- apache2
-
- Security update:
* fix CVE-2023-27522 [bsc#1209049], mod_proxy_uwsgi HTTP response splitting
+ Added patch apache2-CVE-2023-27522.patch
* fix CVE-2023-25690 [bsc#1209047], HTTP request splitting with mod_rewrite and mod_proxy
+ Added patch apache2-CVE-2023-25690.patch
- Rename patches to use proper naming:
* Rename patch:
- Removed bsc1207327-fix-mod_proxy-handling-long-urls.patch
- Added apache2-bsc1207327-fix-mod_proxy-handling-long-urls.patch
- [bsc#1208708] fix passing health check does not recover worker
from its error state:
* Added: apache2-bsc1208708-fix-passing-health-check-recover-worker-from-error-state.patch
- [bsc#1207327] fix mod_proxy handling of very long urls
+ bsc1207327-fix-mod_proxy-handling-long-urls.patch
- security update
- added patches:
fix CVE-2022-37436 [bsc#1207251], mod_proxy backend HTTP response splitting
+ apache2-CVE-2022-37436.patch
fix CVE-2022-36760 [bsc#1207250], mod_proxy_ajp Possible request smuggling
+ apache2-CVE-2022-36760.patch
fix CVE-2006-20001 [bsc#1207247], mod_dav out of bounds read, or write of zero byte
+ apache2-CVE-2006-20001.patch
- apache2-mod_wsgi-python3
-
- Add CVE-2022-2255.patch (bsc#1201634)
- apr-util
-
- security fix CVE-2022-25147, bsc#1207866: buffer overflow
possible with specially crafted input
+ added patch apr-util-CVE-2022-25147.patch
- autofs
-
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
Fix off-by-one error in recursive map handling. (bsc#1209653)
- autoyast2
-
- Process the <ask-list/> section in an installed system once the
<general/> section is imported in the (bsc#1201953).
- 4.3.104
- Revert the modification done in version 4.3.97 running the
initscripts before systed-user-sessions service again once
systemd fixed logind (bsc#1195059, bsc#1200780)
- 4.3.103
- avahi
-
- Add avahi-CVE-2023-1981.patch: emit error if requested service
is not found (boo#1210328 CVE-2023-1981).
- Add avahi-bsc1163683.patch: do not cache responses generated
locally (bsc#1163683).
- aws-cli
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Update to version 1.27.89
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.78
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.78/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.71
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.71/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.66
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.66/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.60
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.58
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.58/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.52
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.52/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.41
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.41/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.26
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.26/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.21
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.21/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.8
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.8/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.2
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.2/CHANGELOG.rst
- Relax upper version constraint for python-colorama in
BuildRequires and Requires to 0.5.0 (bsc#1204917)
- Update Requires in spec file from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.26.0
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.26.0/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.91
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.91/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.85
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.85/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.76
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.76/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.72
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.72/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.64
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.64/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.60
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.55
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.55/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.45
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.45/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.37
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.37/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.20
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.20/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.2
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.2/CHANGELOG.rst
- Update Requires in spec file from setup.py
- bind
-
- Security Fix:
* An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a new
update-quota option that controls the maximum number of
outstanding DNS UPDATE messages that named can hold in a queue
at any given time (default: 100).
[bsc#1207471, CVE-2022-3094, bind-CVE-2022-3094.patch]
- Add systemd drop-in directory for named service
[bsc#1201689, bind.spec]
- binutils
-
- Add binutils-maxpagesize.diff for a problem on old code
streams, where we would generate too large binaries.
- s390-pic-dso.diff: use %pB instead of %B
- SLE toolchain update of binutils. Update to 2.39 from 2.37,
which means obsoleting and hence removing these patches:
binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
binutils-add-z16-name.diff.
Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
jsc#SLE-25047]
- This fixes these CVEs relative to 2.37:
[bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
[bsc#1193929] aka PR28694 aka CVE-2021-45078
[bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
[bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
[bsc#1202966] aka PR29289 aka CVE-2022-38126
[bsc#1202967] aka PR29290 aka CVE-2022-38127
[bsc#1202969] aka CVE-2021-3826
- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
[bsc#1202816]
- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
- Add binutils-2.39-branch.diff.gz.
- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
- Add gprofng subpackage.
- Update to binutils 2.39:
* The ELF linker will now generate a warning message if the stack is made
executable. Similarly it will warn if the output binary contains a
segment with all three of the read, write and execute permission
bits set. These warnings are intended to help developers identify
programs which might be vulnerable to attack via these executable
memory regions.
The warnings are enabled by default but can be disabled via a command
line option. It is also possible to build a linker with the warnings
disabled, should that be necessary.
* The ELF linker now supports a --package-metadata option that allows
embedding a JSON payload in accordance to the Package Metadata
specification.
* In linker scripts it is now possible to use TYPE=<type> in an output
section description to set the section type value.
* The objdump program now supports coloured/colored syntax
highlighting of its disassembler output for some architectures.
(Currently: AVR, RiscV, s390, x86, x86_64).
* The nm program now supports a --no-weak/-W option to make it ignore
weak symbols.
* The readelf and objdump programs now support a -wE option to prevent
them from attempting to access debuginfod servers when following
links.
* The objcopy program's --weaken, --weaken-symbol, and
- -weaken-symbols options now works with unique symbols as well.
- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
- For now use --disable-gprofng.
- Includes fixes for these CVEs:
bnc#1142579 aka CVE-2019-1010204 aka PR23765
(Fake entry from SLE for tracking purposes:)
- Use https for variosu links.
- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
in order to include PR29087.
- Enable multitarget build on riscv64
- On SLE15 and later, use make -Oline to synchronize configure output by
lines
(Fake entry from SLE for tracking purposes:)
- Renumber Sources.
- Fix ExcludeArch for ppc.
- Make multibuild utilize only the main binutils.spec file.
- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
- Start using _multibuild for cross binutils.
(forward port from SLE)
- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
(Fake entry from SLE for tracking purposes:)
- Add usage of a SUSE_ZNOW environment variable which allows switching
on "/-z now"/ by default using "/export SUSE_ZNOW=1"/, similar to
the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
which got lost in the update to 2.38.
- Update binutils-2.38-branch.diff.gz in order to include PR28879.
- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
* Install symlinks for all target specific tools on
arm-eabi-none [bsc#1185712]
- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
that corresponding flex/bison files are not modified by a patch.
- Use verbose mode for make for cross compilers.
- Make it build on SLE-11 again.
- Use verbose mode for make.
- Update to binutils 2.38:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Add support for the LoongArch instruction set.
* Tools which display symbols or strings (readelf, strings, nm, objdump)
have a new command line option which controls how unicode characters are
handled. By default they are treated as normal for the tool. Using
- -unicode=locale will display them according to the current locale.
Using --unicode=hex will display them as hex byte values, whilst
- -unicode=escape will display them as escape sequences. In addition
using --unicode=highlight will display them as unicode escape sequences
highlighted in red (if supported by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
added to objcopy in order to enable UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated alias without
diagnostics. In many ar implementations -T has a different meaning, as
specified by X/Open System Interface.
* Add support for AArch64 system registers that were missing in previous
releases.
* Add support for the LoongArch instruction set.
* Add a command-line option, -muse-unaligned-vector-move, for x86 target
to encode aligned vector move as unaligned vector move.
* Add support for Cortex-R52+ for Arm.
* Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
* Add support for Cortex-A710 for Arm.
* Add support for Scalable Matrix Extension (SME) for AArch64.
* The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
assembler what to when it encoutners multibyte characters in the input. The
default is to allow them. Setting the option to "/warn"/ will generate a
warning message whenever any multibyte character is encountered. Using the
option to "/warn-sym-only"/ will make the assembler generate a warning whenever a
symbol is defined containing multibyte characters. (References to undefined
symbols will not generate warnings).
* Outputs of .ds.x directive and .tfloat directive with hex input from
x86 assembler have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
* Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
'armv9.3-a' for -march in AArch64 GAS.
* Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
* Add support for Intel AVX512_FP16 instructions.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add support for the LoongArch architecture.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
linker to control canonical function pointers and copy relocation.
* Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
bytes.
- Add binutils-2.38-branch.diff.gz.
- Removed deletion of man pages as they should be properly packages
in tarball.
- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
and binutils-compat-old-behaviour.diff.
- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
- use fdupes on datadir
- remove RPM_BUILD_ROOT usage and other cleanups
- Rebase binutils-2.37-branch.diff: fixes PR28494.
- c-ares
-
- Update to version 1.19.1
Security:
* CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
* CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
* CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
* CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
Bug fixes:
* Fix uninitialized memory warning in test
* ares_getaddrinfo() should allow a port of 0
* Fix memory leak in ares_send() on error
* Fix comment style in ares_data.h
* Fix typo in ares_init_options.3
* Sync ax_pthread.m4 with upstream
* Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
- Update to version 1.19.0
Security:
* Low. Stack overflow in ares_set_sortlist() which is used
during c-ares initialization and typically provided by an
administrator and not an end user.
(bsc#1208067, CVE-2022-4904)
Changes:
* Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
specifying a custom hosts file location.
Bug fixes:
* Fix memory leak in reading /etc/hosts when using localhost
fallback.
* Fix chain building c-ares when libresolv is already included by
another project.
* File lookup should not immediately abort as there may be other
tries due to search criteria.
* Asterisks should be allowed in host validation as CNAMEs may
reference wildcard domains.
* AutoTools build system referenced bad STDC_HEADERS macro.
* Even if one address class returns a failure for
ares_getaddrinfo() we should still return the results we have.
* Fix ares_getaddrinfo() numerical address resolution with
AF_UNSPEC
* Fix tools and help information.
* Various documentation fixes and cleanups.
* Add include guards to ares_data.h
* c-ares could try to exceed maximum number of iovec entries
supported by system.
* The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
* Allow '/' as a valid character for a returned name for
CNAME in-addr.arpa delegation
* no longer forwards requests for localhost resolution per RFC6761
* During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
that the search process will continue to the next domain
in the search.
* Provide ares_nameser.h as a public interface as needed by NodeJS
* Add support for URI(Uniform Resource Identifier) records via
ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
(c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
Security:
* When building c-ares with CMake, the RANDOM_FILE would not be set
and therefore downgrade to the less secure random number generator
it would cause a crash
* Expand number of escaped characters in DNS replies as per
RFC1035 5.1 to prevent spoofing follow-up
(bsc#1188881, CVE-2021-3672)
* Perform validation on hostnames to prevent possible XSS
due to applications not performing valiation themselves
Changes:
* ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
Bug fixes:
* Building tests should not force building of static libraries except on Windows
* Relative headers must use double quotes to prevent pulling in a system library
for details see,
https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
Travis: add iOS target built with CMake (#378)
Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
- fix build
External projects were using non-public header ares_dns.h, make public again (#376)
It appears some outside projects were relying on macros in ares_dns.h, even
though it doesn't appear that header was ever meant to be public. That said,
we don't want to break external integrators so we should distribute this header
again.
- note that so versioning has moved to configure.ac
- note about 1.17.1
- fix sed gone wrong
autotools cleanup (#372)
* buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
- ca-certificates-mozilla
-
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
- catatonit
-
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
error not a warning.
- cloud-netconfig
-
- Update to version 1.7:
+ Overhaul policy routing setup (issue #19)
+ Support alias IPv4 ranges (issue #14)
+ Add support for NetworkManager (bsc#1204549)
+ Remove dependency on netconfig
+ Install into libexec directory
+ Clear stale ifcfg files for accelerated NICs (bsc#1199853)
+ More debug messages
+ Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
Tumbleweed, update path (poo#116221)
- cloud-regionsrv-client
-
- Update to version 10.1.2 (bsc#1211282)
+ Properly handle Ipv6 when checking update server responsiveness. If not
available fall back and use IPv4 information
+ Use systemd_ordered to allow use in a container without pulling systemd
into the container as a requirement
- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
+ Clean up the system if baseproduct registraion fails to leave the
system in prestine state
+ Log when the registercloudguest command is invoked with --clean
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
- Removes a warning about system_token entry present in the credentials
file.
- Adds logrotate configuration for log rotation.
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
- Removes a warning about system_token entry present in the credentials
file.
- Adds logrotate configuration for log rotation.
- Update to version 10.0.8 (bsc#1206428)
- Fix regression introduced by 10.0.7. When the hosts file was modified
such that there is no empty line at the end of the file the content
after removing the registration data does not match the content prior
to registration. The update fixes the issue triggered by an index
logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
- Implement functionality to detect if an update server has a new cert.
Import the new cert when it is detected.
- Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
- Credentials are equal when username and password are the same ignore
other entries in the credentials file
- Handle multiple zypper names in process table, zypper and Zypp-main
to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
- containerd
-
- unversion to golang requires to always use the current default go. (bsc#1210298)
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.19>
Includes fixes for:
- CVE-2023-25153 bsc#1208423
- CVE-2023-25173 bsc#1208426
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.12>
- Update to containerd v1.6.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
- cups
-
- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
"/Heap buffer overflow in cupsd"/
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
that fixes bsc#1191467, bsc#1198932:
"/lpr reports 'No such file or directory' for missing catalogue files"/
"//usr/bin/lpr: No such file or directory"/
- after-network_target-sssd_service.patch
is derived from https://github.com/apple/cups/issues/5550 with its
https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
to add "/After=network.target sssd.service"/ to the systemd unit
source files cupsd.service.in and cups.cups-lpdAT.service.in
to fix bsc#1201234, bsc#1200321:
"/Missing network dependency in systemd unit for cups-2.2.7"/
"/CUPS may not always start if sssd is in use"/
- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
which belongs to https://github.com/OpenPrinting/cups/issues/308
that fixes bsc#1191525, bsc#1203446:
"/Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"/
"//usr/bin/lpr: Error - The printer or class does not exist."/
- curl
-
- Security fixes:
* [bsc#1211231, CVE-2023-28320] siglongjmp race condition
- Add curl-CVE-2023-28320.patch
* [bsc#1211232, CVE-2023-28321] IDN wildcard matching
- Add curl-CVE-2023-28321.patch [bsc#1211339]
* [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
- Add curl-CVE-2023-28322.patch
- Security fixes:
* [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
* [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
* [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
Add curl-CVE-2023-27535.patch
* [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
Add curl-CVE-2023-27536.patch
* [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
* HTTP multi-header compression denial of service
* Add curl-CVE-2023-23916.patch
- Security Fix: [bsc#1206309, CVE-2022-43552]
* HTTP Proxy deny use-after-free
* Add curl-CVE-2022-43552.patch
- dhcp
-
- bsc#1203988, CVE-2022-2928, dhcp-CVE-2022-2928.patch:
An option refcount overflow exists in dhcpd
- bsc#1203989, CVE-2022-2929, dhcp-CVE-2022-2929.patch:
DHCP memory leak
- dmidecode
-
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
which would prevent root from using the --from-dump option since
the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
Clean up function dmi_table so that it does only one thing
(bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
- -dump-bin is used, write the whole dump file at once, instead of
opening and closing the file separately for the table and then
for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
Make sure that the file passed to option --dump-bin does not
already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
check on the type of the mem device file we are asked to read
from, if we are root (bsc#1210418).
3 recommended fixes from upstream:
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
the SMBIOS entry point is long enough to include all the fields
we need.
- dmidecode-fix-the-alignment-of-type-25-name.patch: Drop a stray
tabulation before the name of DMI record type 25.
- dmidecode-print-type-33-name-unconditionally.patch: Display the
name of DMI record type 33 even if we can't decode it.
- docker
-
- update to 20.10.23-ce.
* see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
bsc#1205375 CVE-2022-36109
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
preparation for removing the feature). This feature was never meant to be
used by users directly (and is only available in the -kubic/CaaSP version of
the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
- Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
issue with dockerd. bsc#1200022
+ 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- dracut
-
- Update to version 049.1+suse.253.g1008bf13:
* fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
- Update to version 049.1+suse.251.g0b8dad5:
* fix(dracut.sh): omission is an addition to other omissions in conf files (bsc#1208929)
* fix(nfs): chown using rpc default group (bsc#1204929)
- Update to version 049.1+suse.247.gfb7df05c:
* fix(systemd): add missing modprobe@.service (bsc#1203749)
* fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
* fix(drm): consider also drm_dev_register when looking for gpu driver (bsc#1195618)
* fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- elfutils
-
- 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch:
make debuginfo extraction from go1.19 built binaries work again.
(bsc#1203599)
- expat
-
* (CVE-2022-43680, bsc#1204708) use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations
- Added patch expat-CVE-2022-43680.patch
- Security fix:
- firewalld
-
- Fix firewall-offline-cmd fails with ERROR: Calling pre func
Added following patch (bsc#1206928)
[+ 0003-firewall-offline-cmd-fail-fix.patch]
- glib2
-
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
Backported from upstream to fix regression on s390x.
(bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
from upstream to fix normal form handling in GVariant.
(CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
glgo#GNOME/glib!3125)
- glibc
-
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
(bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
(CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
(bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
with recent GCC
- gnutls
-
- Security Fix: [bsc#1208143, CVE-2023-0361]
* Bleichenbacher oracle in TLS RSA key exchange
* Add gnutls-CVE-2023-0361.patch
- Validate input when calling fmemopen() [bsc#1204511]
* Add gnutls-check-system_priority_buf-input.patch
- grub2
-
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
(bsc#1209234)
* 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
(bsc#1187810) (bsc#1209667) (bsc#1209372)
* 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
btrfs filesystem. (bsc#1209165)
* grub2-btrfs-05-grub2-mkconfig.patch
- Make grub more robust against storage race condition causing system boot
failures (bsc#1189036)
* 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
* grub2-secureboot-provide-linuxefi-config.patch
* grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
* grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
* grub2-btrfs-05-grub2-mkconfig.patch
* grub2-efi-xen-cmdline.patch
* grub2-s390x-05-grub2-mkconfig.patch
* grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
(bsc#1205554) (PED-2947)
- Security fixes and hardenings
* 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch
* 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
- Fix CVE-2022-2601 (bsc#1205178)
* 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch
* 0004-font-Remove-grub_font_dup_glyph.patch
* 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch
* 0006-font-Fix-integer-overflow-in-BMP-index.patch
* 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch
* 0008-fbutil-Fix-integer-overflow.patch
- Fix CVE-2022-3775 (bsc#1205182)
* 0009-font-Fix-an-integer-underflow-in-blit_comb.patch
* 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch
* 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
* 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch
- Bump upstream SBAT generation to 3
- hwdata
-
- update to 0.368:
* Update pci, usb and vendor ids
- update to 0.367:
* Update pci, usb and vendor ids
- update to 0.366:
* Update pci, usb and vendor ids
- update to 0.365:
+ Updated pci, usb and vendor ids.
- update to 0.364:
+ Updated pci, usb and vendor ids.
- update to 0.363:
+ Updated pci, usb and vendor ids.
- update to 0.362:
+ Updated pci, usb and vendor ids.
- update to 0.361:
+ Updated pci, usb and vendor ids.
- iputils
-
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- irqbalance
-
- Last changes log was wrong, this part has been added to SP4
changes but were missing in SP2/SP3 and are added now (bsc#1208717):
Fix segfault from previous update (bsc#1206668)
A Fix-uninitialized-variable.patch
- Fix segfault from previous update (bsc#1206668)
- Fix version - Maintainer forgot to increase version to 1.4.0
A fix_version_1_4_0
- Add mainline fixes (bnc#1204961):
The first 2 patches are cleanup patches which should not have any
functional change, but make life easier to backport the real fix.
All patches are mainline:
A Update-classify.c.patch
A irqbalance-properly-check-if-irq-is-banned.patch
A remove-unused-path-in-check_for_irq_ban.patch
- issue-generator
-
- Update to version 1.13
- SELinux: Do not call agetty --reload [bsc#1186178]
- Update to version 1.12
- Update manual page
- Use python3 instead of python 2.x
- Update to version 1.11
- Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
- Ignore /run/issue.d in issue-generator.path, else issue-generator will
be called too fast too often [bsc#1177865]
- Ignore *.bak, *~ and *.rpm* files [bsc#1118862]
- Handle the .path unit in scriptlets as well
- Update to version 1.10
- Display wlan interfaces [bsc#1169070]
- Update to version 1.9
- Fix path for systemd files
- Update to version 1.8
- Handle network interface renames
- kernel-default
-
- xfs: verify buffer contents when we skip log replay (bsc#1210498
CVE-2023-2124).
- commit 8eed3d3
- io_uring: prevent race on registering fixed files (1210414
CVE-2023-1872).
- commit e53cfa3
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
(bsc#1206992 CVE-2022-2196).
- commit f66a218
- keys: Fix linking a duplicate key to a keyring's assoc_array
(bsc#1207088).
- commit 527a5be
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
(bsc#1209871 CVE-2023-1670).
- commit cfec974
- Drivers: vmbus: Check for channel allocation before looking
up relids (git-fixes).
- commit de13f74
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
ipaddress (bsc#1210647 CVE-2023-2162).
- commit d0a859e
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit 5886145
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (bsc#1210629 CVE-2023-2176)
- commit 8b6288f
- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1210629 CVE-2023-2176)
- commit c706a03
- RDMA/cma: Make the locking for automatic state transition more clear (bsc#1210629 CVE-2023-2176)
- commit 7a43827
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit f513a6e
- x86/speculation: Allow enabling STIBP with legacy IBRS
(bsc#1210506 CVE-2023-1998).
- commit d03ef09
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 5d87bbe
- power: supply: da9150: Fix use after free bug in
da9150_charger_remove due to race condition (CVE-2023-30772
bsc#1210329).
- commit 61aa622
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- udmabuf: add back sanity check (git-fixes bsc#1210453
CVE-2023-2008).
- commit b2b9158
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
due to race condition (CVE-2023-1855 bsc#1210202).
- commit 4401c6f
- netlink: limit recursion depth in policy validation
(CVE-2020-36691 bsc#1209613).
- Refresh
patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch.
- commit 374a1af
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
condition (git-fixes bsc#1210337 CVE-2023-1990).
- commit 775e632
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
due to unfinished work (CVE-2023-1989 bsc#1210336).
- commit e27c00d
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-R.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
(bsc#1205128 CVE-2022-43945 bsc#1210124).
Fix performance problem with these patches - bsc@1210124
- commit 4dbd22d
- btrfs: fix race between quota disable and quota assign ioctls
(CVE-2023-1611 bsc#1209687).
- commit 3fdcd22
- Fix double fget() in vhost_net_set_backend() (bsc#1210203
CVE-2023-1838).
- commit 7e671a8
- Define kernel-vanilla as source variant
The vanilla_only macro is overloaded. It is used for determining if
there should be two kernel sources built as well as for the purpose of
determmioning if vanilla kernel should be used for kernel-obs-build.
While the former can be determined at build time the latter needs to be
baked into the spec file template. Separate the two while also making
the latter more generic.
$build_dtbs is enabled on every single rt and azure branch since 15.3
when the setting was introduced, gate on the new $obs_build_variant
setting as well.
- commit 36ba909
- series.conf: cleanup
- update upstream references and resort:
- patches.suse/wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
- commit 9bae747
- net/ulp: use consistent error code when blocking ULP
(CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
status (CVE-2023-0461 bsc#1208787).
- commit 028f0fd
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
CVE-2023-28772).
- commit 5c5e4d3
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
occasionally"/ (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct
hv_pci_dev (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
cause panic (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
(bsc#1209785).
- commit 6b9e385
- kvm: initialize all of the kvm_debugregs structure before
sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit bd9c11d
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
CVE-2023-28464).
- commit 677d920
- net: tls: fix possible race condition between
do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
(bsc#1209366 CVE-2023-28466).
- commit 5f7c4a6
- Move ENA upstream fix to sorted section.
- commit aff6c71
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 50ba48b
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
CVE-2023-1390).
- commit b2c1533
- tun: avoid double free in tun_free_netdev (bsc#1209635
CVE-2022-4744).
- commit c5cf205
- net/sched: tcindex: update imperfect hash filters respecting
rcu (CVE-2023-1281 bsc#1209634).
- commit 97b3f9d
- fs/proc: task_mmu.c: don't read mapcount for migration entry
(CVE-2023-1582, bsc#1209636).
- commit 35d5c42
- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
(bsc#1209290 CVE-2023-28327).
- commit 000517c
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
CVE-2017-5753).
- commit cec3f24
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit 6a58da4
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit 06eaf34
- Refresh
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 890554b
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
(bsc#1209291 CVE-2023-28328).
- commit af7b7eb
- rpm/group-source-files.pl: Fix output difference when / is in location
While previous attempt to fix group-source-files.pl in 6d651362c38
"/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
breaks the infinite loop, it does not properly address the issue. Having
prefixed and/or postfixed forward slash still result in different
output.
This commit changes the script to use the Perl core module File::Spec
for proper path manipulation to give consistent output.
- commit 4161bf9
- Require suse-kernel-rpm-scriptlets at all times.
The kernel packages call scriptlets for each stage, add the dependency
to make it clear to libzypp that the scriptlets are required.
There is no special dependency for posttrans, these scriptlets run when
transactions are resolved. The plain dependency has to be used to
support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- prlimit: do_prlimit needs to have a speculation check
(bsc#1209256 CVE-2017-5753).
- commit a2ac7fb
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- rds: rds_rm_zerocopy_callback() correct order for
list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
(CVE-2023-1078 bsc#1208601).
- commit ec0c93c
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
bsc#1208598).
- commit d651270
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
(CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
(CVE-2023-1095 bsc#1208777).
- commit b65b67b
- cifs: fix use-after-free caused by invalid pointer `hostname`
(bsc#1208971).
- commit d1a37f1
- HID: bigben: use spinlock to safely schedule workers
(CVE-2023-25012 bsc#1207560).
- HID: bigben_worker() remove unneeded check on report_field
(CVE-2023-25012 bsc#1207560).
- HID: bigben: use spinlock to protect concurrent accesses
(CVE-2023-25012 bsc#1207560).
- commit 3c79258
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
CVE-2023-23004).
- commit a8f9557
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
When the source file location provided with -L is either prefixed or
postfixed with forward slash, the script get stuck in a infinite loop
inside calc_dirs() where $path is an empty string.
user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
...
path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
path = /usr/src/linux-5.14.21-150500.41/Documentation
path = /usr/src/linux-5.14.21-150500.41
path = /usr/src
path = /usr
path =
path =
path =
... # Stuck in an infinite loop
This workarounds the issue by breaking out the loop once path is an
empty string. For a proper fix we'd want something that
filesystem-aware, but this workaround should be enough for the rare
occation that this script is ran manually.
Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
(CVE-2023-1118 bsc#1208837).
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
function (CVE-2023-23000 bsc#1208816).
- commit 52c897a
- scsi: qla2xxx: Add option to disable FC2 Target support
(bsc#1198438 bsc#1206103).
- Delete
patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 5959f82
- drm/virtio: Fix NULL vs IS_ERR checking in
virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit 2fd8a08
- net/mlx5: DR, Fix NULL vs IS_ERR checking in
dr_domain_init_resources (bsc#1208845 CVE-2023-23006).
- commit 14082ec
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- commit b092aa9
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
which sets the variable for a simple command.
However, the script is no longer a simple command. Export the variable
instead.
- commit 152a069
- README.BRANCH: Update
Relieve Ivan Ivanov of his duties as branch maintainer as I am back.
- commit 1da55f1
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core (bsc#1208741 CVE-2023-22995).
- commit 7a31d48
- net: mpls: fix stale pointer if allocation fails during device
rename (bsc#1208700 CVE-2023-26545).
- commit 18d9ec7
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- commit 7a62f13
- x86/mm: Randomize per-cpu entry area (bsc#1207845
CVE-2023-0597).
- commit 3a695c7
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit f589074
- usb: rndis_host: Secure rndis_query check against int overflow
(CVE-2023-23559 bsc#1207051).
- commit d9a137b
- net: mana: Assign interrupts to CPUs based on NUMA nodes
(bsc#1208153).
- Refresh
patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 342fb4d
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit 4d24191
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1f21d95
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
bsc#1204356, bsc#1204662).
- commit 77af0b0
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit f246cad
- Refresh
patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd.patch (bsc#1206351).
The former kABI fix only move the newly added member to scsi_host_template to
the end of the struct. But that is usually allocated statically, even by 3rd
party modules relying on kABI. Before we use the member we need to signalize
that it is to be expected. As we only expect it to be allocated by in-tree
modules that we can control, we can use a space in the bitfield to signalize
that.
- commit 0e772e8
- net: mana: Fix IRQ name - add PCI and queue number
(bsc#1207875).
- commit f2c8c19
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
CVE-2023-0045).
- commit baf6bec
- net: ena: optimize data access in fast-path code (bsc#1208137).
- commit 09cfdc0
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
bsc#1207795).
- commit c6f042b
- Update
patches.suse/net-mlx5-Allocate-individual-capability.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities.patch
(bsc#1195175).
- Update
patches.suse/net-mlx5-Use-order-0-allocations-for-EQs.patch
(bsc#1195175).
Fixed bugzilla reference.
- commit e56868b
- watchdog: diag288_wdt: do not use stack buffers for hardware
data (bsc#1207497).
- commit f31eb64
- watchdog: diag288_wdt: fix __diag288() inline assembly
(bsc#1207497).
- commit 2f246cf
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 64f6682
- libbpf: Fix null-pointer dereference in find_prog_by_sec_insn()
(bsc#1204502 CVE-2022-3606).
- commit eef9e8d
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- Delete config/armv7hl/default.
- Delete config/armv7hl/lpae.
- commit 022c807
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
(bsc#1207769).
- commit be9727c
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
(git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
(git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
(git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
(git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
(git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
(git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
(git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
(git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: Revert "/scsi: qla2xxx: Fix disk failure to rediscover"/
(git-fixes).
- commit 25cb1e4
- dm thin: Use last transaction's pmd->root when commit failed
(git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
(git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
enabled (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
devices (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
(git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
(git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
(git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
(git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
(git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
(git-fixes).
- dm btree: add a defensive bounds check to insert_at()
(git-fixes).
- commit 223b9c6
- nbd: Fix incorrect error handle when first_minor is illegal
in nbd_dev_add (git-fixes).
- Refresh for the above change,
patches.suse/0019-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 9c00c1c
- nbd: fix max value for 'first_minor' (git-fixes).
- Refresh for the above change,
patches.suse/0012-nbd-fix-possible-overflow-for-first_minor-in-nbd_dev.patch.
- commit dd126a5
- dm space maps: don't reset space map allocation cursor when
committing (git-fixes).
- dm verity: fix require_signatures module_param permissions
(git-fixes).
- dm integrity: fix flush with external metadata device
(git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- nbd: make the config put is called before the notifying the
waiter (git-fixes).
- nbd: restore default timeout when setting it to zero
(git-fixes).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- commit 50ca764
- rbd: work around -Wuninitialized warning (git-fixes).
- Refresh for the above change,
patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
- commit e923159
- blacklist.conf: add git-fixes commits which won't be backported
- commit 4601d33
- blacklist.conf: removing SCSI git-fix mistakenly added
This fix was labelled as already present in our
code base, but it was not.
- commit bcd8cfe
- scsi: pmcraid: Fix missing resource cleanup in error case
(git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
(git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
(git-fixes).
- scsi: megaraid: Fix error check return value of
register_chrdev() (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
(git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
(git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
(git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
(git-fixes).
- scsi: libiscsi: Fix UAF in
iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
(git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs
(git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
(git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
"/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
(git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
(git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and
running device (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device
(git-fixes).
- scsi: sr: Return correct event when media event code is 3
(git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
- ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
(git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
list_for_each_entry() (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush
(git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback
(git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
shift of u8 (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
(git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling
IRQs (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through
RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure
(git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw()
(git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
(git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated
irq (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS
processing (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
(git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during
reset (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
(git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
(git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens
(git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being
disabled (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation
commands (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
(git-fixes).
- commit cf6a959
- scsi: ufs: Make sure clk scaling happens only when HBA is
runtime ACTIVE (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by
ufshcd_hold() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ
(git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
(git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered
(git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
(git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
(git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
ufs_qcom_testbus_config() (git-fixes).
- commit 0335e79
- sctp: fail if no bound addresses can be used for a given scope
(bsc#1206677).
- commit dcee4fd
- scsi: ufs: Clean up completed request without interrupt
notification (git-fixes).
- Refresh
patches.suse/scsi-ufs-Properly-release-resources-if-a-task-is-aborted-successfully.
- commit 0e26434
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- Refresh
patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- commit 8d5e108
- scsi: ufs: Improve interrupt handling for shared interrupts
(git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts
(git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
(git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
(git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
(git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
(git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
(git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
(git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
(git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe()
(git-fixes).
- scsi: core: free sgtables in case command setup fails
(git-fixes).
