Removed rpms ============ - OpenIPMI - appres - bdftopcf - beforelight - bitmap - editres - expect - fonttosfnt - fslsfonts - fstobdf - grub2 - grub2-s390x-emu - grub2-snapper-plugin - grub2-systemd-sleep-plugin - hardlink - hunspell - hunspell-tools - ico - insserv-compat - ipmitool - lbxproxy - libFS6 - libXRes1 - libXTrap6 - libXiterm1 - libXp6 - libXprintUtil1 - libXxf86dga1 - libgthread-2_0-0 - liblbxutil1 - liblvm2cmd2_03 - librecode3 - libstartup-notification-1-0 - libxml2-tools - libyui-ncurses-pkg14 - libyui-ncurses14 - libyui-qt-graph14 - libyui-qt-pkg14 - libyui-qt14 - libyui14 - listres - lvm2 - m4 - make - make-lang - man-pages-fr - mkcomposecache - mksh - mutt - mutt-doc - mutt-lang - oclock - patterns-base-apparmor_opt - patterns-base-enhanced_base_opt - patterns-base-x11_opt - patterns-desktop-laptop - perl-Expect - proxymngr - python3-urwid - raleway-fonts - recode - release-notes-openSUSE - rendercheck - rstart - rxvt-unicode - showfont - site-config - smproxy - supportutils - sysfsutils - twm - urlscan - urlview - viewres - x11-japanese-bitmap-fonts - x11perf - xbacklight - xbiff - xcalc - xclipboard - xcmsdb - xcompmgr - xcursor-themes - xcursorgen - xdbedizzy - xditview - xdpyinfo - xedit - xev - xeyes - xf86dga - xfd - xfindproxy - xfontsel - xfs - xfsinfo - xfwp - xgamma - xgc - xinput - xiterm - xkbevd - xkbprint - xkbutils - xkill - xload - xlogo - xlsatoms - xlsclients - xlsfonts - xmag - xman - xmanja - xmore - xorg-scripts - xorg-x11 - xplsprinters - xpr - xprehashprinterlist - xrefresh - xrestop - xrx - xscope - xsetmode - xsetpointer - xsm - xstdcmap - xtrap - xvidtune - xvinfo - xwd - xwininfo - xwud - yast2-support Added rpms ========== - SUSEConnect - WindowMaker - dracut-transactional-update - google-poppins-fonts - inotify-tools - libeconf0 - libgif7 - libgnomesu - libgnomesu-lang - libgnomesu0 - libinotifytools0 - liblmdb-0_9_17 - libnss_usrfiles2 - libtukit0 - libyui-ncurses-pkg15 - libyui-ncurses15 - libyui-qt-graph15 - libyui-qt-pkg15 - libyui-qt15 - libyui15 - login_defs - metamail - mpt-status - pam-doc - pam_pwquality - patterns-base-basic_desktop - patterns-base-documentation - patterns-desktop-mobile - patterns-yast-yast2_desktop - patterns-yast-yast2_server - perl-TermReadLine-Gnu - procinfo - procmail - rollback-helper - setserial - sharutils - sharutils-lang - spax - star - star-rmt - systemd-doc - tukit - update-test-trivial - vlan - zypper-migration-plugin - zypper-search-packages-plugin Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 78.7.1 ESR + * Fixed: Prevent access to NTFS special paths that could lead + to filesystem corruption. (bmo#1689598) + * Fixed: Security fix + MFSA 2021-06 (bsc#1181848) + * MOZ-2021-0001 (bmo#1676636) + Buffer overflow in depth pitch calculations for compressed + textures + +- Firefox Extended Support Release 78.7.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2021-04 (bsc#1181414) + * CVE-2021-23953 (bmo#1683940) + Cross-origin information leakage via redirected PDF requests + * CVE-2021-23954 (bmo#1684020) + Type confusion when using logical assignment operators in + JavaScript switch statements + * CVE-2020-26976 (bmo#1674343) + HTTPS pages could have been intercepted by a registered + service worker when they should not have been + * CVE-2021-23960 (bmo#1675755) + Use-after-poison for incorrectly redeclared JavaScript + variables during GC + * CVE-2021-23964 (bmo#1662507, bmo#1666285, bmo#1673526, + bmo#1674278, bmo#1674835, bmo#1675097, bmo#1675844, + bmo#1675868, bmo#1677590, bmo#1677888, bmo#1680410, + bmo#1681268, bmo#1682068, bmo#1682938, bmo#1683736, + bmo#1685260, bmo#1685925) + Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 + MozillaThunderbird +- Mozilla Thunderbird 78.7.1 (bsc#1181848) + * changed: Building OpenPGP shared library linked to system + libraries now supported (bmo#1634963) + * changed: MailExtension errors now shown in Developer Tools + console by default (bmo#1650149) + * changed: MailExtensions: Dynamic registration of calendar + providers now supported (bmo#1652885) + * fixed: OpenPGP improvements (bmo#1655210) + * fixed: Message preview was sometimes blank after upgrading + from Thunderbird 68 (bmo#1653168) + * fixed: Email addresses whitelisted for remote content not + displayed in preferences (bmo#1652575) + * fixed: Importing data from Seamonkey did not work + (bmo#272292) + * fixed: Renaming a mail list did not update the side bar + (bmo#1632331) + * fixed: MailExtensions: messenger.* namespace was undefined + (bmo#1641573) + PackageKit +- Add PackageKit-zypp-reset-update-mode-after-get-updates.patch: + zypp: Reset update mode after getting updates + (gh#hughsie/PackageKit/commit#b208f551, bsc#1180150). + autoyast2 +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.68 + bcm43xx-firmware -- use %_firmwaredir - colord +- allow access to /usr/local/share/color in AppArmor profile (boo#1180898) + cups +- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001 + access to uninitialized buffer in ipp.c (bsc#1180520) +- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671) + the ippReadIO function may under-read an extension field + dracut +- Update to version 049.1+suse.183.g7282fe92: + * As of v246 of systemd "syslog" and "syslog-console" switches have been deprecated + (multiple backported commits, bsc#1180119) + +- Update to version 049.1+suse.174.g150b9981: + * make collect optional (bsc#1177870) + * Inclusion of dracut modifications to enable nvme-fc boot support (bsc#1142248) + * suse.spec: add nvmf module + * 95nvmf: Implement 'fc,auto' commandline syntax + * 95nvmf: add nvmf-autoconnect script + * 95nvmf: Fixup FC connections + * 95nvmf: rework parameter handling + * 95nvmf: fix typo in the example documentation + * 95nvmf: add NVMe over TCP support + * 95nvmf: add module for NVMe-oF + Adds new module 95nvmf, see jsc#ECO-3063. + gdm +- Add gdm-fix-crash-when-using-Xvfb.patch: For some reason gdm + fails to get display and does not set it to NULL when using + with Xvfb, and it leads into a crash, this patch sets display + to NULL by default. (bsc#1178292, glgo#GNOME/gdm!118) + gmp +- adjusted to be the same license as in factory (bsc#1180603) + +- correct license statement (library itself is no GPL-3.0) + hwdata +- Add merge-pciids.pl to fully duplicate behavior of pciutils-ids + * Resolves SLE issue bsc#1180422 bsc#1180482 + +- Update to version 0.343: + + Updated pci, usb and vendor ids. + +- Update to version 0.342: + + Updated pci, usb and vendor ids. + +- Update to version 0.341: + + Updated pci, usb and vendor ids. + +- Update to version 0.340: + + Updated pci, usb and vendor ids. + +- Update to version 0.339: + + Updated pci, usb and vendor ids. + +- Update to version 0.338: + + Updated pci, usb and vendor ids. + +- Update to version 0.337: + + Updated pci, usb and vendor ids. + +- Update to version 0.336: + + Updated pci, usb and vendor ids. + +- Update to version 0.335: + * Updated pci, usb and vendor ids. + jasper +- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls + Add jasper-CVE-2020-27828.patch +- bsc#1181483 CVE-2021-3272: Fix heap overflow by ensuring number + of channels matches image components + Add jasper-CVE-2021-3272.patch + kernel-default +- Rename duplicate patches to their SLE15-SP2 equivalents. + This is to prepare for the next SLE15-SP2 -> SLE15-SP3 merge. +- commit a7157b9 + +- platform/x86: pmt: Fix a potential Oops on error in probe + (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). +- commit e21ef02 + +- platform/x86: Intel PMT Crashlog capability driver + (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). +- Update config files: Build PMT Crashlog capability driver. +- supported.conf: Add the PMT Crashlog capability driver. +- commit 0f2da12 + +- platform/x86: Intel PMT Telemetry capability driver + (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). +- Update config files: Build PMT Telemetry capability driver. +- supported.conf: Add the PMT Telemetry capability driver. +- commit e0ffba9 + +- platform/x86: Intel PMT class driver (jsc#SLE-13352, + jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). +- Update config files: Build PMT class driver. +- supported.conf: Add the PMT class driver. +- commit 22095e8 + +- mfd: Intel Platform Monitoring Technology support + (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, jsc#SLE-13391). +- Update config files: Build PMT driver on x86_64. +- supported.conf: Add the PMT driver. +- commit be0482a + +- PCI: Add defines for Designated Vendor-Specific Extended + Capability (jsc#SLE-13352, jsc#SLE-13343, jsc#SLE-13363, + jsc#SLE-13391). +- commit 8eb1abf + +- series.conf: cleanup +- update upstream references of unsortable patches and sort them properly: + patches.suse/perf-x86-intel-uncore-Store-the-logical-die-id-inste.patch + patches.suse/perf-x86-intel-uncore-With-8-nodes-get-pci-bus-die-i.patch +- commit b4f0fcb + +- fix patch metadata and move it to correct section +- fix upstream reference of a non-mainline patch and move to correct section: + patches.suse/net-sctp-filter-remap-copy_from_user-failure-error.patch +- commit fda606d + +- usb: xhci-mtk: break loop when find the endpoint to drop + (git-fixes). +- commit bd7c89a + +- usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints + (git-fixes). +- commit 1a31126 + +- usb: xhci-mtk: fix unreleased bandwidth data (git-fixes). +- commit 6da0a12 + +- usb: dwc2: Fix endpoint direction check in ep_from_windex + (git-fixes). +- usb: dwc3: fix clock issue during resume in OTG mode + (git-fixes). +- xhci: fix bounce buffer usage for non-sg list case (git-fixes). +- usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() + (git-fixes). +- USB: gadget: legacy: fix an error code in eth_bind() + (git-fixes). +- Input: i8042 - unbreak Pegatron C15B (git-fixes). +- commit bcaeec1 + +- net: qca_spi: Move reset_count to struct qcaspi (git-fixes). +- commit 45b7fef + +- net: qca_spi: fix receive buffer size check (git-fixes). +- commit 5cd7e42 + +- net: stmmac: fix disabling flexible PPS output (git-fixes). +- commit 20dce33 + +- net: stmmac: fix length of PTP clock's name string (git-fixes). +- commit 9f89a73 + +- net: phy: at803x: use operating parameters from PHY-specific + status (git-fixes). +- commit e91964f + +- net: phy: extract pause mode (git-fixes). +- commit c81698a + +- net: phy: extract link partner advertisement reading + (git-fixes). +- commit 18dc97f + +- net: phy: read MII_CTRL1000 in genphy_read_status only if needed + (git-fixes). +- commit d5eb04d + +- net: stmmac: selftests: Flow Control test can also run with + ASYM Pause (git-fixes). +- commit 26dfc56 + +- cirrus: cs89x0: remove set but not used variable 'lp' + (git-fixes). +- commit 0385a3f + +- cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify + code (git-fixes). +- commit f75aac5 + +- blacklist.conf: update blacklist +- commit ca67b2c + +- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from + NUMA info (bsc#1180989). +- perf/x86/intel/uncore: Store the logical die id instead of + the physical die id (bsc#1180989). +- perf/x86/intel/uncore: Generic support for the PCI sub driver + (bsc#1180989). +- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() + (bsc#1180989). +- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() + (bsc#1180989). +- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() + (bsc#1180989). +- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() + (bsc#1180989). +- commit 6e81128 + +- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from + NUMA info (bsc#1180989). +- perf/x86/intel/uncore: Store the logical die id instead of + the physical die id (bsc#1180989). +- commit 67d84dd + +- gpiolib: fix gpio_do_set_config() (bsc#1180682). +- Refresh + patches.suse/gpiolib-Extract-gpio_set_config_with_argument-for-fu.patch. +- Refresh + patches.suse/gpiolib-Introduce-gpio_set_debounce_timeout-for-inte.patch. +- Refresh + patches.suse/gpiolib-use-proper-API-to-pack-pin-configuration-par.patch. +- commit 11e6d6f + +- gpiolib: acpi: Fix fall-through warnings for Clang + (bsc#1180682). +- gpiolib: split error path in gpiod_request_commit() + (bsc#1180682). +- gpiolib: Unify expectations about ->request() returned value + (bsc#1180682). +- gpiolib: Extract gpiod_not_found() helper (bsc#1180682). +- gpio: just plain warning when nonexisting gpio requested + (bsc#1180682). +- gpiolib: acpi: Use BIT() macro to increase readability + (bsc#1180682). +- gpiolib: acpi: Convert pin_index to be u16 (bsc#1180682). +- gpiolib: acpi: Extract acpi_request_own_gpiod() helper + (bsc#1180682). +- gpiolib: acpi: Make acpi_gpio_to_gpiod_flags() usable for + GpioInt() (bsc#1180682). +- gpiolib: acpi: Set initial value for output pin based on bias + and polarity (bsc#1180682). +- gpiolib: acpi: Move acpi_gpio_to_gpiod_flags() upper in the code + (bsc#1180682). +- gpiolib: acpi: Move non-critical code outside of critical + section (bsc#1180682). +- gpiolib: acpi: Take into account debounce settings + (bsc#1180682). +- gpiolib: acpi: Use named item for enum gpiod_flags variable + (bsc#1180682). +- gpiolib: acpi: Respect bias settings for GpioInt() resource + (bsc#1180682). +- gpiolib: Introduce gpio_set_debounce_timeout() for internal use + (bsc#1180682). +- gpiolib: Extract gpio_set_config_with_argument_optional() + helper (bsc#1180682). +- gpiolib: Extract gpio_set_config_with_argument() for future use + (bsc#1180682). +- gpiolib: use proper API to pack pin configuration parameters + (bsc#1180682). +- gpiolib: add missed break statement (bsc#1180682). +- gpiolib: have a single place of calling set_config() + (bsc#1180682). +- gpiolib: use 'unsigned int' instead of 'unsigned' in + gpio_set_config() (bsc#1180682). +- commit da451fd + +- bus: fsl-mc: add autorescan sysfs (jsc#SLE-12251). +- bus: fsl-mc: add bus rescan attribute (jsc#SLE-12251). +- bus: fsl-mc: add fsl-mc userspace support (jsc#SLE-12251). +- bus: fsl-mc: export mc_cmd_hdr_read_cmdid() to the fsl-mc bus + (jsc#SLE-12251). +- bus: fsl-mc: move fsl_mc_command struct in a uapi header + (jsc#SLE-12251). +- bus: fsl-mc: return -EPROBE_DEFER when a device is not yet + discovered (jsc#SLE-12251). +- bus: fsl-mc: add missing __iomem attribute (jsc#SLE-12251). +- commit 21968ee + +- bonding: wait for sysfs kobject destruction before freeing + struct slave (git-fixes). +- net/mlx5: E-Switch, Use vport metadata matching by default + (git-fixes). +- cxgb4: fix all-mask IP address comparison (git-fixes). +- cxgb4: fix set but unused variable when DCB is disabled + (git-fixes). +- commit 8f53029 + +- Refresh + patches.suse/coresight-etm4x-Skip-setting-LPOVERRIDE-bit-for-qcom.patch. +- commit 6434185 + +- Refresh + patches.suse/spi-fsl-dspi-fix-wrong-pointer-in-suspend-resume.patch. +- commit 78ee3ab + +- bpf, cgroup: Fix problematic bounds check (bsc#1155518). +- bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518). +- commit 3ab5222 + +- net, sctp, filter: remap copy_from_user failure error + (bsc#1181637). +- commit 32551e1 + +- i40e: Revert "i40e: don't report link up for a VF who hasn't + enabled queues" (jsc#SLE-8025). +- igc: Fix returning wrong statistics (git-fixes). +- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). +- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() + (git-fixes). +- mlxsw: core: Fix memory leak on module removal (git-fixes). +- net/mlx5: Don't call timecounter cyc2time directly from 1PPS + flow (git-fixes). +- net: ethernet: mlx4: Avoid assigning a value to ring_cons but + not used it anymore in mlx4_en_xmit() (git-fixes). +- net: team: fix memory leak in __team_options_register + (git-fixes). +- net/mlx5e: Fix VLAN create flow (git-fixes). +- net/mlx5e: Fix VLAN cleanup flow (git-fixes). +- net/mlx5: Fix request_irqs error flow (git-fixes). +- mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error + path (git-fixes). +- team: set dev->needed_headroom in team_setup_by_port() + (git-fixes). +- bonding: set dev->needed_headroom in bond_setup_by_slave() + (git-fixes). +- net: qed: RDMA personality shouldn't fail VF load (git-fixes). +- net: thunderx: initialize VF's mailbox mutex before first usage + (git-fixes). +- net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). +- iavf: Fix updating statistics (git-fixes). +- iavf: fix error return code in iavf_init_get_resources() + (git-fixes). +- net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). +- vxlan: fix memleak of fdb (git-fixes). +- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq + (git-fixes). +- mlxsw: core: Free EMAD transactions using kfree_rcu() + (git-fixes). +- mlxsw: core: Increase scope of RCU read-side critical section + (git-fixes). +- net/mlx5: Query PPS pin operational status before registering it + (git-fixes). +- net/mlx5: Verify Hardware supports requested ptp function on + a given pin (git-fixes). +- net/mlx5: Fix a bug of using ptp channel index as pin index + (git-fixes). +- net/mlx5e: Fix error path of device attach (git-fixes). +- net/mlx5: E-switch, Destroy TSAR after reload interface + (git-fixes). +- net: hns3: fix aRFS FD rules leftover after add a user FD rule + (git-fixes). +- net: hns3: fix a TX timeout issue (git-fixes). +- net: hns3: fix desc filling bug when skb is expanded or lineared + (git-fixes). +- qed: Populate nvm-file