Packages changed: audit (2.8.5 -> 3.0.2) audit-secondary (2.8.5 -> 3.0.2) ceph chrony dracut (053+suse.93.g039ac07d -> 055+suse.106.g760b0c69) e2fsprogs haproxy (2.4.0+git0.6cbbecf09 -> 2.4.1+git0.1ce7d4925) helm (3.6.0 -> 3.6.1) kernel-source (5.12.12 -> 5.12.13) less (586 -> 590) libconfig (1.7.2 -> 1.7.3) mozjs78 (78.8.0 -> 78.11.0) ncurses (6.2.20210515 -> 6.2.20210612) open-vm-tools (11.2.5 -> 11.3.0) openssh pam patterns-base python-pytz python38 python38-core shim sqlite3 (3.35.5 -> 3.36.0) system-users systemd (246.13 -> 248.3) sysuser-tools (3.0 -> 3.1) yast2 (4.4.9 -> 4.4.14) zchunk (1.1.14 -> 1.1.16) === Details === ==== audit ==== Version update (2.8.5 -> 3.0.2) Subpackages: libaudit1 libauparse0 - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomá? Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Remove audit-fno-common.patch: fixed in upstream - Remove audit-python3.patch: fixed in upstream ==== audit-secondary ==== Version update (2.8.5 -> 3.0.2) Subpackages: audit python3-audit system-group-audit - Adjust audit.spec and audit-secondary.spec to support new version - Include fix for libev * add libev-werror.patch - Update to version 3.0.2 - In audispd-statsd pluging, use struct sockaddr_storage (Ville Heikkinen) - Optionally interpret auid in auditctl -l - Update some syscall argument interpretations - In auditd, do not allow spaces in the hostname name format - Big documentation cleanup (MIZUTA Takeshi) - Update syscall table to the 5.12 kernel - Update the auparse normalizer for new event types - Fix compiler warnings in ids subsystem - Block a couple signals from flush & reconfigure threads - In auditd, don't wait on flush thread when exiting - Output error message if the path of input files are too long ausearch/report Included fixes from 3.0.1 - Update syscall table to the 5.11 kernel - Add new --eoe-timeout option to ausearch and aureport (Burn Alting) - Only enable periodic timers when listening on the network - Upgrade libev to 4.33 - Add auparse_new_buffer function to auparse library - Use the select libev backend unless aggregating events - Add sudoers to some base audit rules - Update the auparse normalizer for some new syscalls and event types Included fixes from 3.0 - Generate checkpoint file even when no results are returned (Burn Alting) - Fix log file creation when file logging is disabled entirely (Vlad Glagolev) - Convert auparse_test to run with python3 (Tomá? Chvátal) - Drop support for prelude - Adjust backlog_wait_time in rules to the kernel default (#1482848) - Remove ids key syntax checking of rules in auditctl - Use SIGCONT to dump auditd internal state (#1504251) - Fix parsing of virtual timestamp fields in ausearch_expression (#1515903) - Fix parsing of uid & success for ausearch - Add support for not equal operator in audit by executable (Ondrej Mosnacek) - Hide lru symbols in auparse - Add systemd process protections - Fix aureport summary time range reporting - Allow unlimited retries on startup for remote logging - Add queue_depth to remote logging stats and increase default queue_depth size - Fix segfault on shutdown - Merge auditd and audispd code - Close on execute init_pipe fd (#1587995) - Breakout audisp syslog plugin to be standalone program - Create a common internal library to reduce code - Move all audispd config files under /etc/audit/ - Move audispd.conf settings into auditd.conf - Add queue depth statistics to internal state dump report - Add network statistics to internal state dump report - SIGUSR now also restarts queue processing if its suspended - Update lookup tables for the 4.18 kernel - Add auparse_normalizer support for SOFTWARE_UPDATE event - Add 30-ospp-v42.rules to meet new Common Criteria requirements - Deprecate enable_krb and replace with transport config opt for remote logging - Mark netlabel events as simple events so that get processed quicker - When auditd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) - In aureport, fix segfault in file report - Add auparse_normalizer support for labeled networking events - Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) - In ausearch/auparse, event aging is off by a second - In ausearch/auparse, correct event ordering to process oldest first - Migrate auparse python test to python3 - auparse_reset was not clearing everything it should - Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events - In ausearch/report, lightly parse selinux portion of USER_AVC events - Add bpf syscall command argument interpretation to auparse - In ausearch/report, limit record size when malformed - Port af_unix plugin to libev - In auditd, fix extract_type function for network originating events - In auditd, calculate right size and location for network originating events - Make legacy script wait for auditd to terminate (#1643567) - Treat all network originating events as VER2 so dispatcher doesn't format it - If an event has a node name make it VER2 so dispatcher doesnt format it - In audisp-remote do an initial connection attempt (#1625156) - In auditd, allow expression of space left as a percentage (#1650670) - On PPC64LE systems, only allow 64 bit rules (#1462178) - Make some parts of auditd state report optional based on config - Update to libev-4.25 - Fix ausearch when checkpointing a single file (Burn Alting) - Fix scripting in 31-privileged.rules wrt filecap (#1662516) - In ausearch, do not checkpt if stdin is input source - In libev, remove __cold__ attribute for functions to allow proper hardening - Add tests to configure.ac for openldap support - Make systemd support files use /run rather than /var/run (Christian Hesse) - Fix minor memory leak in auditd kerberos credentials code - Allow exclude and user filter by executable name (Ondrej Mosnacek) - Fix auditd regression where keep_logs is limited by rotate_logs 2 file test - In ausearch/report fix --end to use midnight time instead of now (#1671338) - Add substitue functions for strndupa & rawmemchr - Fix memleak in auparse