- scsi: pm: Balance pm_only counter of request queue during
system resume (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
been removed (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
connections (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read
(git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
(git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
(git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
(git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
(git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
the probe fails (git-fixes).
- commit e77b62a
- scsi: hisi_sas: Replace in_softirq() check in
hisi_sas_task_exec() (git-fixes).
- Refresh patches.suse/scsi-hisi_sas-Remove-preemptible.
- commit ce7bed3
- blacklist.conf: add git-fixes to be skipped
- commit cb4a471
- netfilter: nft_payload: incorrect arithmetics when fetching
VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 9fe77eb
- HID: check empty report_list in hid_validate_values()
(git-fixes, bsc#1206784).
- commit 028641d
- HID: check empty report_list in bigben_probe() (git-fixes,
bsc#1206784).
- commit c479b33
- HID: betop: check shape of output reports (git-fixes,
bsc#1207186).
- commit f6860d6
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
UAF (CVE-2023-0266 bsc#1207134).
- commit 9014493
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 580597a
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
CVE-2022-47929).
- commit e015217
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit b165b65
- ceph: avoid putting the realm twice when decoding snaps fails
(bsc#1207198).
- ceph: do not update snapshot context when there is no new
snapshot (bsc#1207218).
- commit 2f13b5a
- ipv6: raw: Deduct extension header length in
rawv6_push_pending_frames (bsc#1207168).
- commit ad4a091
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- Update
patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207036 CVE-2023-23454).
- commit 88c4e72
- Update
patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
(bsc#1207125 CVE-2023-23455).
- commit e595908
- SLE15-SP3 went to LTSS, hand over to L3
- commit c5e6bf0
- mm/memcg: optimize memory.numa_stat like memory.stat
(bsc#1206663).
- commit d7619da
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
(git-fixes).
- commit ebdddc5
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
(bsc#1065729).
- commit da7ea39
- net: sched: atm: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 49dc51c
- net: sched: cbq: dont intepret cls results when asked to drop
(bsc#1207036).
- commit 0726009
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 8b8572d
- Refresh
patches.suse/btrfs-avoid-unnecessary-lock-and-leaf-splits-when-up.patch.
For bsc#1206904, see:
https://bugzilla.suse.com/show_bug.cgi?id=1206904#c6
- commit dfcd116
- README.BRANCH: Added myself as co-maintainer
And drop Oscars name.
- commit 0607a55
- ipv4: Handle attempt to delete multipath route when fib_info
contains an nh reference (bsc#1204171 CVE-2022-3435).
- commit d2a1bb2
- net: ipv4: fix route with nexthop object delete warning
(bsc#1204171 CVE-2022-3435).
- commit 51fb670
- module: avoid *goto*s in module_sig_check() (git-fixes).
- commit 95dc2c1
- module: merge repetitive strings in module_sig_check()
(git-fixes).
- commit e890371
- module: set MODULE_STATE_GOING state when a module fails to load
(git-fixes).
- commit bbf8a43
- modules: lockdep: Suppress suspicious RCU usage warning
(git-fixes).
- commit a75abac
- module: Remove accidental change of module_enable_x()
(git-fixes).
- commit c1799c7
- tracing: Verify if trace array exists before destroying it
(git-fixes).
- commit 484ce03
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
(bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
(bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
(bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
(bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
(bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
a valid PE number (bsc#1065729).
- commit f1282a1
- blacklist.conf: Add reverted commit
- commit 1048706
- powerpc: Ensure that swiotlb buffer is allocated from low memory
(bsc#1156395).
- commit 6657d5f
- powerpc/powernv: Avoid re-registration of imc debugfs directory
(bsc#1156395).
- powerpc/book3s/mm: Update Oops message to print the correct
translation in use (bsc#1156395).
- commit 1967b85
- powerpc/pseries/cmm: Implement release() function for sysfs
device (bsc#1065729).
- commit eef87f7
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
This makes in-tree KMPs more consistent with externally built KMPs and
silences several rpmlint warnings.
- commit 02b7735
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
(bsc#1204989,bsc#1205601).
- commit b1fad8e
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
check failure.
As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
in the exception list, replace them with a general pattern. And add OBJTOOL
as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
git-fixes).
- powerpc/xive: Add a check for memory allocation failure
(fate#322438 git-fixes).
- commit 2423c59
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- commit 5dff1e5
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- commit 822d824
- blacklist.conf: ("/arm64: lse: Fix LSE atomics with LLVM"/)
- commit 22e012e
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- commit 82f0058
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- commit 2d24fe0
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- commit 5f7b503
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- commit 3c56f93
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- commit 10890a5
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit a642f3b
- blacklist.conf: ("/arm64: lse: fix LSE atomics with LLVM's integrated assembler"/)
- commit 76593cf
- blacklist.conf: ("/arm64: dts: allwinner: a64: olinuxino: Fix eMMC supply regulator"/)
- commit 1caef50
- Refresh
patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
Update commit log to prevent patch and quilt from thinking it should apply the
example hunks and fail.
- commit 78fab3f
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 75c0f21
- NFSv4.x: Fail client initialisation if state manager thread
can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
(git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
(git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
(git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
(git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
fails (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
display (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
(git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
(git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
(git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
(git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
(git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
(git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
(git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
(git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
(git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
(git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4
(git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
(git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
pnfs_layout_process() (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when
freeing the inode (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0
source (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation
(git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
delegation recall (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- NFS: nfs_xdr_status should record the procedure name
(git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
(git-fixes).
- sunrpc: check that domain table is empty at module unload
(git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- SUNRPC: Don't start a timer on an already queued rpc task
(git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
(git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
fails (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4: Fix races between open and dentry revalidation
(git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash()
(git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- commit 5b3ba89
- memcg, kmem: further deprecate kmem.limit_in_bytes
(bsc#1206896).
- commit c8d19aa
- blacklist.conf: blacklist 6fcbcec9cfc7
- commit de669f1
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- commit b310aa7
- blacklist.conf: ("/arm64: dts: ls1028a: fix typo in TMU calibration data"/)
- commit 716a28c
- blacklist.conf: ("/arm64: Validate tagged addresses in access_ok() called from kernel"/)
- commit 9dd7e12
- blacklist.conf: ("/arm64: insn: consistently handle exit text"/)
- commit f816334
- blacklist.conf: blacklist 5c099c4fd
- commit 5b0fa49
- blacklist.conf: blacklist c3497fd009ef
- commit 359f3b8
- blacklist.conf: blacklist c915fb80eaa
- commit 02b35f9
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit b1bfe2a
- ext4: fix uninititialized value in 'ext4_evict_inode'
(bsc#1206893).
- commit ff976a4
- ext4: fix corruption when online resizing a 1K bigalloc fs
(bsc#1206891).
- commit 140cef5
- ext4: fix undefined behavior in bit shift for
ext4_check_flag_values (bsc#1206890).
- commit 0696f69
- ext4: silence the warning when evicting inode with
dioread_nolock (bsc#1206889).
- commit 8d66379
- ext4: fix use-after-free in ext4_ext_shift_extents
(bsc#1206888).
- commit 027bd53
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 5134642
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1206886).
- commit 7d14bba
- Update tags in
patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b651ac6
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit f8a1109
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 100f2b7
- ext4: avoid crash when inline data creation follows DIO write
(bsc#1206883).
- commit 05e8ed4
- ext4: continue to expand file system when the target size
doesn't reach (bsc#1206882).
- commit 1b01bae
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1206881).
- commit f1f3d4f
- blacklist.conf: blacklist 613c5a85898d
- commit 48dfb5e
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit f96243f
- blacklist.conf: blacklist b24e77ef1c6d
- commit 7ecc9d3
- ext4: correct the misjudgment in ext4_iget_extra_inode
(bsc#1206878).
- commit b931654
- ext4: correct max_inline_xattr_value_size computing
(bsc#1206878).
- commit fde0a78
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit a4c76a4
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
(bsc#1206878).
- commit ecac58a
- ext4: fix extent status tree race in writeback error recovery
path (bsc#1206877).
- commit 35c3734
- ext4: update s_overhead_clusters in the superblock during an
on-line resize (bsc#1206876).
- commit 4ca9666
- ext4: correct the error path of ext4_write_inline_data_end()
(bsc#1206875).
- commit 9ad9468
- blacklist.conf: blacklist 5dccdc5a1916
- commit 8417a93
- blacklist.conf: blacklist efc61345274d
- commit 8078536
- blacklist.conf: blacklist 5a3b590d4b2d
- commit 5590cb0
- ext4: Detect already used quota file early (bsc#1206873).
- commit 0136eeb
- blacklist.conf: Blacklist 0f5bde1db174
- commit 66ece1b
- blacklist.conf: blacklist f25391ebb475
- commit b3ab927
- ext4: avoid race conditions when remounting with options that
change dax (bsc#1206860).
Refresh patches.suse/ext4-dont-warn-when-enabling-DAX.patch
- commit 89b7d84
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit ce185e4
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- commit c933ca2
- blacklist.conf: blacklist a17a9d935dc4
- commit 267ec30
- ext4: use matching invalidatepage in ext4_writepage
(bsc#1206858).
- commit 9adbb3f
- ext4: mark block bitmap corrupted when found instead of BUGON
(bsc#1206857).
- commit 0b7c7d5
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 6032d35
- ext4: choose hardlimit when softlimit is larger than hardlimit
in ext4_statfs_project() (bsc#1206854).
- commit 1fdf2d9
- blacklist.conf: blacklist 4068664e3cd2
- commit 3a30037
- blacklist.conf: Add active memory.high throttling fixups
- d397a45fc741 mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- e26733e0d0ec mm, memcg: throttle allocators based on ancestral memory.high
- 9b8b17541f13 mm, memcg: do not high throttle allocators based on wraparound
- commit 0508c0b
- sched/psi: Fix sampling error and rare div0 crashes with
cgroups and high uptime (bsc#1206841).
- commit d518fcd
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
members and padding (jsc#PED-1445).
- commit 76decfc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
(jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
(jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
(jsc#PED-568).
- commit b04c714
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 47ec098
- powerpc/pseries/eeh: use correct API for error log size
(bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
(bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
(bsc#1065729).
- commit 3405c6d
- powerpc/pseries: unregister VPA when hot unplugging a CPU
(bsc#1205695 ltc#200603).
- commit 3d8dab2
- Fix kABI breakage in usb.h: struct usb_device:
hide new member (bsc#1206664 CVE-2022-4662).
- commit a53ec27
- USB: core: Prevent nested device-reset calls (bsc#1206664
CVE-2022-4662).
- commit 2d03a85
- drm: mali-dp: potential dereference of null pointer
(CVE-2022-3115 bsc#1206393).
- commit 9246c67
- wifi: wilc1000: validate pairwise and authentication suite
offsets (CVE-2022-47520 bsc#1206515).
- commit 10a48d9
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit cecc04a
- media: meson: vdec: potential dereference of null pointer
(CVE-2022-3112 bsc#1206399).
- commit 32c7d25
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit 5495793
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit a5136f0
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit 81eb278
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 2ff0ceb
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- commit 6d30f6e
- udf: Fix NULL pointer dereference in udf_symlink function
(bsc#1206646).
- commit aa42b50
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit a3bf788
- udf: fix the problem that the disc content is not displayed
(bsc#1206644).
- commit baed6fa
- udf: Limit sparing table size (bsc#1206643).
- commit 10a39e1
- udf: Avoid accessing uninitialized data on failed inode read
(bsc#1206642).
- commit 8c98e30
- udf: Fix free space reporting for metadata and virtual
partitions (bsc#1206641).
- commit 0743d18
- quota: Check next/prev free block number after reading from
quota file (bsc#1206640).
- commit f8fb63e
- blacklist.conf: Blacklist dd5532a4994b
- commit 836bdfa
- blacklist.conf: Blacklist dfc2d2594e4a
- commit dd5297d
- blacklist.conf: Blacklist f4c2d372b89a
- commit fc7d11b
- ext4: iomap that extends beyond EOF should be marked dirty
(bsc#1206637).
- commit e1b2dad
- blacklist.conf: Blacklist 02f03c4206c1
- commit bb8f69f
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- commit 9374be1
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 5e80ff2
- lib/notifier-error-inject: fix error when writing -errno to
debugfs file (bsc#1206634).
- commit dea9978
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
(bsc#1206634).
- commit 2504e98
- blacklist.conf: Blacklist 9066e151c379
- commit 966d217
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 008171d
- struct usbnet: move new members to end (git-fixes).
- commit f647bb2
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6bb9cb6
- blacklist.conf: ("/arm64: dts: armada-3720-turris-mox: add firmware node"/)
- commit 77ea716
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- commit 954a96f
- blacklist.conf: ("/crypto: arm64/aes-neonbs - add return value of skcipher_walk_done()"/)
- commit 8dcdb26
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- commit c3c7089
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- commit ae4388c
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 47e48bc
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 3b1fc33
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 1dc7c8f
- commit 71ea896
- Update
patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 66cd628
- Update
patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
(CVE-2022-3108 bsc#1206389 git-fixes).
- commit 7c181a5
- RDMA/uverbs: Check for null return of kmalloc_array
(CVE-2022-3105 bsc#1206398 git-fixes).
- commit 73b6bff
- Update
patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
(jsc#SLE-16683 CVE-2022-3106 bsc#1206397).
- commit 3e8cb15
- Update
patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
(CVE-2022-3107 bsc#1206395 git-fixes).
- commit d5698e3
- Update
patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
(CVE-2022-3111 bsc#1206394 git-fixes).
- commit 2ff0fd7
- blacklist.conf: cosmetic, does not fix a bug
- commit c7bc28a
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
(git-fixes).
- commit 4972874
- tracing: Free buffers when a used dynamic event is removed
(git-fixes).
- commit 3703499
- tracing/dynevent: Delete all matched events (git-fixes).
- commit dcf29de
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
(git-fixes).
- commit 6ce4166
- blacklist.conf: Risky, requires reworking of mempolicies
- commit e11ba4b
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit 8dbcec6
- mm, page_alloc: avoid expensive reclaim when compaction may
not succeed (bsc#1204250).
- commit f800975
- afs: Fix some tracing details (git-fixes).
- commit 161393a
- blacklist.conf: cosmetic fix
- commit 39c4f5a
- usb: host: xhci-hub: fix extra endianness conversion
(git-fixes).
- commit 3574ccc
- memcg: Fix possible use-after-free in
memcg_write_event_control() (bsc#1206344).
- commit d0798c9
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- commit 2e9f75b
- net: mana: Fix race on per-CQ variable napi work_done
(git-fixes).
- commit 935369b
- Update patches.suse/drm-amd-display-memory-leak.patch
(CVE-2019-19083 bsc#1157049 bnc#1151927 5.3.8).
Update the metadata of this patch and in particular its commit ID.
This fix was committed twice upstream, and we used one commit ID in
all branches except SLE15-SP3 where we use the other one. Align this
branch with what was done in all other branches. Benefits:
* No need to blacklist the other commit ID as it was never mentioned
in stable trees.
* Minimize the differences between branches to lower the risk of merge
conflicts.
I verified that the resulting source tree is exactly the same before
and after this change.
- commit 27c76af
- Rename 0001-drm-amd-display-memory-leak.patch
Use the same name as in all other branches for consistency.
- commit 9d96a87
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit 6426714
- proc: proc_skip_spaces() shouldn't think it is working on C
strings (CVE-2022-4378 bsc#1206207).
- proc: avoid integer type confusion in get_proc_long
(CVE-2022-4378 bsc#1206207).
- commit 1e50bbf
- ext4: Fixup pages without buffers (bsc#1205495).
- commit ad24b58
- kbuild: Unify options for BTF generation for vmlinux and modules
(bsc#1204693).
- Refresh
patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch.
- commit 5bc49fe
- fuse: lock inode unconditionally in fuse_fallocate()
(bsc#1206179).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- cuse: prevent clone (bsc#1206177).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: update attr_version counter on fuse_notify_inval_inode()
(bsc#1206175).
- fuse: don't check refcount after stealing page (bsc#1206174).
- commit 8cb708c
- Refresh
patches.kabi/kABI-remove-new-member-of-usbip_device.patch.
- commit bf09767
- Refresh
patches.suse/x86-speculation-Disable-RRSBA-behavior.patch.
Fix up after merge from cve/5.3. The patch can be closer to upstream in
15sp3 as we have more than in the cve branch.
- commit 344ce75
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
resume from S3 (bsc#1206037).
- commit df768bd
- xen/netback: don't call kfree_skb() with interrupts disabled
(bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 18b6c2b
- xen/netback: Ensure protocol headers don't fall in the
non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit ef1bd8e
- blacklist.conf: 2e5383d7904e cgroup1: don't call release_agent when it
is "/"/
- commit dce5fa8
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit ff0c181
- docs/kernel-parameters: Update descriptions for "/mitigations="/
param with retbleed (bsc#1199657 CVE-2022-29900 CVE-2022-29901
bsc#1203271 bsc#1206032).
- commit 012ee9f
- Update
patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 bsc#1203271
bsc#1206032).
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
Fix mitigations=off to imply retbleed=off (bsc#1206032).
- commit f959a8e
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 2043e6b
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: lockdep annotations for try_nonblocking_invalidate
(bsc#1205988).
- ceph: request Fw caps before updating the mtime in
ceph_write_iter (bsc#1205987).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
(bsc#1205986).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- commit 3a3eff6
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 1cb9473
- io_uring/af_unix: defer registered files gc to io_uring release
(bsc#1204228 CVE-2022-2602).
- commit fee5862
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
(git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
(git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
(git-fixes).
- commit fdf27d9
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- commit 482b418
- block: Do not reread partition table on exclusively open device
(bsc#1190969).
- commit 1d888c0
- atm: idt77252: fix use-after-free bugs caused by tst_timer
(CVE-2022-3635 bsc#1204631).
- commit 81a86f3
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit f11d21c
- Move upstreamed i915 patch into sorted section
- commit 4f7c541
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
resumed (git-fixes).
- wifi: mac8021: fix possible oob access in
ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
(git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
(git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
free_sja1000dev() (git-fixes).
- commit c233552
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
(git-fixes).
- commit a2d69de
- xen/privcmd: Corrected error handling path (git-fixes).
- commit 9273ea4
- blacklist.conf: add 5c13a4a0291b3019
- commit f414b37
- xen/gntdev: Prevent leaking grants (git-fixes).
- commit d068003
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
(git-fixes).
- commit 310f73b
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- commit e66563b
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
(git-fixes).
- commit 2026fbd
- blacklist.conf: add e8240addd0a39
- commit c8fea7d
- blacklist.conf: add 0f4558ae91870
- commit 1f46313
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- commit b1da831
- xen/pcpu: fix possible memory leak in register_pcpu()
(git-fixes).
- commit 7bcfa5e
- xen/balloon: fix cancelled balloon action (git-fixes).
- commit df9a18a
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
Fix metadata
- commit b7e4dba
- xen/balloon: fix balloon kthread freezing (git-fixes).
- commit 5c64258
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
git-fixes).
- commit 390f969
- Xen/gntdev: don't ignore kernel unmapping error (git-fixes).
- commit d1d28ba
- xen-netback: correct success/error reporting for the
SKB-with-fraglist case (git-fixes).
- commit 26320ba
- xen/balloon: use a kernel thread instead a workqueue
(git-fixes).
- commit cb178a9
- arm/xen: Don't probe xenbus as part of an early initcall
(git-fixes).
- commit 6b23717
- x86/xen: Add xen_no_vector_callback option to test PCI INTX
delivery (git-fixes).
- commit c3e71c4
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- Refresh
patches.suse/xen-xenbus-don-t-let-xenbus_grant_ring-remove-grants.patch.
- commit b773587
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- commit f009c3f
- x86/xen: don't unbind uninitialized lock_kicker_irq (git-fixes).
- commit dc41a1f
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 9eafa9a
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses
(git-fixes).
- commit a448c92
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper
grant status (git-fixes).
- commit eda3b54
- xenbus: req->err should be updated before req->state
(git-fixes).
- commit b68f2a5
- xenbus: req->body should be updated before req->state
(git-fixes).
- commit 43d862b
- x86/xen: Distribute switch variables for initialization
(git-fixes).
- commit 0f71692
- xen/balloon: fix ballooned page accounting without hotplug
enabled (git-fixes).
- commit e768449
- xen-blkback: prevent premature module unload (git-fixes).
- commit 55eaccd
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- commit 5b34629
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- commit 48c193f
- USB: serial: option: remove old LARA-R6 PID.
- commit 50cfc4c
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- commit 3cf3877
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- commit 6ac2249
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit 774f54f
- drm/i915: fix TLB invalidation for Gen12 video and compute
engines (CVE-2022-4139 bsc#1205700).
- commit 58aaa10
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
Taken from v10 patch in char-misc subsystem tree
- commit 09cd28d
- blacklist.conf: duplicate
- commit 468555e
- blacklist.conf: cosmetic fix
- commit a8e199d
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bc1c359
- rndis_host: increase sleep time in the query-response loop
(git-fixes).
- commit 1a77104
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
switch (git-fixes).
- commit 43cdbc4
- HID: roccat: Fix use-after-free in roccat_read() (bsc#1203960
CVE-2022-41850).
- commit 3bef7b9
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit e4d40ab
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 9a43bb4
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
than input clock (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
(git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- commit acc3c71
- iio: core: Fix entry not deleted when
iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
(git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
(git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
(git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
(git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
in regulator_register() (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
(git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal
(git-fixes).
- Input: iforce - invert valid length check when fetching device
IDs (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
(git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
(git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
(git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- misc/vmw_vmci: fix an infoleak in
vmci_host_do_receive_datagram() (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
at91_adc_allocate_trigger() (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
iio_sysfs_trig_init() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
pci_dev_put() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
CD# debounce timeout (git-fixes).
- mmc: core: properly select voltage range without power cycle
(git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
(git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
(git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- commit d87f9df
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
(git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
(git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
(git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
snd_usbmidi_output_open() (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
(git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
(git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
(git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
(git-fixes).
- drm/imx: imx-tve: Fix return type of
imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
"/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
(git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
(git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
(git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
(git-fixes).
- ASoC: wm8997: Revert "/ASoC: wm8997: Fix PM disable depth
imbalance in wm8997_probe"/ (git-fixes).
- ASoC: wm5110: Revert "/ASoC: wm5110: Fix PM disable depth
imbalance in wm5110_probe"/ (git-fixes).
- ASoC: wm5102: Revert "/ASoC: wm5102: Fix PM disable depth
imbalance in wm5102_probe"/ (git-fixes).
- commit 27fe82f
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 25c2f2d
- Refresh
patches.suse/nfsd4-fix-NULL-dereference-in-nfsd-clients-display-c.patch.
- Delete patches.suse/nfsd-show_open-NULL-deref.patch.
These patches are for the same git commit, so merging.
"/return SEQ_SKIP"/ is changed to "/return 0"/ to match
upstream. Difference is only important if some content
has already been generated. In that case SEQ_SKIP discards it
and 0 leaves it. Here we haven't generated any content.
bsc#1205753
- commit 4d06f59
- l2tp: Serialize access to sk_user_data with sk_callback_lock
(bsc#1205711 CVE-2022-4129).
- commit add2103
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- commit ced1fd6
- Drop incorrectly doubly applied patches for brcmfmac and vc4 (bsc#1205753)
- commit 5941245
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- commit 7b66fa8
- blacklist.conf: kvm_arch_no_poll() is called only once already
- commit 3bc62c2
- KVM: s390: pv: don't allow userspace to set the clock under PV
(git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
(git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- commit 76c25b0
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(CVE-2022-42895 bsc#1205705).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
SPSM (CVE-2022-42896 bsc#1205709).
- commit fc4b67c
- Update patch reference for Bluetooth fix (CVE-2022-42895 bsc#1205705)
- commit 0d77342
- blacklist.conf: Unnecessary build config fix.
- commit 68959f0
- scsi: zfcp: Fix double free of FSF request when qdio send fails
(git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- commit 55df511
- iwlwifi: dbg: disable ini debug in 9000 family and below
(git-fixes).
- commit 152ef40
- blacklist.conf: kABI
- commit 509fe6c
- blacklist.conf: kABI
- commit 8bad736
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
CVE-2022-41858).
- commit dd6f85a
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
(git-fixes).
- commit cac2314
- md: Replace snprintf with scnprintf (git-fixes).
- Replaced the in-house patch by the above upstream patch,
patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit 8c3cff2
- dm raid: fix address sanitizer warning in raid_resume
(git-fixes).
- dm raid: fix address sanitizer warning in raid_status
(git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended
(git-fixes).
- dm thin: fix use-after-free crash in
dm_sm_register_threshold_callback (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm raid: fix accesses beyond end of raid member array
(git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
(git-fixes).
- dm era: commit metadata in postsuspend after worker stops
(git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector
(git-fixes).
- dm integrity: set journal entry unused when shrinking device
(git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device
when shrinking (git-fixes).
- dm writecache: return the exact table values that were set
(git-fixes).
- commit e0e374e
- dm: fix request-based DM to not bounce through indirect
dm_submit_bio (git-fixes).
- Refresh for the above change,
patches.suse/blk-mq-clear-stale-request-in-tags-rq-before-freeing.patch.
- commit 259862c
- dm: remove special-casing of bio-based immutable singleton
target on NVMe (git-fixes).
- commit 31a00a1
- blacklist.conf: add non-backport git-fixes commit
- commit 42c7406
- nfsd: set the server_scope during service startup (bsc#1203746).
- commit 3d5973a
- NFSD: Cap rsize_bop result based on send buffer size
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
(bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
(bsc#1205128 CVE-2022-43945).
- commit e93318a
- blacklist.conf: Add 74e4b956eb1c cgroup: Honor caller's cgroup NS when resolving path
- commit 99fc524
- add another bug reference to some hyperv changes (bsc#1205617).
- commit b575115
- blacklist.conf: cleanup
- commit b0b46b5
- media: vim2m: initialize the media device earlier (git-fixes).
- commit c5af813
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 2431c97
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- commit 95d4e3d
- staging: greybus: light: fix a couple double frees (git-fixes).
- commit 58bdfb3
- blacklist.conf: duplicate
- commit 3dd1632
- tracing: Fix wild-memory-access in register_synth_event()
(git-fixes).
- commit 7dac608
- ftrace: Fix null pointer dereference in ftrace_add_mod()
(git-fixes).
- commit 4244693
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 464f48f
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit c7550d0
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 47e4dec
- ring-buffer: Include dropped pages in counting dirty patches
(git-fixes).
- commit 284d26b
- tracing/ring-buffer: Have polling block on watermark
(git-fixes).
- commit d2a2e4f
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit b801309
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- commit 3c8b93e
- powerpc/boot: Explicitly disable usage of SPE instructions
(bsc#1156395).
- commit 0bc0054
- blacklist.conf: Add fixes for unsupported platforms
- commit 27bff58
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 8075958
- staging: rtl8712: fix use after free bugs (CVE-2022-4095
bsc#1205514).
- commit d8c38e0
- ipv6: Fix data races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 12fec90
- ipv6: annotate some data-races around sk->sk_prot (bsc#1204414
CVE-2022-3567).
- commit 3b01230
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT
for L1 (git-fixes).
- commit d56f1ae
- KVM: nVMX: Validate the EPTP when emulating
INVEPT(EXTENT_CONTEXT) (git-fixes).
- commit 26dc9e3
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- commit 2f5ac01
- blacklist.conf: add 514ccc194971d0 ("/x86/kvm: fix a missing-prototypes
"/vmread_error"/"/)
- commit c73c5e6
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec
support (git-fixes).
- commit 038458a
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls
only when apicv is globally disabled (git-fixes).
- commit c95874c
- mISDN: fix misuse of put_device() in mISDN_register_device()
(git-fixes).
- commit fea2547
- x86/speculation: Disable RRSBA behavior (bsc#1201455
CVE-2022-28693).
- commit 1c08940
- net: thunderbolt: Fix error handling in tbnet_init()
(git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
(git-fixes).
- commit d89f3be
- Move upstreamed fbdev fix into sorted section
- commit c2656f7
- pinctrl: devicetree: fix null pointer dereferencing in
pinctrl_dt_to_map (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
(git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
(git-fixes).
- ata: libata-transport: fix double ata_host_put() in
ata_tport_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of
dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
(git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
case of errors (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
(git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
(git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
(git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
(git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
vc4_drm_register() (git-fixes).
- hamradio: fix issue of dev reference count leakage in
bpq_device_event() (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- capabilities: fix undefined behavior in bit shift for
CAP_TO_MASK (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
(git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
(git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by
l2cap_reassemble_sdu (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration
(git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device()
(git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
(git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing
the device (git-fixes).
- media: venus: dec: Handle the case where find_format fails
(git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation
(git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
(git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
(git-fixes).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
(git-fixes).
- commit 87c5230
- usbip: usbip_event: use global lock (git-fixes).
- commit dfdff40
- usbip: synchronize event handler with sysfs code paths
(git-fixes).
- commit 02e148d
- usbip: vudc_sysfs: use global lock (git-fixes).
- commit 0d41db9
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 436bc70
- usbip: stub_dev: remake locking for kABI (git-fixes).
- commit 9d2c460
- kABI: remove new member of usbip_device (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths
(git-fixes).
- commit a40ec71
- blacklist.conf: kABI
- commit 304049d
- blacklist.conf: kABI
- commit 18d7f9f
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit b0b38c0
- blacklist.conf: too intrusive
- commit c4ba71f
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit 84f9a38
- blacklist.conf: inapplicable
- commit f1ebd1d
- vmlinux.lds.h: Fix placement of '.data..decrypted' section
(git-fixes).
- commit 8070192
- x86/microcode/AMD: Apply the patch early on every logical thread
(bsc#1205264).
- commit 761173c
- kabi: fix transport_add_device change (git-fixes).
- commit 9ff4597
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
(bsc#1205428 LTC#200501).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
and __strnlen_user() (bsc#1205428 LTC#200501).
- commit 402d4fe
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
(git-fixes).
- scsi: drivers: base: Propagate errors through the transport
component (git-fixes).
- scsi: drivers: base: Support atomic version of
attribute_container_device_trigger (git-fixes).
- commit 7f6d450
- blacklist.conf: skip git-fix that is too invasive
- commit e017099
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
(git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
(git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
created (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
(git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment
queue limits (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit
(git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
is zero (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function
bio_copy_kern (git-fixes).
- block: use "/unsigned long"/ for blk_validate_block_size()
(git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add()
(git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- block: ataflop: fix breakage introduced at blk-mq refactoring
(git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size
(git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND
(git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly
(git-fixes).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- commit 3b9349e
- Update references of
patches.suse/s390-pci-add-missing-EX_TABLE-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser
(bsc#1205428 LTC#200501).
- commit b4aa54c
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- commit 2be09ac
- blacklist.conf: ("/arm64: topology: move store_cpu_topology() to shared code"/)
- commit 68eedfd
- blacklist.conf: ("/arm64: topology: fix possible overflow in amu_fie_setup()"/)
- commit 4b45d2c
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default.
Update patches.suse/KVM_arm64_Add-templates-for-BHB-mitigation-sequences.patch
And refresh kABI patch.
- commit 543771f
- Drop NVMeoF support for TP 8013 & 8014 (bsc#1192761 bsc#1204827)
The kernel side for the TP 8013 and 8014 support was added before we
finished implementing the feature support in nvme-cli in 2.x.
As it turns out the rather old base version of nvme-cli would require
to completely re-implement the support for these feature for the 1.x
branch.
As SP3 is nearing it's end of the active update cycle, we decided
against to update the nvme-cli package hence these patches for the
kernel are not needed. In fact they introduce, regression due to the
nvme-cli package not able to do handle the new API correctly. So let's
remove these patches as there is no user for it.
- Refresh patches.suse/nvme-add-iopolicy-module-parameter.patch.
- Delete patches.kabi/kabi-fix-nvme-subsystype-change.patch.
- Delete patches.suse/nvme-Add-connect-option-discovery.patch.
- Delete
patches.suse/nvme-add-CNTRLTYPE-definitions-for-identify-controll.patch.
- Delete
patches.suse/nvme-add-new-discovery-log-page-entry-definitions.patch.
- Delete patches.suse/nvme-display-correct-subsystem-NQN.patch.
- Delete
patches.suse/nvme-expose-subsystem-type-in-sysfs-attribute-subsys.patch.
- Delete patches.suse/nvmet-add-nvmet_is_disc_subsys-helper.patch.
- Delete patches.suse/nvmet-add-nvmet_req_subsys-helper.patch.
- Delete
patches.suse/nvmet-don-t-check-iosqes-iocqes-for-discovery-contro.patch.