attributes while reading nvm config + partition (git-fixes). +- net: hns3: fix use-after-free when doing self test (git-fixes). +- net: hns3: add a missing uninit debugfs when unload driver + (git-fixes). +- net: cxgb4: fix return error value in t4_prep_fw (git-fixes). +- cxgb4vf: update kernel-doc line comments (git-fixes). +- cxgb4: update kernel-doc line comments (git-fixes). +- cxgb4: move DCB version extern to header file (git-fixes). +- cxgb4: remove cast when saving IPv4 partial checksum + (git-fixes). +- cxgb4: fix SGE queue dump destination buffer context + (git-fixes). +- cxgb4: use correct type for all-mask IP address comparison + (git-fixes). +- cxgb4: fix endian conversions for L4 ports in filters + (git-fixes). +- cxgb4: parse TC-U32 key values and masks natively (git-fixes). +- cxgb4: use unaligned conversion for fetching timestamp + (git-fixes). +- cxgb4: move PTP lock and unlock to caller in Tx path + (git-fixes). +- cxgb4: move handling L2T ARP failures to caller (git-fixes). +- net: qed: fix "maybe uninitialized" warning (git-fixes). +- net: qede: fix use-after-free on recovery and AER handling + (git-fixes). +- net: qede: fix PTP initialization on recovery (git-fixes). +- net: qed: fix excessive QM ILT lines consumption (git-fixes). +- net: qed: fix NVMe login fails over VFs (git-fixes). +- net: qede: stop adding events on an already destroyed workqueue + (git-fixes). +- net: qed: fix async event callbacks unregistering (git-fixes). +- iavf: fix speed reporting over virtchnl (git-fixes). +- net/mlx5e: IPoIB, Drop multicast packets that this interface + sent (git-fixes). +- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K + (git-fixes). +- veth: Adjust hard_start offset on redirect XDP frames + (git-fixes). +- net/mlx5e: Set of completion request bit should not clear + other adjacent bits (git-fixes). +- net/mlx5e: en_accel, Add missing net/geneve.h include + (git-fixes). +- bonding: Fix reference count leak in bond_sysfs_slave_add + (git-fixes). +- bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes). +- net/mlx5: Annotate mutex destroy for root ns (git-fixes). +- net/mlx5: Don't maintain a case of del_sw_func being null + (git-fixes). +- net/mlx4_core: fix a memory leak bug (git-fixes). +- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set + in case reload fails (git-fixes). +- net/mlx5e: Get the latest values from counters in switchdev mode + (git-fixes). +- net/mlx5e: Don't trigger IRQ multiple times on XSK wakeup to + avoid WQ overruns (git-fixes). +- net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes). +- net/cxgb4: Check the return from t4_query_params properly + (git-fixes). +- net: hns3: fix set and get link ksettings issue (git-fixes). +- net: hns3: fix RSS config lost after VF reset (git-fixes). +- qed: Fix race condition between scheduling and destroying the + slowpath workqueue (git-fixes). +- net/mlx5: E-Switch, Hold mutex when querying drop counter in + legacy mode (git-fixes). +- net/mlx5: E-Switch, Use vport metadata matching only when + mandatory (git-fixes). +- net/liquidio: Delete non-working LIQUIDIO_PACKAGE check + (git-fixes). +- virtio_net: Keep vnet header zeroed if XDP is loaded for small + buffer (git-fixes). +- net/mlx5: Clear LAG notifier pointer after unregister + (git-fixes). +- net/mlx5e: Fix endianness handling in pedit mask (git-fixes). +- net/mlx5e: kTLS, Fix wrong value in record tracker enum + (git-fixes). +- net: hns3: clear port base VLAN when unload PF (git-fixes). +- net: hns3: fix VF VLAN table entries inconsistent issue + (git-fixes). +- net: hns3: fix "tc qdisc del" failed issue (git-fixes). +- cxgb4: fix checks for max queues to allocate (git-fixes). +- commit a805d8f + +- Update config files. Switch on DWC3 on x86_64 + (jsc#SLE-14042) +- commit 1a0a5a5 + +- Another fix of the missing merge commit hunk in idxd dma driver (bsc#1181795) +- commit 4b7e5ed + +- Fix the missing change via the upstream merge commit for idxd dma driver (bsc#1181795) +- commit e5ace2b + +- dmaengine: idxd: add missing invalid flags field to completion + (bsc#1181795). +- dmaengine: idxd: fix hw descriptor fields for delta record + (bsc#1181795). +- commit fb2caf6 + +- blacklist.conf: Blacklist two 32-bit only fixes + 50fe7ebb6475 bpf, x86_32: Fix clobbering of dst for BPF_JSET + 5ca1ca01fae1 bpf, x86_32: Fix logic error in BPF_LDX zero-extension +- commit 55cadfc + +- nvme-multipath: Early exit if no path is available + (bsc#1180964). +- commit 1c96465 + +- kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995). +- commit bf72ec9 + +- ahci: Add Intel Emmitsburg PCH RAID PCI IDs (jsc#SLE-14457). +- commit a78ee51 + +- iwlwifi: pcie: remove obsolete pre-release support code + (git-fixes). +- iwlwifi: pcie: add some missing entries for AX210 (git-fixes). +- iwlwifi: support an additional Qu subsystem id (git-fixes). +- iwlwifi: add new card for MA family (git-fixes). +- iwlwifi: iwl-trans: move all txcmd init to trans alloc + (git-fixes). +- commit 133d60e + +- iwlwifi: Fix IWL_SUBDEVICE_NO_160 macro to use the correct bit + (git-fixes). +- iwlwifi: pcie: add rules to match Qu with Hr2 (git-fixes). +- iwlwifi: Add a new card for MA family (git-fixes). +- iwlwifi: follow the new inclusive terminology (git-fixes). +- iwlwifi: pcie: fix xtal latency for 9560 devices (git-fixes). +- iwlwifi: pcie: fix 0x271B and 0x271C trans cfg struct + (git-fixes). +- iwlwifi: add new cards for MA family (git-fixes). +- iwlwifi: add new cards for AX201 family (git-fixes). +- commit 050b58f + +- gpio: gpiolib: remove shadowed variable (git-fixes). +- drm/i915/gt: Always try to reserve GGTT address 0x0 (git-fixes). +- iwlwifi: pcie: set LTR on more devices (git-fixes). +- commit d7ad942 + +- mac80211: pause TX while changing interface type (git-fixes). +- wext: fix NULL-ptr-dereference with cfg80211's lack of commit() + (git-fixes). +- iwlwifi: pcie: reschedule in long-running memory reads + (git-fixes). +- iwlwifi: pcie: use jiffies for memory read spin time limit + (git-fixes). +- net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 + modem family (git-fixes). +- drivers: soc: atmel: add null entry at the end of + at91_soc_allowed_list[] (git-fixes). +- drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 + SoCs (git-fixes). +- commit 023b5c2 + +- perf: Make struct ring_buffer less ambiguous (bsc#1177028). + Refresh patches.suse/0001-perf-core-Fix-race-in-the-perf_mmap_close-function.patch. +- commit 5dfb979 + +- powerpc/mm/pkeys: Make pkey access check work on execute_only_key + (bsc#1181544 ltc#191080 git-fixes). +- Refresh patches.suse/powerpc-book3s64-pkeys-Fix-pkey_access_permitted-for.patch. +- commit 7508356 + +- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796) + The product string was changed from openSUSE to Leap. +- commit 4127a14 + +- powerpc/pkeys: Check vma before returning key fault error to + the user (bsc#1181544 ltc#191080). +- powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 + ltc#191080). +- commit 8cb9fab + +- net/mlx5: Fix function calculation for page trees (git-fixes). +- commit 22c3016 + +- net: fec: put child node on error path (git-fixes). +- commit cbac658 + +- ARM: imx: fix imx8m dependencies (git-fixes). +- soc: imx: select ARM_GIC_V3 for i.MX8M (git-fixes). +- commit adb9b1b + +- Add no-fix tag to drm cherry-picks + Add a no-fix tag to drm patches that are cherry-picks and are not + already blacklisted. +- Refresh + patches.suse/0001-drm-i915-Preload-LUTs-if-the-hw-isn-t-currently-usin.patch. +- Refresh + patches.suse/0001-drm-i915-Update-drm-i915-bug-filing-URL.patch. +- Refresh + patches.suse/0001-drm-i915-execlists-Always-force-a-context-reload-whe.patch. +- Refresh + patches.suse/0001-drm-i915-icl-Fix-hotplug-interrupt-disabling-after-s.patch. +- Refresh + patches.suse/0003-drm-i915-Correctly-set-SFC-capability-for-video-engi.patch. +- Refresh + patches.suse/0029-drm-i915-gem-Avoid-implicit-vmap-for-highmem-on-x86-.patch. +- Refresh + patches.suse/drm-i915-Perform-GGTT-restore-much-earlier-during-re.patch. +- Refresh + patches.suse/drm-i915-Whitelist-COMMON_SLICE_CHICKEN2.patch. +- Refresh + patches.suse/drm-i915-pmu-Frequency-is-reported-as-accumulated-cy.patch. +- Refresh + patches.suse/drm-i915-to-make-vgpu-ppgtt-notificaiton-as-atomic-o.patch. +- Refresh + patches.suse/drm-i915-update-rawclk-also-on-resume.patch. +- Refresh + patches.suse/drm-i915-userptr-Never-allow-userptr-into-the-mappab.patch. +- commit 46ba73b + +- KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests + (bsc#1178995). +- KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch + (bsc#1178995). +- commit 49749c4 + +- r8169: work around RTL8125 UDP hw bug (git-fixes). +- commit db42a5b + +- r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set + (git-fixes). +- commit ab82b36 + +- exfat: Avoid allocating upcase table using kcalloc() + (git-fixes). +- exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes). +- commit eb2e605 + +- s390/dasd: Fix inconsistent kobject removal (jsc#SLE-13767 + bsc#1178420 LTC#185092). +- commit e13d81a + +- blacklist.conf: no change to /sys/firmware/uv/query/max_cpus +- commit 737a803 + +- s390/vfio-ap: No need to disable IRQ after queue reset + (git-fixes). +- s390/vfio-ap: clean up vfio_ap resources when KVM pointer + invalidated (git-fixes). +- commit d91ae22 + +- Refresh patches.suse/edac-amd64-set-grain-per-dimm.patch. + Readd the second hunk which wasn't needed during the original git-fixes + backport. +- commit 9c3639f + +- Update patches.suse/bpf-Fix-modifier-skipping-logic.patch (bsc#1177028). + Restore the patch to match the upstream commit +- commit a490625 + +- mlxsw: spectrum_span: Do not overwrite policer configuration + (bsc#1176774). +- net/mlx5: CT: Fix incorrect removal of tuple_nat_node from + nat rhashtable (jsc#SLE-15172). +- net/mlx5e: Revert parameters on errors when changing trust + state without reset (jsc#SLE-15172). +- net/mlx5e: Correctly handle changing the number of queues when + the interface is down (jsc#SLE-15172). +- net/mlx5e: Fix CT rule + encap slow path offload and deletion + (jsc#SLE-15172). +- net/mlx5e: Disable hw-tc-offload when MLX5_CLS_ACT config is + disabled (jsc#SLE-15172). +- net/mlx5: Maintain separate page trees for ECPF and PF functions + (jsc#SLE-15172). +- net/mlx5e: Fix IPSEC stats (jsc#SLE-15172). +- net/mlx5e: free page before return (jsc#SLE-15172). +- ice: Fix MSI-X vector fallback logic (bsc#1180945). +- ice: Don't allow more channels than LAN MSI-X available + (bsc#1180945). +- ice: update dev_addr in ice_set_mac_address even if HW filter + exists (jsc#SLE-12878). +- ice: Implement flow for IPv6 next header (extension header) + (jsc#SLE-12878). +- ice: fix FDir IPv6 flexbyte (jsc#SLE-12878). +- uapi: fix big endian definition of ipv6_rpl_sr_hdr + (bsc#1176447). +- commit a3c4fad + +- rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 + bnc#1151927 5.3.9). +- net/mlx5e: E-switch, Fix rate calculation for overflow + (jsc#SLE-8464). +- i40e: acquire VSI pointer only after VF is initialized + (jsc#SLE-8025). +- ice: Fix MSI-X vector fallback logic (jsc#SLE-7926). +- ice: Don't allow more channels than LAN MSI-X available + (jsc#SLE-7926). +- Revert "RDMA/mlx5: Fix devlink deadlock on net namespace + deletion" (jsc#SLE-8464). +- commit 76b9a3a + +- Refresh patches.suse/bpf-Introduce-bpf_sk_-ancestor_-cgroup_id-helpers.patch. + The diff for cg_skb_func_proto was wrongly applied to + tc_cls_act_func_proto. +- commit 6cbb315 + +- selftests/bpf: Fix "dubious pointer arithmetic" test + (bsc#1177028). +- commit eb710d9 + kernel-firmware +- Correct the RPi4 brcm config to recover the WiFi breakage + (bsc#1182320): + Revert-brcm-rpi4-boardflags3-bit.patch + +- Update to version 20210208 (commit b79d2396bc63): + * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 + * linux-firmware: add firmware for MT7921 + * rtw88: RTL8821C: Update firmware to v24.8 + * linux-firmware: Update firmware file for Intel Bluetooth AX210 + * linux-firmware: Update firmware file for Intel Bluetooth AX200 + * linux-firmware: Update firmware file for Intel Bluetooth AX201 + * i915: Add DMC v2.01 for ADL-S + * i915: Add HuC v7.7.1 for DG1 + * i915: Add GuC v49.0.1 for DG1 + * qcom: Add venus firmware files for VPU-1.0 + * qcom: Add SM8250 Compute DSP firmware + * qcom: Add SM8250 Audio DSP firmware + * qcom: add firmware files for Adreno a650 + +- Update to version 20210119 (git commit 05789708b79b): + * brcm: Link RPi4's WiFi firmware with DMI machine name. + * brcm: Add NVRAM for Vamrs 96boards Rock960 + * brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes + * cypress: Fix link direction + * cypress: Link the new cypress firmware to the old brcm files + * brcm: remove old brcm firmwares that have newer cypress variants + * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB + * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 + * rtl_bt: Add firmware and config files for RTL8852A BT USB chip + * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 +- Fix install-split.sh to deal with the quoted spaces +- Update aliases + kernel-firmware:compressed +- Correct the RPi4 brcm config to recover the WiFi breakage + (bsc#1182320): + Revert-brcm-rpi4-boardflags3-bit.patch + +- Update to version 20210208 (commit b79d2396bc63): + * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304 + * linux-firmware: add firmware for MT7921 + * rtw88: RTL8821C: Update firmware to v24.8 + * linux-firmware: Update firmware file for Intel Bluetooth AX210 + * linux-firmware: Update firmware file for Intel Bluetooth AX200 + * linux-firmware: Update firmware file for Intel Bluetooth AX201 + * i915: Add DMC v2.01 for ADL-S + * i915: Add HuC v7.7.1 for DG1 + * i915: Add GuC v49.0.1 for DG1 + * qcom: Add venus firmware files for VPU-1.0 + * qcom: Add SM8250 Compute DSP firmware + * qcom: Add SM8250 Audio DSP firmware + * qcom: add firmware files for Adreno a650 + +- Update to version 20210119 (git commit 05789708b79b): + * brcm: Link RPi4's WiFi firmware with DMI machine name. + * brcm: Add NVRAM for Vamrs 96boards Rock960 + * brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes + * cypress: Fix link direction + * cypress: Link the new cypress firmware to the old brcm files + * brcm: remove old brcm firmwares that have newer cypress variants + * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB + * rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253 + * rtl_bt: Add firmware and config files for RTL8852A BT USB chip + * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644 +- Fix install-split.sh to deal with the quoted spaces +- Update aliases + kexec-tools +- Remove kexec-tools-xen-balloon-up.patch (bsc#1176606, + bsc#1174508) + This patch was introduced to address bsc#694863; it enabled kexec + for HVM at that time. Meanwhile Xen 4.7 introduced "soft-reset" + for HVM domUs. This host feature removes the requirement to + un-ballon the domU prior kexec. + With Xen 4.13 cpuid faulting became the default, which affects + the approach used in this patch to detect the domU type. As a + result, invoking kexec in dom0 failed. + libsolv +- repo_write: fix handling of nested flexarray +- improve choicerule generation a bit more to cover more cases +- harden testcase parser against repos being added too late +- support python-3.10 +- check %_dbpath macro in rpmdb code +- handle default/visible/langonly attributes in comps parser +- support multiple collections in updateinfo parser +- add '-D' option in rpmdb2solv to set the dbpath +- bump version to 0.7.17 + libstorage-ng +- merge gh#openSUSE/libstorage-ng#798 +- handle logical partitions in Pool::create_partitions +- 4.3.88 + +- merge gh#openSUSE/libstorage-ng#797 +- added function to calculate size of underlying devices of MD RAID +- added unit tests +- updated documentation +- 4.3.87 + libxcrypt +- add compatibility provides for Step 15 as well (bsc#1181571) + libzypp +- Try to provide a mounted /proc in --root installs (bsc#1181328) + Some systemd tools require /proc to be mounted and fail if it's + not there. +- Enable release packages to request a releaxed suse/opensuse + vendorcheck in dup when migrating. (bsc#1182629) +- version 17.25.8 (22) + +- Patch: Identify well-known category names (bsc#117984) + This allows to use the RH and SUSE patch categrory names + synonymously: + (recommendedi = bugfix) and (optional = feature = enhancement). +- Add missing includes for GCC 11 compatibility. +- Fix %posttrans script execution (fixes #265) + The scripts are execuable. No need to call them through 'sh -c'. +- Commit: Fix rpmdb compat symlink in case rpm got removed. +- Repo: Allow multiple baseurls specified on one line (fixes #285) +- Regex: Fix memory leak and undefined behavior. +- Add rpm buildrequires for test suite (fixes #279) +- Use rpmdb2solv new -D switch to tell the location ob the + rpmdatabase to use. +- BuildRequires: libsolv-devel >= 0.7.17. +- version 17.25.7 (22) + lightdm +- Add lightdm-glibc-2.33-fix.patch that fixes issue with glibc 2.33 + (boo#1181778). The patch was suggested as gh#168. + lvm2 +- revert commit which caused a regression: + lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + - change lvm.conf item external_device_info_source from none to udev + +- back port lvmlockd adopt orphan