caused by corrected event ordering - Fix legacy reload script to reload audit rules when daemon is reloaded - Support for unescaping in trusted messages (Dmitry Voronin) - In auditd, use standard template for DEAMON events (Richard Guy Briggs) - In aureport, fix segfault for malformed USER_CMD events - Add exe field to audit_log_user_command in libaudit - In auditctl support filter on socket address families (Richard Guy Briggs) - Deprecate support for Alpha & IA64 processors - If space_left_action is rotate, allow it every time (#1718444) - In auparse, drop standalone EOE events - Add milliseconds column for ausearch extra time csv format - Fix aureport first event reporting when no start given - In audisp-remote, add new config item for startup connection errors - Remove dependency on chkconfig - Install rules to /usr/share/audit/sample-rules/ - Split up ospp rules to make SCAP scanning easier (#1746018) - In audisp-syslog, support interpreting records (#1497279) - Audit USER events now sends msg as name value pair - Add support for AUDIT_BPF event - Auditd should not process AUDIT_REPLACE events - Update syscall tables to the 5.5 kernel - Improve personality interpretation by using PERS_MASK - Speedup ausearch/report parsing RAW logging format by caching uid/name lookup - Change auparse python bindings to shared object (Issue #121) - Add error messages for watch permissions - If audit rules file doesn't exist log error message instead of info message - Revise error message for unmatched options in auditctl - In audisp-remote, fixup remote endpoint disappearin in ascii format - Add backlog_wait_time_actual reporting / resetting to auditctl (Max Englander) - In auditctl, add support for sending a signal to auditd - Removes audit-fno-common.patch: fixed in upstream - Removes audit-python3.patch: fixed in upstream ==== ceph ==== Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). But then, be happy with 8GB (bumping the current x86_64 worker pool from 16 to 64). (Dominique Leuenberger) ==== chrony ==== Subpackages: chrony-pool-openSUSE - Add now working CONFIG parameter to sysusers generator ==== dracut ==== Version update (053+suse.93.g039ac07d -> 055+suse.106.g760b0c69) Subpackages: dracut-ima - Update to version 055+suse.106.g760b0c69: * chore(suse): add Conflicts for old suse-module-tools to specfile (bsc#1187115) - Update to version 055+suse.104.g9d45c1df: * feat(suse-initrd): add INITRD_MODULES from /etc/sysconfig/kernel, too * fix(suse-initrd): call dracut_instmods with hostonly= * fix(suse-initrd): use $kernel rather than $(uname -r) - Update to version 055+suse.100.ga2700279: * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115) * chore(suse): erase conditional for usrmerge from specfile * chore(suse): fix specfile for usrmerge - Update to version 055+suse.97.gb98506b2: * docs: update NEWS.md and AUTHORS * fix(fs-lib): install fsck utilities * fix(integrity): require ALLOW_METADATA_WRITES to come from EVM config file * fix(install): configure logging earlier * fix(warpclock): minor cleanups * fix(dash): minor cleanups * fix(mksh): minor cleanups * feat(install): add default value for --firmwaredirs * fix(dracut-functions): get_maj_min without get_maj_min_cache_file set * fix(dracut): pipe hardlink output to `dinfo` * fix(install): sane default --kerneldir * fix(bash): minor cleanups * fix(squash): don't mount the mount points if already mounted * ci: add shfmt to Fedora containers * fix(base): add missing `str_replace` to `dracut-dev-lib.sh` * feat(dracut.sh): detect running in a container * fix(base): split out `dracut-dev-lib.sh` * fix(dracut-util): print error message with trailing newline * fix(packit): downstream has renamed the master branch to main - Update to version 054+suse.96.gb5aa64d2: * fix(suse-initrd) fix list of modprobe.d directories - Update to version 054+suse.95.gd5820102: * chore(suse) update spec Important change on mkinitrd: mkinitrd is now in its own subpackage "dracut-mkinit-deprecated", which requires dracut. If you need mkinitrd, require "mkinitrd". However note that in the long run, mkinit will go away. It is preferred to call dracut directly. - Update to version 054+suse.94.g1648453e: * chore(suse): re-add SUSE mkinitrd - Update to version 054+suse.93.gd393f006: With this release dracut has undergone a major overhaul. A lot of systemd related modules have been added. The integration test suite has finally ironed out the flaky behaviour due to the parallel device probing of the kernel, which bit sometimes in the non-kvm github CI. So, if you see any /dev/sda in a setup script with more than two hard drives, chances are, that the script works on the wrong disk. Same goes for network interfaces. This release is also fully shellcheck'ed with ShellCheck-0.7.2 and indented with shfmt and astyle. The dracut project builds test containers every day for: opensuse/tumbleweed-dnf:latest archlinux:latest fedora:rawhide fedora:latest fedora:33 These containers can easily be used to run the integration tests locally without root permissions via podman. We hope this serves as a blueprint for your distribution's CI process. More information can be found in docs/HACKING.md. Bug Fixes make testsuite pass on OpenSuse and Arch (8b2afb08) cope with distributions with /usr/etc files (3ad3b3a4) deprecate gummiboot (5c94cf41) set vimrc and emacs indention according to .editorconfig (9012f399) correctly handle kernel parameters (501d82f7) remove dracut.pc on make clean (d643156d) honor KVERSION environment in the Makefile (d8a454a5) always use mkdir -p (9cf7b1c5) dracut.sh: prevent symbolic links containing // (de0c0872) adding missing globalvars for udev (f35d479d) sysctl global variables (3ca9aa1d) add global vars for modules-load (ec4539c6) omission is an addition to other omissions in conf files (96c31333) harden dracut against GZIP environment variable (d8e47e20) add a missing tmpfilesconfdir global variable (8849dd8d) include modules.builtin.alias in the initramfs (7f633747) install all depmod relevant configuration files (50a01dd4) add modules.builtin.modinfo to the initramfs (87c4c178) search for btrfs devices from actual mount poiont (3fdc734a) dracut-functions.sh: implement a cache for get_maj_min (c3bb9d18) word splitting issue for sed in get_ucode_file (122657b2) dracut-logger.sh: double dash trigger unknown logger warnings during run (4fbccde5) dracut-install: handle $LIB in ldd output parsing (d1a36d3d) handle builtin modules (2536a9ea) base: suppress calls to getarg in build phase (6feaaabc) source hooks without exec (8059bcb2) wait_for_dev quote shell variables (b800edd6) adding crc32c for ext3 (61f45643) crypt: install all crypto modules in the generic initrd (10f9e569) include cryptsetups tmpfile (a4cc1964) crypt-gpg: cope with different scdaemon location (44fd1c13) dbus-broker: enable the service (df1e5f06) dbus-daemon: only error out in install() (ae4fbb3d) dracut-systemd: don't refuse root=tmpfs when systemd is used (a96900a8) examples: remove the examples directory and reference to it (b37c90c8) fips: add dh and ecdh ciphers (543b8014) remove old udev version requirements (be30d987) i18n: skip if data is missing (651fe01e) img-lib: ignored null byte in input (85eb9680) integrity: properly set up EVM when using an x509 cert (4bdd7eb2) iscsi: replace sed call with bash internals (66b920c6) add iscsid.service requirements (bb6770f1) only rely on socket activiation (0eb87d78) kernel-modules: optionally add /usr/lib/modules.d to initramfs (92e6a8f8) add watchdog drivers for generic initrd (3a60c036) mdraid: remove dependency statements (86b75634) memstrack: correct dependencies (c2ecc4d1) multipath: stop multipath before udev db cleanup (3c244c7c) revise multipathd-stop (7b8c78ff) nbd: assume nbd version >= 3.8 (6209edeb) remove old udev version requirements (fd15dbad) make nbd work again with systemd (77906443) network: use wicked unit instead of find_binary (57eefcf7) user variable for sdnetworkd instead of path (4982e16d) correct regression in iface_has_carrier (36af0518) network-legacy: add missing options to dhclient.conf (abfd547a) silence getargs (60a34d8b) network-manager: cope with distributions not using libexec (22d6863e) set timeout via command line option (8a51ee1f) run after dracut-cmdline (4d03404f) create /run directories (49b61496) use /run/NetworkManager/initrd/neednet in initqueue (6a37c6f6) only run NetworkManager if rd.neednet=1 (ac0e8f7d) nm-run.service: don't kill forked processes (1f21fac6) no default deps for nm-run.service (ba4bcf5f) nm-lib.sh does not require bash (3402142e) squash: post install should be the last step before stripping (8c8aecdc) systemd: include all nss libraries (b3bbf5fb) include hosts and nsswitch.conf in hostonly mode (5912f4fb) remove old systemd version requirements (fc53987b) systemd-hostnamed: extra quote (2aa65234) systemd-modules: remove dependency on systemd meta module (afef4557) systemd-modules-load: misc repairs (782ac8f1) systemd-networkd: make systemd-networkd a proper network provider (ea779750, closes #737) systemd-resolved: remove nss libraries (12bef83c) systemd-sysctl: sysctl global variables (02acedd0) systemd-sysusers: misc fixes and cleanup (7359ba8a) systemd-udev: use global vars instead of fixed path (fd883a58) systemd-udevd: add udev id program files (562cb77b) systemd-verity: incorrect reference to cryptsetup target (ba92d1fc) re-naming module to veritysetup (0267f3c3) tpm2-tss: add tpm2 requirement (8f99fada) udev-rules: remove sourcing of network link files (69f4e7cd) add btrfs udev rules by default (567c4557) url-lib: fix passing args (5f6be515) zipl: don't depend on grub2 (6b499ec1) Performance disable initrd compression when squash module is enabled (7c0bc0b2) Features support ZSTD-compressed kernel modules (ce9af251) also restore the initramfs from /lib/modules (33e27fab) extend Makefile indent target (e0a0fa61) customize .editorconfig according to shfmt (1f621aba) squash module follow --compress option (5d05ffbd) bluetooth: implement bluetooth support in initrd (64ee2a53) btrfs: add 64-btrfs-dm.rules rules (d4caa86a) mkinitrd: remove mkinitrd (43df4ee2) nbd: support ipv6 link local nbds (b12f8188) network-manager: run as daemon with D-Bus (112f03f9) qemu: include the virtio_mem kernel module (f3dcb606) skipcpio: speed up and harden skipcpio (63033495) squash: use busybox for early setup if available (90f269f6) install and depmod modules seperately (5a18b24a) systemd-ac-power: introducing the systemd-ac-power module (e7407230) systemd-hostnamed: introducing the systemd-hostnamed module (bf273e3e) systemd-initrd: add initrd-usr-fs.target (5eb73610) systemd-journald: introducing the systemd-journald module (3697891b) systemd-ldconfig: introducing the systemd-ldconfig module (563c434e) systemd-network-management: introducing systemd-network-management module (e942d86c) systemd-resolved: introducing the systemd-resolved module (b7d3caef) systemd-rfkill: introducing the systemd-rfkill module (21536544) systemd-sysext: introducing the systemd-sysext module (fc88af54) systemd-timedated: introducing the systemd-timedated module (1c41cc90) systemd-timesyncd: introducing the systemd-timesyncd module (2257d545) systemd-tmpfiles: introducing the systemd-tmpfiles module (2b61be32) systemd-udevd: introducing the systemd-udevd module (3534789c) systemd-verity: introducing the systemd-verity module (3d4dea58) tpm2-tss: introducing the tpm2-tss module (8743b073) ==== e2fsprogs ==== Subpackages: libcom_err2 libext2fs2 - Fix the %doc files. RELEASE-NOTES is a symlink to doc/RelNotes/v%version. ==== haproxy ==== Version update (2.4.0+git0.6cbbecf09 -> 2.4.1+git0.1ce7d4925) - Update to version 2.4.1+git0.1ce7d4925: * [RELEASE] Released version 2.4.1 * BUG/MINOR: mux-h2/traces: bring back the lost "sent H2 REQ/RES" traces * BUG/MINOR: mux-h2/traces: bring back the lost "rcvd H2 REQ" trace * MINOR: mux-h2: obey http-ignore-probes during the preface * BUG/MINOR: stats: make "show stat typed