Removed rpms ============ - ImageMagick-devel-32bit - NetworkManager-devel-32bit - clang11-devel-32bit - gdk-pixbuf-loader-rsvg-32bit - glibc-locale-base-32bit - glibc-profile-32bit - hdf5-openmpi2-devel-32bit - cups-devel-32bit - device-mapper-devel-32bit - gstreamer-plugins-bad-32bit - gstreamer-plugins-bad-fluidsynth-32bit - hdf5-devel-32bit - hdf5-openmpi3-devel-32bit - libLLVM11-32bit - libLTO11-32bit - libavahi-common3-32bit - libavahi-glib1-32bit - libbind9-1600-32bit - libcrypt1-32bit - libcryptsetup12-32bit - libcups2-32bit - libdns1605-32bit - libext2fs2-32bit - libgpgmepp6-32bit - libgstinsertbin-1_0-0-32bit - libgstwayland-1_0-0-32bit - libgstwebrtc-1_0-0-32bit - libhdf5_cpp103-32bit - libhdf5_cpp103-mvapich2-32bit - libhdf5_fortran102-openmpi3-32bit - libhdf5_hl100-openmpi2-32bit - libhdf5_hl_cpp100-32bit - libhdf5_hl_cpp100-openmpi3-32bit - libhdf5_hl_cpp100-openmpi4-32bit - libhdf5hl_fortran100-mvapich2-32bit - libisc1606-32bit - libjavascriptcoregtk-4_0-18-32bit - libmpfr6-32bit - libndr-krb5pac0-32bit - libndr-standard0-32bit - libns1604-32bit - libopenssl1_1-32bit - libproxy1-config-gnome3-32bit - librsvg-2-2-32bit - libsamba-policy0-python3-32bit - libsamdb0-32bit - libsystemd0-32bit - libxcrypt-devel-32bit - libxml2-devel-32bit - llvm11-devel-32bit - opensc-32bit - perl-base-32bit - python39-base-32bit - samba-ad-dc-32bit - wine-32bit - tftpboot-installation-SLE-15-SP2-ppc64le - tftpboot-installation-SLE-15-SP3-ppc64le - kernel-obs-build - qemu-seabios - libIlmImf-2_2-23-32bit - libMagickWand-7_Q16HDRI6-32bit - libauparse0-32bit - libavahi-client3-32bit - libbz2-1-32bit - libext2fs-devel-32bit - libgif7-32bit - libgpgme11-32bit - libgstisoff-1_0-0-32bit - libgstmpegts-1_0-0-32bit - libgstplayer-1_0-0-32bit - libhdf5-103-32bit - libhdf5-103-openmpi2-32bit - libhdf5_cpp103-openmpi3-32bit - libhdf5_fortran102-32bit - libhdf5_hl100-openmpi3-32bit - libhdf5_hl_cpp100-mvapich2-32bit - libhdf5_hl_cpp100-openmpi2-32bit - libhdf5hl_fortran100-32bit - libhogweed4-32bit - libisccc1600-32bit - libkyotocabinet16-32bit - libmount-devel-32bit - libmount1-32bit - libnautilus-extension1-32bit - libnetcontrol0-32bit - libopenssl1_1-hmac-32bit - libproxy1-networkmanager-32bit - libproxy1-pacrunner-webkit-32bit - libreadline7-32bit - libsamba-errors0-32bit - libudev-devel-32bit - libudev1-32bit - libuuid1-32bit - llvm11-LTO-devel-32bit - mpfr-devel-32bit - openldap2-devel-32bit - openslp-32bit - perl-core-DB_File-32bit - python2-django-appconf - python2-django-avatar - python2-django-compressor - python2-django-pyscss - python2-tinyrpc - qemu-sgabios - samba-libs-32bit - samba-libs-python3-32bit - samba-winbind-32bit - suse-prime-bbswitch - systemd-32bit - tftpboot-installation-SLE-15-SP2-aarch64 - tftpboot-installation-SLE-15-SP2-s390x - wine-staging-devel-32bit - xaos-lang Added rpms ========== - cups-devel-32bit - device-mapper-devel-32bit - gstreamer-plugins-bad-32bit - gstreamer-plugins-bad-fluidsynth-32bit - hdf5-devel-32bit - hdf5-openmpi3-devel-32bit - tftpboot-installation-SLE-15-SP2-aarch64 - ImageMagick-devel-32bit - NetworkManager-devel-32bit - clang11-devel-32bit - gdk-pixbuf-loader-rsvg-32bit - glibc-locale-base-32bit - glibc-profile-32bit - hdf5-openmpi2-devel-32bit - libIlmImf-2_2-23-32bit - libMagickWand-7_Q16HDRI6-32bit - libauparse0-32bit - libavahi-client3-32bit - libboost_atomic_legacy-32bit - libboost_coroutine_legacy-32bit - libboost_fiber_legacy-32bit - libboost_filesystem_legacy-32bit - libboost_graph_legacy-32bit - libboost_locale_legacy-32bit - libboost_math_legacy-32bit - libboost_program_options_legacy-32bit - libboost_regex_legacy-32bit - libboost_serialization_legacy-32bit - libboost_signals_legacy-32bit - libboost_system_legacy-32bit - libboost_thread_legacy-32bit - libboost_type_erasure_legacy-32bit - libbz2-1-32bit - libext2fs-devel-32bit - libgif7-32bit - libgpgme11-32bit - libgstisoff-1_0-0-32bit - libgstmpegts-1_0-0-32bit - libgstplayer-1_0-0-32bit - libhdf5-103-32bit - libhdf5-103-openmpi2-32bit - libhdf5_cpp103-openmpi3-32bit - libhdf5_fortran102-32bit - libhdf5_hl100-openmpi3-32bit - libhdf5_hl_cpp100-mvapich2-32bit - libhdf5_hl_cpp100-openmpi2-32bit - libhdf5hl_fortran100-32bit - libhogweed4-32bit - libisccc1600-32bit - libkyotocabinet16-32bit - libmount-devel-32bit - libmount1-32bit - libnautilus-extension1-32bit - libnetcontrol0-32bit - libopenssl1_1-hmac-32bit - libproxy1-networkmanager-32bit - libproxy1-pacrunner-webkit-32bit - libreadline7-32bit - libsamba-errors0-32bit - libudev-devel-32bit - libudev1-32bit - libuuid1-32bit - llvm11-LTO-devel-32bit - mpfr-devel-32bit - openldap2-devel-32bit - openslp-32bit - perl-core-DB_File-32bit - samba-libs-32bit - samba-libs-python3-32bit - samba-winbind-32bit - systemd-32bit - wine-staging-devel-32bit - tftpboot-installation-SLE-15-SP2-s390x - qemu-sgabios - kubevirt-manifests - kubevirt-tests - libLLVM11-32bit - libLTO11-32bit - libavahi-common3-32bit - libavahi-glib1-32bit - libbind9-1600-32bit - libboost_atomic_legacy - libboost_chrono_legacy - libboost_container_legacy - libboost_container_legacy-32bit - libboost_context_legacy - libboost_context_legacy-32bit - libboost_coroutine_legacy - libboost_date_time_legacy - libboost_date_time_legacy-32bit - libboost_fiber_legacy - libboost_filesystem_legacy - libboost_graph_legacy - libboost_iostreams_legacy - libboost_iostreams_legacy-32bit - libboost_locale_legacy - libboost_log_legacy - libboost_math_legacy - libboost_program_options_legacy - libboost_random_legacy - libboost_random_legacy-32bit - libboost_regex_legacy - libboost_serialization_legacy - libboost_signals_legacy - libboost_stacktrace_legacy - libboost_stacktrace_legacy-32bit - libboost_system_legacy - libboost_test_legacy - libboost_test_legacy-32bit - libboost_thread_legacy - libboost_timer_legacy - libboost_type_erasure_legacy - libboost_wave_legacy - libboost_wave_legacy-32bit - libcrypt1-32bit - libcryptsetup12-32bit - libcups2-32bit - libdns1605-32bit - libext2fs2-32bit - libgpgmepp6-32bit - libgstinsertbin-1_0-0-32bit - libgstwayland-1_0-0-32bit - libgstwebrtc-1_0-0-32bit - libhdf5_cpp103-32bit - libhdf5_cpp103-mvapich2-32bit - libhdf5_fortran102-openmpi3-32bit - libhdf5_hl100-openmpi2-32bit - libhdf5_hl_cpp100-32bit - libhdf5_hl_cpp100-openmpi3-32bit - libhdf5_hl_cpp100-openmpi4-32bit - libhdf5hl_fortran100-mvapich2-32bit - libisc1606-32bit - libjavascriptcoregtk-4_0-18-32bit - libmpfr6-32bit - libndr-krb5pac0-32bit - libndr-standard0-32bit - libns1604-32bit - libopenssl1_1-32bit - libproxy1-config-gnome3-32bit - libretro-ppsspp - librsvg-2-2-32bit - libsamba-policy0-python3-32bit - libsamdb0-32bit - libsystemd0-32bit - libxcrypt-devel-32bit - libxml2-devel-32bit - llvm11-devel-32bit - obs-service-replace_using_env - openSUSE-signkey-cert - opensc-32bit - perl-base-32bit - postgresql12-llvmjit - pure-ftpd - python3-cppy - python39-base-32bit - qemu-seabios - rtl8812au - rtl8812au-kmp-64kb - rtl8812au-kmp-default - rtl8812au-kmp-preempt - samba-ad-dc-32bit - tftpboot-installation-SLE-15-SP2-ppc64le - tftpboot-installation-SLE-15-SP3-ppc64le - wine-32bit Package Source Changes ====================== Catch2 +- Update to version 2.13.6 + * Disabling all signal handlers no longer breaks compilation + * catch_discover_tests should handle escaped semicolon (;) better + ImageMagick + fix CVE-2021-20309 [bsc#1184624], Division by zero in WaveImage() of MagickCore/visual-effects.c + + ImageMagick-CVE-2021-20309.patch + fix CVE-2021-20311 [bsc#1184626], Division by zero in sRGBTransformImage() in MagickCore/colorspace.c + + ImageMagick-CVE-2021-20311.patch + fix CVE-2021-20312 [bsc#1184627], Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c + + ImageMagick-CVE-2021-20312.patch + fix CVE-2021-20313 [bsc#1184628], Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c + + ImageMagick-CVE-2021-20313.patch + +- security update +- added patches MozillaFirefox +- Firefox Extended Support Release 78.10.0 ESR + * Fixed: Various stability, functionality, and security fixes +- Mozilla Firefox ESR 78.10 + MFSA 2021-15 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + MozillaThunderbird +- Mozilla Thunderbird 78.10 + * fixed: Usability & theme improvements on Windows + * fixed: Various security fixes + MFSA 2021-14 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + * CVE-2021-29948 (bmo#1692899) + Race condition when reading from disk while verifying + signatures + +- Mozilla Thunderbird 78.9.1 + * new: Support recipient aliases for OpenPGP encryption. + Documentation can be found https://wiki.mozilla.org/ + Thunderbird:OpenPGP:Aliases. + * fixed: The key and signature parts of the message security + popup on a received message could not be selected for + copy/paste. + * fixed: Various UX and theme improvements + MFSA 2021-13 (bsc#1184536) + * CVE-2021-23991 (bmo#1673240) + An attacker may use Thunderbird's OpenPGP key refresh + mechanism to poison an existing key + * MOZ-2021-23992 (bmo#1666236) + A crafted OpenPGP key with an invalid user ID could be used + to confuse the user + * CVE-2021-23993 (bmo#1666360) + Inability to send encrypted OpenPGP email after importing a + crafted OpenPGP key + +- Mozilla Thunderbird 78.9 + * fixed: New mail notification displayed old messages that were + unread + * fixed: Spaces following soft line breaks in messages using + quoted-printable and format=flowed were incorrectly encoded; + existing messages which were previously incorrectly encoded + may now display with some words not separated by a space + * fixed: Some fields were unreadable in the Dark theme in the + General preferences panel + * fixed: Sending a message containing an anchor tag with an + invalid data URI failed + * fixed: When switching tabs, input focus was not moved to the + new tab + * fixed: Address Book: Syncing a read-only Google address book + via CardDAV failed + * fixed: Address Book: Importing VCards with non-ascii + characters would fail + * fixed: Address Book: Some values may not have been parsed + when syncing from Google address books. + * fixed: Add-ons Manager did not show if an addon used + experiment APIs + * fixed: Calendar: Removing a recurring task was not possible + * fixed: Various security fixes + MFSA 2021-12 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * MOZ-2021-0002 (bmo#1691547) + Angle graphics library out of date + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Thunderbird 78.9 +- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542) + NetworkManager +- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's + timeout so that a recorded lease can be used when dhcp server + is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202). +- Modified NetworkManager.conf: Use dhclient as the default dhcp + client(glfo#NetworkManager/NetworkManager!811, bsc#1183202). + +- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond: + restore MAC on release only when there is a cloned MAC address + (glfo#NetworkManager/NetworkManager!775, bsc#1183967). + OpenPrintingPPDs +- Skip fixing bugs in PPD files from printer manufacturers when + the manufacturer's redistribution license in the PPD file allows + redistribution only when the content of the file is not altered + (see http://bugs.linux-foundation.org/show_bug.cgi?id=535). + +- Updated NEC-P2X.necp2xX.upp.ppd for OpenPrintingPPDs-ghostscript + (see http://bugs.linux-foundation.org/show_bug.cgi?id=533) + so that now all PPDs in the OpenPrintingPPDs packages + pass the very basic test with the makePPDtest script + which is added to the OpenPrintingPPDs source tarball. + +- Initial version. + SLE-EULAs +- Update for latest nvidia packages (bsc#1185364) + -- First version. Currently only flash-player and fluendo - adcli +- Respect allowed Kerberos encryption types; (bsc#1184462); + Add 0035-handle-encryption-types.patch + alpine +- Update to release 2.24 + * A few crash fixes + * Implementation of XOAUTH2 for Yahoo! Mail. + +- Update to release 2.23.2 + * Expansion of the configuration screen for XOAUTH2 to include + username, and tenant. + * Alpine uses the domain in the From: header of a message + to generate a message-id and suppresses all information + about Alpine, version, revision, and time of generation + of the message-id from this header. + * Alpine does not generate Sender or X-X-Sender by default by + enabling [X] Disable Sender as the default. + * Alpine does not disclose User Agent by default by enabling + [X] Suppress User Agent by default. + * When messages are selected, pressing the ';' command to + broaden or narrow a search, now offers the possibility to + completely replace the search, and is almost equivalent to + being a shortcut to "unselect all messages, and select + again". + +- Update to release 2.23 + * Fixes bsc#1173281, CVE-2020-14929: Alpine silently proceeds to + use an insecure connection after a /tls is sent in certain + circumstances. + * Implementation of XOAUTH2 authentication support for Outlook. + * Add support for the OAUTHBEARER authentication method in Gmail. + * Support for the SASL-IR IMAP extension. + * Alpine can pass an HTML message to an external web browser, + by using the "External" command in the ATTACHMENT INDEX + screen. +- Drop extern.diff (merged) + +- Add extern.diff. +- Mark license texts as %license. + +- Update to release 2.22 + * Support for XOAUTH2 authentication method in Gmail. + * NTLM authentication support with the ntlm library. + * Added the "/tls1_3" flag for servers that support it. + * Add the "g" option to the select command that works in IMAP + servers that implement the X-GM-EXT-1 capability (such as the + one offered by Gmail). + * Added "/auth=XYZ" to the way to define a server. This allows + users to select the method to authenticate to an IMAP, SMTP + or POP3 server. Examples are /auth=plain, or /auth=gssapi, + etc. + * When a message is of type multipart/mixed, and its first part + is multipart/signed, Alpine will include the text of the + original message in a reply message, instead of including a + multipart attachment. + * Added backward search in the index screen. + * pico: Add -dict option to Pico, which allows users to choose a + dictionary when spelling. +- Drop /usr/bin/mailutil, it is not built by default anymore. +- Remove alpine-pinepw.patch (merged upstream) +- Add description files for patches 600-616. These live in a + separate file because (a) upstream does not offer the description + as part of the patch file, (b) redownloading the patches would + nuke any added description due to . + +- Add return-values.diff to unbreak build. +- Use more macros for standard dirs in the build recipe. + -- The pico and pilot standalone programs have version numbers of - their own; expose these in the .spec file - -- Add alpine-mime-type-workaround.patch: - Send mime type in lowercase to work around MUAs that can't cope - with upper case mime type strings in the Content-Type header - such as the webmailer of GMX. This is a backport from the - current development release and will become obsolete with the - next version upgrade. - apache-commons-io +- Security fix: [bsc#1184755, CVE-2021-29425] + * Limited path traversal when invoking the method + FileNameUtils.normalize with an improper input string + * Add apache-commons-io-CVE-2021-29425.patch + -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - avahi +- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling + HUP event in client_work (boo#1184521 CVE-2021-3468). + https://github.com/lathiat/avahi/pull/330 + brp-check-suse +- revisited bsc#1184555 help generating FIPS hmac files +- drop previous patch + brp-check-suse-bf6495be895f87b65ac358d22e0ae945b0aa3462.patch +- add brp-50-generate-fips-hmac + +- add patch to implement fipscheck (bsc#1184555) + brp-check-suse-bf6495be895f87b65ac358d22e0ae945b0aa3462.patch + -- correct URL to github repo - cacti +- cacti 1.2.17: + * Fix incorrect handling of fields led to potential XSS issues + * CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804) + * Fix various XSS issues with HTML Forms handling + * Fix handling of Daylight Saving Time changes + * Multiple fixes and extensions to plugins + * Fix multiple display, export, and input validation issues + * SNMPv3 Password field was not correctly limited + * Improved regular expression handling for searcu + * Improved support for RRDproxy + * Improved behavior on large systems + * MariaDB/MysQL: Support persistent connections and improve + multiple operations and options + * Add Theme 'Midwinter' + * Modify automation to test for data before creating graphs + * Add hooks for plugins to show customize graph source and customize + template url + * Allow CSRF security key to be refreshed at command line + * Allow remote pollers statistics to be cleared + * Allow user to be automatically logged out after admin defined + period + * When replicating, ensure Cacti can detect and verify replica + servers + cacti-spine +- cacti-spine 1.2.17: + * Avoid triggering DDos detection in firewalls on large systems + * Use mysql reconnect option properly + * Fix possible creashes in various operations + * Fix remote data collectors pushing too much data to main when + performing diagnostics + * Make spine more responsive when remote connection is down + * Fix various MySQL issues + * Make spine immune to DST changes + ceph +- Update to 15.2.11-83-g8a15f484c2: + + (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections + +- Update to 15.2.11-82-g7c6356e178: + + upstream Octopus v15.2.11 release + see https://ceph.io/releases/v15-2-11-octopus-released/ + * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse + + cephadm: Update Grafana container image from 7.0.3 to 7.3.1 + +- Update to 15.2.10-81-g29303934a5: + + upstream Octopus v15.2.10 release, see https://ceph.io/releases/v15-2-10-octopus-released/ + * bluestore: fix huge reads/writes at BlueFS (bsc#1183899) + +- Update to 15.2.9-83-g4275378de0: + + cephadm: fix 'inspect' and 'pull' (bsc#1182766) + +- Update to 15.2.9-82-gee18977364: + + upstream Octopus v15.2.9 release, see https://ceph.io/releases/v15-2-9-octopus-released/ + * (bsc#1179997) (CVE-2020-27839) mgr/dashboard: Use secure cookies to store JWT Token + * (bsc#1178905) (CVE-2020-25678) Do not add sensitive information in Ceph log files + * (bsc#1172926) mgr/orchestrator: Sort 'ceph orch device ls' by host + * (bsc#1176390, bsc#1176679) mgr/dashboard: enable different URL for users + of browser to Grafana + * (bsc#1176489) mgr/cephadm: lock multithreaded access to OSDRemovalQueue + * (bsc#1176828) cephadm: command_unit: call systemctl with verbose=True + * (bsc#1177360) cephadm: silence "Failed to evict container" log msg + * (bsc#1177857) mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails + * (bsc#1178837) rgw: cls/user: set from_index for reset stats calls + * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + * (bsc#1178932, bsc#1179569) cephadm: reference the last local image by digest + ceph-test +- Update to 15.2.11-83-g8a15f484c2: + + (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections + +- Update to 15.2.11-82-g7c6356e178: + + upstream Octopus v15.2.11 release + see https://ceph.io/releases/v15-2-11-octopus-released/ + * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse + + cephadm: Update Grafana container image from 7.0.3 to 7.3.1 + +- Update to 15.2.10-81-g29303934a5: + + upstream Octopus v15.2.10 release, see https://ceph.io/releases/v15-2-10-octopus-released/ + * bluestore: fix huge reads/writes at BlueFS (bsc#1183899) + +- Update to 15.2.9-83-g4275378de0: + + cephadm: fix 'inspect' and 'pull' (bsc#1182766) + +- Update to 15.2.9-82-gee18977364: + + upstream Octopus v15.2.9 release, see https://ceph.io/releases/v15-2-9-octopus-released/ + * (bsc#1179997) (CVE-2020-27839) mgr/dashboard: Use secure cookies to store JWT Token + * (bsc#1178905) (CVE-2020-25678) Do not add sensitive information in Ceph log files + * (bsc#1172926) mgr/orchestrator: Sort 'ceph orch device ls' by host + * (bsc#1176390, bsc#1176679) mgr/dashboard: enable different URL for users + of browser to Grafana + * (bsc#1176489) mgr/cephadm: lock multithreaded access to OSDRemovalQueue + * (bsc#1176828) cephadm: command_unit: call systemctl with verbose=True + * (bsc#1177360) cephadm: silence "Failed to evict container" log msg + * (bsc#1177857) mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails + * (bsc#1178837) rgw: cls/user: set from_index for reset stats calls + * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + * (bsc#1178932, bsc#1179569) cephadm: reference the last local image by digest + cifs-utils +- cifs.upcall: fix regression in kerberos mount; (bsc#1184815). + * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch + +- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in + container; (bsc#1183239); CVE-2021-20208. + cilium-proxy +- Update _constraints for aarch64 in Backports + clamav +- Update clamav.keyring +- Update to 0.103.2 + * CVE-2021-1252, bsc#1184532: Fix for Excel XLM parser infinite + loop. Affects 0.103.0 and 0.103.1 only. + * CVE-2021-1404, bsc#1184533: Fix for PDF parser buffer over-read; + possible crash. Affects 0.103.0 and 0.103.1 only. + * CVE-2021-1405, bsc#1184534: Fix for mail parser + NULL-dereference crash. Affects 0.103.1 and prior. + * Fix possible memory leak in PNG parser. + * Fix ClamOnAcc scan on file-creation race condition so files are + scanned after their contents are written. + * FreshClam: Deprecate the SafeBrowsing config option. The + SafeBrowsing option will no longer do anything. + * For more details, see our blog post from last year about the + future of the ClamAV Safe Browsing database. + * FreshClam: Improved HTTP 304, 403, & 429 handling. + * FreshClam: Added back the mirrors.dat file to the database directory. + * FreshClam will now exit with a failure in daemon mode if an HTTP 403 + (Forbidden) was received, because retrying later won't help any. The + FreshClam user will have to take actions to get unblocked. + * Fix the FreshClam mirror-sync issue where a downloaded database is + "older than the version advertised." + * bsc#1181256: Fix errors when scanning files > 4G + * obsoletes clamav-disable-timestamps.patch +- Update to 0.103.1 + * Added a new scan option to alert on broken