Removed rpms ============ - alsa-oss-32bit - libblkid1-32bit - libglib-2_0-0-32bit - libsamba-credentials0-32bit - libsamba-hostconfig0-32bit - libsamdb0-32bit - libsmbldap2-32bit - libwbclient0-32bit - rpm-32bit - libaudit1-32bit - libdcerpc-binding0-32bit - libgio-2_0-0-32bit - libldb2-32bit - libndr-standard0-32bit - libndr1-32bit - libnuma1-32bit - libopenssl1_1-32bit - libsamba-util0-32bit - libunistring2-32bit - libuuid1-32bit - libz1-32bit - pulseaudio-utils-32bit - samba-libs-32bit Added rpms ========== - alsa-firmware - alsa-oss-32bit - libaudit1-32bit - libdcerpc-binding0-32bit - libgio-2_0-0-32bit - libldb2-32bit - libndr-standard0-32bit - libndr1-32bit - libnuma1-32bit - libopenssl1_1-32bit - libsamba-util0-32bit - libunistring2-32bit - libuuid1-32bit - libz1-32bit - pulseaudio-utils-32bit - samba-libs-32bit - intel-media-driver - libblkid1-32bit - libblogger2 - libebtc0 - libglib-2_0-0-32bit - libigdgmm11 - libnftables1 - libsamba-credentials0-32bit - libsamba-hostconfig0-32bit - libsamdb0-32bit - libsmbldap2-32bit - libwbclient0-32bit - python3-nftables - rpm-32bit - typelib-1_0-Flatpak-1_0 - virtualbox-guest-tools - virtualbox-guest-x11 - virtualbox-kmp-default Package Source Changes ====================== ImageMagick +- security update +- added patches + fix CVE-2021-20241 [bsc#1182335], Division by zero in WriteJP2Image() in coders/jp2.c + + ImageMagick-CVE-2021-20241.patch + fix CVE-2021-20243 [bsc#1182336], Division by zero in GetResizeFilterWeight in MagickCore/resize.c + + ImageMagick-CVE-2021-20243.patch + fix CVE-2021-20244 [bsc#1182325], Division by zero in ImplodeImage in MagickCore/visual-effects.c + + ImageMagick-CVE-2021-20244.patch + fix CVE-2021-20246 [bsc#1182337], Division by zero in ScaleResampleFilter in MagickCore/resample.c + + ImageMagick-CVE-2021-20246.patch + MozillaFirefox +- Firefox Extended Support Release 78.9.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2021-11 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 + +- Firefox Extended Support Release 78.8.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2021-08 (bsc#1182614) + * CVE-2021-23969 (bmo#1542194) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23968 (bmo#1687342) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23973 (bmo#1690976) + MediaError message property could have leaked information + about cross-origin resources + * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, + bmo#786797) + Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 +- Update create-tar.sh to use https instead of http (bsc#1182357) + MozillaThunderbird +- Mozilla Thunderbird 78.8 + * fixed: Importing an address book from a CSV file always + reported an error (bmo#1685048) + * fixed: Security information for S/MIME messages was not + displayed correctly prior to a draft being saved + (bmo#1683701) + * fixed: Calendar: FileLink UI fixes for Caldav calendars + (bmo#1669803) + * fixed: Recurring tasks were always marked incomplete; unable + to use filters (bmo#1686466) + * fixed: Various UI widgets not working (bmo#1690098) + * fixed: Dark theme improvements (bmo#1691106) + * fixed: Extension manager was missing link to addon support + web page (bmo#1642219) + * fixed: Various security fixes + MFSA 2021-09 (bsc#1182614) + * CVE-2021-23969 (bmo#1542194) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23968 (bmo#1687342) + Content Security Policy violation report could have contained + the destination of a redirect + * CVE-2021-23973 (bmo#1690976) + MediaError message property could have leaked information + about cross-origin resources + * CVE-2021-23978 (bmo#1682928, bmo#1687391, bmo#1687597, + bmo#786797) + Memory safety bugs fixed in Thunderbird 78.8 +- Update create-tar.sh to use https instead of http (bsc#1182357) + PackageKit +- Add PackageKit-zypp-initialize-pool.patch: zypp: Make sure pool + is initialized at the beginning of some methods + (gh#hughsie/PackageKit/commit#3efa0c524, bsc#1180597). + SDL_gfx +- Readd SDL_gfx-devel Provides/Obsoletes, still needed. + +- Update to 2.0.26 + * Included patch for CMake builds against SDL2 + * Fixed bug in rotozoomSurfaceSizeTrig + -- fix provides and obsoletes [bnc#544957] - -- follow Shared Library Policy - alsa-oss +- Add upstream patch to fix build with current glibc: + * alsa-drop-libio.patch + -- updated to version 1.0.17: - * just a version bump - autoyast2 +- Do not crash while sorting the list of modules to be processed + during the 2nd stage (bsc#1184316). +- Prevent AutoYaST UI from crashing when trying to apply a module + changes (bsc#1184429). +- 4.3.77 + +- Use 'module' instead of 'listentry' when exporting pre-modules + and post-modules lists (bsc#1184342). + +- Show the only once during autoinstallation + (bsc#1184317). + +- Add the 'mkfs_options' element to the schema (bsc#1184268). + +- Fix crash during using autoyast UI (bsc#1184216) +- 4.3.76 + avahi +- Update avahi-daemon-check-dns.sh from Debian. Our previous + version relied on ifconfig, route, and init.d. +- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges + when invoking avahi-daemon-check-dns.sh (boo#1180827 + CVE-2021-26720). +- Add sudo to requires: used to drop privileges. + blog +- Fix package split done for shared library packaging guideline (bsc#1184479). + +- Update to version 2.20 + * Silent some gcc warnings, also avoid common variable (boo#1160385) + * Include for makedev + * sort input files (boo#1041090) + * libconsole: never return empty list from getconsoles() + * libconsole: Really allow to use /dev/console as a fallback in showconsole + * libconsole: Add console into the list only when successfully allocated + * libconsole: Correctly ignore early consoles +- Remove obsolate patch blog-Remove-unused-header.patch + +- Add blog-Remove-unused-header.patch: Fix build with new glibc + (gh#bitstreamout/showconsole#3). + +- Implement shared library packaging guideline. + +- Update to version 2.19 which integrates the patches now removed: + * sysmacros.patch + * libconsole-Really-allow-to-use-dev-console-as-a-fall.patch + * libconsole-never-return-empty-list-from-getconsoles.patch + * showconsole-2.18.tar.gz + * libconsole-Add-console-into-the-list-only-when-succe.patch + * libconsole-Correctly-ignore-early-consoles.patch + as well as the changes + * Correct wants directory for systemd-ask-password-blog.service + * Sort input files for reproducible builds + +- sysmacros.patch: Include for makedev + btrfsprogs +- Correct check_running_fs_exclop() return value (bsc#1184481) + btrfs-progs-Correct-check_running_fs_exclop-return-v.patch + ca-certificates +- openssl is no longer required but coreutils and findutils are + (boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this + package might be the only one pulling it in. + chromium +- Update to 89.0.4389.114 bsc#1184256 + - CVE-2021-21194: Use after free in screen capture + - CVE-2021-21195: Use after free in V8 + - CVE-2021-21196: Heap buffer overflow in TabStrip + - CVE-2021-21197: Heap buffer overflow in TabStrip + - CVE-2021-21198: Out of bounds read in IPC + - CVE-2021-21199: Use Use after free in Aura +- Add libva-2.11.patch to fix build with libva <2.11 +- Add libva-2.11-nolegacy.patch to fix build with libva 2.11 +- Remove x11-ozone-fix-two-edge-cases.patch + cups +- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960) + Fix web UI kerberos authentication + curl +- Security fix: [bsc#1183934, CVE-2021-22890] + * When using a HTTPS proxy and TLS 1.3, libcurl can confuse + session tickets arriving from the HTTPS proxy but work as + if they arrived from the remote server and then wrongly + "short-cut" the host handshake. +- Add curl-CVE-2021-22890.patch + +- Security fix: [bsc#1183933, CVE-2021-22876] + * The automatic referer leaks credentials +- Add curl-CVE-2021-22876.patch + dracut +- Update to version 049.1+suse.186.g320cc3d1: + * network-legacy: fix route parsing issues in ifup (bsc#1182688) + * 90kernel-modules: arm/arm64: Add reset controllers + * Prevent creating unexpected files on the host when running dracut + * As of v246 of systemd "syslog" and "syslog-console" switches have been deprecated + +- Update to version 049.1+suse.185.g9324648a: + * 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336) + * Prevent creating unexpected files on the host when running dracut (bsc#1176171) + ebtables +- Have the source .service file hold a placeholder for LIBEXECDIR, + which we replace during build/install phase, allowing the package + to be used no matter what value %{_libexecdir} has. + +- replace /usr/lib with /usr/libexec in .service files to follow + %_libexecdir macro changes + +- Revert last /bin/bash -> /bin/sh change + +- Use /bin/sh for ebtables.systemd +- Don't hard require systemd, we don't need that in a container + +- rename /usr/lib/ebtables helper file to /usr/lib/ebtables-helper + otherwise it conflicts with /usr/lib/ebtables library directory + on 32-bit systems [bsc#1159769] + +- add ebtables.keyring as a Source + +- Update to release 2.0.11 + * Add --noflush command line support for ebtables-restore + * Do not print IPv6 mask if it is all ones + * Allow RETURN target rules in user defined chains + * ebt_ip: add support for matching ICMP type and code + * ebt_ip: add support for matching IGMP type + * extensions: Add string filter to ebtables + * Print IPv6 prefixes in CIDR notation + * extensions: Add AUDIT target + * Fix incorrect IPv6 prefix formatting +- Drop ebtables-v2.0.8-makefile.diff (no longer needed) +- Drop ebtables-v2.0.8-initscript.diff, include-linux-if.patch + (not applicable) +- Drop ebtables-v2.0.10-4-audit.patch, + 0001-fix-compilation-warning.patch, + 0001-Use-flock-for-concurrent-option.patch, + 0002-Fix-locking-if-LOCKDIR-does-not-exist.patch (merged) + efivar +- Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME + path parsing (bsc#1181967) + evolution-data-server +- Add CVE-2020-16117.patch: Fix crash on malformed server response + with minimal capabilities (boo#1174712 CVE-2020-16117). +- Add CVE-2020-14928.patch: Response injection via STARTTLS in SMTP + and POP3 (boo#1173910 CVE-2020-14928). + +- Add evolution-data-server-boo1182882.patch: fix buffer overrun + when parsing base64 data (boo#1182882). + evolution-ews +- Add evolution-ews-boo1182882.patch: fix buffer overrun when + parsing base64 data (boo#1182882). + filesystem +- Remove duplicate line due to merge error + +- add /etc/skel/.cache with perm 0700 (bsc#1181011) + +- Set correct permissions when creating /proc and /sys + +- Ignore postfix user (pulled in from buildsystem) + +- /proc and /sys should be %ghost to allow filesystem package updates in + rootless container environments (rh#1548403) (bsc#1146705) + +- Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf. + Allows to override config to add cleanup options of /var/tmp + [bsc#1078466] +- Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs) + [bsc#1175519] +- Fix bug about missing group in tmpfiles.d files +- Generic cleanup: + - Remove /usr/local/games + -- add /usr/share/appdata (bnc#893441) - -- drop /media directory (bnc#890198) - -- make /run/lock %ghost to fix build failure - -- make /var/run and /var/lock just ghost entries and create them - if they do not exist at all and rely on dracut hooks to - actually replace directories with symlinks there (bnc#874748) - -- add vscan user to ignore home list - -- change /etc/cups to mode 0755 (bnc#871640) for new cups version - -- change /sys to mode 0555 (bnc#871640) - -- make /var/lock a symlink to /run/lock (bnc#867873) - -- use lazy umount - -- use os.execute("umount ...") instead of posix.umount("...") - bnc#866964 - -- change pre to pretrans for directory/symlink conversion - -- drop /var/lib/pam_devperm (bnc#866234) - -- replace /var/run by symlink to /run -- try to handle case where /var/run is a bind-mount -- extend lua script in preinstall to handle this transition -- bnc#865893 - -- bump version to 13.2 - -- Drop /usr/X11R6, /usr/X11R6/bin, /usr/X11R6/lib, /var/X11R6 - -- add ppc64le definition - -- Drop /lib/systemd and /lib/systemd/system, everything is now in - /usr/lib/systemd... - -- do not put dir modifiers on symlinks - -- change license to MIT as GPL doesn't make sense for a package that - only contains directories. Also include a LICENSE.txt with the - sources (bnc#822602). - -- bump version to 13.1 - -- Add systemd %_unitdir - -- move sysctl directories here - -- Add directory.list64 for aarch64 - -- Revert /var/run and /var/lock being symlinks for now. - -- remove get_version_number.sh, it's unused since ages - -- Revert last change since aaa_base removed /usr/lib/tmpfiles.d. - -- own /usr/lib/tmpfiles.d - -- Remove also /sbin/conf.d/ (SuSEconfig directory). - -- replace /var/run and /var/lock directories with symlinks to - /run and /run/lock (respectively). - -- Remove SuSEconfig directories [FATE#100011] - -- move directories for man page translations from man package to - filesystem - -- remove /var/run/vi.recover (bnc#765288) -- remove /media/floppy and /media/cdrom ghost entries, they are not - used anywhere since years either - -- remove /var/cache/fonts (bnc#764885) - -- Also create /usr/share/help/$LOCALE for each LOCALE defined in - the languages file. This will allow our packages to have - translations for the XDG help system. - -- bump version to 12.2 - -- digged through logs to find more languages that have >45000 strings - -- remove world writeable /var/crash again (bnc#438041) - -- Apply packaging guidelines (remove redundant/obsolete - tags/sections from specfile, etc.) - -- Add /usr/share/help and /usr/share/help/C: this is the directory - used by the XDG help system specification, and the subdirectory - for the english docs there. - -- remove dirs that are clearly aaa_base specific - -- remove /var/lock/subsys as /var/lock is on tmpfs now - -- Really add language zh. - -- Add languages ga, ia, kk, km, kn, mai, nds, wa (from kde4-l10n) and - zh (from cups). - -- add /etc/skel/{.local,.config} to make sure they have correct - permissions for new users (bnc#676468) - -- Bump version number. -- Remove /etc/skel/.mozilla, it's not needed to have this by default. - -- Increase version number to 12.1. -- Add missing directories from aaa_base: /usr/share/doc/packages/aaa_base, - /lib/aaa_base - -- add /run directory (mode 0755,root,root) - -- reset list of languages to only contain what's translated with - more than 45.000. we might add big ones later if they become popular - to translate - -- bump version to 11.5 - -- fix build whitelisting /lib/udev/devices - -- add new locales (bnc#659001) - -- Add the new locale for "Congo", kg (iso 639-1). - -- add an locale for "Aragonese Spanish" - -- add /lib/systemd and /lib/systemd/system to avoid systemd - dependencies in lots of packages that merely install a text file - there. - -- add /etc/tmpfiles.d - -- add ghost.list with directories only listed in this package - as ghost files, move /tmp/.X11-unix, /tmp/.ICE-unix - and /var/tmp/vi.recover to that list -- also move /media/cdrom and /media/floppy to that list - they were done manually as ghosts in the specfile before -- add /etc/tmpdirs.d (see aaa_base) - -- Set version number to 11.3 - -- change group of /var/lock to 'lock' (bnc#552095, FATE#308360) - -- added ms_my (bnc#561174) - -- Add /usr/$march directories for SPARC. Will be packaging both - sparc-suse-linux and sparc64-suse-linux because the compiler - suite is usually configured with the latter on this arch. - -- minor change for sparc in specfile (bnc#558343) - -- added en@shaw (bnc#559206) - -- add arm gnueabi folders - -- added /selinux (fate#305557) - -- added fil (filipino) to the list of languages (bnc#513962) - -- add bem (Bemba) (fix bnc#501080) - -- fix build (ignore /lib/mkinitrd/scripts for now) - -- add hne (Chhattisgarhi) - -- added jbo (bnc#485455) - firewalld -- Update to 0.7.5 (jsc#SLE-12281) +- Remove dependency on firewalld from firewall-macros (bsc#1183404) + +- Disable FlushAllOnReload option to not retain interface to zone + assignments and direct rules when using --reload option. + * 0002-Disable-FlushAllOnReload-option.patch + +- Update to 0.9.3 (jsc#SLE-17336): + * docs(dbus): fix invalid method names + * fix(forward): iptables: ipset used as zone source + * fix(rich): non-printable characters removed from rich rules + * docs(firewall-cmd): small description grammar fix + * fix(rich): limit table to strip non-printables to C0 and C1 + * fix(zone): add source with mac address + +- Add dependency for firewall-offline-cmd (bsc#1180883) + +- Remove the patch which enforces usage of iptables instead of + nftables (jsc#SLE-16300): + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch +- Add firewalld zone for the docker0 interface. This is the + workaround for lack of nftables support in docker. Without that + additional zone, containers have no Internet connectivity. + (rhbz#1817022, jsc#SLE-16300) +- Update to 0.9.1: + * Bugfixes: + * docs(firewall-cmd): clarify lockdown whitelist command paths + * fix(dbus): getActivePolicies shouldn't return a policy if a zone is not active + * fix(policy): zone interface/source changes should affect all using zone + +- Make use of %service_del_postun_without_restart + And stop using DISABLE_RESTART_ON_UPDATE as this interface is + obsolete. + +- Add python3-nftables as a requirement. + +- update to 0.9.0: + * New major features + * prevention of Zone Drifting + * Intra Zone Forwarding + * Policy Objects + * For a full list of changes, see + https://github.com/firewalld/firewalld/compare/v0.8.0...v0.9.0 + +- update to 0.8.3: + * nftables: convert to libnftables JSON interface + * service: new “helper” element to replace “module” More accurately represents the conntrack helper. Deprecates “module”. + * allow custom helpers using standard helper modules (rhbz 1733066) + * testsuite is now shipped in the dist tarball + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don’t print warning about AllowZoneDrifting + * fix: add logrotate policy + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: ipset types using “port” + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify –set-target values “default” vs “reject” + * fix: update dynamic DCE RPC ports in freeipa-trust service + * fix: nftables: ipset: port ranges for non-default protocols + * fix(systemd): Conflict with nftables.service + * fix(direct): rule in a zone chain + * fix(client): addService needs to reduce tuple size + * fix(doc): dbus: signatures for zone tuple based APIs + * fix(config): bool values in dict based import/export + * fix(dbus): service: don’t cleanup config for old set APIs + * fix(ipset): flush the set if IndividiualCalls=yes + * fix(firewall-offline-cmd): remove instances of “[P]” in help text + * fix(rich): source mac with nftables backend + * docs: replace occurrences of the term blacklist with denylist + * fix: core: rich: Catch ValueError on non-numeric priority values + * docs(README): add libxslt for doc generation + * fix(cli): add –zone is an invalid option with –direct + * fix(cli): add ipset type hash:mac is incompatible with the family parameter + +- Update to version 0.7.5 (jsc#SLE-12281): -- Switch firewall backend fallback to 'iptables' (bsc#1102761) - This ensures that existing configuration files will keep working - even if FirewallBackend option is missing. + +- Update to 0.7.4 + This is a bug fix only release. + However, it does reintroduce the zone drifting bug as a feature. See #258 and #441. This behavior is disabled by default. + * improvement: build: add an option to disable building documentation + * Typo in firewall-config(1) + * Fix typo in TFTP service description + * doc: README: add note about language translations + * fix: rich: source/dest only matching with mark action + * feat: AllowZoneDrifting config option + * feat: nftables: support AllowZoneDrifting=yes + * feat: ipXtables: support AllowZoneDrifting=yes + * fix: firewall-offline-cmd: Don't print warning about AllowZoneDrifting + * fix: add logrotate policy + * fix: tests: regenerate testsuite if .../{cli,python}/*.at changes + * doc: direct: add CAVEATS section + * fix: checkIP6: strip leading/trailing square brackets + * fix: nftables: remove square brackets from IPv6 addresses + * fix: ipXtables: remove square brackets from IPv6 addresses + * fix: nftables: zone dispatch with multidimensional ipsets + * fix: ipset: destroy runtime sets on reload/stop + * fix: port: support querying sub ranges + * fix: source_port: support querying sub ranges + * doc: specify accepted characters for object names + * fix: doc: address copy/paste mistakes in short/description + * fix: configure: atlocal: quote variable values + * fix: nftables: allow set intervals with concatenations + * doc: clarify --set-target values "default" vs "reject" + +- Update to version 0.7.3: + * release: v0.7.3 + * chore: update translations + * doc: README: add note about integration tests + * test: check-container: also run check-integration + * test: integration: NM zone overrides interface on reload + * test: build: support integration tests + * test: functions: add macro NMCLI_CHECK + * test: functions: new macros for starting/stopping NetworkManager + * fix: test: leave "cleanup" for tests cases + * test: check-container: add support for fedora rawhide + * test: check-container: add support for debian sid + * test: build: add support for running in containers + * fix: test/functions: FWD_END_TEST: improve grep for errors/warnings + * fix: test: direct passthrough: no need to check for dummy module + * fix: test: CHECK_NAT_COEXISTENCE: only check for kernel version + * fix: reload: let NM interface assignments override permanent config + * chore: tests: rename IF_IPV6_SUPPORTED to IF_HOST_SUPPORTS_IPV6_RULES + * fix: tests: convert host ipv6 checks to runtime + * fix: tests: convert ip6tables checks to runtime + * fix: tests: convert probe of nft numeric args to runtime + * fix: tests: convert nftables fib checks to runtime + * fix: build: distribute testsuite + * fix: don't probe for available kernel modules + * fix: failure to load modules no longer fatal + * fix: tests/functions: canonicalize XML output + * chore: doc: update authors + * fix: test: use debug output based on autotest variable + * fix: src/tests/Makefile: distclean should clean atconfig + +- No longer recommend -lang: supplements are in use. + +- Replace incorrect usage of %_libexecdir with %_prefix/lib + +- rebased the original patch from revision 19 + +- Added a patch to make iptables the default again on openSUSE + +- Update to version 0.7.2: + This is a bug fix only release. + * fix: direct: removeRules() was mistakenly removing all rules + * fix: guarantee zone source dispatch is sorted by zone name + * fix: nftables: fix zone dispatch using ipset sources in nat chains + * doc: add --default-config and --system-config + * fix: --add-masquerade should only affect ipv4 + * fix: nftables: --forward-ports should only affect IPv4 + * fix: direct: removeRules() not removing all rules in chain + * dbus: service: fix service includes individual APIs + * fix: allow custom helpers using standard helper modules + * fix: service: usage of helpers with '-' in name + * fix: Revert "ebtables: drop support for broute table" + * fix: ebtables: don't use tables that aren't available + * fix: fw: initialize _rfc3964_ipv4 + +- Update to version 0.7.1: + * Rich Rule Priorities + * Service Definition Includes - Service definitions can now + include lines like: which will + include all the ports, etc from the https service. + * RFC3964 IPv4 filtering - A new option RFC3964_IPv4 in + firewalld.conf is available. It does filtering based on RFC3964 + in regards to IPv4 addresses. This functionality was + traditionally in network-scripts. + * FlushAllOnReload - A new option FlushAllOnReload in + firewalld.conf is available. Older release retained some + settings (direct rules, interface to zone assignments) during a + - -reload. With the introduction of this configuration option + that is no longer the case. Old behavior can be restored by + setting FlushAllOnReload=no. + * 15 new service definitions + * fix: firewall-offline-cmd: service: use dict based APIs + * fix: client: service: use dict based dbus APIs + * test: dbus: coverage for new service APIs + * fix: dbus: new dict based APIs for services + * test: dbus: service API coverage + * test: functions: add macro DBUS_INTROSPECT + * test: functions: add CHOMP macro for shell output + * fix: tests/functions: use gdbus instead of dbus-send + * fix: dbus: add missing APIs for service includes +- Remove patch for using iptables instead of nftables - we should + finally switch to nftables and fix its issues properly if they + occur again: -- Disable FlushAllOnReload option to not retain interface to zone - assignments and direct rules when using --reload option. - * 0002-Disable-FlushAllOnReload-option.patch -- Remove patches which were included upstream or are not needed - anymore: - * firewalld-add-additional-services.patch +- Remove patch which was released upstream: + * 0002-Add-FlushAllOnReload-config-option.patch + +- Update to version 0.6.4: + * chore: update translations + * treewide: fix over indentation (flake8 E117) + * test: travis: add another test matrix for omitting ip6tables + * chore: travis: split test matrix by keywords + * chore: tests: add AT_KEYWORDS for firewall-offline-cmd + * improvement: tests: Use AT_KEYWORDS for backends + * fix: tests: guard occurrences of IPv6 + * fix: tests/functions: ignore warnings about missing ip6tables + * test: add macro IF_IPV6_SUPPORTED + +- Move RPM macros to %_rpmmacrodir. + +- Revert last change: the macros DO reference firewall-cmd, but as + they are expanded during build time of the package, not at + runtime, the point in time is wrong to require firewalld. The + consumer of the macro is responsible to ask for the right + commands to be present at runtime of the scripts + (boo#1125775#c9). + +- Add dependency between firewall-macros and firewalld. + (boo#1125775) + +- Fix --with-ifcfgdir configure parameter. (boo#1124212) + +- Add upstream patch to make --reload/--complete-reload forget the + runtime configuration and always load the permanent one + (bsc#1121277) + * 0002-Add-FlushAllOnReload-config-option.patch + +- Update to 0.6.3. Some of the changes are: + * update translations + * nftables: fix reject statement in "block" zone + * shell-completion: bash: don't check firewalld state + * firewalld: fix --runtime-to-permanent if NM not in use. + * firewall-cmd: sort --list-protocols output + * firewall-cmd: sort --list-services output + * command: sort services/protocols in --list-all output + * services: add audit + * nftables: fix rich rule log/audit being added to wrong chain + * nftables: fix destination checks not allowing masks + * firewall/core/io/*.py: Let SAX handle the encoding of XML files (gh#firewalld/firewalld#395)(bsc#1083361) + * fw_zone: expose _ipset_match_flags() + * tests/firewall-cmd: exercise multiple interfaces and zones + * fw_transaction: On clear zone transaction, must clear fw and other zones + * Fix translating labels (gh#firewalld/firewalld#392) +- Remove patches which have made it upstream: - * 0001-fw_nm-Make-nm_get_zone_of_connection-only-check-perm.patch - * 0002-firewall-cmd-On-getZoneOfInterface-only-ask-NM-for-p.patch - * 0003-firewall-cmd-For-non-permanent-interface-changes-don.patch - * 0004-fw_nm-New-function-to-get-all-interfaces-from-NM.patch - * 0005-fw_nm-Add-nm_get_interfaces_in_zone.patch - * 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch - * 0007-firewall-cmd-Allow-passing-extra-interfaces-to-print.patch - * 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch - * 0001-firewall-core-Always-reload-the-permanent-configurat.patch - * 0001-firewall-core-fw_nm-nm_get_zone_of_connection-should.patch - * 0001-firewalld-fix-runtime-to-permanent-if-NM-not-in-use.patch - -- Add upstream patch to fix the error in --runtime-to-permanent - option about 'settings' variable being referenced before - assignment. This error occurs only when NetworkManager is not - used. (bsc#1122151) - * 0001-firewalld-fix-runtime-to-permanent-if-NM-not-in-use.patch - -- Import SUSE translations (boo#1108832) - * added firewalld-0.5.5-po-20181105.tar.xz - -- Add upstream patch to fix a python stacktrace when getting the - zone for a NetworkManager connection (bsc#1106319) - * 0001-firewall-core-fw_nm-nm_get_zone_of_connection-should.patch - -- Add adapted upstream patch to make --reload/--complete-reload - forget the runtime configuration and always load the permanent - one (bsc#1112008) - * 0001-firewall-core-Always-reload-the-permanent-configurat.patch + * 0002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch -- Add upstream patch to mark more strings as translatable (bsc#1096542) +- Add upstream patch to mark more strings as translatable which is + required by firewall UI when creating rich rules (bsc#1096542) -- Add upstream patches to fix NetworkManager integration (bsc#1109074) - * 0001-fw_nm-Make-nm_get_zone_of_connection-only-check-perm.patch - * 0002-firewall-cmd-On-getZoneOfInterface-only-ask-NM-for-p.patch - * 0003-firewall-cmd-For-non-permanent-interface-changes-don.patch - * 0004-fw_nm-New-function-to-get-all-interfaces-from-NM.patch - * 0005-fw_nm-Add-nm_get_interfaces_in_zone.patch - * 0006-firewall-cmd-Ask-NM-when-listing-permanent-interface.patch - * 0007-firewall-cmd-Allow-passing-extra-interfaces-to-print.patch -- Add upstream patch to fix ifcfg ZONE attribute on permanent firewall - changes (bsc#1109153) - * 0001-ifcfg-Modify-ZONE-on-permanent-config-changes.patch -- Update to 0.5.5 (bsc#1108420) +- Add upstream patch to fix rich rules that uses ipset (bsc#1104990) + * 00002-firewalld-0.6.x-rich-rule-with-ipset-regression.patch + +- Update to 0.6.2. Some of the changes are: - * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False + * nftables: fix log-denied with values other than "all" or "off" + * fw_ipset: raise FirewallError if backend command fails + * ipset: only use "-exist" on restore + * fw_ipset: fix duplicate add of ipset entries + * *tables: For opened ports/protocols/etc match ct state new,untracked (bsc#1105821) + * ipXtables: increase wait lock to 10s + * nftables: fix rich rules ports/protocols/source ports not considering ct state + * ports: allow querying a single added by range + * fw_zone: do not change rich rule errors into warnings + * fw_zone: fix services with multiple destination IP versions (bsc#1105899) + * fw_zone: consider destination for protocols + * firewall/core/fw_nm: nm_get_zone_of_connection should return None or empty string instead of False (boo#1106319) -- spec-cleaner fixes - -- Update to 0.5.4 (bsc#1105170) - * update translations + * nftables: fix rich rule audit log + * ebtables: replace RETURN policy with explicit RETURN at end of chain + * direct backends: allow build_chain() to build multiple rules + * fw: on restart set policy from same function + * ebtables: drop support for broute table +- Remove upstream patches + * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch + * 0001-fw_zone-consider-destination-for-protocols.patch + * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch + * firewalld-fix-firewalld-config-crash.patch + +- Add upstream patch to fix Neighbor Discovery filtering for IPv6 (bsc#1105821) + * 0001-nftables-fix-rich-rules-ports-protocols-source-ports.patch +- Add upstream patch to fix building rules for multiple IP families (bsc#1105899) + * 0001-fw_zone-consider-destination-for-protocols.patch + * 0002-fw_zone-fix-services-with-multiple-destination-IP-ve.patch + +- Add firewalld-fix-firewalld-config-crash.patch: set + nm_get_zone_of_connection to return 'None' instead of 'False' for + automatically generated connections to avoid firewall-config + crashes. Patch provided by upstream (boo#1106319, + gh#firewalld/firewalld#370). + +- Also switch firewall backend fallback to 'iptables' (bsc#1102761) + This ensures that existing configuration files will keep working + even if FirewallBackend option is missing. + * 0001-firewall-backend-Switch-default-backend-to-iptables.patch + +- Update to 0.6.1. Some of the changes are: + * Correct source/destination in rich rule masquerade + * Only modify ifcfg files for permanent configuration changes + * Fix a backtrace when calling common_reverse_rule() + * man firewalld.conf: Show nftables is the default FirewallBackend + * firewall-config: fix some untranslated strings that caused a UI + bug causing rich rules to not be modify-able (bsc#1096542) - * firewall-config: fix some untranslated strings - * Rich Rule Masquerade inverted source-destination in Forward Chain - * don't forward interface to zone requests to NM for generated interfaces + * fixed many issues if iptables is actually iptables-nft + * Use preferred location for AppData files + * ipXtables: fix ICMP block inversion with set-log-denied + * fixes ICMP block inversion with set-log-denied with + IndividualCalls=yes + * nftables: fix set-log-denied if target is not ACCEPT + * fw_direct: strip _direct chain suffix if using nftables + * NetworkManager integration bugfixes. + +- Switch back to 'iptables' backend as default (bsc#1102761) + +- Update to 0.6.0. Some of the changes are: + * update translations + * firewall-config: Add ipv6-icmp to the protocol dropdown box (#348, bsc#1099698) + * core: logger: Remove world-readable bit from logfile (#349, bsc#1098986) + * IPv6 rpfilter: explicitly allow neighbor solicitation + * nftables backend (default) + * Added loads of new services - * ipset: check type when parsing ipset definition - * firewall-config: Add ipv6-icmp to the protocol dropdown box - * core: logger: Remove world-readable bit from logfile - * IPv6 rpfilter: explicitly allow neighbor solicitation -- Remove patches that have made it upstream: - * 0001-firewall-config-fix-some-untranslated-strings.patch - * 0001-firewall-config-Add-ipv6-icmp-to-the-protocol-dropdo.patch - * 0001-core-logger-Remove-world-readable-bit-from-logfile-3.patch - * firewalld-0.5.3-po-20180417.tar.xz - -- Mark more strings as translatable when creating rich rules (bsc#1096542) - * 0001-firewall-config-fix-some-untranslated-strings.patch - -- Backport the following upstream fixes: - * Add missig ipv6-icmp protocol to UI drop-down list (bsc#1099698) - - 0001-firewall-config-Add-ipv6-icmp-to-the-protocol-dropdo.patch - * Drop global read permissions from the log file (bsc#1098986) - - 0001-core-logger-Remove-world-readable-bit-from-logfile-3.patch - -- Merge SUSE translations to version 0.5.3, fix typos (boo#1094051, - add firewalld-0.5.3-po-20180417.tar.xz, - remove firewalld-po-20180417.tar.xz). + * firewallctl: completely remove all code and references + * dbus: expose FirewallBackend + * dbus: fix erroneous fallback for AutomaticHelpers +- Remove patches which have made it upstream + * firewalld-add-additional-services.patch +- spec-cleaner fixes -- Translations update to version 20180417 (bsc#1081623): - * Minor fixes of ar, ko, nl. - - * firewall-config: Break infinite loop when firewalld is not - running (bsc#1082470, bsc#1085205) + * firewall-config: Break infinite loop when firewalld is not running -- Remove obsolete patches which are now upstream - * 0001-src-firewall-config-Fix-default-value-for-dialog-but.patch - * 0002-src-firewall-config-Break-infinite-loop-when-firewal.patch -- Update to 0.5.1 (bsc#1084026) +- Remove high-availability service. SUSE HA uses the cluster service + provided by the yast2-cluster package (bsc#1078223) + +- Update to 0.5.1 + +- Update to 0.5.0 -- Add upstream patches to fix endless loop in firewall-config when - firewalld is not running (bsc#1082470) - * 0001-src-firewall-config-Fix-default-value-for-dialog-but.patch - * 0002-src-firewall-config-Break-infinite-loop-when-firewal.patch - -- Remove high-availability service. SUSE HA uses the cluster service - provided by the yast2-cluster package (bsc#1078223) - flatpak -- Update to version 1.10.2: - + This is a security update which fixes a potential attack where - a flatpak application could use custom formated .desktop files - to gain access to files on the host system. - + Fix memory leaks - + Some test fixes - + Documentation updates - + G_BEGIN/END_DECLS added to library headders for c++ use - + Fix for X11 cookies on OpenSUSE - + Spawn portal better handles non-utf8 filenames - -- Flatpak only requires glib 2.44, not 2.60 -- Update ostree version required to 2020.8 - -- Update to version 1.10.1: - + Fix flatpak build on systems with setuid bwrap - + Fix some compiler warnings - + Fix crash on updating apps with no deploy data - + Updated translations. -- Remove deprecated texinfo packaging macros. -- Switch to upstream release tarball. - -- Update to version 1.10.0: - + The major new feature in this series compared to 1.8 is the - support for the new repo format which should make updates - faster and download less data. - + The systemd generator snippets now call flatpak - - -print-updated-env in place of a bunch of shell for better - login performance. - + The .profile snippets now disable GVfs when calling flatpak to - avoid spawning a gvfs daemon when logging in via ssh. - + Build fixes for GCC 11. - + Flatpak now finds the pulseaudio sockets better in uncommon - configurations. - + Sandboxes with network access it now also has access to the - systemd-resolved socket to do dns lookups. - + Flatpak supports unsetting env vars in the sandbox using - - -unset-env, and --env=FOO= now sets FOO to the empty string - instead of unsetting it. - + Similarly the spawn portal has an option to unset an env var. - + The spawn portal now has an option to share the pid namespace - with the sub-sandbox. - -- Update to version 1.8.5 (CVE-2021-21261): - + This is a security update that fixes a sandbox escape where a - malicious application can execute code outside the sandbox by - controlling the environment of the "flatpak run" command when - spawning a sub-sandbox (boo#1180996) - -- Update to version 1.8.4: - + Fix support for ppc64. - -- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, - allow to remove python3 dependency on main package. - -- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO. - -- Update to version 1.8.3: - + Fixed progress reporting for OCI and extra-data. - + The in-memory summary cache is more efficient. - + Fixed authentication getting stuck in a loop in some cases. - + Fixed authentication error reporting. - + We now extract OCI info for runtimes as well as apps. - + Fixed crash if anonymous authentication fails and -y is - specified. - + flatpak info now only looks at the specified installation if - one is specified. - + Better error reporting for server HTTP errors during download. - + Uninstall now removes applications before the runtime it - depends on. - + Fixed test-suite to pass with the latest OSTree version. - + Fixed dbus environment variables in flatpak enter. - + Avoid updating metadata from the remote when uninstalling. - + Fixed error message handling in various places. - + FlatpakTransaction now verifies all passed in refs to avoid. - + potential issues with invalid names. - + Updated translations. - -- Update to version 1.8.2: - + Added validation of collection id settings for remotes. - + Fix seccomp filters on s390. - + Robustness fixes to the spawn portal. - + Fix support for masking update in the system installation. - + Better support for distros with uncommon models of merged /usr. - + Cache responses from localed/AccountService. - + Fix hangs in cases where xdg-dbus-proxy fails to start. - + Fix double-free in cups socket detection. - + OCI authenticator now doesn't ask for auth in case of http - errors. - -- Fix invalid usage of %{_libexecdir} to reference systemd - directories. - -- Update to version 1.8.1: - * Avoid calling authenticator in update if ref didn't change - * Don't fail transaction if ref is already installed (after - transaction start) - * Fix flatpak run handling of userns in the --device=all case - * Fix handling of extensions from different remotes - * Fix flatpak run --no-session-bus - * Updated translations -- Update to version 1.8.0: - * FlatpakTransaction has a new signal "install-authenticator" - which clients can handle to install authenticators needed for - the transaction. This is done in the CLI commands. - * We now always expose the host timezone data, allowing us the - expose the host /etc/localtime in a way that works better, - fixing several apps that had timezone issues. - * Fix flatpak enter which didn't work in some cases. - * We now ship a systemd unit (not installed by default) to - automatically detect plugged in usb sticks with sideload repos. - * By default we no longer install the gdm env.d file, as the - systemd generators work better. - * create-usb now exports partial commits by default - * Fix handling of docker media types in oci remotes - * Fix subjects in remote-info --log output -- Remove source file used to generate a flatpak user on the system - since it's now included by upstream: - * system-user-flatpak.conf - -- Fixes for %_libexecdir changing to /usr/libexec - -- Update to version 1.6.4: - + This release backports some of the OCI authenticator fixes from - the 1.7 series, and should now be able to host flatpak images - on e.g. docker hub. - + Other changes: - - Fix a use-after free in libflatpak. - - Don't list p2p downgrades in list of available updates. - -- jsc#SLE-7171 fwupd +- Remove valgrind from BuildRequires since it's not a hard + requirement anymore. (bsc#1184248) + +- Update to version 1.5.8: + New features: + * Add a new internal flag to opt-in to GUID matching + * Add D501 Baklava device support + * Add fu_device_set_battery_level() + * Add missing uint64 read and write helpers + * Add Qubes wrapper source and create packages + * Allow enabling plugins only matching a specific HwId + * Prompt for unlock keypress if reset command is blocked + * Remove obsolete dell-dock non-passive update flow support + * Remove the Hughski public key + * Show a warning when parsing invalid quirk files + * Support for GATT characteristic signals/notifications + * Support more than one protocol for a given device + Fixes: + * Align the CCGX DMC firmware to 64 byte chunks + * Be more strict for custom quirk keys + * Check pixart firmware compatibility with hardware before + flashing + * Correct a thunderbolt assertion if kernel failed FW read + * Correctly erase STM32 devices when transfer size is less + than sector size + * Detect SREC overflow to avoid adding ~4GB of 0xFF padding + * Do not show a critical error when flashing footer-less + binary files + * Don't allow device updates while needing activation + * Fix a regression in the elantp defined IAP start address + * Fix a regression where activate stopped working + * Fix firmware update of pointing device on Lenovo ThinkPad + Nano + * Fix the HSI plugin 'Disabled' state + * Fix the quirk key name for the Lenovo HDMI with power + * Fix writing to the GD32VF103 bootloader + * Only call elantp->detach() when writing a firmware blob + * Updated StarLabs GUIDs + * Wait a few ms for the Logitech hardware to settle after + detach +- Remove GPG-KEY-Hughski-Limited from the filelist +- Drop upstreamed patch + + fwupd-bsc1182057-fix-sbat-section-copy.patch + +- Add fwupd-bsc1182057-fix-sbat-section-copy.patch to set the + proper section flags for .sbat section so that objcopy can + copy it into fwupd*.efi (bsc#1182057) + +- Update to version 1.5.7: + New features: + * Add initial support for Bluez bluetooth devices + * Add more supported pixart devices + * Add support for the RTD21xx HDMI converter + Fixes + * Convert MBR types to GPT GUIDs to help find the ESP + * Do not allow updating a synaptics-mst device with no customer ID + * Drop unused heap pages after startup has completed + * Ensure SBAT metadata is added correctly + * Move the plugin build logic to the plugins themselves + * Only allow verify-update for plugins that support CAN_VERIFY +- Specify SBAT metadata for openSUSE/SLE (bsc#1182057) +- Adjust the meson options + + plugin_uefi => plugin_uefi_capsule and plugin_uefi_pk + + plugin_synaptics => plugin_synaptics_mst and plugin_synaptics_rmi + + Disable Intel AMT plugin in non-x86 systems + +- Update to 1.5.6: + New features: + * Add SBAT metadata to the fwupd EFI binary + * Add support for GD32VF103 as found in the Longan Nano + * Add support for RMI PS2 devices + * Add support for the System76 Keyboard + * Allow downloading firmware from IPFS + * Install the UX data into a single .tar.xz file + * Add a plugin to update PixArt RF devices + * Add new hardware to use the elantp and rts54hid plugins + * Allow specifying more than one VendorID for a device + * Detect the AMD TSME encryption state for HSI-4 + * Detect the AMI PK test key is not installed for HSI-1 + * Add Maple Ridge Thunderbolt firmware parsing support + * Add --no-remote-check to ignore checking for download remotes + * Allow creating FMAP and Synaptics firmware using builder.xml + Fixes: + * Add support for the Starlabs LabTop L4 + * Allow using an external ESP again + * Ask the user to reboot when required if downgrading + * Be more paranoid when parsing ASCII buffers and devices + * Check if the fwupd BootXXXX entry exists on failure + * Clear the pending flag if restarting the system + * Do not allow flashing using flashrom if BLE is enabled + * Do not allow Lenovo hardware to install multiple capsules + * Do not parse the OptionROM image + * Do not show Unknown [***] for every client connection + * Fix dnload wBlockNum wraparound for ST devices + * Fix OOM when using large ArchiveSizeMax values + * Fix several crashes spotted by AddressSanitizer + * Fix several places where the Goodix MOC plugin could crash + * Include the PCR0 to the report metadata + * Report the lockdown status from UEFI and SuperIO plugins + * Show a console warning if the system clock is not set + * Fix flashing a fingerprint reader that is in use + * Fix several critical warnings when parsing invalid firmware + * Fix updating DFU devices that use DNLOAD_BUSY + * Ignore the legacy UEFI OVMF dummy GUID + * Make libfwupd more thread safe to fix a crash in gnome-software + * Never show unprintable chars from invalid firmware in the logs + * Allow using fwupdtool as non-root for firmware commands + * Do not trust the Block.HintSystem boolean for ESP filtering + * Fix a memory leak when parsing Synaptics firmware + * Fix a possible crash when reading the Goodix MOC USB request + * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images +- Deprecate fwupd-bsc1179790-disable-hintsystem.patch + gcc7 +- Remove include-fixed/pthread.h +- Change GCC exception licenses to SPDX format + +- add gcc7-pr81942.patch [bsc#1181618] + gdb +- Backport fix for heap-use-after-free in + remote_async_inferior_event_handler [swo#26614]: + * gdb-remote-fix-invalid-pointer-in-remote-async-serial-handler.patch + +- Replace tentative fix with upstreamed fix [swo#26881]: + Remove: + * gdb-fix-assert-in-process-event-stop-test.patch + Add: + * gdb-fix-internal-error-in-process_event_stop_test.patch + * gdb-breakpoints-handle-glibc-with-debuginfo-in-create_exception_master_breakpoint.patch +- Fix license [bsc#1180786]. + glib2 +- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a + gsize as length but stores in a guint, this patch will refuse if + the length is larger than guint. (bsc#1182328, + glgo#GNOME/glib!1944) + +- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a + guint as parameter and sometimes leads into an integer overflow, + so add a g_memdup2 function which uses gsize to replace it. + (bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933, + glgo#GNOME/glib!1943) + glibc +- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector + support in memmove ifunc-selector (bsc#1184035, BZ #27511) + glibc:i686 +- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector + support in memmove ifunc-selector (bsc#1184035, BZ #27511) + gnome-autoar +- Add gnome-autoar-CVE-2020-36241.patch: Skip problematic files + that might be extracted outside of the destination dir to prevent + potential security threat. (bsc#1181930, + glgo#GNOME/gnome-autoar#7) + gnome-shell +- Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: + fix (boo#1183823). + +- Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: + Modify the Japanese input engine load order which will more fit + for our community(bnc#1183475); + grub2 +- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) + * 0001-Workaround-volatile-efi-boot-variable.patch + gzip +- gzip.spec: move %patch10 from the ifarch condition (mistake) + +- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count + of lines to skip [bsc#1180713] + hwdata +- Update to version 0.345: + + Updated pci, usb and vendor ids. + + Resolves boo#1182482 jsc#SLE-13791 bnc#1170160 + +- Update to version 0.344: + + Updated pci, usb and vendor ids. + iptables +- Update to release 1.8.7 + * iptables-nft: + * Improved performance when matching on IP/MAC address prefixes + if the prefix is byte-aligned. In ideal cases, this doubles + packet processing performance. + * Dump user-defined chains in lexical order. This way ruleset + dumps become stable and easily comparable. + * Avoid pointless table/chain creation. For instance, + `iptables-nft -L` no longer creates missing base-chains. + +- Update to release 1.8.6 + * iptables-nft had pointlessly added "bitwise" expressions to + each IP address match, needlessly slowing down run-time + performance (by 50% in worst cases). + * iptables-nft-restore: Support basechain policy value of "-" + (indicating to not change the chain's policy). + * nft-translte: Fix translation of ICMP type "any" match. + +- Update to release 1.8.5 + * IDLETIMER: Add alarm timer option + * nft: CT: add translation for NOTRACK +- Drop iptables-apply-mktemp-fix.patch (seemingly applied) + +- Update to release 1.8.4 + * Fix for wrong counter format in `ebtables-nft-save -c` output. + * Print typical iptables-save comments in arptables- and + ebtables-save, too. + * xt_owner: add --suppl-groups option + * Remove support for /etc/xtables.conf + * Restore support for "-4" and "-6" options in rule lines. + irqbalance +- Adapt also-fetch-node-info-for-non-PCI-devices.patch to v1.4.0, and + backport process_one_line() and get_int() which is required for it + to work. + +- Correctly detect the NUMA node of non-PCI devices. + (bsc#1156315 bsc#1183157) +- add also-fetch-node-info-for-non-PCI-devices.patch + +- Due to a bug in irqbalance's parsing of /sys/devices/system/cpu/cpu*/node* + entries, all CPUs is considered to be on NUMA node 0. Backport fix for + ambiguous parsing of *node* entries in /sys from upstream to fix this issue. + (bsc#1156315, bsc#1182254) +- add fix-ambiguous-parsing-of-node-entries-in-sys.patch + kdump +- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to + dracut command line (bsc#1182309). + +- Increase extra crash kernel reservation for LUKS Argon2 PBKDF + (bsc#1180513): + * kdump-Implement-KString-isHexNumber.patch + * kdump-Mount-and-device-resolution-using-libmount-and-lsblk.patch + * kdump-calibrate-Add-LUKS2-Argon2-requirements-to-the-reser.patch + * kdump-Do-not-list-all-block-devices-if-no-block-devices-ar.patch + * kdump-Enumerate-all-BTRFS-devices-for-btrfs-mount-points.patch + * kdump-calibrate-Fix-kernel-command-line-parsing.patch + +- kdump-query-systemd-network.service.patch: Query systemd + network.service to find out if wicked is used (bsc#1182309). +- kdump-check-explicit-ip-options.patch: Do not add + network-related dracut options if ip= is set explicitly + (bsc#1182309). + kernel-default +- vfio-ccw: Wire in the request callback (bsc#1183225). +- vfio-mdev: Wire in a request handler for mdev parent + (bsc#1183225). +- commit 1a8b567 + +- Update config files. (bsc#1181284) +- commit 09b2083 + +- KVM: SVM: Periodically schedule when unregistering regions on + destroy (bsc#1184511 CVE-2020-36311). +- commit fad3809 + +- crypto: essiv - fix AEAD capitalization and preposition use + in help text (bsc#1184134 ltc#192244). +- commit ba310cd + +- crypto: essiv - create wrapper template for ESSIV generation + (bsc#1184134 ltc#192244). + Update config files. + supported.conf: Add crypto/essiv +- commit 07e8de6 + +- Refresh + patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh + patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. + Update metadata +- commit 61adb77 + +- xen-blkback: don't leak persistent grants from xen_blkbk_map() + (bsc#1183646, CVE-2021-28688, XSA-371). +- commit d927391 + +- Refresh + patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch. +- commit ea9970d + +- thunderbolt: Add support for Intel Tiger Lake-H (bsc#1184129). +- commit a872918 + +- thunderbolt: Introduce tb_switch_is_tiger_lake() (bsc#1184129). +- commit cb3c283 + +- mm/mremap_pages: fix static key devmap_managed_key updates + (bsc#1181787). +- commit e836b25 + +- iwlwifi: Fix MODULE_FIRMWARE() ucode definitions for SLE15-SP3 + (bsc#1183860). +- commit 8e0bc83 + +- scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware (bsc#1184111 + ltc#192232). +- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() + (bsc#1184111 ltc#192232). +- commit ecee0a9 + +- arm64/crash_core: Export TCR_EL1.T1SZ in vmcoreinfo + (bsc#1179863). +- crash_core, vmcoreinfo: Append 'MAX_PHYSMEM_BITS' to vmcoreinfo + (bsc#1179863). +- commit 3277e15 + +- s390/vtime: fix increased steal time accounting (bsc#1183859). +- commit 5026f60 + +- Refresh patch metadata. +- Refresh patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch. +- Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. +- Refresh patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch. +- commit 815f258 + +- Refresh + patches.suse/net-mlx5e-Fix-CQ-params-of-ICOSQ-and-async-ICOSQ.patch. + Fixed backport (bsc#1183773) +- commit 9959a4b + +- net: core: introduce __netdev_notify_peers (bsc#1183871 + ltc#192139). +- commit 658d714 + +- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). +- ibmvnic: remove unused spinlock_t stats_lock definition + (bsc#1183871 ltc#192139). +- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch +- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). +- ibmvnic: avoid multiple line dereference (bsc#1183871 + ltc#192139). +- ibmvnic: fix braces (bsc#1183871 ltc#192139). +- ibmvnic: fix block comments (bsc#1183871 ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. +- ibmvnic: prefer 'unsigned long' over 'unsigned long int' + (bsc#1183871 ltc#192139). +- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll + (bsc#1183871 ltc#192139). +- ibmvnic: rework to ensure SCRQ entry reads are properly ordered + (bsc#1183871 ltc#192139). +- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours + (bsc#1183871 ltc#192139). +- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch +- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). +- commit efd07e6 + +- squashfs: fix xattr id and id lookup sanity checks (bsc#1183850). +- commit b1827ac + +- squashfs: fix inode lookup sanity checks (bsc#1183850). +- commit 9b5c651 + +- net: make __dev_alloc_name consider all name nodes when looking + for (bsc#1180103). +- commit 3400412 + +- Update + patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch + (bsc#1183746 jsc#SLE-7741). +- commit e9dda35 + +- netsec: restore phy power state after controller reset + (bsc#1183756). +- commit 45d0550 + +- powerpc/pseries/mobility: handle premature return from H_JOIN + (bsc#1183662 ltc#191922). +- powerpc/pseries/mobility: use struct for shared state + (bsc#1183662 ltc#191922). +- commit 36f1612 + +- padata: upgrade smp_mb__after_atomic to smp_mb in + padata_do_serial (bsc#1178648). +- commit f3ee3cb + +- ALSA: usb-audio: fix use after free in usb_audio_disconnect + (bsc#1182552 bsc#1183598). +- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe + (bsc#1182552 bsc#1183598). +- commit 8173e6a + +- Move upstreamed sound fixes into sorted section +- commit 4b54f4c + +- Refresh sorted section. +- commit c4b4430 + +- rpadlpar: fix potential drc_name corruption in store functions + (bsc#1183416 ltc#191079). +- commit 9661ab7 + +- Refresh patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. +- Refresh patches.suse/x86-sev-es-handle-db-events. + Remove lockdep_assert_irqs_disabled() from + patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. + It can't possibly work correctly on a 5.3 kernel because + there is no NMI-safe hardirq state tracking yet. +- commit 1234b14 + +- blacklist.conf: Add 62441a1fb532 x86/sev-es: Correctly track IRQ states in runtime #VC handler +- commit 1b48e04 + +- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1183553). +- x86/sev-es: Check regs->sp is trusted before adjusting #VC + IST stack (bsc#1183551). +- x86/sev-es: Introduce ip_within_syscall_gap() helper + (bsc#1183552). +- commit 8bcc6e7 + +- ibmvfc: free channel_setup_buf during device tear down + (bsc#1183440 ltc#191464). +- commit b86b88e + +- s390: lock down kernel in secure boot mode (jsc#SLE-7741). +- Update config files. +- commit 1499b7b + +- iommu/amd: Fix sleeping in atomic in increase_address_space() + (bsc#1183310). +- commit f8bf292 + +- Refresh ibmvfc patches to upstream version. +- commit e1a83f9 + kernel-preempt +- vfio-ccw: Wire in the request callback (bsc#1183225). +- vfio-mdev: Wire in a request handler for mdev parent + (bsc#1183225). +- commit 1a8b567 + +- Update config files. (bsc#1181284) +- commit 09b2083 + +- KVM: SVM: Periodically schedule when unregistering regions on + destroy (bsc#1184511 CVE-2020-36311). +- commit fad3809 + +- crypto: essiv - fix AEAD capitalization and preposition use + in help text (bsc#1184134 ltc#192244). +- commit ba310cd + +- crypto: essiv - create wrapper template for ESSIV generation + (bsc#1184134 ltc#192244). + Update config files. + supported.conf: Add crypto/essiv +- commit 07e8de6 + +- Refresh + patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh + patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. + Update metadata +- commit 61adb77 + +- xen-blkback: don't leak persistent grants from xen_blkbk_map() + (bsc#1183646, CVE-2021-28688, XSA-371). +- commit d927391 + +- Refresh + patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch. +- commit ea9970d + +- thunderbolt: Add support for Intel Tiger Lake-H (bsc#1184129). +- commit a872918 + +- thunderbolt: Introduce tb_switch_is_tiger_lake() (bsc#1184129). +- commit cb3c283 + +- mm/mremap_pages: fix static key devmap_managed_key updates + (bsc#1181787). +- commit e836b25 + +- iwlwifi: Fix MODULE_FIRMWARE() ucode definitions for SLE15-SP3 + (bsc#1183860). +- commit 8e0bc83 + +- scsi: ibmvfc: Make ibmvfc_wait_for_ops() MQ aware (bsc#1184111 + ltc#192232). +- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() + (bsc#1184111 ltc#192232). +- commit ecee0a9 + +- arm64/crash_core: Export TCR_EL1.T1SZ in vmcoreinfo + (bsc#1179863). +- crash_core, vmcoreinfo: Append 'MAX_PHYSMEM_BITS' to vmcoreinfo + (bsc#1179863). +- commit 3277e15 + +- s390/vtime: fix increased steal time accounting (bsc#1183859). +- commit 5026f60 + +- Refresh patch metadata. +- Refresh patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch. +- Refresh patches.suse/powerpc-pseries-mobility-handle-premature-return-fro.patch. +- Refresh patches.suse/powerpc-pseries-mobility-use-struct-for-shared-state.patch. +- Refresh patches.suse/scsi-ibmvfc-Free-channel_setup_buf-during-device-tea.patch. +- commit 815f258 + +- Refresh + patches.suse/net-mlx5e-Fix-CQ-params-of-ICOSQ-and-async-ICOSQ.patch. + Fixed backport (bsc#1183773) +- commit 9959a4b + +- net: core: introduce __netdev_notify_peers (bsc#1183871 + ltc#192139). +- commit 658d714 + +- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139). +- ibmvnic: remove unused spinlock_t stats_lock definition + (bsc#1183871 ltc#192139). +- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch +- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139). +- ibmvnic: avoid multiple line dereference (bsc#1183871 + ltc#192139). +- ibmvnic: fix braces (bsc#1183871 ltc#192139). +- ibmvnic: fix block comments (bsc#1183871 ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch. +- Refresh patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch. +- Refresh patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch. +- ibmvnic: prefer 'unsigned long' over 'unsigned long int' + (bsc#1183871 ltc#192139). +- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll + (bsc#1183871 ltc#192139). +- ibmvnic: rework to ensure SCRQ entry reads are properly ordered + (bsc#1183871 ltc#192139). +- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours + (bsc#1183871 ltc#192139). +- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 + ltc#192139). +- Refresh patches.suse/ibmvnic-fix-a-race-between-open-and-reset.patch +- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139). +- commit efd07e6 + +- squashfs: fix xattr id and id lookup sanity checks (bsc#1183850). +- commit b1827ac + +- squashfs: fix inode lookup sanity checks (bsc#1183850). +- commit 9b5c651 + +- net: make __dev_alloc_name consider all name nodes when looking + for (bsc#1180103). +- commit 3400412 + +- Update + patches.suse/s390-lock-down-kernel-in-secure-boot-mode.patch + (bsc#1183746 jsc#SLE-7741). +- commit e9dda35 + +- netsec: restore phy power state after controller reset + (bsc#1183756). +- commit 45d0550 + +- powerpc/pseries/mobility: handle premature return from H_JOIN + (bsc#1183662 ltc#191922). +- powerpc/pseries/mobility: use struct for shared state + (bsc#1183662 ltc#191922). +- commit 36f1612 + +- padata: upgrade smp_mb__after_atomic to smp_mb in + padata_do_serial (bsc#1178648). +- commit f3ee3cb + +- ALSA: usb-audio: fix use after free in usb_audio_disconnect + (bsc#1182552 bsc#1183598). +- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe + (bsc#1182552 bsc#1183598). +- commit 8173e6a + +- Move upstreamed sound fixes into sorted section +- commit 4b54f4c + +- Refresh sorted section. +- commit c4b4430 + +- rpadlpar: fix potential drc_name corruption in store functions + (bsc#1183416 ltc#191079). +- commit 9661ab7 + +- Refresh patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. +- Refresh patches.suse/x86-sev-es-handle-db-events. + Remove lockdep_assert_irqs_disabled() from + patches.suse/x86-sev-es-add-a-runtime-vc-exception-handler. + It can't possibly work correctly on a 5.3 kernel because + there is no NMI-safe hardirq state tracking yet. +- commit 1234b14 + +- blacklist.conf: Add 62441a1fb532 x86/sev-es: Correctly track IRQ states in runtime #VC handler +- commit 1b48e04 + +- x86/sev-es: Use __copy_from_user_inatomic() (bsc#1183553). +- x86/sev-es: Check regs->sp is trusted before adjusting #VC + IST stack (bsc#1183551). +- x86/sev-es: Introduce ip_within_syscall_gap() helper + (bsc#1183552). +- commit 8bcc6e7 + +- ibmvfc: free channel_setup_buf during device tear down + (bsc#1183440 ltc#191464). +- commit b86b88e + +- s390: lock down kernel in secure boot mode (jsc#SLE-7741). +- Update config files. +- commit 1499b7b + +- iommu/amd: Fix sleeping in atomic in increase_address_space() + (bsc#1183310). +- commit f8bf292 + +- Refresh ibmvfc patches to upstream version. +- commit e1a83f9 + kgeography +- Add patch from upstream to fix a crash when the user disables + the "Wait for validation" option (kde#435555): + * 0001-Fix-crash-when-Wait-for-validation-is-not-enabled.patch + kio +- Add patches to avoid breaking text codec inintialization + (boo#1134688, kde#432406): + * 0001-Fix-default-codec-being-set-to-US-ASCII-in-KIO-apps.patch + * 0002-Use-Q_LOGGING_CATEGORY-macro-instead-of-explicit-QLo.patch + * 0003-Remove-extra-after-Q_LOGGING_MACRO-usage.patch + ldb +- Release ldb 2.2.1 + + CVE-2020-27840: Unauthenticated remote heap corruption via bad DNs; + (bso#14595); (bsc#1183572); + + CVE-2021-20277: out of bounds read in ldb_handler_fold; (bso#14655); + (bsc#1183574); + libX11 +- U_0001-_XIOError-dpy-will-never-return-so-remore-dead.patch + U_0002-remove-empty-line.patch + U_0003-poll_for_response-Call-poll_for_event-again-if-xcb_p.patch + U_0004-poll_for_event-Allow-using-xcb_poll_for_queued_event.patch + U_0005-Prepare-for-_XIOError-possibly-returning.patch + U_0006-Fix-poll_for_response-race-condition.patch + * fixes a race condition in libX11 that causes various + applications to crash randomly (boo#1181963) +- refreshed U_0001-Fix-an-integer-overflow-in-init_om.patch + libass +- security update +- added patches + fix CVE-2020-26682 [bsc#1177862], signed integer overflow in the call to outline_stroke() from ass_outline_construct() + + libass-CVE-2020-26682.patch + -- add versioned Requires to devel pkg, enca is required by pkgconfig - -- Version bup to 0.10.2 - * API additions and some ABI changes, bumped SONAME - * Expose header field for VSFilter color mangling (GC #87) - * Add functions for explicit scaling hints (GC #6) - * Add 'type' field to ASS_Image (GC #31) - * Workaround Freetype's font size grid-fitting where appropriate - * Apply blur to both glyph and border when using opaque box - * Parser bugfixes - * Parse angles in style as number - * Fix fallback event formats - * Make closing ')' optional for some tags - * Fix crazy VSFilter behaviour for \move (GC #90) - * Make \r fall back to line style (GC #104) - * Parse style name like VSFilter - * Ignore junk in nested \t tags - * Make \clip tag arguments mandatory - * Properly handle script and language in the HarfBuzz shaper - * Allow ASS_Track and ASS_Renderer to have different ASS_Library - * Fix stroking in some rare cases - * Correctly handle @font advance (GC #94) - * Fix ascent/descent for some fonts (GC #106) - * Fix ass_step_sub to not require sorted events - * Fix blur scaling - * Don't mutate input strings (GC #88) - * Remove/change some error messages - * Fix various small memory leaks - -- Update to version 0.10.1 - * Fix letter spacing - * Add \rSTYLENAME syntax support (GC #43) - * Fix border generation and border style reset (GC #56) - * Fix various issues with bug-for-bug compatibility of - transformations (\fax, \fay, etc.) to VSFilter (GC #46, GC #42) - * Fix drawing parsing (GC #47) - * Various fixes to shaper (GC #54, GC #55, GC#59) - * Fix change detection - * Add ass_set_line_position API to set a vertical subtitle offset - * Fix scaling of drawing baseline offset (\pbo) values - * Fix skipping of zero-width characters for FriBiDi shaper - * Use LTR text base direction by default, similar to VSFilter - -- Update to version 0.10.0 - + Bidirectional layout and Arabic shaping via FriBidi (GC #13) - + Add API for shaper configuration - + Add support for `Language' Script Info property, this can be - used for hinting the text language - + Vertical layout improvements - * Use `vert' and `vkna' OpenType features for vertical glyph - variants - * Position rotated glyphs onto baseline - + Parse font encoding property for base text direction hinting - + Refactor cache system - + Use generic outlines in place of FreeType glyphs - + Direct outline bitmap rendering - + Fix whitespace trimming (GC #35) - + Do not render border if there's no shadow or glyph (GC #29) - + Adjust spacing after a italic to non-italic style change (GC #37) - + Fix fade timing - + Fix x positioning with borders (GC #27) -- Use pkgconfig() BuildRequires -- Parameterize the soname number - -- Update to version 0.9.12: - + Switch to permissive (ISC) license - + Support \fs+ and \fs- syntax for modifying font size - + Fix word-wrapping - + Improved charmap fallback matching - + Handle a few more VSFilter quirks correctly - + Add a sensible default style - + Fix compilation against libpng 1.5 -- Add xz BuildRequires, as the new tarballs are xz compressed -- Change License tag from GPLv2+ to ISC, as upstream changed to - this license. -- Do not use source service, as Factory is moving away from it in - favor of a different implementation to verify authenticity of - tarballs. Consequently add a valid URL as Source. - -- added 32bit compatibility libraries -- updated description to official description (fix for RPMLINT warning) - -- fix -devel package dependencies - -- Update to version 0.9.11 - * Fix serious memory leaks - * Reduce frame/drawing initialization overhead - * Basic (incorrect, but working) support for @font vertical text layout - * Fix multiple faces per font attachment - * charmap selection fixes - * Add ass_flush_events API function - * Improve fullname font matching - * Better PAR correction if text transforms are used - * Calculate drawing bounding box like VSFilter - * Performance improvements - * Cache vector clip masks - * Avoid unnecessary glyph copies - * Various rendering fixes - * Parse numbers in a locale-independent way - * Remove support for freetype < 2.2.1, fontconfig < 2.4.1; this especially - means libass will not extract fonts into the file system anymore - * Disable script file size limit - * Match fonts against the full name ("name for humans") - * Reset clip mode after \iclip - * Improve VSFilter compatibility - * Update API documentation - * A couple of smaller fixes and cleanups - * Support \q override tag - * Support wrap style 1 (i.e. wrap, but do not equalize line lengths) - * Support border style 3 (opaque box) - * Use the event bounding box (instead of vertical position and height) for - collision detection - * Embold glyphs if no bold variant is available, but