Removed rpms ============ Added rpms ========== - alsa-firmware - libblogger2 - libebtc0 - libnftables1 - python3-nftables - typelib-1_0-Flatpak-1_0 Package Source Changes ====================== ImageMagick +- security update +- added patches + fix CVE-2021-20241 [bsc#1182335], Division by zero in WriteJP2Image() in coders/jp2.c + + ImageMagick-CVE-2021-20241.patch + fix CVE-2021-20243 [bsc#1182336], Division by zero in GetResizeFilterWeight in MagickCore/resize.c + + ImageMagick-CVE-2021-20243.patch + fix CVE-2021-20244 [bsc#1182325], Division by zero in ImplodeImage in MagickCore/visual-effects.c + + ImageMagick-CVE-2021-20244.patch + fix CVE-2021-20246 [bsc#1182337], Division by zero in ScaleResampleFilter in MagickCore/resample.c + + ImageMagick-CVE-2021-20246.patch + MozillaFirefox +- Firefox Extended Support Release 78.9.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2021-11 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 + +- Firefox Extended Support Release 78.8.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2021-08 (bsc#1182614) + * CVE-2021-23969 (bmo#1542194) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23968 (bmo#1687342) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23973 (bmo#1690976) + MediaError message property could have leaked information + about cross-origin resources + * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, + bmo#786797) + Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 +- Update create-tar.sh to use https instead of http (bsc#1182357) + MozillaThunderbird +- Mozilla Thunderbird 78.9.1 + * new: Support recipient aliases for OpenPGP encryption. + Documentation can be found https://wiki.mozilla.org/ + Thunderbird:OpenPGP:Aliases. + * fixed: The key and signature parts of the message security + popup on a received message could not be selected for + copy/paste. + * fixed: Various UX and theme improvements + MFSA 2021-13 (bsc#1184536) + * CVE-2021-23991 (bmo#1673240) + An attacker may use Thunderbird's OpenPGP key refresh + mechanism to poison an existing key + * MOZ-2021-23992 (bmo#1666236) + A crafted OpenPGP key with an invalid user ID could be used + to confuse the user + * CVE-2021-23993 (bmo#1666360) + Inability to send encrypted OpenPGP email after importing a + crafted OpenPGP key + +- Mozilla Thunderbird 78.9 + * fixed: New mail notification displayed old messages that were + unread + * fixed: Spaces following soft line breaks in messages using + quoted-printable and format=flowed were incorrectly encoded; + existing messages which were previously incorrectly encoded + may now display with some words not separated by a space + * fixed: Some fields were unreadable in the Dark theme in the + General preferences panel + * fixed: Sending a message containing an anchor tag with an + invalid data URI failed + * fixed: When switching tabs, input focus was not moved to the + new tab + * fixed: Address Book: Syncing a read-only Google address book + via CardDAV failed + * fixed: Address Book: Importing VCards with non-ascii + characters would fail + * fixed: Address Book: Some values may not have been parsed + when syncing from Google address books. + * fixed: Add-ons Manager did not show if an addon used + experiment APIs + * fixed: Calendar: Removing a recurring task was not possible + * fixed: Various security fixes + MFSA 2021-12 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * MOZ-2021-0002 (bmo#1691547) + Angle graphics library out of date + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Thunderbird 78.9 +- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542) + PackageKit +- Add PackageKit-zypp-initialize-pool.patch: zypp: Make sure pool + is initialized at the beginning of some methods + (gh#hughsie/PackageKit/commit#3efa0c524, bsc#1180597). + SDL_gfx +- Readd SDL_gfx-devel Provides/Obsoletes, still needed. + +- Update to 2.0.26 + * Included patch for CMake builds against SDL2 + * Fixed bug in rotozoomSurfaceSizeTrig + -- fix provides and obsoletes [bnc#544957] - -- follow Shared Library Policy - alsa-oss +- Add upstream patch to fix build with current glibc: + * alsa-drop-libio.patch + -- updated to version 1.0.17: - * just a version bump - autoyast2 +- Do not crash while sorting the list of modules to be processed + during the 2nd stage (bsc#1184316). +- Prevent AutoYaST UI from crashing when trying to apply a module + changes (bsc#1184429). +- 4.3.77 + +- Use 'module' instead of 'listentry' when exporting pre-modules + and post-modules lists (bsc#1184342). + +- Show the only once during autoinstallation + (bsc#1184317). + +- Add the 'mkfs_options' element to the schema (bsc#1184268). + +- Fix crash during using autoyast UI (bsc#1184216) +- 4.3.76 + avahi +- Update avahi-daemon-check-dns.sh from Debian. Our previous + version relied on ifconfig, route, and init.d. +- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges + when invoking avahi-daemon-check-dns.sh (boo#1180827 + CVE-2021-26720). +- Add sudo to requires: used to drop privileges. + blog +- Fix package split done for shared library packaging guideline (bsc#1184479). + +- Update to version 2.20 + * Silent some gcc warnings, also avoid common variable (boo#1160385) + * Include for makedev + * sort input files (boo#1041090) + * libconsole: never return empty list from getconsoles() + * libconsole: Really allow to use /dev/console as a fallback in showconsole + * libconsole: Add console into the list only when successfully allocated + * libconsole: Correctly ignore early consoles +- Remove obsolate patch blog-Remove-unused-header.patch + +- Add blog-Remove-unused-header.patch: Fix build with new glibc + (gh#bitstreamout/showconsole#3). + +- Implement shared library packaging guideline. + +- Update to version 2.19 which integrates the patches now removed: + * sysmacros.patch + * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch + * libconsole-never-return-empty-list-from-getconsoles.patch + * showconsole-2.18.tar.gz + * libconsole-Add-console-into-the-list-only-when-succe.patch + * libconsole-Correctly-ignore-early-consoles.patch + as well as the changes + * Correct wants directory for systemd-ask-password-blog.service + * Sort input files for reproducible builds + +- sysmacros.patch: Include for makedev + btrfsprogs +- Correct check_running_fs_exclop() return value (bsc#1184481) + btrfs-progs-Correct-check_running_fs_exclop-return-v.patch + ca-certificates +- openssl is no longer required but coreutils and findutils are + (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this + package might be the only one pulling it in. + cups +- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960) + Fix web UI kerberos authentication + curl +- Security fix: [bsc#1183934, CVE-2021-22890] + * When using a HTTPS proxy and TLS 1.3, libcurl can confuse + session tickets arriving from the HTTPS proxy but work as + if they arrived from the remote server and then wrongly + "short-cut" the host handshake. +- Add curl-CVE-2021-22890.patch + +- Security fix: [bsc#1183933, CVE-2021-22876] + * The automatic referer leaks credentials +- Add curl-CVE-2021-22876.patch + dracut +- Update to version 049.1+suse.186.g320cc3d1: + * network-legacy: fix route parsing issues in ifup (bsc#1182688) + * 90kernel-modules: arm/arm64: Add reset controllers + * Prevent creating unexpected files on the host when running dracut + * As of v246 of systemd "syslog" and "syslog-console" switches have been deprecated + +- Update to version 049.1+suse.185.g9324648a: + * 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336) + * Prevent creating unexpected files on the host when running dracut (bsc#1176171) + ebtables +- Have the source .service file hold a placeholder for LIBEXECDIR, + which we replace during build/install phase, allowing the package + to be used no matter what value %{_libexecdir} has. + +- replace /usr/lib with /usr/libexec in .service files to follow + %_libexecdir macro changes + +- Revert last /bin/bash -> /bin/sh change + +- Use /bin/sh for ebtables.systemd +- Don't hard require systemd, we don't need that in a container + +- rename /usr/lib/ebtables helper file to /usr/lib/ebtables-helper + otherwise it conflicts with /usr/lib/ebtables library directory + on 32-bit systems [bsc#1159769] + +- add ebtables.keyring as a Source + +- Update to release 2.0.11 + * Add --noflush command line support for ebtables-restore + * Do not print IPv6 mask if it is all ones + * Allow RETURN target rules in user defined chains + * ebt_ip: add support for matching ICMP type and code + * ebt_ip: add support for matching IGMP type + * extensions: Add string filter to ebtables + * Print IPv6 prefixes in CIDR notation + * extensions: Add AUDIT target + * Fix incorrect IPv6 prefix formatting +- Drop ebtables-v2.0.8-makefile.diff (no longer needed) +- Drop ebtables-v2.0.8-initscript.diff, include-linux-if.patch + (not applicable) +- Drop ebtables-v2.0.10-4-audit.patch, + 0001-fix-compilation-warning.patch, + 0001-Use-flock-for-concurrent-option.patch, + 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch (merged) + efivar +- Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME + path parsing (bsc#1181967) + filesystem +- Remove duplicate line due to merge error + +- add /etc/skel/.cache with perm 0700 (bsc#1181011) + +- Set correct permissions when creating /proc and /sys + +- Ignore postfix user (pulled in from buildsystem) + +- /proc and /sys should be %ghost to allow filesystem package updates in + rootless container environments (rh#1548403) (bsc#1146705) + +- Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf. + Allows to override config to add cleanup options of /var/tmp + [bsc#1078466] +- Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs) + [bsc#1175519] +- Fix bug about missing group in tmpfiles.d files +- Generic cleanup: + - Remove /usr/local/games + -- add /usr/share/appdata (bnc#893441) - -- drop /media directory (bnc#890198) - -- make /run/lock %ghost to fix build failure - -- make /var/run and /var/lock just ghost entries and create them - if they do not exist at all and rely on dracut hooks to - actually replace directories with symlinks there (bnc#874748) - -- add vscan user to ignore home list - -- change /etc/cups to mode 0755 (bnc#871640) for new cups version - -- change /sys to mode 0555 (bnc#871640) - -- make /var/lock a symlink to /run/lock (bnc#867873) - -- use lazy umount - -- use os.execute("umount ...") instead of posix.umount("...") - bnc#866964 - -- change pre to pretrans for directory/symlink conversion - -- drop /var/lib/pam_devperm (bnc#866234) - -- replace /var/run by symlink to /run -- try to handle case where /var/run is a bind-mount -- extend lua script in preinstall to handle this transition -- bnc#865893 - -- bump version to 13.2 - -- Drop /usr/X11R6, /usr/X11R6/bin, /usr/X11R6/lib, /var/X11R6 - -- add ppc64le definition - -- Drop /lib/systemd and /lib/systemd/system, everything is now in - /usr/lib/systemd... - -- do not put dir modifiers on symlinks - -- change license to MIT as GPL doesn't make sense for a package that - only contains directories. Also include a LICENSE.txt with the - sources (bnc#822602). - -- bump version to 13.1 - -- Add systemd %_unitdir - -- move sysctl directories here - -- Add directory.list64 for aarch64 - -- Revert /var/run and /var/lock being symlinks for now. - -- remove get_version_number.sh, it's unused since ages - -- Revert last change since aaa_base removed /usr/lib/tmpfiles.d. - -- own /usr/lib/tmpfiles.d - -- Remove also /sbin/conf.d/ (SuSEconfig directory). - -- replace /var/run and /var/lock directories with symlinks to - /run and /run/lock (respectively). - -- Remove SuSEconfig directories [FATE#100011] - -- move directories for man page translations from man package to - filesystem - -- remove /var/run/vi.recover (bnc#765288) -- remove /media/floppy and /media/cdrom ghost entries, they are not - used anywhere since years either - -- remove /var/cache/fonts (bnc#764885) - -- Also create /usr/share/help/$LOCALE for each LOCALE defined in - the languages file. This will allow our packages to have - translations for the XDG help system. - -- bump version to 12.2 - -- digged through logs to find more languages that have >45000 strings - -- remove world writeable /var/crash again (bnc#438041) - -- Apply packaging guidelines (remove redundant/obsolete - tags/sections from specfile, etc.) - -- Add /usr/share/help and /usr/share/help/C: this is the directory - used by the XDG help system specification, and the subdirectory - for the english docs there. - -- remove dirs that are clearly aaa_base specific - -- remove /var/lock/subsys as /var/lock is on tmpfs now - -- Really add language zh. - -- Add languages ga, ia, kk, km, kn, mai, nds, wa (from kde4-l10n) and - zh (from cups). - -- add /etc/skel/{.local,.config} to make sure they have correct - permissions for new users (bnc#676468) - -- Bump version number. -- Remove /etc/skel/.mozilla, it's not needed to have this by default. - -- Increase version number to 12.1. -- Add missing directories from aaa_base: /usr/share/doc/packages/aaa_base, - /lib/aaa_base - -- add /run directory (mode 0755,root,root) - -- reset list of languages to only contain what's translated with - more than 45.000. we might add big ones later if they become popular - to translate - -- bump version to 11.5 - -- fix build whitelisting /lib/udev/devices - -- add new locales (bnc#659001) - -- Add the new locale for "Congo", kg (iso 639-1). - -- add an locale for "Aragonese Spanish" - -- add /lib/systemd and /lib/systemd/system to avoid systemd - dependencies in lots of packages that merely install a text file - there. - -- add /etc/tmpfiles.d - -- add ghost.list with directories only listed in this package - as ghost files, move /tmp/.X11-unix, /tmp/.ICE-unix - and /var/tmp/vi.recover to that list -- also move /media/cdrom and /media/floppy to that list - they were done manually as ghosts in the specfile before -- add /etc/tmpdirs.d (see aaa_base) - -- Set version number to 11.3 - -- change group of /var/lock to 'lock' (bnc#552095, FATE#308360) - -- added ms_my (bnc#561174) - -- Add /usr/$march directories for SPARC. Will be packaging both - sparc-suse-linux and sparc64-suse-linux because the compiler - suite is usually configured with the latter on this arch. - -- minor change for sparc in specfile (bnc#558343) - -- added en@shaw (bnc#559206) - -- add arm gnueabi folders - -- added /selinux (fate#305557) - -- added fil (filipino) to the list of languages (bnc#513962) - -- add bem (Bemba) (fix bnc#501080) - -- fix build (ignore /lib/mkinitrd/scripts for now) - -- add hne (Chhattisgarhi) - -- added jbo (bnc#485455) - firewalld -- Update to 0.7.5 (jsc#SLE-12281) +- Remove dependency on firewalld from firewall-macros (bsc#1183404) + +- Disable FlushAllOnReload option to not retain interface to zone + assignments and direct rules when using --reload option. + * 0002-Disable-FlushAllOnReload-option.patch + +- Update to 0.9.3 (jsc#SLE-17336): + * docs(dbus): fix invalid method names + * fix(forward): iptables: ipset used as zone source + * fix(rich): non-printable characters removed from rich rules + * docs(firewall-cmd): small description grammar fix + * fix(rich): limit table to strip non-printables to C0 and C1 + * fix(zone): add source with mac address + +- Add dependency for firewall-offline-cmd (bsc#1180883) + +- Remove the patch which enforces usage of iptables instead of + nftables (jsc#SLE-16300): + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch +- Add firewalld zone for the docker0 interface. This is the + workaround for lack of nftables support in docker. Without that + additional zone, containers have no Internet connectivity. + (rhbz#1817022, jsc#SLE-16300) +- Update to 0.9.1: + * Bugfixes: + * docs(firewall-cmd): clarify lockdown whitelist command paths + * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active + * fix(policy): zone interface/source changes should affect all using zone + +- Make use of %service_del_postun_without_restart + And stop using DISABLE_RESTART_ON_UPDATE as this interface is + obsolete. + +- Add python3-nftables as a requirement. + +- update to 0.9.0: + * New major features + * prevention of Zone Drifting + * Intra Zone Forwarding + * Policy Objects + * For a full list of changes, see + https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0 + +- update to 0.8.3: + * nftables: convert to libnftables JSON interface + * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. + * allow custom helpers using standard helper modules (rhbz 1733066) + * testsuite is now shipped in the dist tarball + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting + * fix: add logrotate policy + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: ipset types using “port” + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify –set-target values “default” vs “reject” + * fix: update dynamic DCE RPC ports in freeipa-trust service + * fix: nftables: ipset: port ranges for non-default protocols + * fix(systemd): Conflict with nftables.service + * fix(direct): rule in a zone chain + * fix(client): addService needs to reduce tuple size + * fix(doc): dbus: signatures for zone tuple based APIs + * fix(config): bool values in dict based import/export + * fix(dbus): service: don’t cleanup config for old set APIs + * fix(ipset): flush the set if IndividiualCalls=yes + * fix(firewall-offline-cmd): remove instances of “[P]” in help text + * fix(rich): source mac with nftables backend + * docs: replace occurrences of the term blacklist with denylist + * fix: core: rich: Catch ValueError on non-numeric priority values + * docs(README): add libxslt for doc generation + * fix(cli): add –zone is an invalid option with –direct + * fix(cli): add ipset type hash:mac is incompatible with the family parameter + +- Update to version 0.7.5 (jsc#SLE-12281): -- Switch firewall backend fallback to 'iptables' (bsc#1102761) - This ensures that existing configuration files will keep working - even if FirewallBackend option is missing. + +- Update to 0.7.4 + This is a bug fix only release. + However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. + * improvement: build: add an option to disable building documentation + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting + * fix: add logrotate policy + * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify --set-target values "default" vs "reject" + +- Update to version 0.7.3: + * release: v0.7.3 + * chore: update translations + * doc: README: add note about integration tests + * test: check-container: also run check-integration + * test: integration: NM zone overrides interface on reload + * test: build: support integration tests + * test: functions: add macro NMCLI_CHECK + * test: functions: new macros for starting/stopping NetworkManager + * fix: test: leave "cleanup" for tests cases + * test: check-container: add support for fedora rawhide + * test: check-container: add support for debian sid + * test: build: add support for running in containers + * fix: test/functions: FWD_END_TEST: improve grep for errors/warnings + * fix: test: direct passthrough: no need to check for dummy module + * fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version + * fix: reload: let NM interface assignments override permanent config + * chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES + * fix: tests: convert host ipv6 checks to runtime + * fix: tests: convert ip6tables checks to runtime + * fix: tests: convert probe of nft numeric args to runtime + * fix: tests: convert nftables fib checks to runtime + * fix: build: distribute testsuite + * fix: don't probe for available kernel modules + * fix: failure to load modules no longer fatal + * fix: tests/functions: canonicalize XML output + * chore: doc: update authors + * fix: test: use debug output based on autotest variable + * fix: src/tests/Makefile: distclean should clean atconfig + +- No longer recommend -lang: supplements are in use. + +- Replace incorrect usage of %_libexecdir with %_prefix/lib + +- rebased the original patch from revision 19 + +- Added a patch to make iptables the default again on openSUSE + +- Update to version 0.7.2: + This is a bug fix only release. + * fix: direct: removeRules() was mistakenly removing all rules + * fix: guarantee zone source dispatch is sorted by zone name + * fix: nftables: fix zone dispatch using ipset sources in nat chains + * doc: add --default-config and --system-config + * fix: --add-masquerade should only affect ipv4 + * fix: nftables: --forward-ports should only affect IPv4 + * fix: direct: removeRules() not removing all rules in chain + * dbus: service: fix service includes individual APIs + * fix: allow custom helpers using standard helper modules + * fix: service: usage of helpers with '-' in name + * fix: Revert "ebtables: drop support for broute table" + * fix: ebtables: don't use tables that aren't available + * fix: fw: initialize _rfc3964_ipv4 + +- Update to version 0.7.1: + * Rich Rule Priorities + * Service Definition Includes - Service definitions can now + include lines like: which will + include all the ports, etc from the https service. + * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in + firewalld.conf is available. It does filtering based on RFC3964 + in regards to IPv4 addresses. This functionality was + traditionally in network-scripts. + * FlushAllOnReload - A new option FlushAllOnReload in + firewalld.conf is available. Older release retained some + settings (direct rules, interface to zone assignments) during a + - -reload. With the introduction of this configuration option + that is no longer the case. Old behavior can be restored by + setting FlushAllOnReload=no. + * 15 new service definitions + * fix: firewall-offline-cmd: service: use dict based APIs + * fix: client: service: use dict based dbus APIs + * test: dbus: coverage for new service APIs + * fix: dbus: new dict based APIs for services + * test: dbus: service API coverage + * test: functions: add macro DBUS_INTROSPECT + * test: functions: add CHOMP macro for shell output + * fix: tests/functions: use gdbus instead of dbus-send + * fix: dbus: add missing APIs for service includes +- Remove patch for using iptables instead of nftables - we should + finally switch to nftables and fix its issues properly if they + occur again: -- Disable FlushAllOnReload option to not retain interface to zone - assignments and direct rules when using --reload option. - * 0002-Disable-FlushAllOnReload-option.patch -- Remove patches which were included upstream or are not needed - anymore: - * firewalld-add-additional-services.patch +- Remove patch which was released upstream: + * 0002-Add-FlushAllOnReload-config-option.patch + +- Update to version 0.6.4: + * chore: update translations + * treewide: fix over indentation (flake8 E117) + * test: travis: add another test matrix for omitting ip6tables + * chore: travis: split test matrix by keywords + * chore: tests: add AT_KEYWORDS for firewall-offline-cmd + * improvement: tests: Use AT_KEYWORDS for backends + * fix: tests: guard occurrences of IPv6 + * fix: tests/functions: ignore warnings about missing ip6tables + * test: add macro IF_IPV6_SUPPORTED + +- Move RPM macros to %_rpmmacrodir. + +- Revert last change: the macros DO reference firewall-cmd, but as + they are expanded during build time of the package, not at + runtime, the point in time is wrong to require firewalld. The + consumer of the macro is responsible to ask for the right + commands to be present at runtime of the scripts + (boo#1125775#c9). + +- Add dependency between firewall-macros and firewalld. + (boo#1125775) + +- Fix --with-ifcfgdir configure parameter. (boo#1124212) + +- Add upstream patch to make --reload/--complete-reload forget the + runtime configuration and always load the permanent one + (bsc#1121277) + * 0002-Add-FlushAllOnReload-config-option.patch + +- Update to 0.6.3. Some of the changes are: + * update translations + * nftables: fix reject statement in "block" zone + * shell-completion: bash: don't check firewalld state + * firewalld: fix --runtime-to-permanent if NM not in use. + * firewall-cmd: sort --list-protocols output + * firewall-cmd: sort --list-services output + * command: sort services/protocols in --list-all output + * services: add audit + * nftables: fix rich rule log/audit being added to wrong chain + * nftables: fix destination checks not allowing masks + * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361) + * fw_zone: expose _ipset_match_flags() + * tests/firewall-cmd: exercise multiple interfaces and zones + * fw_transaction: On clear zone transaction, must clear fw and other zones + * Fix translating labels (gh#firewalld/firewalld#392) +- Remove patches which have made it upstream: - * 0001-fw_nm-Make-nm_get_zone_of_connection-only-check-perm.patch - * 0002-firewall-cmd-On-getZoneOfInterface-only-ask-NM-for-p.patch - * 0003-firewall-cmd-For-non-permanent-interface-changes-don.patch - * 0004-fw_nm-New-function-to-get-all-interfaces-from-NM.patch - * 0005-fw_nm-Add-nm_get_interfaces_in_zone.patch - * 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch - * 0007-firewall-cmd-Allow-passing-extra-interfaces-to-print.patch - * 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch - * 0001-firewall-core-Always-reload-the-permanent-configurat.patch - * 0001-firewall-core-fw_nm-nm_get_zone_of_connection-should.patch - * 0001-firewalld-fix-runtime-to-permanent-if-NM-not-in-use.patch - -- Add upstream patch to fix the error in --runtime-to-permanent - option about 'settings' variable being referenced before - assignment. This error occurs only when NetworkManager is not - used. (bsc#1122151) - * 0001-firewalld-fix-runtime-to-permanent-if-NM-not-in-use.patch - -- Import SUSE translations (boo#1108832) - * added firewalld-0.5.5-po-20181105.tar.xz - -- Add upstream patch to fix a python stacktrace when getting the - zone for a NetworkManager connection (bsc#1106319) - * 0001-firewall-core-fw_nm-nm_get_zone_of_connection-should.patch - -- Add adapted upstream patch to make --reload/--complete-reload - forget the runtime configuration and always load the permanent - one (bsc#1112008) - * 0001-firewall-core-Always-reload-the-permanent-configurat.patch + * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch -- Add upstream patch to mark more strings as translatable (bsc#1096542) +- Add upstream patch to mark more strings as translatable which is + required by firewall UI when creating rich rules (bsc#1096542) -- Add upstream patches to fix NetworkManager integration (bsc#1109074) - * 0001-fw_nm-Make-nm_get_zone_of_connection-only-check-perm.patch - * 0002-firewall-cmd-On-getZoneOfInterface-only-ask-NM-for-p.patch - * 0003-firewall-cmd-For-non-permanent-interface-changes-don.patch - * 0004-fw_nm-New-function-to-get-all-interfaces-from-NM.patch - * 0005-fw_nm-Add-nm_get_interfaces_in_zone.patch - * 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch - * 0007-firewall-cmd-Allow-passing-extra-interfaces-to-print.patch -- Add upstream patch to fix ifcfg ZONE attribute on permanent firewall - changes (bsc#1109153) - * 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch -- Update to 0.5.5 (bsc#1108420) +- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) + * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch + +- Update to 0.6.2. Some of the changes are: - * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False + * nftables: fix log-denied with values other than "all" or "off" + * fw_ipset: raise FirewallError if backend command fails + * ipset: only use "-exist" on restore + * fw_ipset: fix