media (graphics) file + formats. This feature mitigates the risk of malformed media files + intended to exploit vulnerabilities in other software. At present + media validation exists for JPEG, TIFF, PNG, and GIF files. To + enable this feature, set AlertBrokenMedia yes in clamd.conf, or + use the --alert-broken-media option when using clamscan. These + options are disabled by default in this patch release, but may be + enabled in a subsequent release. Application developers may enable + this scan option by enabling CL_SCAN_HEURISTIC_BROKEN_MEDIA for + the heuristic scan option bit field. + * Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing + behavior. BMP and JPEG 2000 files will continue to detect as + CL_TYPE_GRAPHICS because ClamAV does not yet have BMP or JPEG + 2000 format checking capabilities. + * Fixed PNG parser logic bugs that caused an excess of parsing + errors and fixed a stack exhaustion issue affecting some systems + when scanning PNG files. PNG file type detection was disabled via + signature database update for ClamAV version 0.103.0 to mitigate + the effects from these bugs. + * Fixed an issue where PNG and GIF files no longer work with + Target:5 graphics signatures if detected as CL_TYPE_PNG/GIF rather + than as CL_TYPE_GRAPHICS. Target types now support up to 10 + possible file types to make way for additional graphics types in + future releases. + * Fixed clamonacc's --fdpass option. + - Interprocess file descriptor passing for clamonacc was broken + since version 0.102.0 due to a bug introduced by the switch to + curl for communicating with clamd. On Linux, passing file + descriptors from one process to another is handled by the + kernel, so we reverted clamonacc to use standard system calls + for socket communication when fd passing is enabled. + * Fixed a clamonacc stack corruption issue on some systems when + using an older version of libcurl. + * Allow clamscan and clamdscan scans to proceed even if the + realpath lookup failed. This alleviates an issue on Windows + scanning files hosted on file- systems that do not support the + GetMappedFileNameW() API such as on ImDisk RAM-disks. + * Fixed freshclam --on-update-execute=EXIT_1 temporary directory + cleanup issue. + * clamd's log output and VirusEvent now provide the scan target's + file path instead of a file descriptor. The clamd socket API for + submitting a scan by FD-passing doesn't include a file path, this + feature works by looking up the file path by file descriptor. + This feature works on Mac and Linux but is not yet implemented + for other UNIX operating systems. FD-passing is not available for + Windows. + * Fixed an issue where freshclam database validation didn't work + correctly when run in daemon mode on Linux/Unix. + clamav-database +- database refresh on 2021-05-03 (bsc#1084929) + +- database refresh on 2021-04-26 (bsc#1084929) + +- database refresh on 2021-04-19 (bsc#1084929) + +- database refresh on 2021-04-12 (bsc#1084929) + cloud-init +- Add cloud-init-bonding-opts.patch (bsc#1184085) + + Write proper bonding option configuration for SLE/openSUSE +- Fix application and inclusion of + use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283) + crmsh +- Update to version 4.3.0+20210315.5d07d43e: + * Fix: ui_resource: change return code and error to warning for some unharmful actions(bsc#1180332) + * Fix: bootstrap: raise warning when configuring diskless SBD with node's count less than 3(bsc#1181907) + cups-filters +- fix_upstream_issue348.patch fixes + https://github.com/OpenPrinting/cups-filters/issues/348 + foomatic-rip segfaults with 'job-sheets=none,none' + but works with 'job-sheets=none' + (bsc#1182893) + dhcp +- bsc#1185157: + Use /run instead of /var/run for PIDFile in dhcrelay.service. + dovecot +- /var/run in /usr/lib/tmpfiles.d/dovecot.conf is deprecated, please + use /run instead (bsc#1185074) + The home directories of the internal users was moved from + /var/run/dovecot to /run/dovecot too. + -- we dont need a dovecot implementation at build time just at - install time. add BuildIgnore to get around the loop. - -- remove triggers again. when we handle the dovecot update problems - by manually stopping in %pre and manually starting up again in - %postun we dont need them anymore. - -- as we cant use service_del_preun we should still check if it is - the last package that we install otherwise we kill it - unconditionally - -- no longer restart the socket activation. this seems to kill the - dovecot. - -- move ldconfig to the versioned packages -- own the shared var directories. -- kick out the triggerin script as we dont need it. -- restart dovecot also when the module packages are updated - -- added trigger scripts - -- make the dovecot implementation a prereq - -- start an unversioned wrapper package again - dracut +- Update to version 049.1+suse.187.g63c1504f: + * fix(shutdown): add timeout to umount calls (bsc#1178219) + e2fsprogs +- Remove autoreconf call from e2fsprogs.spec (bsc#1183791) + +- po-remove-unnecessary-buggy-positional-parameter-spe.patch: po: remove + unnecessary/buggy positional parameter specifiers (bsc#1170964) + +- e2fsck-clarify-overflow-link-count-error-message.patch: e2fsck: clarify + overflow link count error message (bsc#1160979) +- ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch: ext2fs: update + allocation info earlier in ext2fs_mkdir() (bsc#1160979) +- ext2fs-implement-dir-entry-creation-in-htree-directo.patch: ext2fs: implement + dir entry creation in htree directories (bsc#1160979) +- tests-add-test-to-excercise-indexed-directories-with.patch: tests: add test + to excercise indexed directories with metadata_csum (bsc#1160979) +- tune2fs-update-dir-checksums-when-clearing-dir_index.patch: tune2fs: update + dir checksums when clearing dir_index feature (bsc#1160979) + +- e2fsck-abort-if-there-is-a-corrupted-directory-block.patch: e2fsck: abort if + there is a corrupted directory block when rehashing (bsc#1160571 + CVE-2019-5188) +- e2fsck-don-t-try-to-rehash-a-deleted-directory.patch: 2fsck: don't try to + rehash a deleted directory (bsc#1160571 CVE-2019-5188) + +- resize2fs-Make-minimum-size-estimates-more-reliable.patch: resize2fs: Make + minimum size estimates more reliable for mounted fs (bsc#1154295) + +- libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch: add checks to + prevent buffer overrun bugs in quota code (bsc#1152101, CVE-2019-5094) + +- libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch: libext2fs: call + fsync(2) to clear stale errors for a new a unix I/O channel (bsc#1145716) + +- e2fsck-check-and-fix-tails-of-all-bitmaps.patch: e2fsck: check and fix tails + of all bitmap blocks (bsc#1128383) + +- libext2fs-Fix-fsync-2-detection.patch: libext2fs: Fix fsync(2) detection + (bsc#1038194) + +- Add references from old package: + Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch + in 1.42.12 (bsc#1009532) + Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch + in 1.42.13 (bsc#918346 CVE-2015-1572) + Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch + in 1.42.12 (bsc#915402 CVE-2015-0247) + Got specfile fix through Factory (bsc#960273) + Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194) + +- libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch: + libext2fs: fix build failure in swapfs.c on big-endian systems (bsc#1077420) + +- Update to 1.43.8 + * add forgotten byteswap of some new superblock fields + * fix use-after-free in e2fsck for corrupted root inode + * fix floating point exception due to corrupted superblock in e2fsck + * fix resize2fs's free block sanity checks + * updated translations + +- Added %license tag to specfile + +- Update to 1.43.7 + * debugfs, tune2fs, fuse2fs fixes of error handling in journal replay + * e2fsck and debugfs fixes so that malicious filesystems do not cause + buffer overflows + * fix corner cases in offline resizing in resize2fs + * updated translations + +- ignore errors for install-info calls in post scripts, + otherwise installing with "--excludedocs" fails + +- Update to 1.43.6 + * fix printing of quota inconsistency messages + * fix out of bounds checks in e2fsck + * optimize e2fsck CPU usage for large sparse files + * increase inode size to 256 bytes if features require it + * various UI fixes + * updated translations + +- Add missing coreutils dependency for initrd macros (bsc#1055492). + +- Update to 1.43.5 + * fix e2fsck infinite loop when rebuilding encrypted directories + * fix tune2fs support for enabling /disabling project quota + * fixes in debugfs, dumpe2fs, e2fsck, tune2fs, and resize2fs for maliciously + corrupted filesystems + * fix e2fsck to verify invalid quota inode numbers + * fix byte-swapping of backup superblocks + * fix e2fsck -E bmap2extent to work for sparse files + * fix e2fsck to correctly handle quota accounting for multiply claimed blocks + * lots of other fixes + +- Update to 1.43.4 + * fix e2fsck handling of system.data extended attributes for small files + * fixes in mke2fs -d + * make mke2fs refuse absurdly large devices + * make mke2fs properly report IO errors + * clarify default in mke2fs questions + * re-add uninit_bg to mke2fs.conf + * add support for project quota to debugfs + * improve xattr support in debugfs + * remove mkfs.ext4dev and fsck.ext4dev + +- Remove suse-module-tools dependency as it creates cycle in dependency list + +- Update download URL to poing to ftp.kernel.org which is more reliable + +- Update to 1.43.3 + * mke2fs will use larger journal for large filesystems by default + * e2fsck journal replay bugfixes + * debugfs improvements and fixes + * fix resize2fs migration of attribute blocks +- fuse2fs manpage is no longer installed when fuse2fs is not built + +- fix last change + +- Rebuild the initrd if this package changes (and we are not + building the -mini version) + +- Update to 1.43.1 + * Add support for the ext4 metadata checksum, checksum seed, inline data, + encryption, project quota, and read-only features + * Support for the very old, experimental, and never-added-to-mainline + compression feature has been removed + * Mke2fs will now create file systems with the metadata_csum and 64bit + features enabled by default + * The tune2fs program will ask the user for confirmation before starting + dangerous operations if the terminal is available, and it will replay + the journal if necessary + * Add an ext2/3/4 FUSE server + * The resize2fs command can now convert file systems between 64-bit and + 32-bit mode + * We now use a new e2undo file format which is much more efficient and + faster than the old tdb-based scheme. Since it so much faster, e2fsck, + tune2fs, debugfs, and resize2fs now also can support using creating an + undo file. + * Multiple e2fsck fixes + * Multiple mke2fs improvements + * Multiple debugfs improvements + +- spec: add static library dependencies + +- enable static build and package static libraries + +- e2fsprogs-1.41.1-splash_support.patch: Drop it, this patch + depends on the old in kernel "bootsplash" patches that were + removed after the introduction of plymouth. + +- Update to 1.42.13 + * fix potential buffer overflow while closing a filesystem + * fix deadlock which occurs when using systemd and e2fsck.conf's logging + feature + * make tune2fs clear journal superblock backup when removing journal + * fix use after free bugs in resize2fs and e2fsck + * fix endianity bugs in libext2fs + ... +- Remove e2fsck-fix-free-pointer-dereferences.patch: Merged upstream + +- e2fsck-fix-free-pointer-dereferences.patch: Fix use after free (bnc#912229) + flatpak +- Update to version 1.10.2: + + This is a security update which fixes a potential attack where + a flatpak application could use custom formated .desktop files + to gain access to files on the host system. + + Fix memory leaks + + Some test fixes + + Documentation updates + + G_BEGIN/END_DECLS added to library headders for c++ use + + Fix for X11 cookies on OpenSUSE + + Spawn portal better handles non-utf8 filenames + +- Flatpak only requires glib 2.44, not 2.60 +- Update ostree version required to 2020.8 + +- Update to version 1.10.1: + + Fix flatpak build on systems with setuid bwrap + + Fix some compiler warnings + + Fix crash on updating apps with no deploy data + + Updated translations. +- Remove deprecated texinfo packaging macros. +- Switch to upstream release tarball. + +- Update to version 1.10.0: + + The major new feature in this series compared to 1.8 is the + support for the new repo format which should make updates + faster and download less data. + + The systemd generator snippets now call flatpak + - -print-updated-env in place of a bunch of shell for better + login performance. + + The .profile snippets now disable GVfs when calling flatpak to + avoid spawning a gvfs daemon when logging in via ssh. + + Build fixes for GCC 11. + + Flatpak now finds the pulseaudio sockets better in uncommon + configurations. + + Sandboxes with network access it now also has access to the + systemd-resolved socket to do dns lookups. + + Flatpak supports unsetting env vars in the sandbox using + - -unset-env, and --env=FOO= now sets FOO to the empty string + instead of unsetting it. + + Similarly the spawn portal has an option to unset an env var. + + The spawn portal now has an option to share the pid namespace + with the sub-sandbox. + +- Update to version 1.8.5 (CVE-2021-21261): + + This is a security update that fixes a sandbox escape where a + malicious application can execute code outside the sandbox by + controlling the environment of the "flatpak run" command when + spawning a sub-sandbox (boo#1180996) + +- Update to version 1.8.4: + + Fix support for ppc64. + +- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, + allow to remove python3 dependency on main package. + +- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO. + +- Update to version 1.8.3: + + Fixed progress reporting for OCI and extra-data. + + The in-memory summary cache is more efficient. + + Fixed authentication getting stuck in a loop in some cases. + + Fixed authentication error reporting. + + We now extract OCI info for runtimes as well as apps. + + Fixed crash if anonymous authentication fails and -y is + specified. + + flatpak info now only looks at the specified installation if + one is specified. + + Better error reporting for server HTTP errors during download. + + Uninstall now removes applications before the runtime it + depends on. + + Fixed test-suite to pass with the latest OSTree version. + + Fixed dbus environment variables in flatpak enter. + + Avoid updating metadata from the remote when uninstalling. + + Fixed error message handling in various places. + + FlatpakTransaction now verifies all passed in refs to avoid. + + potential issues with invalid names. + + Updated translations. + +- Update to version 1.8.2: + + Added validation of collection id settings for remotes. + + Fix seccomp filters on s390. + + Robustness fixes to the spawn portal. + + Fix support for masking update in the system installation. + + Better support for distros with uncommon models of merged /usr. + + Cache responses from localed/AccountService. + + Fix hangs in cases where xdg-dbus-proxy fails to start. + + Fix double-free in cups socket detection. + + OCI authenticator now doesn't ask for auth in case of http + errors. + +- Fix invalid usage of %{_libexecdir} to reference systemd + directories. + +- Update to version 1.8.1: + * Avoid calling authenticator in update if ref didn't change + * Don't fail transaction if ref is already installed (after + transaction start) + * Fix flatpak run handling of userns in the --device=all case + * Fix handling of extensions from different remotes + * Fix flatpak run --no-session-bus + * Updated translations +- Update to version 1.8.0: + * FlatpakTransaction has a new signal "install-authenticator" + which clients can handle to install authenticators needed for + the transaction. This is done in the CLI commands. + * We now always expose the host timezone data, allowing us the + expose the host /etc/localtime in a way that works better, + fixing several apps that had timezone issues. + * Fix flatpak enter which didn't work in some cases. + * We now ship a systemd unit (not installed by default) to + automatically detect plugged in usb sticks with sideload repos. + * By default we no longer install the gdm env.d file, as the + systemd generators work better. + * create-usb now exports partial commits by default + * Fix handling of docker media types in oci remotes + * Fix subjects in remote-info --log output +- Remove source file used to generate a flatpak user on the system + since it's now included by upstream: + * system-user-flatpak.conf + +- Fixes for %_libexecdir changing to /usr/libexec + +- Update to version 1.6.4: + + This release backports some of the OCI authenticator fixes from + the 1.7 series, and should now be able to host flatpak images + on e.g. docker hub. + + Other changes: + - Fix a use-after free in libflatpak. + - Don't list p2p downgrades in list of available updates. + +- jsc#SLE-7171 fwupdate +- Add fwupdate-bsc1182057-add-sbat-support.patch to add SBAT + section to EFI images (bsc#1182057) + + Also specify the vendor SBAT + giflib +- Enable Position Independent Code and inherit CFLAGS from the build system. + * Added giflib-PIE.patch (bsc#1184123). + -- Update to new upstream release 5.0.4 - * Fix for a rare misrendering bug when a GIF overruns the - decompression-code table. -- Make patches have -p1, as requested by - http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -- add giflib-automake-1_13.patch, fix build with automake-1.13.1 - -- Remove "Obsoletes: giflib", because libgif6 must not obsolete - libgif4 (it would do that by way of libgif4's "Provides: giflib"). - -- Adjust baselibs.conf for libgif6, remove libungif rpm symbols - since they are now no longer provided. - -- Version 5.0.3 - * The library is now purely reentrant and thread-safe - * Adds an EGifSetGifVersion() entry point - * All names of exported functions now have a Gif, DGif, or EGif prefix. -- packaging changes: - * soname is now libgif6 - * Compatibility with ancient "libungif" via rpm spec file hacks - is no longer included, if there is any application around - that still requires this it has to be fixed. - -- Remove redundant tags/sections - -- annotate functions from gif_lib_private.h with visibility - hidden so they are not exported. - -- add libtool as buildrequire to make the spec file more reliable - -- Correct project URL -- Implement shlib naming (libgif4) -- Apply packaging guidelines (remove redundant/obsolete - tags/sections from specfile, etc.) - -- Do not use __Date__ and __TIME__ , make build-compare - happier - -- add baselibs.conf as a source - git +- Remove deprecated "syslog" option from git-daemon.service (bsc#1185147) + gnome-session +- Add gnome-session-exit-when-lost-name-on-bus.patch: gnome-session + exit immediately when lost name on bus + (bsc#1175622 glgo!GNOME/gnome-session!60). + gnome-shell-extension-desktop-icons +- Add desktop-icons-show-iso-file-icon.patch: Show ISO file icon as + default icon. + (bsc#1183504 glgo#GNOME/World/ShellExtensions/desktop-icons!196) + golang-github-boynux-squid_exporter +- Build requires Go 1.15 + +- Add %license macro for LICENSE file + golang-github-lusitaniae-apache_exporter +- Build with Go 1.15 + google-guest-agent +- Update to version 20210223.01 (bsc#1183414, bsc#1183415) + * add a match block to sshd_config for SAs (#99) + * add ipv6 forwarded ip support (#101) + * call restorecon on ssh host keys (#98) + * Include startup and shutdown in preset (#96) + * set metadata URL earlier (#94) +- Fix activation logic of systemd services (bsc#1182793) + +- Update to version 20201211.00 + * Require snapshot scripts to live under /etc/google/snapshots (#90) + * Adding support for Windows user account password lengths + between 15 and 255 characters. (#91) + * Adding bkatyl to OWNERS (#92) + google-guest-configs +- Update to version 20210317.00 (bsc#1183414, bsc#1183415) + * dracut.conf wants spaces around values (#19) + * make the same change for debian (#18) + * change path back for google_nvme_id (#17) + * move google_nvme_id to /usr/bin (#16) + * correct udev rule syntax (#15) + * prune el6 spec (#13) + * Updated udev rules (#11) +- Remove empty %{_sbindir} from %install and %files section + +- Remove service files (bsc#1180304) + + google-optimize-local-ssd.service, google-set-multiqueue.service + scripts are called from within the guest agent + google-guest-oslogin +- Update to version 20210316.00 (bsc#1183414, bsc#1183415) + * call correct function in pwenthelper (#53) + +- Update to version 20210108.00 + * Update logic in the cache_refresh binary (#52) + * remove old unused workflow files (#49) + google-osconfig-agent +- Update to version 20210316.00 (bsc#1183414, bsc#1183415) + * ExecResource: fix bug in return code handling (#295) + * Fix ExecResource permissions, add logs to fetcher (#294) + * e2e_tests: Fix ubuntu proposed family (#293) + * e2e_tests: add proposed debian images to head tests (#292) + * Fix exec_resource for config task, add minimal unit test (#291) + * Change util.WriteFile to AtomicWriteFileStream (#289) + * Merge development branch into master (#288) + * Create util.TempFile to work nicely with Windows (#287) + * Fix copy step write (#286) + * Fix error on linux lock (#285) + * Ensure we cleanup on error in AtomicWrite (#284) + * Make writes atomic, add unused "allowDowngrades" option + to apt, fix a few recipe issues (#283) + * update reviewers (#282) + * update apt package lists before running installs (#281) + * Simplify build tags for COS package (#280) + +- Update to version 20210112.00 + * Fix builds for ppc and s390x (#274) + * Minor updates to tests and additional debug logging (#272) + * Add Ubuntu 2004 to tests (#271) + * Make sure we stop tickers (#270) + * Drop Windows 1903 and CentOS 6 from tests (#269) + * Pin el6 tests to last published image as it is EOL (#267) + * support cos (#266) + +- Update to version 20201117.00 (bsc#1179031, bsc#1179032) + * Ignore Unavailable erros on stream receive (#260) + * Update test Windows images (#259) + * update ReportInventory e2e test regexes (#255) + * Don't return on a windows update error (#254) + * use retryutil for ReportInventory calls (#253) + * add additional debug logging for ReportInventory request payload for e2e tests (#252) + * stop logging instance identity token as part of ReportInventory request and remove + feature-flag setting in OSInventoryReporting e2e tests (#251) + * complete ExecTask as no-op when the ExecStepConfig doesn't match the OS (#250) + * Add software recipe tests for COS (#249) + * remove feature flag for inventory reporting (#243) + * Force yum to never colorize output (#247) + * Add sleep after Unavailable errors for agentendpoint (#241) + * Ensure we record epoch for rpm packages (#242) + * Make inventory WUAUpdates call spawn a new process, + retry on metadata unmarshal error (#239) + * add debug logging for report inventory response (#240) + * add initial e2e tests for inventory reporting (#237) + * Report installed packages on COS (#236) + gpgme +- Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801] + * tests/json: Bravo key does not have secret key material + * tests/json: Do not check for keygrip of pubkeys + * core: Make sure the keygrip is available in WITH_SECRET mode +- Add gpgme-test-json.patch + grubby +- Include in SLE-15 (bsc#1185283, jsc#ECO-3364, jsc#PM-2498) + +- Update to 20200210.99d10a3 + * Fix maybe-uninitialized warning + * Fix stringop-overflow warning +- Fix incorrect package names in Requires + * uboot-tools => u-boot-tools + * s390-utils => s390-tools +- Disable tests on aarch64 again +- Run spec-cleaner + +- Update to 20190801.fc69ba6 + gzip +- fix DFLTCC segfault [bsc#1177047] +- added patches + fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc + + gzip-1.10-fix-DFLTCC-segfault.patch + hawk2 +- Update to version 2.6.4: + * Fix wizards ui (bsc#1184274) + installation-images:SLES +- merge gh#openSUSE/installation-images#508 +- create NVMe config files before udevd is started (bsc#1184908) +- 16.56.10 + installation-images:openSUSE +- merge gh#openSUSE/installation-images#508 +- create NVMe config files before udevd is started (bsc#1184908) +- 16.56.10 + +- merge gh#openSUSE/installation-images#507 +- Revert "trigger automatic nvme discovery (bsc#1184908)" +- trigger automatic nvme discovery in udev start script + (bsc#1184908) +- 16.56.9 + +- merge gh#openSUSE/installation-images#501 +- trigger automatic nvme discovery (bsc#1184908) +- 16.56.8 + +- merge gh#openSUSE/installation-images#499 +- fix NVMf autoconnect udev rule (bsc#1184908) + instsource-susedata +- update to version 0.3.7 + * include fingerprint in the gpg keys (still bsc#1184326) + irqbalance +- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405) + A procinterrupts-check-xen-dyn-event-more-flexible.patch + kernel-azure +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-source-azure +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kernel-syms-azure +- Refresh + patches.suse/perf-x86-intel-uncore-remove-uncore-extra-pci-dev-hswep_pci_pcu_3.patch. +- commit dbaac01 + +- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) +- commit 58c17cd + +- Revert "scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()" + (bsc#1185038) + This reverts commit 9b829c278737b522a63301c27e6e947c9ed4accf. + Reverted upstream. +- commit 73b3872 + +- perf/x86/intel/uncore: Remove uncore extra PCI dev + HSWEP_PCI_PCU_3 (bsc#1184685). +- commit 91f11e3 + +- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). + Previously essiv was part of dm-crypt but now it is separate. + Include the module in kernel-obs-build when available. + Fixes: 7cf5b9e26d87 ("rpm/kernel-obs-build.spec.in: add dm-crypt for building with cryptsetup") +- commit bd99014 + kimageformats +- Add patch to fix OOB write (oss-fuzz#33742): + * 0001-xcf-Fix-Stack-buffer-overflow-WRITE-on-broken-files.patch + kstars +- Fix crash, when using EKOS, caused by a missing runtime + dependency (bsc#1185891) + kubevirt +- Update to version 0.38.1: + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * Expose field name 'ipFamily' for k8s < 1.20 + * Bump k8s deps to 0.20.2 + * verify that VMIs can be started with images not owned by qemu provided by FS PVC + * change ownership of the image provided by a filesystem PVC to qemu + * virt-launcher's FSGroup functional test is obsolete + * virt-controller: Remove FSGroup from Pod + * cloudinit.GenerateLocalData: defer removal of temp files + * rpm: update `make rpm-deps` + * launcher / handler rpm: add tar as pod dependency + * cloudinit.GenerateLocalData: drop ineffectual assignment + * tests/config_test: fix ineffectual assignment to err + * pkg/virt-handler/migration-proxy/migration-proxy_test: fix ineffectual assignment to err + * tests/replicaset_test: fix ineffectual assignment to err + * pkg/virt-launcher/virtwrap/access-credentials/access_credentials_test: fix ineffectual assignment to err + * tests/vnc_test: fix ineffectual assignment to err + * pkg/virt-handler/isolation/isolation_test: fix ineffectual assignment to err + * pkg/virt-controller/watch/migration: fix ineffectual assignment to err + * tools/vms-generator/utils/utils: fix ineffectual assignment to err + * tests/vmi_gpu_test: fix ineffectual assignment to err + * pkg/virt-handler/cache/cache_test:fix ineffectual assignment to err + * pkg/virt-launcher/virtwrap/manager_test:fix ineffectual assignment to err + * multus, tests: assert error does not happen + * Bump bazeldnf to v0.0.15 + * pkg/virt-handler/cmd-client/client_test:fix ineffectual assignment to err + * pkg/virt-operator/creation/components/secrets_test: fix ineffectual assignment to err + * tests/infra_test.go: fix ineffectual assignment to err + * tests/vmipreset_test: fix ineffectual assignment to err + * func tests, multus: getting the kubevirtClient must be done first + * func tests, multus: execute BeforeAll before BeforeEach + * document the interface between hostdev device plugins and kubevirt + * Refactor methods to reduce their Cognitive Complexity + * Define a constant instead of duplicating literal + * Refactor method to reduce its Cognitive Complexity + * Define a constant instead of duplicating literals + * Refactor method to reduce its Cognitive Complexity + * Add a nested comment indicating about an empty function + * Define a constant instead of duplicating a literal + * Refactor methods to reduce their Cognitive Complexity + * Increase subresource pod test execution timeout + * Add Nvidia as a KubeVirt ADOPTOR + * ipv4, network tests: refactor the masquerade test table + * controller, virtinformers: Define the unexpected error once + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * Converter: Handle 'float' memory + * Tests: Ensure cpu/memory in requests/limits allow int/float + * virt-launcher: Support (non-)transitional virtio-balloon + * rpm: Bump libvirt and QEMU + * tests/utils: fix ineffectual assignment to ok + * tests/utils: fix ineffectual assignment to err + * tests/utils: fix ineffectual assignment to scale + * pkg/container-disk/container-disk_test: fix ineffectual assignment to path + * pkg/virt-launcher/virtwrap/network/common: fix ineffectual assignment to err + * tests/vm_test: fix ineffectual assignment to err + * tests/vm_watch_test: fix ineffectual assignment to cmdName + * pkg/virt-handler/hotplug-disk/mount_test: fix ineffectual assignment to err + * pkg/virt-handler/hotplug-disk/mount_test: fix ineffectual assignment to res + * tests/reporter/kubernetes: fix ineffectual assignment to err + * pkg/virt-launcher/virtwrap/access-credentials: fix ineffectual assignment to err + * pkg/virt-launcher/virtwrap/access-credentials: fix ineffectual assignment to output + * pkg/virt-handler/vm_test: fix ineffectual assignment to err + * tools/util/marshaller: fix ineffectual assignment to err + * pkg/virt-handler/device-manager/mediated_device_test: fix ineffectual assignment to err + * tests/restore_test: fix ineffectual assignment to restore + * removing trello reference as its no longer used + * Adjust e2e test which checks for the scsi controller + * consider scsi controllers in virtio version decisions + * Bump kubevirtci, now hosted on quay.io + * network: BindMechanism receiver name consistency + * MacvtapBindMechanism.loadCachedInterface fix arg name + * Clean error message for not migratable VMI + * Fix detection of previous release version in operator func test + * Alert when less than 2 KVM nodes available + * Fix a datavolume collision + * Remove danielBelenky from reviewers + * KubeVirt is now released on quay.io only + * [virt-operator] load new certificates earlier + * Keepalive function for travis to prevent timeout due to inactivity on stdout + * Fix limits/requests to accept int again + * network: rename NetworkInterface and PodInterface + * network: drop NetworkInterface.Unplug + * network: eliminate mocking of SetupPodNetworkPhase2 + * network: make SetupPodNetworkPhase1 into a constant function + * network: rename {Bridge,Masquerade,Macvtap,Slirp}PodInterface + * network: rename getNetworkClass + * network: rename getNetworkInterfaceFactory + * fix review English phrasing + * virt-api/webhooks: test newly-renamed function + * virt-api/webhooks: simplify and rename ServiceAccount-matching function + * split sync resources into multiple functions and files + * tests: Test guest restart after migration + * Normalize DNS search domains to lower-case + * Revert "Fix typos in log output" + * tests: After migration test is not invoked + * virt-launcher: [masquerade] pass a MAC to the vm accroding to the spec only + * virt-launcher: [masquerade] Stop filtering dhcp reuqests by vm MAC + * Example code for gosec fix + * Update gosec.md + * guidelines for using gosec analysis tool + * docs/devel/networking: unbreak URL + * Add virtctl image-upload usage for WaitForFirstConsumer DVs + * Add error message on virtctl image-upload to WaitForFirstConsumer DataVolume + * bump bazeldnf + * Fix typos in log output + * Extend isolation test to cover IsMounted method + * Wrap mountinfo parsing common code into a function + * start virt-launchers with a non-default log verbosity + * change virt-controller log verbosity on relevant config changes + * change virt-api log verbosity on relevant config changes + * change virt-handlers log verbosity on relevant config changes + * add default log verbosity values to cluster config + * allow registering multiple callbacks for config changes + * add a logVerbosity struct to set KubeVirt components log verbosity + * Remove travis-ci logic for pushing to quay app registery + * Make mutating webhooks required + * Bump bazeldnf to a version with its own ldd implementation + * Add tests + * Fix typo + * Fix some typo in docs + * Add alert for insufficient number of nodes with KVM resources + * Remove dockerhub-related travis jobs and credentials + * Make `make build-functest` work without nested bazel invocation + * Compile template-manifestor with bazel + * Invoke shfmt from bazel + * Add gofmt to our vendor tree + * kubevirtci, Bump kubevirtci + * Bump bazeldnf to 0.0.10 to better deal with bad repomd mirrors + * Allow setting user local bazelrc settings. + * Update Quay credentials in travis config + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * tests: make client in hello world job UDP wait for response + * wait for host responding to ping, in some cases the first two pings fail, now instead we wait for a specific amount of time + * Increase time to wait for failed connection + * virt-controller: increase the number of VMI controller threads + * sriov, tests: xfail vlan test + * network: simplify getNetworkInterfaceFactory + * network: drop long-unused plugFunction + * network: drop long-unused qemuArgCacheFile + * network: rename constant to primaryPodInterfaceName + * network: drop global podInterfaceName variable + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * add vi-minimal to base packages for containers + * Additional hotplug functional tests + * Add unit test for PCI address parsing + * Escape dot '\.' in PCI_ADDRESS_PATTERN + * Move ParsePciAddress function to hardware utils + * Bump bazeldnf to fix rpm verification + * Drop references to kubevirt-host-device-plugin-config cfgMap + * Check if block devices are ready. If not ensure that the block device major and minor is allowed in the virt-launcher pod. Enable functional tests that were failing due to permission issues + * Reviewers update: Adding EdDev as a code reviewer + * virt-launcher/handler: move Macvtap discovery of MTU and target + * virt-launcher/handler: Macvtap shouldn't use vif cache + * Fix Open Shift SCC permissions to allow attachment pods to use host network. Fix selinux to be on container level instead of pod level. + * Use the array value instead of a new variable when possible + * eliminate the usage of interface address in decorateConfig() + * allocate new variable and don't use the originsl s.domain.Spec.Devices.Interfaces + * fix some tabs/spaces mess + * Fix memory aliasing in for loop - taking the address of loop variable is dangerous + * ENV VAR for client-go scheme registration version + * Give kubevirt pods more time to become ready + * Fix PV selector for windos and rhel PVCs + * Make storage tests fit for parallel execution + * Use the new nfsserver library in the migration tests + * Create windows and rhel PV within the corresponding tests + * Prepare our framework in utils for parallel storage test execution + * Move nfs server rendering to its own package and adjust memory requests + * Add a ginkgo matcher library especially for kubevirt + * Prepare image provider for parallel execution + * Code Review edits + * Bump kubevirtci + * Stick with virtio model on the ballooning device + * Tablet input device only exists as virtio 1.0 + * virtio-serial controllers need the model set too + * Add virtio-transitional e2e test + * Extract converter into its own subpackage + * Unit test for choosing virtio-transitional + * Make the converter aware of virtio model preferences + * Add a global VMI flag to the API to fall back to virtio_transitional + * tests, xfail: Change XFail API to wrap the expected failure + * Don't override the e2e kubevirt config by default in the e2e tests + * virt-launcher/handler: remove the tap device from the VIF cache + * Use virt-handler image as base for multus tests + * Explicitly build libvirt-devel tars + * Remove no longer needed go_library definition + * Allow qemu to bind to privileged ports for slirp + * Docuement how RPM verification can be done + * Add a RPM verification target + * Bump to bazeldnf with improved RPM verification + * fix logos dependency + * Add GPG keys to repo.yaml + * Update RPMs + * Avoid dependency flipping + * add ps binary + * Update dependency update documentation + * Remove old libvirt-devel dependencies in WORKSPACE + * Prepare binary containers for bazeldnf built content + * Start using bazeldnf RPMs for building and testing + * Add RPMs + * Add repo.yaml files + * Add a script to resolve RPM dependencies + * Document new kubevirt handling of WaitForFirstConsumer DataVolumes + * Fix support for camelCase userData and networkData labels + * virt-launcher: Remove unused arg from GetDomainSpecWithRuntimeInfo + * Extend VMI count metric to include osinfo + * fix: change url and label name for "good-first-issue" on CONTRIBUTING.md + Added patch: dont-use-bazel-in-build-manifests.patch + +- Add building of virt-tests + +- Update to version 0.37.0: + * Remove travis-ci logic for pushing to quay app registery + * Update Quay credentials in travis config + * MacvtapPodInterface.setCachedInterface: fix arg name + * make generate: 2021 edition + * tests, dhcpv6: verify connectivity survives after migration + * tests, dhcpv6: use python server instead of nc + * tests, dhcpv6: start dhcpv6 client, config d.route & prefix via console + * tests, dhcpv6: use fedora vms for masquerade ipv6 connectiviy tests + * tests: split masquerade connectivity tests to ipv4 and ipv6 + * tests: remove libnet.WithIPv6 from ipv4 only dhcp test + * dhcpv6: unit tests + * dhcpv6: Extracting the build of the server response to a separate method + * dhcpv6: Add the request iana to the response + * dhcpv6: reply to dhcp solict with rapid commit + * add ipv6 address to VIF.String + * dhcpv6: run only for masquerade + * dhcpv6: introduce prepareDHCPv6Modifiers + * dhcpv6: Allow dhcpv6 server to run without CAP_NET_RAW + * dhcpv6: handle requests from client - adding DUID and IANA options + * virt-launcher: vendor dhcpv6 + * virt-launcher: introduce dhcpv6 + * Extend version functional tests + * Set --stamp as default build flag + * imageupload: improve nosec comment + * cloud-init: test that GenerateLocalData can run twice + * cloud-init, GenerateLocalData: simplify staging replacement + * tests, ping: increase default amount of packets + * cloud-init, GenerateLocalData: drop redundant diskutils.RemoveFile call + * cloud-init, GenerateLocalData: drop ambiguous comment + * add use case Signed-off-by: xiaobo + * add use case Signed-off-by: xiaobo + * add use case Signed-off-by: xiaobo + * add use case Signed-off-by: xiaobo + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * Document dependency update flows + * Newer curl version don't allow headerless HTTP + * Build all test images in kubervirt/kubevirt + * Add managed RPMs and remove unmanaged RPMs + * Add repo.yaml files + * Add bazeldnf dependencies + * Add a script to resolve RPM dependencies + * virt-launcher, converter: Extract SRIOV hostdev creation + * virt-launcher, converter: Refactor network indexing + * virt-launcher, converter: Refactor iface multi queue + * tests, vmi_multus: test Sriov with Vlan + * Don't overwrite user-provided GOFLAGS + * Handle btrfs subvolumes when parsing mountinfo + * Add mount info test cases + * Add testdata for mount info tests + * Cleanup duplicated code + * Refactor containerdisk mount code + * tests,sriov:make createSriovVms recieve network names + * tests, sriov: remove un-needed function. + * tests: sriov: extract NAD creation to a helper + * tests, utils, delete vmi waiting: assert on err + * Preapre build environment for bazeldnf + * use placement api for assinging virt-handler pod + * virt-launcher, libvirt: Free (all) domain resources + * Generate release manifests using quay images + * Add maiqueb to code-reviewers list + * Update vendored dependencies + * Update versions of some dependencies + * only validate status of vm, vmi, and vmi migration objects + * This fixes a race condition between unmounting a file system volume and detaching a disk from the running VM. In certain conditions it would attempt to unmount before the disk was fully detached causing the unmount to error and preventing the VM sync from fully detaching. This moves the unmount to after the sync, so this race never happens. + * smbios, sidecar hook, tests: assert the hook version is advertised + * smbios cmd: set the version parameter as mandatory + * examples, hooks: correct the vmi-sidecar-hook example + * add kubernetes os nodeSelector to injectPlacementMetadata + * virt-launcher, converter: Set SRIOV device as unmanaged + * tests, sriov: XFail IPv4 connectivity test + * Append rootfs mount to containerdisk base path + * Narrow down watcher select which waits for object states + * Fix Eventually which used the time out as description + * Remove unused functions: GenerateSelfSignedCertKey and GenerateSelfSignedCertKeyWithFixtures + * use filepath.Clean for two fixed path parameter functions + * virt-launcher, converter: Remove vCPU dependency on queue limits + * add Kubermatic to adopters list + * manager_test: add err check for ioutil.TempDir + * windows_test: remove duplicate code + * cleanup tempfiles for manager_test + * cleanup tempfiles for common_test + * Functional test to verify vmis are migratable after update to from latest KubeVirt official release + * update libvirt base container to rhel-av 8.3 + * Unit test to verify evaculation controller generated migration object fields + * evacuation informer should only observe the creation of migration objects it created + * cloud-init: Allow populate networkData alone + * tests, sriov: XFail IPv6 connectivity test + * dev guide, networking: net_raw cap is not required by virt-launcher + * Revert "dev guide, networking: no capabilities are required" + * Make sure to use all supported versions for status subresource + * Update csv gen logic for v1 api + * Update hardcoded references to v1alpha3 in unit tests + * Update unit tests to account for aggregated api server registration for v1 API + * Update functional tests that had hardcoded references to v1alpha3 + * Add functional tests to verify vm creation using all supported API versions + * Add v1 api version + * Revert "linux capabilities: remove CAP_NET_ADMIN" + * Revert "libvirt, mtu: do not perform any network config on the launcher" + * move kv update validation webhook to operator validation configuration + * Fix test id for io mode test + * update listtype markers for kubevirt pci host devices + * Fix gosec unhandled errors in delete.go & create.go + * Cleanup k8s jobs from test namespaces + * If the fedora login expecter is stuck, retry + * tests, multus: Change 3rd network SRIOV vnic name + * tests, sriov: Centralize SRIOV network names + * tests, multus: Fix IP address configuration + * tests, Use RandName for creating random VMI names + * Fail detection and handling when EFI without SB is not available + * Add unit test covering GetDomainSpec fallback behavior + * Reject --access-mode ReadOnlyMany when uploading an image. + * Consume nightly build images from quay + * Run bazelisk run //plugins/cmd/uploader:uploader -- -workspace /home/prow/go/src/github.com/kubevirt/project-infra/../kubevirt/WORKSPACE -dry-run=false + * Fix failing unit tests for new GetDomain logic + * Remove race condition from GetDomain check + * Fix timed domain resync + * fix patch for removing infra and workloads from KV + * add webhook to validate kubevirt CR updates - only allow updates to workloads key if no vmis are running + * tests, sriov: Retry ping if it fails + * tests, libvmi, vmi: shorten random vm names #2 + * tests, gpu: Do not mount /sys/devices/ for SRIOV devices + * VMI