was requested - * Modify \fax to be similar to VSFilter - * Trim spaces after line wrapping - * Fix border/shadow overlap combining in some cases - * Disable kerning by default. Use "Kerning=yes" style override or - "Kerning: yes" in [Script Info] to enable it - * Slight bitmap handling optimizations - * Various bugfixes - -- Remove unneeded autoreconf -- Correct license tag -- Make build more verbose so checking tools can do its work - -- New SuSE package, version 0.9.7. -- Name and split according to shared library packaging policy. - -- and now to the OBS -- update to 0.9.6 - libcap +- Update to libcap 2.26 for supporting the ambient capabilities + (jsc#SLE-17092, jsc#ECO-3460) +- Use "or" in the license tag to avoid confusion (bsc#1180073) + -- updated to libcap-2.19 - * more stuff in capsh.c - * sys/capability.h header clean up and fixes. - -- fixed build on ppc64 (needs to get linux/types.h included first). - -- use %_smp_mflags - -- fix deps for fdupes - -- add baselibs.conf as a source - -- fix a typo in the previous patch (__le64) (bnc#487453) -- don't define __u32 & co if _LINUX_TYPES_H is defined (bnc#487453) - -- fix build error on i386 due to missing __u64 definition in - sys/capability.h - libgnomesu +- Update to version 2.0.6: + * Updated translations. + +- Update to version 2.0.5: + * Gracefully exit on SIGTERM to avoid leaving behind xauth + temporary files due to skipped pam cleanup on shutdown + (bsc#1176514). + +- Use %{_libexecdir} where appropriate (instead of %{_prefix}/lib). + libnftnl -- libnftnl version bump [jsc#SLE-7497] - * iptables 1.8.3 needs libnftnl >= 1.1.3 +- Update to release 1.1.9 + * Improve formatting of registers in bitwise dumps. + +- Update to release 1.1.8 + * libnftnl: export nftnl_set_elem_fprintf + * examples: add support for NF_PROTO_INET family + * table: add userdata support + * object: add userdata and comment support + * chain: add userdata and comment support + * src: add support for chain ID attribute + +- Update to release 1.1.7 + * udata: add NFTNL_UDATA_SET_DATA_INTERVAL + +- Update to release 1.1.6 + * add slave device matching + * support for NFTNL_SET_EXPR + +- Update to release 1.1.5 + * flowtable: add support for handle attribute + * obj/ct_timeout: Avoid array overrun in timeout_parse_attr_data() libostree -- Enable LTO (boo#1133120) as it works now. - -- Update to version 2020.8: - + This release mostly contains scalability improvements and - bugfixes. - + Caching-related HTTP headers are now supported on summaries and - signatures, so that they do not have to be re-downloaded if not - changed in the meanwhile. - + Summaries and delta have been reworked to allow more - fine-grained fetching. - + Finally, this fixes several bugs related to atomic variables, - HTTP timeouts, and 32-bit architectures. -- Changes from version 2020.7: - + Static deltas can now be signed to more easily support offline - verification. - + There's now support for multiple initramfs images; the idea - here is that one can have a "main" initramfs image and a - secondary one which represents local configuration. - + The documentation is now moved to - https://ostreedev.github.io/ostree/ - + Lot of preparatory cleanups to the pull code landed for - upcoming work on indexing deltas outside of the summary. - + On the bugfix side, the biggest one is a fix for an assertion - failure when upgrading from systems before ostree supported - devicetree. - + Also notable is that ostree no longer hardlinks zero sized - files to avoid hitting filesystem maximum link counts. -- Changes from version 2020.6: - + One notable feature: ostree now supports / and /boot being on - the same filesystem. - + Other than that it's mostly bugfixes; there is one quite - important one for anyone using the readonly=true for /sysroot - (which is still just Fedora CoreOS I suspect). - + There's some improvements to the GObject Introspection - metadata, some (cosmetic) static analyzer fixes, a fix for the - immutable bit on s390x, dropping a deprecated bit in the - systemd unit file, etc. -- Changes from version 2020.5: - + This release primarily fixes a regression in 2020.4 where the - "readonly sysroot" changes incorrectly left the sysroot - read-only on systems that started out with a read-only / (most - of them, e.g. Fedora Silverblue/IoT at least). - + There's some additions to the pull API to aid flatpak. - + There were a few fixes to the man pages, and ostree show now - displays the parent commit. - + The default dracut config now enables reproducibility. - + On the "feature" side, there is a new ostree admin unlock - - -transient. We expect this to be a foundation for further - support for "live" updates. -- Changes from version 2020.4: - + By far the biggest change in this release is new ed25519 - signing support, powered by libsodium. - + stree commit gained a new --base argument, which significantly - simplifies constructing "derived" commits, particularly for - systems using SELinux. - + Handling of the read-only sysroot was reimplemented to run in - the initramfs and be more reliable. Enabling the readonly=true - flag in the repo config is recommended. - + Several bugs were fixed in locking for the temporary "staging" - directories OSTree creates, particularly on NFS. - + lib: Coerce flags enums to GIR bitfields changed some values to - be (correctly) flags - this may show up as incompatible for - GObject Introspection consumers (but not C). - + A new timestamp-check-from-rev option was added for pulls, - which makes downgrade protection more reliable and will be used - by Fedora CoreOS. - + Several fixes and enhancements were made for "collection" pulls - including a new --mirror option. - + The ostree commit command learned a new --mode-ro-executables - which enforces W^R semantics on all executables. - + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) - was added to help standardize the architecture of the OSTree - commit. This could be used on the client side for example to - sanity-check that the commit matches the architecture of the - machine before deploying. - -- Stop invalid usage of %_libexecdir: - + Use %{_prefix}/lib where appropriate. - + Use _systemdgeneratordir for the systemd-generators. - + Define _dracutmodulesdir based on dracut.pc. Add - BuildRequires(dracut) for this to work. - libreoffice +- Adjust the package to work on SLE-12-SP5 + * bundle boost and icu + * add patches 0001-Revert-java-9-changes.patch and + 0002-fix-the-endif-placement-for-GTK_CHECK_VERSION.patch + +- Fix bsc#1182970 - LO-L3: PPTX: image styles that clip images into curvy shapes missing (and images shown rectangular) + * bsc1182970.patch + +- Version update to 7.1.2.2: + * 7.1.2 final release +- Drop merged patches: + * bsc1174465.diff + * bsc1181644.diff + * bsc1176547_1.diff + * bsc1176547_2.diff + libstorage-ng +- Translated using Weblate (Spanish) (bsc#1149754) +- 4.3.105 + +- merge gh#openSUSE/libstorage-ng#801 +- allow diagnostics partition id for GPT (bsc#1184073) +- 4.3.104 + +- Translated using Weblate (French) (bsc#1149754) +- 4.3.103 + +- Translated using Weblate (German) (bsc#1149754) +- 4.3.102 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.3.101 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.3.100 + +- Translated using Weblate (Indonesian) (bsc#1149754) +- 4.3.99 + +- Translated using Weblate (Spanish) (bsc#1149754) +- 4.3.98 + +- Translated using Weblate (Chinese (Taiwan)) (bsc#1149754) +- 4.3.97 + +- Translated using Weblate (Chinese (China)) (bsc#1149754) +- 4.3.96 + libtpms +- Update to version 0.7.7 + * CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446) + * tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage + * tpm2: Address some Coverity issues (false positives) + * tpm1.2: Backported ASAN/UBSAN related fixes + * tpm2: Return properly sized array for b parameter for NIST P521 + (HLK) + * tpm2: Addressed issues detected by UBSAN + * tpm2: Addressed issues detected by cppcheck (false positives) + libunistring +- version update to 0.9.10 [bsc#1183794] + * The functions + u8_casing_prefix_context, u8_casing_prefixes_context, + u8_casing_suffix_context, u8_casing_suffixes_context, + u16_casing_prefix_context, u16_casing_prefixes_context, + u16_casing_suffix_context, u16_casing_suffixes_context, + u32_casing_prefix_context, u32_casing_prefixes_context, + u32_casing_suffix_context, u32_casing_suffixes_context, + that are documented since version 0.9.1, are now actually + implemented. + * bump gnulib version + -- libunistring-gnulib-ppc64le.patch: Fix imported gnulib long double - math tests for little-endian PowerPC. - -- license update: LGPL-3.0+ and GPL-3.0+ - Numerous files in tests/ and woedll are GPL-3.0+ licensed. Either put - them in a separate GPL-3.0+ labelled subpackage or use this label for the - main License: line - -- Nuke unnecessary libunistring binary package: move documentation - files to devel subpackage - -- Remove redundant tags/sections per specfile guideline suggestions -- Parallel building using %_smp_mflags - -- Workaround qemu-arm bugs. - -- updated to version 0.9.3: - * Bug fixes in unistr.h functions: - - The functions u16_to_u32, u16_to_u8, u8_to_u32, u8_to_u16 now fail when - the argument is not valid. Previously, they returned a converted string - where invalid parts were each replaced with U+FFFD. - - The function u8_mbsnlen now counts an incomplete character at the end - of the argument string as 1 character. Previously, it could count as 2 - or 3 characters. - - The return value of the u8_stpncpy, u16_stpncpy, u32_stpncpy functions - was incorrect. - - The u8_strcoll, u16_strcoll, u32_strcoll now try harder to give a non-zero - return value. - -- updated to version 0.9.2.1: - * The function uc_locale_language now uses the locale of the - current thread, if a thread-specific locale has been set. - -- initial version of package 0.9.1.1 -- spec file taken from - http://www.pixelbeat.org/patches/libunistring - (PĂĄdraig Brady options.extension was allocated before + checking async_context + * CONC-517: C/C looks for plugins in wrong location on Windows + mdadm +- cluster-md/mdadm : avoid useless re-sync (bsc#1181341) + 0114-super1-fix-Floating-point-exception.patch + 0115-super1.c-avoid-useless-sync-when-bitmap-switches-fro.patch + multipath-tools +- Update to version 0.8.5+30+suse.633836e: + * multipathd: give up "add missing path" after multiple failures + (bsc#1183963) + netpbm +- skip failing tests for armv7hl (bsc#1181571) + nftables +- Update to release 0.9.8 + * Complete support for matching ICMP header content fields. + * Added raw tcp option match support. + * Added ability to check for the presence of any tcp option. + * Support for rejecting traffic from the ingress chain. + +- Update to release 0.9.7 + * Support for implicit chains + * Support for ingress inet chains + * Support for reject from prerouting chain + * Support for --terse option in json + * Support for the reset command with json + +- Update to release 0.9.6 + * Fix two ASAN runtime errors + +- Update to release 0.9.5 + * Support for set counters. + * Support for restoring set element counters via nft -f. + * Counter support for flowtables. + * typeof concatenations support for sets. + * Support for concatenated ranges in anonymous sets. + * Allow to reject packets with 802.1q from the bridge family. + * Support for matching on the conntrack ID. +- Drop anonset-crashfix.patch (upstream solved differently) + +- Add anonset-crashfix.patch [boo#1171321] + +- Update to release 0.9.4 + * Add a helper for concat expression handling. + * Add "typeof" build/parse/print support. + +- Add json, python [boo#1158723] + +- Update to release 0.9.3 + * meta: Introduce new conditions "time", "day" and "hour". + * src: add ability to set/get secmarks to/from connection. + * flowtable: add support for named flowtable listing. + * flowtable: add support for delete command by handle. + * json: add support for element deletion. + * Add `-T` as the short option for `--numeric-time`. + * meta: add ibrpvid and ibrvproto support + +- Update to new upstream release 0.9.2 + * Transport header port matching, e.g. "th dport 53" + * Support for matching on IPv4 options + * Support for synproxy + +- Remove unused dblatex BuildRequires, only needed for the optional + and disabled PDF generation (same contents as shipped manpage). + +- Update to new upstream release 0.9.0 + * Support to check if packet matches an existing socket. + * Support to limit number of active connections by arbitrary + criteria, such as ip addresses, networks, conntrack zones or + any combination thereof. + * Added support for "audit" logging. + +- Update to new upstream release 0.8.5 + * support to add/insert a rule at a given index position + * meter statement now supports a configureable upper max size + * timeouts for sets can now be specified in milliseconds + * re-add iptables-like empty skeleton rulesets + +- Update to new upstream release 0.8.4 + * Support to match IPv6 segment routing headers. + * New "meta ibrname" and "meta obrname" arguments to match the + name of the logical bridge a packet is passing through. + These new names replace the old (misnamed) "ibriport"/"obriport". + * `nft -a` will now show handle identifier for all objects, + including tables and chains. + * nft can now delete objects by their handle number. + * Support to update maps from the ruleset (packet path). + * the "--echo" option now prints handle id for tables and + object too. + * `nft -f -` will now read from standard input + * Support for flow tables, cf. man page or + https://lwn.net/Articles/738214/ . + +- Update to new upstream release 0.8.3 + * raw payload support to match headers that do not yet have + received a mnemonic. + -- Update to new upstream release 0.3 - * More compact syntax for the queue action - * Match input and output bridge interface name through "meta - ibriport" and "meta obriport" - * netlink event monitor, to monitor ruleset events, set changes, etc. - * New transaction infrastructure - fully atomic updates for all - object available in the upcoming 3.16. - -- Initial package for build.opensuse.org - nghttp2 -- Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and - cilium-proxy (bsc#1166481) - * lib: Add nghttp2_check_authority as public API - * lib: Fix the bug that stream is closed with wrong error code - * lib: Faster huffman encoding and decoding - * build: Avoid filename collision of static and dynamic lib - * build: Add new flag ENABLE_STATIC_CRT for Windows - * build: cmake: Support building nghttpx with systemd - * third-party: Update neverbleed to fix memory leak - * nghttpx: Fix bug that mruby is incorrectly shared between - backends - * nghttpx: Reconnect h1 backend if it lost connection before - sending headers - * nghttpx: Returns 408 if backend timed out before sending - headers - * nghttpx: Fix request stal - -- Conditionally remove dependecy on jemalloc for SLE-12 - -- Require correct library from devel package - boo#1125689 - -- Update to version 1.39.2 (bsc#1146184, bsc#1146182): - * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513 - “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 - frames cause Denial of Service by consuming CPU time. Check out - https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md - for details. For nghttpx, additionally limiting inbound traffic by - - -read-rate and --read-burst options is quite effective against - this kind of attack. - * Add nghttp2_option_set_max_outbound_ack API function - * nghttpx: Fix request stall - -- Update to version 1.39.1: - * This release fixes the bug that log-level is not set with - cmd-line or configuration file. It also fixes FPE with default - backend. -- Changes for version 1.39.0: - * libnghttp2 now ignores content-length in 200 response to - CONNECT request as per RFC 7230. - * mruby has been upgraded to 2.0.1. - * libnghttp2-asio now supports boost-1.70. - * http-parser has been replaced with llhttp. - * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx - or 200 to CONNECT. -- Drop no longer needed boost170.patch - -- Update to 1.38.0: - * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry. - * It also fixes the bug that HTTP/1.1 chunked request stalls. - * Now nghttpx does not log authorization request header field value with -LINFO. - * This release fixes possible backend stall when header and request body are sent in their own packets. - * The backend option gets weight parameter to influence backend selection. - * This release fixes compile error with BoringSSL. -- Add patch from upstream to build with new boost bsc#1134616: - * boost170.patch - -- Update to 1.36.0 - * build: disable shared library if ENABLE_SHARED_LIB is off - * third-party: use http-parser to v2.9.0 (GH-1294) - * third-party: Update mruby to 2.0.0 - * nghttpx: Pool h1 backend connection per address (GH-1292) - * nghttpx: Randomize backend address round robin order per thread - (GH-1291) - * nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287) - * h2load: add an option to write per-request logs (GH-1256) - * asio: added access to # of the current server port (GH-1257) - -- Use multibuild to not pull in python3 in first build, nghttp2 - is low in the system - -- Update to version 1.35.1: - * nghttpx: Fix broken trailing slash handling (GH-1276) -- Changes for version 1.35: - * build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238) - * lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222) - * src: Require C++14 language feature - * nghttpx: Write mruby send_info early - * nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend - * h2load: Handle HTTP/1 non-final response (GH-1259) - * h2load: Clarify that time for connect includes TLS handshake - -- Update to version 1.34.0: (bsc#1112438, FATE#326776) - * lib: Implement RFC 8441 :protocol support - * nghttpx: Add read/write-timeout parameters to backend option - * nghttpx: Fix mruby parameter validation in backend option - * nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 - * nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues - * nghttpx: Update mruby 1.4.1 - * nghttpx: Add mruby env.tls_handshake_finished - * nghttpx: Add --tls13-ciphers and --tls-client-ciphers options - * nghttpx: Add RFC 8470 Early-Data header field support - * nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support - -- Update to version 1.33.0: - * lib: Tweak nghttp2_session_set_stream_user_data - * lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS. - * lib: Implement ORIGIN frame - * asio: support definition of local endpoint for cleartext - client session - * integration: Remove remaining SPDY code from the integration tests - * nghttpx: Fix worker process crash with neverbleed write error - * nghttpx: Support per-backend mruby script - * nghttpx: Fix stream reset if data from client is arrived before - dconn is attached - -- Update to version 1.32.0: - * lib: Ignore all input after calling session_terminate_session - * lib: Fix treatment of padding - * lib: Don't allow 101 HTTP status code because HTTP/2 removes - HTTP Upgrade - * build: add ENABLE_STATIC_LIB option to build static lib - * third-party: Upgrade neverbleed to the latest master - * asio: Support client side SNI - * src: Compile with libressl 2.7.2 - * src: Allow building without NPN - * h2load: -r and --duration are mutually exclusive - -- Version umpdate to 1.31.1: - * Fix bsc#1088639 CVE-2018-1000168 - * https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/ - -- Version update to 1.31.0: - * lib: Add nghttp2_session_set_user_data() public API function (GH-1137) - * src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128) - * nghttpx: Close listening socket on graceful shutdown - * nghttpx: Add an option to accept expired client certificate (GH-1126) - * nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123) - * nghttpx: Fix potential memory leak - * lib: Allow PING frame to be sent after GOAWAY (GH-1103) - * nghttpx: Fix bug that h1 backend idle timeout expires sooner - * nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119) - * nghttpx: Add upgrade-scheme parameter to backend option (GH-1099) - * nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094) - * nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101) - -- Drop spdylay dependency as it is deprecated since version 1.28.0 - and removed from cofnigure.ac since 1.29.0 - -- Use %license (boo#1082318) - -- Update to version 1.29.0: - * lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by - GOAWAY - * build: Remove SPDY - * build: Fix CMAKE_MODULE_PATH - * nghttpx: Revert "nghttpx: Use an existing h2 backend connection - as much as possible" - * nghttpx: Write API request body in temporary file - * nghttpx: Increase api-max-request-body - * nghttpx: Faster configuration loading with lots of backends - * nghttpx: Fix crash with --backend-http-proxy-uri option - -- Export PYTHON=/usr/bin/python3 before running configure: allow to - build without (comnplete) python2 in the buildroot. In any case - we only ship python3-bindings already. - -- Upodate to version 1.28.0: - * lib: Add nghttp2_error_callback2 - * build: Add deprecation warning when spdylay support is enabled - * Switch to clang-format-5.0 - * examples: Make client and server work with libevent-2.1.8 - * third-party: Update neverbleed - * integration: Fix issues reported by the go vet tool. - * nghttpx: Fix affinity retry - * nghttpx: Fix stalled backend connection on retry - * nghttpx: Cookie based session affinity - * nghttpx: Expose additional TLS related variables to mruby and - accesslog - -- Drop forgotten python2 build dependency - -- Update to version 1.27.0: - * h2load: Print out h2 header fields with --verbose option - * nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client - only -- Changes for version 1.26.0: - * docs: Fix some typos in the nghttpx how-to - * h2load: Fix bug that timing script stalls with -m1 - * h2load: Reservoir sampling (GH-984) - * h2load: Add timing-based load-testing in h2load -- Switch to python3 support - -- Don't use jemalloc on ppc or %arm, where it is broken. - -- Update to version 1.25.0: - * lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983) - * nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979) - * nghttpx: Update mruby to 1.3.0 (GH-957) - -- Drop doc building -- Rename python subpackage to python2 - -- Update to version 1.24.0: - * doc: README.rst: fix typo (Patch from Simone Basso) (GH-947) - * doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945) - * doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938) - * nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949) - * nghttpx: Verify OCSP response using trusted CA certificates (GH-943) - * nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937) -- Changes for version 1.23.1: - * nghttpx: Fix crash in OCSP response verification -- Changes for version 1.23.0: - * lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919) - * lib: Treat incoming invalid regular header field as stream error (GH-900) - * lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904) - * doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925) - * doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917) - * doc: Clarify the effect of nghttp2_option_set_no_http_messaging - * nghttpx: Verify OCSP response (GH-929) - * nghttpx: Fix certificate selection based on pub key algorithm (GH-924) - * nghttpx: Fix certificate indexing bug - * nghttpx: Run OCSP at startup (GH-922) - * nghttpx: Wildcard path matching (GH-914) - * nghttpx: Forward multiple via, xff, and xfp header fields (GH-903) - * nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906) - -- Update to version 1.22.0: - * lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884) - * asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881) - * nghttpx: Clarify --conf option behaviour - * nghttpx: Add $tls_sni access log variable (GH-896) - * nghttpx: Rename ssl_* log variables as tls_* (GH-895) - * nghttpx: Fix path matching bug (GH-894) - * nghttpx: SNI based backend server selection (GH-892) - * nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878) - * nghttpx: Add options for X-Forwarded-Proto header field (GH-872) - * nghttpx: Add --single-process option (GH-869) - * nghttpx: Use 502 as server error code - * nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl - * nghttp: Verify server certificate and show warning if it fails (GH-870) - * integration: Use nip.io instead of xip.io - -- Update to version 1.21.1: - * asio: Fix crash if connect takes longer time than ping interval (GH-866) - * nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871) -- Changes for version 1.21.0: - * lib: Fix nghttp2_session_want_write (GH-832) - * doc: Document pkg-config path usage - * build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility. - * src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853) - * src: Use Mozilla's "Modern compatibility" ciphers by default - * src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823) - * nghttpx: Print version number with -v option - * nghttpx: Enable X25519 with boringssl - * nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858) - * nghttpx: Failing to listen on server socket is fatal error - * nghttpx: Escape certain characters in access log (GH-856) - * nghttpx: Ignore further input if connection is going to close - * nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process. - * nghttpx: Enable backend pattern matching with http2-proxy (GH-733) - * asio: client: Send PING after 30 seconds idle (GH-847) - -- Update to version 1.20.0: - * lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814) - * lib: Add nghttp2_option_set_no_closed_streams (GH-810) - * build: Disable spdylay detection by default - * build: Add --with-systemd option to configure - * fuzz: Add fuzzer for oss-fuzz (GH-799) - * src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816) - * src: h2 requires >= TLSv1.2 - * asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805) - * asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu) - * asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794) - * asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795) - * nghttpx: Strip version number from server header field - * nghttpx: Add --single-worker option - * nghttpx: Fix bug that send_reply does not participate graceful shutdown - * nghttpx: Add --frontend-max-requests option - * nghttpx: Enable stream-write-timeout by default - * nghttpx: Fix stream write timer handling - * nghttpx: Add configrevision API endpoint (GH-820) - * nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819) - * nghttpx: Update log time stamp in millisecond interval - * nghttpx: Better error message when private key and certificate are missing - * nghttpx: Fix bug that old config is used during reloading configuration - * nghttpx: Specify TLS protocol by version range (GH-809) - * nghttpx: Send SIGQUIT to the original master process (GH-807) - * nghttpx: Restrict HTTP major and minor in 0 or 1 - * nghttpx: Drop privilege of neverbleed daemon first - * nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802) - * nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801) - * nghttpx: Send 1xx non-final response using mruby script (GH-800) - * nghttpx: Select certificate by client's supported signature algorithm (GH-792) - * nghttpx: Recommend POST for backendconfig API request - * nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789) - * nghttp: add support for link rel="preload" for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791) - * h2load: Fix wrong req_stat updates - * h2load: Explicitly count the number of requests left and inflight - * integration: Fix deprecation warnings - * integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr -- Changes for version 1.19.0: - * lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object - * Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769) - * doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768) - * build: Compile with Android NDK r13b using clang - * src: Fix assertion error with boringssl - * nghttp: Take into account scheme and port when parsing HTML links - * nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783) - * nghttpx: Add --accesslog-write-early option (GH-777) - * nghttpx: Fix access.log timestamp (GH-778) - * nghttpx: Show default cipher list in -h - * nghttpx: Add client-ciphers option - * nghttpx: Add client-no-http2-cipher-black-list option - * nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections. - * nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612) - * nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612) - * nghttpx: Enable SCT with OpenSSL 1.1.0 - * nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765) - * h2load: Show default cipher list in -h - * h2load: Show custom server temp key such as X25519 - * h2load: Fix incorrect return value from spdylay_send_callback -- Changes for version 1.18.1: - * nghttpx: Fix assertion error in libev ev_io_start (GH-759) - * nghttpx: Handle c-ares success without result - * nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763) - * nghttpx: Fix bug that DNS timeout was ignored (GH-763) - -- use individual libboost-*-devel packages instead of boost-devel - -- Update to version 1.18.0: - * lib: Accept and ignore content-length: 0 in 204 response for now - * build: Use pkg-config to detect libxml2 - * build: Require c-ares to compile applications under src - * build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte) - * examples: Delete tiny-nghttpd - * nghttpx: Retry h1 backend request if first write fails (GH-757) - * nghttpx: Keep reading after backend write failed (GH-756) - * nghttpx: Add frontend-keep-alive-timeout option (GH-755) - * nghttpx: New error log format (GH-749) - * nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742) - * nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731) - * nghttpx: Lookup backend host name dynamically (GH-721) - * nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735) - * nghttpx: Wait for child process to exit - -- Update to version 1.17.0: - * lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722) - * lib: Avoid memcpy against NULL src - * build: MSVC version resource support (Patch from Remo E) (GH-718) - * asio: server: Call on_close callback on connection close (GH-729) - * nghttpx: Fix frequent crash with --backend-http-proxy-uri - * nghttpx: Robust backend read timeout - * nghttpx: Fix bug that mishandles response header from h1 backend - * nghttpx: Fix bug that zero-length POST is not forwarded (GH-726) - * nghttpx: Remove optional reason-phrase from SPDY :status - * nghttpx: Header key and value must be string in mruby script - * nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722) - * nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722) - * nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717) - * nghttpd, nghttpx, asio: Add missing mandatory SP after status code - -- Update to version 1.16.1: - * lib: Prevent undefined behavior in decode_length - * nghttpx: Fix bug which may crash nghttpx if non-final response - is forwarded from origin server to HTTP/1.1 client -- Changes for version 1.16.0: - * lib: Add nghttp2_set_debug_vprintf_callback to take advantage - of DEBUGF statements in when building DEBUGBUILD. - * Update .clang-format for clang-format-3.9 - * build: Make it possible to include nghttp2/CMakeLists.txt in - another project using add_subdirectory. - * third-party: Update http-parser to - feae95a3a69f111bc1897b9048d9acbc290992f9 - * asio: Fix crash when end() is called outside nghttp2 callback - * nghttpx: Add --backend-connect-timeout option - * nghttpx: Add TLS signed_certificate_timestamp extension support - * nghttpx: Add --ecdh-curves option to specify list of named - curves - * h2load: Add --header-table-size and --encoder-header-table-size - options - -- Update to version 1.15.0: - * lib: Add nghttp2_option_set_max_deflate_dynamic_table_size() - API function (GH-684) - * lib: Allow NGHTTP2_ERR_PAUSE from - nghttp2_data_source_read_callback (GH-671) - * lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size() - and nghttp2_session_get_hd_inflate_dynamic_table_size() API - functions to get current HPACK dynamic table size (GH-664) - * lib: Add nghttp2_session_get_local_settings() API function - * lib: Add nghttp2_session_get_local_window_size() and - nghttp2_session_get_stream_local_window_size() API functions - * build: Add -lsocket -lnsl to APPLDFLAGS for solaris build - * neverbleed: Update neverbleed to support ECDSA certificate - * doc: Mention --enable-lib-only configure option in README - * integration: Fix test failure with go1.7.1 - * src: Fix compile error with openssl 1.1.0 - * nghttpx: Improve performance with HTTP/1.1 backend when - request body is involved - * nghttpx: Use std::atomic_* overloads for std::shared_ptr if - available - * nghttpx: Migrate backend stream to another h2 session on - graceful shutdown - * nghttpx: Add option to specify HPACK encoder/decoder dynamic - table size - * nghttpx: Log client address - * nghttpx: Add tls_sni to mruby Nghttpx::Env class - * nghttpx: Add --frontend-http2-window-size option, and its - family functions - * nghttpx: Add experimental TCP optimization for h2 frontend - * nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1, - and 7.2 (GH-670) - * nghttpx: Fix bug that bytes are doubly counted to rate limit - for TLS connections - * nghttpx: Add --no-server-rewrite option not to rewrite server - header field (GH-667) - * nghttpx: Retry if backend h1 connection cannot be established - due to timeout - * nghttpx: Reset stream if invalid header field is received in h2 - * nghttpx: Add --server-name option to change server response - header field (GH-667) - * nghttpd: Add --encoder-header-table-size option - * nghttp: Add --encoder-header-table-size option - * python: Support ALPN, require Python 3.5 - -- Update to version 1.14.0: - * lib: Make emit_header() return void since it always succeed - * lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support - multiple buffer input - * lib: since hd_inflate_commit_indexed() always return 0, - remove the return value check in nghttp2_hd_inflate_hd_nv() - * lib: Use memeq() instead of lstreq() in lookup_token() - * lib: More strict stream state handling - * lib: Modify genlibtokenlookup.py to remove redundant header - comparisons and remove inline qualifier of lookup_token() - in genlibtokenlookup.py - * lib: Fix wrong tree operation to avoid cycle - * lib: Make get_max_index() return the max index in frame, - so we don't need to do extra