- Delete patches.suse/nvmet-make-discovery-NQN-configurable.patch.
- Delete
patches.suse/nvmet-register-discovery-subsystem-as-current.patch.
- Delete
patches.suse/nvmet-set-CNTRLTYPE-in-the-identify-controller-data.patch.
- Delete patches.suse/nvmet-switch-check-for-subsystem-type.patch.
- commit 65fe080
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
(git-fixes).
- commit 3521cb1
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/ (bsc#1200845)
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- PCI: hv: Fix typo (bsc#1204446).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Revert "/scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()"/ (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- commit 5f3eadd
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- commit 199a84c
- netfilter: nfnetlink_osf: fix possible bogus match in
nf_osf_find() (bsc#1204614).
- commit e9ccbaa
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being
a V0.96 controller (git-fixes).
- commit 9593f85
- blacklist.conf: add some git-fixes commits which won't be backported
- commit 19d26a3
- media: mceusb: Use new usb_control_msg_*() routines
(CVE-2022-3903 bsc#1205220).
- media: mceusb: fix control-message timeouts (CVE-2022-3903
bsc#1205220).
- USB: core: return -EREMOTEIO on short usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: correct API of usb_control_msg_send/recv (CVE-2022-3903
bsc#1205220).
- USB: core: message.c: use usb_control_msg_send() in a few places
(CVE-2022-3903 bsc#1205220).
- USB: add usb_control_msg_send() and usb_control_msg_recv()
(CVE-2022-3903 bsc#1205220).
- USB: move snd_usb_pipe_sanity_check into the USB core
(CVE-2022-3903 bsc#1205220).
- commit 575009a
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 1da3c8a
- Refresh sorted patches.
- commit 759ab14
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
(bsc#1156395).
- commit 6ad0462
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- commit 3de57a1
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
Refresh to upstream version of patch.
- commit 381d74e
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- commit b1a7e6a
- scsi: ibmvfc: Avoid path failures during live migration
(bsc#1065729 bsc#1204810 ltc#200162).
- commit 617a752
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
This new form was added in commit b8c86872d1dc (riscv: fix detection of
toolchain Zicbom support).
- commit e9f2ba6
- ring-buffer: Check for NULL cpu_buffer in
ring_buffer_wake_waiters() (git-fixes).
- commit f0e9f4a
- r8152: Add MAC passthrough support to new device (git-fixes).
- commit 2c0b0e4
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- s390/ptrace: return -ENOSYS when invalid syscall is supplied
(git-fixes).
- Refresh
patches.suse/s390-ptrace-pass-invalid-syscall-numbers-to-tracing.
- commit 49c6928
- s390/pci: add missing EX_TABLE entries to
__pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing
pavgroup (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot
(git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB
hugepages (bsc#1203144 LTC#199881).
- s390: fix double free of GS and RI CBs on fork() failure
(git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target
ports (git-fixes).
- s390/zcore: fix race when reading from hardware system area
(git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event
(git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
(git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure
(git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak
(git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- commit 2fade04
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- commit 114228e
- xfs: tail updates only need to occur when LSN changes
(git-fixes).
- commit 9d404a5
- xfs: factor common AIL item deletion code (git-fixes).
- commit b1771cc
- xfs: Throttle commits on delayed background CIL push
(git-fixes).
- commit e58ad94
- xfs: Lower CIL flush limit for large logs (git-fixes).
- commit 66c16cf
- xfs: Use scnprintf() for avoiding potential buffer overflow
(git-fixes).
- commit 1495b79
- xfs: check owner of dir3 blocks (git-fixes).
- commit cb50471
- xfs: xfs_buf_corruption_error should take __this_address
(git-fixes).
- commit 840c497
- xfs: rework collapse range into an atomic operation (git-fixes).
- commit cfa7b45
- xfs: rework insert range into an atomic operation (git-fixes).
- commit a96f43c
- xfs: open code insert range extent split helper (git-fixes).
- commit f1b0ddb
- blacklist.conf: ignore unapplicable rdma patches
- commit 38abdf0
- Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch
to upstream version.
- commit bb3e9b2
- NFSv3: use nfs_add_or_obtain() to create and reference inodes
(bsc#1204215).
- Refresh
patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch.
- commit d9aeac3
- NFS: Refactor nfs_instantiate() for dentry referencing callers
(bsc#1204215).
- Refresh
patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch.
- commit 50b85ce
- Update patch references to
patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch
(bsc#1200692 CVE-2022-33981).
- commit 2a514c4
- wifi: brcmfmac: Fix potential buffer overflow in
brcmf_fweh_event_worker() (CVE-2022-3628 bsc#1204868).
- commit c0bd14a
- selftests/livepatch: better synchronize test_klp_callbacks_busy
(bsc#1071995).
- commit 5cc1f06
- blacklist.conf: livepatch: 32-bit only
- commit ed4af6c
- livepatch: Add a missing newline character in
klp_module_coming() (bsc#1071995).
- commit cbc1bb8
- livepatch: fix race between fork and KLP transition
(bsc#1071995).
- commit ed70923
- workqueue: don't skip lockdep work dependency in
cancel_work_sync() (bsc#1204967).
- commit d7d8431
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- commit e027fbe
- scsi: qla2xxx: Use transport-defined speed mask for
supported_speeds (bsc#1204963).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request
(bsc#1204963).
- commit 2f0e70b
- usb: dwc3: qcom: fix runtime PM wakeup.
- commit 770ebb2
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup
(git-fixes).
- commit 1b57243
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- commit 16527ab
- blacklist.conf: cleanup
- commit a1ca722
- printk: use atomic updates for klogd work (bsc#1204934).
- commit 60be5fc
- printk: add missing memory barrier to wake_up_klogd()
(bsc#1204934).
- commit 270aa51
- blacklist.conf: this patch implements a feature implied, but not
implemented
- commit d863db7
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- commit b825ac2
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- commit 2d07106
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- commit 0dbe04a
- blacklist.conf: workqueue: put back cancel_work(); would be needed
only when backporting recent amdgpu stuff
- commit 9a9dea9
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- commit 8229886
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for
transceiver info (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect
(bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from
debugfs (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is
turned off (bsc#1204957).
- scsi: lpfc: Fix spelling mistake "/unsolicted"/ -> "/unsolicited"/
(bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- commit 641ed8b
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- commit 9c6ee14
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- commit 23d84da
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- commit 1db7560
- blacklist.conf: Ignore build fixes for crypto selftest config
Build fixes for crypto selftest with CRYPTO_MANAGER_DISABLE_TESTS!=y
and CRYPTO=m
- commit 423d58a
- RDMA/mlx5: Use different doorbell memory for different processes (git-fixes)
Refresh:
- patches.suse/RDMA-mlx5-Remove-unused-parameter-udata.patch
- commit fd05a52
- Update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
(bsc#1204693).
- commit 26595bd
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- commit 293bf91
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- commit f7baf6a
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- commit d355c79
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- commit 6d0ef48
- RDMA/rxe: Fix "/kernel NULL pointer dereference"/ error (git-fixes)
- commit 9205fa0
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- commit 7daf160
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- commit 7890ffd
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit cc2cd02
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- commit 4332868
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- commit 19e84c3
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- commit db88b1b
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- commit c8db39b
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- commit e28b8f5
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- commit 4c36066
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 3ec31d2
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- commit 26de3e3
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- commit 9d4253b
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- commit 92bff10
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit e806a5b
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- commit 709fd3a
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- commit 121ed63
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- commit 1408298
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- commit 8a4119a
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit f1870dd
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 53e12a2
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- commit 3389a3f
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit a3b0ded
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- commit 12260f5
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7c89c4a
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 1259749
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- commit b499161
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 74e3ed2
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 858283b
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 47de10e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 385ff05
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 2498525
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit 96f828c
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- commit 49315d8
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit dc6482e
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- commit 4b744b6
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit b0c4366
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- commit 2e0cf31
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit 8d71bad
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- commit 2b87978
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit 6f47c39
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit bb23773
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- commit 1ebcca8
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- commit 242d271
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- commit 1421a09
- RDMA: Verify port when creating flow rule (git-fixes)
- commit 75b7985
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- commit c3aa778
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- commit 097d131
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 8811d6a
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- commit e6dae53
- RDMA/cxgb4: Remove MW support (git-fixes)
- commit d49ea58
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- commit fdca7b3
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- commit 289115b
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- commit ad98a0c
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- commit cda973b
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 0c97417
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- commit dd6c131
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a77f876
- kbuild: remove the target in signal traps when interrupted
(git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- commit d17022d
- blacklist.conf: Unnecessary S390 ARCHITECTURE fixes.
- commit 8f1bd85
- kbuild: Add skip_encoding_btf_enum64 option to pahole
(git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21
(jsc#SLE-24559).
- commit 7b939ad
- fbdev: cyber2000fb: fix missing pci_disable_device()
(git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- usb: dwc3: gadget: Don't set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI
(git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- commit 77773fb
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- commit d4a892d
- tracing: Do not free snapshot if tracer is on cmdline
(git-fixes).
- commit 44c0d5c
- tracing: Simplify conditional compilation code in
tracing_set_tracer() (git-fixes).
- commit 030e84d
- ring-buffer: Fix race between reset page and reading page
(git-fixes).
- commit 500d3d5
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- commit 3f63b61
- tracing: Add ioctl() to force ring buffer waiters to wake up
(git-fixes).
- commit 1ac3e72
- tracing: Wake up ring buffer waiters on closing of the file
(git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- commit ee58509
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- commit daffb44
- ring-buffer: Check pending waiters when doing wake ups as well
(git-fixes).
- commit 8618e02
- ring-buffer: Have the shortest_full queue be the shortest not
longest (git-fixes).
- commit ebf21e7
- ring-buffer: Allow splice to read previous partially read pages
(git-fixes).
- commit 81e9520
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- commit e2b6a1c
- tracing: Disable interrupt or preemption before acquiring
arch_spinlock_t (git-fixes).
- commit 75ec285
- device property: Fix documentation for *_match_string() APIs
(git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states
(git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle
(git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card
(git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config
(git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
(git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
(git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges
(git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
(git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion
(git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing
put_clock() in error path (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check
'interlaced' (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values
(git-fixes).
- commit c820733
- Fix build warning
Refreshed:
patches.suse/mm-hugetlb-fix-races-when-looking-up-a-CONT-PTE-PMD-.patch
- commit ca5cb24
- Add CVE reference to
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964).
- commit 94992c9
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone
(bsc#1204328).
- commit b9f2ea4
- thermal: intel_powerclamp: Use first online CPU as control_cpu
(git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report
(git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
(git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset
keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate
(git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in
rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: host: xhci: Fix potential memory leak in
xhci_alloc_stream_info() (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in
adp5061_get_chg_type() (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
(git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number
(git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600
(git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer
(git-fixes).
- drm: Use size_t type for len variable in drm_copy_field()
(git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in
nouveau_bo_alloc() (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to
fix module autoloading (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670
(git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple
times (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at
l2cap_chan_create() (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620
(git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620
(git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
(git-fixes).
- wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
(git-fixes).
- wifi: brcmfmac: fix use-after-free bug in
brcmf_netdev_start_xmit() (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx()
(git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
(git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN
log level (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch
(git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch
(git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of
smp_processor_id() to avoid crash (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
(git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- commit 89baab9
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- commit 0463863
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size
hugetlb page (bsc#1204575).
- commit 06c4f04
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- commit fb82e46
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg()
(git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
(git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- commit 0ca6891
- mm: memcontrol: fix occasional OOMs due to proportional
memory.low reclaim (bsc#1204754).
- mm, memcg: avoid stale protection values when cgroup is above
protection (bsc#1204754).
- commit 0e7d107
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
(bsc#1204753).
- commit b8640ed
- blacklist.conf: Add cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id
- commit d9d65d4
- powerpc/fadump: align destination address to pagesize
(bsc#1204728 ltc#200074).
- commit 618ab17
- fs: move S_ISGID stripping into the vfs_*() helpers (bsc#1198702
CVE-2021-4037).
- commit 2f39bf9
- fs: Add missing umask strip in vfs_tmpfile (bsc#1198702
CVE-2021-4037).
- commit ab394e7
- fs: add mode_strip_sgid() helper (bsc#1198702 CVE-2021-4037).
- commit 536e02f
- usb: mon: make mmapped memory read only (bsc#1204653
CVE-2022-43750).
- commit 1f646df
- blacklist.conf: add commit from git-fixes
- commit c46aa6a
- devlink: Fix use-after-free after a failed reload (bsc#1204637
CVE-2022-3625).
- commit 3567978
- nvmem: core: Check input parameter for NULL in
nvmem_unregister() (bsc#1204241).
- commit 1b1642f
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- commit 9ea634f
- arm64: assembler: add cond_yield macro (git-fixes)
- commit f628c0a
- net: mvpp2: fix mvpp2 debugfs leak (bsc#1204417 CVE-2022-3535).
- bnx2x: fix potential memory leak in bnx2x_tpa_stop()
(bsc#1204402 CVE-2022-3542).
- nfp: fix use-after-free in area_cache_get() (bsc#1204415
CVE-2022-3545).
- commit 9a28d9e
- nilfs2: fix leak of nilfs_root in case of writer thread creation
failure (CVE-2022-3646 bsc#1204646).
- nilfs2: fix use-after-free bug of struct nilfs_root
(CVE-2022-3649 bsc#1204647).
- vsock: Fix memory leak in vsock_connect() (CVE-2022-3629
bsc#1204635).
- commit 772e9a5
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
(CVE-2022-3640 bsc#1204619).
- commit b1ed4c2
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- commit d60e491
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- commit 477d56a
- KVM: s390: pv: don't present the ecall interrupt twice
(git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu
(git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO
(git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- commit 1c45296
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- commit ec837bd
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- commit bf7093a
- crypto: arm64/sha - fix function types (git-fixes)
- commit 887f265
- Update metadata references
- commit 980fadf
- blacklist.conf: ("/arm64: Introduce a way to disable the 32bit vdso"/)
- commit 0591754
- KVM: x86: do not report a vCPU as preempted outside instruction
boundaries (bsc#1203066 CVE-2022-39189).
- commit 89982eb
- nilfs2: fix NULL pointer dereference at
nilfs_bmap_lookup_at_level() (CVE-2022-3621 bsc#1204574).
- commit df5c951
- r8152: Rate limit overflow messages (CVE-2022-3594 bsc#1204479).
- commit 488dede
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
(CVE-2022-3577 bsc#1204470).
- commit e57339b
- kcm: avoid potential race in kcm_tx_work (bsc#1204355
CVE-2022-3521).
- commit d2eeccc
- tcp/udp: Fix memory leak in ipv6_renew_options() (bsc#1204354
CVE-2022-3524).
- commit ec8a71d
- Update metadata references
- commit 6d888aa
- sch_sfb: Also store skb len before calling child enqueue
(CVE-2022-3586 bsc#1204439).
- sch_sfb: Don't assume the skb is still around after enqueueing
to child (CVE-2022-3586 bsc#1204439).
- commit bbd433f
- mISDN: fix use-after-free bugs in l1oip timer handlers
(CVE-2022-3565 bsc#1204431).
- commit 1917bcf
- net: ieee802154: return -EINVAL for unknown addr type
(git-fixes).
- commit 2d80805
- ACPI: HMAT: Release platform device in case of
platform_device_add_data() fails (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register()
(git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z
(git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
(git-fixes).
- Input: xpad - add supported devices as contributed on github
(git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch
(git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine
(git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg
(git-fixes).
- dmaengine: xilinx_dma: Report error in case of
dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores
property (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
(git-fixes).
- mmc: core: Replace with already defined values for readability
(git-fixes).
- commit ba86540
- struct pci_config_window kABI workaround (bsc#1204382).
- commit b2287af
- PCI: Dynamically map ECAM regions (bsc#1204382).
- commit dc89dd6
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h
(bsc#1065729).
- Refresh patches.suse/powerpc-mm-radix-Create-separate-mappings-for-hot-pl.patch
- Refresh patches.suse/powerpc-mm-radix-Remove-split_kernel_mapping.patch
- commit 852bb71
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- commit c4ea05c
- USB: serial: qcserial: add new usb-id for Dell branded EM7455
(git-fixes).
- commit 72baa22
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in
opal_export_attrs() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- commit 11a4b1b
- powerpc/kprobes: Fix null pointer reference in
arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246
git-fixes).
- commit 98b4617
- xfs: remove obsolete AGF counter debugging (git-fixes).
- commit 6b3cbd8
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- commit c80d128
- xfs: rename `new' to `delta' in xfs_growfs_data_private()
(git-fixes).
- commit 7994309
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- commit d0ec732
- xfs: fix memory corruption during remote attr value buffer
invalidation (git-fixes).
- commit 63ac0a8
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- commit cdcab38
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- commit 260cd8e
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- commit f916b39
- xfs: add missing assert in xfs_fsmap_owner_from_rmap
(git-fixes).
- commit 7d88bfe
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- commit dc70b98
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP
header on fast-rx (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart
(git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion
(git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq
(git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback
(git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure
(git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types
(git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to
use regmap (git-fixes).
- commit 90b2426
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON
(git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
(git-fixes).
- commit d78eec4
- Move upstreamed WiFi fixes into sorted section
- commit 2dec8da
- Move upstreamed WiFi fixes into sorted section
- commit 05342a3
- kABI: fix kABI after "/KVM: Add infrastructure and macro to mark
VM as bugged"/ (bsc#1200788 CVE-2022-2153).
- commit 1ddb693
- KVM: Add infrastructure and macro to mark VM as bugged
(bsc#1200788 CVE-2022-2153).
- commit 07862de
- locking/csd_lock: Change csdlock_debug from early_param to
__setup (git-fixes).
- Refresh
patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 4abed38
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- commit 2cf708c
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (bsc#1200788 CVE-2022-2153).
- commit 8712ddf
- KVM: x86: hyper-v: disallow configuring SynIC timers with no
SynIC (bsc#1200788 CVE-2022-2153).
- commit 75749d4
- KVM: nVMX: Unconditionally purge queued/injected events on
nested "/exit"/ (git-fixes).
- commit 04b8316
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (bsc#1200788 CVE-2022-2153).
- commit f23b172
- KVM: x86/emulator: Fix handing of POP SS to correctly set
interruptibility (git-fixes).
- commit 3671e7c
- KVM: x86: Check lapic_in_kernel() before attempting to set a
SynIC irq (bsc#1200788 CVE-2022-2153).
- commit e02caef
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
bsc#1203391).
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-2978
bsc#1202700).
- commit 8c7541d
- sbitmap: Avoid leaving waitqueue in invalid state in
__sbq_wake_up() (git-fixes).
- commit 89e6f60
- staging: vt6655: fix some erroneous memory clean-up loops
(git-fixes).
- Revert "/usb: storage: Add quirk for Samsung Fit flash"/
(git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c
(git-fixes).
- xhci: Don't show warning for reinit on known broken suspend
(git-fixes).
- USB: serial: console: move mutex_unlock() before
usb_serial_put() (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM
(git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in
gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
(git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection
(git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
(git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in
ath10k_sta_state() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh
(git-fixes).
- commit d4e6eb9
- soc: sunxi_sram: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- Refresh
patches.suse/soc-sunxi-sram-Prevent-the-driver-from-being-unbound.patch.
- commit 1478c4f
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
(git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
(git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback
(git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable
callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22
(git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in
lpuart_dma_shutdown (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling
(git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node'
(git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
(git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight
registering (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in
omap1_spi100k_probe (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in
spi_qup_resume() (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe()
(git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression
(git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit d4e37ac
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend
(git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall
(git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
(git-fixes).
- iio: adc: ad7923: fix channel readings for some variants
(git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements
(git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel
ABI (git-fixes).
- iio: inkern: only release the device node when done with it
(git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample
freq (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure
and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
(git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl()
(git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct()
(git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap()
in the probe (git-fixes).
- mfd: sm501: Add check for platform_driver_register()
(git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init()
and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe()
(git-fixes).
- mfd: fsl-imx25: Fix an error handling path in
mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in
intel_soc_pmic_i2c_probe() (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
(git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings()
(git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe()
(git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
(git-fixes).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
(git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers
(git-fixes).
- commit ea51746
- gpio: rockchip: request GPIO mux to pinctrl when setting
direction (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware
(git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister
(git-fixes).
- crypto: akcipher - default implementation for setting a private
key (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr
(git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
(git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups
(git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
(git-fixes).
- dyndbg: let query-modname override actual module name
(git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted
timer in __cleanup() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in
hidpp_connect_event (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug
(git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent
(git-fixes).
- drm:pl111: Add of_node_put() when breaking out of
for_each_available_child_of_node() (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order
(git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/nouveau: fix a use-after-free in
nouveau_gem_prime_import_sg_table() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset
(git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- commit 6db482b
- ACPI: APEI: do not add task_work to kernel thread to avoid
memory leak (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying
num_parents (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent
(git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
(git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init
(git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init
(git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent()
(git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent()
(git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and
ata_id_has_sense_reporting() (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe
(git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
(git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
(git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
(git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx
API (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ALSA: hda/hdmi: Don't skip notification handling during PM
operation (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically
(git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak()
(git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable
(git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable
(git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly
(git-fixes).
- commit 058f8fc
- Update
patches.suse/mm-rmap-Fix-anon_vma-degree-ambiguity-leading-to-double-reuse.patch
(CVE-2022-42703, bsc#1204168, git-fixes, bsc#1203098).
- commit 15fe693
- misc: sgi-gru: fix use-after-free error in
gru_set_context_option, gru_fault and gru_handle_user_call_os
(CVE-2022-3424 bsc#1204166).
- commit 721c580
- blacklist.conf: Append 'drm/vc4: hdmi: Prevent access to crtc->state outside of KMS'
- commit 39988a9
- blacklist.conf: Append 'drm/vc4: hdmi: Use a mutex to prevent concurrent framework access'
- commit c6967e3
- blacklist.conf: Append 'drm/vc4: hdmi: Add a spinlock to protect register access'
- commit 7d9f3f3
- exfat: Return ENAMETOOLONG consistently for oversized paths
(bsc#1204053 bsc#1201725).
- commit 955135a
- selftests/powerpc: Skip energy_scale_info test on older firmware
(git-fixes).
- commit 2a9f2c0
- blacklist.conf: prerequisite too risky
- commit 67fdf07
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 3394628
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455
(git-fixes).
- commit 71e1adc
- blacklist.conf: ignore unwanted nfs patches
- commit 5bb5269
- blacklist.conf: ignore unwanted md patches
- commit ff9f04a
- xfs: enable big timestamps (bsc#1203387).
- commit e8c654f
- xfs: widen ondisk quota expiration timestamps to handle y2038+
(bsc#1203387).
- commit f11211b
- quota: widen timestamps for the fs_disk_quota structure
(bsc#1203387).
- commit 1a9210f
- xfs: widen ondisk inode timestamps to deal with y2038+
(bsc#1203387).
- commit ef6704e
- ACPI: processor idle: Practically limit "/Dummy wait"/ workaround
to old Intel systems (bnc#1203802).
- commit 5c74e0f
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
Refresh
patches.suse/xfs-repair-malformed-inode-items-during-log-recovery.patch.
- commit 79f8f1e
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- commit f6d0842
- xfs: use a struct timespec64 for the in-core crtime
(bsc#1203387).
- commit d683559
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- commit e4afdb9
- xfs: explicitly define inode timestamp range (bsc#1203387).
- commit d8ae99a
- media: aspeed-video: ignore interrupts that aren't enabled
(git-fixes).
- commit 36a70fa
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- commit 6094fd3
- media: coda: Fix reported H264 profile (git-fixes).
- commit af3ba3e
- xfs: enable new inode btree counters feature (bsc#1203387).
- commit 06361ad
- xfs: use the finobt block counts to speed up mount times
(bsc#1203387).
- commit debb8f9
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- commit f9fb0f8
- blacklist.conf: Append 'sysfb: Enable boot time VESA graphic mode selection'
- commit 49f0f34
- Revert "/constraints: increase disk space for all architectures"/
(bsc#1203693).
This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- drm/amdgpu: don't register a dirty callback for non-atomic
(git-fixes).
- commit 0b4b37a
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- commit 0b58855
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- Revert "/usb: add quirks for Lenovo OneLink+ Dock"/ (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in
pxa3xx_gcu_write (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind
(git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access
(git-fixes).
- commit 2e55e74
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound
(git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info
(git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule
(git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before
sending data (git-fixes).
- commit e040102
- blacklist.conf: df5b035b5683 x86/cacheinfo: Add a cpu_llc_shared_mask() UP variant
- commit 51fbc8c
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup
(git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI
clocks (git-fixes).
- Revert "/drm: bridge: analogix/dp: add panel prepare/unprepare
in suspend/resume time"/ (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205
(git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width
(git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx
accounting (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack
(git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530
laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid
(git-fixes).
- drm/amd/display: Limit user regamma to a valid value
(git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths
(git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power
change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled
(git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in
pfuze100_regulator_probe() (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit e7744dc
- blacklist.conf: 00da0cb385d0 Documentation/ABI: Mention retbleed vulnerability info file for sysfs
- commit 24c89c9
- USB: serial: option: add Quectel RM520N (git-fixes).
- commit e500762
- USB: serial: option: add Quectel BG95 0x0203 composition
(git-fixes).
- commit 75be355
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- commit b42e64a
- parisc/sticon: fix reverse colors (bsc#1152489)
Backporting notes:
* context changes
- commit 206cd49
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- commit f67e434
- kabi/severities: add mlx5 internal symbols
- commit 4fb94df
- net/mlx5: Dynamically resize flow counters query buffer
(bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs
(bsc#119175).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be
per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- commit cb2b71a
- constraints: increase disk space for all architectures
References: bsc#1203693
aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
very close to the limit.
- commit 43a9011
- padata: make padata_free_shell() to respect pd's ->refcnt
(bsc#1202638).
- commit 2827da5
- padata: introduce internal padata_get/put_pd() helpers
(bsc#1202638).
- commit 8fd1f6c
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 72392d0
- selftest/powerpc: Add PAPR sysfs attributes sniff test
(bsc#1200465 ltc#197256 jsc#PED-1931).
- powerpc/pseries: Interface to represent PAPR firmware attributes
(bsc#1200465 ltc#197256 jsc#PED-1931).
- commit 9795281
- krb5
-
- Fix integer overflows in PAC parsing; (CVE-2022-42898);
(bso#15203), (bsc#1205126).
- Added patches:
* 0010-Fix-integer-overflows-in-PAC-parsing.patch
- ldb
-
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
+ CVE-2022-32746 ldb: db: Use-after-free occurring in
database audit logging module; (bso#15009); (bsc#1201490).
+ CVE-2022-32746: samba: ldb: Use-after-free occurring in
database audit logging module; (bso#15009); (bsc#1201490).
- libX11
-
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
* fixes regression introduced with security update for
CVE-2022-3555 (bsc#1204425, bsc#1208881)
- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
* security update for CVE-2022-3554 (bsc#1204422)
- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
* security update for CVE-2022-3555 (bsc#1204425)
- libdb-4_8
-
- Security fix: [bsc#1174414, CVE-2019-2708]
* libdb: Data store execution leads to partial DoS
* Backport the upsteam commits:
- Fixed several possible crashes when running db_verify
on a corrupted database. [#27864]
- Fixed several possible hangs when running db_verify
on a corrupted database. [#27864]
- Added a warning message when attempting to verify a queue
database which has many extent files. Verification will take
a long time if there are many extent files. [#27864]
* Add libdb-4_8-CVE-2019-2708.patch
- libksba
-
- Security fix: [bsc#1206579, CVE-2022-47629]
* Integer overflow in the CRL signature parser.
* Add libksba-CVE-2022-47629.patch
- libsodium
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Revert previous change about cpuid as previous change rejected
in https://build.opensuse.org/request/show/724809
- Disable LTO as bypass boo#1148184
- Add libsodium_configure_cpuid_chg.patch and call autoconf
to regenerate configure script with proper CPUID checking.
Required at least for PowerPC and ARM now that LTO enabled.
- Update to 1.0.18
- Enterprise versions of Visual Studio are now supported.
- Visual Studio 2019 is now supported.
- 32-bit binaries for Visual Studio 2010 are now provided.
- A test designed to trigger an OOM condition didn't work on
Linux systems with memory overcommit turned on. It has been
removed in order to fix Ansible builds.
- Emscripten: print and printErr functions are overridden to send
errors to the console, if there is one.
- Emscripten: UTF8ToString() is now exported since
Pointer_stringify() has been deprecated.
- Libsodium version detection has been fixed in the CMake recipe.
- Generic hashing got a 10% speedup on AVX2.
- New target: WebAssembly/WASI
(compile with dist-builds/wasm32-wasi.sh).
- New functions to map a hash to an edwards25519 point
or get a random point:
core_ed25519_from_hash() and core_ed25519_random().
- crypto_core_ed25519_scalar_mul() has been implemented for
scalar*scalar (mod L) multiplication.
- Support for the Ristretto group has been implemented for
interoperability with wasm-crypto.
- Improvements have been made to the test suite.
- Portability improvements have been made.
- getentropy() is now used on systems providing this system call.
- randombytes_salsa20 has been renamed to randombytes_internal.
- Support for NativeClient has been removed.
- Most ((nonnull)) attributes have been relaxed to allow 0-length
inputs to be NULL.
- The -ftree-vectorize and -ftree-slp-vectorize compiler switches
are now used, if available, for optimized builds.
- Update to 1.0.17
- Bug fix: sodium_pad() didn't properly support block sizes
>= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the
WebAssembly module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
returnEINVAL` on input strings with a short length, unlike
their high-level counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU
features not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime
order group:
- crypto_core_ed25519_scalar_random(),
crypto_core_ed25519_scalar_reduce(),
- crypto_core_ed25519_scalar_invert(),
crypto_core_ed25519_scalar_negate(),
- crypto_core_ed25519_scalar_complement(),
crypto_core_ed25519_scalar_add() and
crypto_core_ed25519_scalar_sub().
- New low-level APIs for scalar multiplication without clamping:
crypto_scalarmult_ed25519_base_noclamp() and
crypto_scalarmult_ed25519_noclamp().
These new APIs are especially useful for blinding.
- sodium_sub() has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The nonnull attribute has been added to all relevant
prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
- libsolv
-
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
[bsc#1195633]
- bump version to 0.7.24
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
- libtirpc
-
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
to a random port (bsc#1199467)
- add binddynport-honor-ip_local_reserved_ports.patch
- libxml2
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
- Add libxml2-python3-string-null-check.patch: fix NULL pointer
dereference when parsing invalid data (bsc#1065270
glgo#libxml2!15).).
- clean with spec-cleaner
- libxml2-python3-unicode-errors.patch: work around an issue with
libxml2 supplied error strings being undecodable UTF-8 (bsc#1065270)
- convert to singlespec, build a python 3 version
- change build instructions to use setup.py (and %python_build macros)
instead of makefile-based approach
- add python3.6-verify_fd.patch that fixes libxml2 on python 3.6
- rename to python-libxml2-python to conform to package naming policy
(PyPI name is "/libxml2-python"/)
- libxslt
-
- Security Fix: [bsc#1208574, CVE-2021-30560]
* Use after free in Blink XSLT
* Add libxslt-CVE-2021-30560.patch
- Fix broken license symlink for libxslt-tools [bsc#1203669]
- libzypp
-
- curl: Trim user agent string (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. Violation
results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
(bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
- MediaCurl: Fix endless loop if wrong credentials are stored in
credentials.cat (bsc#1210870)
Since libzypp-17.31.7 wrong credentials stored in credentials.cat
may lead to an endless loop. Rather than asking for the right
credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
(bsc#1208329)
Maximum time in seconds that you allow the connection phase to
the server to take. This only limits the connection phase, it has
no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
(boo#1127591)
Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
[#439])
Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
- ProgressData: enforce reporting the INIT||END state
(bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
(bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
(bsc#1203248)
Without enabled repos, the dependent PTF-packages would be
removed (not replaced!) as well. To remove a PTF "/zypper install
- - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
This will update the installed PTF packages to theit latest
version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
This patch hopefully fixes logging on WSL, getsockopt seems to
not be fully supported but the code required it when accepting
new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
(fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
settings.
- Implement geoIP feature for zypp.
This patch adds a feature to rewrite request URLs to the repo
servers by querying a geoIP file from download.opensuse.org. This
file can return a redirection target depending on the clients IP
adress, this way we can directly contact a local mirror of d.o.o
instead. The redir target stays valid for 24hrs.