locks feature into sles15sp2 (bsc#1181319) + + bug-1181319_01-Revert-lvmlockd-use-commonly-used-define-NOTIFYDBUS_.patch + + bug-1181319_02-lvmlockctl-ensure-result-value-is-always-defined.patch + + bug-1181319_03-lvmlockctl-use-inline-initilizers.patch + + bug-1181319_04-lvmlockd-replace-lock-adopt-info-source.patch + + bug-1181319_05-cov-check-sscanf-result.patch + pam +- Create macros.pam with definition of %_pamdir so packages which + are commonly shared between Factory and SLE can use this macro + [pam.spec] + patterns-base -- Support multiversion(kernel) with purge-kernels.service separated - from dracut (jsc#SLE-10162). +- bootloader pattern should not require a base pattern + +- Remove yast2-qt requires on x11 pattern, there is already + an equivalent recommends in the pattern. + +- Add selinux pattern + +- Have pattern enhanced_base recommend documentation: + patterns-base-documentation in turn recommends man-pages (man cp) + and pam-doc (boo#1177828). + +- Handle the yast pattern split into basis, desktop and server (boo#1159875) + +- Don't recommend lightdm directly, also allow other DMs + +- Move pam_pwquality to Recommends section, as it is not required + and user should be able to de-install the full pwquality stack. + +- Stop trying to install grub2-branding on ppc64/ppc64le [boo#1171146] + +- Suggest postfix from the basesystem pattern: suggested packages + are not flagged for installation, but give the solver a hint. So + in case something wants an MTA (smtp_daemon), openSUSE installs + will all default to postfix (as the base pattern is generally + installed). Users are still free to switch as they wish + (boo#1136078). + +- re-add ppc64-diag on ppc64le (bsc#1098849). + +- Suggest xz in base, as it is now required by aaa_base and we don't + want that zypper uses busybox instead [bsc#1172209] + +- Re-add purge-kernels-service dependency (boo#1168727). + Support multiversion(kernel) with purge-kernels.service separated from dracut + (jsc#SLE-10162). +- Call perl directly in pre_checkin.sh. create_32bit-patterns_file.pl is not + executable when checked out from OBS. +- Skip bootloader in pre_checkin.sh +- Re-generate 32bit patterns. + +- Require pam_pwquality in base as it's the replacement for + pam_cracklib, previously part of the required pam package + +- Use requires in update-test pattern so it also works when + installing with recommends disabled. +- Require update-test pattern from sw_management pattern instead of + subtle supplements for same reason. + +- basic_desktop: Fix icon + +- Recommend bash-completion in enhanced_base as it got lost in the + base pattern cleanup + +- bootloader: pull in grub2-snapper plugin if snapper is installed + +- base pattern cleanup: + * make minimal_base really minimal by moving packages to base instead. Only + pull in the release package and branding. So this is really what + can be used for application containers, portable services etc. + In it's current form it also pulls in bash, glibc, coreutils + etc, so no need to specify explicitly. + * strip down base so it forms a minimal booting system that can install + packages. + * don't pull in man into transactional system + +- Add bootloader pattern. Useful for appliances to not repeat the logic + in kiwi files. + +- drop telnet from enhanced_base recommendations + +- Fix basic_desktop upgrade path for SLE-15 SP2 and later +- Put transactional_base in alphabetical order +- Fix SLE bug in generation of txt files for basic_desktop + +- Re-enable purge-kernels-service dependency: dracut dropped the service. + (boo#1161620,boo#1161780) + +- Disable purge-kernels-service dependency for now: dracut has not + yet been updated to no longer ship the service file. + +- Support multiversion(kernel) with purge-kernels.service separated from dracut + (jsc#SLE-10162, jsc#SLE-10465). + +- Drop Obsoletes: pattern() = readonly_root_tools: RPM only honors + obsoletes against package names, so this obsoletes is in fact + useless. WithRPM 4.15, there is a syntax check which even + disallows Obsoletes against non-valid names. + +- Remove tcpdump from enhanced_base + +- transactional_base require man by default (boo#1127539) -- recomment issue-generator in the minimal_base pattern rather than - the release package (boo#1133636) +- Added snapper back to base pattern as recommended package, the + workaround for boo#1151148 -- Move haveged from enhanced_base to minimal_base (bsc#1131369). +- minimal_base: add libnss_usrfiles2, required to read /usr/etc -- Remove btrfsmaintenance from patterns-base (boo#1063638) +- minimal_base: remove dracut. Only useful when there is also a + kernel and the kernel requires it anyways. +- base: + * remove bootloader packages. They are only required on real + hardware or VMs. YaST will add them. + * remove btrfsprogs. Has supplemements on btrfs so will be auto + installed when on btrfs. Also yast installs it. + * remove snapper (supplements btrfsprogs) + * move openssh to enhanced_base +- enhanced_base: + * iproute2 already in minimal_base + * remove explicit grub and plymouth branding. They are pulled + via supplements +- documentation: + * remove info2html, old tool not useful today. + * susehelp and sled manuals no longer exist + * Use minimal_base as Basesystem is just an alias +- sw_management: + * require zypper also on TW + +- use obsolete_legacy_pattern macro for readability +- drop _opt patterns and integrate them into main patterns to reduce complexity + +- use journal by default (boo#1143144) + +- Add openSUSE Welcome to be included in the x11_enhanced pattern. + +- Drop google-roboto-fonts recommends: nothing really depends on + it and roboto is not used as default font in any openSUSE setup + (boo#1144135). + +- Add %files section for basic_desktop, or the package won't be + generated. +- Provide pattern() = basic_desktop + +- Create basic_desktop pattern containing the desktop packages like + icewm that are wanted on a basic sles desktop but not in every + openSUSE install (boo#1124865) +- .Remove some duplicated packages in x11_enhanced +- Regenerate 32bit patterns + +- move haveged to base instead of minimal_base as the comment indicates that + minimal_base should not have recommended packages. +- recomment issue-generator in the base pattern rather than the release package + (boo#1133636) + +- Move haveged from enhanced_base to minimal_base (bsc#1131369). -- Do not require openssh-askpass-gnome on openSUSE it doesn't make - sense for most desktops (boo#1124865) -- enhanced_base does not need to recommend sw_management or yast - these are pulled in from enough other more sensible places. +- Suggest openSUSE-release to guide zypper away from picking + openSUSE-Tumbleweed-Kubic-release automatically +- Re-run pre_checkin.sh, updating -32bit patterns + Extended to openSUSE on request by fcrozat. +- Insert comments to keep format_spec_file from reordering too much -- Don't hard-require busybox-static in minimal_base (bsc#1126436) -- Run pre_checkin.sh +- Strip down minimal_base pattern: + * Drop elfutils Requires: all tools from elfutils exist in + binutils, without the eu- prefix. + * Drop openssh requires: forcing a user to have openssh present no + matter what, without a possibility to uninstall it, is not + wanted. + * Drop sysvinit requires: this is a dependency to systemd after + all. +- Move systemd-coredump and busybox-static from requires in + minimal_base to recommends in base (users are free to uninstall + those tools and their use in e.g. containers is questionable). -- Add busybox-static to Minimal system so people can recover really - broken systems - +- Pull in below changes made to SLE / openSUSE 15.1 patterns by + kukuk@suse.de +- Version: 20190206 +- Remove minimal_base_conflicts, its not in SLE or Leap anymore + (boo#1103325) +- Change all the Recommends in minimal_base to Requires, + minimal_base is always installed and can't be installed with + - -no-recommends (boo#1103326) +- Hardware specific packages should be in base pattern not + minimal_base (boo#1106405) +- busybox should be in minimal_base to allow recovery from a big + system failure +- Remove some duplicate entries between base and minimal_base +- Suggest rather then recommend man-pages (boo#1116987) +- Require xorg-x11-essentials rather then recommending xorg-x11 + (boo#1121730) +- Recommend Web-web_browser and suggest Firefox to make it possible + to install chromium instead +- Recommend rather then require multipath-tools, it is only in + enhanced_base so requiring it doesn't make sense, if it Should + be required it likely should be in base +- general cleanup, fix meta info spec-cleaner re arranged remove + commented out packages + +- update version number to current date + +- recommend grub2-*arm*efi variants for arm/arm64 (bsc#1120804) +- recommend shim for aarch64 + +- Recommend grub2-x86_64-efi by base pattern on x86_64: since we use + the shim RPMs from Leap, there is currently no dependency on + grub2-x86_64-efi defined. Once shim changes that, we can drop the + recommends here. + +- Drop recommends to net-tools (no more tools of general + usefulnes), popt and pcre (both are just libraries nowadays, + which are pulled in by normal dependencies) + -- transactional_base now requires base, recommends enhanced_base - (bsc#1111311) - -- Remove libnss_usrfiles2 from transactional server pattern - -- Make transactional_base pattern available for SLE (fate#326327) -- Sync transactional_base pattern with Factory/patterns-base +- Recommend new package system-tuning-common-SUSE in + enhanced_base -- moved xfsprogs from enhanced_base pattern to - minimal base pattern, changed 'suggests:' to 'recommends:' while - doing so. [bsc#1095916] +- transactional_base now requires base, recommends enhanced_base + (boo#1111426) +- nfs-doc is now installed with supplements +- remove the list of openSUSE only packages that was rejected for + inclusion in SLE. +- Add bug numbers for TODO's + +- Merge back in Leap 15 / SLE changes, important items from that + packages changlog can be found below + lnussel@suse.de - - -- Rework x11 pattern bsc#1086663 -- Recommend terminfo in minimal_base bsc#1081747 -- rpm doesn't need to be in base and minimal_base_conflicts -- dont create transactional_base-32bit pattern. -- Regenerate 32bit patterns - - - - -- Rename readonly_root_tools to transactional_base (boo#1089095) -- Correct transactional server role pattern to use enhanced_base - (boo#1088884) - -- Do not recommends on SLE patterns which aren't shipped on SLE. -- Ensure recommends on ntfs-3g and ntfsprogs are enabled on SLE - (bsc#1087242). - -- drop patterns-base-32bit pattern for s390 and s390x [bsc#1088669] -- re-run create_32bit-patterns_file.pl - -- Don't install systemd-coredump by default on Leap (bsc#1083849) - -- Add systemd-coredump to the list of recommended packages of miminal_base - Latest systemd package splitted off its coredump management facility - into a sub-package. Recommend this package so this functionnality is - still available by default on SLE (but will be disabled on Leap, see - bsc#1083849). - Also give the possibility to block it by using a soft dep - (Recommends:). This might be needed on live images for example where - space is rather low. - +- Don't generate 32bit patterns for readonly_root_tools +- Add create_32bit-patterns_file.pl as source +- guard some sle specifics with %is_opensuse + sflees@suse.de +- Rework x11 pattern bsc#1086663 +- Recommend terminfo in minimal_base bsc#1081747 +- rpm doesn't need to be in base and minimal_base_conflicts +- dont create transactional_base-32bit pattern. - -- added timezone as recommended to minimal_base pattern - [bsc#1085075] - -- ethtool is available on SLE 15, moving out of "opensuse only" - section [bsc#1087354] - - -- regenerate 32bit patterns -- Don't generate 32bit patterns for readonly_root_tools - -- Introduce readonly_root_tools pattern for Read-Only Root - Filesystem (boo#1084149) - -- put cron in base system (bsc#1072602) - - - -- Don't require apparmor-docs, only recommend it -- Require xorg-x11-fonts-core instead of xorg-x11-fonts -- Don't require xorg-x11, only recommend it - - -- Regenerate 32bit patterns - -- Ensure xorg-x11-driver-input is required for x11 pattern, except - on s390/390x where it doesn't exist. - -- Version: 20171206 -- Fix the formatting mess spec cleaner reintroduced (again) - -- Recommends plymouth on SLE (bsc#1067481). - -- Add create_32bit-patterns_file.pl as source -- guard some sle specifics with %is_opensuse - -- Ensure openSUSE patterns aren't provided / obsoletes when - building for SLE. -- Add Recommend to enhanced_base: OpenIPMI bash-completion cpp - cryptconfig expect ipmitool lvm2 m4 make mksh mutt quota - supportutils sysfsutils tcsh w3m lsof psmisc sudo. -- Add grub2-branding-SLE recommends on enhanced_base on SLE. -- Fix description of minimal_base on SLE. - -- Remove salt-minion from base [bsc#1064266] - -- Regenerate 32bit patterns - -- Move tar to minimal pattern, too many low level tools assume - tar is installed by default - -- Recommend glibc-locale from minimal_base not enhanced_base, - we install in en_US, so we need a locale one way or the other. - Requiring it from enhanced_base now to make sure it's part of - regular installations (but can be disabled for e.g. chroots - with C locale - bsc#1057377) - - -- Do not provide x11 in x11_enhanced but require it -- Move basic X11 apps to x11 pattern and Firefox to x11_enhanced -- Remove tcl and tk from default installation - -- Rename xterm-bin back to xterm, we still have xterm.rpm - -- Remove libnss_compat2 (dropped, still part of glibc) and - libnss_nis2 (needs to be together with ypbind) - -- Remove again added pam-modules, this package deprecated since - many years. - - + fcrozat@suse.com +- Do not recommends on SLE patterns which aren't shipped on SLE. +- Ensure recommends on ntfs-3g and ntfsprogs are enabled on SLE + (bsc#1087242). +- Ensure xorg-x11-driver-input is required for x11 pattern, except + on s390/390x where it doesn't exist. +- Recommends plymouth on SLE (bsc#1067481). +- Ensure openSUSE patterns aren't provided / obsoletes when + building for SLE. +- Add Recommend to enhanced_base: OpenIPMI bash-completion cpp + cryptconfig expect ipmitool lvm2 m4 make mksh mutt quota + supportutils sysfsutils tcsh w3m lsof psmisc sudo. +- Add grub2-branding-SLE recommends on enhanced_base on SLE. +- Fix description of minimal_base on SLE. + behlert@suse.de +- drop patterns-base-32bit pattern for s390 and s390x [bsc#1088669] +- added timezone as recommended to minimal_base pattern + [bsc#1085075] +- ethtool is available on SLE 15, moving out of "opensuse only" + section [bsc#1087354] + okurz@suse.com +- put cron in base system (bsc#1072602) + fvogt@suse.com +- Don't require apparmor-docs, only recommend it +- Require xorg-x11-fonts-core instead of xorg-x11-fonts +- Don't require xorg-x11, only recommend it + kukuk@suse.de +- Remove salt-minion from base [bsc#1064266] +- Move tar to minimal pattern, too many low level tools assume + tar is installed by default +- Rename xterm-bin back to xterm, we still have xterm.rpm +- Remove libnss_compat2 (dropped, still part of glibc) and + libnss_nis2 (needs to be together with ypbind) +- Remove again added pam-modules, this package deprecated since + many years. + coolo@suse.com +- Recommend glibc-locale from minimal_base not enhanced_base, + we install in en_US, so we need a locale one way or the other. + Requiring it from enhanced_base now to make sure it's part of + regular installations (but can be disabled for e.g. chroots + with C locale - bsc#1057377) +- Do not provide x11 in x11_enhanced but require it +- Move basic X11 apps to x11 pattern and Firefox to x11_enhanced +- Remove tcl and tk from default installation + fbui@suse.com +- Don't install systemd-coredump by default on Leap (bsc#1083849) +- Add systemd-coredump to the list of recommended packages of miminal_base + Latest systemd package splitted off its coredump management facility + into a sub-package. Recommend this package so this functionnality is + still available by default on SLE (but will be disabled on Leap, see + bsc#1083849). + Also give the possibility to block it by using a soft dep + (Recommends:). This might be needed on live images for example where + space is rather low. + +- No longer recommend missing packages (boo#1104264): + * genisoimage + * ksymoops + * system-group-trusted + +- Remove libnss_usrfiles from transactional_base, not needed + anymore. + +- add lightdm as a recommends to x11 pattern boo#1081760 + +- Drop recode from recommends as it was droped from distro + bsc#1104264 +- Drop cryptconfig from suggest as it was removed from distro + +- Remove btrfsmaintenance from patterns-base (boo#1063638) + +- Make transactional_base pattern available for SLE (fate#326327) + +- Only recommend rollback-helper if sle_version is defined: The + helper makes sense on Leap and SLE, where one can register with + SCC, but not for Tumbleweed. + +- Add busybox to base patterns in case your system explodes, in + past we had sash doing the same + +- Rename readonly_root_tools to transactional_base (boo#1089095) + +- Correct transactional server role pattern to use enhanced_base + (boo#1088884) + +- Recommend bash-completion by the