now hookable by modules which allows to render custom icons, emojis and .. cute kitties :octocat: - Refined user interface - More powerful REST API For a full list of changes, please refer to: https://github.com/Icinga/icingaweb2/releases icingacli-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-2.6.2-bp150.2.3.1.src.rpm icingaweb2-common-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-HTMLPurifier-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-JShrink-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-Parsedown-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-dompdf-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-lessphp-2.6.2-bp150.2.3.1.noarch.rpm icingaweb2-vendor-zf1-2.6.2-bp150.2.3.1.noarch.rpm php-Icinga-2.6.2-bp150.2.3.1.noarch.rpm 9819 moderate openSUSE Backports SLE-15 Update This update for tor to version 0.3.4.11 fixes the following issues: Security issue fixed: - CVE-2019-8955: Fixed a vulnerability in the KIST cell scheduler which could lead to memory exhaustion and finally Denial-of-Service (bsc#1126340). tor-0.3.4.11-bp150.3.6.1.src.rpm tor-0.3.4.11-bp150.3.6.1.x86_64.rpm tor-0.3.4.11-bp150.3.6.1.aarch64.rpm tor-0.3.4.11-bp150.3.6.1.ppc64le.rpm tor-0.3.4.11-bp150.3.6.1.s390x.rpm 9825 moderate openSUSE Backports SLE-15 Update This update for re2 fixes the following issues: re2 was updated to 2019-03-01: * developer visible changes, performance tweaks and bug fixes libre2-0-20190301-bp150.22.1.x86_64.rpm libre2-0-debuginfo-20190301-bp150.22.1.x86_64.rpm re2-20190301-bp150.22.1.src.rpm re2-debugsource-20190301-bp150.22.1.x86_64.rpm re2-devel-20190301-bp150.22.1.x86_64.rpm libre2-0-20190301-bp150.22.1.aarch64.rpm libre2-0-64bit-20190301-bp150.22.1.aarch64_ilp32.rpm libre2-0-64bit-debuginfo-20190301-bp150.22.1.aarch64_ilp32.rpm libre2-0-debuginfo-20190301-bp150.22.1.aarch64.rpm re2-debugsource-20190301-bp150.22.1.aarch64.rpm re2-devel-20190301-bp150.22.1.aarch64.rpm libre2-0-20190301-bp150.22.1.ppc64le.rpm libre2-0-debuginfo-20190301-bp150.22.1.ppc64le.rpm re2-debugsource-20190301-bp150.22.1.ppc64le.rpm re2-devel-20190301-bp150.22.1.ppc64le.rpm libre2-0-20190301-bp150.22.1.s390x.rpm libre2-0-debuginfo-20190301-bp150.22.1.s390x.rpm re2-debugsource-20190301-bp150.22.1.s390x.rpm re2-devel-20190301-bp150.22.1.s390x.rpm 9858 important openSUSE Backports SLE-15 Update This update for perl-Email-Address to version 1.912 fixes the following issue: Security issue fixed: - CVE-2018-12558: Fixed a vulnerability which could allow Denial of Service in perl module Email::Address (bsc#1098368). perl-Email-Address-1.912-bp150.3.3.1.noarch.rpm perl-Email-Address-1.912-bp150.3.3.1.src.rpm 9871 moderate openSUSE Backports SLE-15 Update This update for darktable fixes the following issues: Darktable was updated to 2.6.2: - New Features - Update colorbalance french translation - Bugfixes - Camera support, compared to 2.6.1 - Base Support - DSC-RX100M6 - Phase One P30 (fixed) - Olympus OM-D E-M10 (enhanced) - Nikon D7500 (enhanced) - White Balance Presets - Nikon D500 - Olympus E-PL8 - Noise Profiles - Sony SLT-A35 - Nikon Z6 - updated translations: Catalan, Czech, Dutch, Finnish, French, German, Norwegian bokmål, Polish, Russian, Slovenian, Spanish - Updated pdf manuals from 2.6.1 tag: comes in english, german and italian - actually install all