desc" work again * CLEANUP: mux-h2/traces: better align user messages * MINOR: mux-h2/trace: report a few connection-level info during h2_init() * MINOR: connection: add helper conn_append_debug_info() * BUG/MINOR: server: explicitly set "none" init-addr for dynamic servers * BUG/MINOR: mux-h1: do not skip the error response on bad requests * MINOR: backend: only skip LB when there are actual connections * BUG/MAJOR: queue: set SF_ASSIGNED when setting strm->target on dequeue * CLEANUP: global: remove unused definition of stopping_task[] * BUG/MINOR: mworker: fix typo in chroot error message * BUG/MINOR: ssl: use atomic ops to update global shctx stats * BUG/MEDIUM: shctx: use at least thread-based locking on USE_PRIVATE_CACHE * BUG/MEDIUM: server: do not auto insert a dynamic server in px addr_node * BUG/MINOR: server: do not keep an invalid dynamic server in px ids tree * BUG/MEDIUM: server: do not forget to generate the dynamic servers ids * BUG/MEDIUM: server: clear dynamic srv on delete from proxy id/name trees * BUG/MEDIUM: server: extend thread-isolate over much of CLI 'add server' * BUG/MINOR: stick-table: insert srv in used_name tree even with fixed id * DOC: lua: Add a warning about buffers modification in HTTP * BUG/MAJOR: resolvers: segfault using server template without SRV RECORDs * MEDIUM: resolvers: add a ref between servers and srv request or used SRV record * MEDIUM: resolvers: add a ref on server to the used A/AAAA answer item * BUG/MINOR: resolvers: answser item list was randomly purged or errors * CLEANUP: l7-retries: do not test the buffer before calling b_alloc() * BUG/MINOR: mux-fcgi: Expose SERVER_SOFTWARE parameter by default * BUG/MAJOR: htx: Fix htx_defrag() when an HTX block is expanded * CLEANUP: pools: remove now unused seq and pool_free_list * BUG/MAJOR: pools: fix possible race with free() in the lockless variant * MEDIUM: pools: use a single pool_gc() function for locked and lockless * MINOR: pools: call malloc_trim() under thread isolation * MINOR: pools: do not maintain the lock during pool_flush() * BUG/MINOR: pools: make DEBUG_UAF always write to the to-be-freed location * BUG/MINOR: pools: fix a possible memory leak in the lockless pool_flush() * BUG/MEDIUM: compression: Add a flag to know the filter is still processing data * BUG/MEDIUM: compression: Properly get the next block to iterate on payload * BUG/MEDIUM: compression: Fix loop skipping unused blocks to get the next block * BUG/MEDIUM: opentracing: initialization before establishing daemon and/or chroot mode * Revert "BUG/MINOR: opentracing: initialization after establishing daemon mode" * BUG/MINOR: ssl: OCSP stapling does not work if expire too far in the future * BUILD: make tune.ssl.keylog available again * DOC: use the req.ssl_sni in examples * MINOR: errors: allow empty va_args for diag variadic macro * BUG/MAJOR: stream-int: Release SI endpoint on server side ASAP on retry * DOC/MINOR: move uuid in the configuration to the right alphabetical order * BUG/MINOR: vars: Be sure to have a session to get checks variables * CLEANUP: http-ana: Remove useless if statement about L7 retries * BUG/MINOR: proxy: Missing calloc return value check in chash_init_server_tree * BUG/MINOR: http: Missing calloc return value check in make_arg_list * BUG/MINOR: http: Missing calloc return value check while parsing redirect rule * BUG/MINOR: worker: Missing calloc return value check in mworker_env_to_proc_list * BUG/MINOR: compression: Missing calloc return value check in comp_append_type/algo * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request rule * BUG/MINOR: http: Missing calloc return value check while parsing tcp-request/tcp-response * BUG/MINOR: proxy: Missing calloc return value check in proxy_defproxy_cpy * BUG/MINOR: proxy: Missing calloc return value check in proxy_parse_declare * BUG/MINOR: http: Missing calloc return value check in parse_http_req_capture * BUG/MINOR: ssl: Missing calloc return value check in ssl_init_single_engine * BUG/MINOR: peers: Missing calloc return value check in peers_register_table * BUG/MINOR: server: Missing calloc return value check in srv_parse_source * DOC: intro: Fix typo in starter guide * MINOR: cfgparse: Fail when encountering extra arguments in macro * MINOR: http-ana: Perform L7 retries because of status codes in response analyser * BUG/MINOR: http-ana: Handle L7 retries on refused early data before K/A aborts * BUG/MINOR: http-ana: Send the right error if max retries is reached on L7 retry * Revert "MEDIUM: http-ana: Deal with L7 retries in HTTP analysers" * BUG/MINOR: http-comp: Preserve HTTP_MSGF_COMPRESSIONG flag on the response * BUG/MEDIUM: filters: Exec pre/post analysers only one time per filter * BUILD/MINOR: opentracing: fixed build when using clang * BUG/MAJOR: server: prevent deadlock when using 'set maxconn server' * BUG/MEDIUM: ebtree: Invalid read when looking for dup entry ==== helm ==== Version update (3.6.0 -> 3.6.1) - Update to version 3.6.1: * tweak basic handling ==== kernel-source ==== Version update (5.12.12 -> 5.12.13) - Revert "drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell." (amd gpu reverts). - Revert "drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue." (amd gpu reverts). - commit 74bd8c0 - Refresh patches.suse/Input-elants_i2c-Fix-NULL-dereference-at-probing.patch. - Refresh patches.suse/mmc-sdhci-iproc-cap-min-clock-frequency-on-bcm2711.patch. - Refresh patches.suse/mmc-sdhci-iproc-set-sdhci_quirk_cap_clock_base_broken-on-bcm2711.patch. Update upstream statuses. - commit 9cef814 - Revert "Update config files (bsc#1187167)" (bsc#1187711). The key is needed. When a random key is generaeted it is a problem with OBS repository setup. OBS should provide a signing key. - commit 6b7eebf - Linux 5.12.13 (bsc#1012628). - dmaengine: idxd: add engine 'struct device' missing bus type assignment (bsc#1012628). - dmaengine: idxd: add missing dsa driver unregister (bsc#1012628). - dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions (bsc#1012628). - dmaengine: xilinx: dpdma: initialize registers before request_irq (bsc#1012628). - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (bsc#1012628). - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (bsc#1012628). - dmaengine: SF_PDMA depends on HAS_IOMEM (bsc#1012628). - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (bsc#1012628). - afs: Fix an IS_ERR() vs NULL check (bsc#1012628). - mm/memory-failure: make sure wait for page writeback in memory_failure (bsc#1012628). - kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1012628). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1012628). - batman-adv: Avoid WARN_ON timing related checks (bsc#1012628). - staging: rtl8723bs: fix monitor netdev register/unregister (bsc#1012628). - mac80211: fix skb length check in ieee80211_scan_rx() (bsc#1012628). - mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#1012628). - mlxsw: core: Set thermal zone polling delay argument to real value at init (bsc#1012628). - libbpf: Fixes incorrect rx_ring_setup_done (bsc#1012628). - net: ipv4: fix memory leak in netlbl_cipsov4_add_std (bsc#1012628). - vrf: fix maximum MTU (bsc#1012628). - net: rds: fix memory leak in rds_recvmsg (bsc#1012628). - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (bsc#1012628). - net: ena: fix DMA mapping function issues in XDP (bsc#1012628). - net: lantiq: disable interrupt before sheduling NAPI (bsc#1012628). - netfilter: nf_tables: initialize set before expression setup (bsc#1012628). - netfilter: nft_fib_ipv6: skip ipv6 packets from any to link-local (bsc#1012628). - ice: add ndo_bpf callback for safe mode netdev ops (bsc#1012628). - ice: parameterize functions responsible for Tx ring management (bsc#1012628). - udp: fix race between close() and udp_abort() (bsc#1012628). - rtnetlink: Fix regression in bridge VLAN configuration (bsc#1012628). - net/sched: act_ct: handle DNAT tuple collision (bsc#1012628). - net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1012628). - net/mlx5e: Remove dependency in IPsec initialization flows (bsc#1012628). - net/mlx5e: Fix page reclaim for dead peer hairpin (bsc#1012628). - net/mlx5: Consider RoCE cap before init RDMA resources (bsc#1012628). - net/mlx5: DR, Don't use SW steering when RoCE is not supported (bsc#1012628). - Revert "net/mlx5: Arm only EQs with EQEs" (bsc#1012628). - net/mlx5e: Block offload of outer header csum for UDP tunnels (bsc#1012628). - net/mlx5e: Block offload of outer header csum for GRE tunnel (bsc#1012628). - skbuff: fix incorrect msg_zerocopy copy notifications (bsc#1012628). - netfilter: synproxy: Fix out of bounds when parsing TCP options (bsc#1012628). - mptcp: Fix out of bounds when parsing TCP options (bsc#1012628). - sch_cake: Fix out of bounds when parsing TCP options and header (bsc#1012628). - mptcp: try harder to borrow memory from subflow under pressure (bsc#1012628). - mptcp: wake-up readers only for in sequence data (bsc#1012628). - mptcp: do not warn on bad input from the network (bsc#1012628). - selftests: mptcp: enable syncookie only in absence of reorders (bsc#1012628). - mptcp: fix soft lookup in subflow_error_report() (bsc#1012628). - alx: Fix an error handling path in 'alx_probe()' (bsc#1012628). - cxgb4: fix endianness when flashing boot image (bsc#1012628). - cxgb4: fix sleep in atomic when flashing PHY firmware (bsc#1012628). - cxgb4: halt chip before flashing PHY firmware image (bsc#1012628). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (bsc#1012628). - net: make get_net_ns return error if NET_NS is disabled (bsc#1012628). - net: qualcomm: rmnet: don't over-count statistics (bsc#1012628). - ethtool: strset: fix message length calculation (bsc#1012628). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (bsc#1012628). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (bsc#1012628). - cxgb4: fix wrong ethtool n-tuple rule lookup (bsc#1012628). - ipv4: Fix device used for dst_alloc with local routes (bsc#1012628). - net: qrtr: fix OOB Read in qrtr_endpoint_post (bsc#1012628). - bpf: Fix leakage under speculation on mispredicted branches (bsc#1012628). - net: mhi_net: Update the transmit handler prototype (bsc#1012628). - ptp: improve max_adj check against unreasonable values (bsc#1012628). - net: cdc_ncm: switch to eth%d interface naming (bsc#1012628). - lantiq: net: fix duplicated skb in rx descriptor ring (bsc#1012628). - net: usb: fix possible use-after-free in smsc75xx_bind (bsc#1012628). - net: fec_ptp: fix issue caused by refactor the fec_devtype (bsc#1012628). - net: ipv4: fix memory leak in ip_mc_add1_src (bsc#1012628). - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (bsc#1012628). - net/mlx5: Fix error path for set HCA defaults (bsc#1012628). - net/mlx5: Check that driver was probed prior attaching the device (bsc#1012628). - net/mlx5: E-Switch, Read PF mac address (bsc#1012628). - net/mlx5: E-Switch, Allow setting GUID for host PF vport (bsc#1012628). - net/mlx5: SF_DEV, remove SF device on invalid state (bsc#1012628). - net/mlx5: DR, Fix STEv1 incorrect L3 decapsulation padding (bsc#1012628). - net/mlx5e: Don't create devices during unload flow (bsc#1012628). - net/mlx5: Reset mkey index on creation (bsc#1012628). - be2net: Fix an error handling path in 'be_probe()' (bsc#1012628). - net: hamradio: fix memory leak in mkiss_close (bsc#1012628). - net: cdc_eem: fix tx fixup skb leak (bsc#1012628). - cxgb4: fix wrong shift (bsc#1012628). - bnxt_en: Rediscover PHY capabilities after firmware reset (bsc#1012628). - bnxt_en: Fix TQM fastpath ring backing store computation (bsc#1012628). - bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (bsc#1012628). - icmp: don't send out ICMP messages with a source address of 0.0.0.0 (bsc#1012628). - net: ethernet: fix potential use-after-free in ec_bhf_remove (bsc#1012628). - regulator: cros-ec: Fix error code in dev_err message (bsc#1012628). - regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (bsc#1012628). - platform/x86: thinkpad_acpi: Add X1 Carbon Gen 9 second fan support (bsc#1012628). - ASoC: rt5659: Fix the lost powers for the HDA header (bsc#1012628). - phy: phy-mtk-tphy: Fix some resource leaks in mtk_phy_init() (bsc#1012628). - ASoC: fsl-asoc-card: Set .owner attribute when registering card (bsc#1012628). - regulator: mt6315: Fix function prototype for mt6315_map_mode (bsc#1012628). - regulator: rtmv20: Fix to make regcache value first reading back from HW (bsc#1012628). - spi: spi-zynq-qspi: Fix some wrong goto jumps & missing error code (bsc#1012628). - sched/pelt: Ensure that *_sum is always synced with *_avg (bsc#1012628). - ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (bsc#1012628). - regulator: hi6421v600: Fix .vsel_mask setting (bsc#1012628). - spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (bsc#1012628). - regulator: rt4801: Fix NULL pointer dereference if priv->enable_gpios is NULL (bsc#1012628). - ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire mode (bsc#1012628). - pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled (bsc#1012628). - drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (bsc#1012628). - ASoC: qcom: lpass-cpu: Fix pop noise during audio capture begin (bsc#1012628). - radeon: use memcpy_to/fromio for UVD fw upload (bsc#1012628). - hwmon: (scpi-hwmon) shows the negative temperature properly (bsc#1012628). - riscv: code patching only works on !XIP_KERNEL (bsc#1012628). - mm: relocate 'write_protect_seq' in struct mm_struct (bsc#1012628). - irqchip/gic-v3: Workaround inconsistent PMR setting on NMI entry (bsc#1012628). - perf metricgroup: Fix find_evsel_group() event selector (bsc#1012628). - perf metricgroup: Return error code from metricgroup__add_metric_sys_event_iter() (bsc#1012628). - bpf: Inherit expanded/patched seen count from old aux data (bsc#1012628). - bpf: Do not mark insn as seen under speculative path verification (bsc#1012628). - can: bcm: fix infoleak in struct bcm_msg_head (bsc#1012628). - can: bcm/raw/isotp: use per module netdevice notifier (bsc#1012628). - can: j1939: fix Use-after-Free, hold skb ref while in use (bsc#1012628). - can: mcba_usb: fix memory leak in mcba_usb (bsc#1012628). - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (bsc#1012628). - usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (bsc#1012628). - tracing: Do not stop recording cmdlines when tracing is off (bsc#1012628). - tracing: Do not stop recording comms if the trace file is being read (bsc#1012628). - tracing: Do no increment trace_clock_global() by one (bsc#1012628). - PCI: Mark TI C667X to avoid bus reset (bsc#1012628). - PCI: Mark some NVIDIA GPUs to avoid bus reset (bsc#1012628). - PCI: Mark AMD Navi14 GPU ATS as broken (bsc#1012628). - PCI: aardvark: Fix kernel panic during PIO transfer (bsc#1012628). - PCI: Add ACS quirk for Broadcom BCM57414 NIC (bsc#1012628). - PCI: Work around Huawei Intelligent NIC VF FLR erratum (bsc#1012628). - btrfs: zoned: fix negative space_info->bytes_readonly (bsc#1012628). - s390/mcck: fix invalid KVM guest condition check (bsc#1012628). - KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (bsc#1012628). - KVM: x86/mmu: Calculate and check "full" mmu_role for nested MMU (bsc#1012628). - KVM: X86: Fix x86_emulator slab cache leak (bsc#1012628). - s390/mcck: fix calculation of SIE critical section size (bsc#1012628). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1012628). - ARCv2: save ABI registers across signal handling (bsc#1012628). - x86/mm: Avoid truncating memblocks for SGX memory (bsc#1012628). - x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1012628). - x86/ioremap: Map EFI-reserved memory as encrypted for SEV (bsc#1012628 bsc#1186884). - x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1012628). - x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1012628). - x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer (bsc#1012628). - x86/fpu: Reset state for all signal restore failures (bsc#1012628). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1012628). - Makefile: lto: Pass -warn-stack-size only on LLD < 13.0.0 (bsc#1012628). - crash_core, vmcoreinfo: append 'SECTION_SIZE_BITS' to vmcoreinfo (bsc#1012628). - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (bsc#1012628). - mac80211: fix deadlock in AP/VLAN handling (bsc#1012628). - mac80211: Fix NULL ptr deref for injected rate info (bsc#1012628). - mac80211: fix 'reset' debugfs locking (bsc#1012628). - cfg80211: fix phy80211 symlink creation (bsc#1012628). - cfg80211: shut down interfaces on failed resume (bsc#1012628). - mac80211: move interface shutdown out of wiphy lock (bsc#1012628). - mac80211: minstrel_ht: fix sample time check (bsc#1012628). - cfg80211: make certificate generation more robust (bsc#1012628). - cfg80211: avoid double free of PMSR request (bsc#1012628). - drm/amdgpu/gfx10: enlarge CP_MEC_DOORBELL_RANGE_UPPER to cover full doorbell (bsc#1012628). - drm/amdgpu/gfx9: fix the doorbell missing when in CGPG issue (bsc#1012628). - net: ll_temac: Make sure to free skb when it is completely used (bsc#1012628). - net: ll_temac: Fix TX BD buffer overwrite (bsc#1012628). - net: bridge: fix vlan tunnel dst null pointer dereference (bsc#1012628). - net: bridge: fix vlan tunnel dst refcnt when egressing (bsc#1012628). - mm,hwpoison: fix race with hugetlb page allocation (bsc#1012628). - mm/swap: fix pte_same_as_swp() not removing uffd-wp bit when compare (bsc#1012628). - mm/hugetlb: expand restore_reserve_on_error functionality (bsc#1012628). - mm/slub: clarify verification reporting (bsc#1012628). - mm/slub: fix redzoning for small allocations (bsc#1012628). - mm/slub: actually fix freelist pointer vs redzoning (bsc#1012628). - mm/slub.c: include swab.h (bsc#1012628). - net: stmmac: disable clocks in stmmac_remove_config_dt() (bsc#1012628). - net: fec_ptp: add clock rate zero check (bsc#1012628). - tools headers UAPI: Sync linux/in.h copy with the kernel sources (bsc#1012628). - perf beauty: Update copy of linux/socket.h