This feature can be disabled in zypp.conf by setting
'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server
MediaMultiCurl used to fallback to a fixed, relatively small
BLKSIZE. This patch changes the fallback into a dynamic value
based on the filesize using a similar metric as the MirrorCache
implementation on the server side.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to
calculate if a repository needs to be refreshed. This
optimisation only takes place if the repo does specify only
downloading base urls.
- version 17.31.3 (22)
- lvm2
-
- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
- bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
- dracut-initqueue timeouts with 5.3.18-150300.59.63 kernel on ppc64le (bsc#1199074)
- in lvm2.spec, change device_mapper_version from 1.02.163 to %{lvm2_version}_1.02.163
- lvm2.spec %post deletes libdevmapper and triggers kernel panic (bsc#1198523)
- change %post behaviour, only do deleting job for non-link folder
- mozilla-nss
-
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
fixes to PBKDF2 parameter validation.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
validate extra PBKDF2 parameters according to FIPS 140-3.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
update session->lastOpWasFIPS before destroying the key after
derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
excess code.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
checks. Thanks to Martin for the DHKey parts.
- Add manpages to mozilla-nss-tools (bsc#1208242)
- update to NSS 3.79.4 (bsc#1208138)
* Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
(CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
(bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
* Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
(CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
called when the repeat integrity check fails (bsc#1198980).
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- newt
-
- nfs-utils
-
- Rename all drop-in options.conf files as 10-options.conf
This makes it easier for other packages to over-ride
with a drop-in with a later sequence number.
resource-agents does this.
(bsc#1207843)
- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
Avoid modprobe errors when sysctl is not installed.
(bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
Add "/-S scope"/ option to rpc.nfsd to simplify fail-over cluster
config.
(bsc#1203746)
- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
Fix nfsdcltrack bug that affected non-x86 archs.
(bsc#1202627)
- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
Ensure sysctl setting work (bsc#1199856)
- nfsidmap
-
- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
0002-Handle-NULL-names-better.patch
0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
0005-nss.c-wrong-check-of-return-value.patch
0006-Fixed-a-memory-leak-nss_name_to_gid.patch
Various bugfixes and improvemes from upstream
In particular, 0001 fixes a crash that can happen when
a 'static' mapping is configured.
(bnc#1200901)
- nftables
-
- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this
fixes a crash in nftables if layer2 reject rules are processed (e.g.
Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).
- openldap2
-
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
* 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
- openssh
-
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
This caused invalid and irrelevant environment assignments (bsc#1207014).
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
connections update their dbus environment (bsc#1179465).
- Add openssh-do-not-send-empty-message.patch: Prevent empty
messages from being sent. This avoids a superfluous new line
(bsc#1192439).
- openssl-1_1
-
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
* Invalid certificate policies in leaf certificates are silently ignored
* Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
* Certificate policy check not enabled
* Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
* Excessive Resource Usage Verifying X.509 Policy Constraints
* Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
* Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
for x400Address
* Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
* Use-after-free following BIO_new_NDEF()
* Add patches:
- openssl-CVE-2023-0215-1of4.patch
- openssl-CVE-2023-0215-2of4.patch
- openssl-CVE-2023-0215-3of4.patch
- openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
* Double free after calling PEM_read_bio_ex()
* Add patches:
- openssl-CVE-2022-4450-1of2.patch
- openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Timing Oracle in RSA Decryption
* Add patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
- FIPS: list only FIPS approved public key algorithms
[bsc#1121365, bsc#1198472]
* Add openssl-1_1-fips-list-only-approved-pubkey-algorithms.patch
- Added openssl-1_1-paramgen-default_to_rfc7919.patch
* bsc#1180995
* Default to RFC7919 groups when generating ECDH parameters
using 'genpkey' or 'dhparam' in FIPS mode.
- Fix memory leaks introduced by openssl-1.1.1-fips.patch [bsc#1203046]
* Add patch openssl-1.1.1-fips-fix-memory-leaks.patch
- pam
-
- Update pam_motd to the most current version. This fixes various issues
and adds support for mot.d directories [jsc#PED-1712].
* Added: pam-ped1712-pam_motd-directory-feature.patch
- permissions
-
* Backport postfix to SLE-15-SP2 (bsc#1206738)
- Update to version 20181225:
- procps
-
- Add patch bsc1209122-a6c0795d.patch
* Fix for bsc#1209122 to allow `-´ as leading character to ignore
possible errors on systctl entries
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
- protobuf
-
- Fix a potential DoS issue in protobuf-cpp and protobuf-python,
CVE-2022-1941, bsc#1203681
* Add protobuf-CVE-2022-1941.patch
- Fix a potential DoS issue when parsing with binary data in
protobuf-java, CVE-2022-3171, bsc#1204256
* Add protobuf-CVE-2022-3171.patch
- Refresh protobuf-CVE-2021-22570.patch
- Backport changes from 3.16.x tree for apply recent CVE patches
* Add protobuf-51026d922970e06475f005b39287963594134b96.patch
* Add protobuf-6ee16a9c60e734104aeb738503fe3f411c97bd88.patch
* Add protobuf-73e0d748b9acdc40b693f2879ce82ecb1a849b81.patch
* Add protobuf-7bff8393cab939bfbb9b5c69b3fe76b4d83c41ee.patch
* Add protobuf-4f02f056b5cea99052bfdfb6698afe47a3cf2964.patch
* Add protobuf-763c3588740b97e8e80b1b1a1a2dc4f417647133.patch
* Add protobuf-6c92f9dff1807c142edf6780d775b58a3b078591.patch
* Add protobuf-4e93585e8bb234efeacb7737b8d080968c5ab91e.patch
* Add protobuf-58d4420e2dd8a3cd354fff9db0052881c25369ce.patch
- Reorganize patch set ordering
- Fix potential Denial of Service in protobuf-java in the parsing procedure
for binary data, CVE-2021-22569, bsc#1194530
* Add protobuf-improve-performance-of-parsing-unknown-fields-in-Java.patch
- purge-kernels-service
-
- Change service type to exec (boo#1198668).
- python-PyJWT
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
was fixed upstream in version 2.4.0
- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
- Security
- [CVE-2022-29217] Prevent key confusion through
non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
- Other changes:
- Explicit check the key for ECAlgorithm by @estin in
https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx
in https://github.com/jpadilla/pyjwt/pull/742
- Don't use implicit optionals by @rekyungmin in
https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete()
by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in
https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx
in https://github.com/jpadilla/pyjwt/pull/743
- Add support for Python 3.10 by @hugovk in
https://github.com/jpadilla/pyjwt/pull/699
- api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
https://github.com/jpadilla/pyjwt/pull/725
- Update usage.rst by @guneybilen in
https://github.com/jpadilla/pyjwt/pull/727
- Docs: mention performance reasons for reusing RSAPrivateKey
when encoding by @dmahr1 in
https://github.com/jpadilla/pyjwt/pull/734
- Fixed typo in usage.rst by @israelabraham in
https://github.com/jpadilla/pyjwt/pull/738
- Add detached payload support for JWS encoding and decoding by
@fviard in https://github.com/jpadilla/pyjwt/pull/723
- Replace various string interpolations with f-strings by @akx
in https://github.com/jpadilla/pyjwt/pull/744
- Update to 2.3.0
* Revert "/Remove arbitrary kwargs."/ (#701)
* Add exception chaining (#702)
- from version 2.2.0
* Remove arbitrary kwargs. (#657)
* Use timezone package as Python 3.5+ is required. (#694)
* Assume JWK without the "/use"/ claim is valid for signing
as per RFC7517 (#668)
* Prefer `headers["/alg"/]` to `algorithm` in `jwt.encode()`. (#673)
* Fix aud validation to support {'aud': null} case. (#670)
* Make `typ` optional in JWT to be compliant with RFC7519. (#644)
* Remove upper bound on cryptography version. (#693)
* Add support for Ed448/EdDSA. (#675)
- update to 2.1.0:
- Allow claims validation without making JWT signature validation mandatory. `
- Remove padding from JWK test data. `
- Make `kty` mandatory in JWK to be compliant with RFC7517. `
- Allow JWK without `alg` to be compliant with RFC7517. `
- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `
- Add caching by default to PyJWKClient `
- Add missing exceptions.InvalidKeyError to jwt module __init__ imports `
- Add support for ES256K algorithm `
- Add `from_jwk()` to Ed25519Algorithm `
- Add `to_jwk()` to Ed25519Algorithm `
- Export `PyJWK` and `PyJWKSet`
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.0.1:
* Drop support for Python 2 and Python 3.0-3.5
* Require cryptography >= 3
* Drop support for PyCrypto and ECDSA
* Drop CLI
* Improve typings
* Dropped deprecated errors
* Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
* Dropped deprecated ``verify`` param in ``jwt.decode(...)``
* Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
* Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
* Introduce better experience for JWKs
* further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
- python-PyNaCl
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- six is needed by testsuite
- Update to 1.4.0
* Update ``libsodium`` to 1.0.18.
* **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
wheels. Continuing to produce them was a maintenance burden.
* Added support for Python 3.8, and removed support for Python 3.4.
* Add low level bindings for extracting the seed and the public key
from crypto_sign_ed25519 secret key
* Add low level bindings for deterministic random generation.
* Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py`` (#485)
* Fix checks on very slow builders (#481, #495)
* Add low-level bindings to ed25519 arithmetic functions
* Update low-level blake2b state implementation
* Fix wrong short-input behavior of SealedBox.decrypt() (#517)
* Raise CryptPrefixError exception instead of InvalidkeyError when trying
to check a password against a verifier stored in a unknown format (#519)
* Add support for minimal builds of libsodium. Trying to call functions
not available in a minimal build will raise an UnavailableError
exception. To compile a minimal build of the bundled libsodium, set
the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
- removed obsolete back-port patch:
* fix_tests.patch
* hypothesis-no-unilmited.patch
* python-PyNaCl-hypothesis-remove-average_size.patch
- Fix tests with latest hypothesis:
* hypothesis-no-unilmited.patch
- Add missing runtime dependency on cffi
- add fix_tests.patch for new pytest
- run the testsuite
- added patches
https://github.com/pyca/pynacl/commit/a8c08b18f3a2e8f2140c531afaf42715fcab68e7
+ python-PyNaCl-hypothesis-remove-average_size.patch
- Update to 1.3.0
* Added support for Python 3.7.
* Run and test all code examples in PyNaCl docs through sphinx's doctest
builder.
* Add low-level bindings for chacha20-poly1305 AEAD constructions.
* Add low-level bindings for the chacha20-poly1305 secretstream
constructions.
* Add low-level bindings for ed25519ph pre-hashed signing construction.
* Add low-level bindings for constant-time increment and addition on
fixed-precision big integers represented as little-endian byte sequences.
* Add low-level bindings for the ISO/IEC 7816-4 compatible padding API.
* Add low-level bindings for libsodium's crypto_kx... key exchange
construction.
* Set hypothesis deadline to None in tests/test_pwhash.py to avoid incorrect
test failures on slower processor architectures.
- python-boto3
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update to 1.26.89
* api-change:``ivschat``: [``botocore``] This release adds a new exception returned when calling
AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return
ConflictException when invalid updates are made in sequence to Logging Configurations.
* api-change:``secretsmanager``: [``botocore``] The type definitions of SecretString and
SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you
pass in empty values.
- from version 1.26.88
* api-change:``codeartifact``: [``botocore``] This release introduces the generic package format, a
mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to
allow for publishing generic packages.
* api-change:``connect``: [``botocore``] This release adds a new API, GetMetricDataV2, which
returns metric data for Amazon Connect.
* api-change:``evidently``: [``botocore``] Updated entity override documentation
* api-change:``networkmanager``: [``botocore``] This update provides example usage for
TransitGatewayRouteTableArn.
* api-change:``quicksight``: [``botocore``] This release has two changes: add state persistence
feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties
for hidden collapsed row dimensions in PivotTableOptions.
* api-change:``redshift-data``: [``botocore``] Added support for Redshift Serverless workgroup-arn
wherever the WorkgroupName parameter is available.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now allows SSM access to
customer's model container by setting the "/EnableSSMAccess"/ parameter for a ProductionVariant in
CreateEndpointConfig API.
* api-change:``servicediscovery``: [``botocore``] Updated all AWS Cloud Map APIs to provide
consistent throttling exception (RequestLimitExceeded)
* api-change:``sesv2``: [``botocore``] This release introduces a new recommendation in Virtual
Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message
Identification (BIMI) DNS records for customer sending identities.
- from version 1.26.87
* api-change:``athena``: [``botocore``] A new field SubstatementType is added to GetQueryExecution
API, so customers have an error free way to detect the query type and interpret the result.
* api-change:``dynamodb``: [``botocore``] Adds deletion protection support to DynamoDB tables.
Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by
default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in
TableDescription. This setting is not replicated for Global Tables.
* api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7g, M7g and R7g instances, powered by
the latest generation AWS Graviton3 processors and deliver up to 25% better performance over
Graviton2-based instances.
* api-change:``lakeformation``: [``botocore``] This release adds two new API support
"/GetDataCellsFiler"/ and "/UpdateDataCellsFilter"/, and also updates the corresponding documentation.
* api-change:``mediapackage-vod``: [``botocore``] This release provides the date and time VOD
resources were created.
* api-change:``mediapackage``: [``botocore``] This release provides the date and time live
resources were created.
* api-change:``route53resolver``: [``botocore``] Add dual-stack and IPv6 support for Route 53
Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
* api-change:``sagemaker``: [``botocore``] There needs to be a user identity to specify the
SageMaker user who perform each action regarding the entity. However, these is a not a unified
concept of user identity across SageMaker service that could be used today.
- from version 1.26.86
* api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor Target Recommendation APIs
and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target
Recommendation calculation.
* api-change:``location``: [``botocore``] Documentation update for the release of 3 additional map
styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open
Data Visualization Dark.
- from version 1.26.85
* api-change:``account``: [``botocore``] AWS Account alternate contact email addresses can now have
a length of 254 characters and contain the character "/|"/.
* api-change:``ivs``: [``botocore``] Updated text description in DeleteChannel, Stream, and
StreamSummary.
- from version 1.26.84
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB.
* api-change:``ec2``: [``botocore``] This release adds support for a new boot mode for EC2
instances called 'UEFI Preferred'.
* api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has improved
handling for different input and output color space combinations.
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for Nielsen
watermark timezones.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports role access for these
API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and
UpdateVocabularyFilter.
- from version 1.26.83
* api-change:``iot``: [``botocore``] A recurring maintenance window is an optional configuration
used for rolling out the job document to all devices in the target group observing a predetermined
start time, duration, and frequency that the maintenance window occurs.
* api-change:``migrationhubstrategy``: [``botocore``] This release updates the File Import API to
allow importing servers already discovered by customers with reduced pre-requisites.
* api-change:``organizations``: [``botocore``] This release introduces a new reason code,
ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
* api-change:``pi``: [``botocore``] This release adds a new field PeriodAlignment to allow the
customer specifying the returned timestamp of time periods to be either the start or end time.
* api-change:``pipes``: [``botocore``] This release fixes some input parameter range and patterns.
* api-change:``sagemaker``: [``botocore``] Add a new field "/EndpointMetrics"/ in SageMaker Inference
Recommender "/ListInferenceRecommendationsJobSteps"/ API response.
- from version 1.26.82
* api-change:``codecatalyst``: [``botocore``] Published Dev Environments StopDevEnvironmentSession
API
* api-change:``pricing``: [``botocore``] This release adds 2 new APIs - ListPriceLists which
returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve
your price lists from the generated file from ListPriceLists
* api-change:``s3outposts``: [``botocore``] S3 on Outposts introduces a new API ListOutpostsWithS3,
with this API you can list all your Outposts with S3 capacity.
- from version 1.26.81
* enhancement:Documentation: Splits service documentation into multiple sub-pages for better
organization and faster loading time.
* enhancement:Documentation: [``botocore``] Splits service documentation into multiple sub-pages
for better organization and faster loading time.
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports flywheels to help you
train and manage new model versions for custom models.
* api-change:``ec2``: [``botocore``] This release allows IMDS support to be set to v2-only on an
existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default.
* api-change:``kms``: [``botocore``] AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm
option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature.
AWS KMS will end support for this wrapping algorithm by October 1, 2023.
* api-change:``lightsail``: [``botocore``] This release adds Lightsail for Research feature
support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount.
* api-change:``managedblockchain``: [``botocore``] This release adds support for tagging to the
accessor resource in Amazon Managed Blockchain
* api-change:``omics``: [``botocore``] Minor model changes to accomodate batch imports feature
- from version 1.26.80
* api-change:``devops-guru``: [``botocore``] This release adds the description field on
ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies.
* api-change:``drs``: [``botocore``] New fields were added to reflect availability zone data in
source server and recovery instance description commands responses, as well as source server launch
status.
* api-change:``internetmonitor``: [``botocore``] CloudWatch Internet Monitor is a a new service
within CloudWatch that will help application developers and network engineers continuously monitor
internet performance metrics such as availability and performance between their AWS-hosted
applications and end-users of these applications
* api-change:``lambda``: [``botocore``] This release adds the ability to create ESMs with Document
DB change streams as event source. For more information see
https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for HDR10 to SDR tone mapping, and animated GIF video input sources.
* api-change:``timestream-write``: [``botocore``] This release adds the ability to ingest batched
historical data or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.26.79
* api-change:``connect``: [``botocore``] StartTaskContact API now supports linked task creation
with a new optional RelatedContactId parameter
* api-change:``connectcases``: [``botocore``] This release adds the ability to delete domains
through the DeleteDomain API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``redshift``: [``botocore``] Documentation updates for Redshift API bringing it in
line with IAM best practices.
* api-change:``securityhub``: [``botocore``] New Security Hub APIs and updates to existing APIs
that help you consolidate control findings and enable and disable controls across all supported
standards
* api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- Update BuildRequires and Requires from setup.py
- Update to 1.26.78
* api-change:``appflow``: [``botocore``] This release enables the customers to choose whether to
use Private Link for Metadata and Authorization call when using a private Salesforce connections
* api-change:``ecs``: [``botocore``] This release supports deleting Amazon ECS task definitions
that are in the INACTIVE state.
* api-change:``grafana``: [``botocore``] Doc-only update. Updated information on attached role
policies for customer provided roles
* api-change:``guardduty``: [``botocore``] Updated API and data types descriptions for
CreateFilter, UpdateFilter, and TriggerDetails.
* api-change:``iotwireless``: [``botocore``] In this release, we add additional capabilities for
the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy
ratio of the FUOTA tasks
* api-change:``location``: [``botocore``] This release adds support for using Maps APIs with an API
Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting
API Keys.
* api-change:``macie2``: [``botocore``] This release adds support for a new finding type,
Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
shared with an Amazon CloudFront OAI or OAC.
* api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF v2 web ACL with an AWS App
Runner service.
- from version 1.26.77
* api-change:``chime-sdk-voice``: [``botocore``] This release introduces support for Voice
Connector media metrics in the Amazon Chime SDK Voice namespace
* api-change:``cloudfront``: [``botocore``] CloudFront now supports block lists in origin request
policies so that you can forward all headers, cookies, or query string from viewer requests to the
origin *except* for those specified in the block list.
* api-change:``datasync``: [``botocore``] AWS DataSync has relaxed the minimum length constraint of
AccessKey for Object Storage locations to 1.
* api-change:``opensearch``: [``botocore``] This release lets customers configure Off-peak window
and software update related properties for a new/existing domain. It enhances the capabilities of
StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
allows Auto-tune to make use of Off-peak window.
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports CloudWatch Custom Metrics
* api-change:``ssm``: [``botocore``] Document only update for Feb 2023
- from version 1.26.76
* api-change:``quicksight``: [``botocore``] S3 data sources now accept a custom IAM role.
* api-change:``resiliencehub``: [``botocore``] In this release we improved resilience hub
application creation and maintenance by introducing new resource and app component crud APIs,
improving visibility and maintenance of application input sources and added support for additional
information attributes to be provided by customers.
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``tnb``: [``botocore``] This is the initial SDK release for AWS Telco Network Builder
(TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage
telecom networks.
- from version 1.26.75
* bugfix:SSO: [``botocore``] Fixes aws/aws-cli`#7496
<https://github.com/aws/aws-cli/issues/7496>`__ by using the correct profile name rather than the
one set in the session.
* api-change:``auditmanager``: [``botocore``] This release introduces a
ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation.
* api-change:``connect``: [``botocore``] Reasons for failed diff has been approved by SDK Reviewer
- from version 1.26.74
* api-change:``apprunner``: [``botocore``] This release supports removing MaxSize limit for
AutoScalingConfiguration.
* api-change:``glue``: [``botocore``] Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.26.73
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``grafana``: [``botocore``] With this release Amazon Managed Grafana now supports
inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
* api-change:``ivs``: [``botocore``] Doc-only update. Updated text description in DeleteChannel,
Stream, and StreamSummary.
* api-change:``wafv2``: [``botocore``] Added a notice for account takeover prevention (ATP). The
interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region
US East (N. Virginia), without returning an error. ATP response inspection is only available in web
ACLs that protect CloudFront distributions.
- from version 1.26.72
* api-change:``cloudtrail``: [``botocore``] This release adds an
InsufficientEncryptionPolicyException type to the StartImport endpoint
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``frauddetector``: [``botocore``] This release introduces Lists feature which allows
customers to reference a set of values in Fraud Detector's rules. With Lists, customers can
dynamically manage these attributes in real time. Lists can be created/deleted and its contents can
be modified using the Fraud Detector API.
* api-change:``glue``: [``botocore``] Fix DirectJDBCSource not showing up in CLI code gen
* api-change:``privatenetworks``: [``botocore``] This release introduces a new
StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite.
* api-change:``rds``: [``botocore``] Database Activity Stream support for RDS for SQL Server.
* api-change:``wafv2``: [``botocore``] For protected CloudFront distributions, you can now use the
AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login
attempts from clients that have recently submitted too many failed login attempts.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.71
* api-change:``appconfig``: [``botocore``] AWS AppConfig now offers the option to set a version
label on hosted configuration versions. Version labels allow you to identify specific hosted
configuration versions based on an alternate versioning scheme that you define.
* api-change:``datasync``: [``botocore``] With this launch, we are giving customers the ability to
use older SMB protocol versions, enabling them to use DataSync to copy data to and from their
legacy storage arrays.
* api-change:``ec2``: [``botocore``] With this release customers can turn host maintenance on or
off when allocating or modifying a supported dedicated host. Host maintenance is turned on by
default for supported hosts.
- from version 1.26.70
* api-change:``account``: [``botocore``] This release of the Account Management API enables
customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account.
For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
* api-change:``appconfigdata``: [``botocore``] AWS AppConfig now offers the option to set a version
label on hosted configuration versions. If a labeled hosted configuration version is deployed, its
version label is available in the GetLatestConfiguration response.
* api-change:``snowball``: [``botocore``] Adds support for EKS Anywhere on Snowball. AWS Snow
Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.26.69
* api-change:``autoscaling``: [``botocore``] You can now either terminate/replace, ignore, or wait
for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back
changes from a failed instance refresh.
* api-change:``connect``: [``botocore``] This update provides the Wisdom session ARN for contacts
enabled for Wisdom in the chat channel.
* api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for an
imported snapshot until it reaches the completed state.
* api-change:``polly``: [``botocore``] Amazon Polly adds two new neural Japanese voices - Kazuha,
Tomoko
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for selecting
algorithms in CreateAutoMLJob API.
* api-change:``sns``: [``botocore``] This release adds support for SNS X-Ray active tracing as well
as other updates.
- from version 1.26.68
* api-change:``chime-sdk-meetings``: [``botocore``] Documentation updates for Chime Meetings SDK
* api-change:``emr-containers``: [``botocore``] EMR on EKS allows configuring retry policies for
job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be
restarted automatically if it fails or is deleted. The job's status can be seen in the
DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events.
* api-change:``evidently``: [``botocore``] Updated entity overrides parameter to accept up to 2500
overrides or a total of 40KB.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for
creating environments with a network fabric type of NONE
* api-change:``workdocs``: [``botocore``] Doc only update for the WorkDocs APIs.
* api-change:``workspaces``: [``botocore``] Removed Windows Server 2016 BYOL and made changes based
on IAM campaign.
- from version 1.26.67
* api-change:``backup``: [``botocore``] This release added one attribute (resource name) in the
output model of our 9 existing APIs in AWS backup so that customers will see the resource name at
the output. No input required from Customers.
* api-change:``cloudfront``: [``botocore``] CloudFront Origin Access Control extends support to AWS
Elemental MediaStore origins.
* api-change:``glue``: [``botocore``] DirectJDBCSource + Glue 4.0 streaming options
* api-change:``lakeformation``: [``botocore``] This release removes the LFTagpolicyResource
expression limits.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.66
* api-change:``transfer``: [``botocore``] Updated the documentation for the ImportCertificate API
call, and added examples.
- from version 1.26.65
* api-change:``compute-optimizer``: [``botocore``] AWS Compute optimizer can now infer if Kafka is
running on an instance.
* api-change:``customer-profiles``: [``botocore``] This release deprecates the PartyType and Gender
enum data types from the Profile model and replaces them with new PartyTypeString and GenderString
attributes, which accept any string of length up to 255.
* api-change:``frauddetector``: [``botocore``] My AWS Service (Amazon Fraud Detector) - This
release introduces Cold Start Model Training which optimizes training for small datasets and adds
intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or
Transaction Fraud Insights models with minimal historical-data.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added improved
scene change detection capabilities and a bandwidth reduction filter, along with video quality
enhancements, to the AVC encoder.
* api-change:``outposts``: [``botocore``] Adds OrderType to Order structure. Adds PreviousOrderId
and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
length of pagination token.
- from version 1.26.64
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.9
* api-change:``proton``: [``botocore``] Add new GetResourcesSummary API
* api-change:``redshift``: [``botocore``] Corrects descriptions of the parameters for the API
operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.26.63
* api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK)
encryption of configuration data, along with AWS Secrets Manager as a new configuration data
source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now
supported.
* api-change:``connect``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``keyspaces``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``quicksight``: [``botocore``] QuickSight support for Radar Chart and Dashboard
Publish Options
* api-change:``redshift``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``sso-admin``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.62
* bugfix:``s3``: [``botocore``] boto3 no longer overwrites user supplied `Content-Encoding` with
`aws-chunked` when user also supplies `ChecksumAlgorithm`.
* api-change:``devops-guru``: [``botocore``] This release adds filter support ListAnomalyForInsight
API.
* api-change:``forecast``: [``botocore``] This release will enable customer select INCREMENTAL as
ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required
attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly
has added support for program updates, and the ability to clip the end of VOD sources in programs.
* api-change:``sns``: [``botocore``] Additional attributes added for set-topic-attributes.
- from version 1.26.61
* api-change:``accessanalyzer``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``appsync``: [``botocore``] This release introduces the feature to support EventBridge
as AppSync data source.
* api-change:``cloudtrail-data``: [``botocore``] Add CloudTrail Data Service to enable users to
ingest activity events from non-AWS sources into CloudTrail Lake.
* api-change:``cloudtrail``: [``botocore``] Add new "/Channel"/ APIs to enable users to manage
channels used for CloudTrail Lake integrations, and "/Resource Policy"/ APIs to enable users to
manage the resource-based permissions policy attached to a channel.
* api-change:``codeartifact``: [``botocore``] This release introduces a new DeletePackage API,
which enables deletion of a package and all of its versions from a repository.
* api-change:``connectparticipant``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
regions in SDK.
* api-change:``ec2``: [``botocore``] This launch allows customers to associate up to 8 IP addresses
to their NAT Gateways to increase the limit on concurrent connections to a single destination by
eight times from 55K to 440K.
* api-change:``groundstation``: [``botocore``] DigIF Expansion changes to the Customer APIs.
* api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Cloudwatch Logs action
batch mode.
* api-change:``kinesis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option for a VPC
endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3.
You can now use remote reindex to copy indices from one VPC domain to another without a reverse
proxy.
* api-change:``outposts``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``polly``: [``botocore``] Amazon Polly adds two new neural American English voices -
Ruth, Stephen
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
more completion criteria for Hyperparameter Optimization.
* api-change:``securityhub``: [``botocore``] New fields have been added to the AWS Security Finding
Format. Compliance.SecurityControlId is a unique identifier for a security control across
standards. Compliance.AssociatedStandards contains all enabled standards in which a security
control is enabled.
* api-change:``support``: [``botocore``] This fixes incorrect endpoint construction when a customer
is explicitly setting a region.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.60
* api-change:``clouddirectory``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``cloudformation``: [``botocore``] This feature provides a method of obtaining which
regions a stackset has stack instances deployed in.
* api-change:``discovery``: [``botocore``] Update ImportName validation to 255 from the current
length of 100
* api-change:``dlm``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: [``botocore``] We add Prefix Lists as a new route destination option for
LocalGatewayRoutes. This will allow customers to create routes to Prefix Lists. Prefix List routes
will allow customers to group individual CIDR routes with the same target into a single route.
* api-change:``imagebuilder``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``kafka``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``mediaconvert``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``swf``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.59
* api-change:``application-autoscaling``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
regions in SDK.
* api-change:``appstream``: [``botocore``] Fixing the issue where Appstream waiters hang for
fleet_started and fleet_stopped.
* api-change:``elasticbeanstalk``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions
in SDK.
* api-change:``fis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``glacier``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrass``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrassv2``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) in SDK.
* api-change:``mediatailor``: [``botocore``] This release introduces the As Run logging type, along
with API and documentation updates.
* api-change:``outposts``: [``botocore``] Adding support for payment term in GetOrder, CreateOrder
responses.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] This release supports running SageMaker Training jobs
with container images that are in a private Docker registry.
* api-change:``serverlessrepo``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.58
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``iotfleetwise``: [``botocore``] Add model validation to BatchCreateVehicle and
BatchUpdateVehicle operations that invalidate requests with an empty vehicles list.
* api-change:``s3``: [``botocore``] Allow FIPS to be used with path-style URLs.
- from version 1.26.57
* api-change:``cloudformation``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``ec2``: [``botocore``] This release adds new functionality that allows customers to
provision IPv6 CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing
customers to utilize IPAM Resource Discovery APIs.
* api-change:``m2``: [``botocore``] Add returnCode, batchJobIdentifier in GetBatchJobExecution
response, for user to view the batch job execution result & unique identifier from engine. Also
removed unused headers from REST APIs
* api-change:``polly``: [``botocore``] Add 5 new neural voices - Sergio (es-ES), Andres (es-MX),
Remi (fr-FR), Adriano (it-IT) and Thiago (pt-BR).
* api-change:``redshift-serverless``: [``botocore``] Added query monitoring rules as possible
parameters for create and update workgroup operations.
* api-change:``s3control``: [``botocore``] Add additional endpoint tests for S3 Control. Fix
missing endpoint parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix,
those operations may have resulted in an invalid endpoint being resolved.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now decouples from Model
Registry and could accept Model Name to invoke inference recommendations job; Inference Recommender
now provides CPU/Memory Utilization metrics data in recommendation output.
* api-change:``sts``: [``botocore``] Doc only change to update wording in a key topic
- from version 1.26.56
* api-change:``databrew``: [``botocore``] Enabled FIPS us-gov-west-1 endpoints in SDK.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Melbourne)
Region (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs
in that region.
* api-change:``ssm-sap``: [``botocore``] This release provides updates to documentation and support
for listing operations performed by AWS Systems Manager for SAP.
- from version 1.26.55
* api-change:``lambda``: [``botocore``] Release Lambda RuntimeManagementConfig, enabling customers
to better manage runtime updates to their Lambda functions. This release adds two new APIs,
GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
Create/Get/Update function APIs.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now supports P4de instance
types.
- from version 1.26.54
* api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd
Generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of
3.5 GHz.
* api-change:``ivs``: [``botocore``] API and Doc update. Update to arns field in BatchGetStreamKey.
Also updates to operations and structures.
* api-change:``quicksight``: [``botocore``] This release adds support for data bars in QuickSight
table and increases pivot table field well limit.
- from version 1.26.53
* api-change:``appflow``: [``botocore``] Adding support for Salesforce Pardot connector in Amazon
AppFlow.
* api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
* api-change:``connect``: [``botocore``] Amazon Connect Chat introduces Persistent Chat, allowing
customers to resume previous conversations with context and transcripts carried over from previous
chats, eliminating the need to repeat themselves and allowing agents to provide personalized
service with access to entire conversation history.
* api-change:``connectparticipant``: [``botocore``] This release updates Amazon Connect
Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
* api-change:``ec2``: [``botocore``] Adds SSM Parameter Resource Aliasing support to EC2 Launch
Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs.
CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag,
ResolveAlias, to return the resolved parameter value.