pdf documentation Version update to 2.6.1: - New Features - export module to piwigo - color balance enhancements - color contrast enhancements - filmic enhancements (better auto-tuner) - add contextual help for filmic module - middle-click can be used to open the presets menu (this is consistent with the fact that middle-click can be used to create a new instance from a preset) - again, better CSS customization for lighttable, filmstrip and duplicates module - presets can now be imported/exported - all zoom levels can now be reached with a ctrl-scroll - the slideshow view will adjust automatically when darktable window is resized - add support for tiff CIELAB/ICCLAB 8/16 bits - add hierarchical view for styles (separated with |) - forms opacity is displayed in hint messages - add a color picker in the watermark module - Bugfixes - Camera support, compared to 2.6.0 - Base Support - DSC-RX100M6 - Phase One P30 (fixed) - Olympus OM-D E-M10 (enhanced) - Nikon D7500 (enhanced) - White Balance Presets - Nikon D500 - Olympus E-PL8 - Noise Profiles - Sony SLT-A35 - Nikon Z6 - Translations - Catalan Czech, Dutch, Finnish, French, German, Norwegian bokmål, Polish, Russian, Slovenian, Spanish Noise tools need ghostscript for pdf handling Darktable updated to 2.6.0: - The Big Ones - new module retouch allowing changes based on image frequency layers - new module filmic which can replace the base curve and shadows and highlights - new module to handle duplicates in the darkroom with possibility to add a title, create standard or virgin duplicate, delete duplicate and quickly compare with a duplicate - new logarithm controls for the tone-curve - new mode for the unbreak profile module - add mask preview to adjust size, hardness before placing them - make it possible to change the cropped area in the perspective correction module - the mask blur has been complemented with a guided-filter to fine tune it (this works on RGB and Lab color space). - color balance module has two new modes based on ProPhotoRGB and HSL - Experimental support for PPC64le architecture (OpenCL support needs to be disabled, `-DUSE_OPENCL=OFF`) - New Features And Changes - search from the map view is now fixed - visual rework of the lighttable (color label, image kind, local copy) - an option make it possible to display some image information directly on the thumb - add optional scrollbars on lighttable, or lighttable and darkroom - allow each masks of the clone module to have the opacity adjusted - lightroom import module supports the creator, rights, title, description and publisher information. - enhance TurboPrint support by displaying the dialogue with all possible options (print cancellation will be fixed in TurboPrint 2.47) - new sort filter based on the image's aspect - new sort filter based on the image's shutter speed - new sort filter based on the image's group - new sort filter based on a personalized sorting order (drag&drop on the lighttable view) - collection based on the local copy status - group image number displayed on the collection module - new zoom level at 50%; 400%, 800% and 1600% - better support for monochrome RAW - add contextual help pointing to the darktable's manual - better copy/paste support for multiple instances - add support for renaming the module instances - add frequency