duplicate add of ipset entries + * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) + * ipXtables: increase wait lock to 10s + * nftables: fix rich rules ports/protocols/source ports not considering ct state + * ports: allow querying a single added by range + * fw_zone: do not change rich rule errors into warnings + * fw_zone: fix services with multiple destination IP versions (bsc#1105899) + * fw_zone: consider destination for protocols + * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) -- spec-cleaner fixes - -- Update to 0.5.4 (bsc#1105170) - * update translations + * nftables: fix rich rule audit log + * ebtables: replace RETURN policy with explicit RETURN at end of chain + * direct backends: allow build_chain() to build multiple rules + * fw: on restart set policy from same function + * ebtables: drop support for broute table +- Remove upstream patches + * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch + * 0001-fw_zone-consider-destination-for-protocols.patch + * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch + * firewalld-fix-firewalld-config-crash.patch + +- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) + * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch +- Add upstream patch to fix building rules for multiple IP families (bsc#1105899) + * 0001-fw_zone-consider-destination-for-protocols.patch + * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch + +- Add firewalld-fix-firewalld-config-crash.patch: set + nm_get_zone_of_connection to return 'None' instead of 'False' for + automatically generated connections to avoid firewall-config + crashes. Patch provided by upstream (boo#1106319, + gh#firewalld/firewalld#370). + +- Also switch firewall backend fallback to 'iptables' (bsc#1102761) + This ensures that existing configuration files will keep working + even if FirewallBackend option is missing. + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch + +- Update to 0.6.1. Some of the changes are: + * Correct source/destination in rich rule masquerade + * Only modify ifcfg files for permanent configuration changes + * Fix a backtrace when calling common_reverse_rule() + * man firewalld.conf: Show nftables is the default FirewallBackend + * firewall-config: fix some untranslated strings that caused a UI + bug causing rich rules to not be modify-able (bsc#1096542) - * firewall-config: fix some untranslated strings - * Rich Rule Masquerade inverted source-destination in Forward Chain - * don't forward interface to zone requests to NM for generated interfaces + * fixed many issues if iptables is actually iptables-nft + * Use preferred location for AppData files + * ipXtables: fix ICMP block inversion with set-log-denied + * fixes ICMP block inversion with set-log-denied with + IndividualCalls=yes + * nftables: fix set-log-denied if target is not ACCEPT + * fw_direct: strip _direct chain suffix if using nftables + * NetworkManager integration bugfixes. + +- Switch back to 'iptables' backend as default (bsc#1102761) + +- Update to 0.6.0. Some of the changes are: + * update translations + * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) + * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) + * IPv6 rpfilter: explicitly allow neighbor solicitation + * nftables backend (default) + * Added loads of new services - * ipset: check type when parsing ipset definition - * firewall-config: Add ipv6-icmp to the protocol dropdown box - * core: logger: Remove world-readable bit from logfile - * IPv6 rpfilter: explicitly allow neighbor solicitation -- Remove patches that have made it upstream: - * 0001-firewall-config-fix-some-untranslated-strings.patch - * 0001-firewall-config-Add-ipv6-icmp-to-the-protocol-dropdo.patch - * 0001-core-logger-Remove-world-readable-bit-from-logfile-3.patch - * firewalld-0.5.3-po-20180417.tar.xz - -- Mark more strings as translatable when creating rich rules (bsc#1096542) - * 0001-firewall-config-fix-some-untranslated-strings.patch - -- Backport the following upstream fixes: - * Add missig ipv6-icmp protocol to UI drop-down list (bsc#1099698) - - 0001-firewall-config-Add-ipv6-icmp-to-the-protocol-dropdo.patch - * Drop global read permissions from the log file (bsc#1098986) - - 0001-core-logger-Remove-world-readable-bit-from-logfile-3.patch - -- Merge SUSE translations to version 0.5.3, fix typos (boo#1094051, - add firewalld-0.5.3-po-20180417.tar.xz, - remove firewalld-po-20180417.tar.xz). + * firewallctl: completely remove all code and references + * dbus: expose FirewallBackend + * dbus: fix erroneous fallback for AutomaticHelpers +- Remove patches which have made it upstream + * firewalld-add-additional-services.patch +- spec-cleaner fixes -- Translations update to version 20180417 (bsc#1081623): - * Minor fixes of ar, ko, nl. - - * firewall-config: Break infinite loop when firewalld is not - running (bsc#1082470, bsc#1085205) + * firewall-config: Break infinite loop when firewalld is not running -- Remove obsolete patches which are now upstream - * 0001-src-firewall-config-Fix-default-value-for-dialog-but.patch - * 0002-src-firewall-config-Break-infinite-loop-when-firewal.patch -- Update to 0.5.1 (bsc#1084026) +- Remove high-availability service. SUSE HA uses the cluster service + provided by the yast2-cluster package (bsc#1078223) + +- Update to 0.5.1 + +- Update to 0.5.0 -- Add upstream patches to fix endless loop in firewall-config when - firewalld is not running (bsc#1082470) - * 0001-src-firewall-config-Fix-default-value-for-dialog-but.patch - * 0002-src-firewall-config-Break-infinite-loop-when-firewal.patch - -- Remove high-availability service. SUSE HA uses the cluster service - provided by the yast2-cluster package (bsc#1078223) - flatpak -- Update to version 1.10.2: - + This is a security update which fixes a potential attack where - a flatpak application could use custom formated .desktop files - to gain access to files on the host system. - + Fix memory leaks - + Some test fixes - + Documentation updates - + G_BEGIN/END_DECLS added to library headders for c++ use - + Fix for X11 cookies on OpenSUSE - + Spawn portal better handles non-utf8 filenames - -- Flatpak only requires glib 2.44, not 2.60 -- Update ostree version required to 2020.8 - -- Update to version 1.10.1: - + Fix flatpak build on systems with setuid bwrap - + Fix some compiler warnings - + Fix crash on updating apps with no deploy data - + Updated translations. -- Remove deprecated texinfo packaging macros. -- Switch to upstream release tarball. - -- Update to version 1.10.0: - + The major new feature in this series compared to 1.8 is the - support for the new repo format which should make updates - faster and download less data. - + The systemd generator snippets now call flatpak - - -print-updated-env in place of a bunch of shell for better - login performance. - + The .profile snippets now disable GVfs when calling flatpak to - avoid spawning a gvfs daemon when logging in via ssh. - + Build fixes for GCC 11. - + Flatpak now finds the pulseaudio sockets better in uncommon - configurations. - + Sandboxes with network access it now also has access to the - systemd-resolved socket to do dns lookups. - + Flatpak supports unsetting env vars in the sandbox using - - -unset-env, and --env=FOO= now sets FOO to the empty string - instead of unsetting it. - + Similarly the spawn portal has an option to unset an env var. - + The spawn portal now has an option to share the pid namespace - with the sub-sandbox. - -- Update to version 1.8.5 (CVE-2021-21261): - + This is a security update that fixes a sandbox escape where a - malicious application can execute code outside the sandbox by - controlling the environment of the "flatpak run" command when - spawning a sub-sandbox (boo#1180996) - -- Update to version 1.8.4: - + Fix support for ppc64. - -- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, - allow to remove python3 dependency on main package. - -- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO. - -- Update to version 1.8.3: - + Fixed progress reporting for OCI and extra-data. - + The in-memory summary cache is more efficient. - + Fixed authentication getting stuck in a loop in some cases. - + Fixed authentication error reporting. - + We now extract OCI info for runtimes as well as apps. - + Fixed crash if anonymous authentication fails and -y is - specified. - + flatpak info now only looks at the specified installation if - one is specified. - + Better error reporting for server HTTP errors during download. - + Uninstall now removes applications before the runtime it - depends on. - + Fixed test-suite to pass with the latest OSTree version. - + Fixed dbus environment variables in flatpak enter. - + Avoid updating metadata from the remote when uninstalling. - + Fixed error message handling in various places. - + FlatpakTransaction now verifies all passed in refs to avoid. - + potential issues with invalid names. - + Updated translations. - -- Update to version 1.8.2: - + Added validation of collection id settings for remotes. - + Fix seccomp filters on s390. - + Robustness fixes to the spawn portal. - + Fix support for masking update in the system installation. - + Better support for distros with uncommon models of merged /usr. - + Cache responses from localed/AccountService. - + Fix hangs in cases where xdg-dbus-proxy fails to start. - + Fix double-free in cups socket detection. - + OCI authenticator now doesn't ask for auth in case of http - errors. - -- Fix invalid usage of %{_libexecdir} to reference systemd - directories. - -- Update to version 1.8.1: - * Avoid calling authenticator in update if ref didn't change - * Don't fail transaction if ref is already installed (after - transaction start) - * Fix flatpak run handling of userns in the --device=all case - * Fix handling of extensions from different remotes - * Fix flatpak run --no-session-bus - * Updated translations -- Update to version 1.8.0: - * FlatpakTransaction has a new signal "install-authenticator" - which clients can handle to install authenticators needed for - the transaction. This is done in the CLI commands. - * We now always expose the host timezone data, allowing us the - expose the host /etc/localtime in a way that works better, - fixing several apps that had timezone issues. - * Fix flatpak enter which didn't work in some cases. - * We now ship a systemd unit (not installed by default) to - automatically detect plugged in usb sticks with sideload repos. - * By default we no longer install the gdm env.d file, as the - systemd generators work better. - * create-usb now exports partial commits by default - * Fix handling of docker media types in oci remotes - * Fix subjects in remote-info --log output -- Remove source file used to generate a flatpak user on the system - since it's now included by upstream: - * system-user-flatpak.conf - -- Fixes for %_libexecdir changing to /usr/libexec - -- Update to version 1.6.4: - + This release backports some of the OCI authenticator fixes from - the 1.7 series, and should now be able to host flatpak images - on e.g. docker hub. - + Other changes: - - Fix a use-after free in libflatpak. - - Don't list p2p downgrades in list of available updates. - -- jsc#SLE-7171 fwupd +- Remove valgrind from BuildRequires since it's not a hard + requirement anymore. (bsc#1184248) + +- Update to version 1.5.8: + New features: + * Add a new internal flag to opt-in to GUID matching + * Add D501 Baklava device support + * Add fu_device_set_battery_level() + * Add missing uint64 read and write helpers + * Add Qubes wrapper source and create packages + * Allow enabling plugins only matching a specific HwId + * Prompt for unlock keypress if reset command is blocked + * Remove obsolete dell-dock non-passive update flow support + * Remove the Hughski public key + * Show a warning when parsing invalid quirk files + * Support for GATT characteristic signals/notifications + * Support more than one protocol for a given device + Fixes: + * Align the CCGX DMC firmware to 64 byte chunks + * Be more strict for custom quirk keys + * Check pixart firmware compatibility with hardware before + flashing + * Correct a thunderbolt assertion if kernel failed FW read + * Correctly erase STM32 devices when transfer size is less + than sector size + * Detect SREC overflow to avoid adding ~4GB of 0xFF padding + * Do not show a critical error when flashing footer-less + binary files + * Don't allow device updates while needing activation + * Fix a regression in the elantp defined IAP start address + * Fix a regression where activate stopped working + * Fix firmware update of pointing device on Lenovo ThinkPad + Nano + * Fix the HSI plugin 'Disabled' state + * Fix the quirk key name for the Lenovo HDMI with power + * Fix writing to the GD32VF103 bootloader + * Only call elantp->detach() when writing a firmware blob + * Updated StarLabs GUIDs + * Wait a few ms for the Logitech hardware to settle after + detach +- Remove GPG-KEY-Hughski-Limited from the filelist +- Drop upstreamed patch + + fwupd-bsc1182057-fix-sbat-section-copy.patch + +- Add fwupd-bsc1182057-fix-sbat-section-copy.patch to set the + proper section flags for .sbat section so that objcopy can + copy it into fwupd*.efi (bsc#1182057) + +- Update to version 1.5.7: + New features: + * Add initial support for Bluez bluetooth devices + * Add more supported pixart devices + * Add support for the RTD21xx HDMI converter + Fixes + * Convert MBR types to GPT GUIDs to help find the ESP + * Do not allow updating a synaptics-mst device with no customer ID + * Drop unused heap pages after startup has completed + * Ensure SBAT metadata is added correctly + * Move the plugin build logic to the plugins themselves + * Only allow verify-update for plugins that support CAN_VERIFY +- Specify SBAT metadata for openSUSE/SLE (bsc#1182057) +- Adjust the meson options + + plugin_uefi => plugin_uefi_capsule and plugin_uefi_pk + + plugin_synaptics => plugin_synaptics_mst and plugin_synaptics_rmi + + Disable Intel AMT plugin in non-x86 systems + +- Update to 1.5.6: + New features: + * Add SBAT metadata to the fwupd EFI binary + * Add support for GD32VF103 as found in the Longan Nano + * Add support for RMI PS2 devices + * Add support for the System76 Keyboard + * Allow downloading firmware from IPFS + * Install the UX data into a single .tar.xz file + * Add a plugin to update PixArt RF devices + * Add new hardware to use the elantp and rts54hid plugins + * Allow specifying more than one VendorID for a device + * Detect the AMD TSME encryption state for HSI-4 + * Detect the AMI PK test key is not installed for HSI-1 + * Add Maple Ridge Thunderbolt firmware parsing support + * Add --no-remote-check to ignore checking for download remotes + * Allow creating FMAP and Synaptics firmware using builder.xml + Fixes: + * Add support for the Starlabs LabTop L4 + * Allow using an external ESP again + * Ask the user to reboot when required if downgrading + * Be more paranoid when parsing ASCII buffers and devices + * Check if the fwupd BootXXXX entry exists on failure + * Clear the pending flag if restarting the system + * Do not allow flashing using flashrom if BLE is enabled + * Do not allow Lenovo hardware to install multiple capsules + * Do not parse the OptionROM image + * Do not show Unknown [***] for every client connection + * Fix dnload wBlockNum wraparound for ST devices + * Fix OOM when using large ArchiveSizeMax values + * Fix several crashes spotted by AddressSanitizer + * Fix several places where the Goodix MOC plugin could crash + * Include the PCR0 to the report metadata + * Report the lockdown status from UEFI and SuperIO plugins + * Show a console warning if the system clock is not set + * Fix flashing a fingerprint reader that is in use + * Fix several critical warnings when parsing invalid firmware + * Fix updating DFU devices that use DNLOAD_BUSY + * Ignore the legacy UEFI OVMF dummy GUID + * Make libfwupd more thread safe to fix a crash in gnome-software + * Never show unprintable chars from invalid firmware in the logs + * Allow using fwupdtool as non-root for firmware commands + * Do not trust the Block.HintSystem boolean for ESP filtering + * Fix a memory leak when parsing Synaptics firmware + * Fix a possible crash when reading the Goodix MOC USB request + * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images +- Deprecate fwupd-bsc1179790-disable-hintsystem.patch + gcc7 +- Remove include-fixed/pthread.h +- Change GCC exception licenses to SPDX format + +- add gcc7-pr81942.patch [bsc#1181618] + gdb +- Backport fix for heap-use-after-free in + remote_async_inferior_event_handler [swo#26614]: + * gdb-remote-fix-invalid-pointer-in-remote-async-serial-handler.patch + +- Replace tentative fix with upstreamed fix [swo#26881]: + Remove: + * gdb-fix-assert-in-process-event-stop-test.patch + Add: + * gdb-fix-internal-error-in-process_event_stop_test.patch + * gdb-breakpoints-handle-glibc-with-debuginfo-in-create_exception_master_breakpoint.patch +- Fix license [bsc#1180786]. + glib2 +- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a + gsize as length but stores in a guint, this patch will refuse if + the length is larger than guint. (bsc#1182328, + glgo#GNOME/glib!1944) + +- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a + guint as parameter and sometimes leads into an integer overflow, + so add a g_memdup2 function which uses gsize to replace it. + (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933, + glgo#GNOME/glib!1943) + glibc +- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector + support in memmove ifunc-selector (bsc#1184035, BZ #27511) + gnome-autoar +- Add gnome-autoar-CVE-2020-36241.patch: Skip problematic files + that might be extracted outside of the destination dir to prevent + potential security threat. (bsc#1181930, + glgo#GNOME/gnome-autoar#7) + gnome-shell +- Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: + fix (boo#1183823). + +- Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: + Modify the Japanese input engine load order which will more fit + for our community(bnc#1183475); + gnutls +- Security fix: [bsc#1183456, CVE-2021-20232] + * A use after free issue in client_send_params + in lib/ext/pre_shared_key.c may lead to memory + corruption and other potential consequences. +- Add gnutls-CVE-2021-20232.patch + +- Security fix: [bsc#1183457, CVE-2021-20231] + * A use after free issue in client sending key_share extension + may lead to memory corruption and other consequences. +- Add gnutls-CVE-2021-20231.patch + grub2 +- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) + * 0001-Workaround-volatile-efi-boot-variable.patch + gzip +- gzip.spec: move %patch10 from the ifarch condition (mistake) + +- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count + of lines to skip [bsc#1180713] + hwdata +- Update to version 0.345: + + Updated pci, usb and vendor ids. + + Resolves boo#1182482 jsc#SLE-13791 bnc#1170160 + +- Update to version 0.344: + + Updated pci, usb and vendor ids. + iptables +- Update to release 1.8.7 + * iptables-nft: + * Improved performance when matching on IP/MAC address prefixes + if the prefix is byte-aligned. In ideal cases, this doubles + packet processing performance. + * Dump user-defined chains in lexical order. This way ruleset + dumps become stable and easily comparable. + * Avoid pointless table/chain creation. For instance, + `iptables-nft -L` no longer creates missing base-chains. + +- Update to release 1.8.6 + * iptables-nft had pointlessly added "bitwise" expressions to + each IP address match, needlessly slowing down run-time + performance (by 50% in worst cases). + * iptables-nft-restore: Support basechain policy value of "-" + (indicating to not change the chain's policy). + * nft-translte: Fix translation of ICMP type "any" match. + +- Update to release 1.8.5 + * IDLETIMER: Add alarm timer option + * nft: CT: add translation for NOTRACK +- Drop iptables-apply-mktemp-fix.patch (seemingly applied) + +- Update to release 1.8.4 + * Fix for wrong counter format in `ebtables-nft-save -c` output. + * Print typical iptables-save comments in arptables- and + ebtables-save, too. + * xt_owner: add --suppl-groups option + * Remove support for /etc/xtables.conf + * Restore support for "-4" and "-6" options in rule lines. + irqbalance +- Adapt also-fetch-node-info-for-non-PCI-devices.patch to v1.4.0, and + backport process_one_line() and get_int() which is required for it + to work. + +- Correctly detect the NUMA node of non-PCI devices. + (bsc#1156315 bsc#1183157) +- add also-fetch-node-info-for-non-PCI-devices.patch + +- Due to a bug in irqbalance's parsing of /sys/devices/system/cpu/cpu*/node* + entries, all CPUs is considered to be on NUMA node 0. Backport fix for + ambiguous parsing of *node* entries in /sys from upstream to fix this issue. + (bsc#1156315, bsc#1182254) +- add fix-ambiguous-parsing-of-node-entries-in-sys.patch + kdump +- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to + dracut command line (bsc#1182309). + +- Increase extra crash kernel reservation for LUKS Argon2 PBKDF + (bsc#1180513): + * kdump-Implement-KString-isHexNumber.patch + * kdump-Mount-and-device-resolution-using-libmount-and-lsblk.patch + * kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch + * kdump-Do-not-list-all-block-devices-if-no-block-devices-ar.patch + * kdump-Enumerate-all-BTRFS-devices-for-btrfs-mount-points.patch + * kdump-calibrate-Fix-kernel-command-line-parsing.patch + +- kdump-query-systemd-network.service.patch: Query systemd + network.service to find out if wicked is used (bsc#1182309). +- kdump-check-explicit-ip-options.patch: Do not add + network-related dracut options if ip= is set explicitly + (bsc#1182309). + kernel-64kb +- vfio-ccw: Wire in the request callback (bsc#1183225). +- vfio-mdev: Wire in a request handler for mdev parent + (bsc#1183225). +- commit 1a8b567 + +- Update config files. (bsc#1181284) +- commit 09b2083 + +- KVM: SVM: Periodically schedule when unregistering regions on + destroy (bsc#1184511 CVE-2020-36311). +- commit fad3809 + +- crypto: essiv - fix AEAD capitalization and preposition use + in help text (bsc#1184134 ltc#192244). +- commit ba310cd + +- crypto: essiv - create wrapper template for ESSIV generation + (bsc#1184134 ltc#192244). + Update config files. + supported.conf: Add crypto/essiv +- commit 07e8de6 + +- Refresh + patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh + patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. + Update metadata +- commit 61adb77 + +- xen-blkback: don't leak persistent grants from xen_blkbk_map() + (bsc#1183646, CVE-2021-28688, XSA-371). +- commit d927391 + +- Refresh + patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch. +- commit ea9970d + +- thunderbolt: Add support for Intel Tiger Lake-H (bsc#1184129). +- commit a872918 + +- thunderbolt: Introduce tb_switch_is_tiger_lake() (bsc#1184129). +- commit cb3c283 + +- mm/mremap_pages: fix static key devmap_managed_key updates + (bsc#1181787). +- commit e836b25 + +- iwlwifi: Fix MODULE_FIRMWARE() ucode definitions for SLE15-SP3 + (bsc#1183860). +- commit 8e0bc83 + +- scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware (bsc#1184111 + ltc#192232). +- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() + (bsc#1184111 ltc#192232). +- commit ecee0a9 + +- arm64/crash_core: Export TCR_EL1.T1SZ in vmcoreinfo + (bsc#1179863). +- crash_core, vmcoreinfo: Append 'MAX_PHYSMEM_BITS' to vmcoreinfo + (bsc#1179863). +- commit 3277e15 + +- s390/vtime: fix increased steal time accounting (bsc#1183859). +- commit 5026f60 + +- Refresh patch metadata. +- Refresh patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch. +- Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. +- Refresh patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch. +- commit 815f258 + +- Refresh + patches.suse/net-mlx5e-Fix-CQ-params-of-ICOSQ-and-async-ICOSQ.patch. + Fixed backport (bsc#1183773) +- commit 9959a4b + +- net: core: introduce __netdev_notify_peers (bsc#1183871 + ltc#192139). +- commit 658d714 + +- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). +- ibmvnic: remove unused spinlock_t stats_lock definition + (bsc#1183871 ltc#192139). +- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch +- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). +- ibmvnic: avoid multiple line dereference (bsc#1183871 + ltc#192139). +- ibmvnic: fix braces (bsc#1183871 ltc#192139). +- ibmvnic: fix block comments (bsc#1183871 ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. +- ibmvnic: prefer 'unsigned long' over 'unsigned long int' + (bsc#1183871 ltc#192139). +- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll + (bsc#1183871 ltc#192139). +- ibmvnic: rework to ensure SCRQ entry reads are properly ordered + (bsc#1183871 ltc#192139). +- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours + (bsc#1183871 ltc#192139). +- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch +- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). +- commit efd07e6 + +- squashfs: fix xattr id and id lookup sanity checks (bsc#1183850). +- commit b1827ac + +- squashfs: fix inode lookup sanity checks (bsc#1183850). +- commit 9b5c651 + +- net: make __dev_alloc_name consider all name nodes when looking + for (bsc#1180103). +- commit 3400412 + +- Update + patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch + (bsc#1183746 jsc#SLE-7741). +- commit e9dda35 + +- netsec: restore phy power state after controller reset + (bsc#1183756). +- commit 45d0550 + +- powerpc/pseries/mobility: handle premature return from H_JOIN + (bsc#1183662 ltc#191922). +- powerpc/pseries/mobility: use struct for shared state + (bsc#1183662 ltc#191922). +- commit 36f1612 + +- padata: upgrade smp_mb__after_atomic to smp_mb in + padata_do_serial (bsc#1178648). +- commit f3ee3cb + +- ALSA: usb-audio: fix use after free in usb_audio_disconnect + (bsc#1182552 bsc#1183598). +- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe + (bsc#1182552 bsc#1183598). +- commit 8173e6a + +- Move upstreamed sound fixes into sorted section +- commit 4b54f4c + +- Refresh sorted section. +- commit c4b4430 + +- rpadlpar: fix potential drc_name corruption in store functions + (bsc#1183416 ltc#191079). +- commit 9661ab7 + +- Refresh patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. +- Refresh patches.suse/x86-sev-es-handle-db-events. + Remove lockdep_assert_irqs_disabled() from + patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. + It can't possibly work correctly on a 5.3 kernel because + there is no NMI-safe hardirq state tracking yet. +- commit 1234b14 + +- blacklist.conf: Add 62441a1fb532 x86/sev-es: Correctly track IRQ states in runtime #VC handler +- commit 1b48e04 + +- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1183553). +- x86/sev-es: Check regs->sp is trusted before adjusting #VC + IST stack (bsc#1183551). +- x86/sev-es: Introduce ip_within_syscall_gap() helper + (bsc#1183552). +- commit 8bcc6e7 + +- ibmvfc: free channel_setup_buf during device tear down + (bsc#1183440 ltc#191464). +- commit b86b88e + +- s390: lock down kernel in secure boot mode (jsc#SLE-7741). +- Update config files. +- commit 1499b7b + +- iommu/amd: Fix sleeping in atomic in increase_address_space() + (bsc#1183310). +- commit f8bf292 + +- Refresh ibmvfc patches to upstream version. +- commit e1a83f9 + kernel-default +- vfio-ccw: Wire in the request callback (bsc#1183225). +- vfio-mdev: Wire in a request handler for mdev parent + (bsc#1183225). +- commit 1a8b567 + +- Update config files. (bsc#1181284) +- commit 09b2083 + +- KVM: SVM: Periodically schedule when unregistering regions on + destroy (bsc#1184511 