base system (not minimal_base): + most users will expect it to be present and until recently, it + was in a recommended chain of systemd (boo#1087710). + +- Add systemd-coredump to the list of recommended of miminal_base + Latest systemd package split off its coredump management facility + into a sub-package. Recommend this package so this functionnality is + still available by default on Factory but give the possibility to + block it by using a soft dep (Recommends:). This might be needed on + live images for example where space is rather low. + +- Introduce readonly_root_tools pattern for Read-Only Root + Filesystem (boo#1084149) + +- Remove finger from enahnced_base_opt as functionality already + provided by pinky in coreutils. + +- Replace SuSEfirewall2 with firewalld in enhanced_base + (fate#323460). + +- Switch ntp-client from ntp to chrony: replace corresponding + recommends in console and enhanced_base pattern (FATE#323432). + +- move plymouth from base to X11. No need to have a fancy boot splash that + pulls in extra deps for a text console (boo#1066510) + +- Swap back to SuSEfirewall2, its not fully intergrated everywhere patterns-desktop +- Rename laptop pattern to mobile (jsc#SLE-11520). +- Remove from laptop/mobile pattern, pcmciautils (obsolete), + wireless-regdb (required by crda), laptop-mode-tools (tlp does + the same and is recommended). + +- merge _opt patterns into main patterns + +- Use much more fitting pattern-laptop icon for laptop pattern. + patterns-yast +- Do not recomment yast2-fonts (bsc#1179866). +- 20201210 + +- Split basis pattern into basis, desktop and server (boo#1159875) +- 20191229 + perl-Bootloader +- merge gh#openSUSE/perl-bootloader#133 +- use shim on aarch64 (jsc#SLE-15823, jsc#SLE-15020) +- 0.933 + php7 + fix CVE-2021-21702 [bsc#1182049], NULL pointer dereference in SoapClient + + php7-CVE-2021-21702.patch + +- security update +- added patches postfix +- (bsc#1180473) [Build 20201230] postfix has invalid default config + (bsc#1181381) [Build 130.3] openQA test fails in mta, mutt - + postfix broken: "queue file write error" and "error: unsupported + dictionary type: hash" + Export DEF_DB_TYPE before starting the perl script. + +- bsc#1180473 - [Build 20201230] postfix has invalid default config + Fixing config.postfix and sysconfig.postfix + +- Update to 3.5.9 + * improves the reporting of DNSSEC problems that may affect + DANE security + +- Only do the conversion from the hash/btree databases to lmdb when + the default database type changes from hash to lmdb and do not + stop and start the service (the old compiled databases can live + together with the new ones) + - convert-bdb-to-lmdb.sh +- Clean up the specfile + * Remove < 1330 conditional builds + * Use generated postfix-files instead of the obsolete one from + postfix-SUSE.tar.gz + * Use dynamicmaps.cf.d instead of modifying dynamicmaps.cf upon + (de)installation of optional mysql, pgsql and ldap subpackages + * Use default location for post-install, postfix-tls-script, + postfix-wrapper and postmulti-script + +- Set lmdb to be the default db. +- Convert btree tables to lmdb too. Stop postfix before converting from + bdb to lmdb +- This package is without bdb support. That's why convert must be done + without any suse release condition. + o remove patch postfix-no-btree.patch + o add set-default-db-type.patch + +- Set database type for address_verify_map and postscreen_cache_map + to lmdb (btree requires Berkeley DB) + o add postfix-no-btree.patch + +- Set default database type to lmdb and fix update_postmaps script + +- Use variable substition instead of sed to remove .db suffix and + substitute hash: for lmdb: in /etc/postfix/master.cf as well. + Check before substitution if there is something to do (to keep + rpmcheck happy). + +- Remove Berkeley DB dependency (JIRA#SLE-12191) + The pacakges postfix is build without Berkely DB support. + lmdb will be used instead of BDB. + The pacakges postfix-bdb is build with Berkely DB support. + o add patch for main.cf for postfix-bdb package + postfix-bdb-main.cf.patch + +- Update to 3.5.8 + * The Postfix SMTP client inserted into message headers longer + than $line_length_limit (default: 2048), causing all subsequent header + content to become message body content. + * The postscreen daemon did not save a copy of the + postscreen_dnsbl_reply_map lookup result. This has no effect when the + recommended texthash: look table is used, but it could result in stale + data with other lookup tables. + * After deleting a recipient with a Milter, the Postfix recipient + duplicate filter was not updated; the filter suppressed requests + to add the recipient back. + * Memory leak: the static: maps did not free their casefolding buffer. + * With "smtpd_tls_wrappermode = yes", the smtps service was waiting for a + TLS handshake, after processing an XCLIENT command. + * The smtp_sasl_mechanism_filter implementation ignored table lookup + errors, treating them as 'not found'. + * The code that looks for Delivered-To: headers ignored headers longer + than $line_length_limit (default: 2048). + +- Update to 3.5.7 + * Fixed random certificate verification failures with + "smtp_tls_connection_reuse = yes", because tlsproxy(8) was using + the wrong global TLS context for connections that use DANE or + non-DANE trust anchors. + +- Move ldap into an own sub-package like all other databases +- Move manual pages to correct sub-package + +- Use sysusers.d to create system accounts +- Remove wrong %config for systemd directory content + +- Use the correct signature file for source verification +- Rename postfix-3.5.6.tar.gz.sig to postfix-3.5.6.tar.gz.asc (to + prevent confusion, as the signature file from upstream with .sig + extension is incompatible with the build service) + +- Update to 3.5.6 with following fixes: + * Workaround for unexpected TLS interoperability problems when Postfix + runs on OS distributions with system-wide OpenSSL configurations. + * Memory leaks in the Postfix TLS library, the largest one + involving multiple kBytes per peer certificate. + +- Add source verification (add postfix.keyring) + +- Use systemd_ordering instead of systemd_require. +- Move /etc/postfix/system to /usr/lib/postfix/systemd [bsc#1173688] +- Drop /var/adm/SuSEconfig from %post, it does nothing. +- Rename postfix-SuSE to postfix-SUSE +- Delete postfix-SUSE/README.SuSE, company name spelled wrong, + completly outdated and not used. +- Delete postfix-SUSE/SPAMASSASSIN+POSTFIX.SuSE, company name + spelled wrong, outdated and not used. +- sysconfig.mail-postfix: Fix description of MAIL_CREATE_CONFIG, + SuSEconfig is gone since ages. +- update_chroot.systemd: Remove advice to run SuSEconfig. +- Remove rc.postfix, not used, outdated. +- mkpostfixcert: Remove advice to run SuSEconfig. + +- Update to 3.5.4: + * The connection_reuse attribute in smtp_tls_policy_maps always + resulted in an "invalid attribute name" error. + * SMTP over TLS connection reuse always failed for Postfix SMTP + client configurations that specify explicit trust anchors (remote + SMTP server certificates or public keys). + * The Postfix SMTP client's DANE implementation would always send + an SNI option with the name in a destination's MX record, even + if the MX record pointed to a CNAME record. MX records that + point to CNAME records are not conformant with RFC5321, and so + are rare. + Based on the DANE survey of ~2 million hosts it was found that + with the corrected SMTP client behavior, sending SNI with the + CNAME-expanded name, the SMTP server would not send a different + certificate. This fix should therefore be safe. + +- Update to 3.5.3: + * TLS handshake failure in the Postfix SMTP server during SNI + processing, after the server-side TLS engine sent a TLSv1.3 + HelloRetryRequest (HRR) to a remote SMTP client. + * The command "postfix tls deploy-server-cert" did not handle a + missing optional argument. This bug was introduced in Postfix + 3.1. + +- Update to 3.5.2: + * A TLS error for a database client caused a false 'lost connection' + error for an SMTP over TLS session in the same Postfix process. + This bug was introduced with Postfix 2.2. + * The same bug existed in the tlsproxy(8) daemon, where a TLS + error for one TLS session could cause a false 'lost connection' + error for a concurrent TLS session in the same process. This + bug was introduced with Postfix 2.8. + * The Postfix build now disables DANE support on Linux systems + with libc-musl such as Alpine, because libc-musl provides no + indication whether DNS responses are authentic. This broke DANE + support without a clear explanation. + * Due to implementation changes in the ICU library, some Postfix + daemons reported file access errrors (U_FILE_ACCESS_ERROR) after + chroot(). This was fixed by initializing the ICU library before + making the chroot() call. + * Minor code changes to silence a compiler that special-cases + string literals. + * Segfault (null pointer) in the tlsproxy(8) client role when the + server role was disabled. This typically happened on systems + that do not receive mail, after configuring connection reuse + for outbound SMTP over TLS. + * The date portion of the maillog_file_rotate_suffix default value + used the minute (%M) instead of the month (%m). + +- boo#1106004 fix incorrect locations for files in postfix-files + +- Dropped deprecated-RES_INSECURE1.patch to make DNSSEC-secured + lookups and DANE mail transport work again +- Update to 3.5.1: + * Support for the haproxy v2 protocol. The Postfix implementation + supports TCP over IPv4 and IPv6, as well as non-proxied + connections; the latter are typically used for heartbeat tests. + * Support to force-expire email messages. This introduces new + postsuper(1) command-line options to request expiration, and + additional information in mailq(1) or postqueue(1) output. + * The Postfix SMTP and LMTP client support a list of nexthop + destinations separated by comma or whitespace. These destinations + will be tried in the specified order. + * Incompatible changes: + * Logging: Postfix daemon processes now log the from= and to= + addresses in external (quoted) form in non-debug logging (info, + warning, etc.). This means that when an address localpart + contains spaces or other special characters, the localpart will + be quoted, for example: + from=<"name with spaces"@example.com> + Specify "info_log_address_format = internal" for backwards compatibility. + * Postfix now normalizes IP addresses received with XCLIENT, + XFORWARD, or with the HaProxy protocol, for consistency with + direct connections to Postfix. This may change the appearance + of logging, and the way that check_client_access will match + subnets of an IPv6 address. + +- Update to 3.4.10: + * Bug (introduced: Postfix 2.3): Postfix Milter client state + was not properly reset after one Milter in a multi-Milter + configuration failed during MAIL FROM, resulting in a Postfix + Milter client panic during the next MAIL FROM command in the + same SMTP session. + +- bsc#1162891 server:mail/postfix: cond_slp bug on TW after + moving /etc/services to /usr/etc/services + +- bsc#1160413 postfix fails with -fno-common + +- Update to 3.4.9: + * Bug (introduced: Postfix 3.1): smtp_dns_resolver_options were + broken while adding support for negative DNS response caching + in postscreen. Postfix was inadvertently changed to call + res_query() instead of res_search(). + * Bug (introduced: Postfix 2.5): Postfix ignored the CONNECT macro + overrides from a Milter application. Postfix now evaluates the + Milter macros for an SMTP CONNECT event after the Postfix-to-Milter + connection is negotiated. + * Bug (introduced: Postfix 3.0): sanitize (remote) server responses + before storing them in the verify database, to avoid Postfix + warnings about malformed UTF8. Found during code maintenance. + +- Update to 3.4.8: + * Fix for an Exim interoperability problem when postscreen after-220 + checks are enabled. Bug introduced in Postfix 3.4: the code + that detected "PIPELINING after BDAT" looked at the wrong + variable. The warning now says "BDAT without valid RCPT", and + the error is no longer treated as a command PIPELINING error, + thus allowing mail to be delivered. Meanwhile, Exim has been + fixed to stop sending BDAT commands when postscreen rejects all + RCPT commands. + * Usability bug, introduced in Postfix 3.4: the parser for + key/certificate chain files rejected inputs that contain an EC + PARAMETERS object. While this is technically correct (the + documentation says what types are allowed) this is surprising + behavior because the legacy cert/key parameters will accept + such inputs. For now, the parser skips object types that it + does not know about for usability, and logs a warning because + ignoring inputs is not kosher. + * Bug introduced in Postfix 2.8: don't gratuitously enable all + after-220 tests when only one such test is enabled. This made + selective tests impossible with 'good' clients. This will be + fixed in older Postfix versions at some later time. + pulseaudio +- Drop the bad patch: pulseaudio-wrong-memset.patch + the patch has been wrongly refreshed, mutated into a harmful form. + The original bug has been already fixed in the upstream commit 764eabd10. + +- Supplement pulseaudio-bash-completion against bash-completion, + not bash. + qemu +- Fix uninitialized variable in ipxe driver code (boo#1181922) + ath5k-Add-missing-AR5K_EEPROM_READ-in-at.patch +- Add a few improvements to the git-based package workflow scripts + +- Include additional upstream patches designated as stable material + and reviewed for applicability to include here + blockjob-Fix-crash-with-IOthread-when-bl.patch + monitor-Fix-assertion-failure-on-shutdow.patch + qemu-nbd-Use-SOMAXCONN-for-socket-listen.patch + qemu-storage-daemon-Enable-object-add.patch + +- Switch the modules qemu-ui-display-gpu and qemu-ui-display-gpu-pci + from being an x86 only Recommends, to a Recommends for all arch's + except s390x (boo#1181350) +- Fix qemu-hw-usb-smartcard to not be a Recommends for s390x +- Minor spec file tweaks for compatibility with upcoming spec file + formatter + +- Make note that this patch takes care of an OOB access in ARM + interrupt handling (CVE-2021-20221 bsc#1181933) + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + +- Include upstream patches designated as stable material and + reviewed for applicability to include here + block-Separate-blk_is_writable-and-blk_s.patch + hw-intc-arm_gic-Fix-interrupt-ID-in-GICD.patch + hw-net-lan9118-Fix-RX-Status-FIFO-PEEK-v.patch + hw-timer-slavio_timer-Allow-64-bit-acces.patch + net-Fix-handling-of-id-in-netdev_add-and.patch + target-arm-Don-t-decode-insns-in-the-XSc.patch + target-arm-Fix-MTE0_ACTIVE.patch + target-arm-Introduce-PREDDESC-field-defi.patch + target-arm-Update-PFIRST-PNEXT-for-pred_.patch + target-arm-Update-REV-PUNPK-for-pred_des.patch + target-arm-Update-ZIP-UZP-TRN-for-pred_d.patch + tcg-Use-memset-for-large-vector-byte-rep.patch + ui-vnc-Add-missing-lock-for-send_color_m.patch + virtio-move-use-disabled-flag-property-t.patch + +- binutils v2.36 has changed the handling of the assembler's + - mx86-used-note, resulting in a build failure. To compensate, we + now explicitly specify -mx86-used-note=no in the seabios Makefile + (boo#1181775) + build-be-explicit-about-mx86-used-note-n.patch + s390-tools +- Added s390-tools-sles15sp3-zkey-Fix-APQN-property-names.patch + (bsc#1182113) + Problem: The KMS configuration property names to store the CCA and + EP11 APQNs are incorrect, i.e. swapped. + Solution: Correct the KMS configuration property names. + screen +- Fix double width combining char handling that could lead + to a segfault [bnc#1182092] [CVE-2021-26937] + new patch: combchar.diff + -- GNU screen 4.2.1: - * allow for terminal with long $TERM (up to 32 characters) - (already patched in this package previously) - * allow to use long logins - * documentation fixes - * runtime fixes -- packaging changes: - * use source URLs - * verify source signatures - * drop screen-man-loginshell.diff, equivalent change upstream - * drop term_too_long.diff, equivalent change upstream - * drop use_locale.diff, applied upstream - * drop msg_version_3.patch, obsolete after upstream changes - -- Update to 4.2.0 as released on screen-devel@gnu.org yesterday. - Thank you Amadeusz! - * keep libtinfo.diff (from coolo 2011, why exactly?) - * keep global_screenrc.patch (renamed from screen-4.0.2.dif) - * keep screen-man-loginshell.diff (to be upstreamed) - * dropped screen-__P.diff (not needed) - * keep term_too_long.diff (savannah#30880, to be upstreamed) - * keep use_locale.diff (from lnt-sysadmin@lists.lrz.de 2012, check?) - * keep screen-4.0.3-ipv6.patch (builtin telnet, to be upstreamed) - * keep screen_enhance_windows_list.patch (to be upstreamed) - * keep screen-poll-zombies.patch (to be upstreamed) - * keep xX_string_escape.patch (renamed from show_all_active.patch, to be upstreamed) - * keep sort_command.patch (from trenn 2011, to be upstreamed) - * added msg_version_3.patch (ouch, incompatible protocol, to be upstreamed) -- added %rundir with /var/run for 1310 and before; but /run afterwards. - aj advocates /run for Factory; for 1310 it was banned by - suse-filelist-forbidden-fhs23 - -- Fix comment. - -- Use /run instead of /var/run. - -- update to current 4.0.4 git to get support for non-bmp unicode - * remove no longer needed mappedcmd.diff - * remove no longer needed styroptcrash.diff -- fix potential buffer overrun in show_all_active.patch -- redo combine screen_enhance_windows_list_1_3.patch, - screen_enhance_windows_list_2_3.patch, - screen_fix_wW_string_escapes_to_nearly_old_behavior.patch - into screen_enhance_windows_list.patch. - Do not mess with the old %w behaviour, just add support for the - windows command argument. Fixes bnc#808565. - -- Patch screen_enhance_windows_list_1_3.patch changed wW string escapes - in an unintended way. - Fix this by ignoring longflg and behave the way wW string esacpes - behaved with adding addtional L escape. (So %w is now what %Lw was before - all these changes. This should be a minor, acceptable change as it was - undocumented and it buys quite some code cleanup with it.). Patch is: - screen_fix_wW_string_escapes_to_nearly_old_behavior.patch - -- Introduce Xx string escape showing the executed command of a window - patch: show_all_active.patch - -- Add zombie and enhance windows commands - screen-poll-zombies.patch: Dead windows will be restarted after - a specified timeout (if enabled) - screen_enhance_windows_list_1_3.patch: - Cleanup window flags processing. This leads to a slight - output change in "Ww" string escapes (window list), but these - should be rather seldom used and flags are still shown. - screen_enhance_windows_list_2_3.patch: - Enhance windows command with an optional string escape based - parameter which also removes the output size (1024 bytes) - restriction (only if param is passed) of the windows command. - If you used captions with "%w" before, you can simulate the old - behaviour with "%-w%n* %t%+w". -- Only Require makeinfo for openSUSE versions 11.4 and above. - This requirement did not exist in earlier versions, now the package - builds again for example against SLES 11 (11.4 based). - -- Fix sort command to not stop at window gaps. - That can happen if windows got deleted and the window numbers do not - increment sequentially anymore. - -- add use_locale.diff to fix --enable-use-locale configure option - -- add prereq coreutils so that mkdir works [bnc#780033] - -- Add build dependency on makeinfo - -- fix crash when doing 'screen -d -r' inside of screen - -- add mappedcmd.diff to make ^A DEL work again - -- update to screen-4.0.4devel - * support for multiple layouts - * no more stuck screen sessions - -- fix build with latest ncurses (split tinfo) - -- mkdir /var/run/*screen both immediatly and via systemd. - -- Add sort command -- convert maxwin99bug.patch into a patch format quilt understands - -- Use /usr/lib/tmpfiles.d instead of /etc/tmpfiles.d. - -- bugfix bnc#668306, a buffer overflow with '%d'. - Added maxwin99bug.patch - This is already upstream, but was never released. - -- term_too_long.patch added. - corresponds to savannah#30880 - -- Add /etc/tmpfiles.d/screen.conf for /var/run on tmpfs. - -- BuildRequire utempter-devel - -- /var/run directories are created by /etc/tmpdirs.d/01_aaa_base. - -- Update to version 4.0.3 -- Dropped screen-4.0.2-comb.diff, upstream merged. - -- enable parallel building - -- add fedora patch for IPv6 support, this removes usage - of gethostbyname(3) - -- re-add lost maxwin definition [fate#301190] - shadow +- Do not require libeconf-devel on products without /usr/etc. + +- Split login.defs configuration file into own sub-package, which + allows to install util-linux or pam on small embedded/edge + systems or container without the need to pull in the full shadow + suite. + +- Amend patches/useradd-userkeleton.patch to also write into + existing directories and prefer files from /etc + +- Add patch useradd-userkeleton.patch to extend original C code + of useradd to handle /usr/etc/skel (boo#1173321) +- Remove /usr/etc/skel support in useradd.local script + +- Change again useradd.local script to let it work even for system + accounts and work together with SELinux (bsc#1178296) +- Change patch useradd-script.patch to support the four arguments + used by the useradd.local script (bsc#1178296) + +- Add support for /usr/etc/skel to useradd.local script (boo#1173321) + +- shadow-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +- login.defs: Add support for new util-linux-2.36 login variable + MOTD_FIRSTONLY (shadow-util-linux.patch). +- shadow-login_defs-comments.patch: Remove duplicated + LASTLOG_UID_MAX. +- shadow-login_defs-check.sh: Update for new build system. +- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is + not used in SUSE Linux. +- Refresh shadow-login_defs-suse.patch and + shadow-login_defs-comments.patch. + +- Use pure #!/bin/sh in: + * useradd.local + * userdel-post.local + * userdel-pre.local + +- Update to 4.8.1: + * selinux: include stdio + * man: don't suggest making groupmems user-writeable + * Makefile: bail out on error in for loops + * Adding logging of SSH_ORIGINAL_COMMAND to nologin + * add new HOME_MODE login.defs option + * Add tty logging to useradd + * Useradd: make non-executable shell check only a warning + * Update Dutch translation + * user_busy: Do not mistake a regular user process for a namespaced one + * Revert "Honor --sbindir and --bindir for binary installation" +- Remove shadow-4.8-shell-check.patch: included +- Remove shadow-4.8-selinux-include.patch: upstreamed + +- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, + useradd, userdel, usermod explicitly. + +- bsc#1160729: Make valid shell check only a warning + * Add shadow-4.8-shell-check.patch + +- Update to 4.8: + * Initial optional bcrypt support. + * Make build/install of 'su' optional. + * Fix for vipw not resuming correctly when suspended + * Sync password field descriptions in manpages + * Check for valid shell argument in useradd + * Allow translation of new strings through POTFILES.in + * Migrate to itstool for translations + * Migrate to new SELinux api + * Support --enable-vendordir + * pwck: Only check homedir if set and not a system user + * Support nonstandard usernames + * sget{pw,gr}ent: check for data at EOL + * Add YYY-MM-DD support in chage + * Fix failing chmod calls for suidubins + * Fix --sbindir and --bindir for binary installations + * Fix LASTLOG_UID_MAX in login.defs + * Fix configure error with dash +- Remove because upstreamed: + * libeconf.patch + * shadow-usermod-variable.patch +- Rebase: + * shadow-login_defs-unused-by-pam.patch + * chkname-regex.patch + * shadow-util-linux.patch + * shadow-login_defs-comments.patch +- Add shadow-4.8-selinux-include.patch + See https://github.com/shadow-maint/shadow/pull/200 + +- libeconf.patch: Add support for libeconf and /usr/etc for + login.defs. +- Move first configuration files and pam config files to /usr/etc + +- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files + to support kernel keyring feature +- Update pamd.tar.bz2 with pam configuration files accordingly + +- encryption_method_nis.patch: drop, DES should really not be used + anymore anywhere, even with NIS +- shadow-login_defs-suse.patch: remove encryption NIS entry + +- Fix incorrect variable name in usermod + (shadow-usermod-variable.patch). +- shadow-login_defs-comments.patch: + * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs. + * Add missing LASTLOG_UID_MAX. + * Refresh shadow-login_defs-suse.patch. +- Port shadow-login_defs-check.sh to match the current spec file + and login.defs. + +- Provide "useradd_or_adduser_dep" for sysuser-shadow + -- bsc#1141113: Fix segfault in useradd - * Add shadow-4.6-bsc1141113-useradd-segfault.patch +- Fix comment about patch in spec file + +- Update to 4.7: + * Spawn: don't loop forever on ECHILD + * Do not fail locking if there is a stale lockfile (Tomas Mraz) + * Use lckpwdf if prefix not set (Tomas Mraz) + * Build: check correct DocBook version (Jan Tojnar) + * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) + * Add support for btrfs subvolumes for home (Adam Majer) + * Fix chpasswd long line handling (Nathan Ruiz) + * Use secure_getenv for gettime (Chris Lamb) + * Make sp_lstchg reproducible (Chris Lamb) + * Do not crash commonio_close if db file is not open (Tomas Mraz) + * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) + * French manpage update (Alban VIDAL) + * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) + * Sync po files from shadow.pot (Alban VIDAL) + * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) + * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) + * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) + * Fix segfault in useradd (Tomas Mraz) + * Coverity issues (Tomas Mraz) + * Flush sssd caches (Jakub Hrozek) + * Log UID in nologin (Vladimir Ivanov) + * run pam_getenvlist after setup_env in su.c (Michael Vogt) + * Support systems with only utmpx (A. Wilcox) + * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) + * Update po/zh_CN translation (Lion Yang) + * Create parent dirs for useradd -m (Michael Vetter) + * Prevent usermod segv + * Fix usermod crash (fariouche) +- Remove btrfs-subvolumes.patch (fate#316134): + upstreamed: https://github.com/shadow-maint/shadow/pull/149 +- Remove useradd-mkdirs.patch (bsc#865563): + upstreamed https://github.com/shadow-maint/shadow/pull/112 +- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch + upstreamed https://github.com/shadow-maint/shadow/issues/110 +- Rebase userdel-script.patch +- Rebase useradd-script.patch +- Rebase shadow-util-linux.patch + +- Make building more verbose +- Use spec-cleaner + +- don't specify MOTD_FILE in login.defs but fall back to built in + defaults of login (boo#1133929) +- Add shadow-login_defs-unused-check.sh to allow verification of + login.defs variable usage (bsc#1121197). +- Add virtual symbols for login.defs compatibility (bsc#1121197). sudo +- Update to 1.9.5.p2 + * When invoked as sudoedit, the same set of command line + options are now accepted as for sudo -e. The -H and -P + options are now rejected for sudoedit and sudo -e which + matches the sudo 1.7 behavior. This is part of the fix for + CVE-2021-3156. + * Fixed a potential buffer overflow when unescaping backslashes + in the command's arguments. Normally, sudo escapes special + characters when running a command via a shell (sudo -s or + sudo -i). However, it was also possible to run sudoedit with + the -s or -i flags in which case no escaping had actually + been done, making a buffer overflow possible. + This fixes CVE-2021-3156. (bsc#1181090) + * Fixed sudo's setprogname(3) emulation on systems that don't + provide it. + * Fixed a problem with the sudoers log server client where a + partial write to the server could result the sudo process + consuming large amounts of CPU time due to a cycle in the + buffer queue. Bug #954. + * Added a missing dependency on libsudo_util in libsudo_eventlog. + Fixes a link error when building sudo statically. + * The user's KRB5CCNAME environment variable is now preserved + when performing PAM authentication. This fixes GSSAPI + authentication when the user has a non-default ccache. + +- Update to 1.9.5.p1 + * Fixed a regression introduced in sudo 1.9.5 where the editor run + by sudoedit was set-user-ID root unless SELinux RBAC was in use. + The editor is now run with the user's real and effective user-IDs. +- News in 1.9.5 + * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an + unknown user. This is related to but distinct from Bug #948. + * If the "lecture_file" setting is enabled in sudoers, it must now + refer to a regular file or a symbolic link to a regular file. + * Fixed a potential use-after-free bug in sudo_logsrvd when the + server shuts down if there are existing connections from clients + that are only logging events and not session I/O data. + * Fixed a buffer size mismatch when serializing the list of IP + addresses for configured network interfaces. This bug is not + actually exploitable since the allocated buffer is large enough + to hold the list of addresses. + * If sudo is executed with a name other than "sudo" or "sudoedit", + it will now fall back to "sudo" as the program name. This affects + warning, help and usage messages as well as the matching of Debug + lines in the /etc/sudo.conf file. Previously, it was possible + for the invoking user to manipulate the program name by setting + argv[0] to an arbitrary value when executing sudo. (bsc#1180687) + * Sudo now checks for failure when setting the close-on-exec flag + on open file descriptors. This should never fail but, if it + were to, there is the possibility of a file descriptor leak to + a child process (such as the command sudo runs). + * Fixed CVE-2021-23239, a potential information leak in sudoedit + that could be used to test for the existence of directories not + normally accessible to the user in certain circumstances. When + creating a new file, sudoedit checks to make sure the parent + directory of the new file exists before running the editor. + However, a race condition exists if the invoking user can replace + (or create) the parent directory. If a symbolic link is created + in place of the parent directory, sudoedit will run the editor + as long as the target of the link exists. If the target of the + link does not exist, an error message will be displayed. The + race condition can be used to test for the existence of an + arbitrary directory. However, it _cannot_ be used to write to + an arbitrary location. (bsc#1180684) + * Fixed CVE-2021-23240, a flaw in the temporary file handling of + sudoedit's SELinux RBAC support. On systems where SELinux is + enabled, a user with sudoedit permissions may be able to set the + owner of an arbitrary file to the user-ID of the target user. + On Linux kernels that support "protected symlinks", setting + /proc/sys/fs/protected_symlinks to 1 will prevent the bug from + being exploited. For more information see + https://www.sudo.ws/alerts/sudoedit_selinux.html. (bsc#1180685) + * Added writability checks for sudoedit when SELinux RBAC is in use. + This makes sudoedit behavior consistent regardless of whether + or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" + setting had no effect for RBAC entries. + * A new sudoers option "selinux" can be used to disable sudo's + SELinux RBAC support. + * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. + Added suppression annotations for PVS Studio false positives. + +- Update to 1.9.4p2 + * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash + if the sudoers file contains a runas user-specific Defaults entry. + Bug #951. +- News in 1.9.4p1 + * Fixed a regression introduced in version 1.9.4 where sudo would + not build when configured using the --without-sendmail option. + Bug #947. + * Fixed a problem where if I/O logging was disabled and sudo was + unable to connect to sudo_logsrvd, the command would still be + allowed to run even when the "ignore_logfile_errors" sudoers + option was enabled. + * Fixed a crash introduced in version 1.9.4 when attempting to run + a command as a non-existent user. Bug #948. + * The installed sudo.conf file now has the default sudoers Plugin + lines commented out. This fixes a potential conflict when there + is both a system-installed version of sudo and a user-installed + version. GitHub issue #75. + * Fixed a regression introduced in sudo 1.9.4 where sudo would run + the command as a child process even when a pseudo-terminal was + not in use and the "pam_session" and "pam_setcred" options were + disabled. GitHub issue #76. + * Fixed a regression introduced in sudo 1.8.9 where the "closefrom" + sudoers option could not be set to a value of 3. Bug #950. + +- Update to 1.9.4 + * The sudoers parser will now detect when an upper-case reserved + word is used when declaring an alias. Now instead of "syntax + error, unexpected CHROOT, expecting ALIAS" the message will be + "syntax error, reserved word CHROOT used as an alias name". + Bug #941. + * Better handling of sudoers files without a final newline. + The parser now adds a newline at end-of-file automatically which + removes the need for special cases in the parser. + * Fixed a regression introduced in sudo 1.9.1 in the sssd back-end + where an uninitialized pointer could be freed on an error path. + GitHub issue #67. + * The core logging code is now shared between sudo_logsrvd and + the sudoers plugin. + * JSON log entries sent to syslog now use "minimal" JSON which + skips all non-essential whitespace. + * The sudoers plugin can now produce JSON-formatted logs. The + "log_format" sudoers option can be used to select sudo or json + format logs. The default is sudo format logs. + * The sudoers plugin and visudo now display the column number in + syntax error messages in addition to the line number. Bug #841. + * If I/O logging is not enabled but "log_servers" is set, the + sudoers plugin will now log accept events to sudo_logsrvd. + Previously, the accept event was only sent when I/O logging was + enabled. The sudoers plugin now sends reject and alert events too. + * The sudo logsrv protocol has been extended to allow an AlertMessage + to contain an optional array of InfoMessage, as AcceptMessage + and RejectMessage already do. + * Fixed a bug in sudo_logsrvd where receipt of SIGHUP would result + in duplicate entries in the debug log when debugging was enabled. + * The visudo utility now supports EDITOR environment variables + that use single or double quotes in the command arguments. + Bug #942. + * The PAM session modules now run when sudo is set-user-ID root, + which allows a module to determine the original user-ID. + Bug #944. + * Fixed a regression introduced in sudo 1.8.24 in the LDAP back-end + where sudoNotBefore and sudoNotAfter were applied even when the + SUDOERS_TIMED setting was not present in ldap.conf. Bug #945. + * Sudo packages for macOS 11 now contain universal binaries that + support both Intel and Apple Silicon CPUs. + * For sudo_logsrvd, an empty value for the "pid_file" setting in + sudo_logsrvd.conf will now disable the process ID file. +- Remove sudo-1.9.3p1-pam_xauth.patch (upstreamed) + systemd +- Add 0001-rules-don-t-ignore-Xen-interfaces-anymore.patch (bsc#1178561) + +- Import commit f366438ca2d66c287ea836174e73dd03a98914bf (merge of v246.10) + 25f220eafb sysusers: flush nscd's caches whenever /etc/{passwd,group} are modified (bsc#1181121) + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/64dfb99ca3c9cbc75f6abe7aa6aa60f66ae4210d...f366438ca2d66c287ea836174e73dd03a98914bf + +- systemd-sysv-convert: handle the case when services are migrated + from SysV scripts to systemd units and are renamed at the same + time (bsc#1181788) + The list of such services is hard coded and contains only the + 'ntp->ntpd' translation. + timezone +- timezone update 2021a (bsc#1177460) + * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. + tk +- bsc#1179615: TK_LIBS in tkConfig.sh possibly breaks build on + newer service packs and is not needed for linking to a dynamic + libtk anyway, so make it empty. + -- Final 8.6.1 release: - * Fix several crashes. - -- New patchlevel release 8.6.1rc0: - * (enhancement) better build support for Debian arch - * (bug fix)[3603077] treeview update on tag add/remove - * (bug fix)[3599312] First Alt key event is lost - * (platform support) FreeBSD updates - -- New version: 8.6.0. - * Built-in PNG Image Support: Photo images now support - read/write in the PNG format, with the ability to set the - alpha channel. - * Busy Windows: New command tk busy is a variant of blt::busy - that lets the interactivity of windows be suspended and - restored as required by the needs of the program. - * New Font Selection Dialog Interface: New command tk - fontchooser provides a portable interface to the standard font - selector of the platform, whether that is modal or not. - * Angled Text: New option -angle $degrees to $canvas create text - for rotating displayed text. - * Moving Things on a Canvas: New commands $canvas moveto, - $canvas imove and $canvas rchars for moving and manipulating - canvas items. - * Additional New Features: Text widget cursor control, more - window manager hints, and a collection of modernizations in - appearance and function. -- Integrate tkcon. - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Fix configure xft detection (add patch tk-8.5.12-fix-xft.patch). -- Replace build requires of xorg-x11-devel with those that are really - needed. - -- New patchlevel release 8.5.12: - * [3437816] return code of [canvas lower] - * [3021557] cursor freeze in elided text - * [3476698] hang in [text mark prev/next] - * [3475627] Stop text-31.11 failure - * [1630271] hang/crash on mark before -startline - * [1754043,2321450] -blockcursor appearance - * [3480471] crash in [tk_getOpenFile] - * [3480634] PNG image in menus - * [2925561] disabled combobox don't take focus - * [3486474] Correct color scaling - * [1630262,1615425] [text] crash tags & -*line - * [3497848] consistent pixel rounding - * [3503317] XParseColor speedup - * [3176239] control-Mousewheel crash - * [3520202] %k,%K,%N for Python - * [533519] multiscreen window placement - * [2768586] multiscreen menu posting - * [1630254] text peer update on -startline reset - * [3294450] ttk text element clipping - * Make sure all index tables are static - * [3546073] DisplayString() -> DefaultDisplay() - -- patch license to follow spdx.org standard - -- New patchlevel release 8.5.11: - * [3341056] new crash in unset traces - * [3314770] restore file dialog resizeability - * [3404541] -takefocus option - * [TIP 382] -confirmoverwrite on save dialog - * [3410609] AltGr keysyms on Swiss keyboard - * [3431491] improved "pixels" shimmer logic -- Add a manpage for wish8.5 by symlinking to the wish manpage. -- Remove unneeded %clean section and norootforbuild comment. -- Add tk-upstream-fixes.patch with fixes for manpage bugs and - a missing x-bit in the demo section. - -- New patchlevel release 8.5.10: - * (bug fix)[3057573] specify combobox text fg color - * (bug fix)[2829363] [$tv see] open item -> sched display - * (bug fix)[3085489] crash in [tag add/remove] - * (enhancement) Updated German messages. - * (platform) VS 2005 SP1 MSVC compiler - * (bug fix)[3071836] crash in tk_getSaveFile - * (bug fix)[3154705] tk_messageBox close button disabled - * (enhancement) add [ttk::entry validate] - * (bug fix)[3205260] crash in [wm manage] - * (bug fix)[3181181] tearoff submenu fix - * (bug fix)[3205464] [wm forget] loses window - * (bug fix)[3223850] ttk button state disabled during click - * (bug fix)[3000002] ttk scrollbar size Appearance - * (bug fix)[3239768] Win menu font support - * (bug fix)[3129527] stop buffer overflows - * (feature change)[2997657] No -container for [labelframe] - * (bug fix)[723765] [grid remove] lost -in value - * (bug fix)[3291543] mem corrupt when [$canvas dchars] removes - all coords of a polygon - * (bug fix)[2949774] cascade menu unpost - * (bug fix)[2546087] [console] treatment of '\0' - * (bug fix)[2358545] Restore "08" in spinbox configured with - - from and -to (porter) - * (bug fix)[2484771] modal dialog settings - * (bug fix)[3175610] incomplete line item refresh - * (bug fix)[3062331] crash in unset traces -- tk-xft.patch has been integrated upstream. - -- Fix libXft detection in configure. - -- Bugfix release: 8.5.9: - * [sf#2899949] crash on widget destroy - * [sf#2902814] fix [wm iconphoto] on LP64 systems - * [sf#2548661] crash in GetFontFamilyName - * [sf#2864685] Compiz menu item animation - * [sf#2902573] Update Safe Tk to new Safe Base - * [sf#2912473] accept :: in DISPLAY name - * [sf#2496162] crash calling Tk_DeleteOptionTable() - * [sf#2917663] [send] accept SI:* on auth list - * [sf#2919205] syntax bug in [tk_messageBox] - * [sf#2912356] [ttk::sizegrip] accommodate Compiz - * [sf#2879927] Win: cascade menu highlight - * [sf#1924761] stop [event generate] / XIM conflict - * [sf#2848897] ODS_NOACCEL flag support - * [sf#220950] [$menu delete] bounds check - * [sf#2898255] unlimited multi-file select - * [sf#1163496] X: [wm transient] fix - * [TIP 360] Modernize X11 Menus - * [sf#2932808] canvas update on state change - * [sf#2931374] overflow in complex tag search - * [TIP 359] Extended Window Manager Hint Support - * [sf#2952745] crash in menu deletion - * [sf#2968379] crash in peer text dump - * [sf#3006842] crash on empty bind scripts - * entry validation compat with Itcl scope - * [sf#2585265] text , note selection - * [sf#3053320] update Ttk to tile 0.8.6 feature set - -- Bugfix-Release 8.5.8: - * [sf#2080533] panedwindow sash draw crash - * [sf#2504402] iconphoto on non-32-bit displays - * [sf#2785744] broken flag twiddling - * [sf#2791352] XLFD parsing error - * [sf#1923684] confused checkbutton state - * [sf#2799589] crash on delayed window activation - * [sf#220935] canvas dash update problem - * [sf#2821962] photo image copy/paste - * [sf#2496114] focus in dead window crash - * [sf#2830420] X iconphoto for big endian - * Fix word-wrap of non-breaking space in [text] - * Fix tk::MessageBox bindings for ttk::buttons - * [sf#1909931] [send] update for Fedora 8 - * Fix font allocation crash - * Fix grayscale from images - * [sf#2088597] min scrollbar slider size - * [sf#2787164] combobox/menubutton arrow size - * [sf#2870648] file dialog cursor - * [sf#1961455] underline, overstrike Xft fonts - * [sf#2794032] permit [load] into Tcl 8.6+ interps - * [sf#2168768] file dialog -typevariable scope - * [sf#1469210] [text] modified error - * [sf#1530276] X checkbutton -selectcolor - * [sf#1854913] [.t delete] before -startindex - * [sf#2809525] prevent X crash on overlong color name - * [sf#2891541] fix grab behaviour for main window - -- Install binaries unstripped to fix debuginfo packages - -- New version: 8.5.7 - * Improve keyboard bindings for ttk::scale. - * Permit [text] names containing "-". - * Limit [wm manage] to Frames. - * Fix Tk_Create*ImageType() thread safety. - * Eliminate unnecessary units conversion in screen distances, - reducing precision loss. - * Fix crash on XCreateIC failure. - * Fax crash in Tk_MakeWindowExist(). - * More bug fixes and improvements. - transactional-update -- Added 0001-Fix-EFI-grub2.patch: - Backport of upstream fix for [boo#1162320] (grub2-arm64-efi - upgrade 2.02-lp151.21.6.1 -> 2.02-lp151.21.9.1 causes system to - fail reboot with "error: symbol `grub_efi_allocate_any_pages' not - found.") +- Version 3.1.4 + - SELinux: Fix syncing of SELinux attributes when using overlays + - SELinux: Tag the overlay directory itself (again) + +- Version 3.1.3 + - Fix overlay syncing on SELinux systems + - Fix resuming transactions where the parent does not exist any more + +- Version 3.1.2 + - libtukit: Report when application was terminated due to a signal, and + return the signal number as a return value. This will cause the + transaction to be aborted when called via `execute`. + - libtukit: Set PATH variable for internal commands to fixed value to + find the helper applications, as in some environments such as PolicyKit + PATH wouldn't be set. + - Fix compiler warnings + +- Version 3.1.1 + - Fix hang in tukit on aarch64 [bsc#1181844] + - Prevent deletion of snapshots when resuming a snapshot where no + transaction is open + - Make tukit work in non-dbus environments [boo#1181934] + +- Version 3.1.0 + - t-u: Support installing RPMs from the user's directory again + - Adapt selfupdate to new packaging + - Implement signal handling + - Remove empty text files + +- Add libselinux build time dependency +- Remove RPM version check + +- Fix libstdc++ filesystem ABI incompatibility by using newer gcc + version on old distributions. [boo#1181582] + +- Rework packaging based on Fedora packaging to separate all the + components to remove the intrinsic requirement for Zypper + +- Version 3.0.0 + - This release changes the internal structure, but should be + identical to the previous release feature wise. + - Major parts of the previous Bash only application have been + rewritten in C++ with the goal to provide an API around + transactions; the transactional-update script is using that + new interface internally already, however the API should + be considered experimental for now - if you are interested to + use it, please notify us in + https://github.com/openSUSE/transactional-update/issues/52 + - A new tool called "tukit" provides a C++ tool that can be + wrapped by scripts to leverage the functionality. Please + consider it experimental for now, the commands may still change. + - Bugfixes: + - Implement support for system offline update [boo#1180808] + - Add statistics files to update environment [boo#1173282] + +- Version 2.38.3 + - SELinux: Make synchronisation work for both pre-SELinux + snapshots and later snapshots; SELinux support should be ready + for most tasks now. + +- Version 2.28.2 + - SELinux: Exclude security.selinux attribute from rsyncing (again) + +- Version 2.28.1 + - SELinux: Fixed changing the wrong grub configuration file + - SELinux: Move /.autorelabel file to writeable location + +- Version 2.28 + - Add 'setup-selinux' command for easy setup of a SELinux system + - Allow complex commands for the 'run' command + - SELinux: Fix /etc / overlay labeling + +- Version 2.27 + - Add support for network systemd-resolvd network connections in t-u + environment + - Mount /var/lib/ca-certificates read-write to prevent SELinux error + - Prevent calling transactional-update from within transactional-update + +- Version 2.26 + - Fix broken sync for second snapshot [boo#1176989] + - Add new options to allow separate cleanup of snapshots and overlays + - Check for existence of inotifywait before using it + - Check that mount options don't exceed maximum length + +- Version 2.25.1 + - Fix inotify watcher setup + - Use log_{info,error} for more messages to avoid messing up Salt logs + +- Version 2.25 + - Reduce number of overlays: + Instead of using transparent overlays for all previous layers only add the + previous snapshot's overlay; this will greatly reduce the number of + overlays while still making sure that /etc changes in the running system + will be visible in the next snapshot + - When using --drop-if-no-change synchronize potential /etc changes with + running system + - Exclude all non-root-fs mounts from inotify watcher + +- Version 2.24.1 + - SELinux: adjust labels for etc, fstab and grub.cfg + +- Version 2.24 + - Add partial SELinux support + +- Version 2.23 + - Add "run" command to be able to execute a single command in a new snapshot + - Add "--drop-if-no-change" option to discard snapshots if no changes were + perfomed (BETA, required for Salt integration) + - Removed previous CaaSP Salt support (gh#openSUSE/transactional-update#33) + - Avoid "file not found" message on systems without /var subvol + +- Remove unused attr requires +- Change bc to file requires + +- Version 2.22 + - Use pkgconf to determine installation paths + - Enable SSL connections in update shell + [boo#1149131] & [boo#1133891] + +- Version 2.21.1 + - Rework error messages on failing umount [boo#1168389] + +- Update to version 2.21 + - Use slave mounts for /proc, /sys & /dev + +- Update to version 2.20.4 + - Mount efivarfs on EFI systems to make sure the bootloader will be installed + correctly [boo#1162320] + - Fix removal of existing overlay directories + +- Add dependencies to btrfsprogs, zypper and snapper - most of the + functionality is not usable if those applications are not + installed. [boo#1166502] util-linux -- libblkid: Do not trigger CDROM autoclose (bsc#1084671, +- libmount: don't use "symfollow" for helpers on user mounts + (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) + +- Override GTKDOCIZE with /bin/true so we can run autoreconf + without needing gtk-doc as a dependency. + +- Merge package with SLE15 SP3 and openSUSE Leap 15.3: + Obsoletes upstreamed patches: +- libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, +- lscpu: avoid segfault on PowerPC systems with valid hardware + configurations + (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, + lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) +- Fix for SG#57988, bsc#1174942 (v2.36): + libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts + to CIFS with mount –a. +- blockdev: Do not fail --report on kpartx-style partitions on + multipath (v2.36, + bsc#1168235, util-linux-blockdev-report-dm.patch). +- nologin: Add support for -c to prevent error from su -c + (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). +- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: + Avoid triggering autofs in lookup_umount_fs_by_statfs + (v2.36 boo#1168389) +- mount: fall back to device node name if /dev/mapper link not found + (v2.34, bsc#1149911) + * Add patch: util-linux-canonicalize-coverity-scan.patch +- De-duplicate fstrim -A properly (v2.34, bsc#1127701, + util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, + util-linux-fstrim-A-4.patch). +- Do not trim read-only volumes + (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, + util-linux-fstrim-A-4.patch). +- libmount: To prevent incorrect behavior, recognize more pseudofs + and netfs (v2.34, bsc#1122417, + util-linux-libmount-pseudofs.patch). +- agetty: Return previous response of agetty for special characters + (v2.34, bsc#1085196, bsc#1125886, + util-linux-agetty-smart-reload-13.patch, + util-linux-agetty-smart-reload-14.patch). +- Fix problems in reading of login.defs values (v2.34, bsc#1121197, + util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch, + util-linux-login_defs-SYS_UID.patch). + +- Build with libudev support to support non-root users + (boo#1169006). +- Move findmnt and lsblk to util-linux-systemd, as they use libudev + (bsc#1169006#c10). + +- Do not require libeconf-devel on products without /usr/etc. + +- s/--enable-vendordir/--with-vendordir/ +- remove pam_securetty line again. As long as there is no agreement + from pam side having it would fail openQA (boo#1033626) + +- Update to version 2.36.1: + * chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr() + * fallocate: fix --dig-holes at end of files + * fdisk: always report fdisk_create_disklabel() errors + * flock: keep -E exit status more restrictive + * fstrim: remove fstab condition from fstrim.timer + * hexdump: automatically use -C when called as hd + * hwclock: add fallback if SYS_settimeofday does not exist, fix + SYS_settimeofday fallback + * libblkid: allow a lot of mac partitions, fix Atari prober logic, + limit amount of parsed partitions + * more libfdisk improvements + * losetup: avoid