calculation - * lib: Add nghttp2_on_invalid_header_callback - * lib: Log frame's stream ID for header debug logging - * doc: Remove old doc about differential encoding in HPACK - * doc: Document about ALPN in nghttpx howto - * nghttpx: Log error code from getsockopt(SO_ERROR) on first - write event - * nghttpx: Don't change pushed stream's priority - * nghttpx: Log backend connection failure in WARN level - * nghttpx: Fix bug that api and healthmon parameters do not work - with http2 proxy - * nghttpx: Add access log variable for backend host and port - * nghttpx: Use copy instead of const reference of backend group - * nghttpx: Reload configuration with SIGHUP - * nghttp: Adjust weight according to Firefox stable - * nghttp: Call error callback when invalid header field is - received and ignored - * nghttp: Allow multiple -p option - * deflatehd: Call nghttp2_hd_deflate_change_table_size only - if table size is changed from default - -- Update to version 1.13.0: - * lib: Cancel non-DATA frame transmission from - nghttp2_before_frame_send_callback - * doc: Fix warning with Sphinx 1.4 - * build: Work with Android NDK r12b - * nghttpx: Use consistent hashing for client IP based session - affinity - * nghttpx: Fix FTBFS on armel by explicitly including the header - * nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11 - * nghttpx: Fix build error with libressl - * examples: Fix compile error with OpenSSL v1.1.0-beta2 - -- Update to version 1.12.0: - * Add nghttp2_session_set_local_window_size API function - * Add nghttp2_option_set_max_send_header_block_length API - function (GH-613) - * Fix warning: declaration of 'free' shadows a global declaration - (Patch from Alexis La Goutte) - * examples: Add ALPN support to tutorial client/server (GH-614) - * nghttpx: Reduce TTFB with large number of incoming connections - * nghttpx: Rewrite read timer handling - * nghttpx: Clean up neverbleed AF_UNIX socket - * nghttpx: Add --backend-max-backoff option - * nghttpx: Use 16KiB buffer for reading to match TLS record size - * nghttpx: Add healthmon parameter to -f option to enable health - monitor mode - * nghttpx: Receive reference of std::mt19937, not making a copy - * nghttpx: Fix bug that backend never return to online (GH-615) - * nghttpx: Implement client IP based session affinity - * nghttpx: Add --api-max-request-body option to set maximum API - request body size - * nghttpx: Add api parameter to --frontend option to mark API - endpoint - * h2load: Add content-length header field for HTTP/2 and SPDY as - well - * h2load: Implement HTTP/1 upload (GH-611) - -- Update to 1.11.1 - * lib: Add nghttp2_hd_inflate_hd2() and deprecate - nghttp2_hd_inflate_hd() - * lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set - * lib: Fix bug that PING flags are ignored in nghttp2_submit_ping - * integration: Workaround runtime error: cgo argument has Go pointer - to Go pointer - * nghttp: Eliminate zero length DATA frame at the end if possible - * nghttpd: Set content-length in status response - * nghttpx: Add sni keyword to --backend option - * nghttpx: Allow mixed protocol and TLS settings among backends under - same pattern - * nghttpx: Don't add 0-length DATA when response HEADERS bears - END_STREAM flag - * nghttpx: Don't add chunked encoded response body for HEAD request - * nghttpx: Don't use CN if we have dNSName or iPAddress field - * nghttpx: Just call execv instead of execve to pass environ - * nghttpx: Make SETTINGS timeout value configurable - * nghttpx: Save PID file after it is ready to accept connections - * nghttpx: Treat backend failure if SETTINGS is not received within - timeout - * nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server - is alive - -- Update to 1.10.0 - * Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback - * Add ALTSVC frame support - * Run error callback when peer does not send initial SETTINGS - frame - * Update http-parser - * Update sphinx_rtd_theme - * nghttp: add an --expect-continue option - * nghttpx: Fix downstream connect callback called early - * nghttpx: Truncate too long -b option signature - * nghttpx: Fix bug that server push from mruby script did not - work - * nghttpx: Try next HTTP/1 backend address when connection - cannot be made - * nghttpx: Retry next HTTP/2 backend address when connection - cannot be made - * nghttpx: Enable link header field based push for non-final - response - * nghttpx: Detect online/offline state of backend servers - * nghttpx: Better load balancing between backend HTTP/2 servers - * nghttpx: Fix crash with backend failure - -- Update to 1.9.2 - * nghttpx: Fix crash with backend failure - * nghttpx: Better distribute load to backend h2 servers - * nghttpx: Fix error messages on deprecated mode - * nghttpx: Fix bug that logger wrote string which was not - NULL-terminated - * nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work - -- Update to 1.9.1 - * nghttpx: Fix bug that backend tls keyword did not work with -s - option - * nghttpx: Fix handing stream after connection check was failed -- Changes for 1.9.0 - * lib: Add nghttp2_error_callback to tell application human - readable error message - * lib: Reference counted HPACK name/value pair, adding - * nghttp2_on_header_callback2 - * lib: Add nghttp2_option_set_no_auto_ping_ack() option - * lib: Add nghttp2_http2_strerror() to return HTTP/2 error code - string - * build: Makefile.msvc enhancements (Patch from Jan-E) - * build: Lower libev version requirement (Patch from Peter Wu) - * build: cmake build support (Patch from Peter Wu) - * asio: Fix bug that server event loop breaks with exception - * integration: Disable tests that sometimes break randomly on - travis - * integration: do not use recursive target (Patch from Peter Wu) - * h2load: Fix bug that it did not try to connect to server again - * h2load: Fix bug that initial max concurrent streams was too - large - * nghttpx: Memcached connection encryption with tls keyword - * nghttpx: Enable/disable TLS per frontend address - * nghttpx: Configure TLS per backend routing pattern - * nghttpx: Workaround for Ubuntu 15.04 which does not - value-initialize on std::make_shared. - * nghttpx: Add --error-page option to set custom error pages - * nghttpx: Add wildcard host routing - * nghttpx: Change read timeout reset timing - * nghttpx: Don't push if Link header field includes nopush - * nghttpx: Deprecate backend-http1-connections-per-host in favor - of backend-connections-per-host - * nghttpx: Restructure mode settings, removing --http2-bridge, - - -client, and --client-proxy options - * nghttpx: Deprecate backend-http1-connections-per-frontend in - favor of backend-connections-per-frontend - * nghttpx: Don't share session which is already in draining - state - * nghttpx: Effectively disable backend HTTP/2 connection flow - control - * nghttpx: Add --frontend-http2-max-concurrent-streams and - - -backend-http2-max-concurrent-streams, and deprecate - - -http2-max-concurrent-streams option - * nghttpx: Deprecate --backend-http2-connections-per-worker - option - * nghttpx: Share TLS session cache between HTTP/2 and HTTP/1 - backend - * nghttpx: Rewrite backend HTTP/2 connection coalesce strategy - -- Update to 1.8.0 - * Add Architecture documents (work in progress) - * List all contributors in AUTHORS - * doc: fix out-of-tree doc builds (Patch from Peter Wu) - * Wrap AM_PATH_XML2 by m4_ifdef to handle the case when - _PATH_XML2 is not found - * Fix configure script for non-gcc, clang build - * Document compiling apps and include h2load in configure (Patch - from David Beitey) - * Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil) - * Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11 - * Fixing Windows Makefile version detection (Patch from Reza - Tavakoli) - * lib: Tokenize extra HTTP header fields - * lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu) - * lib: Add HTTP/2 extension framework to send and receive - non-critical frames - * tests: remove unused macros (Patch from Peter Wu) - * src: Update default cipher list - * src: Fix compile error with gcc-6 which enables C++14 by default - * asio: client: Fix connect timeout does not work, return from cb - if session stopped, removing client::session::connect_timeout() - functon - * nghttpd: Start SETTINGS timer after it is written to output - buffer - * nghttpd: Add trailer header field to status responses - * nghttpd: Add -w and -W options to change window size - * nghttpx: Worker wide blocker which is used when socket(2) is - failed - * nghttpx: ConnectBlocker per backend address - * nghttpx: Interleave text/html pushed resources with associated - resource - * nghttpx: Add headers given in add-response-headers for mruby - response - * nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor - of --backend-address-family - * nghttpx: Add options to specify address family of memcached - connections - * nghttpx: Add encryption support for TLS ticket key retrieval - * nghttpx: Add TLS support for session cache memcached connection - * nghttpx: Refactor blacklisted cipher suite check (Patch from - Jay Satiro) - * nghttpx: Add TLS support for HTTP/1 backend - * nghttpx: Add request-header-field-buffer and - max-request-header-fields options, deprecating - header-field-buffer and max-header-fields options. - * nghttpx: Add --no-http2-cipher-black-list to allow black listed - cipher suite - * nghttpx: Limit header fields from backend - * nghttpx: Fix bug that IPv6 address in Forwarded "for" is not - quoted-string - * nghttpx: Support multiple frontend addresses - * integration-tests: support out-of-tree tests (Patch from Peter - Wu) - * examples: fix compile warnings (Patch from Peter Wu) -- Drop upstreamed nghttp2-c++14.patch - -- Update to 1.7.1 - * Fix CVE-2016-1544 (boo#966514) - -- Add nghttp2-c++14.patch to properly guard make_unique templates. - [bsc#964140] - -- Update to 1.7.0 - * Reset (RST_STREAM) stream if flow control window gets overflow - * Validate :authroity, host, and :scheme value more strictly - * Check request/response submission error based side of session - * Strict outgoing idle stream detection - * Return error from nghttp2_submit_{headers,request} when self - dependency is made - * Add -ldl to APPLDFLAGS for static openssl linking - * asio: Stop acceptor on server::http2::stop - * asio: Rename http2::get_io_services() as http2::io_services() - * h2load: Support UNIX domain socket - * h2load: Improve readability of traffic numbers - * h2load: Remove "auto" for -m option - * h2load: Show progress in rate mode - * h2load: Perform sampling for request and connection timings to - reduce memory consumption - * nghttpd: Add --no-content-length option to omit content-length - in response - * nghttpx: Interleave pushed streams with the associated stream - if pushed streams are javascript and CSS resources - * nghttpx: The initial value of request/response buffer is - increased to 128K - * nghttpx: Fix bug that --listener-disable-timeout option is not - used - * nghttpx: Don't emit :authority if request does not contain - authority information - * nghttpx: Add clarification of quotes in configuration file - * nghttpx: Don't allow certain characters in host and :scheme - header field - * nghttpx: Add RFC 7239 Forwarded header field support - * nghttpx: Fix crash when running on IPv6 only (Patch from Vernon - Tang) - * nghttpx: Take into account of trailers when applying - max_header_fields - * nghttpx: Don't apply max_header_fields and header_field_buffer - limit to response - * nghttpx: Strict validation for header fields given in - configuration - * nghttpx: header value should not be lower-cased (Patch from - ayanamist) - -- fixed typo in libnghttp2_asio1 [bsc#962914] - -- Update to 1.6.0 - * Fix heap-use-after-free bug when handling idle streams - * Strict error handling for frames which are not allowed after - closed (remote) - * Set max number of outgoing concurrent streams to 100 by - default - * Keep incoming streams only at server side - * Create stream object for pushed resource during - nghttp2_submit_push_promise() - * Add nghttp2_session_create_idle_stream() API - * Handle response in nghttp2_on_begin_frame_callback - * Add --lib-only configure option - * Compile with OpenSSL 1.1.0-pre1 - * Fix build when OpenSSL 1.0.2 is not available (patch from - Sunpoet Po-Chuan Hsieh) - * asio: Add connect and read timeout to client API - * asio: Add TLS handshake and read timeout to server API - * asio: Added access to a requests remote endpoint (patch from - Andreas Pohl) - * asio: libnghttp2_asio: Added io_service accessors (patch from - Andreas Pohl) - * h2load: Add req/s min, max, mean and sd for clients - * h2load: Fix broken connection times - -- Update to 1.5.0 - * Fix bug that nghttp2_session_find_stream(session, 0) returned - NULL - * Add nghttp2_session_change_stream_priority() to change stream - priority without sending PRIORITY frame - * Add nghttp2_session_check_server_session() API - * Consider to use CANCEL error code when closing streams with - GOAWAY - * Don't send push response if GOAWAY has been received - * Use error code CANCEL to reset pushed reserved stream from - remote - * Add nghttp2_session_upgrade2(), deprecate - nghttp2_session_upgrade() - * Workaround HTTP upgrade with HEAD request in - nghttp2_session_upgrade() - * Introduce NGHTTP2_NV_FLAG_NO_COPY_NAME and - NGHTTP2_NV_FLAG_NO_COPY_VALUE - * Add nghttp2_session_check_request_allowed() API function - * Switch to clang-format-3.6 - * Update mruby to 1.2.0 - * tests: fix broken linkage with --disable-static (Patch from - Kamil Dudka) - * python: Send RST_STREAM if remote side is not closed and - response finished - * asio: client: call on_error when connection is dropped - * asio: ALPN support - * h2load: Add --h1 option to force http/1.1 for both http and - https URI - * h2load: Fix crash when dealing with "connection: close" form - HTTP/1.1 server - * h2load: h2load goes into infinite loop when timing script file - starts with 0.0 in first line (Patch from Kit Chan) - * h2load: Override user-agent with -H option - * h2load: Print "space savings" to measure header compression - efficiency - * h2load: Stream error should be counted toward errored - * h2load: Show application protocol with OpenSSL < 1.0.2 - * nghttpx: Don't send RST_STREAM to h2 backend if backend is - disconnected state - * nghttpx: Support server push from HTTP/2 backend - * nghttpx: Fix bug that causes connection failure with backend - proxy URI - * nghttpx: Use --backend-tls-sni-field to verify certificate - hostname - * nghttpx: Log :authority as $http_host if available - * nghttpd: Fix crash with CONNECT request - * nghttpd: Defered eviction of cached fd using timer - * nghttpd: Read /etc/mime.types to set content-type header field - * nghttp: Record request method to output it in har correctly - * nghttp: Use method given in -H with ":method" in HTTP Upgrade -- Drop nghttp2-1.4.0-fix-tests.patch (now in upstream) - -- Enable spdy and more example applications - -- Update to 1.4.0: - * lib: Don't always expect dynamic table size update. - * lib: Shrink to the minimum table size seen in local SETTINGS. - * lib: Add new error code NGHTTP2_ERR_PAUSE to send_data_callback. - * lib: Avoid excessive WINDOW_UPDATE queuing. - * lib: Return fatal error if flooding is detected to close - session immediately. - * lib: Return type of nghttp2_submit_trailer is int. - * lib: Don't send WINDOW_UPDATE with 0 increment. - * lib: Fix bug that headers in CONTINUATION were ignored after - HEADERS with padding. - * package: Use -fvisibility=hidden for internal functions. - * package: Show more information in configure summary. - * package: Add PIDFile directive to systemd service. - * package: Fix daemon upgrade when running under systemd. - * app: Compile with BoringSSL. - * nghttp: Allow multiple -c option occurrence, and take min and - last value. - * nghttpd: Fix leak when server failed to listen to given port. - * nghttpx: Add TLS dynamic record size behaviour command line - options. - * nghttpx: Reduce default timeouts for read sockets to 1m. - * nghttpx: Fix bug that PUT is replaced with POST. - * nghttpx: Change mruby script handling. - * nghttpx: Added support for RFC 7413 (TCP Fast Open) on nghttpx - proxy listening connections. - * nghttpx: Add neverbleed support. - * h2load: Don't DOS our server! - * h2load: Use duration syntax for timeouts. - * h2load: Support subsecond rate period. - * h2load: Simplify rate mode. - * h2load: Add option for user-definable rate period. - * h2load: Reuse SSL/TLS session. - * h2load: Reconnect server on connection: close. - * h2load: Don't exit in the case of no ALPN protocol overlap. - * integration: Update go's http2 package URI. -- Add missing baselibs.conf. -- Add nghttp2-1.4.0-fix-tests.patch from commit 4825009. -- Small spec cleanup. - -- Update to 1.3.4 - * Make traditional init script fail if new config file is broken - (Patch from Janusz Dziemidowicz) - * nghttpx-logrotate: Don't use killall since we have multiple - processes - * nghttpx: Fix improper signal handling -- Changes for 1.3.3 - * Fix bug in padding handling of DATA frame - * Use hash table for dynamic table lookup - * More warning flags for --enable-werror - * Update mruby - * h2load: HTTP/1.1 support (Patch from Lucas Pardue) - * nghttpx: Do not try to set TCP_NODELAY when frontend is an - UNIX socket (Patch from Janusz Dziemidowicz) - * nghttpx: Chown UNIX domain socket to user specified as --user - * nghttpx: Split monolithic one process into control and worker - processes - * nghttpx: Handle SSL/TLS data following PROXY protocol line -- Changes for 1.3.2 - * Check header block limit after new stream is opened - * nghttp: Show error if HEADERS frame cannot be sent for - whatever reason - * nghttpx: Fix assertion failure on TLS handshake - * nghttpx: Add x-http2-push header field for pushed resource - * nghttpx: Fix compile error with --disable-threads - -- Update to 1.3.1 - * Avoid usage of typeof and replace __builtin_offsetof with - offsetof - * Honor stream->weight even if stream->last_writelen is 0 - * Compile third-party libraries if hpack-tools is enabled - * nghttpx-init: Start nghttpx with --daemon - * Bundle sphinxcontrib.rubydomain https://bitbucket.org/birkenfeld/sphinx-contrib/src/default/rubydomain/ - * Bundle mruby - * h2load: Record TTFB on first byte of response body, rather - than first socket read - * h2load: Improve checking for timing script input, prevent - false positive in certain situations - * nghttpx: Implement PROXY protocol version 1 - (--accept-proxy-protocol option) - * nghttpx: Allow link header server push for HTTP/2 backend - as well - * nghttpx: Don't initiate push if client disabled push - * nghttpx: Allow absolute URI in Link header field for push - * nghttpx: Fix crash with multi workers and QUIT signal - * nghttpx: Add mruby support which is disabled by default - (use --with-mruby configure option to enable it) - * nghttpx: Drop connection before TLS finish if h2 requirement - is not fulfilled -- Fix typo in previous changelog entry - -- Update to 1.3.1 - * Limit the number of incoming reserved (remote) streams - * Add stream public API - * Rewrite priority tree handling - * Fix parallel make distcheck - * Define it and itprep recursive target if - AM_EXTRA_RECURSIVE_TARGETS is defined - * fetch-ocsp-response: Handle spurious openssl exist status 0 - * nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS - connection - * nghttpx: Don't allow blacked listed cipher suites for HTTP/2 - connection - * nghttpx: better handle /dev/stderr and /dev/stdout (Patch from - Tomasz Buchert) - * nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met - * nghttpd: Return date header field for 304 - * nghttpd: Support HEAD request - * h2load: Add Timing-script and base URI support (Patch from - Lucas Pardue) - * h2load: Add timeout options (Patch from Nora) -- Fix typo in changelog - -- Update to 1.2.1 - * doc: Reword the HPACK tutorial (Patch from Tom Harwood) - * nghttpx: Fix stability issues - * h2load: Fix crash if -r > -n - -- Update to 1.2.0 - * Fix crash if response or data is submitted to closing stream - * Header table size UINT32_MAX must be accepted - * Use PROTOCOL_ERROR against DATA sent to idle stream - * Allow multiple in-flight SETTINGS - * Strictly check occurrence of dynamic table size update - * Fix configure warning that 'missing' is missing or too old - * Fix rm: cannot remove ‘*.rst’: No such file or directory when - "make clean" (Patch from Alexis La Goutte) - * doc: Reword some of the server and client tutorial (Patch - from Tom Harwood) - * src: Remove monotonic_clock replacement macro for gcc-4.6 - * nghttpx: Add TLS ticket key sharing among nghttpx instances - using memcached - * nghttpx: Add shared session cache using memcached - * nghttpx: Set SSL/TLS session timeout to 12 hours - * nghttpx: Enable session resumption on HTTP/2 backend - * nghttpx: Don't rewrite host header field by default - * nghttpx: Generate new ticket key every 1hr and its life time - is now 12hrs - * nghttpx: Don't reuse backend connection if it is not clean - * nghttpx: Add AES-256-CBC encryption for TLS session ticket - * nghttpd: Fix the bug that 304 response has non-empty body - * h2load: Add -r and -C options to h2load (Patch from - Nora Shoemaker) -- Changes for 1.1.2 - * Fix linker error with libnghttp2_asio - * Allow custom installation location for Python bindings -- Drop no longer needed missing_nghttp2_timegm.patch - -- Update to 1.1.1 - * nghttpx: Fix various stability issues and memory leak bug -- Changes for 1.1.0 - * Fix DATA is not consumed if nghttp2_http_on_data_chunk failed - * nghttp2_submit_response and nghttp2_submit_headers may return - * NGHTTP2_ERR_DATA_EXIST - * msvc build fixes and enchantments (Patch from Gabi Davar) - * Compile with IRIX gcc-4.7 (Patch from Klaus Ziegler) - * nghttp: Add --max-concurrent-streams option - * nghttp: Add comment on HAR on pushed objects (Patch from - acesso) - * nghttpx: Add --include option to read additional configuration - from given file - * nghttpx: Add backend routing based on request host and path by - extending -b option - * nghttpx: Allow log variable to be enclosed by curly braces for - disambiguation - * nghttpx: Add log variables related to SSL/TLS connection - * h2load: Add --ciphers option -- Add patches - * missing_nghttp2_timegm.patch to fix building of asio library - * nghttp2-remove-python-build.patch to fix python bindings - installation when autotools are used - -- Update to 1.0.5 - * Add STREAM_DEP_DEBUG macro switch to enable runtime validation - of depedency tree - * Fix another bug in priority handling; sibling's item is not - queued when ancestor's item is detached - * nghttpx: Fix crash with --http2-bridge and both frontend and - backend TLS - -- Update to 1.0.4 - * Fix assertion failure in stream_update_dep_on_detach_item - (GH-264) -- Changes for 1.0.3 - * Fix bug that idle self-depending PRIORITY is not handled - gracefully - * Optimize dependency based priority code to Firefox style tree - * enable third-party for asio_lib too (Patch from Mike - Frysinger) - * fetch-ocsp-response: Support LibreSSL, and include port in - ocsp_host - * src: Support compile with LibreSSL - * nghttpx: Fix bug that x-forwarded-proto header field does not - reflect frontend scheme on HTTP/2 backend - * nghttpx: Validate :path on SPDY frontend - -- Update to 1.0.2 - * Fix bug that data are not consumed for connection in race - condition (GH-253) - * Define NGHTTP2_EXTERN to __declspec(dllimport) when using - nghttp2 for Windows build - * Translate fetch-ocsp-response into Python - * libevent-client: Fix bug that path is broken if URI does not - contain path part - * python: Call on_close callback when connection is lost for - server session - * python: Expose client certificate, if available (Patch from - Fabian Wiesel) - * python: Catch and log failure to set TCP_NODELAY (Patch from - Fabian Wiesel) - * nghttpx: Add --add-request-header option - * nghttpx: Make WebSocket upgrade work - * nghttpx: Fix bug that END_STREAM is not set in backend for - POST with Upgrade - * nghttpx: Don't send "Expect" header field twice - -- Update to 1.0.1 - * Include stdint.h instead of inttypes.h when compiled with MSVC - < 2013 - * Fix invalid memory free on out-of-memory handling - * integration: Use our own copy of golang spdy package - * android: Don't link zlib bundled with android NDK - * Dockerfile.android: Update NDK ver, and ubuntu; build and link - zlib - * src, examples: Fix up OpenSSL initialization - * nghttpx: Allow HTTP Upgrade from POST request if response - header has not been sent to the client - * nghttpx: Fix bug that PUSH_PROMISE is sent after associated - response HEADERS - * nghttpd: Close connection after settings timeout and GOAWAY - was sent - * h2load: Fix bug that NPN fails if ALPN is enabled - -- Update to 1.0.0 - * v1.0.0 introduced backward incompatible changes from 0.7 - series. Read https://nghttp2.org/documentation/package_README.html#migration-from-v0-7-15-or-earlier - to migrate from older version to this latest version. -- Changes for 0.7.15 - * Hopefully, this is the last release for 0.7.x series. - Development continues in 1.x series. - * Access violation in buffers (GH-232) (Patch from Etienne Cimon) - * Retry finding jemalloc lib by je_malloc_stats_print (GH-233) - * inflatehd: Fix crash if 'wire' value is not string (GH-235) - * nghttpx: Revert 585af93 to fix crash with TLS (GH-234) - * nghttpd: Add --echo-upload option to send back request body - -- Update to 0.7.14 - * Fix global-buffer-overflow in HPACK code - * Fix doc for nghttp2_select_next_protocol - * Fix bug that promised stream was not reset on decompression - error - * Add systemd and upstart configuration file for nghttpx - (Patch from Zhuoyun Wei) - * Improve nghttpx logrotate configuration file (Patch from - Zhuoyun Wei) - * Update sphinx_rtd_theme - * h2load: Update h2load to give connect time and ttfb stats - (Patch from ericcarlschwartz) - * nghttpd: Add -m, --max-concurrent-streams option - * nghttpx: Log absolute URI for HTTP/2 or client proxy request - * nghttpx: Add --header-field-buffer and --max-header-fields - options - * nghttp: Fix assertion error if very large value is given to -t - -- Update to 0.7.13 - * Fix bug that promised stream was not reset by returning - NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from - nghttp2_on_header_callback. Instead, associated stream was reset. - * Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from - nghttp2_on_begin_headers_callback - * h2load: Effectively disable flow control by setting large - window size - * asio: Graceful shutdown and joinable server (Patch from - Xiaoguang Sun) - -- Update to 0.7.12 - * Fix bug that nghttp2_session_set_next_stream_id accepts invalid - stream_id - * HPACK: Rewrite static header table handling - * HPACK: Never index authorization and small cookie header field - * Don't install libnghttp2_asio headers if they are disabled - * doc: Specify program directive so that hyperlink to option is - correctly pointed to the intended location - * asio: client: Call error_cb on error occurred in do_read and - do_write (Fixes GH-207) - * nghttp: Add --no-push option to disable server push - * nghttp: Show stream ID in statistics output - * nghttp: Remove --dep-idle option - * nghttp: Use same priority anchor nodes as Firefox does - * nghttpx: Don't push resource if link header has non empty - loadpolicy - * nghttpx: Add logging for somewhat important events (logs, - tickets, and ocsp) - * nghttpx: Set Downstream to stream user data on HTTP Upgrade - to h2 - -- Update to 0.7.11 - * nghttpx: Fix waitpid race condition in ocsp response update - * nghttp: Consider user-provided :authority header field for SNI - as well as host header field -- Changes for 0.7.10 - * Make sure that nghttp2 license is MIT license - * Add nghttp2_session_consume_{connection,stream} to consume - bytes independent - * Add nghttp2_send_data_callback to send DATA payload without - copying "static inline" fix for build with VS2013 (Patch from - Remo E) - * Update lib/Makefile.msvc (Patch from Remo E) - * Remove dependency on libws2_32 on Windows build - * Define NGHTTP2_EXTERN macro to export function for Windows - build - * doc: Generate API doc per function - * python: Add async body generation support - * python: Fix pseudo-header field ordering bug - * nghttpx: Redirect stderr to errorlog file - * nghttpx: Fix bug that data buffered in SSL object are not - read - * nghttpx: Remove --tls-ctx-per-worker option - * nghttpx: Add OCSP stapling feature - -- Enable python bindings -- Update to 0.7.9 - * Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) - * Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) - * h2load: Fix crash if -t > -c - * h2load: Add -d option to upload data to server - * nghttpx: Forward only "trailers" keyword in te when forwarding HTTP/2 backend - * nghttpx: Fix PUSH_PROMISE header field corruption [GH-194] - * nghttpx: Fix te header field is duplicated when forwarding HTTP/2 backend - * nghttp, nghttpd: Add --hexdump option to hexdump incoming traffic. - * examples: Place AM_CPPFLAGS first to use in-package header files first [GH-192] -- Changes for 0.7.8 - * Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) - * Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) - * Validate :path header field for http or https URI scheme - * NULL-terminate header field name and value presented by callback - * README.rst: Cleaned up the grammar a bit (Patch from Ross Smith II) - * h2load: fix for segfault by reserving correct worker count (Patch from Stefan Eissing) - -- Avoid shipping documentation redundantly. Set RPM groups. - -- Fix rpm group - -- Update to 0.7.5 - * Implements h2-14 protocol - (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) - * Implements HPACK 09 - (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) - * Validate HTTP semantics by default - * Add nghttp2_option_set_no_http_messaging() API function - * Update http-parser - * nghttp, nghttpd, nghttpx: Use "sensitive" to indicate - "never indexed" header field - * nghttp, nghttpd, nghttpx, h2load: Select/announce h2 in - ALPN/NPN - * nghttp: Fix unaligned field output in --stat - * nghttp: Fix -H does not work with -u upgrade request - * nghttp: Update resource timing terminology according to - Resource Timing TR - * nghttpd: Add -a option which takes an address parameter that - allows nghttpd to bind to a non-default address. Patch - from Brian Card - * nghttpx: Use omit minor version in case of HTTP/2 in via - header and access log - * nghttpx: Support UNIX domain socket on both frontend and backend - * nghttpx: Fix crash in http/1 backend when backend returns more - bytes than CL - * nghttpx: Cast configuration value to rlim_t to avoid compile - error on 32bit - * nghttpx: Fix 1 second delay in HTTP/2 backend connection - * nghttpx: Fix request re-submission bug in HTTP/2 backend - * asio-sv2: Fix compile error with OS X - -- Initial packaging of 0.7.4 - numactl +- include bugfixes in SLE, to enable 32 bit systems (SLE-17217) + +- Enable LTO (boo#1133098) as it works now. + +- update to 2.0.14: + * manpage update + * numademo: fix issue on 32 bit systems + * drop custom cflags for libnuma + * use symvers attribute for symbol versioning + +- Update to version 2.0.13: + * Release numactl 2.0.13 + * Skip `test/move_pages` if we don't have at least two nodes available + * Add license files: GPLv2 + LGPLv2.1 + * Handle cpu-less node for bind_range test + * Convert numastat.c to standard numactl coding style + * Disable clang travis targets for now + * numastat.8: clarify that information relates to resident pages + * Fix all declarations to be C prototypes + * numatopology: Add check for cpu-less nodes + * Update INSTALL.md + * numastat: when reading no-exist pid, return EXIT_FAILURE + * numastat: Add KReclaimable to list of known fields in meminfo + * numastat: Better diagnostic when find unknown string in meminfo + * Enable building on s390x + * Correct sysconf constants + * Removed unnecessary exit from memhog.c Solves issue #50 + * Synchronized usage function with man page + * Added memhog.8 to Makefile.am + * memhog: add man page + * Allow linking with lld by deduplicating symbols + * numademo: free the node_to_use on the way out + * numademo: free test nodemask + * libnuma: cleanup node cpu mask in destructor + * numactl: add va_end to usage function + * travis: add build matrix + * remove kernel version check + * add missing linux version header + * make MPOL_ macros match linux kernel + * add missing policy + * Fix: Add ShmemHugePages and ShmemPmdMapped to system_meminfo[] + * Fix: move_pages test for non-contiguous nodes + * Correct calculation of nr_nodes and re-enable move_pages test + * Fix: regress test numastat function and few test fixes + * Fix: distance test to include all existing nodes + * numademo: fix wrong node input + * Fix: node_list with memory-less nodes +- Drop autoconf/libtool BuildRequires and autoreconf invocation, + bundled configure is up-to-date. +- Drop obsolete revert_date_in_numastat.patch, gcc sets __DATE__ + based on SOURCE_DATE_EPOCH now. +- Correct License for devel subpackage, same as for the library + (LGPL-2.1-or-later). + +- numastat doesn't need perl anymore since 2012 + +- For obs regression checker, this version includes following SLE + fixes: + - enable build for aarch64 (fate#319973) (bsc#976199) + factory has an extra patch to disable ARM 32 bit archs which + looks a bit misleading as %arm macro only covers 32 bit ARM. + - Bug 955334 - numactl/libnuma: add patch for Dynamic Reconfiguration + bsc#955334 + +- Disable LTO (boo#1133098). + +- Update to version 2.0.12: + * Release numactl 2.0.12 + * Cleanup whitespace from *.c and *.h files + * Add Travis build status to numactl README + * Convert README and INSTALL to Markdown + * Remove `threadtest.c` + * Remove `mkolddemo` script + * Remove file TODO, which has outdated contents + * Remove file DESIGN, which has no contents + * Remove changelogs from the repository + * Revert "make clearcache work on x86/PIC" + * Add "NAME" section to numastat manpage + * Allow building on ARM systems + * Add pkg-config file for NUMA library + * readdir_r(3) is deprecated, use readdir(3) instead + * Avoid filename truncation in numastat + * fix coding style in last change + * Fix: numademo test between sparse nodes + * Fix: allocation of dynamic array + * Fix: numactl distance between sparse nodes + * include sys/sysmacros.h for major/minor + * make clearcache work on x86/PIC + * Fix regress test for invalid hard code of nodenames + * Fix end of line check in distance parsing + * Optimize numa_distance check + * affinity: Include sys/sysmacros.h to fix warning + * numademo: Increase buffer to avoid theoretical buffer overflow + * Check for invalid nodes in numa_distance + +- sysmacros.patch: Include for major/minor (bsc#1181571) (bsc#1183796) + -- Fixed patch 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch - for bnc#872922 - -- Add: 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch - Fixes segfault when no node could be found in sysfs. bnc#872922 - -- enable ppc64le - -- Update to version 2.0.9: -- 130207 Add a prototype for numa_bitmask_weight (Cliff W.) -- 130725 Fix hubstats huge pages bug, version number, man page (Bill Gray) -- 130726 Disable the regress-io test (Cliff W.) -- 130730 Fix typos in numactl man page; add short opts to --help - (Petr Holasek) -- 130906 numactl: option --all/-a added for policy settings (Petr Holasek) -- 130906 libnuma: new function numa_run_on_node_mask_all (Petr Holasek) - -- Update to version 2.0.8: - Drop patch numactl_install_all_manpages, merged upstream -- Removed __DATE__ in numastat to avoid constant rebuilding in build - service (added patch revert_date_in_numastat.patch) -- adjusted license strings - -- Update from 2.0.6 to 2.0.7 - * Add numa_realloc() (and realloc_test) - * Re-fix numa_get_run_node_mask() and fix numa_get_run_node_mask - * Fix the numa_get_run_node_mask() man page (cpus vs nodes) - * Fix the cpu and node parsing to be cpuset aware - * Fix test/checkaffininty to be cpuset aware - * Fix two typos in numactl.8 - -- Only use LGPL for the library licence, remove the gpl part. - -- Add lesser GPL public license to libnuma as metioned in the - sources - -- Adjust/refresh patch, no functional change - -- Update from 2.0.6-rc3 to final version 2.0.6 - -- Use %_smp_mflags - -- Updated to version 2.0.6-rc3 - * Fix numa_get_run_node_mask() to return a cpuset-aware node mask (Cliff W.) - * Add a better warning to numa_node_to_cpus() - -- Updated to version 2.0.6-rc1 - * numa_num_task_cpus()/..nodes() to return actual counts (Cliff W.) - * Correct numa_max_node() use of broken numa_num_configured_nodes() (Tim Pepper) - * Use numa_max_node() not numa_num_configured_nodes() (Tim Pepper) - * Fix numa_num_configured_nodes() to match man page description (Tim Pepper) - * Clarify comment for numa_all_nodes_ptr extern (Tim Pepper) - * numactl --hardware should handle sparse node numbering (Tim Pepper) - * Maintain compatibility with 2.0.3 numa_num_thread...