CVE-2020-36311). +- commit fad3809 + +- crypto: essiv - fix AEAD capitalization and preposition use + in help text (bsc#1184134 ltc#192244). +- commit ba310cd + +- crypto: essiv - create wrapper template for ESSIV generation + (bsc#1184134 ltc#192244). + Update config files. + supported.conf: Add crypto/essiv +- commit 07e8de6 + +- Refresh + patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh + patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. + Update metadata +- commit 61adb77 + +- xen-blkback: don't leak persistent grants from xen_blkbk_map() + (bsc#1183646, CVE-2021-28688, XSA-371). +- commit d927391 + +- Refresh + patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch. +- commit ea9970d + +- thunderbolt: Add support for Intel Tiger Lake-H (bsc#1184129). +- commit a872918 + +- thunderbolt: Introduce tb_switch_is_tiger_lake() (bsc#1184129). +- commit cb3c283 + +- mm/mremap_pages: fix static key devmap_managed_key updates + (bsc#1181787). +- commit e836b25 + +- iwlwifi: Fix MODULE_FIRMWARE() ucode definitions for SLE15-SP3 + (bsc#1183860). +- commit 8e0bc83 + +- scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware (bsc#1184111 + ltc#192232). +- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() + (bsc#1184111 ltc#192232). +- commit ecee0a9 + +- arm64/crash_core: Export TCR_EL1.T1SZ in vmcoreinfo + (bsc#1179863). +- crash_core, vmcoreinfo: Append 'MAX_PHYSMEM_BITS' to vmcoreinfo + (bsc#1179863). +- commit 3277e15 + +- s390/vtime: fix increased steal time accounting (bsc#1183859). +- commit 5026f60 + +- Refresh patch metadata. +- Refresh patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch. +- Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. +- Refresh patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch. +- commit 815f258 + +- Refresh + patches.suse/net-mlx5e-Fix-CQ-params-of-ICOSQ-and-async-ICOSQ.patch. + Fixed backport (bsc#1183773) +- commit 9959a4b + +- net: core: introduce __netdev_notify_peers (bsc#1183871 + ltc#192139). +- commit 658d714 + +- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). +- ibmvnic: remove unused spinlock_t stats_lock definition + (bsc#1183871 ltc#192139). +- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch +- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). +- ibmvnic: avoid multiple line dereference (bsc#1183871 + ltc#192139). +- ibmvnic: fix braces (bsc#1183871 ltc#192139). +- ibmvnic: fix block comments (bsc#1183871 ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. +- ibmvnic: prefer 'unsigned long' over 'unsigned long int' + (bsc#1183871 ltc#192139). +- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll + (bsc#1183871 ltc#192139). +- ibmvnic: rework to ensure SCRQ entry reads are properly ordered + (bsc#1183871 ltc#192139). +- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours + (bsc#1183871 ltc#192139). +- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch +- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). +- commit efd07e6 + +- squashfs: fix xattr id and id lookup sanity checks (bsc#1183850). +- commit b1827ac + +- squashfs: fix inode lookup sanity checks (bsc#1183850). +- commit 9b5c651 + +- net: make __dev_alloc_name consider all name nodes when looking + for (bsc#1180103). +- commit 3400412 + +- Update + patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch + (bsc#1183746 jsc#SLE-7741). +- commit e9dda35 + +- netsec: restore phy power state after controller reset + (bsc#1183756). +- commit 45d0550 + +- powerpc/pseries/mobility: handle premature return from H_JOIN + (bsc#1183662 ltc#191922). +- powerpc/pseries/mobility: use struct for shared state + (bsc#1183662 ltc#191922). +- commit 36f1612 + +- padata: upgrade smp_mb__after_atomic to smp_mb in + padata_do_serial (bsc#1178648). +- commit f3ee3cb + +- ALSA: usb-audio: fix use after free in usb_audio_disconnect + (bsc#1182552 bsc#1183598). +- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe + (bsc#1182552 bsc#1183598). +- commit 8173e6a + +- Move upstreamed sound fixes into sorted section +- commit 4b54f4c + +- Refresh sorted section. +- commit c4b4430 + +- rpadlpar: fix potential drc_name corruption in store functions + (bsc#1183416 ltc#191079). +- commit 9661ab7 + +- Refresh patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. +- Refresh patches.suse/x86-sev-es-handle-db-events. + Remove lockdep_assert_irqs_disabled() from + patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. + It can't possibly work correctly on a 5.3 kernel because + there is no NMI-safe hardirq state tracking yet. +- commit 1234b14 + +- blacklist.conf: Add 62441a1fb532 x86/sev-es: Correctly track IRQ states in runtime #VC handler +- commit 1b48e04 + +- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1183553). +- x86/sev-es: Check regs->sp is trusted before adjusting #VC + IST stack (bsc#1183551). +- x86/sev-es: Introduce ip_within_syscall_gap() helper + (bsc#1183552). +- commit 8bcc6e7 + +- ibmvfc: free channel_setup_buf during device tear down + (bsc#1183440 ltc#191464). +- commit b86b88e + +- s390: lock down kernel in secure boot mode (jsc#SLE-7741). +- Update config files. +- commit 1499b7b + +- iommu/amd: Fix sleeping in atomic in increase_address_space() + (bsc#1183310). +- commit f8bf292 + +- Refresh ibmvfc patches to upstream version. +- commit e1a83f9 + kgeography +- Add patch from upstream to fix a crash when the user disables + the "Wait for validation" option (kde#435555): + * 0001-Fix-crash-when-Wait-for-validation-is-not-enabled.patch + kio +- Add patches to avoid breaking text codec inintialization + (boo#1134688, kde#432406): + * 0001-Fix-default-codec-being-set-to-US-ASCII-in-KIO-apps.patch + * 0002-Use-Q_LOGGING_CATEGORY-macro-instead-of-explicit-QLo.patch + * 0003-Remove-extra-after-Q_LOGGING_MACRO-usage.patch + ldb +- Release ldb 2.2.1 + + CVE-2020-27840: Unauthenticated remote heap corruption via bad DNs; + (bso#14595); (bsc#1183572); + + CVE-2021-20277: out of bounds read in ldb_handler_fold; (bso#14655); + (bsc#1183574); + libX11 +- U_0001-_XIOError-dpy-will-never-return-so-remore-dead.patch + U_0002-remove-empty-line.patch + U_0003-poll_for_response-Call-poll_for_event-again-if-xcb_p.patch + U_0004-poll_for_event-Allow-using-xcb_poll_for_queued_event.patch + U_0005-Prepare-for-_XIOError-possibly-returning.patch + U_0006-Fix-poll_for_response-race-condition.patch + * fixes a race condition in libX11 that causes various + applications to crash randomly (boo#1181963) +- refreshed U_0001-Fix-an-integer-overflow-in-init_om.patch + libass +- security update +- added patches + fix CVE-2020-26682 [bsc#1177862], signed integer overflow in the call to outline_stroke() from ass_outline_construct() + + libass-CVE-2020-26682.patch + -- add versioned Requires to devel pkg, enca is required by pkgconfig - -- Version bup to 0.10.2 - * API additions and some ABI changes, bumped SONAME - * Expose header field for VSFilter color mangling (GC #87) - * Add functions for explicit scaling hints (GC #6) - * Add 'type' field to ASS_Image (GC #31) - * Workaround Freetype's font size grid-fitting where appropriate - * Apply blur to both glyph and border when using opaque box - * Parser bugfixes - * Parse angles in style as number - * Fix fallback event formats - * Make closing ')' optional for some tags - * Fix crazy VSFilter behaviour for \move (GC #90) - * Make \r fall back to line style (GC #104) - * Parse style name like VSFilter - * Ignore junk in nested \t tags - * Make \clip tag arguments mandatory - * Properly handle script and language in the HarfBuzz shaper - * Allow ASS_Track and ASS_Renderer to have different ASS_Library - * Fix stroking in some rare cases - * Correctly handle @font advance (GC #94) - * Fix ascent/descent for some fonts (GC #106) - * Fix ass_step_sub to not require sorted events - * Fix blur scaling - * Don't mutate input strings (GC #88) - * Remove/change some error messages - * Fix various small memory leaks - -- Update to version 0.10.1 - * Fix letter spacing - * Add \rSTYLENAME syntax support (GC #43) - * Fix border generation and border style reset (GC #56) - * Fix various issues with bug-for-bug compatibility of - transformations (\fax, \fay, etc.) to VSFilter (GC #46, GC #42) - * Fix drawing parsing (GC #47) - * Various fixes to shaper (GC #54, GC #55, GC#59) - * Fix change detection - * Add ass_set_line_position API to set a vertical subtitle offset - * Fix scaling of drawing baseline offset (\pbo) values - * Fix skipping of zero-width characters for FriBiDi shaper - * Use LTR text base direction by default, similar to VSFilter - -- Update to version 0.10.0 - + Bidirectional layout and Arabic shaping via FriBidi (GC #13) - + Add API for shaper configuration - + Add support for `Language' Script Info property, this can be - used for hinting the text language - + Vertical layout improvements - * Use `vert' and `vkna' OpenType features for vertical glyph - variants - * Position rotated glyphs onto baseline - + Parse font encoding property for base text direction hinting - + Refactor cache system - + Use generic outlines in place of FreeType glyphs - + Direct outline bitmap rendering - + Fix whitespace trimming (GC #35) - + Do not render border if there's no shadow or glyph (GC #29) - + Adjust spacing after a italic to non-italic style change (GC #37) - + Fix fade timing - + Fix x positioning with borders (GC #27) -- Use pkgconfig() BuildRequires -- Parameterize the soname number - -- Update to version 0.9.12: - + Switch to permissive (ISC) license - + Support \fs+ and \fs- syntax for modifying font size - + Fix word-wrapping - + Improved charmap fallback matching - + Handle a few more VSFilter quirks correctly - + Add a sensible default style - + Fix compilation against libpng 1.5 -- Add xz BuildRequires, as the new tarballs are xz compressed -- Change License tag from GPLv2+ to ISC, as upstream changed to - this license. -- Do not use source service, as Factory is moving away from it in - favor of a different implementation to verify authenticity of - tarballs. Consequently add a valid URL as Source. - -- added 32bit compatibility libraries -- updated description to official description (fix for RPMLINT warning) - -- fix -devel package dependencies - -- Update to version 0.9.11 - * Fix serious memory leaks - * Reduce frame/drawing initialization overhead - * Basic (incorrect, but working) support for @font vertical text layout - * Fix multiple faces per font attachment - * charmap selection fixes - * Add ass_flush_events API function - * Improve fullname font matching - * Better PAR correction if text transforms are used - * Calculate drawing bounding box like VSFilter - * Performance improvements - * Cache vector clip masks - * Avoid unnecessary glyph copies - * Various rendering fixes - * Parse numbers in a locale-independent way - * Remove support for freetype < 2.2.1, fontconfig < 2.4.1; this especially - means libass will not extract fonts into the file system anymore - * Disable script file size limit - * Match fonts against the full name ("name for humans") - * Reset clip mode after \iclip - * Improve VSFilter compatibility - * Update API documentation - * A couple of smaller fixes and cleanups - * Support \q override tag - * Support wrap style 1 (i.e. wrap, but do not equalize line lengths) - * Support border style 3 (opaque box) - * Use the event bounding box (instead of vertical position and height) for - collision detection - * Embold glyphs if no bold variant is available, but was requested - * Modify \fax to be similar to VSFilter - * Trim spaces after line wrapping - * Fix border/shadow overlap combining in some cases - * Disable kerning by default. Use "Kerning=yes" style override or - "Kerning: yes" in [Script Info] to enable it - * Slight bitmap handling optimizations - * Various bugfixes - -- Remove unneeded autoreconf -- Correct license tag -- Make build more verbose so checking tools can do its work - -- New SuSE package, version 0.9.7. -- Name and split according to shared library packaging policy. - -- and now to the OBS -- update to 0.9.6 - libcap +- Update to libcap 2.26 for supporting the ambient capabilities + (jsc#SLE-17092, jsc#ECO-3460) +- Use "or" in the license tag to avoid confusion (bsc#1180073) + -- updated to libcap-2.19 - * more stuff in capsh.c - * sys/capability.h header clean up and fixes. - -- fixed build on ppc64 (needs to get linux/types.h included first). - -- use %_smp_mflags - -- fix deps for fdupes - -- add baselibs.conf as a source - -- fix a typo in the previous patch (__le64) (bnc#487453) -- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453) - -- fix build error on i386 due to missing __u64 definition in - sys/capability.h - libgnomesu +- Update to version 2.0.6: + * Updated translations. + +- Update to version 2.0.5: + * Gracefully exit on SIGTERM to avoid leaving behind xauth + temporary files due to skipped pam cleanup on shutdown + (bsc#1176514). + +- Use %{_libexecdir} where appropriate (instead of %{_prefix}/lib). + libnftnl -- libnftnl version bump [jsc#SLE-7497] - * iptables 1.8.3 needs libnftnl >= 1.1.3 +- Update to release 1.1.9 + * Improve formatting of registers in bitwise dumps. + +- Update to release 1.1.8 + * libnftnl: export nftnl_set_elem_fprintf + * examples: add support for NF_PROTO_INET family + * table: add userdata support + * object: add userdata and comment support + * chain: add userdata and comment support + * src: add support for chain ID attribute + +- Update to release 1.1.7 + * udata: add NFTNL_UDATA_SET_DATA_INTERVAL + +- Update to release 1.1.6 + * add slave device matching + * support for NFTNL_SET_EXPR + +- Update to release 1.1.5 + * flowtable: add support for handle attribute + * obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data() libostree -- Enable LTO (boo#1133120) as it works now. - -- Update to version 2020.8: - + This release mostly contains scalability improvements and - bugfixes. - + Caching-related HTTP headers are now supported on summaries and - signatures, so that they do not have to be re-downloaded if not - changed in the meanwhile. - + Summaries and delta have been reworked to allow more - fine-grained fetching. - + Finally, this fixes several bugs related to atomic variables, - HTTP timeouts, and 32-bit architectures. -- Changes from version 2020.7: - + Static deltas can now be signed to more easily support offline - verification. - + There's now support for multiple initramfs images; the idea - here is that one can have a "main" initramfs image and a - secondary one which represents local configuration. - + The documentation is now moved to - https://ostreedev.github.io/ostree/ - + Lot of preparatory cleanups to the pull code landed for - upcoming work on indexing deltas outside of the summary. - + On the bugfix side, the biggest one is a fix for an assertion - failure when upgrading from systems before ostree supported - devicetree. - + Also notable is that ostree no longer hardlinks zero sized - files to avoid hitting filesystem maximum link counts. -- Changes from version 2020.6: - + One notable feature: ostree now supports / and /boot being on - the same filesystem. - + Other than that it's mostly bugfixes; there is one quite - important one for anyone using the readonly=true for /sysroot - (which is still just Fedora CoreOS I suspect). - + There's some improvements to the GObject Introspection - metadata, some (cosmetic) static analyzer fixes, a fix for the - immutable bit on s390x, dropping a deprecated bit in the - systemd unit file, etc. -- Changes from version 2020.5: - + This release primarily fixes a regression in 2020.4 where the - "readonly sysroot" changes incorrectly left the sysroot - read-only on systems that started out with a read-only / (most - of them, e.g. Fedora Silverblue/IoT at least). - + There's some additions to the pull API to aid flatpak. - + There were a few fixes to the man pages, and ostree show now - displays the parent commit. - + The default dracut config now enables reproducibility. - + On the "feature" side, there is a new ostree admin unlock - - -transient. We expect this to be a foundation for further - support for "live" updates. -- Changes from version 2020.4: - + By far the biggest change in this release is new ed25519 - signing support, powered by libsodium. - + stree commit gained a new --base argument, which significantly - simplifies constructing "derived" commits, particularly for - systems using SELinux. - + Handling of the read-only sysroot was reimplemented to run in - the initramfs and be more reliable. Enabling the readonly=true - flag in the repo config is recommended. - + Several bugs were fixed in locking for the temporary "staging" - directories OSTree creates, particularly on NFS. - + lib: Coerce flags enums to GIR bitfields changed some values to - be (correctly) flags - this may show up as incompatible for - GObject Introspection consumers (but not C). - + A new timestamp-check-from-rev option was added for pulls, - which makes downgrade protection more reliable and will be used - by Fedora CoreOS. - + Several fixes and enhancements were made for "collection" pulls - including a new --mirror option. - + The ostree commit command learned a new --mode-ro-executables - which enforces W^R semantics on all executables. - + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) - was added to help standardize the architecture of the OSTree - commit. This could be used on the client side for example to - sanity-check that the commit matches the architecture of the - machine before deploying. - -- Stop invalid usage of %_libexecdir: - + Use %{_prefix}/lib where appropriate. - + Use _systemdgeneratordir for the systemd-generators. - + Define _dracutmodulesdir based on dracut.pc. Add - BuildRequires(dracut) for this to work. - libstorage-ng +- Translated using Weblate (Spanish) (bsc#1149754) +- 4.3.105 + +- merge gh#openSUSE/libstorage-ng#801 +- allow diagnostics partition id for GPT (bsc#1184073) +- 4.3.104 + +- Translated using Weblate (French) (bsc#1149754) +- 4.3.103 + +- Translated using Weblate (German) (bsc#1149754) +- 4.3.102 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.3.101 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.3.100 + +- Translated using Weblate (Indonesian) (bsc#1149754) +- 4.3.99 + +- Translated using Weblate (Spanish) (bsc#1149754) +- 4.3.98 + +- Translated using Weblate (Chinese (Taiwan)) (bsc#1149754) +- 4.3.97 + +- Translated using Weblate (Chinese (China)) (bsc#1149754) +- 4.3.96 + libtpms +- Update to version 0.7.7 + * CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446) + * tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage + * tpm2: Address some Coverity issues (false positives) + * tpm1.2: Backported ASAN/UBSAN related fixes + * tpm2: Return properly sized array for b parameter for NIST P521 + (HLK) + * tpm2: Addressed issues detected by UBSAN + * tpm2: Addressed issues detected by cppcheck (false positives) + libunistring +- version update to 0.9.10 [bsc#1183794] + * The functions + u8_casing_prefix_context, u8_casing_prefixes_context, + u8_casing_suffix_context, u8_casing_suffixes_context, + u16_casing_prefix_context, u16_casing_prefixes_context, + u16_casing_suffix_context, u16_casing_suffixes_context, + u32_casing_prefix_context, u32_casing_prefixes_context, + u32_casing_suffix_context, u32_casing_suffixes_context, + that are documented since version 0.9.1, are now actually + implemented. + * bump gnulib version + -- libunistring-gnulib-ppc64le.patch: Fix imported gnulib long double - math tests for little-endian PowerPC. - -- license update: LGPL-3.0+ and GPL-3.0+ - Numerous files in tests/ and woedll are GPL-3.0+ licensed. Either put - them in a separate GPL-3.0+ labelled subpackage or use this label for the - main License: line - -- Nuke unnecessary libunistring binary package: move documentation - files to devel subpackage - -- Remove redundant tags/sections per specfile guideline suggestions -- Parallel building using %_smp_mflags - -- Workaround qemu-arm bugs. - -- updated to version 0.9.3: - * Bug fixes in unistr.h functions: - - The functions u16_to_u32, u16_to_u8, u8_to_u32, u8_to_u16 now fail when - the argument is not valid. Previously, they returned a converted string - where invalid parts were each replaced with U+FFFD. - - The function u8_mbsnlen now counts an incomplete character at the end - of the argument string as 1 character. Previously, it could count as 2 - or 3 characters. - - The return value of the u8_stpncpy, u16_stpncpy, u32_stpncpy functions - was incorrect. - - The u8_strcoll, u16_strcoll, u32_strcoll now try harder to give a non-zero - return value. - -- updated to version 0.9.2.1: - * The function uc_locale_language now uses the locale of the - current thread, if a thread-specific locale has been set. - -- initial version of package 0.9.1.1 -- spec file taken from - http://www.pixelbeat.org/patches/libunistring - (PĂĄdraig Brady options.extension was allocated before + checking async_context + * CONC-517: C/C looks for plugins in wrong location on Windows + mdadm +- cluster-md/mdadm : avoid useless re-sync (bsc#1181341) + 0114-super1-fix-Floating-point-exception.patch + 0115-super1.c-avoid-useless-sync-when-bitmap-switches-fro.patch + multipath-tools +- Update to version 0.8.5+30+suse.633836e: + * multipathd: give up "add missing path" after multiple failures + (bsc#1183963) + netpbm +- skip failing tests for armv7hl (bsc#1181571) + nftables +- Update to release 0.9.8 + * Complete support for matching ICMP header content fields. + * Added raw tcp option match support. + * Added ability to check for the presence of any tcp option. + * Support for rejecting traffic from the ingress chain. + +- Update to release 0.9.7 + * Support for implicit chains + * Support for ingress inet chains + * Support for reject from prerouting chain + * Support for --terse option in json + * Support for the reset command with json + +- Update to release 0.9.6 + * Fix two ASAN runtime errors + +- Update to release 0.9.5 + * Support for set counters. + * Support for restoring set element counters via nft -f. + * Counter support for flowtables. + * typeof concatenations support for sets. + * Support for concatenated ranges in anonymous sets. + * Allow to reject packets with 802.1q from the bridge family. + * Support for matching on the conntrack ID. +- Drop anonset-crashfix.patch (upstream solved differently) + +- Add anonset-crashfix.patch [boo#1171321] + +- Update to release 0.9.4 + * Add a helper for concat expression handling. + * Add "typeof" build/parse/print support. + +- Add json, python [boo#1158723] + +- Update to release 0.9.3 + * meta: Introduce new conditions "time", "day" and "hour". + * src: add ability to set/get secmarks to/from connection. + * flowtable: add support for named flowtable listing. + * flowtable: add support for delete command by handle. + * json: add support for element deletion. + * Add `-T` as the short option for `--numeric-time`. + * meta: add ibrpvid and ibrvproto support + +- Update to new upstream release 0.9.2 + * Transport header port matching, e.g. "th dport 53" + * Support for matching on IPv4 options + * Support for synproxy + +- Remove unused dblatex BuildRequires, only needed for the optional + and disabled PDF generation (same contents as shipped manpage). + +- Update to new upstream release 0.9.0 + * Support to check if packet matches an existing socket. + * Support to limit number of active connections by arbitrary + criteria, such as ip addresses, networks, conntrack zones or + any combination thereof. + * Added support for "audit" logging. + +- Update to new upstream release 0.8.5 + * support to add/insert a rule at a given index position + * meter statement now supports a configureable upper max size + * timeouts for sets can now be specified in milliseconds + * re-add iptables-like empty skeleton rulesets + +- Update to new upstream release 0.8.4 + * Support to match IPv6 segment routing headers. + * New "meta ibrname" and "meta obrname" arguments to match the + name of the logical bridge a packet is passing through. + These new names replace the old (misnamed) "ibriport"/"obriport". + * `nft -a` will now show handle identifier for all objects, + including tables and chains. + * nft can now delete objects by their handle number. + * Support to update maps from the ruleset (packet path). + * the "--echo" option now prints handle id for tables and + object too. + * `nft -f -` will now read from standard input + * Support for flow tables, cf. man page or + https://lwn.net/Articles/738214/ . + +- Update to new upstream release 0.8.3 + * raw payload support to match headers that do not yet have + received a mnemonic. + -- Update to new upstream release 0.3 - * More compact syntax for the queue action - * Match input and output bridge interface name through "meta - ibriport" and "meta obriport" - * netlink event monitor, to monitor ruleset events, set changes, etc. - * New transaction infrastructure - fully atomic updates for all - object available in the upcoming 3.16. - -- Initial package for build.opensuse.org - nghttp2 +- security update +- added patches + fix CVE-2020-11080 [bsc#1181358], HTTP/2 Large Settings Frame DoS + + nghttp2-CVE-2020-11080.patch + numactl +- include bugfixes in SLE, to enable 32 bit systems (SLE-17217) + +- Enable LTO (boo#1133098) as it works now. + +- update to 2.0.14: + * manpage update + * numademo: fix issue on 32 bit systems + * drop custom cflags for libnuma + * use symvers attribute for symbol versioning + +- Update to version 2.0.13: + * Release numactl 2.0.13 + * Skip `test/move_pages` if we don't have at least two nodes available + * Add license files: GPLv2 + LGPLv2.1 + * Handle cpu-less node for bind_range test + * Convert numastat.c to standard numactl coding style + * Disable clang travis targets for now + * numastat.8: clarify that information relates to resident pages + * Fix all declarations to be C prototypes + * numatopology: Add check for cpu-less nodes + * Update INSTALL.md + * numastat: when reading no-exist pid, return EXIT_FAILURE + * numastat: Add KReclaimable to list of known fields in meminfo + * numastat: Better diagnostic when find unknown string in meminfo + * Enable building on s390x + * Correct sysconf constants + * Removed unnecessary exit from memhog.c Solves issue #50 + * Synchronized usage function with man page + * Added memhog.8 to Makefile.am + * memhog: add man page + * Allow linking with lld by deduplicating symbols + * numademo: free the node_to_use on the way out + * numademo: free test nodemask + * libnuma: cleanup node cpu mask in destructor + * numactl: add va_end to usage function + * travis: add build matrix + * remove kernel version check + * add missing linux version header + * make MPOL_ macros match linux kernel + * add missing policy + * Fix: Add ShmemHugePages and ShmemPmdMapped to system_meminfo[] + * Fix: move_pages test for non-contiguous nodes + * Correct calculation of nr_nodes and re-enable move_pages test + * Fix: regress test numastat function and few test fixes + * Fix: distance test to include all existing nodes + * numademo: fix wrong node input + * Fix: node_list with memory-less nodes +- Drop autoconf/libtool BuildRequires and autoreconf invocation, + bundled configure is up-to-date. +- Drop obsolete revert_date_in_numastat.patch, gcc sets __DATE__ + based on SOURCE_DATE_EPOCH now. +- Correct License for devel subpackage, same as for the library + (LGPL-2.1-or-later). + +- numastat doesn't need perl anymore since 2012 + +- For obs regression checker, this version includes following SLE + fixes: + - enable build for aarch64 (fate#319973) (bsc#976199) + factory has an extra patch to disable ARM 32 bit archs which + looks a bit misleading as %arm macro only covers 32 bit ARM. + - Bug 955334 - numactl/libnuma: add patch for Dynamic Reconfiguration + bsc#955334 + +- Disable LTO (boo#1133098). + +- Update to version 2.0.12: + * Release numactl 2.0.12 + * Cleanup whitespace from *.c and *.h files + * Add Travis build status to numactl README + * Convert README and INSTALL to Markdown + * Remove `threadtest.c` + * Remove `mkolddemo` script + * Remove file TODO, which has outdated contents + * Remove file DESIGN, which has no contents + * Remove changelogs from the repository + * Revert "make clearcache work on x86/PIC" + * Add "NAME" section to numastat manpage + * Allow building on ARM systems + * Add pkg-config file for NUMA library + * readdir_r(3) is deprecated, use readdir(3) instead + * Avoid filename truncation in numastat + * fix coding style in last change + * Fix: numademo test between sparse nodes + * Fix: allocation of dynamic array + * Fix: numactl distance between sparse nodes + * include sys/sysmacros.h for major/minor + * make clearcache work on x86/PIC + * Fix regress test for invalid hard code of nodenames + * Fix end of line check in distance parsing + * Optimize numa_distance check + * affinity: Include sys/sysmacros.h to fix warning + * numademo: Increase buffer to avoid theoretical buffer overflow + * Check for invalid nodes in numa_distance + +- sysmacros.patch: Include for major/minor (bsc#1181571) (bsc#1183796) + -- Fixed patch 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch - for bnc#872922 - -- Add: 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch - Fixes segfault when no node could be found in sysfs. bnc#872922 - -- enable ppc64le - -- Update to version 2.0.9: -- 130207 Add a prototype for numa_bitmask_weight (Cliff W.) -- 130725 Fix hubstats huge pages bug, version number, man page (Bill Gray) -- 130726 Disable the regress-io test (Cliff W.) -- 130730 Fix typos in numactl man page; add short opts to --help - (Petr Holasek) -- 130906 numactl: option --all/-a added for policy settings (Petr Holasek) -- 130906 libnuma: new function numa_run_on_node_mask_all (Petr Holasek) - -- Update to version 2.0.8: - Drop patch numactl_install_all_manpages, merged upstream -- Removed __DATE__ in numastat to avoid constant rebuilding in build - service (added patch revert_date_in_numastat.patch) -- adjusted license strings - -- Update from 2.0.6 to 2.0.7 - * Add numa_realloc() (and realloc_test) - * Re-fix numa_get_run_node_mask() and fix numa_get_run_node_mask - * Fix the numa_get_run_node_mask() man page (cpus vs nodes) - * Fix the cpu and node parsing to be cpuset aware - * Fix test/checkaffininty to be cpuset aware - * Fix two typos in numactl.8 - -- Only use LGPL for the library licence, remove the gpl part. - -- Add lesser GPL public license to libnuma as metioned in the - sources - -- Adjust/refresh patch, no functional change - -- Update from 2.0.6-rc3 to final version 2.0.6 - -- Use %_smp_mflags - -- Updated to version 2.0.6-rc3 - * Fix numa_get_run_node_mask() to return a cpuset-aware node mask (Cliff W.) - * Add a better warning to numa_node_to_cpus() - -- Updated to version 2.0.6-rc1 - * numa_num_task_cpus()/..nodes() to return actual counts (Cliff W.) - * Correct numa_max_node() use of broken numa_num_configured_nodes() (Tim Pepper) - * Use numa_max_node() not numa_num_configured_nodes() (Tim Pepper) - * Fix numa_num_configured_nodes() to match man page description (Tim Pepper) - * Clarify comment for numa_all_nodes_ptr extern (Tim Pepper) - * numactl --hardware should handle sparse node numbering (Tim Pepper) - * Maintain compatibility with 2.0.3 numa_num_thread...