* api-change:``glue``: [``botocore``] Release Glue Studio Hudi Data Lake Format for SDK/CLI
* api-change:``groundstation``: [``botocore``] Add configurable prepass and postpass times for
DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
through ReserveContact
* api-change:``logs``: [``botocore``] Bug fix - Removed the regex pattern validation from
CoralModel to avoid potential security issue.
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for SCTE 35
preRollMilliSeconds.
* api-change:``opensearch``: [``botocore``] This release adds the enhanced dry run option, that
checks for validation errors that might occur when deploying configuration changes and provides a
summary of these errors, if any. The feature will also indicate whether a blue/green deployment
will be required to apply a change.
* api-change:``panorama``: [``botocore``] Added AllowMajorVersionUpdate option to OTAJobConfig to
make appliance software major version updates opt-in.
* api-change:``sagemaker``: [``botocore``] HyperParameterTuningJobs now allow passing environment
variables into the corresponding TrainingJobs
- Update BuildRequires and Requires from setup.py
- Update to 1.26.52
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``ivschat``: [``botocore``] Updates the range for a Chat Room's
maximumMessageRatePerSecond field.
* api-change:``wafv2``: [``botocore``] Improved the visibility of the guidance for updating AWS WAF
resources, such as web ACLs and rule groups.
- from version 1.26.51
* api-change:``billingconductor``: [``botocore``] This release adds support for SKU Scope for
pricing plans.
* api-change:``cloud9``: [``botocore``] Added minimum value to AutomaticStopTimeMinutes parameter.
* api-change:``imagebuilder``: [``botocore``] Add support for AWS Marketplace product IDs as input
during CreateImageRecipe for the parent-image parameter. Add support for listing third-party
components.
* api-change:``network-firewall``: [``botocore``] Network Firewall now allows creation of dual
stack endpoints, enabling inspection of IPv6 traffic.
- from version 1.26.50
* api-change:``connect``: [``botocore``] This release updates the responses of
UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName and DeleteContactFlow
API with empty responses.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``outposts``: [``botocore``] This release adds POWER_30_KVA as an option for
PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure in the CreateSite
request.
* api-change:``resource-groups``: [``botocore``] AWS Resource Groups customers can now turn on
Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your
groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as
events that you can respond to using rules you create.
- from version 1.26.49
* api-change:``cleanrooms``: [``botocore``] Initial release of AWS Clean Rooms
* api-change:``lambda``: [``botocore``] Add support for MaximumConcurrency parameter for SQS event
source. Customers can now limit the maximum concurrent invocations for their SQS Event Source
Mapping.
* api-change:``logs``: [``botocore``] Bug fix: logGroupName is now not a required field in
GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams APIs as logGroupIdentifier
can be provided instead
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for compact DASH manifest generation, audio normalization using TruePeak measurements, and the
ability to clip the sample range in the color corrector.
* api-change:``secretsmanager``: [``botocore``] Update documentation for new ListSecrets and
DescribeSecret parameters
- from version 1.26.48
* api-change:``kendra``: [``botocore``] This release adds support to new document types - RTF, XML,
XSLT, MS_EXCEL, CSV, JSON, MD
- from version 1.26.47
* api-change:``location``: [``botocore``] This release adds support for two new route travel
models, Bicycle and Motorcycle which can be used with Grab data source.
* api-change:``rds``: [``botocore``] This release adds support for configuring allocated storage on
the CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot, and
RestoreDBInstanceToPointInTime APIs.
- from version 1.26.46
* api-change:``ecr-public``: [``botocore``] This release for Amazon ECR Public makes several change
to bring the SDK into sync with the API.
* api-change:``kendra-ranking``: [``botocore``] Introducing Amazon Kendra Intelligent Ranking, a
new set of Kendra APIs that leverages Kendra semantic ranking capabilities to improve the quality
of search results from other search services (i.e. OpenSearch, ElasticSearch, Solr).
* api-change:``network-firewall``: [``botocore``] Network Firewall now supports the Suricata rule
action reject, in addition to the actions pass, drop, and alert.
* api-change:``ram``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``workspaces-web``: [``botocore``] This release adds support for a new portal
authentication type: AWS IAM Identity Center (successor to AWS Single Sign-On).
- from version 1.26.45
* api-change:``acm-pca``: [``botocore``] Added revocation parameter validation: bucket names must
match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions on the use of special
characters in URIs.
* api-change:``auditmanager``: [``botocore``] This release introduces a new data retention option
in your Audit Manager settings. You can now use the DeregistrationPolicy parameter to specify if
you want to delete your data when you deregister Audit Manager.
- from version 1.26.44
* api-change:``amplifybackend``: [``botocore``] Updated GetBackendAPIModels response to include
ModelIntrospectionSchema json string
* api-change:``apprunner``: [``botocore``] This release adds support of securely referencing
secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding
them as environment secrets in your App Runner service.
* api-change:``connect``: [``botocore``] Documentation update for a new Initiation Method value in
DescribeContact API
* api-change:``emr-serverless``: [``botocore``] Adds support for customized images. You can now
provide runtime images when creating or updating EMR Serverless Applications.
* api-change:``lightsail``: [``botocore``] Documentation updates for Amazon Lightsail.
* api-change:``mwaa``: [``botocore``] MWAA supports Apache Airflow version 2.4.3.
* api-change:``rds``: [``botocore``] This release adds support for specifying which certificate
authority (CA) to use for a DB instance's server certificate during DB instance creation, as well
as other CA enhancements.
- from version 1.26.43
* api-change:``application-autoscaling``: [``botocore``] Customers can now use the existing
DescribeScalingActivities API to also see the detailed and machine-readable reasons for Application
Auto Scaling not scaling their resources and, if needed, take the necessary corrective actions.
* api-change:``logs``: [``botocore``] Update to remove sequenceToken as a required field in
PutLogEvents calls.
* api-change:``ssm``: [``botocore``] Adding support for QuickSetup Document Type in Systems Manager
- Update BuildRequires and Requires from setup.py
- update to 1.26.42:
* api-change:``securitylake``: [``botocore``] Allow CreateSubscriber API
to take string input that allows setting more descriptive
SubscriberDescription field. Make souceTypes field required in model
level for UpdateSubscriberRequest as it is required for every API call
on the backend. Allow ListSubscribers take any String as nextToken
param.
- Update to version 1.26.41
* api-change:``cloudfront``: [``botocore``] Extend response headers policy to support removing
headers from viewer responses
* api-change:``iotfleetwise``: [``botocore``] Update documentation - correct the epoch constant
value of default value for expiryTime field in CreateCampaign request.
- from version 1.26.40
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``secretsmanager``: [``botocore``] Added owning service filter, include planned
deletion flag, and next rotation date response parameter in ListSecrets.
* api-change:``wisdom``: [``botocore``] This release extends Wisdom CreateContent and
StartContentUpload APIs to support PDF and MicrosoftWord docx document uploading.
- from version 1.26.39
* api-change:``elasticache``: [``botocore``] This release allows you to modify the encryption in
transit setting, for existing Redis clusters. You can now change the TLS configuration of your
Redis clusters without the need to re-build or re-provision the clusters or impact application
availability.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now provides status messages
for firewalls to help you troubleshoot when your endpoint fails.
* api-change:``rds``: [``botocore``] This release adds support for Custom Engine Version (CEV) on
RDS Custom SQL Server.
* api-change:``route53-recovery-control-config``: [``botocore``] Added support for Python
paginators in the route53-recovery-control-config List* APIs.
- from version 1.26.38
* api-change:``memorydb``: [``botocore``] This release adds support for MemoryDB Reserved nodes
which provides a significant discount compared to on-demand node pricing. Reserved nodes are not
physical nodes, but rather a billing discount applied to the use of on-demand nodes in your account.
* api-change:``transfer``: [``botocore``] Add additional operations to throw ThrottlingExceptions
- from version 1.26.37
* api-change:``connect``: [``botocore``] Support for Routing Profile filter, SortCriteria, and
grouping by Routing Profiles for GetCurrentMetricData API. Support for RoutingProfiles,
UserHierarchyGroups, and Agents as filters, NextStatus and AgentStatusName for GetCurrentUserData.
Adds ApproximateTotalCount to both APIs.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat introduces the Message
Receipts feature. This feature allows agents and customers to receive message delivered and read
receipts after they send a chat message.
* api-change:``detective``: [``botocore``] This release adds a missed AccessDeniedException type to
several endpoints.
* api-change:``fsx``: [``botocore``] Fix a bug where a recent release might break certain existing
SDKs.
* api-change:``inspector2``: [``botocore``] Amazon Inspector adds support for scanning NodeJS 18.x
and Go 1.x AWS Lambda function runtimes.
- from version 1.26.36
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
analyze and generate optimization recommendations for ecs services running on Fargate.
* api-change:``connect``: [``botocore``] Amazon Connect Chat introduces the Idle
Participant/Autodisconnect feature, which allows users to set timeouts relating to the activity of
chat participants, using the new UpdateParticipantRoleConfig API.
* api-change:``iotdeviceadvisor``: [``botocore``] This release adds the following new features: 1)
Documentation updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT
Device Advisor APIs. 3) Added new service feature: ability to provide the test endpoint when
customer executing the StartSuiteRun API.
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
real-time streaming, as well as media ingestion to the cloud.
* api-change:``rds``: [``botocore``] Add support for managing master user password in AWS Secrets
Manager for the DBInstance and DBCluster.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.26.35
* api-change:``connect``: [``botocore``] Amazon Connect Chat now allows for JSON (application/json)
message types to be sent as part of the initial message in the StartChatContact API.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat now allows for JSON
(application/json) message types to be sent in the SendMessage API.
* api-change:``license-manager-linux-subscriptions``: [``botocore``] AWS License Manager now offers
cross-region, cross-account tracking of commercial Linux subscriptions on AWS. This includes
subscriptions purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or
brought to AWS via Red Hat Cloud Access Program.
* api-change:``macie2``: [``botocore``] This release adds support for analyzing Amazon S3 objects
that use the S3 Glacier Instant Retrieval (Glacier_IR) storage class.
* api-change:``sagemaker``: [``botocore``] This release enables adding RStudio Workbench support to
an existing Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
parameters for existing domains
* api-change:``scheduler``: [``botocore``] Updated the ListSchedules and ListScheduleGroups APIs to
allow the NamePrefix field to start with a number. Updated the validation for executionRole field
to support any role name.
* api-change:``ssm``: [``botocore``] Doc-only updates for December 2022.
* api-change:``support``: [``botocore``] Documentation updates for the AWS Support API
* api-change:``transfer``: [``botocore``] This release adds support for Decrypt as a workflow step
type.
- from version 1.26.34
* api-change:``batch``: [``botocore``] Adds isCancelled and isTerminated to DescribeJobs response.
* api-change:``ec2``: [``botocore``] Adds support for pagination in the EC2 DescribeImages API.
* api-change:``lookoutequipment``: [``botocore``] This release adds support for listing inference
schedulers by status.
* api-change:``medialive``: [``botocore``] This release adds support for two new features to AWS
Elemental MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now
now support the ability to decode Dolby E audio when it comes in on an input.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports configuring session
storage volumes and persistence, as well as backup and restore sessions through launch profiles.
* api-change:``resource-explorer-2``: [``botocore``] Documentation updates for AWS Resource
Explorer.
* api-change:``route53domains``: [``botocore``] Use Route 53 domain APIs to change owner,
create/delete DS record, modify IPS tag, resend authorization. New:
AssociateDelegationSignerToDomain, DisassociateDelegationSignerFromDomain, PushDomain,
ResendOperationAuthorization. Updated: UpdateDomainContact, ListOperations,
CheckDomainTransferability.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for new
objective metrics in CreateAutoMLJob API.
* api-change:``transcribe``: [``botocore``] Enable our batch transcription jobs for Swedish and
Vietnamese.
- from version 1.26.33
* api-change:``athena``: [``botocore``] Add missed InvalidRequestException in
GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
* api-change:``ecs``: [``botocore``] This release adds support for alarm-based rollbacks in ECS, a
new feature that allows customers to add automated safeguards for Amazon ECS service rolling
updates.
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
real-time streaming, as well as media ingestion to the cloud.
* api-change:``kinesisvideo``: [``botocore``] Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``rds``: [``botocore``] Add support for --enable-customer-owned-ip to RDS
create-db-instance-read-replica API for RDS on Outposts.
* api-change:``sagemaker``: [``botocore``] AWS Sagemaker - Sagemaker Images now supports Aliases as
secondary identifiers for ImageVersions. SageMaker Images now supports additional metadata for
ImageVersions for better images management.
- from version 1.26.32
* enhancement:s3: s3.transfer methods accept path-like objects as input
* api-change:``appflow``: [``botocore``] This release updates the ListConnectorEntities API action
so that it returns paginated responses that customers can retrieve with next tokens.
* api-change:``cloudfront``: [``botocore``] Updated documentation for CloudFront
* api-change:``datasync``: [``botocore``] AWS DataSync now supports the use of tags with task
executions. With this new feature, you can apply tags each time you execute a task, giving you
greater control and management over your task executions.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``guardduty``: [``botocore``] This release provides the valid characters for the
Description and Name field.
* api-change:``iotfleetwise``: [``botocore``] Updated error handling for empty resource names in
"/UpdateSignalCatalog"/ and "/GetModelManifest"/ operations.
* api-change:``sagemaker``: [``botocore``] AWS sagemaker - Features: This release adds support for
random seed, it's an integer value used to initialize a pseudo-random number generator. Setting a
random seed will allow the hyperparameter tuning search strategies to produce more consistent
configurations for the same tuning job.
- from version 1.26.31
* api-change:``backup-gateway``: [``botocore``] This release adds support for VMware vSphere tags,
enabling customer to protect VMware virtual machines using tag-based policies for AWS tags mapped
from vSphere tags. This release also adds support for customer-accessible gateway-hypervisor
interaction log and upload bandwidth rate limit schedule.
* api-change:``connect``: [``botocore``] Added support for "/English - New Zealand"/ and "/English -
South African"/ to be used with Amazon Connect Custom Vocabulary APIs.
* api-change:``ecs``: [``botocore``] This release adds support for container port ranges in ECS, a
new capability that allows customers to provide container port ranges to simplify use cases where
multiple ports are in use in a container. This release updates TaskDefinition mutation APIs and the
Task description APIs.
* api-change:``eks``: [``botocore``] Add support for Windows managed nodes groups.
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with native
DeltaLake tables, allowing Crawlers to classify Delta Lake format tables and catalog them for query
engines to query against.
* api-change:``kinesis``: [``botocore``] Added StreamARN parameter for Kinesis Data Streams APIs.
Added a new opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when
accessing Kinesis Data Streams.
* api-change:``location``: [``botocore``] This release adds support for a new style,
"/VectorOpenDataStandardLight"/ which can be used with the new data source, "/Open Data Maps
(Preview)"/.
* api-change:``m2``: [``botocore``] Adds an optional create-only `KmsKeyId` property to Environment
and Application resources.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now allows customers to
load tests their models on various instance types using private VPC.
* api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and
AwsWafv2RuleGroup.
* api-change:``translate``: [``botocore``] Raised the input byte size limit of the Text field in
the TranslateText API to 10000 bytes.
- from version 1.26.30
* api-change:``ce``: [``botocore``] This release supports percentage-based thresholds on Cost
Anomaly Detection alert subscriptions.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``networkmanager``: [``botocore``] Appliance Mode support for AWS Cloud WAN.
* api-change:``redshift-data``: [``botocore``] This release adds a new --client-token field to
ExecuteStatement and BatchExecuteStatement operations. Customers can now run queries with the
additional client token parameter to ensures idempotency.
* api-change:``sagemaker-metrics``: [``botocore``] Update SageMaker Metrics documentation.
- from version 1.26.29
* api-change:``cloudtrail``: [``botocore``] Merging mainline branch for service model into mainline
release branch. There are no new APIs.
* api-change:``rds``: [``botocore``] This deployment adds ClientPasswordAuthType field to the Auth
structure of the DBProxy.
- from version 1.26.28
* bugfix:Endpoint provider: [``botocore``] Updates ARN parsing ``resourceId`` delimiters
* api-change:``customer-profiles``: [``botocore``] This release allows custom strings in PartyType
and Gender through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString
and GenderString.
* api-change:``ec2``: [``botocore``] This release updates DescribeFpgaImages to show supported
instance types of AFIs in its response.
* api-change:``kinesisvideo``: [``botocore``] This release adds support for public preview of
Kinesis Video Stream at Edge enabling customers to provide configuration for the Kinesis Video
Stream EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras
and stream videos to the cloud on configured schedule.
* api-change:``lookoutvision``: [``botocore``] This documentation update adds kms:GenerateDataKey
as a required permission to StartModelPackagingJob.
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for Lambda
alias service endpoints. Lambda alias ARNs can now be passed into CreateService.
* api-change:``rds``: [``botocore``] Update the RDS API model to support copying option groups
during the CopyDBSnapshot operation
* api-change:``rekognition``: [``botocore``] Adds support for "/aliases"/ and "/categories"/, inclusion
and exclusion filters for labels and label categories, and aggregating labels by video segment
timestamps for Stored Video Label Detection APIs.
* api-change:``sagemaker-metrics``: [``botocore``] This release introduces support SageMaker
Metrics APIs.
* api-change:``wafv2``: [``botocore``] Documents the naming requirement for logging destinations
that you use with web ACLs.
- from version 1.26.27
* api-change:``iotfleetwise``: [``botocore``] Deprecated assignedValue property for actuators and
attributes. Added a message to invalid nodes and invalid decoder manifest exceptions.
* api-change:``logs``: [``botocore``] Doc-only update for CloudWatch Logs, for Tagging Permissions
clarifications
* api-change:``medialive``: [``botocore``] Link devices now support buffer size (latency)
configuration. A higher latency value means a longer delay in transmitting from the device to
MediaLive, but improved resiliency. A lower latency value means a shorter delay, but less
resiliency.
* api-change:``mediapackage-vod``: [``botocore``] This release provides the approximate number of
assets in a packaging group.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.26
* enhancement:Endpoint Provider Standard Library: [``botocore``] Correct spelling of 'library' in
``StandardLibrary`` class
* api-change:``autoscaling``: [``botocore``] Adds support for metric math for target tracking
scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also
adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new
health check type to the CreateAutoScalingGroup API.
* api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1) New
APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support
user friendly names for component types (ComponentTypeName) and properties (DisplayName).
* api-change:``migrationhubstrategy``: [``botocore``] This release adds known application
filtering, server selection for assessments, support for potential recommendations, and indications
for configuration and assessment status. For more information, see the AWS Migration Hub
documentation at https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.26.25
* api-change:``ce``: [``botocore``] This release adds the LinkedAccountName field to the
GetAnomalies API response under RootCause
* api-change:``cloudfront``: [``botocore``] Introducing UpdateDistributionWithStagingConfig that
can be used to promote the staging configuration to the production.
* api-change:``eks``: [``botocore``] Adds support for EKS add-ons configurationValues fields and
DescribeAddonConfiguration function
* api-change:``kms``: [``botocore``] Updated examples and exceptions for External Key Store (XKS).
- from version 1.26.24
* api-change:``billingconductor``: [``botocore``] This release adds the Tiering Pricing Rule
feature.
* api-change:``connect``: [``botocore``] This release provides APIs that enable you to
programmatically manage rules for Contact Lens conversational analytics and third party
applications. For more information, see
https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
* api-change:``dynamodb``: [``botocore``] Endpoint Ruleset update: Use http instead of https for
the "/local"/ region.
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``rds``: [``botocore``] This release adds the BlueGreenDeploymentNotFoundFault to the
AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] For online + offline Feature
Groups, added ability to target PutRecord and DeleteRecord actions to only online store, or only
offline store. If target store parameter is not specified, actions will apply to both stores.
- from version 1.26.23
* api-change:``ce``: [``botocore``] This release introduces two new APIs that offer a 1-click
experience to refresh Savings Plans recommendations. The two APIs are
StartSavingsPlansPurchaseRecommendationGeneration and
ListSavingsPlansPurchaseRecommendationGeneration.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``ivschat``: [``botocore``] Adds PendingVerification error type to messaging APIs to
block the resource usage for accounts identified as being fraudulent.
* api-change:``rds``: [``botocore``] This release adds the InvalidDBInstanceStateFault to the
RestoreDBClusterFromSnapshot operation.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports creating custom language
models in the following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.26.22
* api-change:``appsync``: [``botocore``] Fixes the URI for the evaluatecode endpoint to include the
/v1 prefix (ie. "//v1/dataplane-evaluatecode"/).
* api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports Fortigate Cloud Native
Firewall as a Service as a third-party policy type.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags
in DASH and CMAF outputs.
* api-change:``medialive``: [``botocore``] Updates to Event Signaling and Management (ESAM) API and
documentation.
* api-change:``polly``: [``botocore``] Add language code for Finnish (fi-FI)
* api-change:``proton``: [``botocore``] CreateEnvironmentAccountConnection RoleArn input is now
optional
* api-change:``redshift-serverless``: [``botocore``] Add Table Level Restore operations for Amazon
Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging
support to Snapshots and Recovery Points in Amazon Redshift Serverless.
* api-change:``sns``: [``botocore``] This release adds the message payload-filtering feature to the
SNS Subscribe, SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.21
* api-change:``codecatalyst``: [``botocore``] This release adds operations that support customers
using the AWS Toolkits and Amazon CodeCatalyst, a unified software development service that helps
developers develop, deploy, and maintain applications in the cloud. For more information, see the
documentation.
* api-change:``comprehend``: [``botocore``] Comprehend now supports semi-structured documents (such
as PDF files or image files) as inputs for custom analysis using the synchronous APIs
(ClassifyDocument and DetectEntities).
* api-change:``gamelift``: [``botocore``] GameLift introduces a new feature, GameLift Anywhere.
GameLift Anywhere allows you to integrate your own compute resources with GameLift. You can also
use GameLift Anywhere to iteratively test your game servers without uploading the build to GameLift
for every iteration.
* api-change:``pipes``: [``botocore``] AWS introduces new Amazon EventBridge Pipes which allow you
to connect sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any
code, with filtering, batching, input transformation, and an optional Enrichment stage (Lambda,
StepFunctions, ApiGateway, ApiDestinations)
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
- from version 1.26.20
* api-change:``accessanalyzer``: [``botocore``] This release adds support for S3 cross account
access points. IAM Access Analyzer will now produce public or cross account findings when it
detects bucket delegation to external account access points.
* api-change:``athena``: [``botocore``] This release includes support for using Apache Spark in
Amazon Athena.
* api-change:``dataexchange``: [``botocore``] This release enables data providers to license direct
access to data in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data
Exchange. Subscribers get read-only access to the data and can use it in downstream AWS services,
like Amazon Athena, without creating or managing copies.
* api-change:``docdb-elastic``: [``botocore``] Launched Amazon DocumentDB Elastic Clusters. You can
now use the SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which
helps you evaluate and monitor the quality of your data and includes the API for creating,
deleting, or updating data quality rulesets, runs and evaluations.
* api-change:``s3control``: [``botocore``] Amazon S3 now supports cross-account access points. S3
bucket owners can now allow trusted AWS accounts to create access points associated with their
bucket.
* api-change:``sagemaker-geospatial``: [``botocore``] This release provides Amazon SageMaker
geospatial APIs to build, train, deploy and visualize geospatial models.
* api-change:``sagemaker``: [``botocore``] Added Models as part of the Search API. Added Model
shadow deployments in realtime inference, and shadow testing in managed inference. Added support
for shared spaces, geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on
user profiles and domains, Model sharing in Jumpstart.
- from version 1.26.19
* api-change:``ec2``: [``botocore``] This release adds support for AWS Verified Access and the
Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon
Scalable processors.
* api-change:``firehose``: [``botocore``] Allow support for the Serverless offering for Amazon
OpenSearch Service as a Kinesis Data Firehose delivery destination.
* api-change:``kms``: [``botocore``] AWS KMS introduces the External Key Store (XKS), a new feature
for customers who want to protect their data with encryption keys stored in an external key
management system under their control.
* api-change:``omics``: [``botocore``] Amazon Omics is a new, purpose-built service that can be
used by healthcare and life science organizations to store, query, and analyze omics data. The
insights from that data can be used to accelerate scientific discoveries and improve healthcare.
* api-change:``opensearchserverless``: [``botocore``] Publish SDK for Amazon OpenSearch Serverless
* api-change:``securitylake``: [``botocore``] Amazon Security Lake automatically centralizes
security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in
your account. Security Lake makes it easier to analyze security data, so you can improve the
protection of your workloads, applications, and data
* api-change:``simspaceweaver``: [``botocore``] AWS SimSpace Weaver is a new service that helps
customers build spatial simulations at new levels of scale - resulting in virtual worlds with
millions of dynamic entities. See the AWS SimSpace Weaver developer guide for more details on how
to get started. https://docs.aws.amazon.com/simspaceweaver
- from version 1.26.18
* api-change:``arc-zonal-shift``: [``botocore``] Amazon Route 53 Application Recovery Controller
Zonal Shift is a new service that makes it easy to shift traffic away from an Availability Zone in
a Region. See the developer guide for more information:
https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
* api-change:``compute-optimizer``: [``botocore``] Adds support for a new recommendation preference
that makes it possible for customers to optimize their EC2 recommendations by utilizing an external
metrics ingestion service to provide metrics.
* api-change:``config``: [``botocore``] With this release, you can use AWS Config to evaluate your
resources for compliance with Config rules before they are created or updated. Using Config rules
in proactive mode enables you to test and build compliant resource templates or check resource
configurations at the time they are provisioned.
* api-change:``ec2``: [``botocore``] Introduces ENA Express, which uses AWS SRD and dynamic routing
to increase throughput and minimize latency, adds support for trust relationships between
Reachability Analyzer and AWS Organizations to enable cross-account analysis, and adds support for
Infrastructure Performance metric subscriptions.
* api-change:``eks``: [``botocore``] Adds support for additional EKS add-ons metadata and filtering
fields
* api-change:``fsx``: [``botocore``] This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP
file systems and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP,
this also adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route
table updates.
* api-change:``glue``: [``botocore``] This release allows the creation of Custom Visual Transforms
(Dynamic Transforms) to be created via AWS Glue CLI/SDK.
* api-change:``inspector2``: [``botocore``] This release adds support for Inspector to scan AWS
Lambda.
* api-change:``lambda``: [``botocore``] Adds support for Lambda SnapStart, which helps improve the
startup performance of functions. Customers can now manage SnapStart based functions via
CreateFunction and UpdateFunctionConfiguration APIs
* api-change:``license-manager-user-subscriptions``: [``botocore``] AWS now offers fully-compliant,
Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
launch instances on-demand without any long-term licensing commitments.
* api-change:``macie2``: [``botocore``] Added support for configuring Macie to continually sample
objects from S3 buckets and inspect them for sensitive data. Results appear in statistics,
findings, and other data that Macie provides.
* api-change:``quicksight``: [``botocore``] This release adds new Describe APIs and updates Create
and Update APIs to support the data model for Dashboards, Analyses, and Templates.
* api-change:``s3control``: [``botocore``] Added two new APIs to support Amazon S3 Multi-Region
Access Point failover controls: GetMultiRegionAccessPointRoutes and
SubmitMultiRegionAccessPointRoutes. The failover control APIs are supported in the following
Regions: us-east-1, us-west-2, eu-west-1, ap-southeast-2, and ap-northeast-1.
* api-change:``securityhub``: [``botocore``] Adding StandardsManagedBy field to DescribeStandards
API response
- from version 1.26.17
* bugfix:dynamodb: Fixes duplicate serialization issue in DynamoDB BatchWriter
* api-change:``backup``: [``botocore``] AWS Backup introduces support for legal hold and
application stack backups. AWS Backup Audit Manager introduces support for cross-Region,
cross-account reports.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``drs``: [``botocore``] Non breaking changes to existing APIs, and additional APIs
added to support in-AWS failing back using AWS Elastic Disaster Recovery.
* api-change:``ecs``: [``botocore``] This release adds support for ECS Service Connect, a new
capability that simplifies writing and operating resilient distributed applications. This release
updates the TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also
adds a new ListServicesByNamespace API.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 properties to AWS IoT
HTTP Publish API.
* api-change:``iot``: [``botocore``] Job scheduling enables the scheduled rollout of a Job with
start and end times and a customizable end behavior when end time is reached. This is available for
continuous and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish
Action.
* api-change:``iotwireless``: [``botocore``] This release includes a new feature for customers to
calculate the position of their devices by adding three new APIs: UpdateResourcePosition,
GetResourcePosition, and GetPositionEstimate.
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports preview of table information
from HTML tables in the search results. The most relevant cells with their corresponding rows,
columns are displayed as a preview in the search result. The most relevant table cell or cells are
also highlighted in table preview.
* api-change:``logs``: [``botocore``] Updates to support CloudWatch Logs data protection and
CloudWatch cross-account observability
* api-change:``mgn``: [``botocore``] This release adds support for Application and Wave management.
We also now support custom post-launch actions.
* api-change:``oam``: [``botocore``] Amazon CloudWatch Observability Access Manager is a new
service that allows configuration of the CloudWatch cross-account observability feature.
* api-change:``organizations``: [``botocore``] This release introduces delegated administrator for
AWS Organizations, a new feature to help you delegate the management of your Organizations
policies, enabling you to govern your AWS organization in a decentralized way. You can now allow
member accounts to manage Organizations policies.
* api-change:``rds``: [``botocore``] This release enables new Aurora and RDS feature called
Blue/Green Deployments that makes updates to databases safer, simpler and faster.
* api-change:``textract``: [``botocore``] This release adds support for classifying and splitting
lending documents by type, and extracting information by using the Analyze Lending APIs. This
release also includes support for summarized information of the processed lending document package,
in addition to per document results.
* api-change:``transcribe``: [``botocore``] This release adds support for 'inputType' for post-call
and real-time (streaming) Call Analytics within Amazon Transcribe.
- from version 1.26.16
* api-change:``grafana``: [``botocore``] This release includes support for configuring a Grafana
workspace to connect to a datasource within a VPC as well as new APIs for configuring Grafana
settings.
* api-change:``rbin``: [``botocore``] This release adds support for Rule Lock for Recycle Bin,
which allows you to lock retention rules so that they can no longer be modified or deleted.
- from version 1.26.15
* bugfix:Endpoints: [``botocore``] Resolve endpoint with default partition when no region is set
* bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 object lambda
* api-change:``appflow``: [``botocore``] Adding support for Amazon AppFlow to transfer the data to
Amazon Redshift databases through Amazon Redshift Data API service. This feature will support the
Redshift destination connector on both public and private accessible Amazon Redshift Clusters and
Amazon Redshift Serverless.
* api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.15 in Kinesis Data
Analytics.
- from version 1.26.14
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Hyderabad)
Region (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in
that region.
- from version 1.26.13
* api-change:``appflow``: [``botocore``] AppFlow provides a new API called
UpdateConnectorRegistration to update a custom connector that customers have previously registered.
With this API, customers no longer need to unregister and then register a connector to make an
update.
* api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
Manager: Evidence finder. You can now use evidence finder to quickly query your evidence, and add
the matching evidence results to an assessment report.
* api-change:``chime-sdk-voice``: [``botocore``] Amazon Chime Voice Connector, Voice Connector
Group and PSTN Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
* api-change:``cloudfront``: [``botocore``] CloudFront API support for staging distributions and
associated traffic management policies.
* api-change:``connect``: [``botocore``] Added AllowedAccessControlTags and TagRestrictedResource
for Tag Based Access Control on Amazon Connect Webpage
* api-change:``dynamodb``: [``botocore``] Updated minor fixes for DynamoDB documentation.
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``ec2``: [``botocore``] This release adds support for copying an Amazon Machine
Image's tags when copying an AMI.
* api-change:``glue``: [``botocore``] AWSGlue Crawler - Adding support for Table and Column level
Comments with database level datatypes for JDBC based crawler.
* api-change:``iot-roborunner``: [``botocore``] AWS IoT RoboRunner is a new service that makes it
easy to build applications that help multi-vendor robots work together seamlessly. See the IoT
RoboRunner developer guide for more details on getting started.
https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
* api-change:``quicksight``: [``botocore``] This release adds the following: 1) Asset management
for centralized assets governance 2) QuickSight Q now supports public embedding 3) New Termination
protection flag to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role
5) QuickSight supports connectivity to Databricks
* api-change:``sagemaker``: [``botocore``] Added DisableProfiler flag as a new field in
ProfilerConfig
* api-change:``servicecatalog``: [``botocore``] This release 1. adds support for Principal Name
Sharing with Service Catalog portfolio sharing. 2. Introduces repo sourced products which are
created and managed with existing SC APIs. These products are synced to external repos and auto
create new product versions based on changes in the repo.