infinite busy loop, increase limit of setup + attempts + * lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print + zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if + available + * lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part + numbers, avoid segfault on PowerPC systems with valid hardware + configurations (bsc#1175623) + * mount: Add support for "nosymfollow" mount option. + * pg: fix wcstombs() + * sfdisk: correct --json --dump false exclusive, fix backward + - -move-data + * vipw: fix short write handling in copyfile + * whereis: fix out of boundary read, support zst compressed man + pages + * minor code improvements and fixes + * minor licensing changes + * improve docs +- Require both group(uuidd) and user(uuidd). + +- Do search /usr/sbin for mount helpers. (This drops /sbin/fs, + /sbin/fs.d, which we do not use in openSUSE.) + +- prepare usrmerge (boo#1029961) -- Build with libudev support to support non-root users - (boo#1169006). +- Fix default permissions of wall and write. +- Update to version 2.36: + * blkdiscard(8) refuses to proceed if filesystem or RAID + signatures are found in interactive mode (executed on a + terminal). The option --force is required to the discard + data. + * new commands irqtop(1) and lsirq(1)to monitor kernel + interrupts. + * cal(1) provides a new --vertical command line option. + * blkzone(8) implements open/close/finish commands now. + * unshare(1) and nsenter(1) commands support the time namespace + now. + * agetty(8) now supports multiple paths in the option + - -issue-file. + * fdisk(8), sfdisk(8), cfdisk(8), mkswap(8) and wipefs(8) now + support block devices locking by flock(2), new command line + option --lock and $LOCK_BLOCK_DEVICE environmental variable. + * dmesg(1) new command line option --follow-new to wait and + print only new kernel messages. + * fdisk(8) new command line option --list-details and + - -noauto-pt. + * fdisk(8) and sfdisk(8) support user-friendly aliases for + partition types. + * fstrim(8) supports new command line option --listed-in. + * libfdisk provides API to relocate GPT backup header. New + command line option "sfdisk --relocate". + * mount(8) now supports mount by ID= tag. + * login(1) supports list of "message of the day". + * All tools which read /etc/login.defs is possible to compile + with libeconf now. + * more(1) has been refactored. + * man pages cleanup + * other fixes and improvements, see: + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.36/v2.36-ReleaseNotes +- Refresh Add-documentation-on-blacklisted-modules-to-mount-8-.patch. +- Drop upstreamed libeconf.patch, + libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch. +- util-linux-login_defs-check.sh: Perform all steps to integrate + MOTD_FIRSTONLY. +- Update baselibs.conf. + +- Use plain #!/bin/sh for flushb + +- Include pam_securetty in login.pamd again (bsc#1033626) +- Update to 2.35.2 + * make glibc 2.31 compatible +- Dropped unneeded patch libfdisk-script-accept-sector-size.patch + +- Add patch to fix sfdisk not reading its own scripts: + * libfdisk-script-accept-sector-size.patch +- Use %autopatch + +- Fix verification of mount, su and umount (bsc#1166948) + +- Update to version 2.35.1: + * agetty: add --show-issue, support for /run/issue and + * fdisk: Correct handling of hybrid MBR, cleanup wipe warning, + use 'r' to return from MBR to GPT. + * lsblk: FSVER column, + drop e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch. + * lscpu: Add HiSilicon aarch64 tsv110 cpupart, add a new columns + to --cache. + * mount: add --target-prefix. + * mountpoint: add --nofollow option. + * script: add --echo, --log-in, --logging-format, --log-out and + - -log-timing. + * scriptlive: new command. + * scriptreplay: add --log-* options, --cr-mode, --stream, + - -summary, -T --log-timing. + * sfdisk: add progress bars. + * unshare: add --keep-caps and --map-current-user options. + * Many other fixes and improvements, see: + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35-ReleaseNotes + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35.1-ReleaseNotes +- Refresh libeconf.patch. -- lscpu: avoid segfault on PowerPC systems with valid hardware - configurations - (bsc#1175623, bsc#1178554, bsc#1178825, - lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) +- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: + Avoid triggering autofs in lookup_umount_fs_by_statfs + (boo#1168389) -- Fix for SG#57988, bsc#1174942: - libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts - to CIFS with mount –a. +- libeconf.patch: fix a long int error on 32bit -- blockdev: Do not fail --report on kpartx-style partitions on - multipath (bsc#1168235, util-linux-blockdev-report-dm.patch). +- libeconf.patch: Add support for libeconf +- Move /etc/pam.d/* to /usr/etc/pam.d +- Remove migration code for su from coreutils to util-linux, not + needed anymore -- nologin: Add support for -c to prevent error from su -c - (bsc#1151708, util-linux-nologin-su-c.patch). +- Do not recommend lang package. The lang package already has a + supplements. -- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: - Avoid triggering autofs in lookup_umount_fs_by_statfs - (boo#1168389) +- lsblk: force to print PKNAME for partition with + e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch -- mount: fall back to device node name if /dev/mapper link not found - (bsc#1149911) - * Add patch: util-linux-canonicalize-coverity-scan.patch +- Remove outdated buildignore for pwdutils, had no effect with + shadow anyways -- Fix comments and unify look of PAM files that were just changed - (login.pamd, remote.pamd). +- Fix comments and unify look of PAM files (login.pamd, + remote.pamd, runuser-l.pamd, runuser.pamd, su-l.pamd, su.pamd). + +- Update to version 2.34: + * new command hardlink + * rewrite of lsblk, now supports --dedup + * support for FUSE in umount + * support for "--all -o remount" in mount + * su: prefer /etc/default/su over /etc/login.defs and ENV_SUPATH + over ENV_ROOTPATH (bsc#1121197), improved --pty + * unshare: add -S/--setuid, -G/--setgid, -R/--root and -w/--wd + * fstrim: do not suppress warnings unless --quiet is used + * lscpu: print 'Frequency boost' and 'Vulnerability' fields, add + - -caches + * logger: merge multiple MESSAGE= lines + * libblkid: do not depend on libuuid, supports DRBD9 detection + * libsmartcols: support N:M relationships in tree-like output + * fstrim and uuidd systemd services: hardening settings to + improve security and service isolation + * fstrim: trim root filesystem on --fstab, check for read-only + filesystems on --all and --fstab (boo#1106214). + * fstrim -A: properly de-duplicate sub-volumes (boo#1127701). + * Obsoletes util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch and + util-linux-login_defs-SYS_UID.patch. + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes +- Provide and obsolete hardlink package. +- util-linux-login_defs-check.sh: Update checksum, login now + supports LASTLOG_UID_MAX. -- De-duplicate fstrim -A properly (bsc#1127701, - util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, - util-linux-fstrim-A-4.patch). -- Do not trim read-only volumes - (boo#1106214, util-linux-fstrim-A-2.patch, - util-linux-fstrim-A-4.patch). - -- libmount: To prevent incorrect behavior, recognize more pseudofs - and netfs (bsc#1122417, util-linux-libmount-pseudofs.patch). - +- Use FAT LTO objects in order to provide proper static library (boo#1138795). + -- agetty: Return previous response of agetty for special characters - (bsc#1085196, bsc#1125886, - util-linux-agetty-smart-reload-13.patch, - util-linux-agetty-smart-reload-14.patch). +- Update to version 2.33.2 (bsc#1134337): + * agetty: Fix 8-bit processing in get_logname() (bsc#1125886). + * mount: Fix "mount" output for net file systems (bsc#1122417). + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check util-linux-login_defs-check.sh + (bsc#1121197). +- Drop bc BuildRequires: not needed. + +- libmount: remove jffs2 and ubifs from blacklist (jsc#SLE-4085). + - (jsc#SUSE-4085, fate#326832), and add documentation + (jsc#SLE-4085, fate#326832), and add documentation +- agetty: Fixes for reload issue only if it is really needed + (bsc#1085196, boo#1120298, + util-linux-agetty-smart-reload-10.patch, + util-linux-agetty-smart-reload-11.patch, + util-linux-agetty-smart-reload-12.patch). + -- Update to version 2.33 (FATE#326844): +- Update to version 2.33: +- Drop klogconsole in favor of dmesg --console-level plus + setlogcons (kbd) (boo#1116277). + +- Fix runstatedir path (to /run) (boo#1113188#c1). + +- Create empty /etc/issue.d for the new agetty feature. + +- Drop obsolete downstream ppc utilities + chrp-addnote and mkzimage_cmdline (boo#1109284). +- Drop obsolete setctsid (boo#1109290). + +- Update to version 2.32.1: - https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33-ReleaseNotes - util-linux-chcpu-cpu-count.patch, - util-linux-bash-completion-umount-CVE-2018-7738.patch). -- agetty: Fixes for reload issue only if it is really needed - (bsc#1085196, util-linux-agetty-smart-reload-10.patch, - util-linux-agetty-smart-reload-11.patch, - util-linux-agetty-smart-reload-12.patch). -- agetty BEHAVIOR CHANGE: Terminal switches to character mode when - entering logname; echo is generated by the agetty itself. - (In past, logname echo was generated locally by the terminal, - using the canonical line editing mode.) - -- Fix runstatedir path (to /run) (boo#1113188#c1). - -- Create empty /etc/issue.d for the new agetty feature. + util-linux-chcpu-cpu-count.patch). -- Fix local vulnerability using embeded shell commands in - a mountpoint name (bsc#1084300, CVE-2018-7738, - util-linux-bash-completion-umount-CVE-2018-7738.patch). - util-linux-systemd -- libblkid: Do not trigger CDROM autoclose (bsc#1084671, +- libmount: don't use "symfollow" for helpers on user mounts + (boo#1181750, util-linux-libmount-dont-use-symfollow.patch) + +- Override GTKDOCIZE with /bin/true so we can run autoreconf + without needing gtk-doc as a dependency. + +- Merge package with SLE15 SP3 and openSUSE Leap 15.3: + Obsoletes upstreamed patches: +- libblkid: Do not trigger CDROM autoclose (v2.35, bsc#1084671, +- lscpu: avoid segfault on PowerPC systems with valid hardware + configurations + (v2.36.1, bsc#1175623, bsc#1178554, bsc#1178825, + lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) +- Fix for SG#57988, bsc#1174942 (v2.36): + libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts + to CIFS with mount –a. +- blockdev: Do not fail --report on kpartx-style partitions on + multipath (v2.36, + bsc#1168235, util-linux-blockdev-report-dm.patch). +- nologin: Add support for -c to prevent error from su -c + (v2.35, bsc#1151708, util-linux-nologin-su-c.patch). +- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: + Avoid triggering autofs in lookup_umount_fs_by_statfs + (v2.36 boo#1168389) +- mount: fall back to device node name if /dev/mapper link not found + (v2.34, bsc#1149911) + * Add patch: util-linux-canonicalize-coverity-scan.patch +- De-duplicate fstrim -A properly (v2.34, bsc#1127701, + util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, + util-linux-fstrim-A-4.patch). +- Do not trim read-only volumes + (v2.34, boo#1106214, util-linux-fstrim-A-2.patch, + util-linux-fstrim-A-4.patch). +- libmount: To prevent incorrect behavior, recognize more pseudofs + and netfs (v2.34, bsc#1122417, + util-linux-libmount-pseudofs.patch). +- agetty: Return previous response of agetty for special characters + (v2.34, bsc#1085196, bsc#1125886, + util-linux-agetty-smart-reload-13.patch, + util-linux-agetty-smart-reload-14.patch). +- Fix problems in reading of login.defs values (v2.34, bsc#1121197, + util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch, + util-linux-login_defs-SYS_UID.patch). + +- Build with libudev support to support non-root users + (boo#1169006). +- Move findmnt and lsblk to util-linux-systemd, as they use libudev + (bsc#1169006#c10). + +- Do not require libeconf-devel on products without /usr/etc. + +- s/--enable-vendordir/--with-vendordir/ +- remove pam_securetty line again. As long as there is no agreement + from pam side having it would fail openQA (boo#1033626) + +- Update to version 2.36.1: + * chrt: use SCHED_FLAG_RESET_ON_FORK for sched_setattr() + * fallocate: fix --dig-holes at end of files + * fdisk: always report fdisk_create_disklabel() errors + * flock: keep -E exit status more restrictive + * fstrim: remove fstab condition from fstrim.timer + * hexdump: automatically use -C when called as hd + * hwclock: add fallback if SYS_settimeofday does not exist, fix + SYS_settimeofday fallback + * libblkid: allow a lot of mac partitions, fix Atari prober logic, + limit amount of parsed partitions + * more libfdisk improvements + * losetup: avoid infinite busy loop, increase limit of setup + attempts + * lsblk: fix -T optional argument, fix SCSI_IDENT_SERIAL, print + zero rather than empty SIZE, read ID_SCSI_IDENT_SERIAL if + available + * lscpu: Add FUJITSU aarch64 A64FX cpupart, Even more Arm part + numbers, avoid segfault on PowerPC systems with valid hardware + configurations (bsc#1175623) + * mount: Add support for "nosymfollow" mount option. + * pg: fix wcstombs() + * sfdisk: correct --json --dump false exclusive, fix backward + - -move-data + * vipw: fix short write handling in copyfile + * whereis: fix out of boundary read, support zst compressed man + pages + * minor code improvements and fixes + * minor licensing changes + * improve docs +- Require both group(uuidd) and user(uuidd). + +- Do search /usr/sbin for mount helpers. (This drops /sbin/fs, + /sbin/fs.d, which we do not use in openSUSE.) + +- prepare usrmerge (boo#1029961) -- Build with libudev support to support non-root users - (boo#1169006). +- Fix default permissions of wall and write. +- Update to version 2.36: + * blkdiscard(8) refuses to proceed if filesystem or RAID + signatures are found in interactive mode (executed on a + terminal). The option --force is required to the discard + data. + * new commands irqtop(1) and lsirq(1)to monitor kernel + interrupts. + * cal(1) provides a new --vertical command line option. + * blkzone(8) implements open/close/finish commands now. + * unshare(1) and nsenter(1) commands support the time namespace + now. + * agetty(8) now supports multiple paths in the option + - -issue-file. + * fdisk(8), sfdisk(8), cfdisk(8), mkswap(8) and wipefs(8) now + support block devices locking by flock(2), new command line + option --lock and $LOCK_BLOCK_DEVICE environmental variable. + * dmesg(1) new command line option --follow-new to wait and + print only new kernel messages. + * fdisk(8) new command line option --list-details and + - -noauto-pt. + * fdisk(8) and sfdisk(8) support user-friendly aliases for + partition types. + * fstrim(8) supports new command line option --listed-in. + * libfdisk provides API to relocate GPT backup header. New + command line option "sfdisk --relocate". + * mount(8) now supports mount by ID= tag. + * login(1) supports list of "message of the day". + * All tools which read /etc/login.defs is possible to compile + with libeconf now. + * more(1) has been refactored. + * man pages cleanup + * other fixes and improvements, see: + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.36/v2.36-ReleaseNotes +- Refresh Add-documentation-on-blacklisted-modules-to-mount-8-.patch. +- Drop upstreamed libeconf.patch, + libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch. +- util-linux-login_defs-check.sh: Perform all steps to integrate + MOTD_FIRSTONLY. +- Update baselibs.conf. + +- Use plain #!