()'s (Cliff W.) - -- Update to 2.0.5: - * Remove merged patch numactl_fix_mem_corrup_numa_init.patch - * Various bug fixes. - -- Forgot to increase the version string from 2.0.4-rc1 to 2.0.4-rc2 - -- Fixed corrupt tar.bz2 and added a mem corruption fix from Jan. - -- Update to version 2.0.4-rc2 - -- workaround broken Makefile which uses uname -m to detect bitness - and libdir -- remove sparcv9 from special-casing in baselibs.conf - -- add baselibs.conf as a source -- add baselibs for SPARC -- add SPARC to ExclusiveArch -- enable parallel building - -- Update to version 2.0.4-rc1 -- Added missing manpages: numastat, migspeed, migratepages - -- fixed build with asneeded on platforms with non-builtin sqrt() - open-iscsi +- Updated to latest upstream 2.1.4 as 2.1.4-suse, which contains + these changes not already present: + * Enable iscsi.service asynchronous logins, cleanup services + (bsc#1183421) + * libopeniscsiusr: dont error loudly if a session isn't found when + working through iscsi_sessions_get() + * libopeniscsiusr: skip over removed sessions + * libopeniscsiusr: fix error messages + * Avoid hardcoding pkg-config to fix cross build + * Fix iscsistart login issue when target is delayed. + openldap2 +- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the + X.509 DN parsing in decode.c ber_next_element, resulting in denial + of service. + * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch +- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN + parsing in ad_keystring, resulting in denial of service. + * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch +- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash + in the Certificate List Exact Assertion processing, resulting in + denial of service. + * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch +- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the + cancel_extop Cancel operation, resulting in denial of service. + * 0224-ITS-9428-fix-cancel-exop.patch +- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the + saslAuthzTo processing, resulting in denial of service. + * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch +- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash + in the saslAuthzTo processing, resulting in denial of service. + * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch + * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch +- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd + crash in the saslAuthzTo processing, resulting in denial of service. + * 0219-ITS-9413-fix-slap_parse_user.patch +- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the + saslAuthzTo validation, resulting in denial of service. + * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch + * 0214-ITS-9406-fix-debug-msg.patch +- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact + Assertion processing, resulting in denial of service (schema_init.c + serialNumberAndIssuerCheck). + * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch + * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch +- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter + control handling, resulting in denial of service (double free and + out-of-bounds read). + * 0215-ITS-9408-fix-vrfilter-double-free.patch + +- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur + in the issuerAndThisUpdateCheck function via a crafted packet, + resulting in a denial of service (daemon exit) via a short timestamp. + This is related to schema_init.c and checkTime. + * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch + openssl-1_1 +- Fix NULL pointer deref in signature_algorithms + * CVE-2021-3449 + * bsc#1183852 + * Add openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch + +- Security fixes: + * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback + protection [bsc#1182333, CVE-2021-23840] + * Null pointer deref in X509_issuer_and_serial_hash() + [bsc#1182331, CVE-2021-23841] +- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch + +- Fix unresolved error codes [bsc#1182959] +- Update openssl-1.1.1-fips.patch + ovmf +- Add ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible + heap corruption (bsc#1183578, CVE-2021-28211) +- Add ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV + recursion (bsc#1183579, CVE-2021-28210) + parted +- Direct file system manipulation support was removed in 2011. + - Removed build dependencies on libreiserfs-devel and + e2fsprogs-devel. + perl-Bootloader +- merge gh#openSUSE/perl-bootloader#134 +- install with --removable if efivars are not writable + (bsc#1182749, bsc#1174111, bsc#1184160) +- fix whitespace +- 0.934 + pipewire +- Enable or disable the ldac codec depending if ldacBT is available + or not to fix build in s390x (where it's not available) +- Add some more information and fix indentation on previous + changelog entries. + +- Update to 0.3.24: + + This is a bugfix release that is API and ABI compatible with + previous 0.3.x releases. + + Highlights + - Many JACK midi improvements and device support. + - Fixes in gnome-control-center default sink/source handling. + - Many small performance improvements in alsa device handling + and latency. There should also be less cracks/pops and xruns + now. + - More bluetooth compatibility improvements. + + PipeWire improvements + - Implement simple upmixing + - Disable the resampler when not used. This improves latency + and CPU usage. + - Handle max-quantum on devices and try to not make the quantum + larger than the device buffer size. + - improvements to how nodes and links are activated. It should + now result in less xruns and cracks/pops. + - meson uses the feature options everywhere now + - Handle volume remap in the channelmixer. This fixes the + channels on multichannel devices. + - Try to escape invalid JSON string characters + - Keep better track of changed parameters in audioconvert. + - Improve config files, make arrays where needed. + - Respect NO_COLOR where possible + - Support in-place config file parsing to avoid allocations and + improve startup performance. + - There is no a config option to enable non-power-of-two + quantums. + - Preliminary support for upmixing and generating LFE channels. + + Session-manager + - default nodes are not stored as JSON in the metadata. This + is more readable and introspectable. + - More default-nodes and default-routes improvements. port + switching should work better now. + - Wait until all devices are scanned before linking clients. + - Fixes some crashes + - Sinks (monitors) can now be set as default sources. + + Device support + - Fix startup timers for alsa devices. + - Improve timers in alsa when quantum changes. It should cause + less xruns and cracks. + - Fix UCM setup of capture devices. + - Only disable IRQ in alsa when not batch. For batch devices + the hw pointers are updated each IRQ so we need to keep them + enabled. This massively improves latency on USB batch devices + to the same level as JACK (with small enough period size). + + Bluetooth + - Improvements to profile switches. + - Improvements to volume handling. + - Fixes for A2DP sources + - Add support for battery status when available. + - Many other small improvements. + + PulseAudio server + - handle NULL in set_default_sink/source to clear the default + - Implement a workaround for gnome-control-center when setting + the default sink/source. It also sets the target in + stream-restore to the new default. This fixes moving streams + in gnome-control-center. + - Fix some races by replying to some requests after the + operation completed. + - Prefer formats of the extended format API. + - Create a pid file on startup to improve compatibility with + apps that look for it. + - Capture streams can now be moved to monitors with pavucontrol + - Fixes for crashes + + JACK + - jack clients can now connect to the 'default' server + - Move midi ports back to the midi client + - Only mark midi hardware ports as terminal/physical + - Use the same midi names as a2jmidid + - match system ports in get_ports. + - Improve compatibility with some apps that require a + fixed latency. + - Beginnings of the libjackserver implementation. +- Switch off libopenaptx and fdk-aac (because they are + patent-encumbered) and libcamera (problems in building). + +- systemd-rpm-macros doesn't have a consistent versioning between + distributions, so better assume it's updated enough to support + %systemd_user_pre + +- Add systemd rpm macros for pipewire.service as well as + pipewire.socket . +- Use the new %systemd_user_pre macro on %pre to be able to + recognize when a service was installed for the first time and + enable it on %systemd_user_post (boo#1183012) + +- Update to version 0.3.23: + + Highlights + - Fixes for some critical bugs in last release. + - Fix bug where audio was not drained properly at the end of + playback, causing repeating sound. + - Profile and route switching was improved and should mimic + more what pulseaudio did. + - Various fixes for xruns in capture and playback. + - Bluetooth now supports delay adjustment and various other + improvements. + - The pulseaudio server now correctly identifies AC3 and DTS + streams and returns a not supported error instead of playing + static. + - Multichannel support was improved in the alsa plugin and + the channel mixer. Channels should now play on the right + speakers in all cases. + + PipeWire improvements + - Small fixes and improvements in JSON parsing and encoding. + - Improvements to param handling in audioconverter. It would + previously not always notify of changes. + - Avoid updating some properties that we use internally such + as the object id and the node.id. + - log.level in the config files is now actually used. + - the PIPEWIRE_LATENCY env variable should always override + any application settings in filter/stream/jack. + - The config file can now contain filer and stream properties + to, for example, control the resampler, mixer and latency. + - Add sandboxing to the systemd services + - Various FreeBSD fixes. + - Improve draining and a way to exit the drain state as well. + - Many multichannel fixes. Channel remapping should now be + correct. + - Fix bug with repeating audio at the end of playback because + the drain in the resampler was not draining all channels. + - RTKit default rt.prio has been increased to 88. This will + likely still be clamped to 20 until distros increase the + max priority. + + Session-manager + - Don't try to switch to Pro Audio profile, this should be + a user choice only. + - Don't crash when metadata was disabled such as when not + using the audio features of pipewire. + - Rework the profile and route handling. + - Add systemd unit files for the media-session + - Device names should now also have sane names so that tab + pactl completion works on them. + + Device support + - Fix ALSA format enumeration in more cases. Use the channels + and rate as a filter. + - Make sure the graph doesn't ever use buffers larger than + the alsa device buffer size or we get xruns. + - Tuning of the alsa device timeout handling and dynamic + resampler. There should now not be any xruns when streams + appear and disappear or when the quantum changes. + - Fix bug in alsa device when reassigning to a new driver, + in some cases the dynamic resampler was not activated and + things would drift out of sync and fail. + - Fixes in quantum changes for ALSA capture and how the + resampler is drained and fed with the new samples. + + Bluetooth + - Delay adjustment has been implemented now. Bluetooth + devices should now be more synchronized with video due + to proper delay reporting. Because BT delays can be + large, it can cause hickups in some players. + - Fix volume in bluetooth devices. + - Codec switch improvements. + + PulseAudio server + - Latency offset adjustment is now implemented and functional + for bluetooth devices. It is not working for alsa devices + yet. + - Handle unsupported formats. Previously we would accept encoded + formats and play noise. This fixes AC3 playback in vlc. + - Move some of the configurable parameters to the config file. + - Fix a fatal use after free when playing samples + - Improve module handling. loaded modules now show up in the + list of modules and can be unloaded. This also prepares the + core for more module implementations later. + + ALSA plugin + - Fix drain with very large buffers, we need to manually start + the stream before draining. + - Fix the channel layout handling. + - Improve compatibility with apps that expect the poll to only + return when there is activity. + - Fix drain for capture + + JACK + - Add a config option to shorten and filter client names + - Increase the length of the client name size and make sure + we don't exceed the allocated size. + - We now include our own jack header files so we can build + without depending on another jack-devel package. We don't + yet install the headers or provide pkgconfig files. +- Move alsa-card-profiles to modules subpackage, they are always + needed. + +- Build/install the `pw-top` tool: + + Add pkgconfig(ncurses) BuildRequires to satisfy the build deps + of pw-top. + - * Highlights - + Per client config files replace the module-profiles. It's + + Highlights + - Per client config files replace the module-profiles. It's - + Pro Audio card profile support. You can now select the + - Pro Audio card profile support. You can now select the - + Many fixes and improvements in the JACK library to make + - Many fixes and improvements in the JACK library to make - + Many bluetooth improvements. Playback should be more + - Many bluetooth improvements. Playback should be more - + Small fixes and improvements all over the map. - * PipeWire improvements - + Add support for restrictions requested by a client. This + - Small fixes and improvements all over the map. + + PipeWire improvements + - Add support for restrictions requested by a client. This - + Fix removal of params in objects. Previously they would not + - Fix removal of params in objects. Previously they would not - + Remove mlock warnings by default. There is an option to + - Remove mlock warnings by default. There is an option to - + Remove LimitMEMLOCK lines from the service files. They can + - Remove LimitMEMLOCK lines from the service files. They can - + Implement per-client config files. Each pipewire client will + - Implement per-client config files. Each pipewire client will - + Implement state and config load/save in pipewire. This is + - Implement state and config load/save in pipewire. This is - + Make an option to disable dbus support. - + Add tool to convert pipewire config to JSON. - * Session-manager - + Give all permissions to Manager flatpak apps. In the future + - Make an option to disable dbus support. + - Add tool to convert pipewire config to JSON. + + Session-manager + - Give all permissions to Manager flatpak apps. In the future - + Improvements to default audio/sink handling. - + Add option to configure device suspend time. - + Small fixes in route handling. - * Device support - + Complain when ACP profile files are not found and use + - Improvements to default audio/sink handling. + - Add option to configure device suspend time. + - Small fixes in route handling. + + Device support + - Complain when ACP profile files are not found and use - + Add volume support to monitor ports. - + Fix resume from suspend for ALSA in more cases. - + ALSA ACP cards now have a Pro Audio profile that exposes + - Add volume support to monitor ports. + - Fix resume from suspend for ALSA in more cases. + - ALSA ACP cards now have a Pro Audio profile that exposes - * Bluetooth - + Enable A2DP delay reporting. This improves audio/video sync + + Bluetooth + - Enable A2DP delay reporting. This improves audio/video sync - + Fix stuttering in A2DP source - + Tweak buffer size and latency settings to avoid stuttering - + More work on HSP and HFP support - + Fix initial profile configuration - + Add HFP HF support - * PulseAudio server - + Small tweaks in capture packet size to avoid crashes in some + - Fix stuttering in A2DP source + - Tweak buffer size and latency settings to avoid stuttering + - More work on HSP and HFP support + - Fix initial profile configuration + - Add HFP HF support + + PulseAudio server + - Small tweaks in capture packet size to avoid crashes in some - + Detect Flatpak apps and requests the flatpak permissions from + - Detect Flatpak apps and requests the flatpak permissions from - * ALSA plugin - + Reduce min buffer size in the plugin for lower possible + + ALSA plugin + - Reduce min buffer size in the plugin for lower possible - * JACK - + implement some missing methods to make qjackctl work again. - + Use the context data thread instead of making our own. This + + JACK + - implement some missing methods to make qjackctl work again. + - Use the context data thread instead of making our own. This - + Pass extra jack flags around in port properties. This makes + - Pass extra jack flags around in port properties. This makes - + Many tweaks to the port names and aliases. Unwanted + - Many tweaks to the port names and aliases. Unwanted - + Add an option to make a separate client for the monitor + - Add an option to make a separate client for the monitor - + add support for system:playback_N and system:capture_N port + - add support for system:playback_N and system:capture_N port - * Highlights - + Many PulseAudio compatibility fixes. Handling of corked + + Highlights + - Many PulseAudio compatibility fixes. Handling of corked - + Ports and Profiles are now managed by the session manager + - Ports and Profiles are now managed by the session manager - + Improved Bluetooth support. HSP is disabled by default + - Improved Bluetooth support. HSP is disabled by default - * PipeWire improvements - + Improve draining in pw-stream. + + PipeWire improvements + - Improve draining in pw-stream. - + Fix handling of empty array/choice instead of failing. - + Fix crashes when creating properties from empty strings. - + Make it possible to pass an array to module-access + - Fix handling of empty array/choice instead of failing. + - Fix crashes when creating properties from empty strings. + - Make it possible to pass an array to module-access - + Fix small bug in argument parsing in pw-cat - * Session-manager - + Restore route volumes in all cases, also when switching + - Fix small bug in argument parsing in pw-cat + + Session-manager + - Restore route volumes in all cases, also when switching - + Use a default route volume for unknown routes instead of + - Use a default route volume for unknown routes instead of - + Fix handling of Virtual sources as defaults. - + Handle port switching in the session manager. Implement + - Fix handling of Virtual sources as defaults. + - Handle port switching in the session manager. Implement - * GStreamer - + Fix a crash with zero SPA_PARAM_BUFFERS_size - * Device support - + v4l2-source will now respect the requested memory types. - + ALSA buffering has been tweaked. USB devices should have + + GStreamer + - Fix a crash with zero SPA_PARAM_BUFFERS_size + + Device support + - v4l2-source will now respect the requested memory types. + - ALSA buffering has been tweaked. USB devices should have - + Fix mute in bluetooth devices + - Fix mute in bluetooth devices - + Codec switching for bluetooth is implemented along with + - Codec switching for bluetooth is implemented along with - + HSP for bluetooth is now disabled by default. Most devices + - HSP for bluetooth is now disabled by default. Most devices - + Reduce the amount of events the ALSA plugins emit by bundling + - Reduce the amount of events the ALSA plugins emit by bundling - * PulseAudio server - + Implement the suspend command - + Fixes volume in sample info - + Fix playback of samples, sometimes samples would be clipped + + PulseAudio server + - Implement the suspend command + - Fixes volume in sample info + - Fix playback of samples, sometimes samples would be clipped - + Use rate match to feed samples. This way the latency can + - Use rate match to feed samples. This way the latency can - + Latency has been tuned some more, more closely emulating + - Latency has been tuned some more, more closely emulating - + Improve default sink/source handling. Make sure all events + - Improve default sink/source handling. Make sure all events - + Handle underrun better without causing sync issues. Make sure + - Handle underrun better without causing sync issues. Make sure - + Implement rewind due to seeks, fixes GStreamer seeking. + - Implement rewind due to seeks, fixes GStreamer seeking. - * Highlights - + Latency was reduced in ALSA and PulseAudio and time + + Highlights + - Latency was reduced in ALSA and PulseAudio and time - + Bluetooth now has a native HFP backed, SBC XQ and + - Bluetooth now has a native HFP backed, SBC XQ and - + Many bugfixes and improvements, improved device + - Many bugfixes and improvements, improved device - * PipeWire improvements - + pw-dump can now dump all objects such as Endpoints - + pw-dump has a -m option to monitor changes - + pw-dump can now dump metadata - + pw-stream can now use the rate-match io to exactly + + PipeWire improvements + - pw-dump can now dump all objects such as Endpoints + - pw-dump has a -m option to monitor changes + - pw-dump can now dump metadata + - pw-stream can now use the rate-match io to exactly - + spa-acp-tool can now load a custom profile-set and + - spa-acp-tool can now load a custom profile-set and - + There is now a nofail option when loading modules - + The connection has been made reentrant to fix some + - There is now a nofail option when loading modules + - The connection has been made reentrant to fix some - + Turn some errors into warnings or simply info. - + Executables are now built with PIE - + S24OE formats should work now (MAudio FastTrack Pro) - + Remove mlock warnings. Add support for mlockall with + - Turn some errors into warnings or simply info. + - Executables are now built with PIE + - S24OE formats should work now (MAudio FastTrack Pro) + - Remove mlock warnings. Add support for mlockall with - * Session-manager - + There are now config files for bluez and v4l2 modules - + Improve ALSA device and node properties - + Bluetooth devices have better properties now. - + The default device routing has been improved. - * Device support - + Port priorities are updated for UCM devices - + ACP devices notify change in routes in all cases - + There is now RW support in ALSA devices to increase + + Session-manager + - There are now config files for bluez and v4l2 modules + - Improve ALSA device and node properties + - Bluetooth devices have better properties now. + - The default device routing has been improved. + + Device support + - Port priorities are updated for UCM devices + - ACP devices notify change in routes in all cases + - There is now RW support in ALSA devices to increase - + Many improvements to Bluetooth. SBC XQ support can now + - Many improvements to Bluetooth. SBC XQ support can now - + Bluetooth devices not expose Routes so that they look + - Bluetooth devices not expose Routes so that they look - + Gracefully handle missing profile-sets - + There is now a native HFP backend - + Improve card names in some cases. - + pause-on-idle is now disabled for ALSA devices. This can + - Gracefully handle missing profile-sets + - There is now a native HFP backend + - Improve card names in some cases. + - pause-on-idle is now disabled for ALSA devices. This can - * ALSA plugin - + Use rate-match to reduce the latency - + Implement a _delay() function to get smoother timestamps. - + Fix property parsing. Fixes volume changes in alsamixer. - * PulseAudio server - + Use rate-match to reduce the latency. This also reduces + + ALSA plugin + - Use rate-match to reduce the latency + - Implement a _delay() function to get smoother timestamps. + - Fix property parsing. Fixes