Packages changed:
  MozillaFirefox (48.0.2 -> 49.0.1)
  amarok
  apache2
  ark
  dolphin
  google-noto-fonts
  konsole
  libjpeg-turbo (1.5.0 -> 1.5.1)
  libjpeg62-turbo

=== Details ===

==== MozillaFirefox ====
Version update (48.0.2 -> 49.0.1)
Subpackages: MozillaFirefox-translations-common

- Mozilla Firefox 49.0.1:
  * Mitigate a startup crash issue caused by Websense - bmo#1304783
- update to Firefox 49.0 (boo#999701)
  new features
  * Updated Firefox Login Manager to allow HTTPS pages to use saved
    HTTP logins.
  * Added features to Reader Mode that make it easier on the eyes and
    the ears
  * Improved video performance for users on systems that support
    SSE3 without hardware acceleration
  * Added context menu controls to HTML5 audio and video that let users
    loops files or play files at 1.25x speed
  * Improvements in about:memory reports for tracking font memory usage
  security related
  * MFSA 2016-85
    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
    mozilla::net::IsValidReferrerPolicy
    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
    nsCaseTransformTextRunFactory::TransformString
    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
    PropertyProvider::GetSpacingInternal
    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
    CVE-2016-5273 (bmo#1280387) - crash in
    mozilla::a11y::HyperTextAccessible::GetChildOffset
    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
    mozilla::a11y::DocAccessible::ProcessInvalidationList
    CVE-2016-5274 (bmo#1282076) - use-after-free in
    nsFrameManager::CaptureFrameState
    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
    nsBMPEncoder::AddImageFrame
    CVE-2016-5279 (bmo#1249522) - Full local path of files is available
    to web pages after drag and drop
    CVE-2016-5280 (bmo#1289970) - Use-after-free in
    mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
    CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
    CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
    from non-whitelisted schemes
    CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
    reveal cross-origin data
    CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
    CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
    CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
- removed obsolete patches:
  * mozilla-aarch64-48bit-va.patch
  * mozilla-exclude-nametablecpp.patch
  * mozilla-old_configure-bmo1282843.patch
- added patch mozilla-skia-overflow.patch (bmo#1304114)
- requires NSS 3.25

==== amarok ====

- Add Fix-MPRIS2-DesktopEntry-value.patch to get working media
  controls in plasma taskbar (kde#565275)

==== apache2 ====
Subpackages: apache2-devel apache2-doc apache2-example-pages apache2-prefork apache2-utils

- add NotifyAccess=all to service file [bsc#980663]

==== ark ====
Subpackages: libkerfuffle16

- Add mimeinfo17.patch to fix opening .rar files with shared-mime-info 1.7
  * kde#368786

==== dolphin ====
Subpackages: dolphin-part libdolphinvcs5

- Add properly-check-Shift-toggling.patch to fix toggling the
  "Move to Trash"/"Delete" actions in the context menu when
  pressing Shift (kde#354301)

==== google-noto-fonts ====
Subpackages: google-noto-fonts-doc noto-sans-cjk-fonts noto-sans-fonts

- move 59-noto-sans-cjk.conf into fonts-config (boo#998301)
  to prevent an independent font package from changing family
  preferences list
- Enable case-insensitive sort and regenerate the spec file

==== konsole ====
Subpackages: konsole-part

- Add Fix-updating-of-tab-title.patch to update the tab title to
  the current program running again (boo#1000641, kde#368785)

==== libjpeg-turbo ====
Version update (1.5.0 -> 1.5.1)
Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0

- Update to version 1.5.1
  + Fix for PowerPC platforms lacking AltiVec instructions
  + Fix ABI problem with clang/llvm on aarch64.
  + Fancy upsampling is now supported when decompressing JPEG
    images that use 4:4:0 (h1v2) chroma subsampling.
  + If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
    conversion is, then libjpeg-turbo will now disable merged
    upsampling when decompressing YCbCr JPEG images into RGB
    or extended RGB output images. This significantly speeds up
    the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
    if fancy upsampling is not used
    (for example, if the -nosmooth option to djpeg is specified.)
  + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
    images with 2x2 luminance sampling factors and 2x1 or 1x2
    chrominance sampling factors.
  + Fixed an unsigned integer overflow in the libjpeg memory manager.
  + Fixed additional negative left shifts and other issues reported
    by the GCC and Clang undefined behavior sanitizers when
    attempting to decompress specially-crafted malformed JPEG
    images. None of these issues posed a security threat, but
    removing the warnings makes it easier to detect actual
    security issues, should they arise in the future.
  + Fixed an out-of-bounds array reference, introduced by
    1.4.902 and detected by the Clang undefined behavior sanitizer,
    that could be triggered by a specially-crafted malformed
    JPEG image with more than four components. Because the
    out-of-bounds reference was still within the same structure,
    it was not known to pose a security threat, but removing
    the warning makes it easier to detect actual security issues,
    should they arise in the future.

==== libjpeg62-turbo ====
Subpackages: libjpeg62 libjpeg62-devel

- Update to version 1.5.1
  + Fix for PowerPC platforms lacking AltiVec instructions
  + Fix ABI problem with clang/llvm on aarch64.
  + Fancy upsampling is now supported when decompressing JPEG
    images that use 4:4:0 (h1v2) chroma subsampling.
  + If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
    conversion is, then libjpeg-turbo will now disable merged
    upsampling when decompressing YCbCr JPEG images into RGB
    or extended RGB output images. This significantly speeds up
    the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
    if fancy upsampling is not used
    (for example, if the -nosmooth option to djpeg is specified.)
  + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
    images with 2x2 luminance sampling factors and 2x1 or 1x2
    chrominance sampling factors.
  + Fixed an unsigned integer overflow in the libjpeg memory manager.
  + Fixed additional negative left shifts and other issues reported
    by the GCC and Clang undefined behavior sanitizers when
    attempting to decompress specially-crafted malformed JPEG
    images. None of these issues posed a security threat, but
    removing the warnings makes it easier to detect actual
    security issues, should they arise in the future.
  + Fixed an out-of-bounds array reference, introduced by
    1.4.902 and detected by the Clang undefined behavior sanitizer,
    that could be triggered by a specially-crafted malformed
    JPEG image with more than four components. Because the
    out-of-bounds reference was still within the same structure,
    it was not known to pose a security threat, but removing
    the warning makes it easier to detect actual security issues,
    should they arise in the future.