based adjustment for the RAW denoise module - add frequency based adjustment for the denoise profile module - all widgets should be themable via CSS now - add support for configuring the modules layout - different way to select hierarchical tags in the collection module (only the actual parent tag, all children or the parent and children) - better handling of grouped images by allowing setting stars, color label for the whole group. - make it possible to apply a preset to a new module instance using the middle click - new script to migrate collection from Capture One Pro - Bug fixes - RawSpeed changes - GoPro '.GPR' raws are now supported via new, fast 'VC-5' parallel decompressor - Panasonic's new raw compression ('.RW2', GH5s, G9 cameras) is now supported via new fast, parallel 'Panasonic V5' decompressor - Panasonic's old (also '.RW2') raw decompressor got rewritten, re-parallelized - Phase One ('.IIQ') decompressor got parallelized - Nikon NEF 'lossy after split' raw support was recovered - Phase One ('.IIQ') Quadrant Correction is now supported - Olympus High-Res (uncompressed) raw support - Lot's and lot's and lot's of maintenance, sanitization, cleanups, small rewrites/refactoring. - NOTE: Canon '.CR3' raws are *NOT* supported as of yet. - Camera support, compared to 2.4.0 - Base Support - Canon EOS 1500D - Canon EOS 2000D - Canon EOS Rebel T7 - Canon EOS 3000D - Canon EOS 4000D - Canon EOS Rebel T100 - Canon EOS 5D Mark IV (sRaw1, sRaw2) - Canon EOS 5DS (sRaw1, sRaw2) - Canon EOS 5DS R (sRaw1, sRaw2) - Canon PowerShot G1 X Mark III - Fujifilm X-A5 - Fujifilm X-H1 (compressed) - Fujifilm X-T100 - Fujifilm X-T3 (compressed) - GoPro FUSION (dng) - GoPro HERO5 Black (dng) - GoPro HERO6 Black (dng) - GoPro HERO7 Black (dng) - Hasselblad CFV-50 - Hasselblad H5D-40 - Hasselblad H5D-50c - Kodak DCS Pro 14nx - Kodak DCS520C - Kodak DCS760C - Kodak EOS DCS 3 - Nikon COOLPIX P1000 (12bit-uncompressed) - Nikon D2Xs (12bit-compressed, 12bit-uncompressed) - Nikon D3500 (12bit-compressed) - Nikon Z 6 (except uncompressed raws) - Nikon Z 7 (except 14-bit uncompressed raw) - Olympus E-PL8 - Olympus E-PL9 - Olympus SH-2 - Panasonic DC-FZ80 (4:3) - Panasonic DC-G9 (4:3) - Panasonic DC-GF9 (4:3) - Panasonic DC-GX800 (4:3) - Panasonic DC-GX850 (4:3) - Panasonic DC-GH5S (4:3, 3:2, 16:9, 1:1) - Panasonic DC-GX9 (4:3) - Panasonic DC-LX100M2 (4:3, 1:1, 16:9, 3:2) - Panasonic DC-TZ200 (3:2) - Panasonic DC-TZ202 (3:2) - Panasonic DMC-FZ2000 (3:2) - Panasonic DMC-FZ2500 (3:2) - Panasonic DMC-FZ35 (3:2, 16:9) - Panasonic DMC-FZ38 (3:2, 16:9) - Panasonic DMC-GX7MK2 (4:3) - Panasonic DMC-ZS100 (3:2) - Paralenz Dive Camera (chdk) - Pentax 645Z - Pentax K-1 Mark II - Pentax KP - Phase One P65+ - Sjcam SJ6 LEGEND (chdk-b, chdk-c) - Sony DSC-HX99 - Sony DSC-RX0 - Sony DSC-RX100M5A - Sony DSC-RX10M4 - Sony DSC-RX1RM2 - Sony ILCE-7M3 - White Balance Presets - Canon EOS M100 - Fujifilm X-T3 - Leaf Credo 40 - Nikon D3400 - Nikon D5600 - Nikon D7500 - Nikon D850 - Nikon Z 6 - Olympus E-M10 Mark III - Olympus E-M1MarkII - Panasonic DC-G9 - Panasonic DC-GX9 - Panasonic DMC-FZ300 - Sony DSC-RX0 - Sony DSC-RX100M5 - Sony DSC-RX100M5A - Sony DSC-RX10M3 - Sony DSC-RX10M4 - Sony DSC-RX1RM2 - Sony ILCE-6500 - Sony ILCE-7M3 - Sony ILCE-7RM3 - Noise Profiles - Canon EOS 200D - Canon EOS Kiss X9 - Canon EOS