volume changes in alsamixer. + + PulseAudio server + - Use rate-match to reduce the latency. This also reduces - + Implement rate changes now that we have rate-match + - Implement rate changes now that we have rate-match - + pactl stats will now work - + Fix excessive memory usage when a capture client doesn't + - pactl stats will now work + - Fix excessive memory usage when a capture client doesn't - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Session-manager + + Session-manager - * Device support + + Device support - * JACK layer + + JACK layer - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Session-manager + + Session-manager - * Device support + + Device support - * PulseAudio server + + PulseAudio server - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Device support + + Device support - * Session-manager + + Session-manager - * PulseAudio server + + PulseAudio server - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Device support + + Device support - * pulse-server + + pulse-server - * JACK layer + + JACK layer - * Highlights - + This is a quick update to fix critical issues with the + + Highlights + - This is a quick update to fix critical issues with the - + Fix some compatibility issues in pulse-server with + - Fix some compatibility issues in pulse-server with - * PipeWire improvements - + Permission checks for new clients are now done from a + + PipeWire improvements + - Permission checks for new clients are now done from a - + Handle EINTR everywhere - + Fix an issue with the node state changes where a quick + - Handle EINTR everywhere + - Fix an issue with the node state changes where a quick - * Session manager improvements - + Disable the bluez5 and pulse-bridge modules by default + + Session manager improvements + - Disable the bluez5 and pulse-bridge modules by default - + Fix an issue where the session manager could end up in + - Fix an issue where the session manager could end up in - + The session manager will now always configure nodes to remix + - The session manager will now always configure nodes to remix - * Device support - + Initial merge of A2DP extra codec support using the new + + Device support + - Initial merge of A2DP extra codec support using the new - * pulse-server - + Create the runtime directory when it doesn't exist. - + Don't ever block the server, use non-blocking IO everywhere. - + Fill description of profiles with the name if not otherwise + + pulse-server + - Create the runtime directory when it doesn't exist. + - Don't ever block the server, use non-blocking IO everywhere. + - Fill description of profiles with the name if not otherwise - + the connection debug catergory will now also debug pulse + - the connection debug catergory will now also debug pulse - + Respect the no_remix flag to make the control panel channel + - Respect the no_remix flag to make the control panel channel - * ALSA plugin - + implement pause + + ALSA plugin + - implement pause - * Highlights - + This release focuses on bugfixes and stability + + Highlights + - This release focuses on bugfixes and stability - + A new experimental pulse-server module was added. This + - A new experimental pulse-server module was added. This - + A2DP bluetooth was reworked. Playback should work a lot + - A2DP bluetooth was reworked. Playback should work a lot - + Improvements to the routing and volume restore features + - Improvements to the routing and volume restore features - * PipeWire improvements - + The channelmixer does not normalize volumes anymore. Volumes + + PipeWire improvements + - The channelmixer does not normalize volumes anymore. Volumes - + Streams can actually start in the inactive state now. - + The channelmixer can now also convert volume updates from one + - Streams can actually start in the inactive state now. + - The channelmixer can now also convert volume updates from one - + Clients are only registered after the properties have been + - Clients are only registered after the properties have been - + Links now have a new active state. - + Drivers can now also specify a minimum quantum. This makes it + - Links now have a new active state. + - Drivers can now also specify a minimum quantum. This makes it - + The amount of data sent over the socket was reduced by only + - The amount of data sent over the socket was reduced by only - + Client objects are now exposed after they uploaded their + - Client objects are now exposed after they uploaded their - * Tools improvements - + pw-cat will now add metadata to the PipeWire streams. - * Session manager improvements - + Fix crashes when reading bad data in stored settings. - + volume and routing is improved. Settings are now remembered + + Tools improvements + - pw-cat will now add metadata to the PipeWire streams. + + Session manager improvements + - Fix crashes when reading bad data in stored settings. + - volume and routing is improved. Settings are now remembered - + The session manager remembers the last device used per stream - + Fix a bug when moving streams where it could sometimes end + - The session manager remembers the last device used per stream + - Fix a bug when moving streams where it could sometimes end - + Use RTKit to set realtime priority on the data thread in the + - Use RTKit to set realtime priority on the data thread in the - + Add a new property to mark streams that want to capture from + - Add a new property to mark streams that want to capture from - + NODE_TARGET can now also contain the node name. This avoids + - NODE_TARGET can now also contain the node name. This avoids - + the -e and -d options are more usable now and can be used to + - the -e and -d options are more usable now and can be used to - * Device support - + v4l2: add some workarounds for buggy drivers. Add Limited + + Device support + - v4l2: add some workarounds for buggy drivers. Add Limited - + ACP: improve selection of default port and profiles. - + ACP: add support for using the hardware mixer for more than + - ACP: improve selection of default port and profiles. + - ACP: add support for using the hardware mixer for more than - + ACP: support the new port type and availability group found + - ACP: support the new port type and availability group found - + A2DP bluetooth timings were reworked. Automatic linking of + - A2DP bluetooth timings were reworked. Automatic linking of - + Try harder to recover from ALSA errors. - * GStreamer improvements - + Fix some crashes in the monitor that cause + - Try harder to recover from ALSA errors. + + GStreamer improvements + - Fix some crashes in the monitor that cause - * PulseAudio layer improvements - + Many compatibility improvements. Improved playback in + + PulseAudio layer improvements + - Many compatibility improvements. Improved playback in - + Fix a leak in the formats. - + Fix !ADJUST_LATENCY streams like paplay. - + Make the device option in paplay work. - + Fix volume/mute notifications, this makes plasma volume updates + - Fix a leak in the formats. + - Fix !ADJUST_LATENCY streams like paplay. + - Make the device option in paplay work. + - Fix volume/mute notifications, this makes plasma volume updates - + Do the conversion between PulseAudio cubic volumes and PipeWire + - Do the conversion between PulseAudio cubic volumes and PipeWire - * JACK layer improvements - + Return an error when we run out of midi events. Some application + + JACK layer improvements + - Return an error when we run out of midi events. Some application - * ALSA plugin improvements - + The ALSA plugin now also supports the node name in the + + ALSA plugin improvements + - The ALSA plugin now also supports the node name in the - * PipeWire improvements - + Add pw-reserve tool to reserve or monitor a device on DBus. - + Install spa-resample, a tool to resample a file. - + Install spa-acp-tool, a tool to inspect the card profile. - + Various fixes and improvements - + Fix a bug in pw-stream where a capture stream could run out + + PipeWire improvements + - Add pw-reserve tool to reserve or monitor a device on DBus. + - Install spa-resample, a tool to resample a file. + - Install spa-acp-tool, a tool to inspect the card profile. + - Various fixes and improvements + - Fix a bug in pw-stream where a capture stream could run out - + Rework the processing loops in the adapter and stream. There + - Rework the processing loops in the adapter and stream. There - * Session manager improvements - + Improve the device reservation code. We now try to acquire + + Session manager improvements + - Improve the device reservation code. We now try to acquire - + Don't fail on invalid input from the config files. - + Audio devices now have the same name as what PulseAudio + - Don't fail on invalid input from the config files. + - Audio devices now have the same name as what PulseAudio - * Device support - + v4l2: try to use the format before enumerating the size and + + Device support + - v4l2: try to use the format before enumerating the size and - + v4l2: Fall back to MMAP when EXPBUF fails. Fix MMAP access, + - v4l2: Fall back to MMAP when EXPBUF fails. Fix MMAP access, - + Fix crash in ALSA Card Profile (ACP) code. - + ACP: fix selection of default profile. Prefer any possibly + - Fix crash in ALSA Card Profile (ACP) code. + - ACP: fix selection of default profile. Prefer any possibly - + Fix soft volume. After setting the volume to 0, it would stay + - Fix soft volume. After setting the volume to 0, it would stay - * PulseAudio layer improvements - + Rework the buffering and latency measurements and tweak the + + PulseAudio layer improvements + - Rework the buffering and latency measurements and tweak the - * JACK layer improvements - + Fix compilation against newer JACK. + + JACK layer improvements + - Fix compilation against newer JACK. - * do-not-install-alsa-config-files.patch + + do-not-install-alsa-config-files.patch - * PipeWire improvements - + The channelmap converter now handles unknown and strange + + PipeWire improvements + - The channelmap converter now handles unknown and strange - + The resampler is now cleared correctly, avoiding clicks and + - The resampler is now cleared correctly, avoiding clicks and - + Fixes for various crasher bugs. (paplay drain, vlc shutdown, + - Fixes for various crasher bugs. (paplay drain, vlc shutdown, - + Fix a race condition in the node state changes that caused + - Fix a race condition in the node state changes that caused - + Improve the binary name property of applications - + Fix the scheduling again of nodes that always need a driver + - Improve the binary name property of applications + - Fix the scheduling again of nodes that always need a driver - * Session manager improvements - + Fix routing to default nodes. Sometimes nodes were not routed + + Session manager improvements + - Fix routing to default nodes. Sometimes nodes were not routed - * Device support - + Disable channelmap from ALSA by default. This is what + + Device support + - Disable channelmap from ALSA by default. This is what - + Fix a bug in how the resampler was used in the ALSA source, + - Fix a bug in how the resampler was used in the ALSA source, - + Small bluetooth improvements. More work is needed for + - Small bluetooth improvements. More work is needed for - * GStreamer plugins - + The device provider now stops the processing loop before + + GStreamer plugins + - The device provider now stops the processing loop before - * PulseAudio layer improvements - + The buffer attributes were reworked to ensure compatibility + + PulseAudio layer improvements + - The buffer attributes were reworked to ensure compatibility - + The pulseaudio layer will now try hard to not hand out + - The pulseaudio layer will now try hard to not hand out - + The @DEFAULT_SINK/SOURCE/MONITOR@ wildcards now work. This + - The @DEFAULT_SINK/SOURCE/MONITOR@ wildcards now work. This - + The PIPEWIRE_LATENCY environment variable now works again - + Fix some leaks of ports and port info. Also fix the leak of + - The PIPEWIRE_LATENCY environment variable now works again + - Fix some leaks of ports and port info. Also fix the leak of - + The sink/source format_info array is now filled up + - The sink/source format_info array is now filled up - * JACK layer improvements - + jack now returns version 3.0.0 and has PipeWire in the + + JACK layer improvements + - jack now returns version 3.0.0 and has PipeWire in the - * 0001-alsa-dont-change-the-resampler-delay-value.patch + + 0001-alsa-dont-change-the-resampler-delay-value.patch - * PipeWire improvements - + Properly cleanup the mixer structures when a port is removed, + + PipeWire improvements + - Properly cleanup the mixer structures when a port is removed, - + Optimize the preferred formats in the audio converter. Higher + - Optimize the preferred formats in the audio converter. Higher - + Make sure the time reported by pw_stream is always + - Make sure the time reported by pw_stream is always - + There is now also a system service and socket that can be + - There is now also a system service and socket that can be - + Fix channelmixer 5.1 to stereo mix matrix. It was not reading + - Fix channelmixer 5.1 to stereo mix matrix. It was not reading - + The channelmixer will now just copy channels when no layout + - The channelmixer will now just copy channels when no layout - + Port, Node and Link will now also emit an error on the + - Port, Node and Link will now also emit an error on the - + many small fixes and cleanups. - + Fix compatibility: + - many small fixes and cleanups. + - Fix compatibility: - * Session manager improvements - + The session manager will now try to configure the client to + + Session manager improvements + - The session manager will now try to configure the client to - + Configuration state is now saved in XDG_CONFIG_HOME. + - Configuration state is now saved in XDG_CONFIG_HOME. - * Device support - + Bluetooth sources and sinks should work better now. - + There is now also a new bluetooth backend using hsphfpd. - + fix the ALSA UCM Off profile for alsa pcm devices - + improve ALSA port and profile switching. The ACP device will + + Device support + - Bluetooth sources and sinks should work better now. + - There is now also a new bluetooth backend using hsphfpd. + - fix the ALSA UCM Off profile for alsa pcm devices + - improve ALSA port and profile switching. The ACP device will - * PulseAudio layer improvements - + Implement some more callbacks. The pulse layer will now also + + PulseAudio layer improvements + - Implement some more callbacks. The pulse layer will now also - + Fix error code when an object was not found. We now return + - Fix error code when an object was not found. We now return - + Add some support for loading new null sinks. Applications + - Add some support for loading new null sinks. Applications - + Improve handling of profile and port updates, it should work + - Improve handling of profile and port updates, it should work - + Fix compatibility: + - Fix compatibility: - * JACK layer improvements - + improve default source and sink handling. It was not updated + + JACK layer improvements + - improve default source and sink handling. It was not updated - + add samplerate and period to the pw-jack wrapper to easily + - add samplerate and period to the pw-jack wrapper to easily - * ALSA plugin improvements - + Add a mixer entry in the alsa config file. - + Implement support for planar types, rework the processing + + ALSA plugin improvements + - Add a mixer entry in the alsa config file. + - Implement support for planar types, rework the processing - + refuse to load the alsa plugin when linked against 0.2. This + - refuse to load the alsa plugin when linked against 0.2. This - + Fix compatibility: + - Fix compatibility: - * 0021-alsa-protect-against-SIGPFE.patch + + 0021-alsa-protect-against-SIGPFE.patch - * 0001-alsa-dont-change-the-resampler-delay-value.patch + + 0001-alsa-dont-change-the-resampler-delay-value.patch - * Many improvements to the pulse layer. - + GStreamer pulsesink element now works. - + Fixes some segfaults. - + Enable rtkit for client threads. - + fixes capture of monitor stream by name - + implement some more extensions, this makes paman + + Many improvements to the pulse layer. + - GStreamer pulsesink element now works. + - Fixes some segfaults. + - Enable rtkit for client threads. + - fixes capture of monitor stream by name + - implement some more extensions, this makes paman - * Many improvements to the GStreamer elements - + negotiation rework, avoid calling GStreamer methods from + + Many improvements to the GStreamer elements + - negotiation rework, avoid calling GStreamer methods from - + Add support for non-string property values. - + improve stability after buffer and format + - Add support for non-string property values. + - improve stability after buffer and format - + Rework the device provider. - + pipewiresink can now provide a stream that can + - Rework the device provider. + - pipewiresink can now provide a stream that can - * Many improvements to the JACK layer: - + Rework the buffer_size callbacks. Make sure we call + + Many improvements to the JACK layer: + - Rework the buffer_size callbacks. Make sure we call - + Improve compatibility with apps that call + - Improve compatibility with apps that call - + JACK can now create nodes that can be set as a + - JACK can now create nodes that can be set as a - * Added a group id property for nodes. This makes it + + Added a group id property for nodes. This makes it - * Streams and filter now use PIPEWIRE_NODE and + + Streams and filter now use PIPEWIRE_NODE and - * ACP add per device port list. This makes UCM devices + + ACP add per device port list. This makes UCM devices - * Fix some segfaults in ACP and UCM. - * make pw-cat use the metadata to find default devices. - * The media session can now save and load audio device + + Fix some segfaults in ACP and UCM. + + make pw-cat use the metadata to find default devices. + + The media session can now save and load audio device - * Fix bad audio in chrome - * Remove some errors that are not real errors. - * Fix 100% cpu when disconnecting devices. - * Improve pulseaudio introspection of formats - * Fix JACK metadata handling, carla can now monitor the + + Fix bad audio in chrome + + Remove some errors that are not real errors. + + Fix 100% cpu when disconnecting devices. + + Improve pulseaudio introspection of formats + + Fix JACK metadata handling, carla can now monitor the - * Add a new permission bit (M) that is needed to be able + + Add a new permission bit (M) that is needed to be able - * Add support for videocrop in the GStreamer elements. - * Improve handling of the runtime directory for the + + Add support for videocrop in the GStreamer elements. + + Improve handling of the runtime directory for the - * Improve ALSA device names from ACP. - * Fix various crasher bugs. One in the pulse layer, one in + + Improve ALSA device names from ACP. + + Fix various crasher bugs. One in the pulse layer, one in - * Make alsa plugin respect the PIPEWIRE_REMOTE env variable. - * Various compile fixes. + + Make alsa plugin respect the PIPEWIRE_REMOTE env variable. + + Various compile fixes. - * Fix an embarrassing crasher in the JACK layer when metadata + + Fix an embarrassing crasher in the JACK layer when metadata - * Make it possible to add properties to jack clients with a + + Make it possible to add properties to jack clients with a - * Improvements in the session manager in how it links ports. + + Improvements in the session manager in how it links ports. - * Add ofono backend for Bluetooth HeadSet support. - * Improve default source and sink handling. They are now stored + + Add ofono backend for Bluetooth HeadSet support. + + Improve default source and sink handling. They are now stored - * Improve environment variables to make it possible to create + + Improve environment variables to make it possible to create - * Add an alsa mixer plugin so that alsamixer works with PipeWire. + + Add an alsa mixer plugin so that alsamixer works with PipeWire. - * Fix capture devices. There was something wrong with how the + + Fix capture devices. There was something wrong with how the - * We now ship alsa card paths, profile-sets configuration files + + We now ship alsa card paths, profile-sets configuration files - * Many build and stability fixes. + + Many build and stability fixes. - * Improved PulseAudio compatibility. The alsa card profile + + Improved PulseAudio compatibility. The alsa card profile - * Many fixes and improvements to the GStreamer elements. + + Many fixes and improvements to the GStreamer elements. - * Improvements to the bluetooth nodes. Dynamically adding + + Improvements to the bluetooth nodes. Dynamically adding - * Reduced memory usage by using less pre-allocated memory + + Reduced memory usage by using less pre-allocated memory - * Support for passive links is added again. These are links + + Support for passive links is added again. These are links - * Both consumers and producers can now ask to renegotiate + + Both consumers and producers can now ask to renegotiate - * Important fixes to how memory is shared with clients. Memory + + Important fixes to how memory is shared with clients. Memory - * Support for planar formats for audio and video was added. - * Improved error handling in the session manager. - * Metadata is now used to manage default audio source and + + Support for planar formats for audio and video was added. + + Improved error handling in the session manager. + + Metadata is now used to manage default audio source and - * Metadata is used to tag the desired output device for + + Metadata is used to tag the desired output device for - * Many fixes to the security modules. The session manager now + + Many fixes to the security modules. The session manager now - * The portal module has been split up in 2 parts: - + a part living in the daemon that monitors the portal + + The portal module has been split up in 2 parts: + - a part living in the daemon that monitors the portal - + a part in the session manager that uses the permission + - a part in the session manager that uses the permission - * 0001-client-node-fix-buffer-size-calculation.patch - * 0002-gst-fix-proxy-leaks.patch - * 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch - * 0004-pulse-fix-size-calculation.patch - * 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch - * 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch - * 0007-pulse-fix-counter-while-populating-car_info-profiles.patch - * 0008-impl-link-reset-state-before-starting-allocation.patch - * 0009-impl-core-clear-the-mempool.patch - * 0010-mem-reset-the-map-in-clear.patch - * 0011-avoid-uninitialized-variables.patch - * 0012-dlclose-on-errors.patch - * 0013-stream-handle-NULL-context.patch - * 0014-state-always-update-state-variables.patch - * 0015-spa-device-fix-leak-of-properties-in-error-case.patch - * 0016-alsa-dont-leak-structure-on-error.patch - * 0017-alsa-dont-leak-properties-on-error.patch - * 0018-stream-fix-some-more-leaks-in-error-paths.patch - * 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch - * 0020-gst-return-NULL-for-unknown-format.patch + + 0001-client-node-fix-buffer-size-calculation.patch + + 0002-gst-fix-proxy-leaks.patch + + 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch + + 0004-pulse-fix-size-calculation.patch + + 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch + + 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch + + 0007-pulse-fix-counter-while-populating-car_info-profiles.patch + + 0008-impl-link-reset-state-before-starting-allocation.patch + + 0009-impl-core-clear-the-mempool.patch + + 0010-mem-reset-the-map-in-clear.patch + + 0011-avoid-uninitialized-variables.patch + + 0012-dlclose-on-errors.patch + + 0013-stream-handle-NULL-context.patch + + 0014-state-always-update-state-variables.patch + + 0015-spa-device-fix-leak-of-properties-in-error-case.patch + + 0016-alsa-dont-leak-structure-on-error.patch + + 0017-alsa-dont-leak-properties-on-error.patch + + 0018-stream-fix-some-more-leaks-in-error-paths.patch + + 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch + + 0020-gst-return-NULL-for-unknown-format.patch - * fix-meson-required-version.patch + + fix-meson-required-version.patch - * do-not-install-alsa-config-files.patch + + do-not-install-alsa-config-files.patch - * 0001-client-node-fix-buffer-size-calculation.patch - * 0002-gst-fix-proxy-leaks.patch - * 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch - * 0004-pulse-fix-size-calculation.patch - * 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch - * 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch - * 0007-pulse-fix-counter-while-populating-car_info-profiles.patch - * 0008-impl-link-reset-state-before-starting-allocation.patch - * 0009-impl-core-clear-the-mempool.patch - * 0010-mem-reset-the-map-in-clear.patch - * 0011-avoid-uninitialized-variables.patch - * 0012-dlclose-on-errors.patch - * 0013-stream-handle-NULL-context.patch - * 0014-state-always-update-state-variables.patch - * 0015-spa-device-fix-leak-of-properties-in-error-case.patch - * 0016-alsa-dont-leak-structure-on-error.patch - * 0017-alsa-dont-leak-properties-on-error.patch - * 0018-stream-fix-some-more-leaks-in-error-paths.patch - * 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch - * 0020-gst-return-NULL-for-unknown-format.patch + + 0001-client-node-fix-buffer-size-calculation.patch + + 0002-gst-fix-proxy-leaks.patch + + 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch + + 0004-pulse-fix-size-calculation.patch + + 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch + + 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch + + 0007-pulse-fix-counter-while-populating-car_info-profiles.patch + + 0008-impl-link-reset-state-before-starting-allocation.patch + + 0009-impl-core-clear-the-mempool.patch + + 0010-mem-reset-the-map-in-clear.patch + + 0011-avoid-uninitialized-variables.patch + + 0012-dlclose-on-errors.patch + + 0013-stream-handle-NULL-context.patch + + 0014-state-always-update-state-variables.patch + + 0015-spa-device-fix-leak-of-properties-in-error-case.patch + + 0016-alsa-dont-leak-structure-on-error.patch + + 0017-alsa-dont-leak-properties-on-error.patch + + 0018-stream-fix-some-more-leaks-in-error-paths.patch + + 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch + + 0020-gst-return-NULL-for-unknown-format.patch - * do-not-use-snd_pcm_ioplug_hw_avail.patch - * fix-memfd_create-call.patch + + do-not-use-snd_pcm_ioplug_hw_avail.patch + + fix-memfd_create-call.patch - * Extensive memory leak fixing and stress testing was done. + + Extensive memory leak fixing and stress testing was done. - * Compile fixes - * Stability improvements in jack and pulseaudio layers. - * Added the old portal module to make the Camera portal + + Compile fixes + + Stability improvements in jack and pulseaudio layers. + + Added the old portal module to make the Camera portal - * Improvements to the GStreamer source and sink shutdown. - * Fix compatibility with v2 clients again when negotiating + + Improvements to the GStreamer source and sink shutdown. + + Fix compatibility with v2 clients again when negotiating - * fix-meson-required-version.patch + + fix-meson-required-version.patch - * do-not-use-snd_pcm_ioplug_hw_avail.patch + + do-not-use-snd_pcm_ioplug_hw_avail.patch - * Compiler fixes - * Add pw-midiplay and pw-midirecord aliases - * Add pw-mididump tool - * Add pw-metadata tool to inspect, add and remove metadata + + Compiler fixes + + Add pw-midiplay and pw-midirecord aliases + + Add pw-mididump tool + + Add pw-metadata