()'s (Cliff W.) - -- Update to 2.0.5: - * Remove merged patch numactl_fix_mem_corrup_numa_init.patch - * Various bug fixes. - -- Forgot to increase the version string from 2.0.4-rc1 to 2.0.4-rc2 - -- Fixed corrupt tar.bz2 and added a mem corruption fix from Jan. - -- Update to version 2.0.4-rc2 - -- workaround broken Makefile which uses uname -m to detect bitness - and libdir -- remove sparcv9 from special-casing in baselibs.conf - -- add baselibs.conf as a source -- add baselibs for SPARC -- add SPARC to ExclusiveArch -- enable parallel building - -- Update to version 2.0.4-rc1 -- Added missing manpages: numastat, migspeed, migratepages - -- fixed build with asneeded on platforms with non-builtin sqrt() - open-iscsi +- Updated to latest upstream 2.1.4 as 2.1.4-suse, which contains + these changes not already present: + * Enable iscsi.service asynchronous logins, cleanup services + (bsc#1183421) + * libopeniscsiusr: dont error loudly if a session isn't found when + working through iscsi_sessions_get() + * libopeniscsiusr: skip over removed sessions + * libopeniscsiusr: fix error messages + * Avoid hardcoding pkg-config to fix cross build + * Fix iscsistart login issue when target is delayed. + openldap2 +- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the + X.509 DN parsing in decode.c ber_next_element, resulting in denial + of service. + * 0220-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch +- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN + parsing in ad_keystring, resulting in denial of service. + * 0222-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch +- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash + in the Certificate List Exact Assertion processing, resulting in + denial of service. + * 0223-ITS-9427-fix-issuerAndThisUpdateCheck.patch +- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the + cancel_extop Cancel operation, resulting in denial of service. + * 0224-ITS-9428-fix-cancel-exop.patch +- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the + saslAuthzTo processing, resulting in denial of service. + * 0218-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch +- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash + in the saslAuthzTo processing, resulting in denial of service. + * 0217-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch + * 0216-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch +- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd + crash in the saslAuthzTo processing, resulting in denial of service. + * 0219-ITS-9413-fix-slap_parse_user.patch +- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the + saslAuthzTo validation, resulting in denial of service. + * 0213-ITS-9406-9407-remove-saslauthz-asserts.patch + * 0214-ITS-9406-fix-debug-msg.patch +- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact + Assertion processing, resulting in denial of service (schema_init.c + serialNumberAndIssuerCheck). + * 0212-ITS-9404-fix-serialNumberAndIssuerCheck.patch + * 0221-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch +- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter + control handling, resulting in denial of service (double free and + out-of-bounds read). + * 0215-ITS-9408-fix-vrfilter-double-free.patch + +- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur + in the issuerAndThisUpdateCheck function via a crafted packet, + resulting in a denial of service (daemon exit) via a short timestamp. + This is related to schema_init.c and checkTime. + * patch: 0211-ITS-9454-fix-issuerAndThisUpdateCheck.patch + openssl-1_1 +- Fix NULL pointer deref in signature_algorithms + * CVE-2021-3449 + * bsc#1183852 + * Add openssl-1_1-CVE-2021-3449-NULL_pointer_deref_in_signature_algorithms.patch + +- Security fixes: + * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback + protection [bsc#1182333, CVE-2021-23840] + * Null pointer deref in X509_issuer_and_serial_hash() + [bsc#1182331, CVE-2021-23841] +- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch + +- Fix unresolved error codes [bsc#1182959] +- Update openssl-1.1.1-fips.patch + ovmf +- Add ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible + heap corruption (bsc#1183578, CVE-2021-28211) +- Add ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV + recursion (bsc#1183579, CVE-2021-28210) + parted +- Direct file system manipulation support was removed in 2011. + - Removed build dependencies on libreiserfs-devel and + e2fsprogs-devel. + perl-Bootloader +- merge gh#openSUSE/perl-bootloader#134 +- install with --removable if efivars are not writable + (bsc#1182749, bsc#1174111, bsc#1184160) +- fix whitespace +- 0.934 + pipewire +- Enable or disable the ldac codec depending if ldacBT is available + or not to fix build in s390x (where it's not available) +- Add some more information and fix indentation on previous + changelog entries. + +- Update to 0.3.24: + + This is a bugfix release that is API and ABI compatible with + previous 0.3.x releases. + + Highlights + - Many JACK midi improvements and device support. + - Fixes in gnome-control-center default sink/source handling. + - Many small performance improvements in alsa device handling + and latency. There should also be less cracks/pops and xruns + now. + - More bluetooth compatibility improvements. + + PipeWire improvements + - Implement simple upmixing + - Disable the resampler when not used. This improves latency + and CPU usage. + - Handle max-quantum on devices and try to not make the quantum + larger than the device buffer size. + - improvements to how nodes and links are activated. It should + now result in less xruns and cracks/pops. + - meson uses the feature options everywhere now + - Handle volume remap in the channelmixer. This fixes the + channels on multichannel devices. + - Try to escape invalid JSON string characters + - Keep better track of changed parameters in audioconvert. + - Improve config files, make arrays where needed. + - Respect NO_COLOR where possible + - Support in-place config file parsing to avoid allocations and + improve startup performance. + - There is no a config option to enable non-power-of-two + quantums. + - Preliminary support for upmixing and generating LFE channels. + + Session-manager + - default nodes are not stored as JSON in the metadata. This + is more readable and introspectable. + - More default-nodes and default-routes improvements. port + switching should work better now. + - Wait until all devices are scanned before linking clients. + - Fixes some crashes + - Sinks (monitors) can now be set as default sources. + + Device support + - Fix startup timers for alsa devices. + - Improve timers in alsa when quantum changes. It should cause + less xruns and cracks. + - Fix UCM setup of capture devices. + - Only disable IRQ in alsa when not batch. For batch devices + the hw pointers are updated each IRQ so we need to keep them + enabled. This massively improves latency on USB batch devices + to the same level as JACK (with small enough period size). + + Bluetooth + - Improvements to profile switches. + - Improvements to volume handling. + - Fixes for A2DP sources + - Add support for battery status when available. + - Many other small improvements. + + PulseAudio server + - handle NULL in set_default_sink/source to clear the default + - Implement a workaround for gnome-control-center when setting + the default sink/source. It also sets the target in + stream-restore to the new default. This fixes moving streams + in gnome-control-center. + - Fix some races by replying to some requests after the + operation completed. + - Prefer formats of the extended format API. + - Create a pid file on startup to improve compatibility with + apps that look for it. + - Capture streams can now be moved to monitors with pavucontrol + - Fixes for crashes + + JACK + - jack clients can now connect to the 'default' server + - Move midi ports back to the midi client + - Only mark midi hardware ports as terminal/physical + - Use the same midi names as a2jmidid + - match system ports in get_ports. + - Improve compatibility with some apps that require a + fixed latency. + - Beginnings of the libjackserver implementation. +- Switch off libopenaptx and fdk-aac (because they are + patent-encumbered) and libcamera (problems in building). + +- systemd-rpm-macros doesn't have a consistent versioning between + distributions, so better assume it's updated enough to support + %systemd_user_pre + +- Add systemd rpm macros for pipewire.service as well as + pipewire.socket . +- Use the new %systemd_user_pre macro on %pre to be able to + recognize when a service was installed for the first time and + enable it on %systemd_user_post (boo#1183012) + +- Update to version 0.3.23: + + Highlights + - Fixes for some critical bugs in last release. + - Fix bug where audio was not drained properly at the end of + playback, causing repeating sound. + - Profile and route switching was improved and should mimic + more what pulseaudio did. + - Various fixes for xruns in capture and playback. + - Bluetooth now supports delay adjustment and various other + improvements. + - The pulseaudio server now correctly identifies AC3 and DTS + streams and returns a not supported error instead of playing + static. + - Multichannel support was improved in the alsa plugin and + the channel mixer. Channels should now play on the right + speakers in all cases. + + PipeWire improvements + - Small fixes and improvements in JSON parsing and encoding. + - Improvements to param handling in audioconverter. It would + previously not always notify of changes. + - Avoid updating some properties that we use internally such + as the object id and the node.id. + - log.level in the config files is now actually used. + - the PIPEWIRE_LATENCY env variable should always override + any application settings in filter/stream/jack. + - The config file can now contain filer and stream properties + to, for example, control the resampler, mixer and latency. + - Add sandboxing to the systemd services + - Various FreeBSD fixes. + - Improve draining and a way to exit the drain state as well. + - Many multichannel fixes. Channel remapping should now be + correct. + - Fix bug with repeating audio at the end of playback because + the drain in the resampler was not draining all channels. + - RTKit default rt.prio has been increased to 88. This will + likely still be clamped to 20 until distros increase the + max priority. + + Session-manager + - Don't try to switch to Pro Audio profile, this should be + a user choice only. + - Don't crash when metadata was disabled such as when not + using the audio features of pipewire. + - Rework the profile and route handling. + - Add systemd unit files for the media-session + - Device names should now also have sane names so that tab + pactl completion works on them. + + Device support + - Fix ALSA format enumeration in more cases. Use the channels + and rate as a filter. + - Make sure the graph doesn't ever use buffers larger than + the alsa device buffer size or we get xruns. + - Tuning of the alsa device timeout handling and dynamic + resampler. There should now not be any xruns when streams + appear and disappear or when the quantum changes. + - Fix bug in alsa device when reassigning to a new driver, + in some cases the dynamic resampler was not activated and + things would drift out of sync and fail. + - Fixes in quantum changes for ALSA capture and how the + resampler is drained and fed with the new samples. + + Bluetooth + - Delay adjustment has been implemented now. Bluetooth + devices should now be more synchronized with video due + to proper delay reporting. Because BT delays can be + large, it can cause hickups in some players. + - Fix volume in bluetooth devices. + - Codec switch improvements. + + PulseAudio server + - Latency offset adjustment is now implemented and functional + for bluetooth devices. It is not working for alsa devices + yet. + - Handle unsupported formats. Previously we would accept encoded + formats and play noise. This fixes AC3 playback in vlc. + - Move some of the configurable parameters to the config file. + - Fix a fatal use after free when playing samples + - Improve module handling. loaded modules now show up in the + list of modules and can be unloaded. This also prepares the + core for more module implementations later. + + ALSA plugin + - Fix drain with very large buffers, we need to manually start + the stream before draining. + - Fix the channel layout handling. + - Improve compatibility with apps that expect the poll to only + return when there is activity. + - Fix drain for capture + + JACK + - Add a config option to shorten and filter client names + - Increase the length of the client name size and make sure + we don't exceed the allocated size. + - We now include our own jack header files so we can build + without depending on another jack-devel package. We don't + yet install the headers or provide pkgconfig files. +- Move alsa-card-profiles to modules subpackage, they are always + needed. + +- Build/install the `pw-top` tool: + + Add pkgconfig(ncurses) BuildRequires to satisfy the build deps + of pw-top. + - * Highlights - + Per client config files replace the module-profiles. It's + + Highlights + - Per client config files replace the module-profiles. It's - + Pro Audio card profile support. You can now select the + - Pro Audio card profile support. You can now select the - + Many fixes and improvements in the JACK library to make + - Many fixes and improvements in the JACK library to make - + Many bluetooth improvements. Playback should be more + - Many bluetooth improvements. Playback should be more - + Small fixes and improvements all over the map. - * PipeWire improvements - + Add support for restrictions requested by a client. This + - Small fixes and improvements all over the map. + + PipeWire improvements + - Add support for restrictions requested by a client. This - + Fix removal of params in objects. Previously they would not + - Fix removal of params in objects. Previously they would not - + Remove mlock warnings by default. There is an option to + - Remove mlock warnings by default. There is an option to - + Remove LimitMEMLOCK lines from the service files. They can + - Remove LimitMEMLOCK lines from the service files. They can - + Implement per-client config files. Each pipewire client will + - Implement per-client config files. Each pipewire client will - + Implement state and config load/save in pipewire. This is + - Implement state and config load/save in pipewire. This is - + Make an option to disable dbus support. - + Add tool to convert pipewire config to JSON. - * Session-manager - + Give all permissions to Manager flatpak apps. In the future + - Make an option to disable dbus support. + - Add tool to convert pipewire config to JSON. + + Session-manager + - Give all permissions to Manager flatpak apps. In the future - + Improvements to default audio/sink handling. - + Add option to configure device suspend time. - + Small fixes in route handling. - * Device support - + Complain when ACP profile files are not found and use + - Improvements to default audio/sink handling. + - Add option to configure device suspend time. + - Small fixes in route handling. + + Device support + - Complain when ACP profile files are not found and use - + Add volume support to monitor ports. - + Fix resume from suspend for ALSA in more cases. - + ALSA ACP cards now have a Pro Audio profile that exposes + - Add volume support to monitor ports. + - Fix resume from suspend for ALSA in more cases. + - ALSA ACP cards now have a Pro Audio profile that exposes - * Bluetooth - + Enable A2DP delay reporting. This improves audio/video sync + + Bluetooth + - Enable A2DP delay reporting. This improves audio/video sync - + Fix stuttering in A2DP source - + Tweak buffer size and latency settings to avoid stuttering - + More work on HSP and HFP support - + Fix initial profile configuration - + Add HFP HF support - * PulseAudio server - + Small tweaks in capture packet size to avoid crashes in some + - Fix stuttering in A2DP source + - Tweak buffer size and latency settings to avoid stuttering + - More work on HSP and HFP support + - Fix initial profile configuration + - Add HFP HF support + + PulseAudio server + - Small tweaks in capture packet size to avoid crashes in some - + Detect Flatpak apps and requests the flatpak permissions from + - Detect Flatpak apps and requests the flatpak permissions from - * ALSA plugin - + Reduce min buffer size in the plugin for lower possible + + ALSA plugin + - Reduce min buffer size in the plugin for lower possible - * JACK - + implement some missing methods to make qjackctl work again. - + Use the context data thread instead of making our own. This + + JACK + - implement some missing methods to make qjackctl work again. + - Use the context data thread instead of making our own. This - + Pass extra jack flags around in port properties. This makes + - Pass extra jack flags around in port properties. This makes - + Many tweaks to the port names and aliases. Unwanted + - Many tweaks to the port names and aliases. Unwanted - + Add an option to make a separate client for the monitor + - Add an option to make a separate client for the monitor - + add support for system:playback_N and system:capture_N port + - add support for system:playback_N and system:capture_N port - * Highlights - + Many PulseAudio compatibility fixes. Handling of corked + + Highlights + - Many PulseAudio compatibility fixes. Handling of corked - + Ports and Profiles are now managed by the session manager + - Ports and Profiles are now managed by the session manager - + Improved Bluetooth support. HSP is disabled by default + - Improved Bluetooth support. HSP is disabled by default - * PipeWire improvements - + Improve draining in pw-stream. + + PipeWire improvements + - Improve draining in pw-stream. - + Fix handling of empty array/choice instead of failing. - + Fix crashes when creating properties from empty strings. - + Make it possible to pass an array to module-access + - Fix handling of empty array/choice instead of failing. + - Fix crashes when creating properties from empty strings. + - Make it possible to pass an array to module-access - + Fix small bug in argument parsing in pw-cat - * Session-manager - + Restore route volumes in all cases, also when switching + - Fix small bug in argument parsing in pw-cat + + Session-manager + - Restore route volumes in all cases, also when switching - + Use a default route volume for unknown routes instead of + - Use a default route volume for unknown routes instead of - + Fix handling of Virtual sources as defaults. - + Handle port switching in the session manager. Implement + - Fix handling of Virtual sources as defaults. + - Handle port switching in the session manager. Implement - * GStreamer - + Fix a crash with zero SPA_PARAM_BUFFERS_size - * Device support - + v4l2-source will now respect the requested memory types. - + ALSA buffering has been tweaked. USB devices should have + + GStreamer + - Fix a crash with zero SPA_PARAM_BUFFERS_size + + Device support + - v4l2-source will now respect the requested memory types. + - ALSA buffering has been tweaked. USB devices should have - + Fix mute in bluetooth devices + - Fix mute in bluetooth devices - + Codec switching for bluetooth is implemented along with + - Codec switching for bluetooth is implemented along with - + HSP for bluetooth is now disabled by default. Most devices + - HSP for bluetooth is now disabled by default. Most devices - + Reduce the amount of events the ALSA plugins emit by bundling + - Reduce the amount of events the ALSA plugins emit by bundling - * PulseAudio server - + Implement the suspend command - + Fixes volume in sample info - + Fix playback of samples, sometimes samples would be clipped + + PulseAudio server + - Implement the suspend command + - Fixes volume in sample info + - Fix playback of samples, sometimes samples would be clipped - + Use rate match to feed samples. This way the latency can + - Use rate match to feed samples. This way the latency can - + Latency has been tuned some more, more closely emulating + - Latency has been tuned some more, more closely emulating - + Improve default sink/source handling. Make sure all events + - Improve default sink/source handling. Make sure all events - + Handle underrun better without causing sync issues. Make sure + - Handle underrun better without causing sync issues. Make sure - + Implement rewind due to seeks, fixes GStreamer seeking. + - Implement rewind due to seeks, fixes GStreamer seeking. - * Highlights - + Latency was reduced in ALSA and PulseAudio and time + + Highlights + - Latency was reduced in ALSA and PulseAudio and time - + Bluetooth now has a native HFP backed, SBC XQ and + - Bluetooth now has a native HFP backed, SBC XQ and - + Many bugfixes and improvements, improved device + - Many bugfixes and improvements, improved device - * PipeWire improvements - + pw-dump can now dump all objects such as Endpoints - + pw-dump has a -m option to monitor changes - + pw-dump can now dump metadata - + pw-stream can now use the rate-match io to exactly + + PipeWire improvements + - pw-dump can now dump all objects such as Endpoints + - pw-dump has a -m option to monitor changes + - pw-dump can now dump metadata + - pw-stream can now use the rate-match io to exactly - + spa-acp-tool can now load a custom profile-set and + - spa-acp-tool can now load a custom profile-set and - + There is now a nofail option when loading modules - + The connection has been made reentrant to fix some + - There is now a nofail option when loading modules + - The connection has been made reentrant to fix some - + Turn some errors into warnings or simply info. - + Executables are now built with PIE - + S24OE formats should work now (MAudio FastTrack Pro) - + Remove mlock warnings. Add support for mlockall with + - Turn some errors into warnings or simply info. + - Executables are now built with PIE + - S24OE formats should work now (MAudio FastTrack Pro) + - Remove mlock warnings. Add support for mlockall with - * Session-manager - + There are now config files for bluez and v4l2 modules - + Improve ALSA device and node properties - + Bluetooth devices have better properties now. - + The default device routing has been improved. - * Device support - + Port priorities are updated for UCM devices - + ACP devices notify change in routes in all cases - + There is now RW support in ALSA devices to increase + + Session-manager + - There are now config files for bluez and v4l2 modules + - Improve ALSA device and node properties + - Bluetooth devices have better properties now. + - The default device routing has been improved. + + Device support + - Port priorities are updated for UCM devices + - ACP devices notify change in routes in all cases + - There is now RW support in ALSA devices to increase - + Many improvements to Bluetooth. SBC XQ support can now + - Many improvements to Bluetooth. SBC XQ support can now - + Bluetooth devices not expose Routes so that they look + - Bluetooth devices not expose Routes so that they look - + Gracefully handle missing profile-sets - + There is now a native HFP backend - + Improve card names in some cases. - + pause-on-idle is now disabled for ALSA devices. This can + - Gracefully handle missing profile-sets + - There is now a native HFP backend + - Improve card names in some cases. + - pause-on-idle is now disabled for ALSA devices. This can - * ALSA plugin - + Use rate-match to reduce the latency - + Implement a _delay() function to get smoother timestamps. - + Fix property parsing. Fixes volume changes in alsamixer. - * PulseAudio server - + Use rate-match to reduce the latency. This also reduces + + ALSA plugin + - Use rate-match to reduce the latency + - Implement a _delay() function to get smoother timestamps. + - Fix property parsing. Fixes volume changes in alsamixer. + + PulseAudio server + - Use rate-match to reduce the latency. This also reduces - + Implement rate changes now that we have rate-match + - Implement rate changes now that we have rate-match - + pactl stats will now work - + Fix excessive memory usage when a capture client doesn't + - pactl stats will now work + - Fix excessive memory usage when a capture client doesn't - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Session-manager + + Session-manager - * Device support + + Device support - * JACK layer + + JACK layer - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Session-manager + + Session-manager - * Device support + + Device support - * PulseAudio server + + PulseAudio server - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Device support + + Device support - * Session-manager + + Session-manager - * PulseAudio server + + PulseAudio server - * Highlights + + Highlights - * PipeWire improvements + + PipeWire improvements - * Device support + + Device support - * pulse-server + + pulse-server - * JACK layer + + JACK layer - * Highlights - + This is a quick update to fix critical issues with the + + Highlights + - This is a quick update to fix critical issues with the - + Fix some compatibility issues in pulse-server with + - Fix some compatibility issues in pulse-server with - * PipeWire improvements - + Permission checks for new clients are now done from a + + PipeWire improvements + - Permission checks for new clients are now done from a - + Handle EINTR everywhere - + Fix an issue with the node state changes where a quick + - Handle EINTR everywhere + - Fix an issue with the node state changes where a quick - * Session manager improvements - + Disable the bluez5 and pulse-bridge modules by default + + Session manager improvements + - Disable the bluez5 and pulse-bridge modules by default - + Fix an issue where the session manager could end up in + - Fix an issue where the session manager could end up in - + The session manager will now always configure nodes to remix + - The session manager will now always configure nodes to remix - * Device support - + Initial merge of A2DP extra codec support using the new + + Device support + - Initial merge of A2DP extra codec support using the new - * pulse-server - + Create the runtime directory when it doesn't exist. - + Don't ever block the server, use non-blocking IO everywhere. - + Fill description of profiles with the name if not otherwise + + pulse-server + - Create the runtime directory when it doesn't exist. + - Don't ever block the server, use non-blocking IO everywhere. + - Fill description of profiles with the name if not otherwise - + the connection debug catergory will now also debug pulse + - the connection debug catergory will now also debug pulse - + Respect the no_remix flag to make the control panel channel + - Respect the no_remix flag to make the control panel channel - * ALSA plugin - + implement pause + + ALSA plugin + - implement pause - * Highlights - + This release focuses on bugfixes and stability + + Highlights + - This release focuses on bugfixes and stability - + A new experimental pulse-server module was added. This + - A new experimental pulse-server module was added. This - + A2DP bluetooth was reworked. Playback should work a lot + - A2DP bluetooth was reworked. Playback should work a lot - + Improvements to the routing and volume restore features + - Improvements to the routing and volume restore features - * PipeWire improvements - + The channelmixer does not normalize volumes anymore. Volumes + + PipeWire improvements + - The channelmixer does not normalize volumes anymore. Volumes - + Streams can actually start in the inactive state now. - + The channelmixer can now also convert volume updates from one + - Streams can actually start in the inactive state now. + - The channelmixer can now also convert volume updates from one - + Clients are only registered after the properties have been + - Clients are only registered after the properties have been - + Links now have a new active state. - + Drivers can now also specify a minimum quantum. This makes it + - Links now have a new active state. + - Drivers can now also specify a minimum quantum. This makes it - + The amount of data sent over the socket was reduced by only + - The amount of data sent over the socket was reduced by only - + Client objects are now exposed after they uploaded their + - Client objects are now exposed after they uploaded their - * Tools improvements - + pw-cat will now add metadata to the PipeWire streams. - * Session manager improvements - + Fix crashes when reading bad data in stored settings. - + volume and routing is improved. Settings are now remembered + + Tools improvements + - pw-cat will now add metadata to the PipeWire streams. + + Session manager improvements + - Fix crashes when reading bad data in stored settings. + - volume and routing is improved. Settings are now remembered - + The session manager remembers the last device used per stream - + Fix a bug when moving streams where it could sometimes end + - The session manager remembers the last device used per stream + - Fix a bug when moving streams where it could sometimes end - + Use RTKit to set realtime priority on the data thread in the + - Use RTKit to set realtime priority on the data thread in the - + Add a new property to mark streams that want to capture from + - Add a new property to mark streams that want to capture from - + NODE_TARGET can now also contain the node name. This avoids + - NODE_TARGET can now also contain the node name. This avoids - + the -e and -d options are more usable now and can be used to + - the -e and -d options are more usable now and can be used to - * Device support - + v4l2: add some workarounds for buggy drivers. Add Limited + + Device support + - v4l2: add some workarounds for buggy drivers. Add Limited - + ACP: improve selection of default port and profiles. - + ACP: add support for using the hardware mixer for more than + - ACP: improve selection of default port and profiles. + - ACP: add support for using the hardware mixer for more than - + ACP: support the new port type and availability group found + - ACP: support the new port type and availability group found - + A2DP bluetooth timings were reworked. Automatic linking of + - A2DP bluetooth timings were reworked. Automatic linking of - + Try harder to recover from ALSA errors. - * GStreamer improvements - + Fix some crashes in the monitor that cause + - Try harder to recover from ALSA errors. + + GStreamer improvements + - Fix some crashes in the monitor that cause - * PulseAudio layer improvements - + Many compatibility improvements. Improved playback in + + PulseAudio layer improvements + - Many compatibility improvements. Improved playback in - + Fix a leak in the formats. - + Fix !ADJUST_LATENCY streams like paplay. - + Make the device option in paplay work. - + Fix volume/mute notifications, this makes plasma volume updates + - Fix a leak in the formats. + - Fix !ADJUST_LATENCY streams like paplay. + - Make the device option in paplay work. + - Fix volume/mute notifications, this makes plasma volume updates - + Do the conversion between PulseAudio cubic volumes and PipeWire + - Do the conversion between PulseAudio cubic volumes and PipeWire - * JACK layer improvements - + Return an error when we run out of midi events. Some application + + JACK layer improvements + - Return an error when we run out of midi events. Some application - * ALSA plugin improvements - + The ALSA plugin now also supports the node name in the + + ALSA plugin improvements + - The ALSA plugin now also supports the node name in the - * PipeWire improvements - + Add pw-reserve tool to reserve or monitor a device on DBus. - + Install spa-resample, a tool to resample a file. - + Install spa-acp-tool, a tool to inspect the card profile. - + Various fixes and improvements - + Fix a bug in pw-stream where a capture stream could run out + + PipeWire improvements + - Add pw-reserve tool to reserve or monitor a device on DBus. + - Install spa-resample, a tool to resample a file. + - Install spa-acp-tool, a tool to inspect the card profile. + - Various fixes and improvements + - Fix a bug in pw-stream where a capture stream could