/bin/sh for flushb + +- Include pam_securetty in login.pamd again (bsc#1033626) +- Update to 2.35.2 + * make glibc 2.31 compatible +- Dropped unneeded patch libfdisk-script-accept-sector-size.patch + +- Add patch to fix sfdisk not reading its own scripts: + * libfdisk-script-accept-sector-size.patch +- Use %autopatch + +- Fix verification of mount, su and umount (bsc#1166948) + +- Update to version 2.35.1: + * agetty: add --show-issue, support for /run/issue and + * fdisk: Correct handling of hybrid MBR, cleanup wipe warning, + use 'r' to return from MBR to GPT. + * lsblk: FSVER column, + drop e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch. + * lscpu: Add HiSilicon aarch64 tsv110 cpupart, add a new columns + to --cache. + * mount: add --target-prefix. + * mountpoint: add --nofollow option. + * script: add --echo, --log-in, --logging-format, --log-out and + - -log-timing. + * scriptlive: new command. + * scriptreplay: add --log-* options, --cr-mode, --stream, + - -summary, -T --log-timing. + * sfdisk: add progress bars. + * unshare: add --keep-caps and --map-current-user options. + * Many other fixes and improvements, see: + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35-ReleaseNotes + https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.35/v2.35.1-ReleaseNotes +- Refresh libeconf.patch. -- lscpu: avoid segfault on PowerPC systems with valid hardware - configurations - (bsc#1175623, bsc#1178554, bsc#1178825, - lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch) +- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: + Avoid triggering autofs in lookup_umount_fs_by_statfs + (boo#1168389) -- Fix for SG#57988, bsc#1174942: - libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts - to CIFS with mount –a. +- libeconf.patch: fix a long int error on 32bit -- blockdev: Do not fail --report on kpartx-style partitions on - multipath (bsc#1168235, util-linux-blockdev-report-dm.patch). +- libeconf.patch: Add support for libeconf +- Move /etc/pam.d/* to /usr/etc/pam.d +- Remove migration code for su from coreutils to util-linux, not + needed anymore -- nologin: Add support for -c to prevent error from su -c - (bsc#1151708, util-linux-nologin-su-c.patch). +- Do not recommend lang package. The lang package already has a + supplements. -- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch: - Avoid triggering autofs in lookup_umount_fs_by_statfs - (boo#1168389) +- lsblk: force to print PKNAME for partition with + e3bb9bfb76c17b1d05814436ced62c05c4011f48.patch -- mount: fall back to device node name if /dev/mapper link not found - (bsc#1149911) - * Add patch: util-linux-canonicalize-coverity-scan.patch +- Remove outdated buildignore for pwdutils, had no effect with + shadow anyways -- Fix comments and unify look of PAM files that were just changed - (login.pamd, remote.pamd). +- Fix comments and unify look of PAM files (login.pamd, + remote.pamd, runuser-l.pamd, runuser.pamd, su-l.pamd, su.pamd). + +- Update to version 2.34: + * new command hardlink + * rewrite of lsblk, now supports --dedup + * support for FUSE in umount + * support for "--all -o remount" in mount + * su: prefer /etc/default/su over /etc/login.defs and ENV_SUPATH + over ENV_ROOTPATH (bsc#1121197), improved --pty + * unshare: add -S/--setuid, -G/--setgid, -R/--root and -w/--wd + * fstrim: do not suppress warnings unless --quiet is used + * lscpu: print 'Frequency boost' and 'Vulnerability' fields, add + - -caches + * logger: merge multiple MESSAGE= lines + * libblkid: do not depend on libuuid, supports DRBD9 detection + * libsmartcols: support N:M relationships in tree-like output + * fstrim and uuidd systemd services: hardening settings to + improve security and service isolation + * fstrim: trim root filesystem on --fstab, check for read-only + filesystems on --all and --fstab (boo#1106214). + * fstrim -A: properly de-duplicate sub-volumes (boo#1127701). + * Obsoletes util-linux-login_defs-priority1.patch, + util-linux-login_defs-priority2.patch and + util-linux-login_defs-SYS_UID.patch. + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.34/v2.34-ReleaseNotes +- Provide and obsolete hardlink package. +- util-linux-login_defs-check.sh: Update checksum, login now + supports LASTLOG_UID_MAX. -- De-duplicate fstrim -A properly (bsc#1127701, - util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch, - util-linux-fstrim-A-4.patch). -- Do not trim read-only volumes - (boo#1106214, util-linux-fstrim-A-2.patch, - util-linux-fstrim-A-4.patch). - -- libmount: To prevent incorrect behavior, recognize more pseudofs - and netfs (bsc#1122417, util-linux-libmount-pseudofs.patch). - +- Use FAT LTO objects in order to provide proper static library (boo#1138795). + -- agetty: Return previous response of agetty for special characters - (bsc#1085196, bsc#1125886, - util-linux-agetty-smart-reload-13.patch, - util-linux-agetty-smart-reload-14.patch). +- Update to version 2.33.2 (bsc#1134337): + * agetty: Fix 8-bit processing in get_logname() (bsc#1125886). + * mount: Fix "mount" output for net file systems (bsc#1122417). + * Many Other fixes, see + https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check util-linux-login_defs-check.sh + (bsc#1121197). +- Drop bc BuildRequires: not needed. + +- libmount: remove jffs2 and ubifs from blacklist (jsc#SLE-4085). + - (jsc#SUSE-4085, fate#326832), and add documentation + (jsc#SLE-4085, fate#326832), and add documentation +- agetty: Fixes for reload issue only if it is really needed + (bsc#1085196, boo#1120298, + util-linux-agetty-smart-reload-10.patch, + util-linux-agetty-smart-reload-11.patch, + util-linux-agetty-smart-reload-12.patch). + -- Update to version 2.33 (FATE#326844): +- Update to version 2.33: +- Drop klogconsole in favor of dmesg --console-level plus + setlogcons (kbd) (boo#1116277). + +- Fix runstatedir path (to /run) (boo#1113188#c1). + +- Create empty /etc/issue.d for the new agetty feature. + +- Drop obsolete downstream ppc utilities + chrp-addnote and mkzimage_cmdline (boo#1109284). +- Drop obsolete setctsid (boo#1109290). + +- Update to version 2.32.1: - https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33-ReleaseNotes - util-linux-chcpu-cpu-count.patch, - util-linux-bash-completion-umount-CVE-2018-7738.patch). -- agetty: Fixes for reload issue only if it is really needed - (bsc#1085196, util-linux-agetty-smart-reload-10.patch, - util-linux-agetty-smart-reload-11.patch, - util-linux-agetty-smart-reload-12.patch). -- agetty BEHAVIOR CHANGE: Terminal switches to character mode when - entering logname; echo is generated by the agetty itself. - (In past, logname echo was generated locally by the terminal, - using the canonical line editing mode.) - -- Fix runstatedir path (to /run) (boo#1113188#c1). - -- Create empty /etc/issue.d for the new agetty feature. + util-linux-chcpu-cpu-count.patch). -- Fix local vulnerability using embeded shell commands in - a mountpoint name (bsc#1084300, CVE-2018-7738, - util-linux-bash-completion-umount-CVE-2018-7738.patch). - wpa_supplicant +- Add CVE-2021-0326.patch -- P2P group information processing vulnerability + (bsc#1181777) + - [https://w1.fi/security/2019-1/] (CVE-2019-9494) + [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) - [https://w1.fi/security/2019-2/] (CVE-2019-9495) + [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - [https://w1.fi/security/2019-4/] (CVE-2019-9499) + [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, + CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - [https://w1.fi/security/2019-5/] + [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) + - SAE/EAP-pwd side-channel attack update + [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) - [http://w1.fi/security/2015-5/] + [http://w1.fi/security/2015-5/] (CVE-2015-8041) -- added patch for bnc#930077 +- added patch for bnc#930077 CVE-2015-4141 -- added patch for bnc#930078 +- added patch for bnc#930078 CVE-2015-4142 -- added patches for bnc#930079 +- added patches for bnc#930079 CVE-2015-4143 yast2 +- Fixed bug introduced while adding auto wrapping (bsc#1179893) +- 4.3.55 + +- Use Auto Wrapping of long lines for Yast2::Popup and Yast::Report + (bsc#1179893) +- 4.3.54 + +- Do not use the 'installation-helper' binary to create snapshots + during installation or offline upgrade (bsc#1180142). +- Add a new exception to properly handle exceptions + when reading/writing snapshots numbers (related to bsc#1180142). +- 4.3.53 + +- Added supported migration "openSUSE Leap 15.3" -> SLES + (in 15.3 the product has been renamed from "openSUSE" to "Leap") + (bsc#1181773) +- 4.3.52 + yast2-add-on +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.8 + yast2-bootloader +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.22 + +- use shim for secure boot also on aarch64 (jsc#SLE-15020) +- 4.3.21 + yast2-configuration-management +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.5 + yast2-country +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893) +- 4.3.12 + yast2-firewall +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893) +- 4.3.10 + yast2-installation +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.26 + +- Do not crash when it is not possible to create a snapshot after + installing or upgrading the system (bsc#1180142). +- 4.3.25 + yast2-network +- Added AutoYaST interfaces section errors reporting (bsc#1174353, + bsc#1178107). +- 4.3.49 + +- Improve the AutoYaST interfaces reader handling better the IP + Addresses configuration. (bsc#1174353, bsc#1178107) +- 4.3.48 + +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.47 + +- Allow to disable the proposal of the bridge network configuration + for virtualization in the installation summary or by the new + 'virt_bridge_proposal' AutoYaST option (bsc#1178603) +- 4.3.46 + +- Fix for not present interfaces when deciding whether + the "Scan Network" button should be disabled or not during a + wireless configuration (bsc#1177834). +- 4.3.45 + +- Cache the hardware netcards information in order to speed up the + access (bsc#1180702) +- 4.3.44 + +- Added lladdr attribute to the interface section in the networking + schema and honors it when importing the config (bsc#1179876) +- 4.3.43 + yast2-nfs-client +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.3 + yast2-nfs-server +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.2 + yast2-nis-client +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.6 + yast2-ntp-client +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.2 + yast2-packager +- Show correct number of downloaded packages in log (bsc#1180278) +- Fix crash when installation proposal require pattern and such + pattern is not available in any repository (found during testing + jsc#SLE-17427) +- 4.3.14 + +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.13 + yast2-pam +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.4 + yast2-s390 +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893, bsc#1182624). +- 4.3.3 + yast2-samba-server +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.4 + yast2-schema +- Add the 'virt_bridge_proposal' element to the networking section + in order to permit to disable the proposal of the bridge network + configuration for virtualization (bsc#1178603). +- 4.3.18 + +- Add the 'lladdr' element to the networking interface section + (bsc#1179876). +- 4.3.17 + yast2-security +- Move SELinux .autorelabel file from / to /etc/selinux if root + filesystem will be mounted as read only (jsc#SLE-17307). +- 4.3.10 + +- jsc#SMO-20, jsc#SLE-17342: + - Add class for managing SELinux configuration. + - AutoYaST: add support for SELinux configuration. +- 4.3.9 + +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.8 + yast2-services-manager +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.6 + yast2-storage-ng +- Partitioner: ask for recursively unmounting affected devices when + deleting a device (bsc#1171310). +- 4.3.44 + +- Partitioner: in general, collapse branches of the tables only if + they contain Btrfs snapshots (related to bsc#1181464). +- 4.3.43 + +- Partitioner: stop offering LVM pools as possible base devices + for bcache devices and for multi-device btrfs (bsc#1170044). +- 4.3.42 + yast2-sysconfig +- Adapted unit test to recent changes in Yast::Report (related to + bsc#1179893). +- 4.3.3 + yast2-theme +- Use Poppins fonts instead of Raleway in all style files. +- Part of jsc#SLE-15714. +- 4.3.4 + +- Update branding (jsc#SLE-15714). +- 4.3.3 + +- Add icon for cinnamon pattern +- 4.3.2 + yast2-trans +- Update to version 84.87.20210219.c6a06209b7: + * New POT for text domain 'security'. + +- Update to version 84.87.20210212.15272017a9: + * New POT for text domain 'ncurses'. + * New POT for text domain 'base'. + * New POT for text domain 'update'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + +- Update to version 84.87.20210205.68980f3ed7: + * New POT for text domain 'qt-pkg'. + * New POT for text domain 'qt'. + * New POT for text domain 'ncurses-pkg'. + * New POT for text domain 'wol'. + * New POT for text domain 'vpn'. + * New POT for text domain 'users'. + * New POT for text domain 'update'. + * New POT for text domain 'tune'. + * New POT for text domain 'sysconfig'. + * New POT for text domain 'support'. + * New POT for text domain 'sudo'. + * New POT for text domain 'storage'. + * New POT for text domain 'squid'. + * New POT for text domain 'sound'. + * New POT for text domain 'snapper'. + * New POT for text domain 'slp-server'. + * New POT for text domain 'services-manager'. + * New POT for text domain 'security'. + * New POT for text domain 'scanner'. + * New POT for text domain 'samba-server'. + * New POT for text domain 'samba-client'. + * New POT for text domain 's390'. + * New POT for text domain 'rmt'. + * New POT for text domain 'relocation-server'. + * New POT for text domain 'reipl'. + * New POT for text domain 'registration'. + * New POT for text domain 'rdp'. + * New POT for text domain 'proxy'. + * New POT for text domain 'printer'. + * New POT for text domain 'pam'. + * New POT for text domain 'packager'. + * New POT for text domain 'online-update'. + * New POT for text domain 'ntp-client'. + * New POT for text domain 'nis_server'. + * New POT for text domain 'nis'. + * New POT for text domain 'nfs_server'. + * New POT for text domain 'nfs'. + * New POT for text domain 'network'. + * New POT for text domain 'multipath'. + * New POT for text domain 'migration'. + * New POT for text domain 'mail'. + * New POT for text domain 'ldap-client'. + * New POT for text domain 'ldap'. + * New POT for text domain 'kdump'. + * New POT for text domain 'journalctl'. + * New POT for text domain 'isns'. + * New POT for text domain 'iscsi-lio-server'. + * New POT for text domain 'iscsi-client'. + * New POT for text domain 'iplb'. + * New POT for text domain 'instserver'. + * New POT for text domain 'installation'. + * New POT for text domain 'http-server'. + * New POT for text domain 'geo-cluster'. + * New POT for text domain 'ftp-server'. + * New POT for text domain 'firewall'. + * New POT for text domain 'fcoe-client'. + * New POT for text domain 'drbd'. + * New POT for text domain 'dns-server'. + * New POT for text domain 'dhcp-server'. + * New POT for text domain 'crowbar'. + * New POT for text domain 'country'. + * New POT for text domain 'control'. + * New POT for text domain 'cluster'. + * New POT for text domain 'bootloader'. + * New POT for text domain 'base'. + * New POT for text domain 'autoinst'. + * New POT for text domain 'auth-client'. + * New POT for text domain 'audit-laf'. + * New POT for text domain 'apparmor'. + * New POT for text domain 'add-on'. + * Add empty po files for cc and cc-control + * product-check.sh: Add support for 000product and inherited products + * DOMAIN_MAP: Add system-role-common-criteria + * Automatic update of wol. + * Automatic update of vpn. + * Automatic update of users. + * Automatic update of update. + * Automatic update of tune. + * Automatic update of s390. + * Automatic update of sysconfig. + * Automatic update of support. + * Automatic update of sudo. + * Automatic update of storage. + * Automatic update of squid. + * Automatic update of sound. + * Automatic update of snapper. + * Automatic update of slp-server. + * Automatic update of services-manager. + * Automatic update of security. + * Automatic update of scanner. + * Automatic update of samba-server. + * Automatic update of samba-client. + * Automatic update of rmt. + * Automatic update of relocation-server. + * Automatic update of reipl. + * Automatic update of registration. + * Automatic update of rdp. + * Automatic update of proxy. + * Automatic update of printer. + * Automatic update of pam. + * Automatic update of packager. + * Automatic update of online-update. + * Automatic update of ntp-client. + * Automatic update of nis_server. + * Automatic update of nis. + * Automatic update of nfs_server. + * Automatic update of nfs. + * Automatic update of network. + * Automatic update of multipath. + * Automatic update of migration. + * Automatic update of mail. + * Automatic update of ldap-client. + * Automatic update of ldap. + * Automatic update of kdump. + * Automatic update of journalctl. + * Automatic update of isns. + * Automatic update of iscsi-lio-server. + * Automatic update of iscsi-client. + * Automatic update of iplb. + * Automatic update of instserver. + * Automatic update of installation. + * Automatic update of http-server. + * Automatic update of geo-cluster. + * Automatic update of ftp-server. + * Automatic update of firewall. + * Automatic update of fcoe-client. + * Automatic update of drbd. + * Automatic update of dns-server. + * Automatic update of dhcp-server. + * Automatic update of crowbar. + * Automatic update of country. + * Automatic update of control. + * Automatic update of cluster. + * Automatic update of bootloader. + * Automatic update of base. + * Automatic update of autoinst. + * Automatic update of auth-client. + * Automatic update of audit-laf. + * Automatic update of apparmor. + * Automatic update of add-on. + * New POT for text domain 'ncurses'. + * New POT for text domain 'autoinst'. + yast2-update +- Do not rely on the 'installation-helper' binary to create + snapshots after installation or offline upgrade (bsc#1180142). +- Do not crash when it is not possible to create a snapshot before + upgrading the system (related to bsc#1180142). +- 4.3.2 + yast2-x11 +- Added "active_window" for switching the current X window + (or restoring back the previously active window) + (jsc#PM-1895, jsc#SLE-16263) +- 4.3.0 + -- Add explicit COPYING file - yast2-ycp-ui-bindings +- Handle special keyboard shortcuts (jsc#PM-1895, jsc#SLE-16263) +- 4.3.9 + +- Adapted to libyui SO bump 14 -> 15 (bsc#1181653) +- 4.3.8 + zypper +- doc: give more details about creating versioned package locks + (bsc#1181622) +- man: Document synonymously used patch categories (bsc#1179847) +- version 1.14.43 +