Rebel SL2 - Canon EOS 750D - Canon EOS Kiss X8i - Canon EOS Rebel T6i - Canon EOS 760D - Canon EOS 8000D - Canon EOS Rebel T6s - Canon EOS 77D - Canon EOS 9000D - Canon EOS 800D - Canon EOS Kiss X9i - Canon EOS Rebel T7i - Canon EOS M100 - Canon EOS M6 - Canon PowerShot G1 X Mark II - Canon PowerShot G1 X Mark III - Canon PowerShot G9 X - Fujifilm X-A5 - Fujifilm X-E3 - Fujifilm X-T3 - Fujifilm X100F - Nikon 1 AW1 - Nikon 1 J3 - Nikon COOLPIX B700 - Nikon D5600 - Nikon D7500 - Nikon D850 - Olympus E-M10 Mark III - Olympus TG-5 - Panasonic DC-G9 - Panasonic DC-GX9 - Panasonic DMC-FZ35 - Panasonic DMC-FZ38 - Panasonic DMC-GF6 - Panasonic DMC-LX10 - Panasonic DMC-LX15 - Panasonic DMC-LX9 - Panasonic DMC-TZ70 - Panasonic DMC-TZ71 - Panasonic DMC-ZS50 - Pentax K-01 - Pentax KP - Samsung NX1 - Sony DSC-RX100M4 - Sony DSC-RX10M3 - Sony ILCE-7M3 - Translations - Afrikaans, Albanian, Chinese, Czech, Dutch, Finnish, French, Galician, German, Hebrew, Hungarian, Italian, Japanese, Nepal, Norwegian Bokmål, Polish, Portuguese, Romanian, Russian, Slovenian, Thai darktable-2.6.2-bp150.2.3.1.src.rpm darktable-2.6.2-bp150.2.3.1.x86_64.rpm darktable-doc-2.6.2-bp150.2.3.1.noarch.rpm darktable-tools-basecurve-2.6.2-bp150.2.3.1.x86_64.rpm darktable-tools-noise-2.6.2-bp150.2.3.1.x86_64.rpm 9897 moderate openSUSE Backports SLE-15 Update This update for ansible to version 2.7.8 fixes the following issues: Security issues fixed: - CVE-2018-16837: Fixed an information leak in user module (bsc#1112959). - CVE-2018-16859: Fixed an issue which clould allow logging of password in plaintext in Windows powerShell (bsc#1116587). - CVE-2019-3828: Fixed a path traversal vulnerability in fetch module (bsc#1126503). - CVE-2018-10875: Fixed a potential code execution in ansible.cfg (bsc#1099808). - CVE-2018-16876: Fixed an issue which could allow information disclosure in vvv+ mode with no_log on (bsc#1118896). Other issues addressed: - prepare update to 2.7.8 for multiple releases (boo#1102126, boo#1109957) Release notes: https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst#id1 ansible-2.7.8-bp150.3.6.1.noarch.rpm ansible-2.7.8-bp150.3.6.1.src.rpm 9910 important openSUSE Backports SLE-15 Update This update for pdns fixes the following issue: Security issue fixed: - CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one (bsc#1129734). pdns-4.1.2-bp150.2.6.1.src.rpm pdns-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-geoip-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-godbc-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-ldap-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-lua-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-mydns-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-mysql-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-postgresql-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-remote-4.1.2-bp150.2.6.1.x86_64.rpm pdns-backend-sqlite3-4.1.2-bp150.2.6.1.x86_64.rpm pdns-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-geoip-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-godbc-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-ldap-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-lua-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-mydns-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-mysql-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-postgresql-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-remote-4.1.2-bp150.2.6.1.aarch64.rpm