run out - + Rework the processing loops in the adapter and stream. There + - Rework the processing loops in the adapter and stream. There - * Session manager improvements - + Improve the device reservation code. We now try to acquire + + Session manager improvements + - Improve the device reservation code. We now try to acquire - + Don't fail on invalid input from the config files. - + Audio devices now have the same name as what PulseAudio + - Don't fail on invalid input from the config files. + - Audio devices now have the same name as what PulseAudio - * Device support - + v4l2: try to use the format before enumerating the size and + + Device support + - v4l2: try to use the format before enumerating the size and - + v4l2: Fall back to MMAP when EXPBUF fails. Fix MMAP access, + - v4l2: Fall back to MMAP when EXPBUF fails. Fix MMAP access, - + Fix crash in ALSA Card Profile (ACP) code. - + ACP: fix selection of default profile. Prefer any possibly + - Fix crash in ALSA Card Profile (ACP) code. + - ACP: fix selection of default profile. Prefer any possibly - + Fix soft volume. After setting the volume to 0, it would stay + - Fix soft volume. After setting the volume to 0, it would stay - * PulseAudio layer improvements - + Rework the buffering and latency measurements and tweak the + + PulseAudio layer improvements + - Rework the buffering and latency measurements and tweak the - * JACK layer improvements - + Fix compilation against newer JACK. + + JACK layer improvements + - Fix compilation against newer JACK. - * do-not-install-alsa-config-files.patch + + do-not-install-alsa-config-files.patch - * PipeWire improvements - + The channelmap converter now handles unknown and strange + + PipeWire improvements + - The channelmap converter now handles unknown and strange - + The resampler is now cleared correctly, avoiding clicks and + - The resampler is now cleared correctly, avoiding clicks and - + Fixes for various crasher bugs. (paplay drain, vlc shutdown, + - Fixes for various crasher bugs. (paplay drain, vlc shutdown, - + Fix a race condition in the node state changes that caused + - Fix a race condition in the node state changes that caused - + Improve the binary name property of applications - + Fix the scheduling again of nodes that always need a driver + - Improve the binary name property of applications + - Fix the scheduling again of nodes that always need a driver - * Session manager improvements - + Fix routing to default nodes. Sometimes nodes were not routed + + Session manager improvements + - Fix routing to default nodes. Sometimes nodes were not routed - * Device support - + Disable channelmap from ALSA by default. This is what + + Device support + - Disable channelmap from ALSA by default. This is what - + Fix a bug in how the resampler was used in the ALSA source, + - Fix a bug in how the resampler was used in the ALSA source, - + Small bluetooth improvements. More work is needed for + - Small bluetooth improvements. More work is needed for - * GStreamer plugins - + The device provider now stops the processing loop before + + GStreamer plugins + - The device provider now stops the processing loop before - * PulseAudio layer improvements - + The buffer attributes were reworked to ensure compatibility + + PulseAudio layer improvements + - The buffer attributes were reworked to ensure compatibility - + The pulseaudio layer will now try hard to not hand out + - The pulseaudio layer will now try hard to not hand out - + The @DEFAULT_SINK/SOURCE/MONITOR@ wildcards now work. This + - The @DEFAULT_SINK/SOURCE/MONITOR@ wildcards now work. This - + The PIPEWIRE_LATENCY environment variable now works again - + Fix some leaks of ports and port info. Also fix the leak of + - The PIPEWIRE_LATENCY environment variable now works again + - Fix some leaks of ports and port info. Also fix the leak of - + The sink/source format_info array is now filled up + - The sink/source format_info array is now filled up - * JACK layer improvements - + jack now returns version 3.0.0 and has PipeWire in the + + JACK layer improvements + - jack now returns version 3.0.0 and has PipeWire in the - * 0001-alsa-dont-change-the-resampler-delay-value.patch + + 0001-alsa-dont-change-the-resampler-delay-value.patch - * PipeWire improvements - + Properly cleanup the mixer structures when a port is removed, + + PipeWire improvements + - Properly cleanup the mixer structures when a port is removed, - + Optimize the preferred formats in the audio converter. Higher + - Optimize the preferred formats in the audio converter. Higher - + Make sure the time reported by pw_stream is always + - Make sure the time reported by pw_stream is always - + There is now also a system service and socket that can be + - There is now also a system service and socket that can be - + Fix channelmixer 5.1 to stereo mix matrix. It was not reading + - Fix channelmixer 5.1 to stereo mix matrix. It was not reading - + The channelmixer will now just copy channels when no layout + - The channelmixer will now just copy channels when no layout - + Port, Node and Link will now also emit an error on the + - Port, Node and Link will now also emit an error on the - + many small fixes and cleanups. - + Fix compatibility: + - many small fixes and cleanups. + - Fix compatibility: - * Session manager improvements - + The session manager will now try to configure the client to + + Session manager improvements + - The session manager will now try to configure the client to - + Configuration state is now saved in XDG_CONFIG_HOME. + - Configuration state is now saved in XDG_CONFIG_HOME. - * Device support - + Bluetooth sources and sinks should work better now. - + There is now also a new bluetooth backend using hsphfpd. - + fix the ALSA UCM Off profile for alsa pcm devices - + improve ALSA port and profile switching. The ACP device will + + Device support + - Bluetooth sources and sinks should work better now. + - There is now also a new bluetooth backend using hsphfpd. + - fix the ALSA UCM Off profile for alsa pcm devices + - improve ALSA port and profile switching. The ACP device will - * PulseAudio layer improvements - + Implement some more callbacks. The pulse layer will now also + + PulseAudio layer improvements + - Implement some more callbacks. The pulse layer will now also - + Fix error code when an object was not found. We now return + - Fix error code when an object was not found. We now return - + Add some support for loading new null sinks. Applications + - Add some support for loading new null sinks. Applications - + Improve handling of profile and port updates, it should work + - Improve handling of profile and port updates, it should work - + Fix compatibility: + - Fix compatibility: - * JACK layer improvements - + improve default source and sink handling. It was not updated + + JACK layer improvements + - improve default source and sink handling. It was not updated - + add samplerate and period to the pw-jack wrapper to easily + - add samplerate and period to the pw-jack wrapper to easily - * ALSA plugin improvements - + Add a mixer entry in the alsa config file. - + Implement support for planar types, rework the processing + + ALSA plugin improvements + - Add a mixer entry in the alsa config file. + - Implement support for planar types, rework the processing - + refuse to load the alsa plugin when linked against 0.2. This + - refuse to load the alsa plugin when linked against 0.2. This - + Fix compatibility: + - Fix compatibility: - * 0021-alsa-protect-against-SIGPFE.patch + + 0021-alsa-protect-against-SIGPFE.patch - * 0001-alsa-dont-change-the-resampler-delay-value.patch + + 0001-alsa-dont-change-the-resampler-delay-value.patch - * Many improvements to the pulse layer. - + GStreamer pulsesink element now works. - + Fixes some segfaults. - + Enable rtkit for client threads. - + fixes capture of monitor stream by name - + implement some more extensions, this makes paman + + Many improvements to the pulse layer. + - GStreamer pulsesink element now works. + - Fixes some segfaults. + - Enable rtkit for client threads. + - fixes capture of monitor stream by name + - implement some more extensions, this makes paman - * Many improvements to the GStreamer elements - + negotiation rework, avoid calling GStreamer methods from + + Many improvements to the GStreamer elements + - negotiation rework, avoid calling GStreamer methods from - + Add support for non-string property values. - + improve stability after buffer and format + - Add support for non-string property values. + - improve stability after buffer and format - + Rework the device provider. - + pipewiresink can now provide a stream that can + - Rework the device provider. + - pipewiresink can now provide a stream that can - * Many improvements to the JACK layer: - + Rework the buffer_size callbacks. Make sure we call + + Many improvements to the JACK layer: + - Rework the buffer_size callbacks. Make sure we call - + Improve compatibility with apps that call + - Improve compatibility with apps that call - + JACK can now create nodes that can be set as a + - JACK can now create nodes that can be set as a - * Added a group id property for nodes. This makes it + + Added a group id property for nodes. This makes it - * Streams and filter now use PIPEWIRE_NODE and + + Streams and filter now use PIPEWIRE_NODE and - * ACP add per device port list. This makes UCM devices + + ACP add per device port list. This makes UCM devices - * Fix some segfaults in ACP and UCM. - * make pw-cat use the metadata to find default devices. - * The media session can now save and load audio device + + Fix some segfaults in ACP and UCM. + + make pw-cat use the metadata to find default devices. + + The media session can now save and load audio device - * Fix bad audio in chrome - * Remove some errors that are not real errors. - * Fix 100% cpu when disconnecting devices. - * Improve pulseaudio introspection of formats - * Fix JACK metadata handling, carla can now monitor the + + Fix bad audio in chrome + + Remove some errors that are not real errors. + + Fix 100% cpu when disconnecting devices. + + Improve pulseaudio introspection of formats + + Fix JACK metadata handling, carla can now monitor the - * Add a new permission bit (M) that is needed to be able + + Add a new permission bit (M) that is needed to be able - * Add support for videocrop in the GStreamer elements. - * Improve handling of the runtime directory for the + + Add support for videocrop in the GStreamer elements. + + Improve handling of the runtime directory for the - * Improve ALSA device names from ACP. - * Fix various crasher bugs. One in the pulse layer, one in + + Improve ALSA device names from ACP. + + Fix various crasher bugs. One in the pulse layer, one in - * Make alsa plugin respect the PIPEWIRE_REMOTE env variable. - * Various compile fixes. + + Make alsa plugin respect the PIPEWIRE_REMOTE env variable. + + Various compile fixes. - * Fix an embarrassing crasher in the JACK layer when metadata + + Fix an embarrassing crasher in the JACK layer when metadata - * Make it possible to add properties to jack clients with a + + Make it possible to add properties to jack clients with a - * Improvements in the session manager in how it links ports. + + Improvements in the session manager in how it links ports. - * Add ofono backend for Bluetooth HeadSet support. - * Improve default source and sink handling. They are now stored + + Add ofono backend for Bluetooth HeadSet support. + + Improve default source and sink handling. They are now stored - * Improve environment variables to make it possible to create + + Improve environment variables to make it possible to create - * Add an alsa mixer plugin so that alsamixer works with PipeWire. + + Add an alsa mixer plugin so that alsamixer works with PipeWire. - * Fix capture devices. There was something wrong with how the + + Fix capture devices. There was something wrong with how the - * We now ship alsa card paths, profile-sets configuration files + + We now ship alsa card paths, profile-sets configuration files - * Many build and stability fixes. + + Many build and stability fixes. - * Improved PulseAudio compatibility. The alsa card profile + + Improved PulseAudio compatibility. The alsa card profile - * Many fixes and improvements to the GStreamer elements. + + Many fixes and improvements to the GStreamer elements. - * Improvements to the bluetooth nodes. Dynamically adding + + Improvements to the bluetooth nodes. Dynamically adding - * Reduced memory usage by using less pre-allocated memory + + Reduced memory usage by using less pre-allocated memory - * Support for passive links is added again. These are links + + Support for passive links is added again. These are links - * Both consumers and producers can now ask to renegotiate + + Both consumers and producers can now ask to renegotiate - * Important fixes to how memory is shared with clients. Memory + + Important fixes to how memory is shared with clients. Memory - * Support for planar formats for audio and video was added. - * Improved error handling in the session manager. - * Metadata is now used to manage default audio source and + + Support for planar formats for audio and video was added. + + Improved error handling in the session manager. + + Metadata is now used to manage default audio source and - * Metadata is used to tag the desired output device for + + Metadata is used to tag the desired output device for - * Many fixes to the security modules. The session manager now + + Many fixes to the security modules. The session manager now - * The portal module has been split up in 2 parts: - + a part living in the daemon that monitors the portal + + The portal module has been split up in 2 parts: + - a part living in the daemon that monitors the portal - + a part in the session manager that uses the permission + - a part in the session manager that uses the permission - * 0001-client-node-fix-buffer-size-calculation.patch - * 0002-gst-fix-proxy-leaks.patch - * 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch - * 0004-pulse-fix-size-calculation.patch - * 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch - * 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch - * 0007-pulse-fix-counter-while-populating-car_info-profiles.patch - * 0008-impl-link-reset-state-before-starting-allocation.patch - * 0009-impl-core-clear-the-mempool.patch - * 0010-mem-reset-the-map-in-clear.patch - * 0011-avoid-uninitialized-variables.patch - * 0012-dlclose-on-errors.patch - * 0013-stream-handle-NULL-context.patch - * 0014-state-always-update-state-variables.patch - * 0015-spa-device-fix-leak-of-properties-in-error-case.patch - * 0016-alsa-dont-leak-structure-on-error.patch - * 0017-alsa-dont-leak-properties-on-error.patch - * 0018-stream-fix-some-more-leaks-in-error-paths.patch - * 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch - * 0020-gst-return-NULL-for-unknown-format.patch + + 0001-client-node-fix-buffer-size-calculation.patch + + 0002-gst-fix-proxy-leaks.patch + + 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch + + 0004-pulse-fix-size-calculation.patch + + 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch + + 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch + + 0007-pulse-fix-counter-while-populating-car_info-profiles.patch + + 0008-impl-link-reset-state-before-starting-allocation.patch + + 0009-impl-core-clear-the-mempool.patch + + 0010-mem-reset-the-map-in-clear.patch + + 0011-avoid-uninitialized-variables.patch + + 0012-dlclose-on-errors.patch + + 0013-stream-handle-NULL-context.patch + + 0014-state-always-update-state-variables.patch + + 0015-spa-device-fix-leak-of-properties-in-error-case.patch + + 0016-alsa-dont-leak-structure-on-error.patch + + 0017-alsa-dont-leak-properties-on-error.patch + + 0018-stream-fix-some-more-leaks-in-error-paths.patch + + 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch + + 0020-gst-return-NULL-for-unknown-format.patch - * fix-meson-required-version.patch + + fix-meson-required-version.patch - * do-not-install-alsa-config-files.patch + + do-not-install-alsa-config-files.patch - * 0001-client-node-fix-buffer-size-calculation.patch - * 0002-gst-fix-proxy-leaks.patch - * 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch - * 0004-pulse-fix-size-calculation.patch - * 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch - * 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch - * 0007-pulse-fix-counter-while-populating-car_info-profiles.patch - * 0008-impl-link-reset-state-before-starting-allocation.patch - * 0009-impl-core-clear-the-mempool.patch - * 0010-mem-reset-the-map-in-clear.patch - * 0011-avoid-uninitialized-variables.patch - * 0012-dlclose-on-errors.patch - * 0013-stream-handle-NULL-context.patch - * 0014-state-always-update-state-variables.patch - * 0015-spa-device-fix-leak-of-properties-in-error-case.patch - * 0016-alsa-dont-leak-structure-on-error.patch - * 0017-alsa-dont-leak-properties-on-error.patch - * 0018-stream-fix-some-more-leaks-in-error-paths.patch - * 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch - * 0020-gst-return-NULL-for-unknown-format.patch + + 0001-client-node-fix-buffer-size-calculation.patch + + 0002-gst-fix-proxy-leaks.patch + + 0003-pulse-fix-pa_card_info-profiles2-array-to-be-NULL-terminated.patch + + 0004-pulse-fix-size-calculation.patch + + 0005-jack-fix-crash-on-close-when-metadata-are-not-available.patch + + 0006-a2dpsink-only-request-new-data-when-buffer-is-done.patch + + 0007-pulse-fix-counter-while-populating-car_info-profiles.patch + + 0008-impl-link-reset-state-before-starting-allocation.patch + + 0009-impl-core-clear-the-mempool.patch + + 0010-mem-reset-the-map-in-clear.patch + + 0011-avoid-uninitialized-variables.patch + + 0012-dlclose-on-errors.patch + + 0013-stream-handle-NULL-context.patch + + 0014-state-always-update-state-variables.patch + + 0015-spa-device-fix-leak-of-properties-in-error-case.patch + + 0016-alsa-dont-leak-structure-on-error.patch + + 0017-alsa-dont-leak-properties-on-error.patch + + 0018-stream-fix-some-more-leaks-in-error-paths.patch + + 0019-buffers-increase-max-datas-and-metadata-in-buffers.patch + + 0020-gst-return-NULL-for-unknown-format.patch - * do-not-use-snd_pcm_ioplug_hw_avail.patch - * fix-memfd_create-call.patch + + do-not-use-snd_pcm_ioplug_hw_avail.patch + + fix-memfd_create-call.patch - * Extensive memory leak fixing and stress testing was done. + + Extensive memory leak fixing and stress testing was done. - * Compile fixes - * Stability improvements in jack and pulseaudio layers. - * Added the old portal module to make the Camera portal + + Compile fixes + + Stability improvements in jack and pulseaudio layers. + + Added the old portal module to make the Camera portal - * Improvements to the GStreamer source and sink shutdown. - * Fix compatibility with v2 clients again when negotiating + + Improvements to the GStreamer source and sink shutdown. + + Fix compatibility with v2 clients again when negotiating - * fix-meson-required-version.patch + + fix-meson-required-version.patch - * do-not-use-snd_pcm_ioplug_hw_avail.patch + + do-not-use-snd_pcm_ioplug_hw_avail.patch - * Compiler fixes - * Add pw-midiplay and pw-midirecord aliases - * Add pw-mididump tool - * Add pw-metadata tool to inspect, add and remove metadata + + Compiler fixes + + Add pw-midiplay and pw-midirecord aliases + + Add pw-mididump tool + + Add pw-metadata tool to inspect, add and remove metadata - * Docs updates, man pages - * install alsa config files - * Fix linked sink/source in pulseaudio - * ratelimit graph processing warnings - * improve buffer handling in GStreamer elements - * Fix power usage by removing the queue for the alsa + + Docs updates, man pages + + install alsa config files + + Fix linked sink/source in pulseaudio + + ratelimit graph processing warnings + + improve buffer handling in GStreamer elements + + Fix power usage by removing the queue for the alsa - * Fix metadata clear() method dispatch. - * Improve parameter enumeration, make it possible to detect + + Fix metadata clear() method dispatch. + + Improve parameter enumeration, make it possible to detect - * Fix cleanup of proxy objects. Stability improvements on + + Fix cleanup of proxy objects. Stability improvements on - * Make it possible to set log level from config file - * improve debug of param negotiation errors. Log the + + Make it possible to set log level from config file + + improve debug of param negotiation errors. Log the - * Make it possible to configure global logger + + Make it possible to configure global logger - * Fix NEON detection - * JACK and PulseAudio compatibility improvements + + Fix NEON detection + + JACK and PulseAudio compatibility improvements - * A quick update with some important stability fixes. + + A quick update with some important stability fixes. - * NEON optimizations for audio conversion (32 and 64 bits) - * rework of session manager implementation - * Add option to disable modules in the session manager - * Release midi hardware devices when suspended - * various build fixes - * Clean up options of various utils - * Stability improvements - * Mayor improvements in pulseaudio emulation. Improved + + NEON optimizations for audio conversion (32 and 64 bits) + + rework of session manager implementation + + Add option to disable modules in the session manager + + Release midi hardware devices when suspended + + various build fixes + + Clean up options of various utils + + Stability improvements + + Mayor improvements in pulseaudio emulation. Improved - * Implementation of drain and flush in pulse and alsa + + Implementation of drain and flush in pulse and alsa - * Implement poll on file descriptors. - * Improvement of metadata for jack emulation. - * Fix memory and thread problems in jack emulation. - * Simplification of state changes. Should make more use + + Implement poll on file descriptors. + + Improvement of metadata for jack emulation. + + Fix memory and thread problems in jack emulation. + + Simplification of state changes. Should make more use - * Improvements in the gstreamer elements. Removal of + + Improvements in the gstreamer elements. Removal of - * Add pw-jack and pw-pulse scripts to run pulseaudio and + + Add pw-jack and pw-pulse scripts to run pulseaudio and - * fix-memfd_create-call.patch + + fix-memfd_create-call.patch - * avoid-invalid-conversion-error-with-C++.patch + + avoid-invalid-conversion-error-with-C++.patch - * No changelog provided by upstream. To see the changes in this + + No changelog provided by upstream. To see the changes in this plasma-framework +- Replace patch to fix non-integer Label sizes: + * fix-noninteger-Label-height.patch + with the latest patches submitted to upstream: + * 0001-Fix-Label-having-non-integer-sizes.patch + * 0002-Use-implicitWidth-Height-instead-of-paintedWidth-Hei.patch + (https://invent.kde.org/frameworks/plasma-framework/-/merge_requests/201) + plymouth +- Disable plymouth-systemd-KillMode-mixed.patch: Temporary disable + it, because aarch64 and ppc64le system could not booting in + release period, and this is only a enhancement with no harm to + rollback (bnc#1177082, bnc#1182145, bnc#1184087). + +- Add plymouth-systemd-KillMode-mixed.patch: Backport from upstream + change plymouth systemd plymouth-start.service KillMode=mixed, + the old method is unsafe and deprecated (bnc#1177082, + bnc#1182145). + poppler +- Add 0001-Fix-opening-files-by-some-generators-that-are-a-bit-.patch: + Some PDF generators generate PDF with some wrong numbers in entry + table, but the content is still valid, this patch ignores those + problems. (bsc#1181551) + postgresql13 +- Upgrade to version 13.2: + * https://www.postgresql.org/docs/13/release-13-2.html + * Updating stored views and reindexing might be needed after + applying this update. + * CVE-2021-3393, bsc#1182040: Fix information leakage in + constraint-violation error messages. + * CVE-2021-20229, bsc#1182039: Fix failure to check per-column + SELECT privileges in some join queries. + * Obsoletes postgresql-icu68.patch. + +- Add postgresql-icu68.patch: fix build with ICU 68 + +- boo#1179765: BuildRequire libpq5 and libecpg6 when not building + them to avoid dangling symlinks in the devel package. protobuf +- Fix Requires for python3 to python3-six. + +- Add missing dependency of python subpackages on python-six + (bsc#1177127). + psmisc +- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch + * Fix bsc#1178407: fuser does not show open kvm storage image files + such as qcow2 files. Patch from Ali Abdallah + python +- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids + use of semicolon as a query string separator (bpo#42967, + bsc#1182379, CVE-2021-23336). +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in http.cookiejar. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. +- Remove upstreamed patches: + - CVE-2019-18348-CRLF_injection_via_host_part.patch +- Other patches recalculated. + python-base +- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids + use of semicolon as a query string separator (bpo#42967, + bsc#1182379, CVE-2021-23336). +- Update to 2.7.18, final release of Python 2. Ever.: + - Newline characters have been escaped when performing uu + encoding to prevent them from overflowing into to content + section of the encoded file. This prevents malicious or + accidental modification of data during the decoding process. + - Fixes a ReDoS vulnerability in http.cookiejar. Patch + by Ben Caller. + - Fixed line numbers and column offsets for AST nodes for calls + without arguments in decorators. + - Disallow control characters in hostnames in http.client, + addressing CVE-2019-18348. Such potentially malicious header + injection URLs now cause a InvalidURL to be raised. + - Fix urllib.urlretrieve failing on subsequent ftp transfers + from the same host. + - Fix problems identified by GCC's -Wstringop-truncation + warning. + - AddRefActCtx() was needlessly being checked for failure in + PC/dl_nt.c. + - Prevent failure of test_relative_path in test_py_compile on + macOS Catalina. + - Fixed possible leak in :c:func:`PyArg_Parse` and similar + functions for format units "es#" and "et#" when the macro + :c:macro:`PY_SSIZE_T_CLEAN` is not defined. +- Remove upstreamed patches: + - CVE-2019-18348-CRLF_injection_via_host_part.patch +- Other patches recalculated. + python-cryptography +- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242) + * Using the Fernet class to symmetrically encrypt multi gigabyte values + could result in an integer overflow and buffer overflow. + python3 +Update to 3.6.13, final release of 3.6 branch: + * Security + - bpo#42967 (bsc#1182379, CVE-2021-23336): Fix web cache + poisoning vulnerability by defaulting the query args + separator to &, and allowing the user to choose a custom + separator. + - bpo#42938 (bsc#1181126, CVE-2021-3177): Avoid static + buffers when computing the repr of ctypes.c_double and + ctypes.c_longdouble values. + - bpo#42103: Prevented potential DoS attack via CPU and RAM + exhaustion when processing malformed Apple Property List + files in binary format. + - bpo#42051: The plistlib module no longer accepts entity + declarations in XML plist files to avoid XML + vulnerabilities. This should not affect users as entity + declarations are not used in regular plist files. + - bpo#40791: Add volatile to the accumulator variable in + hmac.compare_digest, making constant-time-defeating + optimizations less likely. + * Core and Builtins + - bpo#35560: Fix an assertion error in format() in debug + build for floating point formatting with “n” format, zero + padding and small width. Release build is not impacted. + Patch by Karthikeyan Singaravelan. + * Library + - bpo#42103: InvalidFileException and RecursionError are now + the only errors caused by loading malformed binary Plist + file (previously ValueError and TypeError could be raised + in some specific cases). + * Tests + - bpo#42794: Update test_nntplib to use offical group name of + news.aioe.org for testing. Patch by Dong-hee Na. + - bpo#41944: Tests for CJK codecs no longer call eval() on + content received via HTTP. +- Patches removed, because they were included in the upstream + tarball: + - CVE-2020-27619-no-eval-http-content.patch + - CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch + +- Resync with python36 Factory package. +- Make this %primary_interpreter + +- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing + bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in + _ctypes/callproc.c, which may lead to remote code execution. + +- Provide the newest setuptools wheel (bsc#1176262, + CVE-2019-20916) in their correct form (bsc#1180686). + -- Change setuptools and pip version numbers according to new wheels +- Change setuptools and pip version numbers according to new + wheels (bsc#1179756). ruby2 +- Update suse.patch: (boo#1177125) + Backport fix CVE-2020-25613: Potential HTTP Request Smuggling + Vulnerability in WEBrick + +- replace all patches with suse.patch (v2_5_8..2.5-suse) + (we keep remove-unneeded-files.patch as it can not be done in our + backports branch) +- backport patch to enable optimizations also on ARM64 + (boo#1177222) + +- make sure that update-alternative weight for the default + distribution is always greater than our normal weight + +- make the update-alternative weight based on the ruby version + sane-backends +- sane-backends version upgrade to 1.0.32 for SLE15: + * sane-backends version upgrade to 1.0.32 + to fix bugs in sane-backends version 1.0.31 in particular + https://gitlab.com/sane-project/backends/-/issues/402 + double height image with the avision backend (bsc#1179065) + to avoid regressions by hardware enablement for scanners + (jsc#SLE-15561 and jsc#SLE-15560 with jsc#ECO-2418) + cf. the entry below dated "Wed Oct 14 11:17:03 CEST 2020" + +- Remove udev rules mangling for USB devices (ATTR vs ATTRS) (!510) +- Do no add SCSI id twice for EPSON Perfection 1640SU (!509) + +- Upgraded to sane-backends version 1.0.32 + Changes since 1.0.31 + see https://gitlab.com/sane-project/backends/-/blob/master/NEWS + Numbers of the form '(#NNN)' usually mean upstream issues like + https://gitlab.com/sane-project/backends/-/issues/NNN and numbers + of the form '(!MMM)' usually mean upstream merge requests like + https://gitlab.com/sane-project/backends/-/merge_requests/MMM + Backends + * all backends now respect the 'local_only' parameter when 'true' + is passed to 'sane_get_devices()' in that they do not actively + go out looking for networked devices (!502) + * 'artec_eplus48u': fixes configuration for AstraSlim SE (!545) + * 'avision': adds the AV186+ and AV188 as supported (!532) + * 'avision': fixes doubled height issue (#402) + * 'avision': fixes a debug message and compiler warning (!515) + * 'canon_dr': adds support for the DR-C120 and DR-C130 (#175) + * 'canon_dr': adds support for uploading of fine calibration + uploads + * 'canon_dr': enables fine calibration for the P-208 + * 'canon_dr': improves DR-C225 support (#431) + * 'canon_lide70': adds support for document scanning + on the Canon LiDE 600(F), thanks to a hardware donation + by Georg Sauthoff + * 'dll': fixes a memory leak (!537) + * 'epson2': adds support for the ET-2600 (#395) + * 'epson2': adds autofocus support for devices + that support it (!531) + * 'epson2': fixes brightness support for DS-G20000/12000XL (!529) + * 'epson2': fixes an unchecked return value issue (!526) + * 'escl': adds support for brightness, threshold, sharpen + and contrast options (!527, !528) + * 'escl': adds support for LaserJet FLowMFP M578 + and MFP M630 (#424) + * 'escl': adds support for DeskJet 2710, 2723 (!519) + and 3760 (!554) + * 'escl': adds support for the PIXMA TS-5351 (!544) + and MG5765 (!517) + * 'escl': adds support for the Brother HL-L258DW (!517) + * 'escl': fixes Avahi device discovery (!536) + * 'escl': fixes crashes for devices without a flatbed (!554) + * 'escl': fixes segfaults in option handling (!557) + * 'escl': fixes sleep mode (!577) + * 'escl': fixes builds without libpoppler-glib-dev (#422) + * 'escl': fixes a memory issue in its capability handling (#425) + * 'fujitsu': fixes brightness/contrast for the iX500 + * 'fujitsu': fixes memory corruption for duplex scans + * 'genesys': disables support for CanoScan 4400F to prevent + possible physical damage (#436) + * 'gt68xx': fixes scan cancellation logic (#356) + * 'pixma': adds untested support for models + released in 2020 (!553) + * 'pixma': adds support for ADF scans on the i-SENSYS MF260 + * 'pixma': adds support for PIXMA M340 buttons + and ADF status (!513) + * 'pixma': adds an option to control when to calibrate (#321) + * 'pixma': fixes support for the MX492 (!548) + * 'pixma': fixes ADF support for the MX490 Series + * 'pixma': fixes max resolution for ADF scans + on the PIXMA M320 (#364) + * 'pixma': fixes compile errors when libxml2 + is not available (#345) + * 'plustek': fixes CanoScanN650u discovery (#137) + * 'test': fixes several memory leaks (!537) + Frontends + * 'saned': add support for listening on a custom + or ephemeral port via a new '-p'/'--port' option (!549) + * 'scanimage': fixes crashes for multi-pass + and handheld scans (#408) + * 'scanimage': fixes a memory leak (!551) + * 'scanimage': fixes option handling + for non-compliant backends (#362) + Documentation + * updates our copy of the GPL with the FSF's current postal + address. This changes references to the Library GPL (LGPL-2.0) + into refs to the Lesser GPL (LGPL-2.1) but does *not* affect + the licensing of our backends (#320). + * source code now points to the Free Software Foundation's + website for copies of the GPL and LGPL (#320) + * updates translations for British English and Ukrainian + * adds a pointer to our Ubuntu PPA for pre-built binaries + * adds SCSI IDs for the EPSON Perfection 1640SU (!509) + * fixes a boat-load of spelling mistakes (!516, thanks @marschap) + * updates description files for 'scangearmp2' + and 'utsushi' external backends + Build + * removes support for 'automake' maintainer mode (!522) + * removes 'sane' subdirectory from the lock directory + to fix issues when the lock directory is on 'tmpfs' (#363) + * adds support for builds using GitLab "source" tarballs (#248) + * fixes static link scenarios (#124) + * fixes 'python' invocations to use the detected program (!525) + * disables 'genesys' testsuite when that backend + is not built (#354) + * suppresses warnings about obsolete autoconf macros (#122) + * fixes availability of sane-backends.pot file inputs (#344) + * fixes 'configure.ac' for use with 'autoconf-2.70' (#409) + * removes CVS keywords from the source to ease use + by downstreams that still use CVS (!547) + Miscellaneous + * udev rules now trigger on all events other + than 'remove' (!541). This aims to address a kernel API change + introduced in 4.14. The new behaviour may slow down udev's + processing of kernel events when still using our plain 'udev' + or 'udev+acl' rules, even though these have been optimized + slightly (#341). If that bothers you, now is a good time + to switch to our 'udev+hwdb' rules in combination with + the 'hwdb' database if you have not done so already. + sed +- Build fix for the new glibc-2.31 (bsc#1183797, + sed-tests-build-fix.patch). + -- keep binary in /usr tree (UsrMerge project) - -- license update: GPL-3.0+ - There are no "GPL-3.0 only" licenses in sed - -- add automake as buildrequire to avoid implicit dependency - -- Update to version 4.2.1: - + fix parsing of s/[[[[[[[[[]// - + security contexts are preserved by -i too under SELinux - + temporary files for sed -i are not made group/world-readable - until they are complete -- Changes from version 4.2: - + now released under GPLv3 - + added a new extension `z` to clear pattern space even in the - presence of invalid multibyte sequences - + a preexisting GNU gettext installation is needed in order to - compile GNU sed with NLS support - + new option --follow-symlinks, available when editing a file - in-place. - + hold-space is reset between different files in -i and -s modes. - + multibyte processing fixed - + fixed bug in 'i\' giving a segmentation violation if given - alone. - + much improved portability - + much faster in UTF-8 locales - + will correctly replace ACLs when using -i - + will now accept NUL bytes for `.' -- Drop upstream included [atches: - + sed-follow_symlinks.patch - + sed-4.1.5-fix_warnings.patch -- Remove --enable-html from configure: the option is no longer - supported and sed.html no longer created. - -- use %_smp_mflags - -- enable parallel building - smartmontools +- Remove obsolete service parameter (bsc#1183699, + smartmontools-smartd-service.patch). + snapper +- fixed creating root config (root prefix handling) + (gh#openSUSE/snapper#627) + squashfs +- enabled ZSTD compression support for openSUSE >= 15.1 + +- Add -fcommon in order to fix boo#1160294. + +- Version 4.4 - 2019-08-29: + * Reproducible builds, new compressors, + CVE fixes, security hardening and new options + for Mksquashfs/Unsquashfs. +- Overall improvements: + * Mksquashfs now generates reproducible images by default. + * Mkfs time and file timestamps can also be specified. + * Support for the Zstandard (ZSTD) compression algorithm. + * CVE-2015-4645 and CVE-2015-4646 have been fixed. +- Mksquashfs improvements and major bug fixes: + * Pseudo files now support symbolic links. + * New -mkfs-time option. + * New -all-time option. + * New -root-mode option. + * New -quiet option. + * New -noId option. + * New -offset option. + * Update lz4 wrapper to use new functions introduced + in 1.7.0. + * Bug fix, don't allow "/" pseudo filenames. + * Bug fix, allow quoting of pseudo files, to + better handle filenames with spaces. + * Fix compilation with glibc 2.25+. +- Unsquashfs improvements and major bug fixes: + * CVE-2015-4645 and CVE-2015-4646 have been fixed. + * Unsquashfs has been further hardened against corrupted + filestems. + * Unsquashfs is now more strict about error handling. + * New -ignore-errors option. + * New -strict-errors option. + * New -lln[umeric] option. + * New -lc option. + * New -llc option. + * New -mkfs-time option. + * New -UTC option. + * New -offset option. + * New -quiet option. + * Update lz4 wrapper to use new functions introduced + in 1.7.0. + * Bug fix, fatal and non-fatal errors now set the exit + code to 1. + * Bug fix, fix time setting for symlinks. + * Bug fix, try to set sticky-bit when running as a + user process. + * Fix compilation with glibc 2.25+. +- build changes: + * re-created patches to fit squashfs 4.4 + * removed 0001-mksquashfs-fix-rare-race-in-fragment-waiting-in-file.patch + (new version includes this change) + * removed 0002-Fix-2GB-limit-of-the-is_fragment-.