* api-change:``ssm-sap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``transfer``: [``botocore``] Adds a NONE encryption algorithm type to AS2 connectors,
providing support for skipping encryption of the AS2 message body when a HTTPS URL is also
specified.
- from version 1.26.12
* api-change:``amplify``: [``botocore``] Adds a new value (WEB_COMPUTE) to the Platform enum that
allows customers to create Amplify Apps with Server-Side Rendering support.
* api-change:``appflow``: [``botocore``] AppFlow simplifies the preparation and cataloging of SaaS
data into the AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics
and ML services. AppFlow now also supports data field partitioning and file size optimization to
improve query performance and reduce cost.
* api-change:``appsync``: [``botocore``] This release introduces the APPSYNC_JS runtime, and adds
support for JavaScript in AppSync functions and AppSync pipeline resolvers.
* api-change:``dms``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) on DMS
Replication Instances
* api-change:``ec2``: [``botocore``] This release adds a new optional parameter "/privateIpAddress"/
for the CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4
address instead of having it be auto-assigned.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``emr-serverless``: [``botocore``] Adds support for AWS Graviton2 based applications.
You can now select CPU architecture when creating new applications or updating existing ones.
* api-change:``ivschat``: [``botocore``] Adds LoggingConfiguration APIs for IVS Chat - a feature
that allows customers to store and record sent messages in a chat room to S3 buckets, CloudWatch
logs, or Kinesis firehose.
* api-change:``lambda``: [``botocore``] Add Node 18 (nodejs18.x) support to AWS Lambda.
* api-change:``personalize``: [``botocore``] This release provides support for creation and use of
metric attributions in AWS Personalize
* api-change:``polly``: [``botocore``] Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports custom events. To use custom
events, create an app monitor or update an app monitor with CustomEvent Status as ENABLED.
* api-change:``s3control``: [``botocore``] Added 34 new S3 Storage Lens metrics to support
additional customer use cases.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
* api-change:``securityhub``: [``botocore``] Added SourceLayerArn and SourceLayerHash field for
security findings. Updated AwsLambdaFunction Resource detail
* api-change:``servicecatalog-appregistry``: [``botocore``] This release adds support for tagged
resource associations, which allows you to associate a group of resources with a defined resource
tag key and value to the application.
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
information from documents using the Signatures feature within Analyze Document API
* api-change:``workspaces``: [``botocore``] The release introduces CreateStandbyWorkspaces, an API
that allows you to create standby WorkSpaces associated with a primary WorkSpace in another Region.
DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
CreateWorkspaceBundle now return more bundle details.
- from version 1.26.11
* api-change:``batch``: [``botocore``] Documentation updates related to Batch on EKS
* api-change:``billingconductor``: [``botocore``] This release adds a new feature BillingEntity
pricing rule.
* api-change:``cloudformation``: [``botocore``] Added UnsupportedTarget HandlerErrorCode for use
with CFN Resource Hooks
* api-change:``comprehendmedical``: [``botocore``] This release supports new set of entities and
traits. It also adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
* api-change:``connect``: [``botocore``] This release adds a new MonitorContact API for initiating
monitoring of ongoing Voice and Chat contacts.
* api-change:``eks``: [``botocore``] Adds support for customer-provided placement groups for
Kubernetes control plane instances when creating local EKS clusters on Outposts
* api-change:``elasticache``: [``botocore``] for Redis now supports AWS Identity and Access
Management authentication access to Redis clusters starting with redis-engine version 7.0
* api-change:``iottwinmaker``: [``botocore``] This release adds the following: 1) ExecuteQuery API
allows users to query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to
configure and manage their pricing mode 3) Support for property groups and tabular property values
in existing AWS IoT TwinMaker APIs.
* api-change:``personalize-events``: [``botocore``] This release provides support for creation and
use of metric attributions in AWS Personalize
* api-change:``proton``: [``botocore``] Add support for sorting and filtering in
ListServiceInstances
* api-change:``rds``: [``botocore``] This release adds support for container databases (CDBs) to
Amazon RDS Custom for Oracle. A CDB contains one PDB at creation. You can add more PDBs using
Oracle SQL. You can also customize your database installation by setting the Oracle base, Oracle
home, and the OS user name and group.
* api-change:``ssm-incidents``: [``botocore``] Add support for PagerDuty integrations on
ResponsePlan, IncidentRecord, and RelatedItem APIs
* api-change:``ssm``: [``botocore``] This release adds support for cross account access in
CreateOpsItem, UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for
SSM resources: PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
* api-change:``transfer``: [``botocore``] Allow additional operations to throw ThrottlingException
* api-change:``xray``: [``botocore``] This release adds new APIs - PutResourcePolicy,
DeleteResourcePolicy, ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.26.10
* bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 on outpost
* enhancement:sso: [``botocore``] Add support for loading sso-session profiles from the aws config
* api-change:``connect``: [``botocore``] This release updates the APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
specified Amazon Connect instance.
* api-change:``greengrassv2``: [``botocore``] Adds new parent target ARN paramater to
CreateDeployment, GetDeployment, and ListDeployments APIs for the new subdeployments feature.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Spain) Region
(eu-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``ssmsap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``workspaces``: [``botocore``] This release introduces
ModifyCertificateBasedAuthProperties, a new API that allows control of certificate-based auth
properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now
additionally return certificate-based auth properties in its responses.
- from version 1.26.9
* api-change:``customer-profiles``: [``botocore``] This release enhances the SearchProfiles API by
providing functionality to search for profiles using multiple keys and logical operators.
* api-change:``lakeformation``: [``botocore``] This release adds a new parameter "/Parameters"/ in
the DataLakeSettings.
* api-change:``managedblockchain``: [``botocore``] Updating the API docs data type:
NetworkEthereumAttributes, and the operations DeleteNode, and CreateNode to also include the
supported Goerli network.
* api-change:``proton``: [``botocore``] Add support for CodeBuild Provisioning
* api-change:``rds``: [``botocore``] This release adds support for restoring an RDS Multi-AZ DB
cluster snapshot to a Single-AZ deployment or a Multi-AZ DB instance deployment.
* api-change:``workdocs``: [``botocore``] Added 2 new document related operations,
DeleteDocumentVersion and RestoreDocumentVersions.
* api-change:``xray``: [``botocore``] This release enhances GetServiceGraph API to support new type
of edge to represent links between SQS and Lambda in event-driven applications.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.8
* api-change:``glue``: [``botocore``] Added links related to enabling job bookmarks.
* api-change:``iot``: [``botocore``] This release add new api listRelatedResourcesForAuditFinding
and new member type IssuerCertificates for Iot device device defender Audit.
* api-change:``license-manager``: [``botocore``] AWS License Manager now supports onboarded
Management Accounts or Delegated Admins to view granted licenses aggregated from all accounts in
the organization.
* api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support tagging and
tag-based authorization: TagResource, UntagResource, and ListTagsForResource. Added optional
parameters to the StartChangeSet API to support tagging a resource while making a request to create
it.
* api-change:``rekognition``: [``botocore``] Adding support for ImageProperties feature to detect
dominant colors and image brightness, sharpness, and contrast, inclusion and exclusion filters for
labels and label categories, new fields to the API response, "/aliases"/ and "/categories"/
* api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub
* api-change:``ssm-incidents``: [``botocore``] RelatedItems now have an ID field which can be used
for referencing them else where. Introducing event references in TimelineEvent API and increasing
maximum length of "/eventData"/ to 12K characters.
- from version 1.26.7
* api-change:``autoscaling``: [``botocore``] This release adds a new price capacity optimized
allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances
via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare
capacity availability and Spot Instance price.
* api-change:``ec2``: [``botocore``] This release adds a new price capacity optimized allocation
strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto
Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity
availability and Spot Instance price.
* api-change:``ecs``: [``botocore``] This release adds support for task scale-in protection with
updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
service managed task from being terminated by scale-in events and getTaskProtection API to get the
scale-in protection status of a task.
* api-change:``es``: [``botocore``] Amazon OpenSearch Service now offers managed VPC endpoints to
connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This
feature allows you to privately access OpenSearch Service domain without using public IPs or
requiring traffic to traverse the Internet.
* api-change:``resource-explorer-2``: [``botocore``] Text only updates to some Resource Explorer
descriptions.
* api-change:``scheduler``: [``botocore``] AWS introduces the new Amazon EventBridge Scheduler.
EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks
from one central, managed service.
- from version 1.26.6
* api-change:``connect``: [``botocore``] This release adds new fields SignInUrl, UserArn, and
UserId to GetFederationToken response payload.
* api-change:``connectcases``: [``botocore``] This release adds the ability to disable templates
through the UpdateTemplate API. Disabling templates prevents customers from creating cases using
the template. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: [``botocore``] Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are
purpose built for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge
High Memory instances are purpose-built to run large in-memory databases.
* api-change:``groundstation``: [``botocore``] This release adds the preview of customer-provided
ephemeris support for AWS Ground Station, allowing space vehicle owners to provide their own
position and trajectory information for a satellite.
* api-change:``mediapackage-vod``: [``botocore``] This release adds "/IncludeIframeOnlyStream"/ for
Dash endpoints.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.5
* api-change:``acm``: [``botocore``] Support added for requesting elliptic curve certificate key
algorithm types P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
* api-change:``billingconductor``: [``botocore``] This release adds the Recurring Custom Line Item
feature along with a new API ListCustomLineItemVersions.
* api-change:``ec2``: [``botocore``] This release enables sharing of EC2 Placement Groups across
accounts and within AWS Organizations using Resource Access Manager
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports importing existing AWS
Network Firewall firewalls into Firewall Manager policies.
* api-change:``lightsail``: [``botocore``] This release adds support for Amazon Lightsail to
automate the delegation of domains registered through Amazon Route 53 to Lightsail DNS management
and to automate record creation for DNS validation of Lightsail SSL/TLS certificates.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service now offers managed VPC
endpoints to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private
Cloud (VPC). This feature allows you to privately access OpenSearch Service domain without using
public IPs or requiring traffic to traverse the Internet.
* api-change:``polly``: [``botocore``] Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO),
Laura (nl-NL) and Suvi (fi-FI). They are available as neural voices only.
* api-change:``resource-explorer-2``: [``botocore``] This is the initial SDK release for AWS
Resource Explorer. AWS Resource Explorer lets your users search for and discover your AWS resources
across the AWS Regions in your account.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Zurich) Region
(eu-central-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.4
* api-change:``athena``: [``botocore``] Adds support for using Query Result Reuse
* api-change:``autoscaling``: [``botocore``] This release adds support for two new attributes for
attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``cloudtrail``: [``botocore``] This release includes support for configuring a
delegated administrator to manage an AWS Organizations organization CloudTrail trails and event
data stores, and AWS Key Management Service encryption of CloudTrail Lake event data stores.
* api-change:``ec2``: [``botocore``] This release adds support for two new attributes for
attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``elasticache``: [``botocore``] Added support for IPv6 and dual stack for Memcached
and Redis clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual
stack networking support.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for setting the SDR reference white point for HDR conversions and conversion of HDR10 to
DolbyVision without mastering metadata.
* api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
to multi account multi region Systems Manager Automation
* api-change:``wafv2``: [``botocore``] The geo match statement now adds labels for country and
region. You can match requests at the region level by combining a geo match statement with label
match statements.
* api-change:``wellarchitected``: [``botocore``] This release adds support for integrations with
AWS Trusted Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up
your workload reviews.
* api-change:``workspaces``: [``botocore``] This release adds protocols attribute to workspaces
properties data type. This enables customers to migrate workspaces from PC over IP (PCoIP) to
WorkSpaces Streaming Protocol (WSP) using create and modify workspaces public APIs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.3
* api-change:``ec2``: [``botocore``] This release adds API support for the recipient of an AMI
account share to remove shared AMI launch permissions.
* api-change:``emr-containers``: [``botocore``] Adding support for Job templates. Job templates
allow you to create and store templates to configure Spark applications parameters. This helps you
ensure consistent settings across applications by reusing and enforcing configuration overrides in
data pipelines.
* api-change:``logs``: [``botocore``] Doc-only update for bug fixes and support of export to
buckets encrypted with SSE-KMS
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.2
* api-change:``memorydb``: [``botocore``] Adding support for r6gd instances for MemoryDB Redis with
data tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted,
the least recently used data is automatically tiered to solid state drives for cost-effective
capacity scaling with minimal performance impact.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
ml.trn1 instance types.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.1
* api-change:``iotsitewise``: [``botocore``] This release adds the ListAssetModelProperties and
ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
using these two new APIs.
* api-change:``s3control``: [``botocore``] S3 on Outposts launches support for Lifecycle
configuration for Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they
are stored cost effectively. You can manage objects using size-based rules and specify how many
noncurrent versions bucket will retain.
* api-change:``sagemaker``: [``botocore``] This release updates Framework model regex for
ModelPackage to support new Framework version xgboost, sklearn.
* api-change:``ssm-incidents``: [``botocore``] Adds support for tagging replication-set on creation.
- from version 1.26.0
* feature:Endpoints: [``botocore``] Migrate all services to use new AWS Endpoint Resolution
framework
* Enhancement:Endpoints: [``botocore``] Discontinued use of `sslCommonName` hosts as detailed in
1.27.0 (see `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
* api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
configuring Storage Throughput on RDS database instances.
* api-change:``textract``: [``botocore``] Add ocr results in AnalyzeIDResponse as blocks
- from version 1.25.5
* api-change:``apprunner``: [``botocore``] This release adds support for private App Runner
services. Services may now be configured to be made private and only accessible from a VPC. The
changes include a new VpcIngressConnection resource and several new and modified APIs.
* api-change:``connect``: [``botocore``] Amazon connect now support a new API DismissUserContact to
dismiss or remove terminated contacts in Agent CCP
* api-change:``ec2``: [``botocore``] Elastic IP transfer is a new Amazon VPC feature that allows
you to transfer your Elastic IP addresses from one AWS Account to another.
* api-change:``iot``: [``botocore``] This release adds the Amazon Location action to IoT Rules
Engine.
* api-change:``logs``: [``botocore``] SDK release to support tagging for destinations and log
groups with TagResource. Also supports tag on create with PutDestination.
* api-change:``sesv2``: [``botocore``] This release includes support for interacting with the
Virtual Deliverability Manager, allowing you to opt in/out of the feature and to retrieve
recommendations and metric data.
* api-change:``textract``: [``botocore``] This release introduces additional support for 30+
normalized fields such as vendor address and currency. It also includes OCR output in the response
and accuracy improvements for the already supported fields in previous version
- from version 1.25.4
* api-change:``apprunner``: [``botocore``] AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1
runtimes.
* api-change:``appstream``: [``botocore``] This release includes CertificateBasedAuthProperties in
CreateDirectoryConfig and UpdateDirectoryConfig.
* api-change:``cloud9``: [``botocore``] Update to the documentation section of the Cloud9 API
Reference guide.
* api-change:``cloudformation``: [``botocore``] This release adds more fields to improves
visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances,
DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations,
DescribeStackSetOperation.
* api-change:``gamesparks``: [``botocore``] Add LATEST as a possible GameSDK Version on snapshot
* api-change:``mediatailor``: [``botocore``] This release introduces support for SCTE-35
segmentation descriptor messages which can be sent within time signal messages.
- from version 1.25.3
* api-change:``ec2``: [``botocore``] Feature supports the replacement of instance root volume using
an updated AMI without requiring customers to stop their instance.
* api-change:``fms``: [``botocore``] Add support NetworkFirewall Managed Rule Group Override flag
in GetViolationDetails API
* api-change:``glue``: [``botocore``] Added support for custom datatypes when using custom csv
classifier.
* api-change:``redshift``: [``botocore``] This release clarifies use for the ElasticIp parameter of
the CreateCluster and RestoreFromClusterSnapshot APIs.
* api-change:``sagemaker``: [``botocore``] This change allows customers to provide a custom
entrypoint script for the docker container to be run while executing training jobs, and provide
custom arguments to the entrypoint script.
* api-change:``wafv2``: [``botocore``] This release adds the following: Challenge rule action, to
silently verify client browsers; rule group rule action override to any valid rule action, not just
Count; token sharing between protected applications for challenge/CAPTCHA token; targeted rules
option for Bot Control managed rule group.
- from version 1.25.2
* api-change:``iam``: [``botocore``] Doc only update that corrects instances of CLI not using an
entity.
* api-change:``kafka``: [``botocore``] This release adds support for Tiered Storage. UpdateStorage
allows you to control the Storage Mode for supported storage tiers.
* api-change:``neptune``: [``botocore``] Added a new cluster-level attribute to set the capacity
range for Neptune Serverless instances.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying Grid Search strategy for tuning jobs, which evaluates all hyperparameter combinations
exhaustively based on the categorical hyperparameters provided.
- from version 1.25.1
* api-change:``accessanalyzer``: [``botocore``] This release adds support for six new resource
types in IAM Access Analyzer to help you easily identify public and cross-account access to your
AWS resources. Updated service API, documentation, and paginators.
* api-change:``location``: [``botocore``] Added new map styles with satellite imagery for map
resources using HERE as a data provider.
* api-change:``mediatailor``: [``botocore``] This release is a documentation update
* api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
exporting DB cluster data to Amazon S3.
* api-change:``workspaces``: [``botocore``] This release adds new enums for supporting Workspaces
Core features, including creating Manual running mode workspaces, importing regular Workspaces Core
images and importing g4dn Workspaces Core images.
- Update BuildRequires and Requires from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.25.0
* feature:Endpoints: [``botocore``] Implemented new endpoint ruleset system to dynamically derive
endpoints and settings for services
* api-change:``acm-pca``: [``botocore``] AWS Private Certificate Authority (AWS Private CA) now
offers usage modes which are combination of features to address specific use cases.
* api-change:``batch``: [``botocore``] This release adds support for AWS Batch on Amazon EKS.
* api-change:``datasync``: [``botocore``] Added support for self-signed certificates when using
object storage locations; added BytesCompressed to the TaskExecution response.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now supports a new API
ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
inference recommendation job.
- from version 1.24.96
* api-change:``cognito-idp``: [``botocore``] This release adds a new "/DeletionProtection"/ field to
the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE
value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
* api-change:``sagemaker``: [``botocore``] CreateInferenceRecommenderjob API now supports passing
endpoint details directly, that will help customers to identify the max invocation and max latency
they can achieve for their model and the associated endpoint along with getting recommendations on
other instances.
- from version 1.24.95
* api-change:``devops-guru``: [``botocore``] This release adds information about the resources
DevOps Guru is analyzing.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports AddEndpoints and
RemoveEndpoints operations for standard endpoint groups.
* api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
regional optimization for AWS Resilience Hub applications. It also includes a few documentation
updates to improve clarity.
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports Extended CloudWatch Metrics with
Additional Dimensions
- from version 1.24.94
* api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime Messaging SDK
* api-change:``cloudtrail``: [``botocore``] This release includes support for exporting CloudTrail
Lake query results to an Amazon S3 bucket.
* api-change:``config``: [``botocore``] This release adds resourceType enums for AppConfig,
AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
* api-change:``connect``: [``botocore``] This release adds API support for managing phone numbers
that can be used across multiple AWS regions through telephony traffic distribution.
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``managedblockchain``: [``botocore``] Adding new Accessor APIs for Amazon Managed
Blockchain
* api-change:``s3``: [``botocore``] Updates internal logic for constructing API endpoints. We have
added rule-based endpoints and internal model parameters.
* api-change:``s3control``: [``botocore``] Updates internal logic for constructing API endpoints.
We have added rule-based endpoints and internal model parameters.
* api-change:``support-app``: [``botocore``] This release adds the
RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an
AWS account that is part of an organization.
* api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now supports user access logging for
recording session start, stop, and URL navigation.
- from version 1.24.93
* api-change:``frauddetector``: [``botocore``] Documentation Updates for Amazon Fraud Detector
* api-change:``sagemaker``: [``botocore``] This change allows customers to enable data capturing
while running a batch transform job, and configure monitoring schedule to monitoring the captured
data.
* api-change:``servicediscovery``: [``botocore``] Updated the ListNamespaces API to support the
NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.
* api-change:``sesv2``: [``botocore``] This release allows subscribers to enable Dedicated IPs
(managed) to send email via a fully managed dedicated IP experience. It also adds identities'
VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs
counts in the response of ListImportJobs API.
- from version 1.24.92
* api-change:``greengrass``: [``botocore``] This change allows customers to specify
FunctionRuntimeOverride in FunctionDefinitionVersion. This configuration can be used if the runtime
on the device is different from the AWS Lambda runtime specified for that function.
* api-change:``sagemaker``: [``botocore``] This release adds support for C7g, C6g, C6gd, C6gn, M6g,
M6gd, R6g, and R6gn Graviton instance types in Amazon SageMaker Inference.
- Update BuildRequires and Requires from setup.py
- Remove version constraint for python-pytest in BuildRequires
- Update to version 1.24.91
* api-change:``mediaconvert``: [``botocore``] MediaConvert now supports specifying the minimum
percentage of the HRD buffer available at the end of each encoded video segment.
- from version 1.24.90
* api-change:``amplifyuibuilder``: [``botocore``] We are releasing the ability for fields to be
configured as arrays.
* api-change:``appflow``: [``botocore``] With this update, you can choose which Salesforce API is
used by Amazon AppFlow to transfer data to or from your Salesforce account. You can choose the
Salesforce REST API or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API
automatically.
* api-change:``connect``: [``botocore``] This release adds support for a secondary email and a
mobile number for Amazon Connect instance users.
* api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
Managed Microsoft AD set up.
* api-change:``ecs``: [``botocore``] Documentation update to address tickets.
* api-change:``guardduty``: [``botocore``] Add UnprocessedDataSources to CreateDetectorResponse
which specifies the data sources that couldn't be enabled during the CreateDetector request. In
addition, update documentations.
* api-change:``iam``: [``botocore``] Documentation updates for the AWS Identity and Access
Management API Reference.
* api-change:``iotfleetwise``: [``botocore``] Documentation update for AWS IoT FleetWise
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports forwarding SCTE-35
messages through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages
from an inactive source.
* api-change:``mediapackage-vod``: [``botocore``] This release adds SPEKE v2 support for
MediaPackage VOD. Speke v2 is an upgrade to the existing SPEKE API to support multiple encryption
keys, based on an encryption contract selected by the customer.
* api-change:``panorama``: [``botocore``] Pause and resume camera stream processing with
SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
application state information in DescribeApplicationInstance response.
* api-change:``rds-data``: [``botocore``] Doc update to reflect no support for schema parameter on
BatchExecuteStatement API
* api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support Tasks
* api-change:``ssm``: [``botocore``] Support of AmazonLinux2022 by Patch Manager
* api-change:``transfer``: [``botocore``] This release adds an option for customers to configure
workflows that are triggered when files are only partially received from a client due to premature
session disconnect.
* api-change:``translate``: [``botocore``] This release enables customers to specify multiple
target languages in asynchronous batch translation requests.
* api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
a trigger event list for classifying and grouping recommendations.
- from version 1.24.89
* api-change:``codeguru-reviewer``: [``botocore``] Documentation update to replace broken link.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``greengrassv2``: [``botocore``] This release adds error status details for
deployments and components that failed on a device and adds features to improve visibility into
component installation.
* api-change:``quicksight``: [``botocore``] Amazon QuickSight now supports SecretsManager Secret
ARN in place of CredentialPair for DataSource creation and update. This release also has some minor
documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.24.88
* api-change:``resiliencehub``: [``botocore``] Documentation change for AWS Resilience Hub.
Doc-only update to fix Documentation layout
- from version 1.24.87
* api-change:``glue``: [``botocore``] This SDK release adds support to sync glue jobs with source
control provider. Additionally, a new parameter called SourceControlDetails will be added to Job
model.
* api-change:``network-firewall``: [``botocore``] StreamExceptionPolicy configures how AWS Network
Firewall processes traffic when a network connection breaks midstream
* api-change:``outposts``: [``botocore``] This release adds the Asset state information to the
ListAssets response. The ListAssets request supports filtering on Asset state.
- from version 1.24.86
* api-change:``connect``: [``botocore``] Updated the CreateIntegrationAssociation API to support
the CASES_DOMAIN IntegrationType.
* api-change:``connectcases``: [``botocore``] This release adds APIs for Amazon Connect Cases.
Cases allows your agents to quickly track and manage customer issues that require multiple
interactions, follow-up tasks, and teams in your contact center. For more information, see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: [``botocore``] Added EnableNetworkAddressUsageMetrics flag for
ModifyVpcAttribute, DescribeVpcAttribute APIs.
* api-change:``ecs``: [``botocore``] Documentation updates to address various Amazon ECS tickets.
* api-change:``s3control``: [``botocore``] S3 Object Lambda adds support to allow customers to
intercept HeadObject and ListObjects requests and introduce their own compute. These requests were
previously proxied to S3.
* api-change:``workmail``: [``botocore``] This release adds support for impersonation roles in
Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.85
* api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer policy validation
introduces new checks for role trust policies. As customers author a policy, IAM Access Analyzer
policy validation evaluates the policy for any issues to make it easier for customers to author
secure policies.
* api-change:``ec2``: [``botocore``] Adding an imdsSupport attribute to EC2 AMIs
* api-change:``snowball``: [``botocore``] Adds support for V3_5C. This is a refreshed AWS Snowball
Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.24.84
* api-change:``codedeploy``: [``botocore``] This release allows you to override the alarm
configurations when creating a deployment.
* api-change:``devops-guru``: [``botocore``] This release adds filter feature on
AddNotificationChannel API, enable customer to configure the SNS notification messages by Severity
or MessageTypes
* api-change:``dlm``: [``botocore``] This release adds support for archival of single-volume
snapshots created by Amazon Data Lifecycle Manager policies
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] A new parameter called ExplainerConfig is added to
CreateEndpointConfig API to enable SageMaker Clarify online explainability feature.
* api-change:``sso-oidc``: [``botocore``] Documentation updates for the IAM Identity Center OIDC
CLI Reference.
- from version 1.24.83
* api-change:``acm``: [``botocore``] This update returns additional certificate details such as
certificate SANs and allows sorting in the ListCertificates API.
* api-change:``ec2``: [``botocore``] u-3tb1 instances are powered by Intel Xeon Platinum 8176M
(Skylake) processors and are purpose-built to run large in-memory databases.
* api-change:``emr-serverless``: [``botocore``] This release adds API support to debug Amazon EMR
Serverless jobs in real-time with live application UIs
* api-change:``fsx``: [``botocore``] This release adds support for Amazon File Cache.
* api-change:``migrationhuborchestrator``: [``botocore``] Introducing AWS MigrationHubOrchestrator.
This is the first public release of AWS MigrationHubOrchestrator.
* api-change:``polly``: [``botocore``] Added support for the new Cantonese voice - Hiujin. Hiujin
is available as a Neural voice only.
* api-change:``proton``: [``botocore``] This release adds an option to delete pipeline provisioning
repositories using the UpdateAccountSettings API
* api-change:``sagemaker``: [``botocore``] SageMaker Training Managed Warm Pools let you retain
provisioned infrastructure to reduce latency for repetitive training workloads.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``translate``: [``botocore``] This release enables customers to access control rights
on Translate resources like Parallel Data and Custom Terminology using Tag Based Authorization.
* api-change:``workspaces``: [``botocore``] This release includes diagnostic log uploading feature.
If it is enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces
automatically for troubleshooting. You can use modifyClientProperty api to enable/disable this
feature.
- from version 1.24.82
* api-change:``ce``: [``botocore``] This release is to support retroactive Cost Categories. The new
field will enable you to retroactively apply new and existing cost category rules to previous
months.
* api-change:``kendra``: [``botocore``] My AWS Service (placeholder) - Amazon Kendra now provides a
data source connector for DropBox. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
* api-change:``location``: [``botocore``] This release adds place IDs, which are unique identifiers
of places, along with a new GetPlace operation, which can be used with place IDs to find a place
again later. UnitNumber and UnitType are also added as new properties of places.
- from version 1.24.81
* api-change:``cur``: [``botocore``] This release adds two new support
regions(me-central-1/eu-south-2) for OSG.
* api-change:``iotfleetwise``: [``botocore``] General availability (GA) for AWS IoT Fleetwise. It
adds AWS IoT Fleetwise to AWS SDK. For more information, see
https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
* api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
to Systems Manager capabilities like Automation, Run Command, State Manager, and Maintenance
Windows.
- from version 1.24.80
* api-change:``apprunner``: [``botocore``] AWS App Runner adds a Node.js 16 runtime.
* api-change:``ec2``: [``botocore``] Letting external AWS customers provide ImageId as a Launch
Template override in FleetLaunchTemplateOverridesRequest
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lightsail``: [``botocore``] This release adds Instance Metadata Service (IMDS)
support for Lightsail instances.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for on-demand Amazon
Elastic Compute Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU
instance types for their creative projects.
* api-change:``ssm``: [``botocore``] This release adds new SSM document types
ConformancePackTemplate and CloudFormation
* api-change:``wafv2``: [``botocore``] Add the default specification for ResourceType in
ListResourcesForWebACL.
- from version 1.24.79
* api-change:``backup-gateway``: [``botocore``] Changes include: new GetVirtualMachineApi to fetch
a single user's VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and
improving GetGatewayApi to now also return the gateway's MaintenanceStartTime.
* api-change:``devicefarm``: [``botocore``] This release adds the support for VPC-ENI based
connectivity for private devices on AWS Device Farm.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``glue``: [``botocore``] Added support for S3 Event Notifications for Catalog Target
Crawlers.
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
- from version 1.24.78
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports synchronous mode for
targeted sentiment API operations.
* api-change:``s3control``: [``botocore``] S3 on Outposts launches support for object versioning
for Outposts buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of
every object stored in your buckets. You can recover from both unintended user actions and
application failures.
* api-change:``sagemaker``: [``botocore``] SageMaker now allows customization on Canvas Application
settings, including enabling/disabling time-series forecasting and specifying an Amazon Forecast
execution role at both the Domain and UserProfile levels.
- from version 1.24.77
* api-change:``ec2``: [``botocore``] This release adds support for blocked paths to Amazon VPC
Reachability Analyzer.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.76
* api-change:``cloudtrail``: [``botocore``] This release includes support for importing existing
trails into CloudTrail Lake.
* api-change:``ec2``: [``botocore``] This release adds CapacityAllocations field to
DescribeCapacityReservations
* api-change:``mediaconnect``: [``botocore``] This change allows the customer to use the SRT Caller
protocol as part of their flows
* api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Proxy with SQL Server
compatibility.
- from version 1.24.75
* api-change:``codestar-notifications``: [``botocore``] This release adds tag based access control
for the UntagResource API.
* api-change:``ecs``: [``botocore``] This release supports new task definition sizes.
- from version 1.24.74
* api-change:``dynamodb``: [``botocore``] Increased DynamoDB transaction limit from 25 to 100.
* api-change:``ec2``: [``botocore``] This feature allows customers to create tags for
vpc-endpoint-connections and vpc-endpoint-service-permissions.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to
stop underperforming hyperparameter configurations early.
- from version 1.24.73
* api-change:``amplifyuibuilder``: [``botocore``] Amplify Studio UIBuilder is introducing forms
functionality. Forms can be configured from Data Store models, JSON, or from scratch. These forms
can then be generated in your project and used like any other React components.
* api-change:``ec2``: [``botocore``] This update introduces API operations to manage and create
local gateway route tables, CoIP pools, and VIF group associations.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.72
* api-change:``customer-profiles``: [``botocore``] Added isUnstructured in response for Customer
Profiles Integration APIs
* api-change:``drs``: [``botocore``] Fixed the data type of lagDuration that is returned in
Describe Source Server API
* api-change:``ec2``: [``botocore``] Two new features for local gateway route tables: support for
static routes targeting Elastic Network Interfaces and direct VPC routing.
* api-change:``evidently``: [``botocore``] This release adds support for the client-side evaluation
- powered by AWS AppConfig feature.
* api-change:``kendra``: [``botocore``] This release enables our customer to choose the option of
Sharepoint 2019 for the on-premise Sharepoint connector.
* api-change:``transfer``: [``botocore``] This release introduces the ability to have multiple
server host keys for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.24.71
* api-change:``eks``: [``botocore``] Adding support for local Amazon EKS clusters on Outposts
- from version 1.24.70
* api-change:``cloudtrail``: [``botocore``] This release adds CloudTrail getChannel and
listChannels APIs to allow customer to view the ServiceLinkedChannel configurations.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``pi``: [``botocore``] Increases the maximum values of two RDS Performance Insights
APIs. The maximum value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is
now 25 for the following APIs: DescribeDimensionKeys, GetResourceMetrics,
ListAvailableResourceDimensions, and ListAvailableResourceMetrics.