configuration test: fix disk cache modes testing + * fix gosec g204: Subprocess launched with variable + * Removed unused function readProcCmdline() + * Enable and fix tests + * Fix gosec issue of: Potential file inclusion via variable + Dropped patch: fix-goflags-overwrite.patch + +- Update to version 0.36.0: + * Functional test to verify vmis are migratable after update to from latest KubeVirt official release + * update libvirt base container to rhel-av 8.3 + * dev guide, networking: net_raw cap is not required by virt-launcher + * Revert "dev guide, networking: no capabilities are required" + * Revert "linux capabilities: remove CAP_NET_ADMIN" + * Revert "libvirt, mtu: do not perform any network config on the launcher" + * Fail detection and handling when EFI without SB is not available + * Add unit test covering GetDomainSpec fallback behavior + * Fix failing unit tests for new GetDomain logic + * Remove race condition from GetDomain check + * Fix timed domain resync + * Update ADOPTERS.md + * tests, utils: shorten name of random VMs + * Move some datavolume tests to the ceph lane + * Old kubevirt released don't support CDIs WaitForFirstCustomer + * Let virtiofs consider WaitForFirstCustomer setting of CDI + * Use Immediate bind on negative PVC Datavolume tests + * Enable WaitForCustomer CDI feature gate by default + * Generate v1beta1 client for CDI + * Don't try to hotplug waitForFirstCustomer PVCs + * Fix access credential unit tests + * Ensure that our service accounts can always update the VMI status + * Update to a libvirt image with a newer seabios. + * adjust pci address tests to consider the new virtio-iscsi controller + * Remove AfterEach cleanup so we can capture VM/VMI state in overal aftereach cleanup instead of losing it. + * Disable complex tests for now. + * HotplugVolumes feature gate + * Set grace period on attachment pod to 0 to have faster removal of the volumes when not removed by the controller. Added functional test to ensure the VMI goes into failed state when attachment pod is deleted. Added functional test to ensure the VMI is no longer migrateable after a volume is hotplugged. + * Added functional tests with block volumes. Fixed functional attachment logic. + * Added VMI attach/detach functional tests. Increased timeout on tests. Fixed typo in reason message + * Fixed bug in how device names were calculated. Added functional test that adds a bunch of volumes, removes one, add a different one, and expects the device name to be the one just removed. Then adds the removed one back and expects the device name to be a new one. Added unit tests. + * Improve error messaging during hotplug subresource add/removew + * Fixes issue with VolumeRequests validation on the VM + * Fix some issues pointed out in review. Fixed functional test with 5 adds and deletes. Added new functional test to test various adds and deletes. + * Addes abilty to watch for libvirt device add/remove events for hotplug volumes + * Updated and added functional tests. Added storage directory for storage related functional tests similar to networking. Fixed various issues found by the functional tests. + * Attach disk to VM + * VM controller unit tests for volume hotplug + * Ensure we only add/remove volume operations are only performed if needed + * Volume add/remove subresource unit tests + * VolumeRequest validation unit tests + * Validation logic for VM VolumeRequests + * Hotplug VM Functional Tests + * Add VM controller logic for handling volume add/remove requests + * Add hotplug subresource api endpoints + * Implemented virt-handler changes: Bind mount File System PV into virtlauncher pod. Expose block PV in virtlauncher pod. Added volume mounter struct to keep track of mounts. Added unit tests for volume mounter + * Change phase/message/reason from hotplug struct to main VolumeStatus struct. Address some review comments + * Automatically add virtio-scsi controller to all VMIs. + * Updated vmi controller to separate sync and status update to follow KubeVirt guidelines. Updated unit test tests to match and added some extra unit tests for the new status update function. + * Updated update-admission webhook to include verifying the structure of disks and volumes as well as call the create admission verifier to ensure nothing else slips through. + * Added attachment pod life cycle functions to vmi-controller. Added unit tests for new functions + * Attachment POD life-cycle code, including updating VMI status. + * Update VMI admission webhook to allow modification of the disks and volumes section of the VMI Spec. This modification is needed to allow for disk hotplugging to happen. Only internal KubeVirt Service Accounts are eligible to modify the spec. Once we have the appropriate sub resources, users can call those to have it modify the spec on their behalf + * macvtap, migration, tests: add a test w/ traffic + * tests, network: Remove vmi Status ip normalization + * tests, sriov: Use cloud-init to set IPv6 by MAC + * tests, multus: Use network-data at bridge-cni test + * tests, libnet: Add Match feature and expression builder to networkData + * Update feature gate setup to new CDI version (now on CDI CR) + * Reuse datavolumes already found in listMatchingDataVolumes for increased consistency between sync and updateStatus + * Update test_id:5252 to run with WFFC enabled + * check PVC if it waits for first consumer + * Remove API phase "Provisioning" + * Handle the DV in WaitForFirstConsumer phase by starting the "consumer-pod". + * Remove sysctl binary dependency + * Bump atlassian/bazel-tools + * tests, network: Fix race condition GA test + * virt-handler, status: Do not include the IP prefix consistently + * Allow to run subset of rules for gosec + * tests, dual stack: split probes tests to test per IP-Family + * bump kubevirtci + * Add ADOPTERS + * make generate && make deps-update + * bump cdi to 1.26.1 (from 1.25.0) + * dev guide, networking: no capabilities are required + * Increase CDI deployment timeout + * expose, tests: fix early shutdown of `nc` TCP connections + * Fix misspellings + * Fixes race condition in func test + * Properly handle failures when starting the qemu agent access credential watcher + * Ignore warnings during vmi startup in access cred functests + * Update access credential documentation and openapi markers + * access credential sync events + * Remove authorized_key file merging. + * Report access credential status as a condition on the VMI + * Revise access credential authorized_key file merging + * Provide list of users for ssh auth instead of files + * Make the authorized keys files list required for qemu guest agent propagation + * Add unit tests to validate secret propagation watching + * UserPassword access credential webhook validation and unit tests + * unit tests for agent access credential injection + * functional test for user/password credentials + * Addition of UserPassword access credentials + * Functional tests for access credential ssh key propagation + * Reload dynamic access credentials based on secrets using fsnotify + * Introducing the accessCredentials api for dynamic ssh public key injection + * virt-launcher, agent-poller: Start poller with short intervals + * virt-launcher, agent-poller: Refactor the Poll method + * tests, login: Remove tests/login.go + * test, login: Remove LoginToAlpine from login.go + * tests, ipv6: Configure VMI IPv6 through console only when needed + * test, login: Move loggedin expecter to console package + * virt-launcher: Improve libvirtd debug log filters + * tests, login: Move login.go to console/login.go + * virt-handler, sriov: Add network name in VMI interface status + * fix gosec issue of g204: subprocess launched with function call as argument or cmd arguments + * Fix for flake CI test + * Use the correct emulator prefix for qemu cleanup steps + * Fix hardcoded qemu-kvm occurance in a migration test + * Remove in some tests the assumption of hardcoded qemu emulators + * Explicitly set virtio-scsi on the scsi controller + * WORKSPACE: Update libvirt container + * Switch to use anew global close() function in pkg/util Fix typos and remove extra comments + * tests, console: Remove VMIExpecterFactory + * Fix double migration during node drain + * test, network: Add bridge binding + ga test + * networking, tests: also check the MTU of the tap device + * tests, libvmi: Remove interface,network config from NewFedora + * linux capabilities: remove CAP_NET_ADMIN + * libvirt, tap: create the tap device w/ the same user as libvirt + * mtu, tuntap: set link MTU when creating the tap device + * libvirt, mtu: do not perform any network config on the launcher + * net admin: disabling tx checksum offloading on virt-handler + * Add a log message if we pick up a new CA bundle + * Increase rotate intervall + * tests, multus, sriov: Refactor tests + * Update bazel files + * Switch to use named return errors to allow updating the error from defered function + * Fix gosec issue: Deferring unsafe close() When deferring a close() we don't have a chance to check the error returned from the close() call itself. For RW files we treat the error similar to a write() error , for RO files we only log an error message + * Mirror PVC struct + * Add function test to validate IO mode settings + * Set IO to native also for pre-allocated file disks + * Switch to use a common function GetImage and remove GetImage from manager.go + * Use qemu-img in order to identify sparse files and get image info + * Set the IO mode to 'native' when possible for better performance + * test, cloudinit: Use "json" annotation instead of "yaml" + * tests, multus, sriov: Fix flakiness due to race between ga and test + * tests, multus, sriov: Add validatePodKubevirtResourceName + * tests, multus, sriov: Add missing error check + * tests, multus, sriov: Fix checking for the same network twice + * image-upload: wait up to 5 min for PVC and Pod + * Remove domain label from kubevirt_vmi_memory_unused_bytes + * gosec - fix CWE 326 + * virt-launcher: drop CAP_NET_RAW from compute container + * virt-launcher, dhcp: Avoid using SO_BINDTODEVICE on the dhcp server + * agent-poller, test: Extract AsyncAgentStore tests to new file + * agent-poller, test: Rename agent poller test + * tests, console: Require at least two batchers for the safe expector + * tests, console: Introduce SafeExpectBatchWithResponse + * tests, console: Replace some NewExpecter usages + * tests, console: Change NetBootExpecter to not return an expecter + * tests, login: Replace the Alpine login helper + * tests, login: Replace the Cirros login helper + * tests, login: Check privileged console prompt + * tests, login: Replace the Fedora login helper + * tests: Use LoginTo* helpers in waitUntilVMIReady + * updated the technical description + * Add enp0s3 to approvers list + * Change file permissions on binary directory + * docs: Fix documentation for useEmulation flag + * virt-config: Fix tests for KubeVirt CR + * virt-config: Drop stopChan + * removed the word place-holder + * fix gosec sha1 week cryptographic issues + * Fix gosec md5 weak cryptographic primitive + * Fix shell formatting, fix entrypoint path + * Disable Virtio-FS Metadata Cache + * Add Igor Bezukh to test approvers + * Fix permissions tests for VMs + * lock device plugings maps during device controller shutdown + * dp: verify that host devices topology is being correctly reported + * update the API fields so it be complient with API rules. + * testutils: remove unnecessary changes to the config mock + * tests: move the soundcard test out of the GPU module + * Add a "GPU" passthrough functional test + * update unittests to use kubevirt CR and remove remove hostDevConfigMapInformer + * remove the hostDevConfigMapInformer, get host devices from KubeVirt CRD + * request host devices on vmiPod as well + * make sure that permitted host device config is working as expected + * add unit tests to veriy host devices assignment + * device-manager: clear permitted device list before parsing + * device-manager: added mdev tests + misc fixes + * device-manager: improve the PCI tests + * device-manager: misc post-rebase fixes + * add GetInitialized to pci and mdev device plugings + * add HostDevices feature gate + * device-manager: add static tests for PCI device discovery functions + * device-manager: few cosmetic fixes + * make sure that vmis can request only permitted gpus + * tests: return hostDevConfigMapInformer as part of the NewFakeClusterConfig + * device-manager: mock PCI device info getters for tests + * Fix device controller static tests to match the new API + * Move the check for permanent device plugins to list creation Instead of always adding them to the list and then ignoring them later + * Add a lock to ensure device plugins won't be started/stopped multiple times in parallel Also fix some typos and avoid an active loop + * close device plugin channel is a safe manner + * introduce a ControlledDevice struct for the device controller to keep dpi stop chan + * Fix ignored static DPs, fix typos and remove defer Stop() in Start() + * Refactor permanent device plugin code + * dynamically start and start device plugings for permitted/banned devices + * propagate hostDevConfigMapInformer to device controller + * virt-launcher: handle allocated host devices using a single map + * reject specs with non-permitted HostDevice and GPU resources + * convert HostDevices and GPUs to libvirt hostdev for pci and mdevs + * collect PCI and MDEVs made available for assignement by the device plugins + * add alias to libvirt hostdev struct + * separate ResourceNameToEnvvar to utils + * add device plugings for permitted devices which are present on the nodes + * add a device plugin for mediated devices + * add a device plugin for pci devices + * add virt-config to device controller + * add a HostDevices api schema + * add TopologyInfo to out device plugin api + * rename the device manager controller for kvm controller + * introduce a new hostDevConfigMapInformer + * handle the kubevirt-host-device-plugin-config config map + * Add PermittedHostDevices type to support a new kubevirt-host-device-plugin-config configmap + * Revert "Merge pull request #4470 from oshoval/fix_sriov" + * tests, Fix CDIInsecureRegistryConfig logic + * tests: LoggedInCirrosExpecter can return a nil expecter in case of error, with these changes we call Close on the returned expecter if the error is nil. + * tests, sriov: Do not mount /sys/devices/ for SRIOV devices + * virt-launcher: remove redundant cidr from dhcp server address + * tests, sriov: Fix the helper that waits for a vmi to start + * tests, Fix SRIOV UpdateCDIConfigMap panic + * add unit test + * Enhancement #4365 [virt-controller] Remove redundant initcontainer when there is no ContainerDisk defined in VM + * Consolidate shell script files into functions + * Create main shell scripts to call from the ci-config + * Fix comment typos + * Add scripts for nightly master deploy + * Move code for downloads and test execution into scripts + * ensure the virt-handler killer pod has gone + * audit the usage of unsafe pointers + * Set leader metric after controller is functional Add a unit test for this + * Define side effects class on our webhooks + * Improved the Technical Overview description + * changed: VM has only one VMI + * Included a figure to illustrate the components architecture + * Included a little bit more details in the virt-launcher description + * Included a little bit more details in the virt-handler description + * Included a little bit more details in the virt-controller description + * Make the name of components bold + * Improved the Technical Overview description + * Fixed typo + +- Fix -buildmode=pie + fix-goflags-overwrite.patch, dont-build-virtctl-darwin.patch + +- Update to version 0.35.0: + * sriov lane: skip flaky tests until their issue is resolved + * add an independent claclulation of required vcpus for mem overhead calculation + * adjust memory overhead calculating by adding a static 10Mi + * move guest cpu topology modification to vmi mutator webhook + * Ensure that we restore the cdi-insecure-registry configmap in tests + * Add test_ids_cnv_2.5 + * dual stack, expose, tests: remove batchv1.Job duplicated code + * test, waitvmi: Add context mechanism to WaitUntilVMIReadAsync + * dual stack, expose, tests: skip on non dual stack clusters + * dual stack, expose, tests: port VM service tests + * tests, multus-tests, SRIOV: configure IP based on MAC or name + * Catch goroutine panic with GinkgoRecover in tests + * tests, multus_tests: make helpers return an error + * dual stack, expose, tests: port VMIRS cluster IP service test + * dual stack, expose, tests: port UDP services test + * dual stack, tests: ping first on helloWorld{UDP|HTTP} jobs + * dual stack, expose, tests: port the VMI service test cases + * Bump kubevirtci + * make generate and make deps-updateand update test import + * Bump CDI to 1.25.0 + * Reduce the cluster size a little + * dual stack, expose, tests: get the IP addr from a DNS name + * bump kubevirtci: get latest sriov provider + * Infra test made invalid assumptions about cluster composition + * Fix panic when endpoints were empty. + * dual-stack, virtctl: expose ipv6 services + * Remove 'string' from json tag to preserve type information in our API + * automation: cancel CDI insecure registries cehck on sriov lane + * Emit an event if we detect terminating pods + * tests, pausing_test: change long process test + * test, infra_test, Adapt tests to support dual stack + * tests: remove `IsRunningOnKindInfraIPv6` + * fix wrong logic in SetDriverCacheMode log message + * Revise functional test to verify 440 read only image + * Build container disks with 440 mode and 107:107 ownership + * Add e2e test for replacing terminating pods immediately + * Bump kubevirtci + * test: Remove all the usages of `IsRunningOnKindInfraIPv6` + * Disable service links on virt-launcher Pod + * tests, infra-test, Remove unneeded vmi creation + * infra_test, Refactor tests to use a DescribeTable + * infra_test, Add validation of errors + * Fix flaky timezone test + * Let VMIRS react to terminating pods of VMIs + * Let the VMI indicate when Pods are terminating + * functests, macvtap, migration: successful macvtap VMI migration + * functests, migration: move some asserter subset to common helpers + * functests, macvtap, multus: use libvmi Cirros VMI factory + * functests, macvtap, multus: schedule the VMs in the same node + * tests: update the `StartVmOnNode` method to return the started VMI + * examples, macvtap, multus: add example for macvtap VMI + * macvtap, admitter: macvtap requires multus network + * functests, macvtap, multus: add connectivity test between VMs + * macvtap: feature gate macvtap feature + * functests, multus: refactor `configInterface` to allow sudo + * functests, macvtap, multus: add test with a custom MAC address + * tests: remove all net-attach-defs on test cleanup + * automation, macvtap: restrict macvtap func tests to multus lanes + * unit tests, macvtap, multus: introduce macvtap + * macvtap, multus: add macvtap BindingMechanism + * improving PCI configuration tests + * Template the cdi namespace + * add dev registry as insecure registry to cdi + * Update testing infra to cdi 1.23.7 in order to bring in registry import fixes + * Datavolume container registry import test + * CONTRIBUTING: point developers to kubevirt-dev slack + * rebase + * Remove incorrect listtype + * fix 1.19 lane + * Propagate error from patchValidation + * rebase + * reduce scope to vm/vmi + * Remove +listType=map from tolerations This marker also requires //+listMapKey which can't be resonable set at this moment. (All fields are optional and missing default) + * update builder + * review + * Add missing markers + * Test verifying kubectl explain works + * Adding test verifying crds are structural + * Use controller-gen to generate validations for crds + * test if crds for operator are correct + * adding tools for generating correct validation + * cleaning generated desc. and nullable fields in status + * adding patching of crds for operator + * adding markers for controller-gen + * tests, restore tests: check on successful commands + * Fix gosec issue: week random generator + * Bump kubevirtci + * It is not always bad for VolumeSnapshot to have an error + * Fix artifacts in gosec target + * tests, infra-test, Refactor node selection + * Do not change vnc socket's permission to 0444 + * tests, infra-test, Fix node updates + * tests, infra-test, Add missing break when selecting a node + * tests, pausing test: increase time for long process + * tests, login: expect fedora full prompt + * tests, migration, stress-test: remove doubled `\n` + * tests, re-factoring: use safe expect-bathcer and prompt Expression + * tests, infra-test, Add missing check on AfterEach + * tests, infra_test, Add missing assign when removing taints + * Don't parallelize cluster-sync dependencies + * hack: Print cluster-* script name when complete + * Point to kubevirtci for new providers. + * Update documentation to refer to scripts having moved to cluster-up/ + * Update docs that refer to kubevirt-config ConfigMap to use kubevirt CR + * tests: Add missing asserts to the vmi-configuration tests + * Adapt conformance tests to support migration. + * automation: remove ipv6 lane + * Set read only for our demo container disks and verify their mode does not change at runtime + * Attempt to use whatever permissions a container disk has applied to it without mutating the file + * rebase + fix compile error due to another PR + * set the label for downwardAPI test in the test itself + * Move AddDownwardAPIVolumeWithLabel to be public, add downwardAPI disk to the migration test + * add downwardAPI volume in the test instead of in the helper + * delete commented out line + * Adding function tests (for make functest) + * remove rule violation + * support DownwardAPI volum source + * Fix typos and formatting + * tests/utils: remove 'IsIPv6Cluster' function + * tests, iscsi: remove iSCSI PVC tests IPv6 cluster skips + * VM status to report whether volumes support snapshots. + * tests, network: Relocate VMI/POD IP validation w/ Guest