tool to inspect, add and remove metadata - * Docs updates, man pages - * install alsa config files - * Fix linked sink/source in pulseaudio - * ratelimit graph processing warnings - * improve buffer handling in GStreamer elements - * Fix power usage by removing the queue for the alsa + + Docs updates, man pages + + install alsa config files + + Fix linked sink/source in pulseaudio + + ratelimit graph processing warnings + + improve buffer handling in GStreamer elements + + Fix power usage by removing the queue for the alsa - * Fix metadata clear() method dispatch. - * Improve parameter enumeration, make it possible to detect + + Fix metadata clear() method dispatch. + + Improve parameter enumeration, make it possible to detect - * Fix cleanup of proxy objects. Stability improvements on + + Fix cleanup of proxy objects. Stability improvements on - * Make it possible to set log level from config file - * improve debug of param negotiation errors. Log the + + Make it possible to set log level from config file + + improve debug of param negotiation errors. Log the - * Make it possible to configure global logger + + Make it possible to configure global logger - * Fix NEON detection - * JACK and PulseAudio compatibility improvements + + Fix NEON detection + + JACK and PulseAudio compatibility improvements - * A quick update with some important stability fixes. + + A quick update with some important stability fixes. - * NEON optimizations for audio conversion (32 and 64 bits) - * rework of session manager implementation - * Add option to disable modules in the session manager - * Release midi hardware devices when suspended - * various build fixes - * Clean up options of various utils - * Stability improvements - * Mayor improvements in pulseaudio emulation. Improved + + NEON optimizations for audio conversion (32 and 64 bits) + + rework of session manager implementation + + Add option to disable modules in the session manager + + Release midi hardware devices when suspended + + various build fixes + + Clean up options of various utils + + Stability improvements + + Mayor improvements in pulseaudio emulation. Improved - * Implementation of drain and flush in pulse and alsa + + Implementation of drain and flush in pulse and alsa - * Implement poll on file descriptors. - * Improvement of metadata for jack emulation. - * Fix memory and thread problems in jack emulation. - * Simplification of state changes. Should make more use + + Implement poll on file descriptors. + + Improvement of metadata for jack emulation. + + Fix memory and thread problems in jack emulation. + + Simplification of state changes. Should make more use - * Improvements in the gstreamer elements. Removal of + + Improvements in the gstreamer elements. Removal of - * Add pw-jack and pw-pulse scripts to run pulseaudio and + + Add pw-jack and pw-pulse scripts to run pulseaudio and - * fix-memfd_create-call.patch + + fix-memfd_create-call.patch - * avoid-invalid-conversion-error-with-C++.patch + + avoid-invalid-conversion-error-with-C++.patch - * No changelog provided by upstream. To see the changes in this + + No changelog provided by upstream. To see the changes in this plasma-framework +- Replace patch to fix non-integer Label sizes: + * fix-noninteger-Label-height.patch + with the latest patches submitted to upstream: + * 0001-Fix-Label-having-non-integer-sizes.patch + * 0002-Use-implicitWidth-Height-instead-of-paintedWidth-Hei.patch + (https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/201) + plymouth +- Disable plymouth-systemd-KillMode-mixed.patch: Temporary disable + it, because aarch64 and ppc64le system could not booting in + release period, and this is only a enhancement with no harm to + rollback (bnc#1177082, bnc#1182145, bnc#1184087). + +- Add plymouth-systemd-KillMode-mixed.patch: Backport from upstream + change plymouth systemd plymouth-start.service KillMode=mixed, + the old method is unsafe and deprecated (bnc#1177082, + bnc#1182145). + poppler +- Add 0001-Fix-opening-files-by-some-generators-that-are-a-bit-.patch: + Some PDF generators generate PDF with some wrong numbers in entry + table, but the content is still valid, this patch ignores those + problems. (bsc#1181551) + postgresql13 +- Upgrade to version 13.2: + * https://www.postgresql.org/docs/13/release-13-2.html + * Updating stored views and reindexing might be needed after + applying this update. + * CVE-2021-3393, bsc#1182040: Fix information leakage in + constraint-violation error messages. + * CVE-2021-20229, bsc#1182039: Fix failure to check per-column + SELECT privileges in some join queries. + * Obsoletes postgresql-icu68.patch. + +- Add postgresql-icu68.patch: fix build with ICU 68 + +- boo#1179765: BuildRequire libpq5 and libecpg6 when not building + them to avoid dangling symlinks in the devel package. protobuf +- Fix Requires for python3 to python3-six. + +- Add missing dependency of python subpackages on python-six + (bsc#1177127). + psmisc +- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch + * Fix bsc#1178407: fuser does not show open kvm storage image files + such as qcow2 files. Patch from Ali Abdallah + python +- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids + use of semicolon as a query string separator (bpo#42967, + bsc#1182379, CVE-2021-23336). +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in http.cookiejar. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. +- Remove upstreamed patches: + - CVE-2019-18348-CRLF_injection_via_host_part.patch +- Other patches recalculated. + python-base +- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids + use of semicolon as a query string separator (bpo#42967, + bsc#1182379, CVE-2021-23336). +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in http.cookiejar. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. +- Remove upstreamed patches: + - CVE-2019-18348-CRLF_injection_via_host_part.patch +- Other patches recalculated. + python-cryptography +- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242) + * Using the Fernet class to symmetrically encrypt multi gigabyte values + could result in an integer overflow and buffer overflow. + python3 +Update to 3.6.13, final release of 3.6 branch: + * Security + - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache + poisoning vulnerability by defaulting the query args + separator to &, and allowing the user to choose a custom + separator. + - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static + buffers when computing the repr of ctypes.c_double and + ctypes.c_longdouble values. + - bpo#42103: Prevented potential DoS attack via CPU and RAM + exhaustion when processing malformed Apple Property List + files in binary format. + - bpo#42051: The plistlib module no longer accepts entity + declarations in XML plist files to avoid XML + vulnerabilities. This should not affect users as entity + declarations are not used in regular plist files. + - bpo#40791: Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + * Core and Builtins + - bpo#35560: Fix an assertion error in format() in debug + build for floating point formatting with “n” format, zero + padding and small width. Release build is not impacted. + Patch by Karthikeyan Singaravelan. + * Library + - bpo#42103: InvalidFileException and RecursionError are now + the only errors caused by loading malformed binary Plist + file (previously ValueError and TypeError could be raised + in some specific cases). + * Tests + - bpo#42794: Update test_nntplib to use offical group name of + news.aioe.org for testing. Patch by Dong-hee Na. + - bpo#41944: Tests for CJK codecs no longer call eval() on + content received via HTTP. +- Patches removed, because they were included in the upstream + tarball: + - CVE-2020-27619-no-eval-http-content.patch + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + +- Resync with python36 Factory package. +- Make this %primary_interpreter + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +- Provide the newest setuptools wheel (bsc#1176262, + CVE-2019-20916) in their correct form (bsc#1180686). + -- Change setuptools and pip version numbers according to new wheels +- Change setuptools and pip version numbers according to new + wheels (bsc#1179756). raspberrypi-firmware-config +- Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079) + raspberrypi-firmware-dt +- Add overlay for smbios information (bsc#1183079) + * smbios-overlay.dts + ruby2 +- Update suse.patch: (boo#1177125) + Backport fix CVE-2020-25613: Potential HTTP Request Smuggling + Vulnerability in WEBrick + +- replace all patches with suse.patch (v2_5_8..2.5-suse) + (we keep remove-unneeded-files.patch as it can not be done in our + backports branch) +- backport patch to enable optimizations also on ARM64 + (boo#1177222) + +- make sure that update-alternative weight for the default + distribution is always greater than our normal weight + +- make the update-alternative weight based on the ruby version + sane-backends +- sane-backends version upgrade to 1.0.32 for SLE15: + * sane-backends version upgrade to 1.0.32 + to fix bugs in sane-backends version 1.0.31 in particular + https://gitlab.com/sane-project/backends/-/issues/402 + double height image with the avision backend (bsc#1179065) + to avoid regressions by hardware enablement for scanners + (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) + cf. the entry below dated "Wed Oct 14 11:17:03 CEST 2020" + +- Remove udev rules mangling for USB devices (ATTR vs ATTRS) (!510) +- Do no add SCSI id twice for EPSON Perfection 1640SU (!509) + +- Upgraded to sane-backends version 1.0.32 + Changes since 1.0.31 + see https://gitlab.com/sane-project/backends/-/blob/master/NEWS + Numbers of the form '(#NNN)' usually mean upstream issues like + https://gitlab.com/sane-project/backends/-/issues/NNN and numbers + of the form '(!MMM)' usually mean upstream merge requests like + https://gitlab.com/sane-project/backends/-/merge_requests/MMM + Backends + * all backends now respect the 'local_only' parameter when 'true' + is passed to 'sane_get_devices()' in that they do not actively + go out looking for networked devices (!502) + * 'artec_eplus48u': fixes configuration for AstraSlim SE (!545) + * 'avision': adds the AV186+ and AV188 as supported (!532) + * 'avision': fixes doubled height issue (#402) + * 'avision': fixes a debug message and compiler warning (!515) + * 'canon_dr': adds support for the DR-C120 and DR-C130 (#175) + * 'canon_dr': adds support for uploading of fine calibration + uploads + * 'canon_dr': enables fine calibration for the P-208 + * 'canon_dr': improves DR-C225 support (#431) + * 'canon_lide70': adds support for document scanning + on the Canon LiDE 600(F), thanks to a hardware donation + by Georg Sauthoff + * 'dll': fixes a memory leak (!537) + * 'epson2': adds support for the ET-2600 (#395) + * 'epson2': adds autofocus support for devices + that support it (!531) + * 'epson2': fixes brightness support for DS-G20000/12000XL (!529) + * 'epson2': fixes an unchecked return value issue (!526) + * 'escl': adds support for brightness, threshold, sharpen + and contrast options (!527, !528) + * 'escl': adds support for LaserJet FLowMFP M578 + and MFP M630 (#424) + * 'escl': adds support for DeskJet 2710, 2723 (!519) + and 3760 (!554) + * 'escl': adds support for the PIXMA TS-5351 (!544) + and MG5765 (!517) + * 'escl': adds support for the Brother HL-L258DW (!517) + * 'escl': fixes Avahi device discovery (!536) + * 'escl': fixes crashes for devices without a flatbed (!554) + * 'escl': fixes segfaults in option handling (!557) + * 'escl': fixes sleep mode (!577) + * 'escl': fixes builds without libpoppler-glib-dev (#422) + * 'escl': fixes a memory issue in its capability handling (#425) + * 'fujitsu': fixes brightness/contrast for the iX500 + * 'fujitsu': fixes memory corruption for duplex scans + * 'genesys': disables support for CanoScan 4400F to prevent + possible physical damage (#436) + * 'gt68xx': fixes scan cancellation logic (#356) + * 'pixma': adds untested support for models + released in 2020 (!553) + * 'pixma': adds support for ADF scans on the i-SENSYS MF260 + * 'pixma': adds support for PIXMA M340 buttons + and ADF status (!513) + * 'pixma': adds an option to control when to calibrate (#321) + * 'pixma': fixes support for the MX492 (!548) + * 'pixma': fixes ADF support for the MX490 Series + * 'pixma': fixes max resolution for ADF scans + on the PIXMA M320 (#364) + * 'pixma': fixes compile errors when libxml2 + is not available (#345) + * 'plustek': fixes CanoScanN650u discovery (#137) + * 'test': fixes several memory leaks (!537) + Frontends + * 'saned': add support for listening on a custom + or ephemeral port via a new '-p'/'--port' option (!549) + * 'scanimage': fixes crashes for multi-pass + and handheld scans (#408) + * 'scanimage': fixes a memory leak (!551) + * 'scanimage': fixes option handling + for non-compliant backends (#362) + Documentation + * updates our copy of the GPL with the FSF's current postal + address. This changes references to the Library GPL (LGPL-2.0) + into refs to the Lesser GPL (LGPL-2.1) but does *not* affect + the licensing of our backends (#320). + * source code now points to the Free Software Foundation's + website for copies of the GPL and LGPL (#320) + * updates translations for British English and Ukrainian + * adds a pointer to our Ubuntu PPA for pre-built binaries + * adds SCSI IDs for the EPSON Perfection 1640SU (!509) + * fixes a boat-load of spelling mistakes (!516, thanks @marschap) + * updates description files for 'scangearmp2' + and 'utsushi' external backends + Build + * removes support for 'automake' maintainer mode (!522) + * removes 'sane' subdirectory from the lock directory + to fix issues when the lock directory is on 'tmpfs' (#363) + * adds support for builds using GitLab "source" tarballs (#248) + * fixes static link scenarios (#124) + * fixes 'python' invocations to use the detected program (!525) + * disables 'genesys' testsuite when that backend + is not built (#354) + * suppresses warnings about obsolete autoconf macros (#122) + * fixes availability of sane-backends.pot file inputs (#344) + * fixes 'configure.ac' for use with 'autoconf-2.70' (#409) + * removes CVS keywords from the source to ease use + by downstreams that still use CVS (!547) + Miscellaneous + * udev rules now trigger on all events other + than 'remove' (!541). This aims to address a kernel API change + introduced in 4.14. The new behaviour may slow down udev's + processing of kernel events when still using our plain 'udev' + or 'udev+acl' rules, even though these have been optimized + slightly (#341). If that bothers you, now is a good time + to switch to our 'udev+hwdb' rules in combination with + the 'hwdb' database if you have not done so already. + sed +- Build fix for the new glibc-2.31 (bsc#1183797, + sed-tests-build-fix.patch). + -- keep binary in /usr tree (UsrMerge project) - -- license update: GPL-3.0+ - There are no "GPL-3.0 only" licenses in sed - -- add automake as buildrequire to avoid implicit dependency - -- Update to version 4.2.1: - + fix parsing of s/[[[[[[[[[]// - + security contexts are preserved by -i too under SELinux - + temporary files for sed -i are not made group/world-readable - until they are complete -- Changes from version 4.2: - + now released under GPLv3 - + added a new extension `z` to clear pattern space even in the - presence of invalid multibyte sequences - + a preexisting GNU gettext installation is needed in order to - compile GNU sed with NLS support - + new option --follow-symlinks, available when editing a file - in-place. - + hold-space is reset between different files in -i and -s modes. - + multibyte processing fixed - + fixed bug in 'i\' giving a segmentation violation if given - alone. - + much improved portability - + much faster in UTF-8 locales - + will correctly replace ACLs when using -i - + will now accept NUL bytes for `.' -- Drop upstream included [atches: - + sed-follow_symlinks.patch - + sed-4.1.5-fix_warnings.patch -- Remove --enable-html from configure: the option is no longer - supported and sed.html no longer created. - -- use %_smp_mflags - -- enable parallel building - smartmontools +- Remove obsolete service parameter (bsc#1183699, + smartmontools-smartd-service.patch). + snapper +- fixed creating root config (root prefix handling) + (gh#openSUSE/snapper#627) + squashfs +- enabled ZSTD compression support for openSUSE >= 15.1 + +- Add -fcommon in order to fix boo#1160294. + +- Version 4.4 - 2019-08-29: + * Reproducible builds, new compressors, + CVE fixes, security hardening and new options + for Mksquashfs/Unsquashfs. +- Overall improvements: + * Mksquashfs now generates reproducible images by default. + * Mkfs time and file timestamps can also be specified. + * Support for the Zstandard (ZSTD) compression algorithm. + * CVE-2015-4645 and CVE-2015-4646 have been fixed. +- Mksquashfs improvements and major bug fixes: + * Pseudo files now support symbolic links. + * New -mkfs-time option. + * New -all-time option. + * New -root-mode option. + * New -quiet option. + * New -noId option. + * New -offset option. + * Update lz4 wrapper to use new functions introduced + in 1.7.0. + * Bug fix, don't allow "/" pseudo filenames. + * Bug fix, allow quoting of pseudo files, to + better handle filenames with spaces. + * Fix compilation with glibc 2.25+. +- Unsquashfs improvements and major bug fixes: + * CVE-2015-4645 and CVE-2015-4646 have been fixed. + * Unsquashfs has been further hardened against corrupted + filestems. + * Unsquashfs is now more strict about error handling. + * New -ignore-errors option. + * New -strict-errors option. + * New -lln[umeric] option. + * New -lc option. + * New -llc option. + * New -mkfs-time option. + * New -UTC option. + * New -offset option. + * New -quiet option. + * Update lz4 wrapper to use new functions introduced + in 1.7.0. + * Bug fix, fatal and non-fatal errors now set the exit + code to 1. + * Bug fix, fix time setting for symlinks. + * Bug fix, try to set sticky-bit when running as a + user process. + * Fix compilation with glibc 2.25+. +- build changes: + * re-created patches to fit squashfs 4.4 + * removed 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch + (new version includes this change) + * removed 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch + (new version includes this change) + * removed 0003-Add-offset-function-to-skip-n-bytes.patch + (new version includes this change) + * removed sysmacros.patch + (new version includes this change) + +- Add -offset function to skip n bytes at the beginning of the squashfs… + https://github.com/plougher/squashfs-tools/commit/5a498ad24dcfeac9f3d747e894f22901f3ac10 + (0003-Add-offset-function-to-skip-n-bytes.patch) + +- Disable LTO (boo#1133284). + +- Use | instead of / that can be part of -L or -I options. + +- Use / as sed command delimiter. Comma can actually show up in + optflags (think -Wl,…), which then breaks the sed command line + parsing. + +- sysmacros.patch: Include for major/minor/makedev + -- Since version 4.3, squasfs does not require attr-devel - but uses glibc instead. - -- update to 4.3: - - unsquashfs: add checks for corrupted data in opendir functions - - unsquashfs: completely empty filesystems incorrectly generate an error - - unsquashfs: fix open file limit - - mksquashfs: Use linked list to store directory entries rather - - mksquashfs: Remove qsort and add a bottom up linked list merge sort - - mksquashfs: optimise lookup_inode2() for dirs - - pseudo: fix handling of modify pseudo files - - pseudo: fix handling of directory pseudo files - - xattr: Fix ERROR() so that it is synchronised with the progress bar - - mksquashfs/sort: Fix INFO() so that it is synced with the progress bar - - mksquashfs: Add -progress to force progress bar when using -info - - error.h: consolidate the various error macros into one header file - - mksquashfs: fix stack overflow in write_fragment_table() - - mksquashfs: move list allocation from off the stack - - unsquashfs: fix oversight in directory permission setting - - mksquashfs: dynamically allocate recovery_file - - mksquashfs: dynamically allocate buffer in subpathname() - - mksquashfs: dynamically allocate buffer in pathname() - - unsquashfs: fix CVE-2012-4024 - - unsquashfs: fix CVE-2012-4025 - - mksquashfs: fix potential stack overflow in get_component() - - mksquashfs: add parse_number() helper for numeric command line options - - mksquasfs: check return value of fstat() in reader_read_file() - - mksquashfs: dynamically allocate filename in old_add_exclude() - - unsquashfs: dynamically allocate pathname in dir_scan() - - unsquashfs: dynamically allocate pathname in pre_scan() - - sort: dynamically allocate filename in add_sort_list() - - mksquashfs: fix dir_scan() exit if lstat of source directory fails - - pseudo: fix memory leak in read_pseudo_def() if exec_file() fails - - pseudo: dynamically allocate path in dump_pseudo() - - mksquashfs: dynamically allocate path in display_path2() - - mksquashfs: dynamically allocate b_buffer in getbase() - - pseudo: fix potential stack overflow in get_component() - - pseudo: avoid buffer overflow in read_pseudo_def() using sscanf() - - pseudo: dynamically allocate filename in exec_file() - - pseudo: avoid buffer overflow in read_sort_file() using fscanf() - - sort: tighten up sort file parsing - - unsquashfs: fix name under-allocation in process_extract_files() - - unsquashfs: avoid buffer overflow in print_filename() using sprintf() - - Fix some limits in the file parsing routines - - pseudo: Rewrite pseudo file processing - - read_fs: fix small memory leaks in read_filesystem() - - mksquashfs: fix fclose leak in reader_read_file() on I/O error - - mksquashfs: fix frag struct leak in write_file_{process|blocks|frag} - - unsquashfs_xattr: fix memory leak in write_xattr() - - read_xattrs: fix xattr free in get_xattr() in error path - - unsquashfs: add -user-xattrs option to only extract user.xxx xattrs - - unsquashfs: add code to only print "not superuser" error message once - - unsquashfs: check for integer overflow in user input - - mksquashfs: check for integer overflow in user input - - mksquashfs: fix "new" variable leak in dir_scan1() - - read_fs: prevent buffer {over|under}flow in read_block() with - corrupted filesystems - - read_fs: check metadata blocks are expected size in scan_inode_table() - - read_fs: check the root inode block is found in scan_inode_table() - - read_fs: Further harden scan_inode_table() against corrupted - filesystems - - unsquashfs: prevent buffer {over|under}flow in read_block() with - corrupted filesystems - - read_xattrs: harden xattr data reading against corrupted filesystems - - unsquash-[23]: harden frag table reading against corrupted filesystems - - unsquash-4.c: harden uid/gid & frag table reading against corruption - - unsquashfs: harden inode/directory table reading against corruption - - mksquashfs: improve out of space in output filesystem handling - - mksquashfs: flag lseek error in writer as probable out of space - - mksquashfs: flag lseek error in write_destination as probable out of - space - - mksquashfs: print file being squashed when ^\ (SIGQUIT) typed - - mksquashfs: make EXIT_MKSQUASHFS() etc restore via new restore thread - - mksquashfs: fix recursive restore failure check - - info: dump queue and cache status if ^\ hit twice within one second - - mksquashfs: fix rare race condition in "locked fragment" queueing - - lz4: add experimental support for lz4 compression - - lz4: add support for lz4 "high compression" - - lzo_wrapper: new implementation with compression options - - gzip_wrapper: add compression options - - mksquashfs: redo -comp parsing - - mksquashfs: display compressor options when -X option isn't recognised - - mksquashfs: add -Xhelp option - - mksquashfs/unsquashfs: fix mtime signedness - - Mksquashfs: optimise duplicate checking when appending - - Mksquashfs: introduce additional per CPU fragment process threads - - Mksquashfs: significantly optimise fragment duplicate checking - - read_fs: scan_inode_table(), fix memory leak on filesystem corruption - - pseudo: add_pseudo(), fix use of freed variable - - mksquashfs/unsquashfs: exclude/extract/pseudo files, fix handling of - leaf name - - mksquashfs: rewrite default queue size so it's based on physical mem - - mksquashfs: add a new -mem option - - mksquashfs: fix limit on the number of dynamic pseudo files - - mksquashfs: make -mem take a normal byte value, optionally with a - K, M or G - -- Remove redundant tags/sections from specfile -- Parallel build with %_smp_mflags - -- enable support for xz and lzo (kernel has support already) - -- The ppc64 kernel uses a page size of 64kB but mksquashfs only - pads to a 4kB boundary. When we loopback mount a squashfs file - that isn't 64kB aligned and access the last sector of the - associated loopback device we see a stream of errors. - Disk partitioning tools seem to like accessing the last 512 - bytes of partitions. - This should fix warnings seen during starting installation on - ppc64 and IA64 - -- Update to version 4.2: - + Filesystem improvements: - - Added XZ compression - - Added compression options support - + Miscellaneous improvements/bug fixes: - - Add missing NO_XATTR filesystem flag to indicate no-xattrs - option was specified and no xattrs should be stored when - appending. - - Add suppport in Unquashfs -stat option for displaying - NO_XATTR flag. - - Remove checkdata entry from Unsquashfs -stat option if a 4.0 - filesystem - checkdata is no longer supported. - - Fix appending bug when appending to an empty filesystem - - this would be incorrectly treated as an error. - - Use glibc sys/xattr.h include rather than using attr/xattr.h - which isn't present by default on some distributions. - - Unsquashfs, fix block calculation error with regular files - when file size is between 2^32-block_size+1 and 2^32-1. - - Unsquashfs, fix sparse file writing when holes are larger - than 2^31-1. - - Add external CFLAGS and LDFLAGS support to Makefile, and - allow build options to be specified on command line. - Also don't over-write passed in CFLAGS definition. - -- update to 4.1 - - support for lzo (>= 2.6.36) and lzma (not yet mainline) - - xattr support - - misc fixes for the tools - -- removed obsolete source file - -- update to squashfs 4.0 (unsquashfs actually works) - systemd +- Fix 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1184254) + When a symlink is removed because there's no more references to it + make sure to remove the parent dir of the symlink as well. Also add + some logging when something goes wrong during the removal. + +- systemd.spec: clean some of the build deps up: + - libpcre is redundant with libpcre2 (only required by the full + build) and the mini variant needs none of them. Hence drop the ref + to libpcre. + - normally libidn2 is needed by some optional features in + systemd-network (only). But it's implicitly pulled in by libgnutls + (required by the main package). Let's make sure the related + features won't be disabled inadvertently in the future by making + the dep explicit. + +- Fix fd leak in 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1184238) + +- Import commit 480a6d14725509307a0f3edefef3876c107ee7f1 (merge of v246.13) + 423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745) + 4723778738 meson.build: make xinitrcdir configurable (bsc#1183408) + [...] + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/8baed1c6f82798c2374bdbfdd440dd065d09fb99...480a6d14725509307a0f3edefef3876c107ee7f1 + -- Update 