-function.patch + (new version includes this change) + * removed 0003-Add-offset-function-to-skip-n-bytes.patch + (new version includes this change) + * removed sysmacros.patch + (new version includes this change) + +- Add -offset function to skip n bytes at the beginning of the squashfs… + https://github.com/plougher/squashfs-tools/commit/5a498ad24dcfeac9f3d747e894f22901f3ac10 + (0003-Add-offset-function-to-skip-n-bytes.patch) + +- Disable LTO (boo#1133284). + +- Use | instead of / that can be part of -L or -I options. + +- Use / as sed command delimiter. Comma can actually show up in + optflags (think -Wl,…), which then breaks the sed command line + parsing. + +- sysmacros.patch: Include for major/minor/makedev + -- Since version 4.3, squasfs does not require attr-devel - but uses glibc instead. - -- update to 4.3: - - unsquashfs: add checks for corrupted data in opendir functions - - unsquashfs: completely empty filesystems incorrectly generate an error - - unsquashfs: fix open file limit - - mksquashfs: Use linked list to store directory entries rather - - mksquashfs: Remove qsort and add a bottom up linked list merge sort - - mksquashfs: optimise lookup_inode2() for dirs - - pseudo: fix handling of modify pseudo files - - pseudo: fix handling of directory pseudo files - - xattr: Fix ERROR() so that it is synchronised with the progress bar - - mksquashfs/sort: Fix INFO() so that it is synced with the progress bar - - mksquashfs: Add -progress to force progress bar when using -info - - error.h: consolidate the various error macros into one header file - - mksquashfs: fix stack overflow in write_fragment_table() - - mksquashfs: move list allocation from off the stack - - unsquashfs: fix oversight in directory permission setting - - mksquashfs: dynamically allocate recovery_file - - mksquashfs: dynamically allocate buffer in subpathname() - - mksquashfs: dynamically allocate buffer in pathname() - - unsquashfs: fix CVE-2012-4024 - - unsquashfs: fix CVE-2012-4025 - - mksquashfs: fix potential stack overflow in get_component() - - mksquashfs: add parse_number() helper for numeric command line options - - mksquasfs: check return value of fstat() in reader_read_file() - - mksquashfs: dynamically allocate filename in old_add_exclude() - - unsquashfs: dynamically allocate pathname in dir_scan() - - unsquashfs: dynamically allocate pathname in pre_scan() - - sort: dynamically allocate filename in add_sort_list() - - mksquashfs: fix dir_scan() exit if lstat of source directory fails - - pseudo: fix memory leak in read_pseudo_def() if exec_file() fails - - pseudo: dynamically allocate path in dump_pseudo() - - mksquashfs: dynamically allocate path in display_path2() - - mksquashfs: dynamically allocate b_buffer in getbase() - - pseudo: fix potential stack overflow in get_component() - - pseudo: avoid buffer overflow in read_pseudo_def() using sscanf() - - pseudo: dynamically allocate filename in exec_file() - - pseudo: avoid buffer overflow in read_sort_file() using fscanf() - - sort: tighten up sort file parsing - - unsquashfs: fix name under-allocation in process_extract_files() - - unsquashfs: avoid buffer overflow in print_filename() using sprintf() - - Fix some limits in the file parsing routines - - pseudo: Rewrite pseudo file processing - - read_fs: fix small memory leaks in read_filesystem() - - mksquashfs: fix fclose leak in reader_read_file() on I/O error - - mksquashfs: fix frag struct leak in write_file_{process|blocks|frag} - - unsquashfs_xattr: fix memory leak in write_xattr() - - read_xattrs: fix xattr free in get_xattr() in error path - - unsquashfs: add -user-xattrs option to only extract user.xxx xattrs - - unsquashfs: add code to only print "not superuser" error message once - - unsquashfs: check for integer overflow in user input - - mksquashfs: check for integer overflow in user input - - mksquashfs: fix "new" variable leak in dir_scan1() - - read_fs: prevent buffer {over|under}flow in read_block() with - corrupted filesystems - - read_fs: check metadata blocks are expected size in scan_inode_table() - - read_fs: check the root inode block is found in scan_inode_table() - - read_fs: Further harden scan_inode_table() against corrupted - filesystems - - unsquashfs: prevent buffer {over|under}flow in read_block() with - corrupted filesystems - - read_xattrs: harden xattr data reading against corrupted filesystems - - unsquash-[23]: harden frag table reading against corrupted filesystems - - unsquash-4.c: harden uid/gid & frag table reading against corruption - - unsquashfs: harden inode/directory table reading against corruption - - mksquashfs: improve out of space in output filesystem handling - - mksquashfs: flag lseek error in writer as probable out of space - - mksquashfs: flag lseek error in write_destination as probable out of - space - - mksquashfs: print file being squashed when ^\ (SIGQUIT) typed - - mksquashfs: make EXIT_MKSQUASHFS() etc restore via new restore thread - - mksquashfs: fix recursive restore failure check - - info: dump queue and cache status if ^\ hit twice within one second - - mksquashfs: fix rare race condition in "locked fragment" queueing - - lz4: add experimental support for lz4 compression - - lz4: add support for lz4 "high compression" - - lzo_wrapper: new implementation with compression options - - gzip_wrapper: add compression options - - mksquashfs: redo -comp parsing - - mksquashfs: display compressor options when -X option isn't recognised - - mksquashfs: add -Xhelp option - - mksquashfs/unsquashfs: fix mtime signedness - - Mksquashfs: optimise duplicate checking when appending - - Mksquashfs: introduce additional per CPU fragment process threads - - Mksquashfs: significantly optimise fragment duplicate checking - - read_fs: scan_inode_table(), fix memory leak on filesystem corruption - - pseudo: add_pseudo(), fix use of freed variable - - mksquashfs/unsquashfs: exclude/extract/pseudo files, fix handling of - leaf name - - mksquashfs: rewrite default queue size so it's based on physical mem - - mksquashfs: add a new -mem option - - mksquashfs: fix limit on the number of dynamic pseudo files - - mksquashfs: make -mem take a normal byte value, optionally with a - K, M or G - -- Remove redundant tags/sections from specfile -- Parallel build with %_smp_mflags - -- enable support for xz and lzo (kernel has support already) - -- The ppc64 kernel uses a page size of 64kB but mksquashfs only - pads to a 4kB boundary. When we loopback mount a squashfs file - that isn't 64kB aligned and access the last sector of the - associated loopback device we see a stream of errors. - Disk partitioning tools seem to like accessing the last 512 - bytes of partitions. - This should fix warnings seen during starting installation on - ppc64 and IA64 - -- Update to version 4.2: - + Filesystem improvements: - - Added XZ compression - - Added compression options support - + Miscellaneous improvements/bug fixes: - - Add missing NO_XATTR filesystem flag to indicate no-xattrs - option was specified and no xattrs should be stored when - appending. - - Add suppport in Unquashfs -stat option for displaying - NO_XATTR flag. - - Remove checkdata entry from Unsquashfs -stat option if a 4.0 - filesystem - checkdata is no longer supported. - - Fix appending bug when appending to an empty filesystem - - this would be incorrectly treated as an error. - - Use glibc sys/xattr.h include rather than using attr/xattr.h - which isn't present by default on some distributions. - - Unsquashfs, fix block calculation error with regular files - when file size is between 2^32-block_size+1 and 2^32-1. - - Unsquashfs, fix sparse file writing when holes are larger - than 2^31-1. - - Add external CFLAGS and LDFLAGS support to Makefile, and - allow build options to be specified on command line. - Also don't over-write passed in CFLAGS definition. - -- update to 4.1 - - support for lzo (>= 2.6.36) and lzma (not yet mainline) - - xattr support - - misc fixes for the tools - -- removed obsolete source file - -- update to squashfs 4.0 (unsquashfs actually works) - systemd +- Fix 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1184254) + When a symlink is removed because there's no more references to it + make sure to remove the parent dir of the symlink as well. Also add + some logging when something goes wrong during the removal. + +- systemd.spec: clean some of the build deps up: + - libpcre is redundant with libpcre2 (only required by the full + build) and the mini variant needs none of them. Hence drop the ref + to libpcre. + - normally libidn2 is needed by some optional features in + systemd-network (only). But it's implicitly pulled in by libgnutls + (required by the main package). Let's make sure the related + features won't be disabled inadvertently in the future by making + the dep explicit. + +- Fix fd leak in 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1184238) + +- Import commit 480a6d14725509307a0f3edefef3876c107ee7f1 (merge of v246.13) + 423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745) + 4723778738 meson.build: make xinitrcdir configurable (bsc#1183408) + [...] + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/8baed1c6f82798c2374bdbfdd440dd065d09fb99...480a6d14725509307a0f3edefef3876c107ee7f1 + -- Update 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch +- Update 1004-udev-don-t-create-by-partlabel-primary-and-.-logical.patch (bsc#1183702) systemd-presets-common-SUSE +- Enable user service pipewire-media-session.service (used with + pipewire >= 0.3.23). + +- Enable user services pipewire.socket and pipewire-pulse.socket + (boo#1183012). + +- Enable btrfsmaintenance-refresh.path and disable + btrfsmaintenance-refresh.service to avoid needless refresh on boot + (boo#1165780) + +- Enable dnf-makecache.timer + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +- Enable ignition-firstboot-complete.service + +- Enable logwatch.timer (bsc#1112500). + +- Recent versions of mlocate don't use updatedb.timer any more. + Instead, the unit is called mlocate.timer. [boo#1115408] + +- Add default user preset: currently containing only the new + pulseaudio.socket (bsc#1083473) + sysvinit +- (re)add also support for SLE-15-SP3 + +- Update to sysvinit 2.99: + * Mostly typo and just better documentation and easier to read + code comments + +- prepare usrmerge (boo#1029961) + +- Update to sysvinit 2.98: + * Fixed time parsing in shutdown when there is a + in front of a 0 time offset. + Commands with a postiive time offset (+1) would work but +0 fails. + This has been corrected by Arkadiusz Miskiewicz. + +- Drop /bin/pidof and /sbin/pidof, including corresponding man + page: let's switch to pidof as provided by procps-ng. + +- Update to sysvinit 2.97: + * Check $(ROOT) filesystem for libcrypt instead of a hardcoded + path to /usr. + * Code clean-up and making sure we avoid freeing unused memory. + * Added shell script which converts systemd unit files into + init.d style scripts. + * Allow init to load configuration data from files stored in + /etc/inittab.d/ + * Allow shutdown time to be specified in the format +hh:mm. This + is in addition to the existing formats such as hh:mm, +m, and + "now". + * Fixed typos in manual pages. +- Update startpar to 0.65: + + Make sure startpar testsuite can find insserv executable in + /usr/sbin or /sbin. + + Added PREFIX variable to Makefile and testsuite to make + location of startpar and insserv more flexible. +- Rebase sysvinit-2.90.dif. +- Drop SCVER defines: not used in any place. +- Drop startpar-sysmacros.patch: fixed upstream. + +- Update to sysvinit 2.96 + * Added -z command line paramter to pidof which tells pidof to + try to find processes in uninterruptable (D) or zombie (Z) states. + This can cause pidof to hang, but produces a more complete process + list. + * Reformatted init code to make if/while logic more clear. + * Make sure src/Makefile cleans up all executable files + when parent Makefile calls "make clean". + +- Update to killproc 2.23 + * killproc has its upstream at https://github.com/bitstreamout/killproc + * Use new system call statx(2) to replace old stat(2)/lstat(2) +- Remove patches now upstream: + * killproc-2.18-open_flags.dif + * killproc-2.21.dif + * killproc-sysmacros.patch + * killproc-mntinf-optional.patch + +- Remove logsave as well as the manual page as those as part of + package e2fsprogs already + +- Update to sysvinit 2.95 + * new logsave helper +- Update to startpar-0.63 + * move startpar from /sbin to /bin +- Port our patches + * startpar-0.58.dif + * sysvinit-2.88dsf-suse.patch + * sysvinit-2.90-no-kill.patch + * sysvinit-2.90.dif + +- Add patch killproc-mntinf-optional.patch to handle various optional + fields of /proc//mountinfo on the entry/ies before the hypen + (bsc#1131982) + +- Update to sysvinit 2.90 +- Remove now upstream patches + * sysvinit-2.88+dsf-dostat.patch + * sysvinit-2.88+dsf-sulogin.diff + * sysvinit-2.88+dsf.tar.bz2 + * sysvinit-2.88dsf-scripts2.patch +- Port our patches + sysvinit-2.88dsf-no-kill.patch becomes sysvinit-2.90-no-kill.patch + sysvinit-2.88+dsf.dif becomes sysvinit-2.90.dif + +- killproc-sysmacros.patch, startpar-sysmacros.patch: Include + for makedev + +- Use %license instead of %doc [bsc#1082318] + -- For systemd distributions and products do not build the package - sysvinit anymore - -- use systemd-rpm-macros instead of systemd-devel to avoid build - dependency on systemd and it's deps in turn -- don't install mkinitrd stuff on > 131 anymore - -- The former entry adds the patch killproc-2.18-open_flags.dif (bnc#863518) - -- open("/dev/tty", ...) should use O_RDWR, not O_WRONLY. Otherwise, - after dup2(fd, 0);, a process cannot read from stdin. [bnc#863518] - -- Add patch sysvinit-2.88+dsf-xen.patch to enable sulogin to find - suitable console device even if first is not usable (bnc#862078) - -- Add patch sysvinit-2.88+dsf-sulogin.diff from upstream to handle - e.g. strange names of executables in killall5 - -- Split off powerd from sysvinit -- Make powerd work together with systemd -- Modify patch powerd-2.0.2.dif to remove sysvinit features -- Adding the systemd unit file powerd.service - -- Remove usage of absolute paths -- List all needed binaries in programs tag - -- Skip binaries now part of util-linux - -- Add sanity check for /etc/inittab to avoid reload on systemd - systems (bnc#813510) - -- move mkinitrd scripts of blogs to sysvinit-init, it's breaking - systemd/plymouth (bnc#804458) - -- Added patch from Roger Leigh to correct the manual page of startpar - -- Increase daemon detection time in startproc to give started - process the time to daemonize (bnc#757643) - -- Add fix/workaround in blogd for new glibc internal pthread API to - avoid an glibc nptl assert report in bnc#772055 - -- fix deadlock in blogd that happens on shutdown (bnc#730193) - -- Fix parameter turner in fscanf to really detect the file system - type in startproc/checkproc/killproc (bnc#762489) - -- Add two patch from upstream - + Avoid crash for exported environment for processes init spawns -- Fix typo as the script for powerd (bnc#758920) - -- add mingetty to Requires - * remove it as dependency from aaa_base ad it's needed for sysvinit only - -- Add two patch from upstream - + Handle deleted binaries in pidof (was upstream bug #34992) - + Allow init to delte extra environment variables (was upstream - bug #35858) - + Avoid that init double environment variables for its childs - (was upstream bug #35855) - -- Work around dully check script of obs - -- Avoid useless check for runlevel as access(2) now works on - kernel 3.0 and above, this fixes bnc#744538 - -- New killproc-2.21 which includes the last bug fixes as well as - new features like support for ionice with startproc -- New showconsole-1.16 which includes the last bug fixes -- New startpar-0.58 which includes the last bug fixes as well as - the patches from Debian -- Make rpmlint happy - -- Avoid trouble with indirect console names (bnc#731563) -- Unmount proc file system if initial not mounted (bnc#718385) - -- Use pipe to synch parent with child in startproc (bnc#713342) - -- Add option -x to be able to identify scripts overwriting their - command line (bnc#723708) - -- There was never a version 1.16 for showconsole -- Add some code to be able to detect programs even as user with - kernel 3.0 and above (bnc#723072) - -- do not telinit u if /sbin/init is not sysvinit - -- split out the symlink /sbin/init into a special subpackage, - which does _NOT_ do a split provide. systemd-sysvinit will - provide this, so you need to do extra work if you want to stay - on sysvinit - -- remove unused files - -- cross-build fix: use %__cc, %configure macros - -- update to showconsole-1.16 (manual page syntax) - -- Update to killproc-2.20 -- Update to showconsole-1.15 -- Clean spec file - -- added documentation (including mandatory COPYING) -- corrected errors in manual pages -- incorporated showconsole-1.14.dif into showconsole-1.15 - -- libblogger: check for SIGPIPE and block SIGPIPE during write, this - also does help startpar not to die on SIGPIPE (bnc#679671) -- blogd: add a further check for nsigsys in writelog() (bnc#679671) - -- Add workaround for blowfish signedness bug (CVE-2011-2483) - -- Sulogin: respect byte order that is do not mix chars and ints - (bnc#707724) - -- Sulogin: enforce reconnection of stdin/stdout/stderr if a device - was specified. -- Sulogin: if zero is read at reading the passwd guess it's done. - -- Fix build without libcrypt.a (without static glibc), added - patch sysvinit-2.88+dsf-crypt.patch. - -- use /run for utmp as that's already mounted by the initrd - -- Add latest change for sulogin multiple console devices support - -- Aoid possible trouble due raw pts/ptmx terminal line in both - blogd and startpar -- Block SIGTTOU during tcsetattr(3) library call in both blogd - and startpar -- Replace select(2) with pselect(2) in blogd and ensure that - the timeout structure will be reseted after a timeout - -- Correct shutdown messages of startpar send via blogd - -- Avoid possible races which can be happen if blogd sees a signal - and will exit then (related to bnc#642289) - -- Fix exit code of checkproc in case of an existing pid file - without running process (bnc#687547) - -- Fix bug in killproc that is do not stop searching for a match if - a mountpoint does not match, reported by Friedrich Haubensak. - -- Let sulogin respect device on the command line as well as the - standard input -- Let sulogin initialize serial terminals - -- Remove debug code from showconsole/blogd -- Make serial console tc init work even with blogd -- sulogin: add support for multiple console devices - -- New showconsole verion 1.14 - * Use sysfs file as fallback if possible - * Add more sanity checks to avoid looping on tty0 - -- Fix triggered endless loop in blogd (bnc#642289) - * Writing on tty0 caused blogd to re-read its own messages - * The usage of ttyname(3) on /dev/console can fail - -- Update to current SVN version of sysvinit 2.88dsf: - * Fix counting message lines in wall. Patch from Petr Lautrbach. - * Fix bad printf conversion specifier in wall. Patch from Sébastien Luttringer. - * Add patches from Openwall project. Thanks goes to Solar Designer. - * Add code to detect the system consoles with the help of the - new /proc/consoles files of linux kernel 2.6.38+ - * Try to make utmpdump IPv6 valid, change based on suggestion from - Navdeep Bhatia (see local bug #32429) - * Fix signal and alarm handling based on the patch from Florent Viard. - (was local bug #32304) - * Add fix for Redhat bug #573346: last incorrectly displays IPv6 - addresses (was local bug #29497) - * Correct fix for Debian bug #547073: use IUTF8 flag if defined - and if already set to make sure the utf-8 flag is not cleared - from the tty. Patch from Samuel Thibault. - * Include limits.h in killall.c to enforce definition of PATH_MAX - * Fix sysvinit bug #29758 Linker invocation should not contain - headers. Change based on patch from Elias Pipping. - * Add fix for Debian bug #580272: use return value 1 of - is_selinux_enabled() to determine if SELinux is enabled, - otherwise initialize SELinux and load the policy. Patch from - Petter Reinholdtsen. - * Make quotes visible in example of the manual page of fstab-decode - * Add #ifdef in bootlogd.c to avoid gcc warnings about unused - variable on non-linux platforms. - * Only set the VSWTC field for termios in init if it is available, - to get the source building on FreeBSD. - -- startpar: fix location of consoles under /proc -- startpar: ignore errors from system console not being a tty - -- Make blogd work together with kernel from 11.4 even on a - serial system console (bnc#672450) - -- Make option -k for killproc utilities work for normal users even - if the exe link of an own process remains to root (bnc#664941) - -- New killproc version 2.19: bug fix update - -- Support the socket forwarding of systemd (bnc#656104) - -- Make real device comparision in killproc/checkproc to fix bnc#644171 -- Also make ignore mode in checkproc work -- Enhance mkill to work on root fs and ignore kernel threads - -- New killproc version 2.18 - -- Killproc: - * Add new program rvmtab to write out the current content of - /proc/mounts in the reverse mount order determined with the - help of /proc/self/mountinfo - * Use faster pointer list implementation - -- Killproc: Sort mount info pointers in the reverse order of the - directory depth to become the string compare of the readed link - name of the exe link more safely. - -- Killproc: Do not be fooled if a device is mounted several times - -- Change showconsole to use newest /proc/tty/consoles API - -- Add newline after blogger message - -- Fix cast&past error in killproc/checkproc - -- New killproc version 2.17 - * Use /proc/self/mountinfo to avoid system call stat(2) on - running binaries not located on the mount point of the - current handled program - * Avoid to be detect sub (shadow) mounts on NFS mounts -- New showconsole 1.13 -- Correct position of string pointer in NFS struct used in - killall5/pidof - -- libblogger: set O_CLOEXEC for named FIFO /dev/blog (bnc#645793) - -- Add exit code exception for checkproc for the case of a not - installed program, use exit code 4 (bnc#643433) - -- blogd: correct order of setting back termios and termios locks -- startpar: avoid EIO in do_forward if do_forward becomes a - background process -- Make sure that after installation of /sbin/init the init - process does re-execute that is split %post into one for - the tools sub package and one of the main package - -- New showconsole version 1.12 - * Use /proc/tty/consoles if ioctl TIOCGDEV does not exist - * Make pseudo terminal raw as it is not show anything -- New startpar 0.57 - * Set raw pseudo terminals only once - * Set SIGTTIN to default before executing child - * Ignore error on reading termios - -- New showconsole version 1.11 - * Handle more than two console devices - * Speed up used pts/tty pair by enabling raw mode - * Implement termios locking scheme but disable it as it may - interfere with sulogin and others using the old console -- Enabling full raw mode for pty/tty pairs of startpar - -- New startpar version 0.56 - * Handle processes within signal handler - * Make first process loop more readable - * Use pselect(2) to wait on SIGCHLD without using a pipe - -- Fix typo that is use "cmdline" instead of "cmd" (bnc#623766) - -- Enforce killproc to wait even if the SIGTERM has been specified - on the command line. This should avoid the in most cases that - the daemon has not finished its response on SIGTERM, see bug - bnc#623460 and bug bnc#595796. - -- Newer killproc sends only SIGTERM as required by LSB if -TERM is - specified on the command line. Use the default which is SIGTERM - followed by SIGKILL if the timeout of 5 seconds is reached. - -- prereq does not fix bnc#610628, the real problem is the cycle - of sysvinit->sysvinit-tools->mkinitrd <--, which is broken up by - simply ignoring one requirement. If this requirement is the one - between sysvinit->sysvinit-tools, we get in deep trouble. Way - deeper trouble than missing mkinitrd_setup in sysvinit-tools's - %post - -- Use Prereq instead of normal Requires to force an early installation - of sysvinit-tools (bnc#610628) - -- Implemenation of a workaround of missing console messages in - blogd (bnc#593957) - -- Avoid crash due changed common-session-pc (bnc#605681) - -- Add patch from Thomas for moving powerd from using gethostbyname() - to getaddrinfo() -- Add upstream patch for correct using SELinux API - -- Apply sysvinit-2.88dsf-utf8.dif without -p2. -- Fix sysvinit-2.88dsf-utf8.dif (Changelog patch didn't apply). - -- Add URL of upstream location - -- Do not overwrite UTF8 input terminal setting as this may cause - trouble on system consoles forwarded to a foreign serial console - -- Add patch to make last(1) knowing latest IPv6 specs - -- Be LSB compliant with killproc (bnc#595796, bnc#578246) - -- Correct Pre-Requires to reflect package split -- Update to sysvinit (2.88dsf) world; urgency=low - * Mention new home on Savannah in README. - * Revert change from Fedora/RedHat where the now obsolete command - INIT_CMD_CHANGECONS was introduced. Based on feedback and patch - from Bill Nottingham. - * Adjust makefile to make sure the install directories are created - before files are copied into them. - * Simplify build rules, based on patch from Mike Frysinger and Gentoo. - * Fix minor bug in optimizing of argument parsing. Based on - report from jakemus on freshmeat. - * Add casts to get rid of compiler warning about signed/unsigned issues. - * Change tty handling in init to make sure the UTF-8 flag is not cleared - on boot. Patch from Samuel Thibault. - * Add Makefile in toplevel directory. - * Print usage information when shutdown is used by non-root user. - Patch from Mike Frysinger and Gentoo. - * Sync shutdown manual page and usage information. Patch from Mike - Frysinger and Gentoo. - * Fix race condition in utmp writing. Patch from Gil Kloepfer via - Mike Frysinger and Gentoo. - * Rewrite findtty() in bootlogd to recursively search /dev/ for the - correct device, to handle terminal devices for example in /dev/pty/. - Patch from Debian. - * Make sure bootlogd findpty() returns an error value when it fails to - find a usable pty. Patch from Rob Leslie via Debian. - * Make sure bootlogd fflush() every line, even if asked not to flush - to disk using fdatasync(). Patch from Scott Gifford via Debian. - * Add compatibility code to handle old path "/etc/powerstatus" for a - while. - * Incude definition for MNT_DETACH which is missing in older GNU libc - headers. - * Do not strip binaries before installing them, to make it easier to - get binaries with debug information installed. - * Add the comment from Andrea Arcangeli about the correct - place of setting the default childhandler within spawn(). - * Make sure that newline is printed out for last(1) even - if an utmp record entry is truncated. - * Check if utmp not only exists but also is writable and delay - writing out of the utmp runlevel record if utmp is not writable. - * Be able to find libcrypt also on 64 bit based architectures. - * Add option -w to the last command to display the full user and - domain names in the output. Patch from Petr Lautrbach. - * Add a manual page for utmpdump as this tool is sometimes - very useful even if not intended for normal use. - * Use paths.h macros for wall - * Change path "/etc/powerstatus" to "/var/run/powerstatus" - * Detected also removable block devices at halt/reboot to be able - to flush data and send them the ATA standby command. This should - avoid data loss on USB sticks and other removable block devices. - * Flush block devices on halt/reboot if not done by the kernel. - * Set SHELL to /bin/sh in the environmant of shutdown. - * Retry to write out shutdown messages if interrupted. - * pidof/killall5 - make omit pid list a dynamic one. - * pidof - provide '-n' to skip stat(2) syscall on network based FS. - * init - avoid compiler warnings - * init - initialize console by using the macros from ttydefaults.h - * init - add the possiblity to ignore further interrupts from keyboard - * init - add the possiblity to set sane terminal line settings - * sulogin - add the possibility to reset the terminal io - * Fix some minor problems - * init - enable is_selinux_enabled() to detect selinuxfs - * Add fix for Debian bug #536574 -- Can be enabled by -DACCTON_OFF - * Add helper program fstab-decode to make it easier to handle - /etc/mtab content. Patch by Miloslav Trmac and Fedora. - * Add fix for Debian bug #335023 - Make sure TERM is set on FreeBSD. - * Add fix for Debian bug #374038 - Make it clear that shutdown -c can - only cancel a waiting shutdown, not an active one. - * Add note to pidof manual page about the use of readlink(2). Patch by - Bill Nottingham and Fedora. - * Add PAM patch contrib/notify-pam-dead.patch based on Debian bug - [#68621], which will add PAM support for programs spawned by init on - the console like sulogin. Based on patch by Topi Miettinen. This - patch is not applied by default yet while we review its - usefullness. It is only helpful for session handling, as sulogin - do not use and will not use a PAM conv() function. The current - sulogin is able to handle DES as well as MD5, SHA, and Blowfish - encrypted passwords due using getpwnam(3). - * Move utmp/wtmp before the execvp() in spawn() to be sure to - use the correct pid even on a controlling tty - * Remaining problem is that the pid of the second fork() for - getting a controlling tty isn't that reported by spawn() - * Re-enable writting utmp/wtmp for boot scripts - * Extend sulogin to support additional encryption algorithms - * Re-enable maintenance message of sulogin - * Enable the sulogin fallback password check to handle MD5, SHA, and - Blowfish encrypted passwords in case of getpwnam(3) fails. - * sulogin picking the SELinux context was broken. Patch by Daniel Walsh - -- Start the service sshd as early as possible (bnc#594223) - -- Test out sysvinit (2.88dsf) UNRELEASED; urgency=low -- Update to sysvinit (2.87dsf) world; urgency=low - * Document -e and -t options for telinit in init(8). - * Document in halt(8) that -n might not disable all syncing. - Patch by Bill Nottingham and Fedora - * Adjust output from "last -x". In reboot lines, print endpoint - of uptime too. In shutdown lines print downtimes rather than - the time between downs. Fix typo in string compare in last.c. - Patch by Thomas Hood. - * Improve handling of IPv6 addresses in last. Patch from Fedora. - * Add new option -F to