Agent + * Fix pull-kubevirt-apidocs + * tests: Render pods in the test namespace + * tests, iscsi: change 'CreateISCSITargetPOD' to return pod + * Lift the e2e test parallel run restriction for fedora guests + * Give the CI nodes two more GB of memory + * Adjust bump script to use tagged kubevirtci releases + * tests, console: Rename functions to fit the new package + * tests, ping: Move ping under libnet package + * tests, expecter: Create a console helper package + * Bump kubevirtci + * Mirror new dependencies + * update builder image + * tests, networkpolicy: Wait for VMIs readiness in parallel + * Exclude .git and _ci-configs at bazel's goimports + * multi-queue: cap the maximum number of queues + * Add 2.x QEMU Guest Agents to the list of supported versions + * Update to fedora 31 as base image. + * Add test_id for post-copy migration with Guest Agent Test + * dual stack, services, tests: enclose test setup in a `By` clause + * dual stack, services, tests: really check connectivity exists + * dual-stack, tests: skip IPv6 test on non-dual stack clusters + * dual stack, services, tests: unify the `Job` cleanup solution + * dual stack, services: provide more explicit info on test execution + * tests: test the masquerade bridge has the correct mtu + * virt-handler/launcher: Set the pod iface mtu on the bridge + * restore backwards compatiblity with api group/version on DataVolumeTemplates spec + * Add short readme + * multi-queue, tests: assuret we can request a VM with a single vCPU + * api: update the API description of the NetworkInterfaceMultiqueue flag + * tap-device, multi-queue: enforce single-queue tap + * Delete kubevirt service accounts from default privileged SCC + * Added helper function to return all kubevirt service account users + * Removing redundant tests related to SCC users modification + * Added unit tests for SCC users modification upon upgrade. + * Remove kubevirt service accounts from default privileged SCC + * tests, nfs: avoid failures in afterEach of a skipped test + * test, nfs: Change CreateNFSTargetPOD to return a Pod + * tests, dualstack: don't stop nfs tests cleanup in case of an error + * tests, dualstack: use IPFamily instead of boolean to mark tests + * tests, dualstack: introduce SkipWhenNotDualStackCluster + * tests, dual stack: Adapt tests using NFSTargetPOD to support dual stack + * docs: Fix the ginkgo flags usage example + * Properly exit if kubevirt does not get ready on cluster-sync + * Rework logic so it is easier to understand what is happening + * fix restore controller memory corruption + * Allow PVC as volume source with a DV populating the PVC. Before this was not allowed because we could not be sure that the PVC was fully populated. This commit checks the DV to ensure the PVC is fully populated. + * Save a nice cluster-overview to the artifacts + * Disable goveralls debug output + * Take time in cert tests after CA generation + * Use coverage merge tool for goveralls + * Introduce a tool to merge coverage reports + * Enable atomic count, race detection and fix races + * Move coverage reports over to bazel + * Use a proper cc_library for libvirt dependencies + * Auto-generate Help message from /metrics endpoint to docs/metrics.md + * tests, libnet: Relocate validation to libnet + * tests, libnet: Move cloud-init net and dns to libnet + * Fix flaky rename test + * Run Travis CI only on selected branches, remove sudo flag + * tests, infra-test, Solve CI flakiness due to update conflict + * Fix flaky unpause tests + * Refactor .json files to go file + * Mark networking conformance tests + * Fail only when new issue comes up + * Fix high severity&confidence issues + * Add gosec to project + * Fix display of virtctl help text for other usages + * tests, libvmi: Introduce CloudInit NoCloud Network Data + * functest for PR #4132 + * Fix coexistance of scsi and sata drives + +- spec: Add rpmlintrc to filter statically-linked-binary warning + for container-disk binary. The binary must be statically linked + since it runs in a scratch container. + +- spec: Generate the registry path for kubevirt-operator.yaml at + build time. Prjconf macro 'registry_path' can be used to + override registry path to the KubeVirt container images +- spec: Add kubevirt-psp-caasp.yaml, a PSP based on CaaSP + privileged PSP, to the manifests subpackage +- spec: Don't add component name to DOCKER_PREFIX passed to + build-manifests.sh + +- Add package with built YAML manifests used to install kubevirt + +- spec: Remove needless use of chmod and build-copy-artifacts.sh + +- spec: Fix typo in date command + kyotocabinet -- Add baselibs.conf: Produce libkyotocabinet16-32bit, dependency to - libpinyin13-32bit. - -- boo#1037914: Do not optimize for native cpu of the build system! - -- kyotocabinet-fix-debuginfo.patch: Fix debuginfo generation -- gcc6-fix-errors.patch: return NULL instead, make GCC7 happy - -- Add gcc6-fix-errors.patch to remove errors seen by GCC6. - -- Avoid explicit requires on library packages - -- fix up configure test to handle lack of 8 byte atomics correctly - (configure-8-byte-atomics.patch) - -- Replace %makeinstall by make install; the former seldomly works -- kyoto requires at least i586 an arch; force it on RH6 (which - defaults to i386) - -- license update: SUSE-GPL-3.0-with-FLOSS-exception - Package allows exceptions for linking with components under certain - licenses (similar to MySQL) - -- update version 1.2.76 - * kcthread.cc (CondVar::wait): a bug on Win32 was fixed. - * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating existing records was fixed. - * kcdb.h (DB::check): new function. - -- Make kyotocabinet installation work on SLE_11 - -- Remove redundant tags/sections per specfile guideline suggestions -- Add autotools BuildRequires for factory/12.2 - -- updated to 1.2.52 - -- updated to 1.2.50 - -- created package (version 1.2.47) - libhugetlbfs +- Hardening: Link as PIE (bsc#1184123). + -- There are no tests installed in s390(x) case, therefore there are no - files in %{_libdir}/libhugetlbfs - Remove the directory from the file list to fix package build for s390(x) - -- Add support of ppc64le with 4 patches - libhugetlbfs-ppc64le.patch - libhugetlbfs.ppc64le.step2.patch - libhugetlbfs.ppc64le.step3.patch - libhugetlbfs.ppc64le.step4.patch - -- Update to version 2.16: - Features: - * ARM Support - * s390x Dynamic TASK_SIZE support - Bug Fixes: - * find_mounts() now properly NULL terminates mount point names - -- Update to version 2.15 - Features: - * Some System z functionality went into 2.15 - * Updated man pages - * Added basic events for core_i7 to oprofile_map_events - Fixes: - * Disable Unable to verify address range warning when offset < page_size - * Remove sscanf in library setup to avoid heap allocation before _morecore - override - * Revert heap exhaustion patch - * hugectl no longer clips LD_LIBRARY_PATH variable - * Fix clean on failure code to avoid closing stdout - -- Add excludearch for arm due to lacking support - -- Update to version 2.13 - * hugeadm can now be used to control Transparent Huge Page tunables - * New morecore mode to better support THP - * Check permissions on hugetlbfs mount point before marking it as - available - * Fix shm tests to use random address instead of fixed, old address - failed on ARM - -- Update to version 2.12 - * libhugetlbfs usages can now be restricted to certain binary names - * libhugetlbfs now supports static linking - * hugeadm uses more human readable directory names for mount points - * Fix segfault if specified user was not in passwd, failuer in - getpwuid() is now checked - * Added tests for static linking to testcase - * Added missing tests to driver script - -- Do not include the 268MB testcase /usr/lib/libhugetlbfs/tests/obj32/linkhuge_rw. - -- Update to version 2.11 - Bugfixes and new features are listed in the NEWS file in - /usr/share/doc/packages/libhugetlbfs/NEWS - -- Update to version 2.9: - * Add --no-reseve to hugectl to request mmap'd pages are not reserved - for kernels newer than 2.6.34 - * Add --obey-numa-mempol to hugeadm to request static pool pages are - allocated following the process NUMA memory policy - * Add switch to let administrator limit new mount points by size or inodes - * cpupcstat now caches the value returned by tlmiss_cost.sh to avoid - rerunning the script - * When specifying huge page pool sizes with hugeadm, memory sizes can - be used as well as the number of huge pages - * DEFAULT is now a valid huge page pool for resizing, it will adjust - the pool for the default huge page size - * tlbmiss_cost.sh in the contrib/ sub directory will estimate the cost - in CPU cycles of a TLB miss on the arch where it is run - * Add python script which automates huge page pool setup with minimal - input required from user - * cpupcstat now supports data collection using the perf tool as well as - oprofile - * --explain reports if min_free_kbytes is too small - * add --set-min_free_kbytes to hugeadm - -- strip test binaries to fix build - -- Removed unused files - -- add workarounds for broken Makefile logic to detect arch - -- Package baselibs.conf - -- Fix typo in requires. - -- Update from version 2.0 to 2.5 - libmodulemd +- Update to 2.12.0 + + Add support for 'buildorder' to Packager documents + + Fix issue with ModuleIndex when input contains only Obsoletes documents + + Extend read_packager_[file|string]() to support overriding the module name + and stream. + + Ignore Packager documents when running ModuleIndex.update_from_*() + + Add python overrides for XMD in PackagerV3 + + Add python override to ignore the GType return when reading packager files + + Add PackagerV3.get_mdversion() +- Drop patch incorporated in this release + + Patch: 0001-Fix-integer-size-issue-on-32-bit-platforms.patch + libnettle +- Security fix: [bsc#1184401, CVE-2021-20305] + * multiply function being called with out-of-range scalars + * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash(). +- Add libnettle-CVE-2021-20305.patch + libostree +- Enable LTO (boo#1133120) as it works now. + +- Update to version 2020.8: + + This release mostly contains scalability improvements and + bugfixes. + + Caching-related HTTP headers are now supported on summaries and + signatures, so that they do not have to be re-downloaded if not + changed in the meanwhile. + + Summaries and delta have been reworked to allow more + fine-grained fetching. + + Finally, this fixes several bugs related to atomic variables, + HTTP timeouts, and 32-bit architectures. +- Changes from version 2020.7: + + Static deltas can now be signed to more easily support offline + verification. + + There's now support for multiple initramfs images; the idea + here is that one can have a "main" initramfs image and a + secondary one which represents local configuration. + + The documentation is now moved to + https://ostreedev.github.io/ostree/ + + Lot of preparatory cleanups to the pull code landed for + upcoming work on indexing deltas outside of the summary. + + On the bugfix side, the biggest one is a fix for an assertion + failure when upgrading from systems before ostree supported + devicetree. + + Also notable is that ostree no longer hardlinks zero sized + files to avoid hitting filesystem maximum link counts. +- Changes from version 2020.6: + + One notable feature: ostree now supports / and /boot being on + the same filesystem. + + Other than that it's mostly bugfixes; there is one quite + important one for anyone using the readonly=true for /sysroot + (which is still just Fedora CoreOS I suspect). + + There's some improvements to the GObject Introspection + metadata, some (cosmetic) static analyzer fixes, a fix for the + immutable bit on s390x, dropping a deprecated bit in the + systemd unit file, etc. +- Changes from version 2020.5: + + This release primarily fixes a regression in 2020.4 where the + "readonly sysroot" changes incorrectly left the sysroot + read-only on systems that started out with a read-only / (most + of them, e.g. Fedora Silverblue/IoT at least). + + There's some additions to the pull API to aid flatpak. + + There were a few fixes to the man pages, and ostree show now + displays the parent commit. + + The default dracut config now enables reproducibility. + + On the "feature" side, there is a new ostree admin unlock + - -transient. We expect this to be a foundation for further + support for "live" updates. +- Changes from version 2020.4: + + By far the biggest change in this release is new ed25519 + signing support, powered by libsodium. + + stree commit gained a new --base argument, which significantly + simplifies constructing "derived" commits, particularly for + systems using SELinux. + + Handling of the read-only sysroot was reimplemented to run in + the initramfs and be more reliable. Enabling the readonly=true + flag in the repo config is recommended. + + Several bugs were fixed in locking for the temporary "staging" + directories OSTree creates, particularly on NFS. + + lib: Coerce flags enums to GIR bitfields changed some values to + be (correctly) flags - this may show up as incompatible for + GObject Introspection consumers (but not C). + + A new timestamp-check-from-rev option was added for pulls, + which makes downgrade protection more reliable and will be used + by Fedora CoreOS. + + Several fixes and enhancements were made for "collection" pulls + including a new --mirror option. + + The ostree commit command learned a new --mode-ro-executables + which enforces W^R semantics on all executables. + + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) + was added to help standardize the architecture of the OSTree + commit. This could be used on the client side for example to + sanity-check that the commit matches the architecture of the + machine before deploying. + +- Stop invalid usage of %_libexecdir: + + Use %{_prefix}/lib where appropriate. + + Use _systemdgeneratordir for the systemd-generators. + + Define _dracutmodulesdir based on dracut.pc. Add + BuildRequires(dracut) for this to work. + librepo +- Update to 1.13.0 + + Fix the key string parsing in url_substitution + + Fix memory leak in 'fastestmirror' + + Download whole file when server doesn't support ranges (rh#1886706) + + Various fixes for mirrors without ranges support and zchunk + + Add support for pkcs11 certificate and key for repository authorization (rh#1859495) + + Fix lr_perform() - Avoid 100% CPU usage + + Drop Python 2 support + + Add support for working with certificates used with proxy (rh#1920991) + librsvg +- Update to version 2.46.5: + + Update dependent crates that had security vulnerabilities: + generic-array to 0.12.4 - RUSTSEC-2020-0146 + smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900 + + There are no changes to the library code. + + Fix bash-isms in Makefile.am (Tin-Wei Lan). + + Fix Visual Studio build (Chun-wei Fan). +- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate. + libsolv +- fix rare segfault in resolve_jobrules() that could happen + if new rules are learnt +- fix a couple of memory leaks in error cases +- fix error handling in solv_xfopen_fd() +- bump version to 0.7.19 + +- fixed regex code on win32 +- fixed memory leak in choice rule generation +- repo_add_conda: add flag to skip v2 packages +- bump version to 0.7.18 + libxml2 +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + libzypp +- Properly handle permission denied when providing optional files + (bsc#1185239) +- Fix sevice detection with cgroupv2 (bsc#1184997) +- version 17.25.10 (22) + +- Add missing includes for GCC 11 (bsc#1181874) +- Fix unsafe usage of static in media verifier. +- Solver: Avoid segfault if no system is loaded (bsc#1183628) +- MediaVerifier: Relax media set verification in case of a single + not-volatile medium (bsc#1180851) +- Do no cleanup in custom cache dirs (bsc#1182936) +- ZConfig: let pubkeyCachePath follow repoCachePath. +- version 17.25.9 (22) + -- Patch: Identify well-known category names (bsc#117984) +- Patch: Identify well-known category names (bsc#1179847) -- Add missing includes for GCC 11 compatibility. +- Add missing includes for GCC 11 compatibility. (bsc#1181874) linuxrc +- merge gh#openSUSE/linuxrc#261 +- don't ask for ssh password if ssh.password.enc is set (bsc#1185304) +- 7.0.30.3 + +- merge gh#openSUSE/linuxrc#258 +- fix handling of modules.order in driver updates (bsc#1184550) +- 7.0.30.2 + lsb +- update location of pidof and ed (bsc#1177540) +- spec-cleaner run + +- Remove all desktop requires as they just don't fit with the way + Tumbleweed moves. And most applications out there nowadays requiring + 'lsb' don't really mean the standard, but some kind of base system + (see boo#1086166) + -- no need to buildrequire libstdc++ - -- Split off lsb-release [bnc#483655] - lvm2 +- Add metadata-based autoactivation property for VG and LV (bsc#1178680) + + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch + monitoring-plugins-bind +- check_bind.sh uses a static temporary file, allowing users + to break the script by creating the same file with permissions + that don't allow the nagios user to write to it (bsc#1183201). + + added monitoring-plugins-bind_-_use_path_tmp.patch + monitoring-plugins-smart +- Update to 6.9.1: + This is a security-release (bsc#1183057) + + Fixes the regular expression for pseudo-devices under the /dev/bus/N path. + from 6.9.0 + + Allows using PCI device paths as device name(s) (#64) + + Introduce new optional parameter -l/--ssd-lifetime) which additionally + checks SMART attribute "Percent_Lifetime_Remain" + (available on some SSD drives). (#66 #67) + from 6.8.0 + + Allow skip self-assessment check (--skip-self-assessment) + + Add Command_Timeout to default raw list + from 6.7.1 + + Bugfix to make --warn work (issue #54) + from 6.7.0 + + Added support for NVMe drives + from 6.6.1 + + Fix 'deprecation warning on regex with curly brackets' (6.6.1) + from 6.6.0 + + The feature was requested in #30 . This PR adds the possibility to + use 3ware,N and cciss,N drives in combination with the + global -g parameter. + + Furthermore this PR adjusts the output of the plugin when the -g + is used in combination with hardware raid controllers. Instead of + showing the logical device name (/dev/sda for example), the plugin + will now show the controller with drive number + from 6.5.0: + + Add Reported_Uncorrect and Reallocated_Event_Count to default raw list. + + As of 6.5 the following SMART attributes are by default checked and + may result in alert when threshold (default 0 is reached): + 'Current_Pending_Sector,Reallocated_Sector_Ct,Program_Fail_Cnt_Total, + Uncorrectable_Error_Cnt,Offline_Uncorrectable,Runtime_Bad_Block, + Reported_Uncorrect,Reallocated_Event_Count' +- use _service file (with localrun -> osc service run) and generated + tarball instead of single file +- remove check_smart.pl +- package README.md + +- Update to version 6.4 + - Allow detection of more than 26 devices / issue #5 (rev 5.3) + - Different ATA vs. SCSI lookup (rev 5.4) + - Allow script to run outside of nagios plugins dir / wiki url + update (rev 5.5) + - Change syntax of -g parameter (regex is now awaited from + input) (rev 5.6) + - Fix Use of uninitialized value $device (rev 5.7) + - Allow multiple devices for interface type megaraid, + e.g. "megaraid,[1-5]" (rev 5.8) + - allow type "auto" (rev 5.9) + - Check selftest log for errors using new parameter -s (rev 5.10) + - Add exclude list (-e) to ignore certain attributes (5.11) + - Fix 'Use of uninitialized value' warnings (5.11.1) + - Add raw check list (-r) and warning thresholds (-w) (6.0) + - Allow using pseudo bus device /dev/bus/N (6.1) + - Add device model and serial number in output (6.2) + - Allow exclusion from perfdata as well (-E) and by attribute + number (6.3) + - Remove dependency on utils.pm, add quiet parameter (6.4) +- Drop not longer needed patch: + * enable_auto_interface.patch (obsolete, type auto was added + upstream in v5.9). + -- created package (from nagiosplug/contrib) - mpfr +- Add cummulative patch mpfr-4.0.2-p6.patch fixing various bugs. + +- Add floating-point-format-no-lto.patch in order to fix assembler scanning + (boo#1141190). + +- Update to mpfr 4.0.2 + * Cummulative bugfix release, includes mpfr-4.0.1-cummulative-patch.patch. + +- Fix %install_info_delete usage: + * It has to be performed in %preun not in %postun. + * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete. + +- Add mpfr-4.0.1-cummulative-patch.patch. Fixes + * A subtraction of two numbers of the same sign or addition of two + numbers of different signs can be rounded incorrectly (and the + ternary value can be incorrect) when one of the two inputs is + reused as the output (destination) and all these MPFR numbers + have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits + on 32-bit machines, 64 bits on 64-bit machines). + * The mpfr_fma and mpfr_fms functions can behave incorrectly in case + of internal overflow or underflow. + * The result of the mpfr_sqr function can be rounded incorrectly + in a rare case near underflow when the destination has exactly + GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit + machines, 64 bits on 64-bit machines) and the input has at most + GMP_NUMB_BITS bits of precision. + * The behavior and documentation of the mpfr_get_str function are + inconsistent concerning the minimum precision (this is related to + the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The + get_str patch fixes this issue in the following way: the value 1 + can now be provided for n (4th argument of mpfr_get_str); if n = 0, + then the number of significant digits in the output string can now + be 1, as already implied by the documentation (but the code was + increasing it to 2). + * The mpfr_cmp_q function can behave incorrectly when the rational + (mpq_t) number has a null denominator. + * The mpfr_inp_str and mpfr_out_str functions might behave + incorrectly when the stream is a null pointer: the stream is + replaced by stdin and stdout, respectively. This behavior is + useless, not documented (thus incorrect in case a null pointer + would have a special meaning), and not consistent with other + input/output functions. + -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Update