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch +- Update 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch (bsc#1183702) systemd-presets-common-SUSE +- Enable user service pipewire-media-session.service (used with + pipewire >= 0.3.23). + +- Enable user services pipewire.socket and pipewire-pulse.socket + (boo#1183012). + +- Enable btrfsmaintenance-refresh.path and disable + btrfsmaintenance-refresh.service to avoid needless refresh on boot + (boo#1165780) + +- Enable dnf-makecache.timer + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +- Enable ignition-firstboot-complete.service + +- Enable logwatch.timer (bsc#1112500). + +- Recent versions of mlocate don't use updatedb.timer any more. + Instead, the unit is called mlocate.timer. [boo#1115408] + +- Add default user preset: currently containing only the new + pulseaudio.socket (bsc#1083473) + sysvinit +- (re)add also support for SLE-15-SP3 + +- Update to sysvinit 2.99: + * Mostly typo and just better documentation and easier to read + code comments + +- prepare usrmerge (boo#1029961) + +- Update to sysvinit 2.98: + * Fixed time parsing in shutdown when there is a + in front of a 0 time offset. + Commands with a postiive time offset (+1) would work but +0 fails. + This has been corrected by Arkadiusz Miskiewicz. + +- Drop /bin/pidof and /sbin/pidof, including corresponding man + page: let's switch to pidof as provided by procps-ng. + +- Update to sysvinit 2.97: + * Check $(ROOT) filesystem for libcrypt instead of a hardcoded + path to /usr. + * Code clean-up and making sure we avoid freeing unused memory. + * Added shell script which converts systemd unit files into + init.d style scripts. + * Allow init to load configuration data from files stored in + /etc/inittab.d/ + * Allow shutdown time to be specified in the format +hh:mm. This + is in addition to the existing formats such as hh:mm, +m, and + "now". + * Fixed typos in manual pages. +- Update startpar to 0.65: + + Make sure startpar testsuite can find insserv executable in + /usr/sbin or /sbin. + + Added PREFIX variable to Makefile and testsuite to make + location of startpar and insserv more flexible. +- Rebase sysvinit-2.90.dif. +- Drop SCVER defines: not used in any place. +- Drop startpar-sysmacros.patch: fixed upstream. + +- Update to sysvinit 2.96 + * Added -z command line paramter to pidof which tells pidof to + try to find processes in uninterruptable (D) or zombie (Z) states. + This can cause pidof to hang, but produces a more complete process + list. + * Reformatted init code to make if/while logic more clear. + * Make sure src/Makefile cleans up all executable files + when parent Makefile calls "make clean". + +- Update to killproc 2.23 + * killproc has its upstream at https://github.com/bitstreamout/killproc + * Use new system call statx(2) to replace old stat(2)/lstat(2) +- Remove patches now upstream: + * killproc-2.18-open_flags.dif + * killproc-2.21.dif + * killproc-sysmacros.patch + * killproc-mntinf-optional.patch + +- Remove logsave as well as the manual page as those as part of + package e2fsprogs already + +- Update to sysvinit 2.95 + * new logsave helper +- Update to startpar-0.63 + * move startpar from /sbin to /bin +- Port our patches + * startpar-0.58.dif + * sysvinit-2.88dsf-suse.patch + * sysvinit-2.90-no-kill.patch + * sysvinit-2.90.dif + +- Add patch killproc-mntinf-optional.patch to handle various optional + fields of /proc//mountinfo on the entry/ies before the hypen + (bsc#1131982) + +- Update to sysvinit 2.90 +- Remove now upstream patches + * sysvinit-2.88+dsf-dostat.patch + * sysvinit-2.88+dsf-sulogin.diff + * sysvinit-2.88+dsf.tar.bz2 + * sysvinit-2.88dsf-scripts2.patch +- Port our patches + sysvinit-2.88dsf-no-kill.patch becomes sysvinit-2.90-no-kill.patch + sysvinit-2.88+dsf.dif becomes sysvinit-2.90.dif + +- killproc-sysmacros.patch, startpar-sysmacros.patch: Include + for makedev + +- Use %license instead of %doc [bsc#1082318] + -- For systemd distributions and products do not build the package - sysvinit anymore - -- use systemd-rpm-macros instead of systemd-devel to avoid build - dependency on systemd and it's deps in turn -- don't install mkinitrd stuff on > 131 anymore - -- The former entry adds the patch killproc-2.18-open_flags.dif (bnc#863518) - -- open("/dev/tty", ...) should use O_RDWR, not O_WRONLY. Otherwise, - after dup2(fd, 0);, a process cannot read from stdin. [bnc#863518] - -- Add patch sysvinit-2.88+dsf-xen.patch to enable sulogin to find - suitable console device even if first is not usable (bnc#862078) - -- Add patch sysvinit-2.88+dsf-sulogin.diff from upstream to handle - e.g. strange names of executables in killall5 - -- Split off powerd from sysvinit -- Make powerd work together with systemd -- Modify patch powerd-2.0.2.dif to remove sysvinit features -- Adding the systemd unit file powerd.service - -- Remove usage of absolute paths -- List all needed binaries in programs tag - -- Skip binaries now part of util-linux - -- Add sanity check for /etc/inittab to avoid reload on systemd - systems (bnc#813510) - -- move mkinitrd scripts of blogs to sysvinit-init, it's breaking - systemd/plymouth (bnc#804458) - -- Added patch from Roger Leigh to correct the manual page of startpar - -- Increase daemon detection time in startproc to give started - process the time to daemonize (bnc#757643) - -- Add fix/workaround in blogd for new glibc internal pthread API to - avoid an glibc nptl assert report in bnc#772055 - -- fix deadlock in blogd that happens on shutdown (bnc#730193) - -- Fix parameter turner in fscanf to really detect the file system - type in startproc/checkproc/killproc (bnc#762489) - -- Add two patch from upstream - + Avoid crash for exported environment for processes init spawns -- Fix typo as the script for powerd (bnc#758920) - -- add mingetty to Requires - * remove it as dependency from aaa_base ad it's needed for sysvinit only - -- Add two patch from upstream - + Handle deleted binaries in pidof (was upstream bug #34992) - + Allow init to delte extra environment variables (was upstream - bug #35858) - + Avoid that init double environment variables for its childs - (was upstream bug #35855) - -- Work around dully check script of obs - -- Avoid useless check for runlevel as access(2) now works on - kernel 3.0 and above, this fixes bnc#744538 - -- New killproc-2.21 which includes the last bug fixes as well as - new features like support for ionice with startproc -- New showconsole-1.16 which includes the last bug fixes -- New startpar-0.58 which includes the last bug fixes as well as - the patches from Debian -- Make rpmlint happy - -- Avoid trouble with indirect console names (bnc#731563) -- Unmount proc file system if initial not mounted (bnc#718385) - -- Use pipe to synch parent with child in startproc (bnc#713342) - -- Add option -x to be able to identify scripts overwriting their - command line (bnc#723708) - -- There was never a version 1.16 for showconsole -- Add some code to be able to detect programs even as user with - kernel 3.0 and above (bnc#723072) - -- do not telinit u if /sbin/init is not sysvinit - -- split out the symlink /sbin/init into a special subpackage, - which does _NOT_ do a split provide. systemd-sysvinit will - provide this, so you need to do extra work if you want to stay - on sysvinit - -- remove unused files - -- cross-build fix: use %__cc, %configure macros - -- update to showconsole-1.16 (manual page syntax) - -- Update to killproc-2.20 -- Update to showconsole-1.15 -- Clean spec file - -- added documentation (including mandatory COPYING) -- corrected errors in manual pages -- incorporated showconsole-1.14.dif into showconsole-1.15 - -- libblogger: check for SIGPIPE and block SIGPIPE during write, this - also does help startpar not to die on SIGPIPE (bnc#679671) -- blogd: add a further check for nsigsys in writelog() (bnc#679671) - -- Add workaround for blowfish signedness bug (CVE-2011-2483) - -- Sulogin: respect byte order that is do not mix chars and ints - (bnc#707724) - -- Sulogin: enforce reconnection of stdin/stdout/stderr if a device - was specified. -- Sulogin: if zero is read at reading the passwd guess it's done. - -- Fix build without libcrypt.a (without static glibc), added - patch sysvinit-2.88+dsf-crypt.patch. - -- use /run for utmp as that's already mounted by the initrd - -- Add latest change for sulogin multiple console devices support - -- Aoid possible trouble due raw pts/ptmx terminal line in both - blogd and startpar -- Block SIGTTOU during tcsetattr(3) library call in both blogd - and startpar -- Replace select(2) with pselect(2) in blogd and ensure that - the timeout structure will be reseted after a timeout - -- Correct shutdown messages of startpar send via blogd - -- Avoid possible races which can be happen if blogd sees a signal - and will exit then (related to bnc#642289) - -- Fix exit code of checkproc in case of an existing pid file - without running process (bnc#687547) - -- Fix bug in killproc that is do not stop searching for a match if - a mountpoint does not match, reported by Friedrich Haubensak. - -- Let sulogin respect device on the command line as well as the - standard input -- Let sulogin initialize serial terminals - -- Remove debug code from showconsole/blogd -- Make serial console tc init work even with blogd -- sulogin: add support for multiple console devices - -- New showconsole verion 1.14 - * Use sysfs file as fallback if possible - * Add more sanity checks to avoid looping on tty0 - -- Fix triggered endless loop in blogd (bnc#642289) - * Writing on tty0 caused blogd to re-read its own messages - * The usage of ttyname(3) on /dev/console can fail - -- Update to current SVN version of sysvinit 2.88dsf: - * Fix counting message lines in wall. Patch from Petr Lautrbach. - * Fix bad printf conversion specifier in wall. Patch from Sébastien Luttringer. - * Add patches from Openwall project. Thanks goes to Solar Designer. - * Add code to detect the system consoles with the help of the - new /proc/consoles files of linux kernel 2.6.38+ - * Try to make utmpdump IPv6 valid, change based on suggestion from - Navdeep Bhatia (see local bug #32429) - * Fix signal and alarm handling based on the patch from Florent Viard. - (was local bug #32304) - * Add fix for Redhat bug #573346: last incorrectly displays IPv6 - addresses (was local bug #29497) - * Correct fix for Debian bug #547073: use IUTF8 flag if defined - and if already set to make sure the utf-8 flag is not cleared - from the tty. Patch from Samuel Thibault. - * Include limits.h in killall.c to enforce definition of PATH_MAX - * Fix sysvinit bug #29758 Linker invocation should not contain - headers. Change based on patch from Elias Pipping. - * Add fix for Debian bug #580272: use return value 1 of - is_selinux_enabled() to determine if SELinux is enabled, - otherwise initialize SELinux and load the policy. Patch from - Petter Reinholdtsen. - * Make quotes visible in example of the manual page of fstab-decode - * Add #ifdef in bootlogd.c to avoid gcc warnings about unused - variable on non-linux platforms. - * Only set the VSWTC field for termios in init if it is available, - to get the source building on FreeBSD. - -- startpar: fix location of consoles under /proc -- startpar: ignore errors from system console not being a tty - -- Make blogd work together with kernel from 11.4 even on a - serial system console (bnc#672450) - -- Make option -k for killproc utilities work for normal users even - if the exe link of an own process remains to root (bnc#664941) - -- New killproc version 2.19: bug fix update - -- Support the socket forwarding of systemd (bnc#656104) - -- Make real device comparision in killproc/checkproc to fix bnc#644171 -- Also make ignore mode in checkproc work -- Enhance mkill to work on root fs and ignore kernel threads - -- New killproc version 2.18 - -- Killproc: - * Add new program rvmtab to write out the current content of - /proc/mounts in the reverse mount order determined with the - help of /proc/self/mountinfo - * Use faster pointer list implementation - -- Killproc: Sort mount info pointers in the reverse order of the - directory depth to become the string compare of the readed link - name of the exe link more safely. - -- Killproc: Do not be fooled if a device is mounted several times - -- Change showconsole to use newest /proc/tty/consoles API - -- Add newline after blogger message - -- Fix cast&past error in killproc/checkproc - -- New killproc version 2.17 - * Use /proc/self/mountinfo to avoid system call stat(2) on - running binaries not located on the mount point of the - current handled program - * Avoid to be detect sub (shadow) mounts on NFS mounts -- New showconsole 1.13 -- Correct position of string pointer in NFS struct used in - killall5/pidof - -- libblogger: set O_CLOEXEC for named FIFO /dev/blog (bnc#645793) - -- Add exit code exception for checkproc for the case of a not - installed program, use exit code 4 (bnc#643433) - -- blogd: correct order of setting back termios and termios locks -- startpar: avoid EIO in do_forward if do_forward becomes a - background process -- Make sure that after installation of /sbin/init the init - process does re-execute that is split %post into one for - the tools sub package and one of the main package - -- New showconsole version 1.12 - * Use /proc/tty/consoles if ioctl TIOCGDEV does not exist - * Make pseudo terminal raw as it is not show anything -- New startpar 0.57 - * Set raw pseudo terminals only once - * Set SIGTTIN to default before executing child - * Ignore error on reading termios - -- New showconsole version 1.11 - * Handle more than two console devices - * Speed up used pts/tty pair by enabling raw mode - * Implement termios locking scheme but disable it as it may - interfere with sulogin and others using the old console -- Enabling full raw mode for pty/tty pairs of startpar - -- New startpar version 0.56 - * Handle processes within signal handler - * Make first process loop more readable - * Use pselect(2) to wait on SIGCHLD without using a pipe - -- Fix typo that is use "cmdline" instead of "cmd" (bnc#623766) - -- Enforce killproc to wait even if the SIGTERM has been specified - on the command line. This should avoid the in most cases that - the daemon has not finished its response on SIGTERM, see bug - bnc#623460 and bug bnc#595796. - -- Newer killproc sends only SIGTERM as required by LSB if -TERM is - specified on the command line. Use the default which is SIGTERM - followed by SIGKILL if the timeout of 5 seconds is reached. - -- prereq does not fix bnc#610628, the real problem is the cycle - of sysvinit->sysvinit-tools->mkinitrd <--, which is broken up by - simply ignoring one requirement. If this requirement is the one - between sysvinit->sysvinit-tools, we get in deep trouble. Way - deeper trouble than missing mkinitrd_setup in sysvinit-tools's - %post - -- Use Prereq instead of normal Requires to force an early installation - of sysvinit-tools (bnc#610628) - -- Implemenation of a workaround of missing console messages in - blogd (bnc#593957) - -- Avoid crash due changed common-session-pc (bnc#605681) - -- Add patch from Thomas for moving powerd from using gethostbyname() - to getaddrinfo() -- Add upstream patch for correct using SELinux API - -- Apply sysvinit-2.88dsf-utf8.dif without -p2. -- Fix sysvinit-2.88dsf-utf8.dif (Changelog patch didn't apply). - -- Add URL of upstream location - -- Do not overwrite UTF8 input terminal setting as this may cause - trouble on system consoles forwarded to a foreign serial console - -- Add patch to make last(1) knowing latest IPv6 specs - -- Be LSB compliant with killproc (bnc#595796, bnc#578246) - -- Correct Pre-Requires to reflect package split -- Update to sysvinit (2.88dsf) world; urgency=low - * Mention new home on Savannah in README. - * Revert change from Fedora/RedHat where the now obsolete command - INIT_CMD_CHANGECONS was introduced. Based on feedback and patch - from Bill Nottingham. - * Adjust makefile to make sure the install directories are created - before files are copied into them. - * Simplify build rules, based on patch from Mike Frysinger and Gentoo. - * Fix minor bug in optimizing of argument parsing. Based on - report from jakemus on freshmeat. - * Add casts to get rid of compiler warning about signed/unsigned issues. - * Change tty handling in init to make sure the UTF-8 flag is not cleared - on boot. Patch from Samuel Thibault. - * Add Makefile in toplevel directory. - * Print usage information when shutdown is used by non-root user. - Patch from Mike Frysinger and Gentoo. - * Sync shutdown manual page and usage information. Patch from Mike - Frysinger and Gentoo. - * Fix race condition in utmp writing. Patch from Gil Kloepfer via - Mike Frysinger and Gentoo. - * Rewrite findtty() in bootlogd to recursively search /dev/ for the - correct device, to handle terminal devices for example in /dev/pty/. - Patch from Debian. - * Make sure bootlogd findpty() returns an error value when it fails to - find a usable pty. Patch from Rob Leslie via Debian. - * Make sure bootlogd fflush() every line, even if asked not to flush - to disk using fdatasync(). Patch from Scott Gifford via Debian. - * Add compatibility code to handle old path "/etc/powerstatus" for a - while. - * Incude definition for MNT_DETACH which is missing in older GNU libc - headers. - * Do not strip binaries before installing them, to make it easier to - get binaries with debug information installed. - * Add the comment from Andrea Arcangeli about the correct - place of setting the default childhandler within spawn(). - * Make sure that newline is printed out for last(1) even - if an utmp record entry is truncated. - * Check if utmp not only exists but also is writable and delay - writing out of the utmp runlevel record if utmp is not writable. - * Be able to find libcrypt also on 64 bit based architectures. - * Add option -w to the last command to display the full user and - domain names in the output. Patch from Petr Lautrbach. - * Add a manual page for utmpdump as this tool is sometimes - very useful even if not intended for normal use. - * Use paths.h macros for wall - * Change path "/etc/powerstatus" to "/var/run/powerstatus" - * Detected also removable block devices at halt/reboot to be able - to flush data and send them the ATA standby command. This should - avoid data loss on USB sticks and other removable block devices. - * Flush block devices on halt/reboot if not done by the kernel. - * Set SHELL to /bin/sh in the environmant of shutdown. - * Retry to write out shutdown messages if interrupted. - * pidof/killall5 - make omit pid list a dynamic one. - * pidof - provide '-n' to skip stat(2) syscall on network based FS. - * init - avoid compiler warnings - * init - initialize console by using the macros from ttydefaults.h - * init - add the possiblity to ignore further interrupts from keyboard - * init - add the possiblity to set sane terminal line settings - * sulogin - add the possibility to reset the terminal io - * Fix some minor problems - * init - enable is_selinux_enabled() to detect selinuxfs - * Add fix for Debian bug #536574 -- Can be enabled by -DACCTON_OFF - * Add helper program fstab-decode to make it easier to handle - /etc/mtab content. Patch by Miloslav Trmac and Fedora. - * Add fix for Debian bug #335023 - Make sure TERM is set on FreeBSD. - * Add fix for Debian bug #374038 - Make it clear that shutdown -c can - only cancel a waiting shutdown, not an active one. - * Add note to pidof manual page about the use of readlink(2). Patch by - Bill Nottingham and Fedora. - * Add PAM patch contrib/notify-pam-dead.patch based on Debian bug - [#68621], which will add PAM support for programs spawned by init on - the console like sulogin. Based on patch by Topi Miettinen. This - patch is not applied by default yet while we review its - usefullness. It is only helpful for session handling, as sulogin - do not use and will not use a PAM conv() function. The current - sulogin is able to handle DES as well as MD5, SHA, and Blowfish - encrypted passwords due using getpwnam(3). - * Move utmp/wtmp before the execvp() in spawn() to be sure to - use the correct pid even on a controlling tty - * Remaining problem is that the pid of the second fork() for - getting a controlling tty isn't that reported by spawn() - * Re-enable writting utmp/wtmp for boot scripts - * Extend sulogin to support additional encryption algorithms - * Re-enable maintenance message of sulogin - * Enable the sulogin fallback password check to handle MD5, SHA, and - Blowfish encrypted passwords in case of getpwnam(3) fails. - * sulogin picking the SELinux context was broken. Patch by Daniel Walsh - -- Start the service sshd as early as possible (bnc#594223) - -- Test out sysvinit (2.88dsf) UNRELEASED; urgency=low -- Update to sysvinit (2.87dsf) world; urgency=low - * Document -e and -t options for telinit in init(8). - * Document in halt(8) that -n might not disable all syncing. - Patch by Bill Nottingham and Fedora - * Adjust output from "last -x". In reboot lines, print endpoint - of uptime too. In shutdown lines print downtimes rather than - the time between downs. Fix typo in string compare in last.c. - Patch by Thomas Hood. - * Improve handling of IPv6 addresses in last. Patch from Fedora. - * Add new option -F to last, to output full date string instead - of the short form provided by default. Patch from Olaf Dabrunz - and SuSe. - * Fix utmp/wtmp updating on 64-bit platforms. Patch by Bill - Nottingham and Fedora. - * Avoid unchecked return value from malloc() in utmpdump. - Patch from Christian 'Dr. Disk' Hechelmann and Fedora. - * Make sure to use execle and no execl when passing environment to - the new process. Patch from RedHat. - * Correct init to make sure the waiting status is preserved across - re-exec. Patch from RedHat. - * Correct init to avoid race condition when starting programs during - boot. Patch from SuSe. - * Allow 'telinit u' in runlevels 0 and 6. Patch from Thomas Hood. - * Improve error message from init if fork() fail. Patch found in Suse. - * Add support for SE Linux capability handling. Patch from Manoj - Srivastava, adjusted to avoid aborting if SE policy was loaded in - the initrd with patch from Bill Nottingham and Fedora. - * Add -c option to pidof for only matching processes with the same - process root. Ignore -c when not running as root. Patch from - Thomas Woerner and Fedora. - * Add usleep in killall5 after killing processes, to force the kernel - to reschedule. Patch from SuSe. - * Modify pidof to not print empty line if no pid was found. - * Modify init and sulogin to fix emergency mode's tty, making sure ^C - and ^Z work when booting with 'emergency' kernel option. Patch from - Samuel Thibault. - * Modify init to allow some time for failed opens to resolve themselves. - Patch from Bill Nottingham and Fedora. - * Modify init to shut down IDE, SCSI and SATA disks properly. Patches - from Sebastian Reichelt, Werner Fink and SuSe. - * Modify wall to use UT_LINESIZE from instead of hardcoded - string lengths. Patch from SuSe. - * Change wall to make halt include hostname in output. - * Change killall to avoid killing init by mistake. Patch from SuSe. - * Change killall5 to use the exit value to report if it found any - processes to kill. Patch from Debian. - * Add option -o opmitpid to killall5, to make it possible to skip - some pids during shutdown. Based on patch from Colin Watson and - Ubuntu. - * Modify killall to work better with user space file system, by - changing cwd to /proc when stopping and killing processes, and - avoiding stat() when the value isn't used. Also, lock process - pages in memory to avoid paging when user processes are stopped. - Patch from Debian and Goswin von Brederlow with changes by Kel - Modderman. - * Change shutdown to only accept flags -H and -P with the -h flag, - and document this requirement in the manual page. - * Change reboot/halt to work properly when used as a login shell. - Patch by Dale R. Worley and Fedora. - * Let sulogin fall back to the staticly linked /bin/sash if both roots - shell and /bin/sh fail to execute. - -- provide sbin_init (so external packages can require either sysvinit - or upstart) - -- Split out tools not specific to System V into a tool subpackage - to support alternative init implementations (fate#305690) - -- Add a manual page for utmpdump (bnc#576967) - -- Remove start-stop-daemon binary (bnc#568950) - -- Write pid file if /var is mounted rw (bnc#565620) - -- enable parallel building - -- The same procedure for killproc.c its self (caused by bnc#559534) - -- Add missed line to startproc.c and also make manual page more - clear how startproc works (caused by bnc#559534) - -- refresh all patches with fuzz=0 - -- fixed killproc-2.16.dif. - -- killall5: do not kill /sbin/mdmon (fate#306823). - -- Avoid message on terminated process during reading its /proc files - -- Make killproc utils more stable in case that during read(2) a proc - file the corresponding process has already terminated (bnc#542717) - -- Make a new showconsole version 1.10 - * Add time stamps to blogger API (fate #305596) - * Add newline before writing out blogger fifo content -- Make a new startpar version 0.52 - * Use blogd API (fate #305596) -- Make a new killproc version 2.16 - -- Do not loop around in the forwarder of startpar - -- Add patch from Olaf Kirch to avoid using mutex locking for every - character (from Moblin:Factory) - -- Start boot scripts with their symlinks name - -- Increase hash size for runtime linker of often used tools - -- Make it build - -- Reorder last patch in spec file - -- link /sbin/init dynamically, tested in 11.1, also - all other distros work just fine this way. - -- Blogd: shorten minimal timeout at the end and hold all pages - in physical RAM - -- For usleep(8) use nanosleep(2) instead of obsolete usleep(3) - -- mkill: Do not remove all pid's from list for one fuse process - -- Disable blogd on fastboot or quiet boot - -- Make initrd script for blogd depend on initrd script clock - -- Update to killproc 2.15 - * New option -w for making startproc waiting on daemons parent - process (bnc#489473, bnc#482096 comment#21 ff) - * New option -W for making startproc waiting on files created - by the daemon (bnc#482096 comment#24 ff) -- Merge changes for preload code of startpar into one patch -- nfs4pidof: avoid nfs code for process which are on shadow mounts - points of NFS mounts - -- exec one more time so that the preload part does not appear - under the name of the init script in bootcharts - -- fix the preload functionality in telling the parent process through - SIGUSR1 and SIGUSR2 about preload's presence - -- mkill: avoid signaling process which are on shadow mounts points - that is e.g. processes on /dev/pts while running mkill on /dev - -- Do not overwrite SUSE define - -- startpar: fix file descriptor leak (bnc#485112) - -- nfs4pidof: make sure not to stumble on short named mount points - to avoid to terminate processes on wrong mount points - -- mkill: make sure not to stumble on short named mount points to - avoid to terminate processes on wrong mount points (bnc#466484) - -- Add patch from Debian people to startpar and mode to version 0.53 - -- Update to killproc 2.14 to include most of our patches and to - use openat(2), readlinkat(2), and opendirat(2) system calls. -- Remove /dev/initctl from file list, do not create blogd pipe - /dev/blogd (bnc#475580) - tar +- security update +- added patches + fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c + + tar-CVE-2021-20193.patch + -- Improve