with the kernel sources (bsc#1012628). - usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (bsc#1012628). - usb: dwc3: core: fix kernel panic when do reboot (bsc#1012628). - Delete patches.suse/0001-x86-ioremap-Map-efi_mem_reserve-memory-as-encrypted-.patch. - commit 2ab6e2b - Bluetooth: btqca: Don't modify firmware contents in-place (bsc#1187472). - commit 43254cf ==== less ==== Version update (586 -> 590) - update to 590: * Make less able to read lesskey source files (deprecating lesskey). * If XDG_CONFIG_HOME is set, find lesskey source file in $XDG_CONFIG_HOME/lesskey rather than $HOME/.lesskey. * If XDG_DATA_HOME is set, find and store history file in $XDG_DATA_HOME/lesshst rather than $HOME/.lesshst. * Add the --lesskey-src option. * Add the --file-size option. * With -F, if screen is resized to make file fit on one screen, don't exit. - Remove --with-pic (no static libs are ever produced). ==== libconfig ==== Version update (1.7.2 -> 1.7.3) - Update to release 1.7.3 * Fixed a heap corruption bug in config_clear() * Added a Setting::isString() method * Renamed all remaining internal methods that lacked a "libconfig_" prefix. ==== mozjs78 ==== Version update (78.8.0 -> 78.11.0) - Update to version 78.11.0esr. ==== ncurses ==== Version update (6.2.20210515 -> 6.2.20210612) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210612 + fixes for scan-build, valgrind build/testing. + update config.guess - Add ncurses patch 20210605 + add a summary of ncurses-specific preprocessor symbols to curses.h (prompted by discussion with Peter Farley, Bill Gray). - Add ncurses patch 20210522 + regenerate configure scripts with autoconf 2.52.20210509 to eliminate an unnecessary warning in config.log (report by Miroslav Lichvar). + add a note in manual page to explain ungetch vs unget_wch (prompted by discussion with Peter Farley). + add sp-funcs for erasewchar, killwchar. + modify wgetnstr, wgetn_wstr to improve compatibility with SVr4 curses in its treatment of interrupt and quit characters (prompted by report/testcase by Bill Gray) + update config.guess, config.sub - Correct offset in patch ncurses-6.2.dif ==== open-vm-tools ==== Version update (11.2.5 -> 11.3.0) Subpackages: libvmtools0 - Update to 11.3.0 (build 18090558) (boo#1187567) + Resolved issues: - The following github issues and pull requests have been resolved: 446, 481, 500, and 509 - The following Pull requests have been resolved: 474 and 505 - A number of issues detected by Coverity, internally or by third parties, have been addressed. - A command line tool, vmwgfxctrl, has been added to open-vm-tools for Linux that can be used to control various aspects of the vmwgfx Linux kernel module. Currently it can both display and set the current topology of the vmwgfx kernel driver. It is useful when trying to configure custom resolutions on recent Linux distributions, including multi-monitor setups. - A command line tool, vmware-alias-import, has been added to open-vm-tools that can be used to import vgauth config data and apply it to the running vgauth service. - Enhancements to support or utilize various vSphere features. - Fixed bug (bsc#1185175) In vmtoolsd.service move deprecated path "/var/run" to "/run" for it's PIDfile. - Update pam-vmtoolsd.patch to compensate for new line numbers. - Drop patch now contained in 11.3.0: - open-vm-tools-glib-2.67.patch - open-vm-tools-pollGtk.patch ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Don't move user-modified ssh_config and sshd_config files to .rpmsave on upgrade. - Use pam_motd to unify motd message output [bsc#1185897] (openssh-8.4p1-pam_motd.patch) ==== pam ==== Subpackages: pam_unix - Create /run/motd.d ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Favor libz1 when in doubt and asked for libz.so.1. - Make the fips pattern supersede "patterns-server-enterprise-fips", take missing pieces and obsolete it - Add pattern to install necessary packages for FIPS (bsc#1183154) - Run pre_checkin.sh - Fix build for SLE ==== python-pytz ==== - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink (bsc#1185748). ==== python38 ==== - Add bpo44426-complex-keyword-sphinx.patch allowing generating documentation with Sphinx 4 (bpo#44426). ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Add bpo44426-complex-keyword-sphinx.patch allowing generating documentation with Sphinx 4 (bpo#44426). ==== shim ==== - Add shim-bsc1185232-fix-config-table-copying.patch to avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Add shim-disable-export-vendor-dbx.patch to disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the potential crash when calling QueryVariableInfo in EFI 1.10 machines (bsc#1187260) - Add shim-fix-aa64-relsz.patch to fix the size of rela sections for AArch64 Fix: https://github.com/rhboot/shim/issues/371 ==== sqlite3 ==== Version update (3.35.5 -> 3.36.0) - SQLite3 3.36.0: * Improvement to the EXPLAIN QUERY PLAN output to make it easier to understand. * Byte-order marks at the start of a token are skipped as if they were whitespace. * An error is raised on any attempt to access the rowid of a VIEW or subquery. Formerly, the rowid of a VIEW would be indeterminate and often would be NULL. The -DSQLITE_ALLOW_ROWID_IN_VIEW compile-time option is available to restore the legacy behavior for applications that need it. * The sqlite3_deserialize() and sqlite3_serialize() interfaces are now enabled by default. The -DSQLITE_ENABLE_DESERIALIZE compile-time option is no longer required. Instead, there is a new -DSQLITE_OMIT_DESERIALIZE compile-time option to omit those interfaces. * The "memdb" VFS now allows the same in-memory database to be shared among multiple database connections in the same process as long as the database name begins with "/". * Back out the EXISTS-to-IN optimization (item 8b in the SQLite 3.35.0 change log) as it was found to slow down queries more often than speed them up. * Improve the constant-propagation optimization so that it works on non-join queries. * The REGEXP extension is now included in CLI builds. ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody - Add default hardware group for 'sgx' enclave access Since udev v248, a default rule for /dev/sgx_enclave is provided to give rw access to the new group hopefully making 'sgx' the standard group name for such devices. - Add third argument to sysusers_generate_pre calls to allow admin overrides with systemd-sysusers ==== systemd ==== Version update (246.13 -> 248.3) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit e9a23d9e064c2e7ac21a1b984d116bcf15327e63 8dd19c6ee3 sd-device: allow to read sysattr which contains embedded NUL d52409e5fe pid1: only add a Wants= type dependency on /tmp when PrivateTmp=yes (bsc#1181970 - Import commit fcdb8dce591db2f5fc3c1e3eeb7abe9a2090b401 aa2d840a3b compat-rules: fix warning: "label ?out? defined but not used" in path_id_compat.c - Restore 61-persistent-storage-compat.rules that was mistakenly dropped during the merge of v248. - Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Paths under /run/lock are still managed by systemd for lack of better place. - Drop systemd's dependency on udev (jsc#PM-2677) In some environments (i.e. containers) udev is usually not necessary but pulls in unnecessary packages. - Now that chkconfig/insserv are history, let's implement the strict minimum in systemd-sysv-install to enable/disable SysV init scripts (bsc#1186595 bsc#1186359) Indeed there's no much point in dropping SysV support completely until upstream will do especially since 3rd party applications such as vmware still rely on it, see bsc#1186359). - Allow the sysusers config files shipped by systemd rpms to be overriden during system installation (bsc#1171962) - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. - udev requires systemd in its %post (bsc#1185958) udevadm, called in udev's %post, requires libsystemd-shared-248.so. - Restore all "License:" tags udev uses a different license (GPL-2.0-only) than the main package and "osc service localrun format_spec_file" has the good taste to restore the license tags for all other subpackages if one of the subpackage tag differs. - Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) - Spec file minor cleanups: - Drop all "Group:" tags as they are deprecated. - Drop "License:" tags from all subpackages and make it inherited from the main package. - Drop "%bcond_with parentpathid" as it's not used. - Introduce subpackage systemd-tests This subpackage is mainly used before submitting a new version of the systemd packages. As such it's not intended for regular users hence can be removed/renamed at any time. One might wonder why the unit tests are not executed during package builds (%check)... the reason is that the environment used to build package (chroot) is too limited and therefore only a subset of the unit tests would be executed in this environment. To disable the build of the subpackage, use "--without=tests". - Add 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch A temporary patch until https://github.com/systemd/systemd/issues/19464 is solved. - Import commit bc08011f04ac4f12569ec05965149f665a0b110b (merge of v248.3) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/6f5c11b28f5739b901390f22c2bf4c003cadedaa...bc08011f04ac4f12569ec05965149f665a0b110b - Import commit 6f5c11b28f5739b901390f22c2bf4c003cadedaa (merge of v248.2) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e5f93c9d2e9e26dd0dff430c4c072a547357ae7d...6f5c11b28f5739b901390f22c2bf4c003cadedaa - Upgrade to v248 (commit 5d3d934a5c2f4593207497db94e6f313348e89e7) See https://github.com/openSUSE/systemd/blob/SUSE/v248/NEWS for details. - A couple runtime dependencies on libraries are now tracked manually (with Recommends:) due to the fact that some symbols of these libs are dynamically loaded with dlopen() (heck!) - oomd is left disablde for now - pam configuration file 'systemd-user' is now shipped in /usr/etc/pam.d - Rebased 0001-conf-parser-introduce-early-drop-ins.patch 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch - Dropped 0004-tmpfiles-support-exclude-statements-based-on-file-ow.patch as it is SLE specific. - Clean systemd-experimental up: - Enclose "%package/%descriptoin experimental" within a "%if %experimental/%endif" block condition - List the build requirements in the sub-package instead of listing them in the main package. - Enable support for fido2, pwquality and qrencode in the home stuff - Improve the package description ==== sysuser-tools ==== Version update (3.0 -> 3.1) - Bump version up to 3.1. The --replace parameter only appeared in systemd 238, so we need to ensure to get the update order correct for sysuser-generate when using the 3rd command line parameters: * systemd -> sysuser-tools -> system-{user|group}-FOO. - Add dependency on systemd >=238 if systemd is installed to sysuser-shadow - update sysuser_requires to request sysuser-shadow 3.1 - Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option - sysusers-generate-pre: only use first argument for grep - sysusers2shadow.sh: use "run" prefix for systemd-sysusers call - macros.sysusers: fix typo ==== yast2 ==== Version update (4.4.9 -> 4.4.14) - Y2Issues::Issue: renamed severity "fatal" to "error", to be more consistent with other parts of (Auto)YaST - Added options to configure the behavior of Y2Issues.report (related to jsc#PM-2620 and bsc#1166743) - 4.4.14 - Y2Issues::List: Add methods size and concat (related to bsc#1181295). - 4.4.13 - add riscv64 architecture helper (jsc#PM-2612) - 4.4.12 - Yast2::AutoClient.run: Ensure that Reset, Read, and SetModified return nil regardless of their implementation, to prevent a crash in the component system (bsc#1187233) - 4.4.11 - Ignore sysctl configuration files that do not have the .conf extension. The only exception are kernel files (/boot/sysctl.conf-*) (bsc#1187018). - 4.4.10 ==== zchunk ==== Version update (1.1.14 -> 1.1.16) - Update to version 1.1.16 * Fix major bug when compressing with dictionary