to version 3.1.2. - * Bug fixes - * Updated examples to the MPFR 3.x API - -- Update to version 3.1.1. - * Bug fixes - -- patch license to follow spdx.org standard - -- Remove redundant tags/sections per specfile guideline suggestions - -- Update to version 3.1.0. - * The mpfr_urandom and mpfr_urandomb functions now return identical - values on processors with different word size. - * Speed improvement for the mpfr_sqr and mpfr_div functions using - Mulders' algorithm. - * Much faster formatted output (mpfr_printf, etc.) with %Rg and similar. - * New divide-by-zero exception (flag) and associated functions. -- Remove bogus provides/obsoletes for old shared library version. -- Fix license, it is LGPL v3 or later. - -- Update to version 3.0.1. - * Minor bugfixes. - -- Update to version 3.0.0. - * Bump SO version to 4. - -- use %_smp_mflags - -- PA-Risc is not threadsafe just as sparc - -- add baselibs.conf to specfile as source - -- Do not use --enable-thread-safe on SPARC (Fedora does the same) - - the tests segfault if TS is enabled - -- Update to version 2.4.2. - * Bug and documentation fixes. - -- Add x86 baselibs entry. - -- Update to version 2.4.1 (no changes). -- Apply current cummulative bugfixing patch. - * mpfr_fmod, mpfr_remainder and mpfr_remquo rounding issues. - * incorrect type in vasprintf.c. - * wrong type in mpfr_zeta_ui. - nagios +- new nagios-exec-start-post script to fix bsc#1003362 + +- fix nagios_upgrade.sh writing to log file in user controlled + directory (bsc#1182398). The nagios_upgrade.sh script writes the + logfile directly below /var/log/ + +- 4.4.6 + * Fixed Map display in Internet Explorer 11 (#714) + * Fixed duplicate properties appearing in statusjson.cgi (#718) + * Fixed NERD not building when enabled in ./configure (#723) + * Fixed build process when using GCC 10 (#721) + * Fixed postauth vulnerabilities in histogram.js, map.js, trends.js + (CVE-2020-13977, bsc#1172794) + * When using systemd, configuration will be verified before + reloading (#715) + * Fixed HARD OK states triggering on the maximum check attempt (#757) + - * Fix for CVE-2016-6209 - The "corewindow" parameter (as in + * Fix for CVE-2016-6209 (bsc#989759) - The "corewindow" parameter (as in - bringing this to our attention go to Dawid Golunski + bringing this to our attention go to Dawid Golunski (bsc#1014637) nautilus +- Update set_trusted.sh: Use the right value in gio command + (bsc#1185026). + +- Update to version 3.34.3 (bsc#1171506): + + Revert icon emblem fixes in order to prevent performance + issues. + + Fix crashes often happening when searching. + + Fix crashes after conflict dialog response. + netcontrol -- bonding: don't complain about unknown options (bsc#1132794) - [+ 0005-bonding-don-t-complain-about-unknown-options.1132794.patch] - -- udev: use correct udev rule (write) lock directory - [+ 0004-udev-use-correct-udev-rule-write-lock-directory.patch] -- sysconfig: fix segfault on missed end-quote (bsc#1027736) - [+ 0003-sysconfig-fix-segfault-on-missed-end-quote-bsc-10277.patch] -- fix segfault on invalid check in route creation (bsc#1148646) - [+ 0002-Fix-invalid-check-in-route-creation-bsc-1148646.patch] -- fix virsh iface-list not working as expected (bsc#1029201) - [+ 0001-virsh-iface-list-not-working-as-expected-bsc-1029201.patch] - -- version 0.3.1 -- filter devices not supported by libvirt API (fate#320557) - [- 0001-blacklist-ifcfg-files-ending-in-.orig-or-tilde-bnc-8.patch] - -- sanitize release line in specfile - -- blacklist ifcfg files ending in .orig or tilde (bnc#871600) - [+ 0001-blacklist-ifcfg-files-ending-in-.orig-or-tilde-bnc-8.patch] - -- version 0.3.0 -- Added libnl version configure option and detection -- Obsoletes 0002-allow-wicked.patch, 0001-use-libnl3.patch - -- Applied a minimal 0002-allow-wicked.patch to accept wicked - as the network service (fate#316768). -- Renamed libnl3.patch to 0001-use-libnl3.patch - -- Add libnl3.patch to build with libnl3 open openSUSE 13.1+, this - fixes bnc#845540 - -- version 0.2.8 -- Added ChangeLog.git to dist archive and to devel package docs. -- Fixed ncf_close to not close logger as ncf_init did not open any. - This caused SEGV's in libvirt, that redirects the global logger - to itself and is using multiple ncf instances (bnc#811002). -- Fixed pthreads detection and source enablement in configure, - added an explicit configure --enable-pthreads option to spec - file to cause a failure on detection problems (bnc#811002). -- Fixed SEGV at parsing not existing BRIDGE_PATHCOSTS and memory - leaks in in loop check, xml parsing and on backup file creation - failure while routes file rewrite (bnc#810381). - -- version 0.2.7 -- Fixed a bridge variable initialization in try_bridge -- Use --enable-network-service on openSUSE >= 12.3 (bnc#798348) -- Check the network.service alias link instead of NETWORKMANAGER - variable in /etc/sysconfig/network/config, when requested by - the --enable-network-service configure option. - ntp +- bsc#1185171: + Use /run instead of /var/run for PIDFile in ntpd.service. + openexr + fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + + openexr-CVE-2021-23215,26260.patch + +- security update +- modified patches + % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch) +- added patches + fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference + + openexr-CVE-2021-20296.patch + fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts + + openexr-CVE-2021-3477.patch + fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer + + openexr-CVE-2021-3479.patch + +- security update +- added patches + fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder + + openexr-CVE-2021-3474.patch + fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles + + openexr-CVE-2021-3475.patch + fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14 + + openexr-CVE-2021-3476.patch + +- security update +- added patches openldap2 +- bsc#1182791 - improve proxy connection timout options to correctly + prune connections. + * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch + * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch + * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch + * 0228-ITS-9197-fix-typo-in-prev-commit.patch + * 0229-ITS-9197-Fix-test-script.patch + * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch + opensc +- bsc#1177380 - VUL-0: CVE-2020-26571 + * gemsafe GPK smart card software driver stack-based buffer overflow + * opensc-0_19_0-CVE-2020-26571.patch +- bsc#1158307 - VUL-1: CVE-2019-19480 + * improper free operation in sc_pkcs15_decode_prkdf_entry + * opensc-0_19_0-CVE-2019-19480.patch +- bsc#1149747 – VUL-1: CVE-2019-15946 + * out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry + * opensc-0_19_0-CVE-2019-15946.patch +- bsc#1149746 – VUL-1: CVE-2019-15945 + * out-of-bounds access of an ASN.1 Bitstring in decode_bit_string + * opensc-0_19_0-CVE-2019-15945.patch +- bsc#1158256 – VUL-1: CVE-2019-19479 + * incorrect read operation during parsing of a SETCOS file attribute + * opensc-0_19_0-CVE-2019-19479.patch +- bsc#1170809 – VUL-1: CVE-2019-20792 + * double free in coolkey_free_private_data + * opensc-0_19_0-CVE-2019-20792.patch +- bsc#1177378 - VUL-0: CVE-2020-26572 + * Prevent out of bounds write + * opensc-0_19_0-CVE-2020-26572.patch + +- Fix buffer overflow in sc_oberthur_read_file + * bsc#1177364 + * CVE-2020-26570 + * Added opensc-0_19_0-CVE-2020-26570.patch + -- update to version 0.13.0 - openslp +- Implement automatic active discovery retries so that DAs do + not get dropped if they are not reachable for some time + [bnc#1166637] [bnc#1184008] + new patch: openslp.unicastactivediscovery.diff + openssl-1_1 +- Don't list disapproved cipher algorithms while in FIPS mode + * openssl-1.1.1-fips_list_ciphers.patch + * bsc#1161276 + p7zip +- Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465) + patterns-base +- Recommending openSUSE-signkey-cert in the base pattern bsc#1182641 + perl-Alien-SDL +- Extend reproducible.patch (enforce list context for the return value + of sort because the behaviour of sort in scalar context is undefined) + +- Extend reproducible.patch to sort file lists (boo#1041090) + perl-Image-ExifTool +- Update to version 12.25 fixes (boo#1185547) + * JPEG XL support is now official + * Added read support for Medical Research Council (MRC) image + files + * Added ability to write a number of 3gp tags in video files + * Added a new Sony PictureProfile value (thanks Jos Roost) + * Added a new Sony LensType (thanks LibRaw) + * Added a new Nikon LensID (thanks Niels Kristian Bech Jensen) + * Added a new Canon LensType + * Decode more GPS information from Blackvue dashcam videos + * Decode a couple of new NikonSettings tags (thanks Warren + Hatch) + * Decode a few new RIFF tags + * Improved Validate option to add minor warning if standard + XMP is missing xpacket wrapper + * Avoid decoding some large arrays in DNG images to improve + performance unless the -m option is used + * Patched bug that could give runtime warning when trying to + write an empty XMP structure + * Fixed decoding of ImageWidth/Height for JPEG XL images + * Fixed problem were Microsoft Xtra tags couldn't be deleted + version 12.24: + * Added a new PhaseOne RawFormat value (thanks LibRaw) + * Decode a new Sony tag (thanks Jos Roost) + * Decode a few new Panasonic and FujiFilm tags (thanks LibRaw + and Greybeard) + * Patched security vulnerability in DjVu reader + * Updated acdsee.config in distribution (thanks StarGeek) + * Recognize AutoCAD DXF files + * More work on experimental JUMBF read support + * More work on experimental JPEG XL read/write support + version 12.23: + * Added support for Olympus ORI files + * Added experimental read/write support for JPEG XL images + * Added experimental read support for JUMBF metadata in JPEG + and Jpeg2000 images + * Added built-in support for parsing GPS track from Denver + ACG-8050 videos + with the -ee option + * Added a some new Sony lenses (thanks Jos Roost and LibRaw) + * Changed priority of Samsung trailer tags so the first + DepthMapImage takes + precedence when -a is not used + * Improved identification of M4A audio files + * Patched to avoid escaping ',' in "Binary data" message when + - struct is used + * Removed Unknown flag from MXF VideoCodingSchemeID tag + * Fixed -forcewrite=EXIF to apply to EXIF in binary header of + EPS files + * API Changes: + + Added BlockExtract option + version 12.22: + * Added a few new Sony LensTypes and a new SonyModelID (thanks + Jos Roost and LibRaw) + * Added Extra BaseName tag + * Added a new CanonModelID (thanks LibRaw) + * Decode timed GPS from unlisted programs in M2TS videos with + the -ee3 option + * Decode more Sony rtmd tags + * Decode some tags for the Sony ILME-FX3 (thanks Jos Roost) + * Allow negative values to be written to XMP-aux:LensID + * Recognize HEVC video program in M2TS files + * Enhanced -b option so --b suppresses tags with binary data + * Improved flexibility when writing GPS coordinates: + + Now pulls latitude and longitude from a combined + GPSCoordinates string + + Recognizes the full word "South" and "West" to write + negative coordinates + * Improved warning when trying to write an integer QuickTime + date/time tag and Time::Local is not available + * Convert GPSSpeed from mph to km/h in timed GPS from Garmin + MP4 videos + version 12.21: + * Added a few new iOS QuickTime tags + * Decode a couple more Sony rtmd tags + * Patch to avoid possible "Use of uninitialized value" warning + when attempting to write QuickTime date/time tags with an + invalid value + * Fixed problem writing Microsoft Xtra tags + * Fixed Windows daylight savings time patch for file times + that was broken in 12.19 (however directory times will not + yet handle DST properly) + version 12.20: + * Added ability to write some Microsoft Xtra tags in MOV/MP4 + videos + * Added two new Canon LensType values (thanks Norbert Wasser) + * Added a new Nikon LensID + * Fixed problem reading FITS comments that start before column + 11 + version 12.19: + * Added -list_dir option + * Added the "ls-l" Shortcut tag + * Extract Comment and History from FITS files + * Enhanced FilePermissions to include device type (similar to + "ls -l") + * Changed the name of Apple ContentIdentifier tag to + MediaGroupUUID (thanks Neal Krawetz) + * Fixed a potential "substr outside of string" runtime error + when reading corrupted EXIF + * Fixed edge case where NikonScanIFD may not be copied + properly when copying MakerNotes to another file + * API Changes: + + Added ability to read/write System tags of directories + + Enhanced GetAllGroups() to support family 7 and take + optional ExifTool reference + + Changed QuickTimeHandler option default to 1 + version 12.18: + * Added a new SonyModelID + * Decode a number of Sony tags for the ILCE-1 (thanks Jos + Roost) + * Decode a couple of new Canon tags (thanks LibRaw) + * Patched to read differently formatted UserData:Keywords as + written by iPhone + * Patched to tolerate out-of-order Nikon MakerNote IFD entries + when obtaining tags necessary for decryption + * Fixed a few possible Condition warnings for some + NikonSettings tags + version 12.17: + * Added a new Canon FocusMode value + * Added a new FujiFilm FilmMode value + * Added a number of new XMP-crs tags (thanks Herb) + * Decode a new H264 MDPM tag + * Allow non-conforming lower-case XMP boolean "true" and + "false" values to be written, but only when print conversion + is disabled + * Improved Validate option to warn about non-capitalized + boolean XMP values + * Improved logic for setting GPSLatitude/LongitudeRef values + when writing + * Changed -json and -php options so the -a option is implied + even without the -g option + * Avoid extracting audio/video data from AVI videos when -ee + - u is used + * Patched decoding of Canon ContinuousShootingSpeed for newer + firmware versions of the EOS-1DXmkIII + * Re-worked LensID patch of version 12.00 (github issue #51) + * Fixed a few typos in newly-added NikonSettings tags (thanks + Herb) + * Fixed problem where group could not be specified for + PNG-pHYs tags when writing + version 12.16: + * Extract another form of video subtitle text + * Enhanced -ee option with -ee2 and -ee3 to allow parsing of + the H264 video stream in MP4 files + * Changed a Nikon FlashMode value + * Fixed problem that caused a failed DPX test on Strawberry + Perl + * API Changes: + + Enhanced ExtractEmbedded option + version 12.15: + * Added a couple of new Sony LensType values (thanks LibRaw + and Jos Roost) + * Added a new Nikon FlashMode value (thanks Mike) + * Decode NikonSettings (thanks Warren Hatch) + * Decode thermal information from DJI RJPEG images + * Fixed extra newline in -echo3 and -echo4 outputs added in + version 12.10 + * Fixed out-of-memory problem when writing some very large PNG + files under Windows + version 12.14: + * Added support for 2 more types of timed GPS in video files + (that makes 49 different formats now supported) + * Added validity check for PDF trailer dictionary Size + * Added a new Pentax LensType + * Extract metadata from Jpeg2000 Association box + * Changed -g:XX:YY and -G:XX:YY options to show empty strings + for non-existent groups + * Patched to issue warning and avoid writing date/time values + with a zero month or day number + * Patched to avoid runtime warnings if trying to set FileName + to an empty string + * Fixed issue that could cause GPS test number 12 to fail on + some systems + * Fixed problem extracting XML as a block from Jpeg2000 + images, and extract XML tags in the XML group instead of XMP +- Update URL + +- update to 12.13: + - Add time zone automatically to most string-based QuickTime date/time tags + when writing unless the PrintConv option is disabled + - Added -i HIDDEN option to ignore files with names that start with "." + - Added a few new Nikon ShutterMode values (thanks Jan Skoda) + - Added ability to write Google GCamera MicroVideo XMP tags + - Decode a new Sony tag (thanks LibRaw) + - Changed behaviour when writing only pseudo tags to return an error and avoid + writing any other tags if writing FileName fails + - Print "X image files read" message even if only 1 file is read when at least + one other file has failed the -if condition + - Added ability to geotag from DJI CSV log files + - Added a new CanonModelID + - Added a couple of new Sony LensType values (thanks LibRaw) + - Enhanced -csvDelim option to allow "\t", "\n", "\r" and "\\" + - Unescape "\b" and "\f" in imported JSON values + - Fixed bug introduced in 12.10 which generated a "Not an integer" warning + when attempting to shift some QuickTime date/time tags + - Fixed shared-write permission problem with -@ argfile when using -stay_open + and a filename containing special characters on Windows + - Added -csvDelim option + - Added new Canon and Olympus LensType values (thanks LibRaw) + - Added a warning if ICC_Profile is deleted from an image (github issue #63) + - EndDir() function for -if option now works when -fileOrder is used + - Changed FileSize conversion to use binary prefixes since that is how the + conversion is currently done (eg. MiB instead of MB) + - Patched -csv option so columns aren't resorted when using -G option and one + of the tags is missing from a file + - Fixed incompatiblity with Google Photos when writing UserData:GPSCoordinates + to MP4 videos + - Fixed problem where the tags available in a -p format string were limited to + the same as the -if[NUM] option when NUM was specified + - Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for Ricoh + models + +- Update to 12.10 + * Added -validate test for proper TIFF magic number in + JPEG EXIF header + * Added support for Nikon Z7 LensData version 0801 + * Added a new XMP-GPano tag + * Decode ColorData for the Canon EOS 1DXmkIII + * Decode more tags for the Sony ILCE-7SM3 + * Automatically apply QuickTimeUTC option for CR3 files + * Improved decoding of XAttrMDLabel from MacOS files + * Ignore time zones when writing date/time values and + using the -d option + * Enhanced -echo3 and -echo4 options to allow exit status + to be returned + * Changed -execute so the -q option no longer suppresses + the "{ready}" message when a synchronization number is used + * Added ability to copy CanonMakerNotes from CR3 images + to other file types + * Added read support for ON1 presets file (.ONP) + * Added two new CanonModelID values + * Added trailing "/" when writing QuickTime:GPSCoordinates + * Added a number of new XMP-crs tags + * Added a new Sony LensType (thanks Jos Roost) + * Added a new Nikon Z lens (thanks LibRaw) + * Added a new Canon LensType + * Decode ColorData for Canon EOS R5/R6 + * Decode a couple of new HEIF tags + * Decode FirmwareVersion for Canon M50 + * Improved decoding of Sony CreativeStyle tags + * Improved parsing of Radiance files to recognize comments + * Renamed GIF AspectRatio tag to PixelAspectRatio + * Patched EndDir() feature so subdirectories are always + processed when -r is used (previously, EndDir() would + end processing of a directory completely) + * Avoid loading GoPro module unnecessarily when reading MP4 videos + from some other cameras + * Fixed problem with an incorrect naming of CodecID tags in some + MKV videos + * Fixed verbose output to avoid "adding" messages for + existing flattened XMP tags + * Added a new Sony LensType + * Recognize Mac OS X xattr files + * Extract ThumbnailImage from MP4 videos of more dashcam models + * Improved decoding of a number of Sony tags + * Fixed problem where the special -if EndDir() function didn't + work properly for directories after the one in which + it was initially called + * Patched to read DLL files which don't have a .rsrc section + * Patched to support new IGC date format when geotagging + * Patched to read DLL files with an invalid size in the header + * Added support for GoPro .360 videos + * Added some new Canon RF and Nikkor Z lenses + * Added some new Sony LensType and CreativeStyle values + and decode some ILCE-7C tags + * Added a number of new Olympus SceneMode values + * Added a new Nikon LensID + * Decode more timed metadata from Insta360 videos + * Decode timed GPS from videos of more Garmin dashcam models + * Decode a new GoPro video tag + * Reformat time-only EventTime values when writing and prevent + arbitrary strings from being written + * Patched to accept backslashes in SourceFile entries for -csv option + +- update to 12.06 + - Added read support for Lyrics3 metadata (and fixed problem + where APE metadata may be ignored if Lyrics3 exists) + - Added a new Panasonic VideoBurstMode value + - Added a new Olympus MultipleExposureMode value + - Added a new Nikon LensID + - Added back conversions for XMP-dwc EventTime that were removed + in 12.04 with a patch to allow time-only values + - Decode GIF AspectRatio + - Decode Olympus FocusBracketStepSize + - Extract PNG iDOT chunk in Binary format with the + name AppleDataOffsets + - Process PNG images which do not start with mandatory + IHDR chunk + - Added a new Panasonic SelfTimer value + - Decode a few more DPX tags + - Extract AIFF APPL tag as ApplicationData + - Fixed bug writing QuickTime ItemList 'gnre' Genre values + - Fixed an incorrect value for Panasonic VideoBurstResolution + - Fixed problem when applying a time shift to some invalid + makernote date/time values + +- update to 12.04: + * See /usr/share/doc/packages/perl-Image-ExifTool/Change + +- update to 11.50, see Image-ExifTool-11.50.tar.gz for details + +- Update to version 11.30: + * Add a new Sony/Minolta LensType. + * Decode streaming metadata from TomTom Bandit Action Cam MP4 + videos. + * Decode Reconyx HF2 PRO maker notes. + * Decode ColorData for some new Canon models. + * Enhanced -geotag feature to set AmbientTemperature if + available. + * Remove non-significant spaces from some DICOM values. + * Fix possible "'x' outside of string" error when reading + corrupted EXIF. + * Fix incorrect write group for GeoTIFF tags. + +- Update to version 11.29 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.27 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.24 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.11 (changes since 