on RPM group classification - -- GNU tar 1.28: - * New --checkpoint-action=totals - * Extended checkpoint format specification - * New option --one-top-level - * New option --sort - * New exclusion options: - - -exclude-ignore=FILE - - -exclude-ignore-recursive=FILE - - -exclude-vcs-ignores - * refuses to read input from and write output to a tty -- packaging changes: - * adjust patch for context change: add_readme-tests.patch - * remove patch applied upstream: - tar-fix_eternal_loop_in_handle_option.patch - -- don't print lone zero blocks warning (bnc#881863) - * there are many tar implementations around that create invalid - archives with a zero block in the middle - * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235820 - * added tar-ignore_lone_zero_blocks.patch from Fedora - -- fix an infinite loop in handle_option (bnc#867919 and bnc#870422) - * added tar-fix_eternal_loop_in_handle_option.patch - -- add tests subpackage. - * It is the same testsuite that is run during make check. - * It is now possible to run it in real system to verify that - nothing is broken by incompatible libraries, etc. -- add add_readme-tests.patch: README for testsuite - -- update to 1.27.1 - * Fix unquoting of file names obtained via the -T option. - * Fix GNU long link header timestamp (backward compatibility). - * Fix extracting sparse members from star archives. - -- update to 1.27 -- bug fixes: - * PAX-format sparse archive files no longer restricted to 8 GiB. - * adjust diagnostics and output to GNU coding -- new features: - * The --owner and --group options now accept numeric IDs - * restore traditional functionality of --keep-old-files and - - -skip-old-files, treat existing file as errors for the former - * --warning=existing-file gives verbose notice for this - * Support for POSIX ACLs, extended attributes and SELinux context - - -xattrs, --acls and --selinux and their `--no-' counterparts - - -xattrs-include and --xattrs-exclude allows selective control - * Any option taking a command name as its argument now accepts a - full command line as well: - - -checkpoint-action=exec - - I, --use-compress-program - - F, --info-script - - -to-command - * environment variables supplied to such commands can now be used - in the command line itself - * New warning control option --warning=[no-]record-size controls - display of actual record size, if it differs from the default - * New command line option --keep-directory-symlink to disable - default behaviour that unlinks exising symbolic link for an - extracted directory of the corresponding name -- packaging changes: - * drop tar-1.26-stdio.in.patch, committed upstream - * drop config-guess-sub-update.patch, newer version in upstream - * verify source signature - -- added fix for paxutils rtapelib which is bundled with tar. - the very same fix was added to cpio too (bnc#658031) - * paxutils-rtapelib_mtget.patch - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Add config-guess-sub-update.patch: - Update config.guess/sub for aarch64 - -- Fix build failure with undefined gets (glibc 2.16). - -- avoid automake dependency - -- disable 'runtime checks' in m4/*.m4 that override - system calls with custom implementations to workaround - very old kernel/libc bugs (dating 2003-2009) - we do not ship those buggy components nowdays. - -- Switch to default archive type to POSIX.1-2001, which is ten years - old and has no limits on filesize,filename length etc. - -- tar-1.26-remove_O_NONBLOCK.patch: - don't use O_NONBLOCK as a flag for read, - when file is offline, read with O_NONBLOCK returns EAGAIN, - but tar doesn't handle it - (bnc#737331) - -- disable testsuite on qemu build - -- minor portability fixes - -- spec cleaner, avoid some deprecated macros -- fix non-utf8-spec-file -- fix macro-in-comment -- enable make check -- remove upstream-fixed/obsolete patches (fortifysourcessigabrt, - disable-listed02-test, disable_languages) -- call help2man inside specfile instead of paching tar's build chain - -- update to tar-1.26 - * Fix the --verify option, which broke in version 1.24. - * Fix storing long sparse file names in PAX archives. - * Fix correctness of --atime-preserve=replace - * tar --atime-preserve=replace no longer tries to restore atime of - zero-sized files. - * Fix bug with --one-file-system --listed-incremental - -- fix tar-backup-scripts (bnc#654199) -- add tar-backup-spec-fix-paths.patch -- cleanup spec - -- update to tar-1.25 - * Fix extraction of empty directories with the -C option in effect. - * Fix extraction of device nodes. - * Make sure name matching occurs before eventual name transformation. - * Fix the behavior of tar -x --overwrite on hosts lacking O_NOFOLLOW. - * Support alternative decompression programs. -- update to tar-1.24 - * The new --full-time option instructs tar to output file - time stamps to the full resolution. - * More reliable directory traversal when creating archives - * When extracting symbolic links, tar now restores attributes - such as last-modified time and link permissions, if the - operating system supports this. - * The --dereference (-h) option now applies to files that are - copied into or out of archives, independently of other options. - * When receiving SIGPIPE, tar would exit with error status and - "write error" diagnostics. -- disable-silent-rules -- updated tar-fortifysourcessigabrt.patch - -- use %_smp_mflags - -- updated to version 1.23 - * Improved record size autodetection - * Use of lseek on seekable archives - * New command line option --warning - * New command line option --level - * Improved behavior if some files were removed during incremental dumps - * Modification times of PAX extended headers - * Time references in the --pax-option argument - * Augmented environment of the --to-command script - * Fix handling of hard link targets by -c --transform - * Fix hard links recognition with -c --remove-files - * Fix restoring files from backup (debian bug #508199) - * Correctly restore modes and permissions on existing directories - * The --remove-files option removes files only if they were succesfully stored in the archive - * Fix storing and listing of the volume labels in POSIX format - * Improve algorithm for splitting long file names (ustar format) - * Fix possible memory overflow in the rmt client code (CVE-2010-0624) -- deprecated heap_overflow_in_rtapelib.patch - -- added heap_overflow_in_rtapelib.patch fix possible heap overflow in - rtapelib.c (bnc#579475) - -- updated to version 1.22 - * Support for xz compression (--xz option) - * Short option -J is reassigned as a shortcut for --xz - * The option -I is a shortcut for --use-compress-program - * The --no-recursive option works with --incremental -- deprecated recognize_xz.patch -- created tar-backup-scripts subpackage (bnc#574688) - -- enable parallel building - -- fixed FORTIFY_SOURCE=2 issue with gcc 4.5. - -- recommend not require language subpackage - -- Recognize .xz as lzma archive. - tcl +- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc. + tk +- bsc#1181840: Same fix as for tkConfig.sh is needed for tk.pc. + -- tkcon requires xhost (bnc#846953) - u-boot:rpiarm64 +- Add u-boot-zturnv5 flavour instead of u-boot-zturn. (bsc#1184733) + I've failed to find anybody who has v4 zturn board. + +Drop patch 0007-boo-1144161-Remove-nand-mtd-spi-dfu.patch (bsc#1183116) + Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp3 + * Patches dropped: + 0007-boo-1144161-Remove-nand-mtd-spi-dfu.patch + 0008-Kconfig-add-btrfs-to-distro-boot.patch + 0009-configs-Re-sync-with-CONFIG_DISTRO_.patch + 0010-configs-am335x_evm-disable-BTRFS.patch + 0011-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch + 0012-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch + 0013-sunxi-Enable-SPI-support-on-Orange-.patch + 0014-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch + 0015-rpi-Add-identifier-for-the-new-RPi4.patch + 0016-rpi-Add-identifier-for-the-new-CM4.patch + 0017-pci-pcie-brcmstb-Fix-inbound-window.patch + 0018-dm-Introduce-xxx_get_dma_range.patch + 0019-dm-test-Add-test-case-for-dev_get_d.patch + 0020-dm-Introduce-DMA-constraints-into-t.patch + 0021-dm-test-Add-test-case-for-dev-dma_o.patch + 0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch + 0023-dm-test-Add-test-case-for-dev_phys_.patch + 0024-xhci-translate-virtual-addresses-in.patch + 0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch + 0026-configs-rpi4-Enable-DM_DMA-across-a.patch + 0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch + 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch + 0029-pci-brcmstb-Cleanup-controller-stat.patch + 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch + 0031-efi_loader-Avoid-emitting-efi_var_b.patch + 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch + 0033-configs-RPi2-Disable-EFI-Grub-worka.patch + 0034-smbios-Fix-table-whit-no-string-is-.patch + 0035-configs-rpi-Enable-SMBIOS-sysinfo-d.patch + * Patches added: + 0007-Kconfig-add-btrfs-to-distro-boot.patch + 0008-configs-Re-sync-with-CONFIG_DISTRO_.patch + 0009-configs-am335x_evm-disable-BTRFS.patch + 0010-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch + 0011-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch + 0012-sunxi-Enable-SPI-support-on-Orange-.patch + 0013-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch + 0014-rpi-Add-identifier-for-the-new-RPi4.patch + 0015-rpi-Add-identifier-for-the-new-CM4.patch + 0016-pci-pcie-brcmstb-Fix-inbound-window.patch + 0017-dm-Introduce-xxx_get_dma_range.patch + 0018-dm-test-Add-test-case-for-dev_get_d.patch + 0019-dm-Introduce-DMA-constraints-into-t.patch + 0020-dm-test-Add-test-case-for-dev-dma_o.patch + 0021-dm-Introduce-dev_phys_to_bus-dev_bu.patch + 0022-dm-test-Add-test-case-for-dev_phys_.patch + 0023-xhci-translate-virtual-addresses-in.patch + 0024-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch + 0025-configs-rpi4-Enable-DM_DMA-across-a.patch + 0026-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch + 0027-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch + 0028-pci-brcmstb-Cleanup-controller-stat.patch + 0029-fs-btrfs-Select-SHA256-in-Kconfig.patch + 0030-efi_loader-Avoid-emitting-efi_var_b.patch + 0031-configs-BPI-R2-Disable-EFI-Grub-wor.patch + 0032-configs-RPi2-Disable-EFI-Grub-worka.patch + 0033-smbios-Fix-table-whit-no-string-is-.patch + 0034-configs-rpi-Enable-SMBIOS-sysinfo-d.patch + +- move to sle15-sp3 branch +- Fix SMBIOS table entries (bsc#1183079) + Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp3 + * Patches added: + 0034-smbios-Fix-table-whit-no-string-is-.patch + 0035-configs-rpi-Enable-SMBIOS-sysinfo-d.patch + util-linux +- ipcs: Avoid overflows (bsc#1178236, + util-linux-ipcs-shmall-overflow-1.patch, + util-linux-ipcs-shmall-overflow-2.patch). + util-linux-systemd +- ipcs: Avoid overflows (bsc#1178236, + util-linux-ipcs-shmall-overflow-1.patch, + util-linux-ipcs-shmall-overflow-2.patch). + vim +- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch) + +- source correct suse.vimrc file (boo#1182324) + - doesn't leave not owned directories (boo#1173256) + doesn't leave not owned directories (boo#1173256). - build against Tumbleweed repo + build against Tumbleweed repo. webkit2gtk3 +- Update to version 2.30.5 (boo#1182286): + + Bring back the WebKitPluginProcess installation that was + removed by mistake. + + Fix RunLoop objects leaked in worker threads. + + Fix aarch64 llint build with JIT disabled. + + Use Internet Explorer quirk for Google Docs. + + Security fixes: CVE-2020-13558. +- Drop gir-multilib.patch: fixed upstream. + +- Add gir-multilib.patch: Fix multilib conflict in gir files. +- Disable gold linker for ppc64le + +- Add webkit-font-scaling.patch: Fix system font scaling not + applied to 'font-size: XXXpt'; patch taken from upstream and + rebased to apply cleanly + (https://bugs.webkit.org/show_bug.cgi?id=218450). +- Pass `-q` to setup to disable printing long list of files + extracted from source tarball. + +- Update to version 2.30.4: + + Fix text data sent with WebSockets when using libsoup < 2.68. + + Fix the rendering on Raspberry Pi 3 using the proprietary video + driver. + + Fix clipping of descedant layers of a mask layer. + + Fix the build with ICU 68.1. +- Drop upstream merged patch: + + 0001-ICU-68.1-no-longer-exposes-FALSE-and-TRUE-macros-by-.patch + wicked +- dhcp4: discover on reboot timeout after start-delay (bsc#1181812) + [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] +- dhcp6: request nis options on sle15 by default (bsc#1181812) + [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] + wpa_supplicant +- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability + (bsc#1182805) + xdg-desktop-portal -- Ensure systemd rpm macros are called at install/uninstall times - for systemd user services. -- Add BuildRequires on systemd-rpm-macros. - -- Update to version 1.8.0: - + openuri: - - Allow skipping the chooser for more URL tyles - - Robustness fixes - + filechooser: Return the current filter - + camera: - - Make the client node visible - - Don't leak pipewire proxy - + Fix file descriptor leaks - + Testsuite improvements - + Updated translations. -- Changes from version 1.7.2: - + document: - - Reduce the use of open fds - - Add more tests and fix issues they found - + Fix the build with musl. -- Changes from version 1.7.1: - + filechooser: - - Add a "directory" option - - Document the "writable" option - + document: Expose directories with their proper name -- Changes from version 1.7.0: - + testsuite improvements - + background: Avoid a segfault - + screencast: Require pipewire 0.3 - + document: - - Support exporting directories - - New fuse implementation - + Better support for snap and toolbox - + Updated translations. -- Drop patches fixed upstream: - + xdg-dp-port-pipewire-3-api.patch - + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch - + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch - + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch - -- Require /usr/bin/fusermount: xdg-document-portal calls out to the - binary. Without it, files or dirs can be selected, but - whatever is done with or in them, will not have any effect - (boo#1175899). - -- Fixes for %_libexecdir changing to /usr/libexec - xdg-desktop-portal-gtk -- Update to version 1.8.0: - + filechooser: Return the current filter - + screenshot: Fix cancellation - + appchooser: Avoid a crash - + wallpaper: - - Properly preview placement settings - - Drop the lockscreen option - + printing: Improve the notification - + Updated translations. -- Changes from version 1.7.1: - + filechooser: - - Handle the "directory" option to select directories - - Only show preview when we have an image - + Updated translations. -- Changes from version 1.7.0: - + screencast: Support mutter version 3 - + settings: Fall back to gsettings for enable-animations - + Updated translations. -- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream. - -- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump - supported Mutter version to 3 (New pipewire api ver 3). - xdm +- display-manager.service: fixed path of PIDFile (bsc#1183698) + -- Use the option (--)enable-ssh-support of the gpg-agent if the - user has configured this (boo#899647) - -- sysconfig.displaymanager/DM list: added lightdm,sddm; removed - kdm3,kdm4 (bnc#898876) - -- replaced 'Also=' by 'Alias=' in display-manager.service - (bnc#890413) -- make sure not to restart DM on package update; remove confusing - comment about no longer existing %%stop_on_removal, - %restart_on_update macros from specfile (bnc#886641) - -- udpate to release 1.1.11 -- refreshed xdm-tolerant-hostname-changes.diff, xdm-consolekit.diff -- supersedes the following patches: - U_xdm_config-AC_LIBTOOL_DLOPEN-is-required-for-dynamic-lin.patch, - U_xdm_Fix-missing-linking-dependency-on-ldl.patch, - U_xdm_config-use-libtool-export-dynamic-option-for-reverse.patch - -- Use KillMode=process for systemd service, this ensures Xorg won't - receive SIGKILL while switching to runlevel 3 [bnc#871808]. -- Add "Also=xdm.service" to display-manager.service to better - handle migration. - -- added necessary macros for systemd files - -- Don't run dbus-launch if the socket /run/user//bus exists, since - this means that dbus is already handled by systemd - -- just don't "package" pid file. It's called xdm.pid, so it's pretty - obvious what package it is from -- take the pid file out of the xdm.tar - -- DISPLAYMANAGER_STARTS_XSERVER needs to be set to "no" on s390x - and ppc64le (bnc#869267) - -- Move forward to systemd, that is use a real service unit file (bnc#869260) - -- Add support for in-line environment variable settings - Handling case like: - Exec=env GNOME_SHELL_SESSION_MODE=classic gnome --session gnome-classic - For now, this is only needed to fix session management issue as in bnc#863709. - -- fix two array iteration bug in etc/X11/xdm/Xsession (xdm.tar.bz2) - 1. "${#argv[@]}" is just the size of the array instead of all the elements, - i.e. "${argv[@]}", no sharp "#" sign. - 2. index of array starting from 0, so "argc" should be increased at the end - of iteration loop. (bnc#866874) - -- /etc/X11/xdm/keytable: make use of systemd's localectl to - generate Xserver's configuration snippet for keyboard layout; - rely on systemd's kbd --> X keyboard mapping; the old mapping - table originating from SaX2 is no longer being used (bnc#861819) - -- Change the default /etc/X11/xdm/Xsession, (fate#316129) - don't save standard output information to ~/.xsession-errors - Modify the xdm.tar.bz2 - -- /etc/X11/xdm/RunChooser calls pidof, so require it - -- don't set twm as hardcoded default if DEFAULT_WM is empty, rely on - the detection in xinitrc.common instead - -- removed u_xdm-sig11-bug-598422.diff - * problem has been resolved differently - -- Added support for qiv in /etc/X11/xdm/Xsetup - -- fixed typo in /etc/X11/xdm/Xsetup - -- fixed loading of .xkb files (bnc#840408) - -- adjusted u_xdm-sig11-bug-598422.diff for openSUSE 12.2 build - (which still applies xdm-consolekit.diff) - -- u_xdm-sig11-bug-598422.diff - * fix Sig11 in xdm when pressing Ctr-c (bnc#598422, bnc#831870) - -- Add some GNOME specifiv magics to Xsession to allow that ~/.i18n - is always sourced (bnc#567324) - -- Some shells do not know about HOSTNAME variable and print error - messages therefore export this variable -- Make check for dbus smart, that is check if threre is already - an active session and use this if possible -- Be aware that one user may use several X sessions in parallel - on the same system as well as on several systems with HOME on - an NFS based share. That is do not override ~/.xsession-errors - -- do not use '-k' option for checkproc for ssh-agent since - /proc//exe link is apparently not readable by the user - used for that program (bnc#812783) - -- Add systemd-user-sessions to xdm initscript X-Should-Start, to - ensure user login is available when xdm is started. - -- /etc/X11/xdm/SuSEconfig.xdm: copied required function from old - /lib/YaST/SuSEconfig.functions, which no longer exists since - openSUSE 12.3 (bnc#806738) - -- /etc/X11/xdm/Keyboard.map: - * added missing mac-dvorak entry (bnc#796170) - -- Be aware the mktemp(1) without XXXXXX will do exactly nothing, - therefore use mv(1) which uses rename(2) on the same file system - to use the files created by mktemp(1) to the log output file - -- Add display-manager as provides to xdm initscript, to comply with - systemd defaults. - -- Added a switch to enable building against systemd-logind and - to remove the dependency on ConsoleKit -- Enabled the systemd switch already for Factory - -- Make failsafe work after a failed exec bash builtin -- Add dbus-launch and ck-launch-session to final session command - line for case of using xdm - -- add dependency on xtrans, otherwise TCP is not supported for - xdmcp (bnc#780122) - -- separate *.fallback displaymanager files from xdm.tar.bz2 into - xdm-fallbacks.tar.bz2 and build only suse version < 1210. - (bnc#714003) - -- /etc/init.d/xdm: add plymouth_quit function, use it in xdm - displaymanager file (bnc#775548) - -- /etc/init.d/xdm: overwrite displaymanager's PIDFILE symlink if - neccessary (bnc#774555) - -- avoid plymouth quit for kdm and gdm (bnc#762909) - -- remove --retain-splash option from plymouth quit (bnc#769209) - -- /etc/init.d/xdm - * quit plymouth properly before starting displaymanager - (bnc#769209) - -- Skip LANG argument from command line of session managers (bnc#661946) - -- /etc/pam.d/xdm-np: add session require to pam_loginuid.so in - order to fix running commands via sudo (bnc #746704) - -- Split xdm from xorg-x11. Initial version: 1.1.10. - xorg-x11-server +- U_modesetting-Fix-broken-manpage-in-autoconf-build.patch + * modesetting: Fix broken manpage in autoconf build (boo#1182510) + +- add U_hw_do-not-include-sys-io-with-glibc.patch (bsc#1182884) + yast2 +- Add a AbstractWidget#displayed? to determine whether + a widget is in the UI (bsc#1184115). +- 4.3.60 + yast2-firewall +- Do not display "No widget..." error messages when opening + a firewall zone widget (bsc#1184115). +- 4.3.11 + yast2-firstboot +- Revert adding starting YaST2 Control Center after first boot as + it does not have production quality and just confuse users + (bsc#1180266) +- 4.3.11 + yast2-installation +- Expert console: fixed "shell" command + - Run X terminal in GUI instead of "dash" (related to the previous + fix for job control error messages bsc#1183648) + - Override TERM to "vt100" when running in fbiterm, + a workaround for frozen vim (bsc#1183652) +- 4.3.36 + yast2-network +- Write DNS servers to NetworkManager connection files when using + a static configuration (bsc#1181701). +- 4.3.64 + +- Use the ESSID to name the NetworkManager configuration files + for wireless networks (bsc#1183733). +- 4.3.63 + +- AutoYaST: Write NetworkManager configuration according to the + profile (bsc#1181701) +- 4.3.62 + yast2-packager +- Revert copying the libzypp cache to the target system and + replacing it by a symlink, it is not safe and it can + cause crash (segfault) in some cases (bsc#1183711) +- 4.3.21 + +- Do not create zypp cache symlink when running in installed + system, it would create /var/cache/zypp -> /var/cache/zypp + loop (bsc#1183683) +- Remove the "Software Repositories" button from the YaST console, + users can easily break the installer with it. Added + "configure_repositories" command to the command line interface + for experts (bsc#1183687) +- 4.3.20 + yast2-schema +- Add the 'mkfs_options' element to the 'partition' section + (bsc#1184268). +- 4.3.22 + yast2-storage-ng +- Avoid to call private methods over self because it raises an + exception with ruby < 2.7 (related to bsc#1180723). +- 4.3.50 + +- Round-down the number of physical extends according to the + stripes of the logical volume (bsc#1180723). +- Add extra validations when creating a striped volume and when + editing the physical volumes. +- 4.3.49 + yast2-trans -- Update to version 84.87.20210314.90853260a8: - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Italian) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * New POT for text domain 'network'. - * New POT for text domain 'add-on'. - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Japanese) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) +- Update to version 84.87.20210411.9a07deafea: + * Translated using Weblate (French) + * New POT for text domain 'installation'. + * New POT for text domain 'autoinst'. + * Translated using Weblate (Portuguese) + * Translated using Weblate (Hindi) + * New POT for text domain 'autoinst'. + * New POT for text domain 'network'. + * New POT for text domain 'users'. + +- Update to version 84.87.20210402.ed8ff6d0a2: + * New POT for text domain 'users'. + * New POT for text domain 'samba-client'. + * New POT for text domain 'autoinst'. - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * New POT for text domain 'storage'. - * New POT for text domain 'country'. - * New POT for text domain 'bootloader'. - * Translated using Weblate (Spanish) - * Translated using Weblate (Japanese) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) - * Translated using Weblate (Finnish) - * Translated using Weblate (Croatian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * New POT for text domain 'packager'. - * New POT for text domain 'base'. - * New POT for text domain 'packager'. - * New POT for text domain 'base'. + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Slovak) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) - * Translated using Weblate (Hindi) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (German) - * Translated using Weblate (Italian) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Portuguese) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (French) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Japanese) + * New POT for text domain 'storage'. + * New POT for text domain 'firstboot'. + * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Spanish) - * Translated using Weblate (Finnish) - * Translated using Weblate (Portuguese (Portugal)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Fixed string interpolations + +- Update to version 84.87.20210327.c94c0a6cbe: + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'control'. + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Galician) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Portuguese) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) - * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Turkish) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Finnish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Catalan) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + +- Update to version 84.87.20210321.8a6c5507f2: + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) - * Translated using Weblate (German) - * Translated using Weblate (Spanish) - * Translated using Weblate (French) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * New POT for text domain 'packager'. - * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * New POT for text domain 'security'. - * Translated using Weblate (Russian) - * Translated using Weblate (Finnish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Italian) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'autoinst'. + * Translated using Weblate (Slovak) + +- Update to version 84.87.20210314.90853260a8: + * New POT for text domain 'add-on'. + * New POT for text domain 'base'. + * New POT for text domain 'bootloader'. + * New POT for text domain 'country'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * New POT for text domain 'packager'. + * New POT for text domain 'storage'. + * Added translation using Weblate (Sinhala) + * Translated using Weblate (Catalan) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Croatian) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Finnish) + * Translated using Weblate (French) + * Translated using Weblate (Galician) + * Translated using Weblate (German) + * Translated using Weblate (Hindi) + * Translated using Weblate (Italian) + * Translated using Weblate (Japanese) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Portugal)) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Russian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Spanish) + * Translated using Weblate (Turkish) zlib +- Fix hw compression on z15 bsc#1176201 +- Add zlib-s390x-z15-fix-hw-compression.patch + zstd +- Add 0001-PATCH-Use-umask-to-Constrain-Created-File-Permission.patch + fixing (CVE-2021-24031, bsc#1183371) and (CVE-2021-24032, bsc#1183370). + Use umask() to constrain created file permission. +