* api-change:``redshift``: [``botocore``] This release updates documentation for AQUA features and
other description updates.
- from version 1.24.69
* api-change:``ec2``: [``botocore``] This release adds support to send VPC Flow Logs to
kinesis-data-firehose as new destination type
* api-change:``emr-containers``: [``botocore``] EMR on EKS now allows running Spark SQL using the
newly introduced Spark SQL Job Driver in the Start Job Run API
* api-change:``lookoutmetrics``: [``botocore``] Release dimension value filtering feature to allow
customers to define dimension filters for including only a subset of their dataset to be used by
LookoutMetrics.
* api-change:``medialive``: [``botocore``] This change exposes API settings which allow Dolby Atmos
and Dolby Vision to be used when running a channel using Elemental Media Live
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Middle East (UAE) Region
(me-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``sagemaker``: [``botocore``] This release adds Mode to AutoMLJobConfig.
* api-change:``ssm``: [``botocore``] This release adds support for Systems Manager State Manager
Association tagging.
- from version 1.24.68
* api-change:``dataexchange``: [``botocore``] Documentation updates for AWS Data Exchange.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``eks``: [``botocore``] Adds support for EKS Addons ResolveConflicts "/preserve"/ flag.
Also adds new update failed status for EKS Addons.
* api-change:``fsx``: [``botocore``] Documentation update for Amazon FSx.
* api-change:``inspector2``: [``botocore``] This release adds new fields like fixAvailable,
fixedInVersion and remediation to the finding model. The requirement to have vulnerablePackages in
the finding model has also been removed. The documentation has been updated to reflect these
changes.
* api-change:``iotsitewise``: [``botocore``] Allow specifying units in Asset Properties
* api-change:``sagemaker``: [``botocore``] SageMaker Hosting now allows customization on ML
instance storage volume size, model data download timeout and inference container startup ping
health check timeout for each ProductionVariant in CreateEndpointConfig API.
* api-change:``sns``: [``botocore``] Amazon SNS introduces the Data Protection Policy APIs, which
enable customers to attach a data protection policy to an SNS topic. This allows topic owners to
enable the new message data protection feature to audit and block sensitive data that is exchanged
through their topics.
- from version 1.24.67
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
* api-change:``sagemaker``: [``botocore``] This release adds HyperParameterTuningJob type in Search
API.
- from version 1.24.66
* api-change:``cognito-idp``: [``botocore``] This release adds a new "/AuthSessionValidity"/ field to
the UserPoolClient in Cognito. Application admins can configure this value for their users'
authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
field will also apply to the SMS MFA authentication flow.
* api-change:``connect``: [``botocore``] This release adds search APIs for Routing Profiles and
Queues, which can be used to search for those resources within a Connect Instance.
* api-change:``mediapackage``: [``botocore``] Added support for AES_CTR encryption to CMAF origin
endpoints
* api-change:``sagemaker``: [``botocore``] This release enables administrators to attribute user
activity and API calls from Studio notebooks, Data Wrangler and Canvas to specific users even when
users share the same execution IAM role. ExecutionRoleIdentityConfig at Sagemaker domain level
enables this feature.
- from version 1.24.65
* api-change:``codeguru-reviewer``: [``botocore``] Documentation updates to fix formatting issues
in CLI and SDK documentation.
* api-change:``controltower``: [``botocore``] This release contains the first SDK for AWS Control
Tower. It introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
ListEnabledControls.
* api-change:``route53``: [``botocore``] Documentation updates for Amazon Route 53.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.64
* api-change:``cloudfront``: [``botocore``] Update API documentation for CloudFront origin access
control (OAC)
* api-change:``identitystore``: [``botocore``] Expand IdentityStore API to support Create, Read,
Update, Delete and Get operations for User, Group and GroupMembership resources.
* api-change:``iotthingsgraph``: [``botocore``] This release deprecates all APIs of the ThingsGraph
service
* api-change:``ivs``: [``botocore``] IVS Merge Fragmented Streams. This release adds support for
recordingReconnectWindow field in IVS recordingConfigurations. For more information see
https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
* api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts Inference
Recommender fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes,
SupportedInstanceTypes, directly in our CreateInferenceRecommendationsJob API through
ContainerConfig
- from version 1.24.63
* enhancement:Endpoints: [``botocore``] Deprecate SSL common name
* api-change:``greengrassv2``: [``botocore``] Adds topologyFilter to ListInstalledComponentsRequest
which allows filtration of components by ROOT or ALL (including root and dependency components).
Adds lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a
component changed state on a device.
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
* api-change:``lookoutequipment``: [``botocore``] This release adds new apis for providing labels.
* api-change:``macie2``: [``botocore``] This release of the Amazon Macie API adds support for using
allow lists to define specific text and text patterns to ignore when inspecting data sources for
sensitive data.
* api-change:``sso-admin``: [``botocore``] Documentation updates for the AWS IAM Identity Center
CLI Reference.
* api-change:``sso``: [``botocore``] Documentation updates for the AWS IAM Identity Center Portal
CLI Reference.
- from version 1.24.62
* api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx for NetApp ONTAP.
* api-change:``voice-id``: [``botocore``] Amazon Connect Voice ID now detects voice spoofing. When
a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech,
Voice ID will return a risk score and outcome to indicate the how likely it is that the voice is
spoofed.
- from version 1.24.61
* api-change:``mediapackage``: [``botocore``] This release adds Ads AdTriggers and
AdsOnDeliveryRestrictions to describe calls for CMAF endpoints on MediaPackage.
* api-change:``rds``: [``botocore``] Removes support for RDS Custom from DBInstanceClass in
ModifyDBInstance
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.60
* enhancement:Identity: [``botocore``] TokenProvider added for bearer auth support
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``gamelift``: [``botocore``] This release adds support for eight EC2 local zones as
fleet locations; Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los
Angeles, and Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
* api-change:``iotwireless``: [``botocore``] This release includes a new feature for the customers
to enable the LoRa gateways to send out beacons for Class B devices and an option to select one or
more gateways for Class C devices when sending the LoRaWAN downlink messages.
* api-change:``ivschat``: [``botocore``] Documentation change for IVS Chat API Reference. Doc-only
update to add a paragraph on ARNs to the Welcome section.
* api-change:``panorama``: [``botocore``] Support sorting and filtering in ListDevices API, and add
more fields to device listings and single device detail
* api-change:``sso-oidc``: [``botocore``] Updated required request parameters on IAM Identity
Center's OIDC CreateToken action.
- from version 1.24.59
* api-change:``cloudfront``: [``botocore``] Adds support for CloudFront origin access control
(OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those
with SSE-KMS, and more.
* api-change:``config``: [``botocore``] AWS Config now supports ConformancePackTemplate documents
in SSM Docs for the deployment and update of conformance packs.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``ivs``: [``botocore``] Documentation Change for IVS API Reference - Doc-only update
to type field description for CreateChannel and UpdateChannel actions and for Channel data type.
Also added Amazon Resource Names (ARNs) paragraph to Welcome section.
* api-change:``quicksight``: [``botocore``] Added a new optional property DashboardVisual under
ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
QuickSight dashboards.
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.24.58
* api-change:``rds``: [``botocore``] RDS for Oracle supports Oracle Data Guard switchover and read
replica backups.
* api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
IAM Identity Center (successor to AWS Single Sign-On)
- from version 1.24.57
* api-change:``docdb``: [``botocore``] Update document for volume clone
* api-change:``ec2``: [``botocore``] R6a instances are powered by 3rd generation AMD EPYC (Milan)
processors delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are
powered by 3rd generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo
frequency of 3.5 GHz.
* api-change:``forecast``: [``botocore``] releasing What-If Analysis APIs and update ARN regex
pattern to be more strict in accordance with security recommendation
* api-change:``forecastquery``: [``botocore``] releasing What-If Analysis APIs
* api-change:``iotsitewise``: [``botocore``] Enable non-unique asset names under different
hierarchies
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
resources for AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added
FixAvailable, FixedInVersion and Remediation to Vulnerability.
* api-change:``support-app``: [``botocore``] This is the initial SDK release for the AWS Support
App in Slack.
- from version 1.24.56
* api-change:``connect``: [``botocore``] This release adds SearchSecurityProfiles API which can be
used to search for Security Profile resources within a Connect Instance.
* api-change:``ivschat``: [``botocore``] Documentation Change for IVS Chat API Reference - Doc-only
update to change text/description for tags field.
* api-change:``kendra``: [``botocore``] This release adds support for a new authentication type -
Personal Access Token (PAT) for confluence server.
* api-change:``lookoutmetrics``: [``botocore``] This release is to make GetDataQualityMetrics API
publicly available.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.55
* api-change:``chime-sdk-media-pipelines``: [``botocore``] The Amazon Chime SDK now supports live
streaming of real-time video from the Amazon Chime SDK sessions to streaming platforms such as
Amazon IVS and Amazon Elemental MediaLive. We have also added support for concatenation to create a
single media capture file.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``cognito-idp``: [``botocore``] This change is being made simply to fix the public
documentation based on the models. We have included the PasswordChange and ResendCode events, along
with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are
never returned by our APIs.
* api-change:``dynamodb``: [``botocore``] This release adds support for importing data from S3 into
a new DynamoDB table
* api-change:``ec2``: [``botocore``] This release adds support for VPN log options , a new feature
allowing S2S VPN connections to send IKE activity logs to CloudWatch Logs
* api-change:``networkmanager``: [``botocore``] Add TransitGatewayPeeringAttachmentId property to
TransitGatewayPeering Model
- from version 1.24.54
* api-change:``appmesh``: [``botocore``] AWS App Mesh release to support Multiple Listener and
Access Log Format feature
* api-change:``connectcampaigns``: [``botocore``] Updated exceptions for Amazon Connect Outbound
Campaign api's.
* api-change:``kendra``: [``botocore``] This release adds Zendesk connector (which allows you to
specify Zendesk SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server
(which allows you to specify the proxy configuration if proxy is required to connect to your
Sharepoint/Confluence Server as data source).
* api-change:``lakeformation``: [``botocore``] This release adds a new API support
"/AssumeDecoratedRoleWithSAML"/ and also release updates the corresponding documentation.
* api-change:``lambda``: [``botocore``] Added support for customization of Consumer Group ID for
MSK and Kafka Event Source Mappings.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``rds``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) for RDS
Aurora database clusters.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
- from version 1.24.53
* api-change:``rekognition``: [``botocore``] This release adds APIs which support copying an Amazon
Rekognition Custom Labels model and managing project policies across AWS account.
* api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- from version 1.24.52
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.14.0
* api-change:``cloudfront``: [``botocore``] Adds Http 3 support to distributions
* api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
AWS IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
* api-change:``wisdom``: [``botocore``] This release introduces a new API PutFeedback that allows
submitting feedback to Wisdom on content relevance.
- from version 1.24.51
* api-change:``amp``: [``botocore``] This release adds log APIs that allow customers to manage
logging for their Amazon Managed Service for Prometheus workspaces.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports channels
with up to one million participants with elastic channels.
* api-change:``ivs``: [``botocore``] Updates various list api MaxResults ranges
* api-change:``personalize-runtime``: [``botocore``] This release provides support for promotions
in AWS Personalize runtime.
* api-change:``rds``: [``botocore``] Adds support for RDS Custom to DBInstanceClass in
ModifyDBInstance
- from version 1.24.50
* api-change:``backupstorage``: [``botocore``] This is the first public release of AWS Backup
Storage. We are exposing some previously-internal APIs for use by external services. These APIs are
not meant to be used directly by customers.
* api-change:``glue``: [``botocore``] Add support for Python 3.9 AWS Glue Python Shell jobs
* api-change:``privatenetworks``: [``botocore``] This is the initial SDK release for AWS Private
5G. AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own
private mobile network at your on-premises location.
- from version 1.24.49
* api-change:``dlm``: [``botocore``] This release adds support for excluding specific data
(non-boot) volumes from multi-volume snapshot sets created by snapshot lifecycle policies
* api-change:``ec2``: [``botocore``] This release adds support for excluding specific data
(non-root) volumes from multi-volume snapshot sets created from instances.
- from version 1.24.48
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``location``: [``botocore``] Amazon Location Service now allows circular geofences in
BatchPutGeofence, PutGeofence, and GetGeofence APIs.
* api-change:``sagemaker-a2i-runtime``: [``botocore``] Fix bug with parsing ISO-8601 CreationTime
in Java SDK in DescribeHumanLoop
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying multiple alternate EC2 instance types to make tuning jobs more robust when the preferred
instance type is not available due to insufficient capacity.
- from version 1.24.47
* api-change:``glue``: [``botocore``] Add an option to run non-urgent or non-time sensitive Glue
Jobs on spare capacity
* api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
AWS IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``iotwireless``: [``botocore``] AWS IoT Wireless release support for sidewalk data
reliability.
* api-change:``pinpoint``: [``botocore``] Adds support for Advance Quiet Time in Journeys. Adds
RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
* api-change:``quicksight``: [``botocore``] A series of documentation updates to the QuickSight API
reference.
* api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``sso-oidc``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
* api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
- from version 1.24.46
* enhancement:Lambda: [``botocore``] Add support for Trace ID in Lambda environments
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Tags on Amazon Chime SDK
WebRTC sessions
* api-change:``config``: [``botocore``] Add resourceType enums for Athena, GlobalAccelerator,
Detective and EC2 types
* api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
* api-change:``iot``: [``botocore``] The release is to support attach a provisioning template to
CACert for JITP function, Customer now doesn't have to hardcode a roleArn and templateBody during
register a CACert to enable JITP.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.45
* api-change:``cognito-idp``: [``botocore``] Add a new exception type, ForbiddenException, that is
returned when request is not allowed
* api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF web ACL with an Amazon
Cognito user pool.
- from version 1.24.44
* api-change:``license-manager-user-subscriptions``: [``botocore``] This release supports user
based subscription for Microsoft Visual Studio Professional and Enterprise on EC2.
* api-change:``personalize``: [``botocore``] This release adds support for incremental bulk
ingestion for the Personalize CreateDatasetImportJob API.
- from version 1.24.43
* api-change:``config``: [``botocore``] Documentation update for PutConfigRule and
PutOrganizationConfigRule
* api-change:``workspaces``: [``botocore``] This release introduces ModifySamlProperties, a new API
that allows control of SAML properties associated with a WorkSpaces directory. The
DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.
- from version 1.24.42
* bugfix:TraceId: [``botocore``] Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.24.41
* bugfix:Config: [``botocore``] Obey _X_AMZN_TRACE_ID environment variable instead of
_X_AMZ_TRACE_ID
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx
* api-change:``shield``: [``botocore``] AWS Shield Advanced now supports filtering for
ListProtections and ListProtectionGroups.
- from version 1.24.40
* api-change:``ec2``: [``botocore``] Documentation updates for VM Import/Export.
* api-change:``es``: [``botocore``] This release adds support for gp3 EBS (Elastic Block Store)
storage.
* api-change:``lookoutvision``: [``botocore``] This release introduces support for image
segmentation models and updates CPU accelerator options for models hosted on edge devices.
* api-change:``opensearch``: [``botocore``] This release adds support for gp3 EBS (Elastic Block
Store) storage.
- from version 1.24.39
* api-change:``auditmanager``: [``botocore``] This release adds an exceeded quota exception to
several APIs. We added a ServiceQuotaExceededException for the following operations:
CreateAssessment, CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
* api-change:``chime``: [``botocore``] Chime VoiceConnector will now support ValidateE911Address
which will allow customers to prevalidate their addresses included in their SIP invites for
emergency calling
* api-change:``config``: [``botocore``] This release adds ListConformancePackComplianceScores API
to support the new compliance score feature, which provides a percentage of the number of compliant
rule-resource combinations in a conformance pack compared to the number of total possible
rule-resource combinations in the conformance pack.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports dual-stack
accelerators, enabling support for IPv4 and IPv6 traffic.
* api-change:``marketplace-catalog``: [``botocore``] The SDK for the StartChangeSet API will now
automatically set and use an idempotency token in the ClientRequestToken request parameter if the
customer does not provide it.
* api-change:``polly``: [``botocore``] Amazon Polly adds new English and Hindi voice - Kajal. Kajal
is available as Neural voice only.
* api-change:``ssm``: [``botocore``] Adding doc updates for OpsCenter support in Service Setting
actions.
* api-change:``workspaces``: [``botocore``] Added CreateWorkspaceImage API to create a new
WorkSpace image from an existing WorkSpace.
- from version 1.24.38
* api-change:``appsync``: [``botocore``] Adds support for a new API to evaluate mapping templates
with mock data, allowing you to remotely unit test your AppSync resolvers and functions.
* api-change:``detective``: [``botocore``] Added the ability to get data source package information
for the behavior graph. Graph administrators can now start (or stop) optional datasources on the
behavior graph.
* api-change:``guardduty``: [``botocore``] Amazon GuardDuty introduces a new Malware Protection
feature that triggers malware scan on selected EC2 instance resources, after the service detects a
potentially malicious activity.
* api-change:``lookoutvision``: [``botocore``] This release introduces support for the automatic
scaling of inference units used by Amazon Lookout for Vision models.
* api-change:``macie2``: [``botocore``] This release adds support for retrieving (revealing) sample
occurrences of sensitive data that Amazon Macie detects and reports in findings.
* api-change:``rds``: [``botocore``] Adds support for using RDS Proxies with RDS for MariaDB
databases.
* api-change:``rekognition``: [``botocore``] This release introduces support for the automatic
scaling of inference units used by Amazon Rekognition Custom Labels models.
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``transfer``: [``botocore``] AWS Transfer Family now supports Applicability Statement
2 (AS2), a network protocol used for the secure and reliable transfer of critical
Business-to-Business (B2B) data over the public internet using HTTP/HTTPS as the transport
mechanism.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.37
* api-change:``autoscaling``: [``botocore``] Documentation update for Amazon EC2 Auto Scaling.
- from version 1.24.36
* api-change:``account``: [``botocore``] This release enables customers to manage the primary
contact information for their AWS accounts. For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
* api-change:``ec2``: [``botocore``] Added support for EC2 M1 Mac instances. For more information,
please visit aws.amazon.com/mac.
* api-change:``iotdeviceadvisor``: [``botocore``] Added new service feature (Early access only) -
Long Duration Test, where customers can test the IoT device to observe how it behaves when the
device is in operation for longer period.
* api-change:``medialive``: [``botocore``] Link devices now support remote rebooting. Link devices
now support maintenance windows. Maintenance windows allow a Link device to install software
updates without stopping the MediaLive channel. The channel will experience a brief loss of input
from the device while updates are installed.
* api-change:``rds``: [``botocore``] This release adds the "/ModifyActivityStream"/ API with support
for audit policy state locking and unlocking.
* api-change:``transcribe``: [``botocore``] Remove unsupported language codes for
StartTranscriptionJob and update VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.24.35
* api-change:``athena``: [``botocore``] This feature allows customers to retrieve runtime
statistics for completed queries
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
* api-change:``docdb``: [``botocore``] Enable copy-on-write restore type
* api-change:``ec2-instance-connect``: [``botocore``] This release includes a new exception type
"/EC2InstanceUnavailableException"/ for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
* api-change:``frauddetector``: [``botocore``] The release introduces Account Takeover Insights
(ATI) model. The ATI model detects fraud relating to account takeover. This release also adds
support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to
Model Version APIs.
* api-change:``iotsitewise``: [``botocore``] Added asynchronous API to ingest bulk historical and
current data into IoT SiteWise.
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides Oauth2 support for SharePoint
Online. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
* api-change:``network-firewall``: [``botocore``] Network Firewall now supports referencing dynamic
IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
* api-change:``rds``: [``botocore``] Adds support for creating an RDS Proxy for an RDS for MariaDB
database.
- from version 1.24.34
* api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
Authority (PCA) documentation updates
* api-change:``iot``: [``botocore``] GA release the ability to enable/disable IoT Fleet Indexing
for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
This includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.24.33
* api-change:``devops-guru``: [``botocore``] Added new APIs for log anomaly detection feature.
* api-change:``glue``: [``botocore``] Documentation updates for AWS Glue Job Timeout and Autoscaling
* api-change:``sagemaker-edge``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight
model deployment feature to deploy machine learning models on requested devices.
* api-change:``sagemaker``: [``botocore``] Fixed an issue with cross account QueryLineage
* api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
850 to 2000 characters.
- from version 1.24.32
* api-change:``discovery``: [``botocore``] Add AWS Agentless Collector details to the
GetDiscoverySummary API response
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``elasticache``: [``botocore``] Adding AutoMinorVersionUpgrade in the
DescribeReplicationGroups API
* api-change:``kms``: [``botocore``] Added support for the SM2 KeySpec in China Partition Regions
* api-change:``mediapackage``: [``botocore``] This release adds "/IncludeIframeOnlyStream"/ for Dash
endpoints and increases the number of supported video and audio encryption presets for Speke v2
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight model
deployment feature to deploy machine learning models on requested devices.
* api-change:``sso-admin``: [``botocore``] AWS SSO now supports attaching customer managed policies
and a permissions boundary to your permission sets. This release adds new API operations to manage
and view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.24.31
* api-change:``datasync``: [``botocore``] Documentation updates for AWS DataSync regarding
configuring Amazon FSx for ONTAP location security groups and SMB user permissions.
* api-change:``drs``: [``botocore``] Changed existing APIs to allow choosing a dynamic volume type
for replicating volumes, to reduce costs for customers.
* api-change:``evidently``: [``botocore``] This release adds support for the new segmentation
feature.
* api-change:``wafv2``: [``botocore``] This SDK release provide customers ability to add
sensitivity level for WAF SQLI Match Statements.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.30
* api-change:``athena``: [``botocore``] This release updates data types that contain either
QueryExecutionId, NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and
contain only non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
* api-change:``codeartifact``: [``botocore``] This release introduces Package Origin Controls, a
mechanism used to counteract Dependency Confusion attacks. Adds two new APIs,
PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage,
DescribePackageVersion and ListPackageVersion APIs in support of the feature.
* api-change:``config``: [``botocore``] Update ResourceType enum with values for Route53Resolver,
Batch, DMS, Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
* api-change:``ec2``: [``botocore``] This release adds flow logs for Transit Gateway to allow
customers to gain deeper visibility and insights into network traffic through their Transit
Gateways.
* api-change:``fms``: [``botocore``] Adds support for strict ordering in stateful rule groups in
Network Firewall policies.
* api-change:``glue``: [``botocore``] This release adds an additional worker type for Glue
Streaming jobs.
* api-change:``inspector2``: [``botocore``] This release adds support for Inspector V2 scan
configurations through the get and update configuration APIs. Currently this allows configuring ECR
automated re-scan duration to lifetime or 180 days or 30 days.
* api-change:``kendra``: [``botocore``] This release adds AccessControlConfigurations which allow
you to redefine your document level access control without the need for content re-indexing.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for IAM-based access to
AWS resources for Nimble Studio components and custom studio components. Studio Component scripts
use these roles on Nimble Studio workstation to mount filesystems, access S3 buckets, or other
configured resources in the Studio's AWS account
* api-change:``outposts``: [``botocore``] This release adds the ShipmentInformation and
AssetInformationList fields to the GetOrder API response.
* api-change:``sagemaker``: [``botocore``] This release adds support for G5, P4d, and C6i instance
types in Amazon SageMaker Inference and increases the number of hyperparameters that can be
searched from 20 to 30 in Amazon SageMaker Automatic Model Tuning
- from version 1.24.29
* api-change:``appconfig``: [``botocore``] Adding Create, Get, Update, Delete, and List APIs for
new two new resources: Extensions and ExtensionAssociations.
- from version 1.24.28
* api-change:``networkmanager``: [``botocore``] This release adds general availability API support
for AWS Cloud WAN.
- from version 1.24.27
* api-change:``ec2``: [``botocore``] Build, manage, and monitor a unified global network that
connects resources running across your cloud and on-premises environments using the AWS Cloud WAN
APIs.
* api-change:``redshift-serverless``: [``botocore``] Removed prerelease language for GA launch.
* api-change:``redshift``: [``botocore``] This release adds a new --snapshot-arn field for
describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.24.26
* api-change:``backup``: [``botocore``] This release adds support for authentication using IAM user
identity instead of passed IAM role, identified by excluding the IamRoleArn field in the
StartRestoreJob API. This feature applies to only resource clients with a destructive restore
nature (e.g. SAP HANA).
- from version 1.24.25
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for AppKeys and TenantIds in
Amazon Chime SDK WebRTC sessions
* api-change:``dms``: [``botocore``] New api to migrate event subscriptions to event bridge rules
* api-change:``iot``: [``botocore``] This release adds support to register a CA certificate without
having to provide a verification certificate. This also allows multiple AWS accounts to register
the same CA in the same region.
* api-change:``iotwireless``: [``botocore``] Adds 5 APIs: PutPositionConfiguration,
GetPositionConfiguration, ListPositionConfigurations, UpdatePosition, GetPosition for the new
Positioning Service feature which enables customers to configure solvers to calculate position of
LoRaWAN devices, or specify position of LoRaWAN devices & gateways.
* api-change:``sagemaker``: [``botocore``] Heterogeneous clusters: the ability to launch training
jobs with multiple instance types. This enables running component of the training job on the
instance type that is most suitable for it. e.g. doing data processing and augmentation on CPU
instances and neural network training on GPU instances
- from version 1.24.24
* api-change:``cloudformation``: [``botocore``] My AWS Service (placeholder) - Add a new feature
Account-level Targeting for StackSet operation
* api-change:``synthetics``: [``botocore``] This release introduces Group feature, which enables
users to group cross-region canaries.
- from version 1.24.23
* api-change:``config``: [``botocore``] Updating documentation service limits
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``quicksight``: [``botocore``] This release allows customers to programmatically
create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases
allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.
* api-change:``rds``: [``botocore``] Adds waiters support for DBCluster.
* api-change:``rolesanywhere``: [``botocore``] IAM Roles Anywhere allows your workloads such as
servers, containers, and applications to obtain temporary AWS credentials and use the same IAM
roles and policies that you have configured for your AWS workloads to access AWS resources.
* api-change:``ssm-incidents``: [``botocore``] Adds support for tagging incident-record on creation
by providing incident tags in the template within a response-plan.
- from version 1.24.22
* api-change:``dms``: [``botocore``] Added new features for AWS DMS version 3.4.7 that includes new
endpoint settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
* api-change:``rds``: [``botocore``] Adds support for additional retention periods to Performance
Insights.
- from version 1.24.21
* api-change:``athena``: [``botocore``] This feature introduces the API support for Athena's
parameterized query and BatchGetPreparedStatement API.
* api-change:``customer-profiles``: [``botocore``] This release adds the optional
MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
the profile auto-merging step of the Identity Resolution process.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``glue``: [``botocore``] This release adds tag as an input of CreateDatabase
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
alfresco
* api-change:``mwaa``: [``botocore``] Documentation updates for Amazon Managed Workflows for Apache
Airflow.
* api-change:``pricing``: [``botocore``] Documentation update for GetProducts Response.
* api-change:``wellarchitected``: [``botocore``] Added support for UpdateGlobalSettings API. Added
status filter to ListWorkloadShares and ListLensShares.
* api-change:``workmail``: [``botocore``] This release adds support for managing user availability
configurations in Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.20
* api-change:``appstream``: [``botocore``] Includes support for StreamingExperienceSettings in
CreateStack and UpdateStack APIs
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``medialive``: [``botocore``] This release adds support for automatic renewal of
MediaLive reservations at the end of each reservation term. Automatic renewal is optional. This
release also adds support for labelling accessibility-focused audio and caption tracks in HLS
outputs.
* api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``sagemaker``: [``botocore``] This release adds: UpdateFeatureGroup,
UpdateFeatureMetadata, DescribeFeatureMetadata APIs; FeatureMetadata type in Search API;
LastModifiedTime, LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
* api-change:``translate``: [``botocore``] Added ListLanguages API which can be used to list the
languages supported by Translate.
- from version 1.24.19
* api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for NetApp ONTAP
locations.
* api-change:``ec2``: [``botocore``] This release adds a new spread placement group to EC2
Placement Groups: host level spread, which spread instances between physical hosts, available to
Outpost customers only. CreatePlacementGroup and DescribePlacementGroups APIs were updated with a
new parameter: SpreadLevel to support this feature.
* api-change:``finspace-data``: [``botocore``] Release new API GetExternalDataViewAccessDetails
* api-change:``polly``: [``botocore``] Add 4 new neural voices - Pedro (es-US), Liam (fr-CA),
Daniel (de-DE) and Arthur (en-GB).
- from version 1.24.18
* api-change:``iot``: [``botocore``] This release ease the restriction for the input of tag value
to align with AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.24.17
* api-change:``glue``: [``botocore``] This release enables the new ListCrawls API for viewing the
AWS Glue Crawler run history.
* api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
- from version 1.24.16
* api-change:``lookoutequipment``: [``botocore``] This release adds visualizations to the scheduled
inference results. Users will be able to see interference results, including diagnostic results
from their running inference schedulers.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has released support
for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
* api-change:``mgn``: [``botocore``] New and modified APIs for the Post-Migration Framework
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds the new API
UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API
will now allow users to create route in ACTIVE/INACTIVE state.
* api-change:``sagemaker``: [``botocore``] SageMaker Ground Truth now supports Virtual Private
Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.24.15
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``pricing``: [``botocore``] This release introduces 1 update to the GetProducts API.
The serviceCode attribute is now required when you use the GetProductsRequest.
* api-change:``transfer``: [``botocore``] Until today, the service supported only RSA host keys and
user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519
host keys and user keys, enabling customers to support a broader set of clients by choosing RSA,
ECDSA, and ED25519 host and user keys.
- from version 1.24.14
* api-change:``ec2``: [``botocore``] This release adds support for Private IP VPNs, a new feature
allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over
Direct Connect as transport.
* api-change:``ecs``: [``botocore``] Amazon ECS UpdateService now supports the following
parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
* api-change:``wellarchitected``: [``botocore``] Adds support for lens tagging, Adds support for
multiple helpful-resource urls and multiple improvement-plan urls.
- from version 1.24.13
* api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
Managed Microsoft AD settings
* api-change:``kafka``: [``botocore``] Documentation updates to use Az Id during cluster creation.
* api-change:``outposts``: [``botocore``] This release adds the AssetLocation structure to the
ListAssets response. AssetLocation includes the RackElevation for an Asset.
- from version 1.24.12
* api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
specified Amazon Connect instance.
* api-change:``connectcampaigns``: [``botocore``] Added Amazon Connect high volume outbound
communications SDK.
* api-change:``dynamodb``: [``botocore``] Doc only update for DynamoDB service
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
- from version 1.24.11
* api-change:``redshift-data``: [``botocore``] This release adds a new --workgroup-name field to
operations that connect to an endpoint. Customers can now execute queries against their serverless
workgroups.
* api-change:``redshiftserverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``securityhub``: [``botocore``] Added Threats field for security findings. Added new
resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2
TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and
WAF Rules
- from version 1.24.10
* api-change:``finspace-data``: [``botocore``] This release adds a new set of APIs,
GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup,
ListPermissionGroupsByUser, ListUsersByPermissionGroup.
* api-change:``guardduty``: [``botocore``] Adds finding fields available from GuardDuty Console.
Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts
and Replace them with Administrator Accounts.
* api-change:``servicecatalog-appregistry``: [``botocore``] This release adds a new API
ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
'Name' attribute.
* api-change:``workspaces``: [``botocore``] Added new field "/reason"/ to
OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API
will now return a reason giving more context on the failure.
- from version 1.24.9
* api-change:``budgets``: [``botocore``] Add a budgets ThrottlingException. Update the CostFilters
value pattern.
* api-change:``lookoutmetrics``: [``botocore``] Adding filters to Alert and adding new UpdateAlert
API.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.24.8
* api-change:``outposts``: [``botocore``] This release adds API operations AWS uses to install
Outpost servers.
- from version 1.24.7
* api-change:``frauddetector``: [``botocore``] Documentation updates for Amazon Fraud Detector
(AWSHawksNest)
- from version 1.24.6
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for live transcription in AWS
GovCloud (US) Regions.
- from version 1.24.5
* api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor APIs and exposes
functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor
instances, and to collect and analyze information about the local data infrastructure.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``m2``: [``botocore``] AWS Mainframe Modernization service is a managed mainframe
service and set of tools for planning, migrating, modernizing, and running mainframe workloads on
AWS
* api-change:``neptune``: [``botocore``] This release adds support for Neptune to be configured as
a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in
other regions.
* api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``redshift``: [``botocore``] Adds new API GetClusterCredentialsWithIAM to return
temporary credentials.