11.01): + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to 11.01: + * Added a new ProfileCMMType + * Added a Validate warning about non-standard EXIF or XMP in + PNG images + * Added a new Canon LensType + * Decode a couple more PanasonicRaw tags + * Patched to avoid adding tags to QuickTime videos with multiple + 'mdat' atoms --> avoids potential corruption of these videos! + +- Update to 11.00: + * Added read support for WTV and DVR-MS videos + * Added print conversions for some ASF date/time tags + * Added a new SonyModelID + * Decode a new PanasonicRaw tag + * Decode some new Sony RX100 VI tags + * Made Padding and OffsetSchema tags "unsafe" so they + aren't copied by default + permissions +- Update to version 20181225: + * etc/permissions: remove unnecessary entries (bsc#1182899) + pidentd +- Use /run instead of /var/run (bsc#1185070). + -- make patch0 usage consistent - plasma5-desktop +- Add upstream patch to fix renaming files on the desktop via the + keyboard shortcut (boo#1174487, kde#425436): + * 0001-Fix-renaming-shortcut-for-files-selected-via-selecti.patch + plasma5-workspace +- Add upstream patch to fix broken/missing "Switch User" + functionality with systemd 246 (boo#1177223, kde#427777): + * Fix-missing-Switch-User-with-systemd-246.patch + post-build-checks-malwarescan +- and skip all the bells and whistles if we only have the + busybox variants of xargs and grep (bsc#1183460) + -- Use http://www.suse.com/security as Url: spec tag. Yeah. -- License: tag update - postgresql10 +- Re-enable build of the llvmjit subpackage on SLE, but it will + only be delivered on PackageHub for now (boo#1183118). + +- Remove leftover PreReq on chkconfig, we stopped using it long + time ago. + +- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW. + ppc64-diag +- Fix systemd warning about obsolete logging options (bsc#1183700 ltc#192095). + + ppc64-diag-Drop-obsolete-logging-options-from-systemd-service-f.patch + procps +- Add upstream patch procps-3.3.17-bsc1181976.patch based on + commit 3dd1661a to fix bsc#1181976 that is change descripton + of psr, which is for 39th field of /proc/[pid]/stat + python-aiohttp +- Add patch to fix how pure-Python HTTP parser interprets `//` + + CVE-2021-21330.patch (bsc#1184745, CVE-2021-21330) + python-django-appconf +- Update to 1.0.4: + * Updates test matrix and PyPI metadata for latest versions of Django. + -- Add python-six Requires: since version 0.6, the six module is - used. - python-django-avatar +- Skip to build the python2 package django-appconf is python3 only + -- Update to 1.0.3; -- Building as noarch for openSUSE >= 11.2. - python-django-compressor +- Disable tests until upstream makes them work with new python + Beautifulsoup + +- Bump the version requirement on django to be >= 2.2 +- Enable verbose testing + python-django-pyscss +- Skip to build the python2 package django-appconf is python3 only + -- fix license/package license/README - python-kiwisolver +- version update to 1.2.0 + * setup.py: proper python version pinning and cut 1.2.0 release +- python3 only, e. g. requires cppy, which is python3 only + python-libxml2-python +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + python-magnumclient +- update to version 3.0.1 + - Rename variables to address pep8 error + - Update TOX/UPPER_CONSTRAINTS_FILE for stable/ussuri + - Labels override + - Update .gitreview for stable/ussuri + python-pyScss +- update to 1.3.7: + * fix setup.py compatibility with newer setuptools + +- version update to 1.3.6 + * no upstream changelog + -- version 1.1.5: initial build - python-pymediainfo +- Update to version 5.1.0 + * Improve errors when libmediainfo can't be loaded + python-pymemcache -- update to 3.3.0: - * ``HashClient`` can now be imported from the top-level ``pymemcache`` package - (e.g. ``pymemcache.HashClient``). - * ``HashClient.get_many()`` now longer stores ``False`` for missing keys from - unavailable clients. Instead, the result won't contain the key at all. - * Added missing ``HashClient.close()`` and ``HashClient.quit()``. - -- update to 3.2.0: - * ``PooledClient`` and ``HashClient`` now support custom ``Client`` classes - python-shaptools +- Create version 0.3.12 +- Fix the HANA sidadm user creation to transform to lowercase + properly + (bsc#1185090) + +- Fix spec file to build properly the shapcli executable + python-sphinx-testing +- Fix build without python2 + +- updte to 1.0.1 + * Support Sphinx-2.0.1 + +- update to 1.0.0 +- enable testsuite + * Support Sphinx-2.0 + +- Remove superfluous devel dependency for noarch package + python-tinyrpc +- Add missed dependency on requests in tests + +- Switch to github tarball for tests +- Run tests +- Skip python2 build as the 1.0.4 is no longer py2 compatible + +- update to 1.0.4: + * Tinyrpc now supports the MSGPACK RPC protocol in addition to JSON-RPC. + python-voluptuous +- Update to 0.11.7: + * #378: Allow extend() of a Schema to return a subclass of a Schema as well. + * #364: Accept description for Inclusive instances. + * #373: Accept msg for Maybe instances. + * #382: Added support for default values in Inclusive instances. + * #371: Fixed DeprecationWarning related to collections.Mapping. + * #377: Preserve Unicode strings when passed to utility functions + (e.g., Lower(), Upper()). + * #380: Fixed regression with Any and required flag. + +- Trim repeated name in summary (rpmlint). Trim filler wording + from description. + +- update to 0.11.5: + * Fixed issue with opening README file in setup.py. + * Support Python 3.7. + * #343: Drop support for Python 3.3. + * #342: Add support for sets and frozensets. + * #332: Fix Python 3.x compatibility for setup.py when pypandoc is installed. + * #348: Include path in AnyInvalid errors. + * #351: Fix Date behaviour when a custom format is specified. + +- Sort out a bit with spec-cleaner + +- update to 0.11.1: + - Support Python 3.6. + - Drop support for Python 2.6, 3.1 and 3.2. + - Allow to use nested schema and allow any validator to be compiled. + - Default values MUST now pass validation just as any regular value. + This is a backward incompatible change if a schema uses default values + that don't pass validation against the specified schema. + - Modify `__lt__` in Marker class to allow comparison with non Marker + objects, such as str and int. + - Add description field to `Marker` instances. + - Add `Schema.infer` method for basic schema inference. + - Add `SomeOf` validator. + - Treat Python 2 old-style classes like types when validating. + - Make `IsDir()`, `IsFile()` and `PathExists()` consistent between + different Python versions. + - Use absolute imports to avoid import conflicts. + - Fix `Coerce` validator to catch `decimal.InvalidOperation`. + - Make `Schema([])` usage consistent with `Schema({})`. + - Allow partial validation when using validate decorator. + - Make `Schema.__eq__` deterministic. + - Replace implementation of `Maybe(s)` with `Any(None, s)` to allow + it to be compiled. + python-yarl +- Add tests_overcome_bpo42967.patch to over effects of bpo#42967, + which forbade mixing amps and semicolons in query strings as + separators. + python39 +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + python39:base +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + python39:doc +- Make sure to close the import_failed.map file after the exception + has been raised in order to avoid ResourceWarnings when the + failing import is part of a try...except block. + qbittorrent +- Update to version 4.3.5 + Bug fixes: + * Move cursor to the end when autofilling URL/hash in + "Download from URLs" dialog + * Sort invalid QDateTime values after valid values + * Fix tabChangesFocus attribute in "Edit trackers" dialog + * Update DynDNS register url + * Handle "not enough disk space" error more graciously + * Correctly draw progress background with stylesheet + Web UI: + * Fix magnet url from the search facility + * Revise folder monitoring functions + * Fix magnet url from the browser + * Allow to specify file indexes in torrents/files API + Other: + * Fix D-Bus Notification `desktop-entry` field + * Lower Qt requirement to 5.11 + * Clarify that the license is GPLv2+ + qmmp +- Update to version 1.4.6 + * added application startup optimization + * added X11 session checking in the notifier plugin + * fixed provider settings parsing in the lyrics plugin + * fixed equalizer form in the qsui plugin + * fixed build with the latest ffmpeg version + * updated Portuguese translation (Sérgio Marques) + * updated Italian translation (Luigi Toscano) + * updated French translation (Adrien Vigneron) + +- Update to version 1.4.5 + * added TagLib 1.12 support + * disabled CRC checking in the mpeg plugin + * fixed playlist update + * fixed build with gcc 11 + * fixed API documentation + * fixed skin search path + * fixed application icons + radvd -- fix the radvd.service file to use /etc/sysconfig/radvd - (bnc#854316) - -- Update to version 1.9.7 - * ioctl bug fix for getting the hardware address and mtu of an interface -- Update to version 1.9.6 - * Check AdvSendAdvert before sending an advertisement -- Update to version 1.9.5 - * IPv6 forwarding setting should be 1 or 2 - * Performance fix in netlink message processing - * fix for kernels with no NETLINK_NO_ENOBUFS defined - * distributing gz, bz2 and xz tarballs - * also distributing md5, sha1, sha256 and gpg signatures -- Update to version 1.9.4 - * IPv6 forwarding setting should be 1 or 2 - * Performance fix in netlink message processing - * fix for kernels with no NETLINK_NO_ENOBUFS defined - * distributing gz, bz2 and xz tarballs - * also distributing md5, sha1, sha256 and gpg signatures -- Update to version 1.9.3 - * check for sys/sysctl.h availability - * radvdump fix to interpret MTU and Route -- Update to version 1.9.2 - * A few minor Makefile.am fixes -- Update to version 1.9.1 - * Replacing a '==' in configure with '=' for better shell portability -- added .asc (gpg key not yet found) - -- Don't start daemon after package installation, the default config is almost - useless and previous package versions installed even bad ones into - /etc/radvd.conf (it would never be fixed since the file is - %ghost %config(noreplace) -- Fix try-restart to only restart the daemon if it's actually running. Allow - condrestart, which is LSB - -- Add radvd-tmpfile-grpname.patch: On openSUSE, the radvd user is - added to the 'daemon' group (not a specific 'radvd' group). Thus - adjusting the groupname in for the file to be installed in - tmpfiles.d. Otherwise, the systemd-tmpfiles service fails to - start (and radvd can't find the /var/run folder). - -- Remove URL from source as this is a git snapshot - -- Update to version 1.9rc1.xxx - * Support systemd tmpfiles.d - * add Native systemd units for this service - * Uses libdaemon to deamonize and store PID file. - * Use setsockopt NETLINK_NO_ENOBUFS - * fixes debian bug 634485 - -- add automake as buildrequire to avoid implicit dependency - -- Update to version 1.8.3: - + proper tracking of buffer usage in send_ra -- Drop diff_release_1_8_2..44ee01c7.patch: fixed upstream. - -- Update to version 1.8.3-rc1 -- additional patches up to commit 44ee01c7 to fully fix the - path traversal CVE-2011-3602 (bnc#721968) - -- Update to version 1.8.1 for details see NEWS -- Fix package building in factory, creating /var/run/radvd before - being marked as %ghost -- Run spec cleaner - -- new version 1.7: - - Fix an unintentional change in 1.3: RAs were accidentally often unicast to - solicitors instead of being multicast. This is still compliant with the - specification but is not optimal. - - Allow radvd.conf prefix, clients, route, and RDNSS options to be in any order. - - exit if the number of prefixes/routes/etc. would grow too much. - - Fix radvd skipping multiple interfaces when UnicastOnly is on or - AdvSendAdvert is off. This got broken in radvd 1.3. - - Fix a segmentation fault on reload_config() timer list corruption that only - occurs with multiple interfaces. - - Add '-c' flag to test configuration. - - Deprecate old, pre-RFC5006 parameters. Support RFC6106 by adding DNS Search List support. -- run as user radvd by default (bnc#691456) -- clean up init script -- install a small default config that advertises ULAs. Default prefix is - autogenerated to get a different for on each installation. -- start even if forwarding is not on to be able to work with ULAs only - -- Update to version 1.3: - - mainly compilation fixes - - decreased the default valid and preferred lifetimes - - support for arbitrary interface names - rsyslog +- fix groupname retrieval for large groups (bsc#1178490) + * add 0001-rainerscript-call-getgrnam_r-repeatedly-to-get-all-g.patch + ruby2 +- Update to 2.5.9 (boo#1184644) + https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/ + - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability + in WEBrick + - CVE-2021-28965: XML round-trip vulnerability in REXML + Complete list of changes at + https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9 +- Update suse.patch: + Remove fix for CVE-2020-25613 as it is included in the update + sapconf +- version update from 5.0.0 to 5.0.2 +- added sapconf_check and supportconfig plugin for sapconf +- change log message for 'MIN_PERF_PCT' parameter to reduce the + spot light + (bsc#1179524) +- add additional check to detect an active saptune service + (started but disabled and without any notes applied). + Improve the logging message. + (bsc#1182314) +- enable and start sapconf.service during package update, if tuned + is running with sapconf as profile + (bsc#1176061) +- preserve the state of the sapconf.service during the package + update. Only disable the sapconf service, if saptune is active. + In any other cases don't touch the state of the sapconf service. + If tuned has problems and the command 'tune-adm off' does not + work properly in the preinstall script of the package, try to + stop the tuned service to avoid weird error messages in the log + of tuned during and after the package update + (bsc#1182906) + sapstartsrv-resource-agents +- prevent sapping.service from running a second time after a + corosync start/restart + (bsc#1183969) + sblim-sfcb +- avoid_doublefree_in_sunsetcontrol.patch: avoid double free + during a failed localhost client connection (bsc#1180753) + scap-security-guide +- updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) + - initial SLES15 STIG added + - more SLES 12 STIG work + - correct tables and cross references for SLES 12 and 15 STIG + +- updated to 0.1.55 release (jsc#ECO-3319) + - big update of rules used in SLES-12 STIG profile + - Render policy to HTML (#6532) + - Add variable support to yamlfile_value template (#6563) + - Introduce new template for dconf configuration files (#6118) +- avoid some non sles12 sp2 available macros. + shim +- Include suse-signed shim for AArch64 (bsc#1185621) + skelcd-control-openSUSE-promo +- Fix path of repo for Leap 15.3 armv7 (boo#1183795) +- 15.3.4 + skelcd:ha +- set beta flag to 0 for GMC release + skelcd:leanos +- set beta flag to 0 for GMC release + skelcd:sap-apl +- set beta flag to 0 for GMC release + skelcd:sle-we +- set beta flag to 0 for GMC release + skelcd:sled +- set beta flag to 0 for GMC release + skelcd:sles +- set beta flag to 0 for GMC release + sle_quickstarts +-- Quick Start Updatews, final version for 15 SP3 + slurm +- Ship REST API version and auth plugins with slurmrestd. +- Add YAML support for REST API to build (bsc#1185603). + spacecmd +- version 4.1.11-1 +- Handle SIGPIPE without user-visible Exception (bsc#1181124) + spacewalk-client-tools +- version 4.1.10-1 +- Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) +- log an error when product detection failed (bsc#1182339) + spack +- Add gcc-c++ to the required packages (bsc#1185519). +- Add alternative c++ & fortran compilers to the triggers list. + spack:doc +- Add gcc-c++ to the required packages (bsc#1185519). +- Add alternative c++ & fortran compilers to the triggers list. + spamassassin +- Deprecated path "/var/run/" used in systemd-services (bsc#1185184) + +- Update to version 3.4.5 + o CVE-2020-1946: spamassassin: security update (bsc#1184221) + o CVE-2019-12420: spamassassin: memory leak via crafted messages + (bsc#1159133) +- Remove patches applied by the update: + CVE-2020-1930.diff + CVE-2020-1931.diff + CVE-Level-issue-with-Rule-Files.patch + strawberry +-Update to version 0.9.3: + + Bugfixes: + + Fix "Show in file browser" to work with thunar. + + Check that the clicked rating position is to the right or left of the rectangle. + + Fix rescan when collection directory is removed and readded. + + Enhancements: + + Allow editing playlist metadata for radio streams. + + Make CollectionQuery subclass QSqlQuery, avoid copying QSqlQuery. + + Only enable FTS3 when schema needs upgrading, since FTS5 is used for search. + + Add setting for configuring the color for the currently playing song. + + Add setting to turn on OSD Pretty fading. + + Add commandline option to resize window. + stressapptest +- Add reproducible.patch to override build date (boo#1047218) + and to drop build host name (boo#1084909) + strongswan +- Information added in README about the rcstrongswan-starter + +- Keep using ipsec as the main binary. Therefore, make strongswan.service point to it instead of swanctl + subversion +- /var/run in /usr/lib/tmpfiles.d/svnserve.conf is deprecated (bsc#1185052) + suse-migration-services +- Bump version: 2.0.23 → 2.0.24 + +- Support symlinks for certificate files + +- Cracefully handle cert copy exceptions + If the copy process of a certificate failed this should not + cause the entire migration process to stop. This commit + handles copy errors from the cert chain and turns them into + a log message. If in the subsequent chain of tasks the + migration failed because of missing certificates we will + see that in the log and in the attempt to access the repos + which is better than the python stacktrace on an unhandled + FileNotFoundError exception. Retated to Issue #197 + +- Bump version: 2.0.22 → 2.0.23 + +- Prevent use of shutil.copytree + The versions of copytree comes with a different set of + features depending on the used python interpreter. The + former implementation used an option which did not exist + on python in SLE15. To keep us safe from further surprises + I moved back to the simple but stable shutil.copy method. + We can come up with a refactoring PR when needed but not + combined with the fix for the certificates as this was the + original intention of the change + +- Bump version: 2.0.21 → 2.0.22 + +- Fixed import of certificates + Certificates can exist on several places. This commit + makes sure we lookup certificates at the following + places: + * /usr/share/pki/trust/anchors + * /etc/pki/trust/anchors + +- Bump version: 2.0.20 → 2.0.21 + +- Fixed mount of root for detected disk + The former implementation looped through a list of block + devices, mounted them, looked for the fstab file, reads it + and umounted the device again. In a next step we mounted + all entries from that fstab file as listed. The problem + with this approach is that the mount of the root device + already happened and we did it again. As this is not needed + it should also not create a problem. But it does create + a problem in multipath environments. With the absence of + the multipath setup in the live migration system only one + of the multipath devices can be mounted. This device was + found by our loop approach but is not necessarily the + right choice when mounting the device as referenced from + the fstab file without multipath running. Therefore this + commit makes sure the root device is mounted only once + and only through our best guess loop and not by the entry + in the fstab file. + +- Bump version: 2.0.19 → 2.0.20 + +- Respect host kernel boot options for migration + The kernel boot options used on the host to migrate can be + important for the migration live environment too. For example + if net.ifnames is passed is influences the network interface + names to become predictable. As the DMS inherits configuration + data from the host e.g the network setup, it's required that + also the kernel boot parameters matches. + +- Bump version: 2.0.18 → 2.0.19 + +- Reference commit for SUSE maintenance + This commit adds a reference to bsc#1184278 + Avoid multiple mount attempts + +- Added kernel-firmware to support bare metal better + For the DMS to boot on bare metal system we should install + the kernel-firmware package. If not present certain systems + like HP with Mellanox driver fails to boot. This is related + to bsc#1182520 + +- Fixed loopback root setting + The root variable for the loopback search in grub was initialized + with the assumption that the /usr/share/ location on the system is + on the root partition. This assumption could be incorrect and the + code should be smart enough to detect this situation. + This Fixes #192 + +- Use ismount + - Change the command "mount -q $mountpoint" + for Python method "os.path.ismount($mountpoint)" + +- Avoid multiple mount attempts + - Fstab could contain one of the mount points + DMS mount explicitly, ending up in an exception. + To avoid this, DMS does not mount the explicit + mount points if they are in fstab. + This Fixes #191 and bcs#1184278 + suse-xsl-stylesheets +- Beta release of the SUSE XSL stylesheets 2.81.0: + https://github.com/openSUSE/suse-xsl/releases/tag/2.81.0 +- PDF/HTML + - Added first version of SUSE 2021 stylesheets +- HTML: + - SUSE 2013: Avoid interference between "Copy code" buttons and + highlight.js +- PDF: + - SUSE 2013: List sect1 within PDF ToCs +- Other: + - Cleanup of the tarball, so previous change for Nimbus fonts is + now unnecessary + systemd +- add conversion script for moving legacy collect based udev rules + to chzdev based ones (bsc#1183984) + systemd-mini +- Import commit a9d8f7b4aa917ad28bc8c2622e77cb10c78b6b64 + 1130a2a712 shutdown: bump kmsg log level to LOG_WARNING only + 188fb8b6ed shutdown: rework bump_sysctl_printk_log_level() to use sysctl_writef() + 8f718ea1ea sysctl: add sysctl_writef() helper + cfaa3afb20 shutdown: use "int" for log level type + 112b8553dc killall: bump log message about unkilled processes