last, to output full date string instead - of the short form provided by default. Patch from Olaf Dabrunz - and SuSe. - * Fix utmp/wtmp updating on 64-bit platforms. Patch by Bill - Nottingham and Fedora. - * Avoid unchecked return value from malloc() in utmpdump. - Patch from Christian 'Dr. Disk' Hechelmann and Fedora. - * Make sure to use execle and no execl when passing environment to - the new process. Patch from RedHat. - * Correct init to make sure the waiting status is preserved across - re-exec. Patch from RedHat. - * Correct init to avoid race condition when starting programs during - boot. Patch from SuSe. - * Allow 'telinit u' in runlevels 0 and 6. Patch from Thomas Hood. - * Improve error message from init if fork() fail. Patch found in Suse. - * Add support for SE Linux capability handling. Patch from Manoj - Srivastava, adjusted to avoid aborting if SE policy was loaded in - the initrd with patch from Bill Nottingham and Fedora. - * Add -c option to pidof for only matching processes with the same - process root. Ignore -c when not running as root. Patch from - Thomas Woerner and Fedora. - * Add usleep in killall5 after killing processes, to force the kernel - to reschedule. Patch from SuSe. - * Modify pidof to not print empty line if no pid was found. - * Modify init and sulogin to fix emergency mode's tty, making sure ^C - and ^Z work when booting with 'emergency' kernel option. Patch from - Samuel Thibault. - * Modify init to allow some time for failed opens to resolve themselves. - Patch from Bill Nottingham and Fedora. - * Modify init to shut down IDE, SCSI and SATA disks properly. Patches - from Sebastian Reichelt, Werner Fink and SuSe. - * Modify wall to use UT_LINESIZE from instead of hardcoded - string lengths. Patch from SuSe. - * Change wall to make halt include hostname in output. - * Change killall to avoid killing init by mistake. Patch from SuSe. - * Change killall5 to use the exit value to report if it found any - processes to kill. Patch from Debian. - * Add option -o opmitpid to killall5, to make it possible to skip - some pids during shutdown. Based on patch from Colin Watson and - Ubuntu. - * Modify killall to work better with user space file system, by - changing cwd to /proc when stopping and killing processes, and - avoiding stat() when the value isn't used. Also, lock process - pages in memory to avoid paging when user processes are stopped. - Patch from Debian and Goswin von Brederlow with changes by Kel - Modderman. - * Change shutdown to only accept flags -H and -P with the -h flag, - and document this requirement in the manual page. - * Change reboot/halt to work properly when used as a login shell. - Patch by Dale R. Worley and Fedora. - * Let sulogin fall back to the staticly linked /bin/sash if both roots - shell and /bin/sh fail to execute. - -- provide sbin_init (so external packages can require either sysvinit - or upstart) - -- Split out tools not specific to System V into a tool subpackage - to support alternative init implementations (fate#305690) - -- Add a manual page for utmpdump (bnc#576967) - -- Remove start-stop-daemon binary (bnc#568950) - -- Write pid file if /var is mounted rw (bnc#565620) - -- enable parallel building - -- The same procedure for killproc.c its self (caused by bnc#559534) - -- Add missed line to startproc.c and also make manual page more - clear how startproc works (caused by bnc#559534) - -- refresh all patches with fuzz=0 - -- fixed killproc-2.16.dif. - -- killall5: do not kill /sbin/mdmon (fate#306823). - -- Avoid message on terminated process during reading its /proc files - -- Make killproc utils more stable in case that during read(2) a proc - file the corresponding process has already terminated (bnc#542717) - -- Make a new showconsole version 1.10 - * Add time stamps to blogger API (fate #305596) - * Add newline before writing out blogger fifo content -- Make a new startpar version 0.52 - * Use blogd API (fate #305596) -- Make a new killproc version 2.16 - -- Do not loop around in the forwarder of startpar - -- Add patch from Olaf Kirch to avoid using mutex locking for every - character (from Moblin:Factory) - -- Start boot scripts with their symlinks name - -- Increase hash size for runtime linker of often used tools - -- Make it build - -- Reorder last patch in spec file - -- link /sbin/init dynamically, tested in 11.1, also - all other distros work just fine this way. - -- Blogd: shorten minimal timeout at the end and hold all pages - in physical RAM - -- For usleep(8) use nanosleep(2) instead of obsolete usleep(3) - -- mkill: Do not remove all pid's from list for one fuse process - -- Disable blogd on fastboot or quiet boot - -- Make initrd script for blogd depend on initrd script clock - -- Update to killproc 2.15 - * New option -w for making startproc waiting on daemons parent - process (bnc#489473, bnc#482096 comment#21 ff) - * New option -W for making startproc waiting on files created - by the daemon (bnc#482096 comment#24 ff) -- Merge changes for preload code of startpar into one patch -- nfs4pidof: avoid nfs code for process which are on shadow mounts - points of NFS mounts - -- exec one more time so that the preload part does not appear - under the name of the init script in bootcharts - -- fix the preload functionality in telling the parent process through - SIGUSR1 and SIGUSR2 about preload's presence - -- mkill: avoid signaling process which are on shadow mounts points - that is e.g. processes on /dev/pts while running mkill on /dev - -- Do not overwrite SUSE define - -- startpar: fix file descriptor leak (bnc#485112) - -- nfs4pidof: make sure not to stumble on short named mount points - to avoid to terminate processes on wrong mount points - -- mkill: make sure not to stumble on short named mount points to - avoid to terminate processes on wrong mount points (bnc#466484) - -- Add patch from Debian people to startpar and mode to version 0.53 - -- Update to killproc 2.14 to include most of our patches and to - use openat(2), readlinkat(2), and opendirat(2) system calls. -- Remove /dev/initctl from file list, do not create blogd pipe - /dev/blogd (bnc#475580) - tar +- security update +- added patches + fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c + + tar-CVE-2021-20193.patch + -- Improve on RPM group classification - -- GNU tar 1.28: - * New --checkpoint-action=totals - * Extended checkpoint format specification - * New option --one-top-level - * New option --sort - * New exclusion options: - - -exclude-ignore=FILE - - -exclude-ignore-recursive=FILE - - -exclude-vcs-ignores - * refuses to read input from and write output to a tty -- packaging changes: - * adjust patch for context change: add_readme-tests.patch - * remove patch applied upstream: - tar-fix_eternal_loop_in_handle_option.patch - -- don't print lone zero blocks warning (bnc#881863) - * there are many tar implementations around that create invalid - archives with a zero block in the middle - * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=235820 - * added tar-ignore_lone_zero_blocks.patch from Fedora - -- fix an infinite loop in handle_option (bnc#867919 and bnc#870422) - * added tar-fix_eternal_loop_in_handle_option.patch - -- add tests subpackage. - * It is the same testsuite that is run during make check. - * It is now possible to run it in real system to verify that - nothing is broken by incompatible libraries, etc. -- add add_readme-tests.patch: README for testsuite - -- update to 1.27.1 - * Fix unquoting of file names obtained via the -T option. - * Fix GNU long link header timestamp (backward compatibility). - * Fix extracting sparse members from star archives. - -- update to 1.27 -- bug fixes: - * PAX-format sparse archive files no longer restricted to 8 GiB. - * adjust diagnostics and output to GNU coding -- new features: - * The --owner and --group options now accept numeric IDs - * restore traditional functionality of --keep-old-files and - - -skip-old-files, treat existing file as errors for the former - * --warning=existing-file gives verbose notice for this - * Support for POSIX ACLs, extended attributes and SELinux context - - -xattrs, --acls and --selinux and their `--no-' counterparts - - -xattrs-include and --xattrs-exclude allows selective control - * Any option taking a command name as its argument now accepts a - full command line as well: - - -checkpoint-action=exec - - I, --use-compress-program - - F, --info-script - - -to-command - * environment variables supplied to such commands can now be used - in the command line itself - * New warning control option --warning=[no-]record-size controls - display of actual record size, if it differs from the default - * New command line option --keep-directory-symlink to disable - default behaviour that unlinks exising symbolic link for an - extracted directory of the corresponding name -- packaging changes: - * drop tar-1.26-stdio.in.patch, committed upstream - * drop config-guess-sub-update.patch, newer version in upstream - * verify source signature - -- added fix for paxutils rtapelib which is bundled with tar. - the very same fix was added to cpio too (bnc#658031) - * paxutils-rtapelib_mtget.patch - -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Add config-guess-sub-update.patch: - Update config.guess/sub for aarch64 - -- Fix build failure with undefined gets (glibc 2.16). - -- avoid automake dependency - -- disable 'runtime checks' in m4/*.m4 that override - system calls with custom implementations to workaround - very old kernel/libc bugs (dating 2003-2009) - we do not ship those buggy components nowdays. - -- Switch to default archive type to POSIX.1-2001, which is ten years - old and has no limits on filesize,filename length etc. - -- tar-1.26-remove_O_NONBLOCK.patch: - don't use O_NONBLOCK as a flag for read, - when file is offline, read with O_NONBLOCK returns EAGAIN, - but tar doesn't handle it - (bnc#737331) - -- disable testsuite on qemu build - -- minor portability fixes - -- spec cleaner, avoid some deprecated macros -- fix non-utf8-spec-file -- fix macro-in-comment -- enable make check -- remove upstream-fixed/obsolete patches (fortifysourcessigabrt, - disable-listed02-test, disable_languages) -- call help2man inside specfile instead of paching tar's build chain - -- update to tar-1.26 - * Fix the --verify option, which broke in version 1.24. - * Fix storing long sparse file names in PAX archives. - * Fix correctness of --atime-preserve=replace - * tar --atime-preserve=replace no longer tries to restore atime of - zero-sized files. - * Fix bug with --one-file-system --listed-incremental - -- fix tar-backup-scripts (bnc#654199) -- add tar-backup-spec-fix-paths.patch -- cleanup spec - -- update to tar-1.25 - * Fix extraction of empty directories with the -C option in effect. - * Fix extraction of device nodes. - * Make sure name matching occurs before eventual name transformation. - * Fix the behavior of tar -x --overwrite on hosts lacking O_NOFOLLOW. - * Support alternative decompression programs. -- update to tar-1.24 - * The new --full-time option instructs tar to output file - time stamps to the full resolution. - * More reliable directory traversal when creating archives - * When extracting symbolic links, tar now restores attributes - such as last-modified time and link permissions, if the - operating system supports this. - * The --dereference (-h) option now applies to files that are - copied into or out of archives, independently of other options. - * When receiving SIGPIPE, tar would exit with error status and - "write error" diagnostics. -- disable-silent-rules -- updated tar-fortifysourcessigabrt.patch - -- use %_smp_mflags - -- updated to version 1.23 - * Improved record size autodetection - * Use of lseek on seekable archives - * New command line option --warning - * New command line option --level - * Improved behavior if some files were removed during incremental dumps - * Modification times of PAX extended headers - * Time references in the --pax-option argument - * Augmented environment of the --to-command script - * Fix handling of hard link targets by -c --transform - * Fix hard links recognition with -c --remove-files - * Fix restoring files from backup (debian bug #508199) - * Correctly restore modes and permissions on existing directories - * The --remove-files option removes files only if they were succesfully stored in the archive - * Fix storing and listing of the volume labels in POSIX format - * Improve algorithm for splitting long file names (ustar format) - * Fix possible memory overflow in the rmt client code (CVE-2010-0624) -- deprecated heap_overflow_in_rtapelib.patch - -- added heap_overflow_in_rtapelib.patch fix possible heap overflow in - rtapelib.c (bnc#579475) - -- updated to version 1.22 - * Support for xz compression (--xz option) - * Short option -J is reassigned as a shortcut for --xz - * The option -I is a shortcut for --use-compress-program - * The --no-recursive option works with --incremental -- deprecated recognize_xz.patch -- created tar-backup-scripts subpackage (bnc#574688) - -- enable parallel building - -- fixed FORTIFY_SOURCE=2 issue with gcc 4.5. - -- recommend not require language subpackage - -- Recognize .xz as lzma archive. - tcl +- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc. + tk +- bsc#1181840: Same fix as for tkConfig.sh is needed for tk.pc. + -- tkcon requires xhost (bnc#846953) - util-linux +- ipcs: Avoid overflows (bsc#1178236, + util-linux-ipcs-shmall-overflow-1.patch, + util-linux-ipcs-shmall-overflow-2.patch). + util-linux-systemd +- ipcs: Avoid overflows (bsc#1178236, + util-linux-ipcs-shmall-overflow-1.patch, + util-linux-ipcs-shmall-overflow-2.patch). + vim +- install suse vimrc in /usr (boo#1182324, vim-8.0.1568-globalvimrc.patch) + +- source correct suse.vimrc file (boo#1182324) + - doesn't leave not owned directories (boo#1173256) + doesn't leave not owned directories (boo#1173256). - build against Tumbleweed repo + build against Tumbleweed repo. webkit2gtk3 +- Update to version 2.30.5 (boo#1182286): + + Bring back the WebKitPluginProcess installation that was + removed by mistake. + + Fix RunLoop objects leaked in worker threads. + + Fix aarch64 llint build with JIT disabled. + + Use Internet Explorer quirk for Google Docs. + + Security fixes: CVE-2020-13558. +- Drop gir-multilib.patch: fixed upstream. + +- Add gir-multilib.patch: Fix multilib conflict in gir files. +- Disable gold linker for ppc64le + +- Add webkit-font-scaling.patch: Fix system font scaling not + applied to 'font-size: XXXpt'; patch taken from upstream and + rebased to apply cleanly + (https://bugs.webkit.org/show_bug.cgi?id=218450). +- Pass `-q` to setup to disable printing long list of files + extracted from source tarball. + +- Update to version 2.30.4: + + Fix text data sent with WebSockets when using libsoup < 2.68. + + Fix the rendering on Raspberry Pi 3 using the proprietary video + driver. + + Fix clipping of descedant layers of a mask layer. + + Fix the build with ICU 68.1. +- Drop upstream merged patch: + + 0001-ICU-68.1-no-longer-exposes-FALSE-and-TRUE-macros-by-.patch + wicked +- dhcp4: discover on reboot timeout after start-delay (bsc#1181812) + [+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch] +- dhcp6: request nis options on sle15 by default (bsc#1181812) + [+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch] + wpa_supplicant +- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability + (bsc#1182805) + xdg-desktop-portal -- Ensure systemd rpm macros are called at install/uninstall times - for systemd user services. -- Add BuildRequires on systemd-rpm-macros. - -- Update to version 1.8.0: - + openuri: - - Allow skipping the chooser for more URL tyles - - Robustness fixes - + filechooser: Return the current filter - + camera: - - Make the client node visible - - Don't leak pipewire proxy - + Fix file descriptor leaks - + Testsuite improvements - + Updated translations. -- Changes from version 1.7.2: - + document: - - Reduce the use of open fds - - Add more tests and fix issues they found - + Fix the build with musl. -- Changes from version 1.7.1: - + filechooser: - - Add a "directory" option - - Document the "writable" option - + document: Expose directories with their proper name -- Changes from version 1.7.0: - + testsuite improvements - + background: Avoid a segfault - + screencast: Require pipewire 0.3 - + document: - - Support exporting directories - - New fuse implementation - + Better support for snap and toolbox - + Updated translations. -- Drop patches fixed upstream: - + xdg-dp-port-pipewire-3-api.patch - + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch - + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch - + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch - -- Require /usr/bin/fusermount: xdg-document-portal calls out to the - binary. Without it, files or dirs can be selected, but - whatever is done with or in them, will not have any effect - (boo#1175899). - -- Fixes for %_libexecdir changing to /usr/libexec - xdg-desktop-portal-gtk -- Update to version 1.8.0: - + filechooser: Return the current filter - + screenshot: Fix cancellation - + appchooser: Avoid a crash - + wallpaper: - - Properly preview placement settings - - Drop the lockscreen option - + printing: Improve the notification - + Updated translations. -- Changes from version 1.7.1: - + filechooser: - - Handle the "directory" option to select directories - - Only show preview when we have an image - + Updated translations. -- Changes from version 1.7.0: - + screencast: Support mutter version 3 - + settings: Fall back to gsettings for enable-animations - + Updated translations. -- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream. - -- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump - supported Mutter version to 3 (New pipewire api ver 3). - xdm +- display-manager.service: fixed path of PIDFile (bsc#1183698) + -- Use the option (--)enable-ssh-support of the gpg-agent if the - user has configured this (boo#899647) - -- sysconfig.displaymanager/DM list: added lightdm,sddm; removed - kdm3,kdm4 (bnc#898876) - -- replaced 'Also=' by 'Alias=' in display-manager.service - (bnc#890413) -- make sure not to restart DM on package update; remove confusing - comment about no longer existing %%stop_on_removal, - %restart_on_update macros from specfile (bnc#886641) - -- udpate to release 1.1.11 -- refreshed xdm-tolerant-hostname-changes.diff, xdm-consolekit.diff -- supersedes the following patches: - U_xdm_config-AC_LIBTOOL_DLOPEN-is-required-for-dynamic-lin.patch, - U_xdm_Fix-missing-linking-dependency-on-ldl.patch, - U_xdm_config-use-libtool-export-dynamic-option-for-reverse.patch - -- Use KillMode=process for systemd service, this ensures Xorg won't - receive SIGKILL while switching to runlevel 3 [bnc#871808]. -- Add "Also=xdm.service" to display-manager.service to better - handle migration. - -- added necessary macros for systemd files - -- Don't run dbus-launch if the socket /run/user//bus exists, since - this means that dbus is already handled by systemd - -- just don't "package" pid file. It's called xdm.pid, so it's pretty - obvious what package it is from -- take the pid file out of the xdm.tar - -- DISPLAYMANAGER_STARTS_XSERVER needs to be set to "no" on s390x - and ppc64le (bnc#869267) - -- Move forward to systemd, that is use a real service unit file (bnc#869260) - -- Add support for in-line environment variable settings - Handling case like: - Exec=env GNOME_SHELL_SESSION_MODE=classic gnome --session gnome-classic - For now, this is only needed to fix session management issue as in bnc#863709. - -- fix two array iteration bug in etc/X11/xdm/Xsession (xdm.tar.bz2) - 1. "${#argv[@]}" is just the size of the array instead of all the elements, - i.e. "${argv[@]}", no sharp "#" sign. - 2. index of array starting from 0, so "argc" should be increased at the end - of iteration loop. (bnc#866874) - -- /etc/X11/xdm/keytable: make use of systemd's localectl to - generate Xserver's configuration snippet for keyboard layout; - rely on systemd's kbd --> X keyboard mapping; the old mapping - table originating from SaX2 is no longer being used (bnc#861819) - -- Change the default /etc/X11/xdm/Xsession, (fate#316129) - don't save standard output information to ~/.xsession-errors - Modify the xdm.tar.bz2 - -- /etc/X11/xdm/RunChooser calls pidof, so require it - -- don't set twm as hardcoded default if DEFAULT_WM is empty, rely on - the detection in xinitrc.common instead - -- removed u_xdm-sig11-bug-598422.diff - * problem has been resolved differently - -- Added support for qiv in /etc/X11/xdm/Xsetup - -- fixed typo in /etc/X11/xdm/Xsetup - -- fixed loading of .xkb files (bnc#840408) - -- adjusted u_xdm-sig11-bug-598422.diff for openSUSE 12.2 build - (which still applies xdm-consolekit.diff) - -- u_xdm-sig11-bug-598422.diff - * fix Sig11 in xdm when pressing Ctr-c (bnc#598422, bnc#831870) - -- Add some GNOME specifiv magics to Xsession to allow that ~/.i18n - is always sourced (bnc#567324) - -- Some shells do not know about HOSTNAME variable and print error - messages therefore export this variable -- Make check for dbus smart, that is check if threre is already - an active session and use this if possible -- Be aware that one user may use several X sessions in parallel - on the same system as well as on several systems with HOME on - an NFS based share. That is do not override ~/.xsession-errors - -- do not use '-k' option for checkproc for ssh-agent since - /proc//exe link is apparently not readable by the user - used for that program (bnc#812783) - -- Add systemd-user-sessions to xdm initscript X-Should-Start, to - ensure user login is available when xdm is started. - -- /etc/X11/xdm/SuSEconfig.xdm: copied required function from old - /lib/YaST/SuSEconfig.functions, which no longer exists since - openSUSE 12.3 (bnc#806738) - -- /etc/X11/xdm/Keyboard.map: - * added missing mac-dvorak entry (bnc#796170) - -- Be aware the mktemp(1) without XXXXXX will do exactly nothing, - therefore use mv(1) which uses rename(2) on the same file system - to use the files created by mktemp(1) to the log output file - -- Add display-manager as provides to xdm initscript, to comply with - systemd defaults. - -- Added a switch to enable building against systemd-logind and - to remove the dependency on ConsoleKit -- Enabled the systemd switch already for Factory - -- Make failsafe work after a failed exec bash builtin -- Add dbus-launch and ck-launch-session to final session command - line for case of using xdm - -- add dependency on xtrans, otherwise TCP is not supported for - xdmcp (bnc#780122) - -- separate *.fallback displaymanager files from xdm.tar.bz2 into - xdm-fallbacks.tar.bz2 and build only suse version < 1210. - (bnc#714003) - -- /etc/init.d/xdm: add plymouth_quit function, use it in xdm - displaymanager file (bnc#775548) - -- /etc/init.d/xdm: overwrite displaymanager's PIDFILE symlink if - neccessary (bnc#774555) - -- avoid plymouth quit for kdm and gdm (bnc#762909) - -- remove --retain-splash option from plymouth quit (bnc#769209) - -- /etc/init.d/xdm - * quit plymouth properly before starting displaymanager - (bnc#769209) - -- Skip LANG argument from command line of session managers (bnc#661946) - -- /etc/pam.d/xdm-np: add session require to pam_loginuid.so in - order to fix running commands via sudo (bnc #746704) - -- Split xdm from xorg-x11. Initial version: 1.1.10. - xorg-x11-server +- U_modesetting-Fix-broken-manpage-in-autoconf-build.patch + * modesetting: Fix broken manpage in autoconf build (boo#1182510) + +- add U_hw_do-not-include-sys-io-with-glibc.patch (bsc#1182884) + yast2 +- Add a AbstractWidget#displayed? to determine whether + a widget is in the UI (bsc#1184115). +- 4.3.60 + yast2-firewall +- Do not display "No widget..." error messages when opening + a firewall zone widget (bsc#1184115). +- 4.3.11 + yast2-firstboot +- Revert adding starting YaST2 Control Center after first boot as + it does not have production quality and just confuse users + (bsc#1180266) +- 4.3.11 + yast2-installation +- Expert console: fixed "shell" command + - Run X terminal in GUI instead of "dash" (related to the previous + fix for job control error messages bsc#1183648) + - Override TERM to "vt100" when running in fbiterm, + a workaround for frozen vim (bsc#1183652) +- 4.3.36 + yast2-network +- Write DNS servers to NetworkManager connection files when using + a static configuration (bsc#1181701). +- 4.3.64 + +- Use the ESSID to name the NetworkManager configuration files + for wireless networks (bsc#1183733). +- 4.3.63 + +- AutoYaST: Write NetworkManager configuration according to the + profile (bsc#1181701) +- 4.3.62 + yast2-packager +- Revert copying the libzypp cache to the target system and + replacing it by a symlink, it is not safe and it can + cause crash (segfault) in some cases (bsc#1183711) +- 4.3.21 + +- Do not create zypp cache symlink when running in installed + system, it would create /var/cache/zypp -> /var/cache/zypp + loop (bsc#1183683) +- Remove the "Software Repositories" button from the YaST console, + users can easily break the installer with it. Added + "configure_repositories" command to the command line interface + for experts (bsc#1183687) +- 4.3.20 + yast2-schema +- Add the 'mkfs_options' element to the 'partition' section + (bsc#1184268). +- 4.3.22 + yast2-storage-ng +- Avoid to call private methods over self because it raises an + exception with ruby < 2.7 (related to bsc#1180723). +- 4.3.50 + +- Round-down the number of physical extends according to the + stripes of the logical volume (bsc#1180723). +- Add extra validations when creating a striped volume and when + editing the physical volumes. +- 4.3.49 + yast2-trans -- Update to version 84.87.20210314.90853260a8: - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Italian) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * New POT for text domain 'network'. - * New POT for text domain 'add-on'. - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Catalan) - * Translated using Weblate (Japanese) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Czech) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) - * Translated using Weblate (Japanese) +- Update to version 84.87.20210411.9a07deafea: + * Translated using Weblate (French) + * New POT for text domain 'installation'. + * New POT for text domain 'autoinst'. + * Translated using Weblate (Portuguese) + * Translated using Weblate (Hindi) + * New POT for text domain 'autoinst'. + * New POT for text domain 'network'. + * New POT for text domain 'users'. + +- Update to version 84.87.20210402.ed8ff6d0a2: + * New POT for text domain 'users'. + * New POT for text domain 'samba-client'. + * New POT for text domain 'autoinst'. - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Slovak) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Portuguese (Brazil)) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * Translated using Weblate (Dutch) - * New POT for text domain 'storage'. - * New POT for text domain 'country'. - * New POT for text domain 'bootloader'. - * Translated using Weblate (Spanish) - * Translated using Weblate (Japanese) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) - * Translated using Weblate (Finnish) - * Translated using Weblate (Croatian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * New POT for text domain 'packager'. - * New POT for text domain 'base'. - * New POT for text domain 'packager'. - * New POT for text domain 'base'. + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Slovak) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) - * Translated using Weblate (Hindi) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (German) - * Translated using Weblate (Italian) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Portuguese) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (French) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Japanese) + * New POT for text domain 'storage'. + * New POT for text domain 'firstboot'. + * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (German) - * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Spanish) - * Translated using Weblate (Finnish) - * Translated using Weblate (Portuguese (Portugal)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Fixed string interpolations + +- Update to version 84.87.20210327.c94c0a6cbe: + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'control'. + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Galician) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Portuguese) - * Translated using Weblate (German) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) - * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Turkish) - * Translated using Weblate (Spanish) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Italian) - * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Finnish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Catalan) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + +- Update to version 84.87.20210321.8a6c5507f2: + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) - * Translated using Weblate (German) - * Translated using Weblate (Spanish) - * Translated using Weblate (French) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) - * Added translation using Weblate (Sinhala) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * New POT for text domain 'packager'. - * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * New POT for text domain 'security'. - * Translated using Weblate (Russian) - * Translated using Weblate (Finnish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Italian) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'autoinst'. + * Translated using Weblate (Slovak) + +- Update to version 84.87.20210314.90853260a8: + * New POT for text domain 'add-on'. + * New POT for text domain 'base'. + * New POT for text domain 'bootloader'. + * New POT for text domain 'country'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * New POT for text domain 'packager'. + * New POT for text domain 'storage'. + * Added translation using Weblate (Sinhala) + * Translated using Weblate (Catalan) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Croatian) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Finnish) + * Translated using Weblate (French) + * Translated using Weblate (Galician) + * Translated using Weblate (German) + * Translated using Weblate (Hindi) + * Translated using Weblate (Italian) + * Translated using Weblate (Japanese) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Portugal)) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Russian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Spanish) + * Translated using Weblate (Turkish) zlib -- Add patch to fix compression level switching - bsc#1175811 bsc#1175830 bsc#1175831 - * zlib-compression-switching.patch - -- Set -DDFLTCC_LEVEL_MASK=0x7e on s390/s390x jsc#13776 - -- Permit a deflateParams() parameter change as soon as possible(bsc#1174736) - * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch - Fix DFLTCC not flushing EOBS when creating raw streams(bsc#1174551) - * bsc1174551-fxi-imcomplete-raw-streams.patch - -- Update 410.patch to contain latest fixes from IBM bsc#1166260 - * The build behaviour changed - -- Update the zlib-no-version-check.patch to be even more forgiving - with the versions on the zlib to allow updates without rebuilds - -- Add SUSE specific patch to fix bsc#1138793, we simply don't want - to test if the app was linked with exactly same version of zlib - like the one that is present on the runtime: - * zlib-no-version-check.patch - -- Update the s390 patchset bsc#1137624: - * 410.patch - -- Tweak zlib-power8-fate325307.patch to have type of crc32_vpmsum - conform to usage - bsc#1141059 - -- Use FAT LTO objects in order to provide proper static library. - -- Do not enable the previous patchset on s390 but just s390x - bsc#1137624 - -- Add patchset for s390 improvements jsc#SLE-5807 bsc#1136717: - * 410.patch - -- Try to safely abort if we get NULL ptr bsc#1110304 bsc#1129576: - * zlib-power8-fate325307.patch - -- Add patch for fate#325307 zlib speedup on power8: - * zlib-power8-fate325307.patch - -- Add patch to safeguard against negative values in uInt bsc#1071321: - * 0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch - -- Added 32bit minizip support - -- Add gpg signature -- Re-enable profiling - -- Add s390 performance patch (fate#314093): - * zlib-1.2.11-optimized-s390.patch - -- baselibs.conf: add missing dependencies - -- Update to version 1.2.11: - * Fix deflate stored bug when pulling last block from window - * Permit immediate deflateParams changes before any deflate input - -- Update to version 1.2.10: - * Avoid warnings on snprintf() return value - * Fix bug in deflate_stored() for zero-length input - * Fix bug in gzwrite.c that produced corrupt gzip files - * Remove files to be installed before copying them in Makefile.in - * Add warnings when compiling with assembler code - -- Update to version 1.2.9: - * Improve compress() and uncompress() to support large lengths - * Allow building zlib outside of the source directory - * Fix bug when level 0 used with Z_HUFFMAN or Z_RLE - * Fix bugs in creating a very large gzip header - * Add uncompress2() function, which returns the input size used - * Dramatically speed up deflation for level 0 (storing) - * Add gzfread() and gzfwrite(), duplicating the interfaces of fread() and fwrite() - * Add crc32_z() and adler32_z() functions with size_t lengths - * Many portability improvements -- Drop patches included in upstream: - * zlib-bnc1003577.patch - * zlib-bnc1003579-part2.patch - * zlib-bnc1003579.patch - * zlib-bnc1003580.patch - * zlib-bnc1013882.patch -- Drop zlib-1.2.7-improve-longest_match-performance.patch - * not accepted by upstream for two releases - * rebasing no longer possible - -- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577 bnc#1013882: - * zlib-bnc1003577.patch - * zlib-bnc1003579-part2.patch - * zlib-bnc1003579.patch - * zlib-bnc1003580.patch refreshed - * zlib-bnc1013882.patch CVE-2016-9843 - -- Trim descriptions to fit target audience. Update RPM group - classification. - -- Require zlib-devel in zlib-devel-static to fix previous change - -- Bring back zlib-devel-static. Needed by binutils - -- Remove zlib-devel-static, nothing should use libz.a anyway. -- Package minizip library, everything using it should now pull - minizip-devel and unbundle it bnc#935864 - zstd +- Add 0001-PATCH-Use-umask-to-Constrain-Created-File-Permission.patch + fixing (CVE-2021-24031, bsc#1183371) and (CVE-2021-24032, bsc#1183370). + Use umask() to constrain created file permission. +