pdns-backend-sqlite3-4.1.2-bp150.2.6.1.aarch64.rpm pdns-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-geoip-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-godbc-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-ldap-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-lua-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-mydns-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-mysql-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-postgresql-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-remote-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-backend-sqlite3-4.1.2-bp150.2.6.1.ppc64le.rpm pdns-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-geoip-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-godbc-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-ldap-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-lua-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-mydns-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-mysql-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-postgresql-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-remote-4.1.2-bp150.2.6.1.s390x.rpm pdns-backend-sqlite3-4.1.2-bp150.2.6.1.s390x.rpm 9934 low openSUSE Backports SLE-15 Update This update for znc to version 1.7.2 fixes the following issue: Security issue fixed: - CVE-2019-9917: Fixed an issue where due to invalid encoding znc was crashing (bsc#1130360). znc-1.7.2-bp150.2.3.1.src.rpm znc-1.7.2-bp150.2.3.1.x86_64.rpm znc-debuginfo-1.7.2-bp150.2.3.1.x86_64.rpm znc-debugsource-1.7.2-bp150.2.3.1.x86_64.rpm znc-devel-1.7.2-bp150.2.3.1.x86_64.rpm znc-lang-1.7.2-bp150.2.3.1.noarch.rpm znc-perl-1.7.2-bp150.2.3.1.x86_64.rpm znc-perl-debuginfo-1.7.2-bp150.2.3.1.x86_64.rpm znc-python3-1.7.2-bp150.2.3.1.x86_64.rpm znc-python3-debuginfo-1.7.2-bp150.2.3.1.x86_64.rpm znc-tcl-1.7.2-bp150.2.3.1.x86_64.rpm znc-tcl-debuginfo-1.7.2-bp150.2.3.1.x86_64.rpm znc-1.7.2-bp150.2.3.1.aarch64.rpm znc-debuginfo-1.7.2-bp150.2.3.1.aarch64.rpm znc-debugsource-1.7.2-bp150.2.3.1.aarch64.rpm znc-devel-1.7.2-bp150.2.3.1.aarch64.rpm znc-perl-1.7.2-bp150.2.3.1.aarch64.rpm znc-perl-debuginfo-1.7.2-bp150.2.3.1.aarch64.rpm znc-python3-1.7.2-bp150.2.3.1.aarch64.rpm znc-python3-debuginfo-1.7.2-bp150.2.3.1.aarch64.rpm znc-tcl-1.7.2-bp150.2.3.1.aarch64.rpm znc-tcl-debuginfo-1.7.2-bp150.2.3.1.aarch64.rpm znc-1.7.2-bp150.2.3.1.ppc64le.rpm znc-debuginfo-1.7.2-bp150.2.3.1.ppc64le.rpm znc-debugsource-1.7.2-bp150.2.3.1.ppc64le.rpm znc-devel-1.7.2-bp150.2.3.1.ppc64le.rpm znc-perl-1.7.2-bp150.2.3.1.ppc64le.rpm znc-perl-debuginfo-1.7.2-bp150.2.3.1.ppc64le.rpm znc-python3-1.7.2-bp150.2.3.1.ppc64le.rpm znc-python3-debuginfo-1.7.2-bp150.2.3.1.ppc64le.rpm znc-tcl-1.7.2-bp150.2.3.1.ppc64le.rpm znc-tcl-debuginfo-1.7.2-bp150.2.3.1.ppc64le.rpm znc-1.7.2-bp150.2.3.1.s390x.rpm znc-debuginfo-1.7.2-bp150.2.3.1.s390x.rpm znc-debugsource-1.7.2-bp150.2.3.1.s390x.rpm znc-devel-1.7.2-bp150.2.3.1.s390x.rpm znc-perl-1.7.2-bp150.2.3.1.s390x.rpm znc-perl-debuginfo-1.7.2-bp150.2.3.1.s390x.rpm znc-python3-1.7.2-bp150.2.3.1.s390x.rpm znc-python3-debuginfo-1.7.2-bp150.2.3.1.s390x.rpm znc-tcl-1.7.2-bp150.2.3.1.s390x.rpm znc-tcl-debuginfo-1.7.2-bp150.2.3.1.s390x.rpm