to LOG_WARNING + 5a9628e4d9 core/killall: Log the process names not killed after 10s + 26a073c9cf shutdown: Bump sysctl kernel.printk log level in order to see info msg + a72f23faaa core/killall: Propagate errors and return the number of process left + 13092aa300 shutdown: always pass errno to logging functions + 62f0cbad46 umount: beef up logging when umount/remount child processes fail + c04232cd6c umount: Try unmounting even if remounting read-only failed + 9cf5376ff5 core: Implement sync_with_progress() (bsc#1178219) + 160ef4200a core: Implement timeout based umount/remount limit (bsc#1178219) + 4a38837448 core: remove "misuse" of getpgid() in systemd-shutdown + 6427ab4adf core: systemd-shutdown: avoid confusingly redundant messages + c069ee55de core: systemd-shutdown: add missing check for umount_changed + d28bde105a umount: always use MNT_FORCE in umount_all() (#7213) + 2c592670f0 signal-util: use a slightly less likely to conflict variable name instead of 't' + b7e22d4712 meson: rename -Ddebug to -Ddebug-extra + 063f26c13b meson: drop misplaced -Wl,--undefined argument + A bunch of commits which should improve the logs emitted by + systemd-shutdown during the shutdown process when some badly written + applications cannot be stopped properly and prevents some mount + points to be unmounted properly. See bsc#1178219 for an example of + such case. + systemd-presets-common-SUSE +- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). + tcpdump +- Disable 5 regression tests that fail with libpcap > 1.8.1 + * These test pcap files have been updated in later versions: + arp-too-long-tha, juniper_header-heapoverflow, + tftp-heapoverflow, relts-0x80000000, stp-v4-length-sigsegv. +- Add tcpdump-disable-failing-tests.patch [bsc#1183800] + tcsh +- Add patch tcsh-6.20.00-toolong.patch which is an upstream commit + ported back to 6.20.00 to fix bsc#1179316 about history file growing + tpm2-tss-engine +- add 0001-build-add-disable-defaultflags.patch: add support to disable fixed + compilation flags +- pass --disable-defaultflags to avoid breakage of our gcc-PIE profile + (resulted in non-position-independent executable tpm2-tss-genkey, bsc#1183895). + umoci +- Re-disable s390 builds. + +- Add fix for CVE-2021-29136. bsc#1184147 + + CVE-2021-29136.patch + +- Update to umoci v0.4.6. + umoci has been adopted by the Open Container Initative as a reference + implementation of the OCI Image Specification. This will have little impact + on the roadmap or scope of umoci, but it does further solidify umoci as a + useful piece of "boring container infrastructure" that can be used to build + larger systems. + > **NOTICE**: As part of the adoption procedure, the import path and module + > name of umoci has changed from `github.com/openSUSE/umoci` to + > `github.com/opencontainers/umoci`. This means that users of our (still + > unstable) Go API will have to change their import paths in order to update + > to newer versions of umoci. + > + > The old GitHub project will contain a snapshot of `v0.4.5` with a few + > minor changes to the readme that explain the situation. Go projects which + > import import the archived project will receive build warnings that + > explain the need to update their import paths. + + umoci now builds on MacOS, and we currently run the unit tests on MacOS to + hopefully catch core regressions (in the future we will get the + integration tests running to catch more possible regressions). + opencontainers/umoci#318 + * Suppress repeated xattr warnings on destination filesystems that do not + support xattrs. opencontainers/umoci#311 + * Work around a long-standing issue in our command-line parsing library (see + urfave/cli#1152) by disabling argument re-ordering for `umoci config`, + which often takes `-`-prefixed flag arguments. opencontainers/umoci#328 + * For details, see CHANGELOG.md in the package. + +- Update to umoci v0.4.5. + * Use "type: bind" for generated config.json bind-mounts. + * Don't insert a new layer if there is no diff. + * Only output a warning if forbidden extended attributes are present inside + the tar archive. + * For details, see CHANGELOG.md in the package. + vlc +- Update to version 3.0.13: + + Demux: + - Adaptive: fix artefacts in HLS streams with wrong profiles/levels + - Fix regression on some MP4 files for the audio track + - Fix MPGA and ADTS probing in TS files + - Fix Flac inside AVI files + - Fix VP9/Webm artefacts when seeking + + Codec: + - Support SSA text scaling + - Fix rotation on Android rotation + - Fix WebVTT subtitles that start at 00:00 + + Access: + - Update libnfs to support NFSv4 + - Improve SMB2 integration + - Fix Blu-ray files using Unicode names on Windows + - Disable mcast lookups on Android for RTSP playback + + Video Output: Rework the D3D11 rendering wait, to fix + choppiness on display + + Interfaces: + - Fix VLC getting stuck on close on X11 (#21875) + - Improve RTL on preferences on macOS + - Add mousewheel horizontal axis control + - Fix crash on exit on macOS + - Fix sizing of the fullscreen controls on macOS + + Misc: + - Improve MIDI fonts search on Linux + - Update Soundcloud, Youtube, liveleak + - Fix compilation with GCC11 + - Fix input-slave option for subtitles + + Updated translations. +- Drop vlc-gcc11.patch: fixed upstream. +- Extend vlc-srto_tsbpddelay.patch: allow srt >= 1.3 for openSUSE. + +- Guard post scriptlets to only run %{_libdir}/vlc/vlc-cache-gen if + it already (or still, in case of uninstall) exists. + +- Add vlc-gcc11.patch: Fix build using gcc11 (boo#1181918). + +- Drop libpcre-devel BuildRequires: not been used in a while. + +- Limit libplacebo to is_openssue: vlc does not exist in SLE, which + makes the usage of is_opensuse valid; backports has is_opensuse + set to 1. This is mostly interesting for 3rd party build service + instances. + +- Enable libplacebo support (the core rendering algorithms and + ideas of mpv rewritten as an independent library): + + Add pkgconfig(libplacebo) BuildRequires + + Pass --enable-libplacebo to %configure + +- Update to version 3.0.12: + + Access: Add new RIST access module compliant with simple + profile (VSF_TR-06-1). + + Access Output: Add new RIST access output module compliant with + simple profile (VSF_TR-06-1). + + Demux: Fixed adaptive's handling of resolution settings. + + Audio output: Fix audio distortion on macOS during start of + playback. + + Video Output: Direct3D11: Fix some potential crashes when using + video filters. + + Misc: + - Several fixes in the web interface, including privacy and + security improvements + - Update YouTube and Vocaroo scripts. + + Updated translations. +- Drop vlc-CVE-2020-26664.patch: fixed upstream. +- Drop fix-missing-includes-with-qt-5.15.patch: fixed upstream. + vsftpd +- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp + sandbox, fixes bsc#1179553 + Also in the same patch, fix the architecture offset from 4 to 5, + this change was documented in https://lore.kernel.org/patchwork/patch/554803/ + +- Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and + "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch", + which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the + configuration file. Both options default to true. [SLE-4182] + +- Use %{_prefix}/lib instead of misused %{_libexecdir}. + +- Add pam_keyinit.so to PAM config file. + [vsftpd.pam, bsc#1144062] + +- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation + fault that occurred while trying to write to an invalid TLS + context. [bsc#1125951] + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +- firewall-macros should be BuildRequires, not Requires(post) + (the macro gets expanded during package build) + -- force using fork() instead of clone() on s390 - fixes bnc#890469 - * vsftpd-3.0.2-s390.patch - -- Cleanup with spec-cleaner -- Remove conditions about init files as we do not build for < 12.1 - anyway. -- Update the README.SUSE file to describe more the listen option. - -- Add socket service for vsftpd to avoid the need for xinetd here. - -- Add comment about listen variables for xinetd configuration. - Fixes bnc#872221. -- Add default configuration as arg to xinetd started vsftpd. -- Updated patch: - * vsftpd-2.0.4-xinetd.diff - -- Move the enabling of timeofday and alarm one level deeper to - be sure it is whitelisted everytime. - Also should possibly fix bnc#872215. -- Updated patch: - * vsftpd-enable-gettimeofday-sec.patch - -- Remove forking from service type as it hangs in endless loop. - -- Fix warning about dangling symlink on rcvsftpd from rpmlint and - remove also clean section while at it. - -- Add patch to allow gettimeofday and alarm calls with seccomp - enabled. bnc#870122 -- Added patch: - * vsftpd-enable-gettimeofday-sec.patch - -- Specify that the service type is forking - -- changed license to SUSE-GPL-2.0-with-openssl-exception - * suggested by legal team - -- add allow_root_squashed_chroot option to enable chroot on nsf - mounted with squash_root option (fate#311051) - * vsftpd-root-squashed-chroot.patch - -- build with OPENSSL_NO_SSL_INTERN this hides internal struct - members or functions that if changed in future openssl versions - will break the ABI of the calling applications. - -- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) - * this enabled a sendto on /dev/log socket when syslog is enabled -- provide more verbose explanation about isolate_network and seccomp_sanbox in - config file template -- don't install init file on openSUSE 13.1+ -- drop a build support for SL 10 and older - -- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) - * drop CLONE_NEWPID from clone to enable audit system -- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) - * unconditionally enable F_SETFL patch - might be safe to do - -- add isolate_network and seccomp_sandbox options to template to make them - easier to find (bnc#786024) - -- add vsftpd-allow-dev-log-socket.patch (bnc#786024) - * whitelist /dev/log related socket syscall - -- Verify GPG signature. - -- Fix useradd invocation: -o is useless without -u and newer - versions of pwdutils/shadowutils fail on this now. - -- update to 3.0.2 (bnc#786024) - * Fix some seccomp related build errors on certain CentOS and Debian versions. - * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() - opens and maps /proc/meminfo but only for larger item counts? - * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. - * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin - Xu . - * Force cast to unsigned char in is* char functions. - * Fix harmless integer issues in strlist.c. - * Started on a (possibly ill-advised?) crusade to compile cleanly with - Wconversion. Decided to suspend the effort half-way through. - * One more seccomp policy fix: mremap (denied). - * Support STOU with no filename, uses a STOU. prefix. - -- make seccomp sandbox enabled by default - * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch - -- fix building on 11.4 x86_64 and lower - * fix where, when, & how __USE_GNU gets #defined - * make seccomp optional and disable it on 10.3 and lower - -- update to upstream 3.0.0: - * Make listen mode the default. - * Fix missing "const" in ssl.c - * Add seccompsandbox.c to support a seccomp filter sandbox; works against - Ubuntu 12.04 ABI. - * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with - seccompsandbox.c - * Rename deprecated "sandbox" to "ptrace_sandbox". - * Add a few more state checks to the privileged helper processes. - * Add tunable "seccomp_sandbox", default on. - * Use hardened build flags. - * Retry creating a PASV socket upon port reuse race between bind() and - listen(), patch from Ralph Wuerthner . - * Don't die() if recv() indicates a closed remote connection. Problem report - on a Windows client from Herbert van den Bergh, - . - * Add new config setting "allow_writeable_chroot" to help people in a bit of - a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - * Remove a couple of fixed things from BUGS. - * strlen() trunction fix -- no particular impact. - * Apply some tidyups from mmoufid@yorku.ca. - * Fix delete_failed_uploads if there is a timeout. Report from Alejandro - Hernández Hdez . - * Fix other data channel bugs such as failure to log failure upon timeout. - * Use exit codes a bit more consistently. - * Fix bad interaction between SSL and trans_chunk_size. - * Redo data timeout to fire properly for SSL sessions. - * Redo idle timeout to fire properly for SSL sessions. - * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - * Use 10 minutes as a max linger time just in case an alarm gets lost. - * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. - Unfortunately the default vsftpd SSL confiuration still doesn't fully work with - FileZilla, because FileZilla has a data connection security problem: no client - certificate presentation and no session reuse. At least the error message is - now very clear. - * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst - a data transfer is in progress. - * Fix delete_failed_uploads for anonymous sessions. - * Don't listen for urgent data if the control connection is SSL, due to possible - protocol synchronization issues. -- SUSE specific changes: - * turn off the listen mode (listen=NO) by default and change README.SUSE - * merge new hardended flags for build and linking - * fix the wrong Type=forking from systemd service file - * turn off the seccomp_sandbox off by default as SUSE kernel does not support - it (yet) - -- follow Systemd Packaging guidelines - http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines -- add $local_fs and $remote_fs to init script - -- use the original tarball, because the bz2 repacking madness disables - gpg --verify -- revert a part oc changes utf converting - -- update to upstream 2.3.5: - * Try and force glibc to cache zoneinfo files in an attempt to work around - glibc parsing vulnerability. Thanks to Kingcope. - * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke - . - * Some simple fixes and cleanups from Thorsten Brehm . - * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to - steve willing . - * Handle connect() failures properly. Thanks to Takayuki Nagata - . - * Add stronger checks for the configuration error of running with a - writeable root directory inside a chroot(). This may bite people who - carelessly turned on chroot_local_user but such is life. -- convert .changes file to unicode -- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch -- name patches explicitly without macro as per recommendations -- remove INSTALL file from binary package -- update license to GPL-2.0+ -- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file - -- fis copy/paste error in previous change - -- Add systemd unit - -- fix bnc#713588 - bogus logrotate config for vsftpd - call /sbin/killproc -HUP /usr/sbin/vsftpd like init script -- change the url and service file to the new location at - security.appspot.com/vsftpd - -- Update to 2.3.4 -- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to - Maksymilian Arciemowicz . -- Some bugfixes from Raphaël Rigo -- good bugs but - no apparent security impact. - -- Update to version 2.3.2 -- Fix silly regression re: log files being overwritten from the start. -- Rename a few file-open functions to make it clearer what they do - -- Update to 2.3.0 -- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP - protocol and headers, and likely has all sorts of other issues. The use case - it might satisfy is if you need to serve simple static unathenticated content - with large levels of paranoia. -- Fix port_promiscuous breakage. -- Minor FAQ update. -- Use a larger address space limit if using text_userdb_names=YES -- Always use CLONE_NEWNET if possible when in HTTP mode. -- Change REST + STOR so that it's possible to overwrite part of file without - truncating it. -- Boot the session if we see a USER where encryption was required. May prevent - the transmission of plaintext passwords by buggy clients. -- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n - fixups. - -- $remote_fs --> network-remotefs - -- updated to version 2.2.2 - * Change "File receive OK." to "Transfer complete." to placate some broken - clients. Thanks Holger Kiehl . - * Fix erroneous "child died" upon FTP client connect, when under load. Awesome - thanks to Holger Kiehl for running diagnostic tests on - his live server. - * Boot the session if an overly long line is encountered. -- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases -- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch - nowarn.patch - -- added use-ipv6-scope-id.patch to fix connection issues with - ipv6-link local address (bnc#574366) - -- fix typo in the package description - and remove authors - webkit2gtk3 +- Per discussion with maintenance, let's not remove features that + customers could possibly be using: +- Add webkit2gtk3-restore-npapi.patch: restore NPAPI plugin + support. Reverts webkit#215503. + +- Update to version 2.32.0 (boo#1184155): + + Fix the authentication request port when URL omits the port. + + Fix iframe scrolling when main frame is scrolled in async + scrolling mode. + + Stop using g_memdup. + + Show a warning message when overriding signal handler for + threading suspension. + - Fix the build on RISC-V with GCC 11. + - Fix several crashes and rendering issues. + + Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 + + Changes in version 2.30.6 (boo#1184262): + + Update user agent quirks again for Google Docs and Google Drive. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 + CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. +- Remove webkit-font-scaling.patch: contained in upstream +- Drop original SLE 15 support from the spec. Drop + webkit-process.patch and old-wayland-scanner.patch; they are not + needed for SP2. +- Pass ENABLE_GAMEPAD=OFF to cmake, since we don't have manette. +- Add glproto-devel to BuildRequires: now needed for the build on + SLE 15. + +- Update _constraints for armv6/armv7 (bsc#1182719) + wpa_supplicant +- Add CVE-2021-30004.patch -- forging attacks may occur because + AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c + (bsc#1184348) + +- Fix systemd device ready dependencies in wpa_supplicant@.service file. + (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) + xaos +- Bump Qt minimal required version to 5.7: Code references + QLocale::DefaultNumberOptions which does not exist before 5.7. + +- Update to version 4.2.1: + * A lot of changes happened since 3.6. + * Notably UI is now based on Qt. + * See installed NEWS file for details. +- Drop obsolete patches: + * xaos-3.5-strip.patch + * fix-prototypes.diff + * xaos-fix-implicit-decl.patch +- Drop obsolete sources: + * xaos.desktop + * xaos.png + * xaos.sh + +- Fix install_info_delete macro usage. + -- spec cleanup -- obsolete patches removed -- convert all xpf-files to UNIX format -- added fdupes and dos2unix to BuildRequires - -- use find_lang macro - -- converted neededforbuild to BuildRequires - xdg-desktop-portal +- Ensure systemd rpm macros are called at install/uninstall times + for systemd user services. +- Add BuildRequires on systemd-rpm-macros. + +- Update to version 1.8.0: + + openuri: + - Allow skipping the chooser for more URL tyles + - Robustness fixes + + filechooser: Return the current filter + + camera: + - Make the client node visible + - Don't leak pipewire proxy + + Fix file descriptor leaks + + Testsuite improvements + + Updated translations. +- Changes from version 1.7.2: + + document: + - Reduce the use of open fds + - Add more tests and fix issues they found + + Fix the build with musl. +- Changes from version 1.7.1: + + filechooser: + - Add a "directory" option + - Document the "writable" option + + document: Expose directories with their proper name +- Changes from version 1.7.0: + + testsuite improvements + + background: Avoid a segfault + + screencast: Require pipewire 0.3 + + document: + - Support exporting directories + - New fuse implementation + + Better support for snap and toolbox + + Updated translations. +- Drop patches fixed upstream: + + xdg-dp-port-pipewire-3-api.patch + + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch + + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch + + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch + +- Require /usr/bin/fusermount: xdg-document-portal calls out to the + binary. Without it, files or dirs can be selected, but + whatever is done with or in them, will not have any effect + (boo#1175899). + +- Fixes for %_libexecdir changing to /usr/libexec + xdg-desktop-portal-gtk +- Update to version 1.8.0: + + filechooser: Return the current filter + + screenshot: Fix cancellation + + appchooser: Avoid a crash + + wallpaper: + - Properly preview placement settings + - Drop the lockscreen option + + printing: Improve the notification + + Updated translations. +- Changes from version 1.7.1: + + filechooser: + - Handle the "directory" option to select directories + - Only show preview when we have an image + + Updated translations. +- Changes from version 1.7.0: + + screencast: Support mutter version 3 + + settings: Fall back to gsettings for enable-animations + + Updated translations. +- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream. + +- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump + supported Mutter version to 3 (New pipewire api ver 3). + xorg-x11-server +- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch, + U_meson-Fix-another-reference-to-gl-9.2.0.patch + * fix build on sle15-sp3 with updated libglvnd/Mesa and their + new pkgconfig files + (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893) + +- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch + * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543) + +- U_Fix-XChangeFeedbackControl-request-underflow.patch + * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472, + ZDI-CAN-1259, bsc#1180128) + xpra +- fix build on architectures without pandoc + yast2-trans +- Update to version 84.87.20210502.7b34dbceae: + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Turkish) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + zypp-plugin-spacewalk +- 1.0.9 +- support for "allow vendor change" for patching/upgrading +