- from version 1.24.4
* api-change:``auditmanager``: [``botocore``] This release introduces 2 updates to the Audit
Manager API. The roleType and roleArn attributes are now required when you use the CreateAssessment
or UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
operation.
* api-change:``ce``: [``botocore``] Added two new APIs to support cost allocation tags operations:
ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.24.3
* api-change:``chime-sdk-messaging``: [``botocore``] This release adds support for searching
channels by members via the SearchChannels API, removes required restrictions for Name and Mode in
UpdateChannel API and enhances CreateChannel API by exposing member and moderator list as well as
channel id as optional parameters.
* api-change:``connect``: [``botocore``] This release adds a new API, GetCurrentUserData, which
returns real-time details about users' current activity.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.2
* api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
* api-change:``voice-id``: [``botocore``] Added a new attribute ServerSideEncryptionUpdateDetails
to Domain and DomainSummary.
* api-change:``proton``: [``botocore``] Add new "/Components"/ API to enable users to Create, Delete
and Update AWS Proton components.
* api-change:``connect``: [``botocore``] This release adds the following features: 1) New APIs to
manage (create, list, update) task template resources, 2) Updates to startTaskContact API to
support task templates, and 3) new TransferContact API to programmatically transfer in-progress
tasks via a contact flow.
* api-change:``application-insights``: [``botocore``] Provide Account Level onboarding support
through CFN/CLI
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
GitHub. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.24.1
* api-change:``backup-gateway``: [``botocore``] Adds GetGateway and UpdateGatewaySoftwareNow API
and adds hypervisor name to UpdateHypervisor API
* api-change:``forecast``: [``botocore``] Added Format field to Import and Export APIs in Amazon
Forecast. Added TimeSeriesSelector to Create Forecast API.
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for centrally controlling each
participant's ability to send and receive audio, video and screen share within a WebRTC session.
Attendee capabilities can be specified when the attendee is created and updated during the session
with the new BatchUpdateAttendeeCapabilitiesExcept API.
* api-change:``route53``: [``botocore``] Add new APIs to support Route 53 IP Based Routing
- from version 1.24.0
* api-change:``iotsitewise``: [``botocore``] This release adds the following new optional field to
the IoT SiteWise asset resource: assetDescription.
* api-change:``lookoutmetrics``: [``botocore``] Adding backtest mode to detectors using the
Cloudwatch data source.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports automatic language
identification for multi-lingual audio in batch mode.
* feature:Python: Dropped support for Python 3.6
* feature:Python: [``botocore``] Dropped support for Python 3.6
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports IP Address propagation for
all unauthenticated APIs (e.g. SignUp, ForgotPassword).
* api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to accommodate using
multiple AWS accounts with AWS Elastic Disaster Recovery.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now support Jupyter
Lab 3.
- from version 1.23.10
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now allows
configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5
instance types.
* api-change:``appflow``: [``botocore``] Adding the following features/changes: Parquet output that
preserves typing from the source connector, Failed executions threshold before deactivation for
scheduled flows, increasing max size of access and refresh token from 2048 to 4096
* api-change:``datasync``: [``botocore``] AWS DataSync now supports TLS encryption in transit, file
system policies and access points for EFS locations.
* api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
Serverless, a serverless runtime environment that simplifies running analytics applications using
the latest open source frameworks such as Apache Spark and Apache Hive.
- from version 1.23.9
* api-change:``lightsail``: [``botocore``] Amazon Lightsail now supports the ability to configure a
Lightsail Container Service to pull images from Amazon ECR private repositories in your account.
* api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
Serverless, a serverless runtime environment that simplifies running analytics applications using
the latest open source frameworks such as Apache Spark and Apache Hive.
* api-change:``ec2``: [``botocore``] C7g instances, powered by the latest generation AWS Graviton3
processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.
* api-change:``forecast``: [``botocore``] Introduced a new field in Auto Predictor as Time
Alignment Boundary. It helps in aligning the timestamps generated during Forecast exports
- from version 1.23.8
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``fsx``: [``botocore``] This release adds root squash support to FSx for Lustre to
restrict root level access from clients by mapping root users to a less-privileged user/group with
limited permissions.
* api-change:``lookoutmetrics``: [``botocore``] Adding AthenaSourceConfig for MetricSet APIs to
support Athena as a data source.
* api-change:``voice-id``: [``botocore``] VoiceID will now automatically expire Speakers if they
haven't been accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker
APIs now return a "/LastAccessedAt"/ time for Speakers, and the EvaluateSession API returns
"/SPEAKER_EXPIRED"/ Auth Decision for EXPIRED Speakers.
* api-change:``cloudformation``: [``botocore``] Add a new parameter statusReason to
DescribeStackSetOperation output for additional details
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``apprunner``: [``botocore``] Documentation-only update added for CodeConfiguration.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for manually
selecting features from the input dataset using the CreateAutoMLJob API.
- from version 1.23.7
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports requiring attribute
verification (ex. email and phone number) before update.
* api-change:``networkmanager``: [``botocore``] This release adds Multi Account API support for a
TGW Global Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network
Manager service and dependency CloudFormation StackSets service.
* api-change:``ivschat``: [``botocore``] Doc-only update. For MessageReviewHandler structure, added
timeout period in the description of the fallbackResult field
* api-change:``ec2``: [``botocore``] Stop Protection feature enables customers to protect their
instances from accidental stop actions.
- from version 1.23.6
* api-change:``elasticache``: [``botocore``] Added support for encryption in transit for Memcached
clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using
Memcached version 1.6.12 or later.
* api-change:``forecast``: [``botocore``] New APIs for Monitor that help you understand how your
predictors perform over time.
* api-change:``personalize``: [``botocore``] Adding modelMetrics as part of DescribeRecommender API
response for Personalize.
- from version 1.23.5
* api-change:``comprehend``: [``botocore``] Comprehend releases 14 new entity types for
DetectPiiEntities and ContainsPiiEntities APIs.
* api-change:``logs``: [``botocore``] Doc-only update to publish the new valid values for log
retention
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Remove version constraint on python-pytest in BuildRequires
- Revert changes to Requires that introduced new incompatible syntax
- Update to 1.29.89
* api-change:``ivschat``: This release adds a new exception returned when calling AWS IVS chat
UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when
invalid updates are made in sequence to Logging Configurations.
* api-change:``secretsmanager``: The type definitions of SecretString and SecretBinary now have a
minimum length of 1 in the model to match the exception thrown when you pass in empty values.
- from version 1.29.88
* api-change:``codeartifact``: This release introduces the generic package format, a mechanism for
storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for
publishing generic packages.
* api-change:``connect``: This release adds a new API, GetMetricDataV2, which returns metric data
for Amazon Connect.
* api-change:``evidently``: Updated entity override documentation
* api-change:``networkmanager``: This update provides example usage for TransitGatewayRouteTableArn.
* api-change:``quicksight``: This release has two changes: add state persistence feature for
embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden
collapsed row dimensions in PivotTableOptions.
* api-change:``redshift-data``: Added support for Redshift Serverless workgroup-arn wherever the
WorkgroupName parameter is available.
* api-change:``sagemaker``: Amazon SageMaker Inference now allows SSM access to customer's model
container by setting the "/EnableSSMAccess"/ parameter for a ProductionVariant in
CreateEndpointConfig API.
* api-change:``servicediscovery``: Updated all AWS Cloud Map APIs to provide consistent throttling
exception (RequestLimitExceeded)
* api-change:``sesv2``: This release introduces a new recommendation in Virtual Deliverability
Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification
(BIMI) DNS records for customer sending identities.
- from version 1.29.87
* api-change:``athena``: A new field SubstatementType is added to GetQueryExecution API, so
customers have an error free way to detect the query type and interpret the result.
* api-change:``dynamodb``: Adds deletion protection support to DynamoDB tables. Tables with
deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be
enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting
is not replicated for Global Tables.
* api-change:``ec2``: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest
generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based
instances.
* api-change:``lakeformation``: This release adds two new API support "/GetDataCellsFiler"/ and
"/UpdateDataCellsFilter"/, and also updates the corresponding documentation.
* api-change:``mediapackage-vod``: This release provides the date and time VOD resources were
created.
* api-change:``mediapackage``: This release provides the date and time live resources were created.
* api-change:``route53resolver``: Add dual-stack and IPv6 support for Route 53 Resolver
Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
* api-change:``sagemaker``: There needs to be a user identity to specify the SageMaker user who
perform each action regarding the entity. However, these is a not a unified concept of user
identity across SageMaker service that could be used today.
- from version 1.29.86
* api-change:``dms``: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes
functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation
calculation.
* api-change:``location``: Documentation update for the release of 3 additional map styles for use
with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data
Visualization Dark.
- from version 1.29.85
* api-change:``account``: AWS Account alternate contact email addresses can now have a length of
254 characters and contain the character "/|"/.
* api-change:``ivs``: Updated text description in DeleteChannel, Stream, and StreamSummary.
- from version 1.29.84
* api-change:``dynamodb``: Documentation updates for DynamoDB.
* api-change:``ec2``: This release adds support for a new boot mode for EC2 instances called 'UEFI
Preferred'.
* api-change:``macie2``: Documentation updates for Amazon Macie
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has improved handling for
different input and output color space combinations.
* api-change:``medialive``: AWS Elemental MediaLive adds support for Nielsen watermark timezones.
* api-change:``transcribe``: Amazon Transcribe now supports role access for these API operations:
CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter.
- from version 1.29.83
* api-change:``iot``: A recurring maintenance window is an optional configuration used for rolling
out the job document to all devices in the target group observing a predetermined start time,
duration, and frequency that the maintenance window occurs.
* api-change:``migrationhubstrategy``: This release updates the File Import API to allow importing
servers already discovered by customers with reduced pre-requisites.
* api-change:``organizations``: This release introduces a new reason code,
ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
* api-change:``pi``: This release adds a new field PeriodAlignment to allow the customer specifying
the returned timestamp of time periods to be either the start or end time.
* api-change:``pipes``: This release fixes some input parameter range and patterns.
* api-change:``sagemaker``: Add a new field "/EndpointMetrics"/ in SageMaker Inference Recommender
"/ListInferenceRecommendationsJobSteps"/ API response.
- from version 1.29.82
* api-change:``codecatalyst``: Published Dev Environments StopDevEnvironmentSession API
* api-change:``pricing``: This release adds 2 new APIs - ListPriceLists which returns a list of
applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists
from the generated file from ListPriceLists
* api-change:``s3outposts``: S3 on Outposts introduces a new API ListOutpostsWithS3, with this API
you can list all your Outposts with S3 capacity.
- from version 1.29.81
* enhancement:Documentation: Splits service documentation into multiple sub-pages for better
organization and faster loading time.
* api-change:``comprehend``: Amazon Comprehend now supports flywheels to help you train and manage
new model versions for custom models.
* api-change:``ec2``: This release allows IMDS support to be set to v2-only on an existing AMI, so
that all future instances launched from that AMI will use IMDSv2 by default.
* api-change:``kms``: AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the
GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will
end support for this wrapping algorithm by October 1, 2023.
* api-change:``lightsail``: This release adds Lightsail for Research feature support, such as GUI
session access, cost estimates, stop instance on idle, and disk auto mount.
* api-change:``managedblockchain``: This release adds support for tagging to the accessor resource
in Amazon Managed Blockchain
* api-change:``omics``: Minor model changes to accomodate batch imports feature
- from version 1.29.80
* api-change:``devops-guru``: This release adds the description field on ListAnomaliesForInsight
and DescribeAnomaly API responses for proactive anomalies.
* api-change:``drs``: New fields were added to reflect availability zone data in source server and
recovery instance description commands responses, as well as source server launch status.
* api-change:``internetmonitor``: CloudWatch Internet Monitor is a a new service within CloudWatch
that will help application developers and network engineers continuously monitor internet
performance metrics such as availability and performance between their AWS-hosted applications and
end-users of these applications
* api-change:``lambda``: This release adds the ability to create ESMs with Document DB change
streams as event source. For more information see
https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for HDR10 to
SDR tone mapping, and animated GIF video input sources.
* api-change:``timestream-write``: This release adds the ability to ingest batched historical data
or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.29.79
* api-change:``connect``: StartTaskContact API now supports linked task creation with a new
optional RelatedContactId parameter
* api-change:``connectcases``: This release adds the ability to delete domains through the
DeleteDomain API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``redshift``: Documentation updates for Redshift API bringing it in line with IAM best
practices.
* api-change:``securityhub``: New Security Hub APIs and updates to existing APIs that help you
consolidate control findings and enable and disable controls across all supported standards
* api-change:``servicecatalog``: Documentation updates for Service Catalog
- Update to 1.29.78
* api-change:``appflow``: This release enables the customers to choose whether to use Private Link
for Metadata and Authorization call when using a private Salesforce connections
* api-change:``ecs``: This release supports deleting Amazon ECS task definitions that are in the
INACTIVE state.
* api-change:``grafana``: Doc-only update. Updated information on attached role policies for
customer provided roles
* api-change:``guardduty``: Updated API and data types descriptions for CreateFilter, UpdateFilter,
and TriggerDetails.
* api-change:``iotwireless``: In this release, we add additional capabilities for the FUOTA which
allows user to configure the fragment size, the sending interval and the redundancy ratio of the
FUOTA tasks
* api-change:``location``: This release adds support for using Maps APIs with an API Key in
addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys.
* api-change:``macie2``: This release adds support for a new finding type,
Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
shared with an Amazon CloudFront OAI or OAC.
* api-change:``wafv2``: You can now associate an AWS WAF v2 web ACL with an AWS App Runner service.
- from version 1.29.77
* api-change:``chime-sdk-voice``: This release introduces support for Voice Connector media metrics
in the Amazon Chime SDK Voice namespace
* api-change:``cloudfront``: CloudFront now supports block lists in origin request policies so that
you can forward all headers, cookies, or query string from viewer requests to the origin *except*
for those specified in the block list.
* api-change:``datasync``: AWS DataSync has relaxed the minimum length constraint of AccessKey for
Object Storage locations to 1.
* api-change:``opensearch``: This release lets customers configure Off-peak window and software
update related properties for a new/existing domain. It enhances the capabilities of
StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
allows Auto-tune to make use of Off-peak window.
* api-change:``rum``: CloudWatch RUM now supports CloudWatch Custom Metrics
* api-change:``ssm``: Document only update for Feb 2023
- from version 1.29.76
* api-change:``quicksight``: S3 data sources now accept a custom IAM role.
* api-change:``resiliencehub``: In this release we improved resilience hub application creation and
maintenance by introducing new resource and app component crud APIs, improving visibility and
maintenance of application input sources and added support for additional information attributes to
be provided by customers.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``tnb``: This is the initial SDK release for AWS Telco Network Builder (TNB). AWS
Telco Network Builder is a network automation service that helps you deploy and manage telecom
networks.
- from version 1.29.75
* bugfix:SSO: Fixes aws/aws-cli`#7496 <https://github.com/aws/aws-cli/issues/7496>`__ by using the
correct profile name rather than the one set in the session.
* api-change:``auditmanager``: This release introduces a ServiceQuotaExceededException to the
UpdateAssessmentFrameworkShare API operation.
* api-change:``connect``: Reasons for failed diff has been approved by SDK Reviewer
- from version 1.29.74
* api-change:``apprunner``: This release supports removing MaxSize limit for
AutoScalingConfiguration.
* api-change:``glue``: Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.29.73
* api-change:``emr``: Update emr client to latest version
* api-change:``grafana``: With this release Amazon Managed Grafana now supports inbound Network
Access Control that helps you to restrict user access to your Grafana workspaces
* api-change:``ivs``: Doc-only update. Updated text description in DeleteChannel, Stream, and
StreamSummary.
* api-change:``wafv2``: Added a notice for account takeover prevention (ATP). The interface
incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East
(N. Virginia), without returning an error. ATP response inspection is only available in web ACLs
that protect CloudFront distributions.
- from version 1.29.72
* api-change:``cloudtrail``: This release adds an InsufficientEncryptionPolicyException type to the
StartImport endpoint
* api-change:``efs``: Update efs client to latest version
* api-change:``frauddetector``: This release introduces Lists feature which allows customers to
reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage
these attributes in real time. Lists can be created/deleted and its contents can be modified using
the Fraud Detector API.
* api-change:``glue``: Fix DirectJDBCSource not showing up in CLI code gen
* api-change:``privatenetworks``: This release introduces a new StartNetworkResourceUpdate API,
which enables return/replacement of hardware from a NetworkSite.
* api-change:``rds``: Database Activity Stream support for RDS for SQL Server.
* api-change:``wafv2``: For protected CloudFront distributions, you can now use the AWS WAF Fraud
Control account takeover prevention (ATP) managed rule group to block new login attempts from
clients that have recently submitted too many failed login attempts.
- Update to 1.29.71
* api-change:``appconfig``: AWS AppConfig now offers the option to set a version label on hosted
configuration versions. Version labels allow you to identify specific hosted configuration versions
based on an alternate versioning scheme that you define.
* api-change:``datasync``: With this launch, we are giving customers the ability to use older SMB
protocol versions, enabling them to use DataSync to copy data to and from their legacy storage
arrays.
* api-change:``ec2``: With this release customers can turn host maintenance on or off when
allocating or modifying a supported dedicated host. Host maintenance is turned on by default for
supported hosts.
- from version 1.29.70
* api-change:``account``: This release of the Account Management API enables customers to view and
manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information,
see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
* api-change:``appconfigdata``: AWS AppConfig now offers the option to set a version label on
hosted configuration versions. If a labeled hosted configuration version is deployed, its version
label is available in the GetLatestConfiguration response.
* api-change:``snowball``: Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can
now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.29.69
* api-change:``autoscaling``: You can now either terminate/replace, ignore, or wait for EC2 Auto
Scaling instances on standby or protected from scale in. Also, you can also roll back changes from
a failed instance refresh.
* api-change:``connect``: This update provides the Wisdom session ARN for contacts enabled for
Wisdom in the chat channel.
* api-change:``ec2``: Adds support for waiters that automatically poll for an imported snapshot
until it reaches the completed state.
* api-change:``polly``: Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for selecting algorithms in
CreateAutoMLJob API.
* api-change:``sns``: This release adds support for SNS X-Ray active tracing as well as other
updates.
- from version 1.29.68
* api-change:``chime-sdk-meetings``: Documentation updates for Chime Meetings SDK
* api-change:``emr-containers``: EMR on EKS allows configuring retry policies for job runs through
the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically
if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs
and monitored using CloudWatch events.
* api-change:``evidently``: Updated entity overrides parameter to accept up to 2500 overrides or a
total of 40KB.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``lightsail``: Documentation updates for Lightsail
* api-change:``migration-hub-refactor-spaces``: This release adds support for creating environments
with a network fabric type of NONE
* api-change:``workdocs``: Doc only update for the WorkDocs APIs.
* api-change:``workspaces``: Removed Windows Server 2016 BYOL and made changes based on IAM
campaign.
- from version 1.29.67
* api-change:``backup``: This release added one attribute (resource name) in the output model of
our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No
input required from Customers.
* api-change:``cloudfront``: CloudFront Origin Access Control extends support to AWS Elemental
MediaStore origins.
* api-change:``glue``: DirectJDBCSource + Glue 4.0 streaming options
* api-change:``lakeformation``: This release removes the LFTagpolicyResource expression limits.
- Update to 1.29.66
* api-change:``transfer``: Updated the documentation for the ImportCertificate API call, and added
examples.
- from version 1.29.65
* api-change:``compute-optimizer``: AWS Compute optimizer can now infer if Kafka is running on an
instance.
* api-change:``customer-profiles``: This release deprecates the PartyType and Gender enum data
types from the Profile model and replaces them with new PartyTypeString and GenderString
attributes, which accept any string of length up to 255.
* api-change:``frauddetector``: My AWS Service (Amazon Fraud Detector) - This release introduces
Cold Start Model Training which optimizes training for small datasets and adds intelligent methods
for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights
models with minimal historical-data.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added improved scene change
detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to
the AVC encoder.
* api-change:``outposts``: Adds OrderType to Order structure. Adds PreviousOrderId and
PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
length of pagination token.
- from version 1.29.64
* enhancement:AWSCRT: Upgrade awscrt version to 0.16.9
* api-change:``proton``: Add new GetResourcesSummary API
* api-change:``redshift``: Corrects descriptions of the parameters for the API operations
RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.29.63
* api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption of
configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects
using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported.
* api-change:``connect``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``keyspaces``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``quicksight``: QuickSight support for Radar Chart and Dashboard Publish Options
* api-change:``redshift``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``sso-admin``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.62
* bugfix:``s3``: boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked`
when user also supplies `ChecksumAlgorithm`.
* api-change:``devops-guru``: This release adds filter support ListAnomalyForInsight API.
* api-change:``forecast``: This release will enable customer select INCREMENTAL as ImportModel in
Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following
https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added
support for program updates, and the ability to clip the end of VOD sources in programs.
* api-change:``sns``: Additional attributes added for set-topic-attributes.
- from version 1.29.61
* api-change:``accessanalyzer``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``appsync``: This release introduces the feature to support EventBridge as AppSync
data source.
* api-change:``cloudtrail-data``: Add CloudTrail Data Service to enable users to ingest activity
events from non-AWS sources into CloudTrail Lake.
* api-change:``cloudtrail``: Add new "/Channel"/ APIs to enable users to manage channels used for
CloudTrail Lake integrations, and "/Resource Policy"/ APIs to enable users to manage the
resource-based permissions policy attached to a channel.
* api-change:``codeartifact``: This release introduces a new DeletePackage API, which enables
deletion of a package and all of its versions from a repository.
* api-change:``connectparticipant``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: This launch allows customers to associate up to 8 IP addresses to their NAT
Gateways to increase the limit on concurrent connections to a single destination by eight times
from 55K to 440K.
* api-change:``groundstation``: DigIF Expansion changes to the Customer APIs.
* api-change:``iot``: Added support for IoT Rules Engine Cloudwatch Logs action batch mode.
* api-change:``kinesis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``opensearch``: Amazon OpenSearch Service adds the option for a VPC endpoint
connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can
now use remote reindex to copy indices from one VPC domain to another without a reverse proxy.
* api-change:``outposts``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``polly``: Amazon Polly adds two new neural American English voices - Ruth, Stephen
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports more completion
criteria for Hyperparameter Optimization.
* api-change:``securityhub``: New fields have been added to the AWS Security Finding Format.
Compliance.SecurityControlId is a unique identifier for a security control across standards.
Compliance.AssociatedStandards contains all enabled standards in which a security control is
enabled.
* api-change:``support``: This fixes incorrect endpoint construction when a customer is explicitly
setting a region.
- Update to 1.29.60
* api-change:``clouddirectory``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``cloudformation``: This feature provides a method of obtaining which regions a
stackset has stack instances deployed in.
* api-change:``discovery``: Update ImportName validation to 255 from the current length of 100
* api-change:``dlm``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: We add Prefix Lists as a new route destination option for LocalGatewayRoutes.
This will allow customers to create routes to Prefix Lists. Prefix List routes will allow customers
to group individual CIDR routes with the same target into a single route.
* api-change:``imagebuilder``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``kafka``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``mediaconvert``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``swf``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.59
* api-change:``application-autoscaling``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``appstream``: Fixing the issue where Appstream waiters hang for fleet_started and
fleet_stopped.
* api-change:``elasticbeanstalk``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``fis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``glacier``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrass``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrassv2``: Enabled FIPS endpoints for GovCloud (US) in SDK.
* api-change:``mediatailor``: This release introduces the As Run logging type, along with API and
documentation updates.
* api-change:``outposts``: Adding support for payment term in GetOrder, CreateOrder responses.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: This release supports running SageMaker Training jobs with container
images that are in a private Docker registry.
* api-change:``serverlessrepo``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- Update to 1.29.58
* api-change:``events``: Update events client to latest version
* api-change:``iotfleetwise``: Add model validation to BatchCreateVehicle and BatchUpdateVehicle
operations that invalidate requests with an empty vehicles list.
* api-change:``s3``: Allow FIPS to be used with path-style URLs.
- from version 1.29.57
* api-change:``cloudformation``: Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``ec2``: This release adds new functionality that allows customers to provision IPv6
CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing customers to utilize
IPAM Resource Discovery APIs.
* api-change:``m2``: Add returnCode, batchJobIdentifier in GetBatchJobExecution response, for user
to view the batch job execution result & unique identifier from engine. Also removed unused headers
from REST APIs
* api-change:``polly``: Add 5 new neural voices - Sergio (es-ES), Andres (es-MX), Remi (fr-FR),
Adriano (it-IT) and Thiago (pt-BR).
* api-change:``redshift-serverless``: Added query monitoring rules as possible parameters for
create and update workgroup operations.
* api-change:``s3control``: Add additional endpoint tests for S3 Control. Fix missing endpoint
parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix, those operations may
have resulted in an invalid endpoint being resolved.
* api-change:``sagemaker``: SageMaker Inference Recommender now decouples from Model Registry and
could accept Model Name to invoke inference recommendations job; Inference Recommender now provides
CPU/Memory Utilization metrics data in recommendation output.
* api-change:``sts``: Doc only change to update wording in a key topic
- from version 1.29.56
* api-change:``databrew``: Enabled FIPS us-gov-west-1 endpoints in SDK.
* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Melbourne) Region
(ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``ssm-sap``: This release provides updates to documentation and support for listing
operations performed by AWS Systems Manager for SAP.
- from version 1.29.55
* api-change:``lambda``: Release Lambda RuntimeManagementConfig, enabling customers to better
manage runtime updates to their Lambda functions. This release adds two new APIs,
GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
Create/Get/Update function APIs.
* api-change:``sagemaker``: Amazon SageMaker Inference now supports P4de instance types.
- from version 1.29.54
* api-change:``ec2``: C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd Generation
Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz.
* api-change:``ivs``: API and Doc update. Update to arns field in BatchGetStreamKey. Also updates
to operations and structures.
* api-change:``quicksight``: This release adds support for data bars in QuickSight table and
increases pivot table field well limit.
- from version 1.29.53
* api-change:``appflow``: Adding support for Salesforce Pardot connector in Amazon AppFlow.
* api-change:``codeartifact``: Documentation updates for CodeArtifact
* api-change:``connect``: Amazon Connect Chat introduces Persistent Chat, allowing customers to
resume previous conversations with context and transcripts carried over from previous chats,
eliminating the need to repeat themselves and allowing agents to provide personalized service with
access to entire conversation history.
* api-change:``connectparticipant``: This release updates Amazon Connect Participant's
GetTranscript api to provide transcripts of past chats on a persistent chat session.
* api-change:``ec2``: Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch
Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion
and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the
resolved parameter value.
* api-change:``glue``: Release Glue Studio Hudi Data Lake Format for SDK/CLI
* api-change:``groundstation``: Add configurable prepass and postpass times for
DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
through ReserveContact
* api-change:``logs``: Bug fix - Removed the regex pattern validation from CoralModel to avoid
potential security issue.
* api-change:``medialive``: AWS Elemental MediaLive adds support for SCTE 35 preRollMilliSeconds.
* api-change:``opensearch``: This release adds the enhanced dry run option, that checks for
validation errors that might occur when deploying configuration changes and provides a summary of
these errors, if any. The feature will also indicate whether a blue/green deployment will be
required to apply a change.
* api-change:``panorama``: Added AllowMajorVersionUpdate option to OTAJobConfig to make appliance
software major version updates opt-in.
* api-change:``sagemaker``: HyperParameterTuningJobs now allow passing environment variables into
the corresponding TrainingJobs
- Update to 1.29.52
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``efs``: Update efs client to latest version
* api-change:``ivschat``: Updates the range for a Chat Room's maximumMessageRatePerSecond field.
* api-change:``wafv2``: Improved the visibility of the guidance for updating AWS WAF resources,
such as web ACLs and rule groups.
- from version 1.29.51
* api-change:``billingconductor``: This release adds support for SKU Scope for pricing plans.
* api-change:``cloud9``: Added minimum value to AutomaticStopTimeMinutes parameter.
* api-change:``imagebuilder``: Add support for AWS Marketplace product IDs as input during
CreateImageRecipe for the parent-image parameter. Add support for listing third-party components.
* api-change:``network-firewall``: Network Firewall now allows creation of dual stack endpoints,
enabling inspection of IPv6 traffic.
- update to 1.29.50:
* api-change:``connect``: This release updates the responses of
UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName
and DeleteContactFlow API with empty responses.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``outposts``: This release adds POWER_30_KVA as an option for
PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure
in the CreateSite request.
* api-change:``resource-groups``: AWS Resource Groups customers can now turn
on Group Lifecycle Events in their AWS account. When you turn this on,
Resource Groups monitors your groups for changes to group state or
membership. Those changes are sent to Amazon EventBridge as events that you
can respond to using rules you create.
* api-change:``cleanrooms``: Initial release of AWS Clean Rooms
* api-change:``lambda``: Add support for MaximumConcurrency parameter for SQS
event source. Customers can now limit the maximum concurrent invocations
for their SQS Event Source Mapping.
* api-change:``logs``: Bug fix: logGroupName is now not a required field in
GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams
APIs as logGroupIdentifier can be provided instead
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added
support for compact DASH manifest generation, audio normalization using
TruePeak measurements, and the ability to clip the sample range in the
color corrector.
* api-change:``secretsmanager``: Update documentation for new ListSecrets and DescribeSecret parameters
* api-change:``kendra``: This release adds support to new document types -
RTF, XML, XSLT, MS_EXCEL, CSV, JSON, MD
* api-change:``location``: This release adds support for two new route travel
models, Bicycle and Motorcycle which can be used with Grab data source.
* api-change:``rds``: This release adds support for configuring allocated
storage on the CreateDBInstanceReadReplica,
RestoreDBInstanceFromDBSnapshot, and RestoreDBInstanceToPointInTime APIs.
* api-change:``ecr-public``: This release for Amazon ECR Public makes several
change to bring the SDK into sync with the API.
* api-change:``kendra-ranking``: Introducing Amazon Kendra Intelligent
Ranking, a new set of Kendra APIs that leverages Kendra semantic ranking
capabilities to improve the quality of search results from other search
services (i.e. OpenSearch, ElasticSearch, Solr).
* api-change:``network-firewall``: Network Firewall now supports the Suricata
rule action reject, in addition to the actions pass, drop, and alert.
* api-change:``ram``: Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``workspaces-web``: This release adds support for a new portal
authentication type: AWS IAM Identity Center (successor to AWS Single
Sign-On).
- correct requires
- update to 1.29.45:
* api-change:``acm-pca``: Added revocation parameter validation: bucket names
must match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions
on the use of special characters in URIs.
* api-change:``auditmanager``: This release introduces a new data retention
option in your Audit Manager settings. You can now use the
DeregistrationPolicy parameter to specify if you want to delete your data
when you deregister Audit Manager.
* api-change:``amplifybackend``: Updated GetBackendAPIModels response to
include ModelIntrospectionSchema json string
* api-change:``apprunner``: This release adds support of securely referencing
secrets and configuration data that are stored in Secrets Manager and SSM
Parameter Store by adding them as environment secrets in your App Runner
service.
* api-change:``connect``: Documentation update for a new Initiation Method
value in DescribeContact API
* api-change:``emr-serverless``: Adds support for customized images. You can
now provide runtime images when creating or updating EMR Serverless
Applications.
* api-change:``lightsail``: Documentation updates for Amazon Lightsail.
* api-change:``mwaa``: MWAA supports Apache Airflow version 2.4.3.
* api-change:``rds``: This release adds support for specifying which
certificate authority (CA) to use for a DB instance's server certificate
during DB instance creation, as well as other CA enhancements.
* api-change:``application-autoscaling``: Customers can now use the existing
DescribeScalingActivities API to also see the detailed and machine-readable
reasons for Application Auto Scaling not scaling their resources and, if
needed, take the necessary corrective actions.
* api-change:``logs``: Update to remove sequenceToken as a required field in
PutLogEvents calls.
* api-change:``ssm``: Adding support for QuickSetup Document Type in Systems
Manager
* api-change:``securitylake``: Allow CreateSubscriber API to take string input
that allows setting more descriptive SubscriberDescription field. Make
souceTypes field required in model level for UpdateSubscriberRequest as it is
required for every API call on the backend. Allow ListSubscribers take any
String as nextToken param.
- Update to 1.29.41
* api-change:``cloudfront``: Extend response headers policy to support removing headers from viewer
responses
* api-change:``iotfleetwise``: Update documentation - correct the epoch constant value of default
value for expiryTime field in CreateCampaign request.
- from version 1.29.40
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``emr``: Update emr client to latest version
* api-change:``secretsmanager``: Added owning service filter, include planned deletion flag, and
next rotation date response parameter in ListSecrets.
* api-change:``wisdom``: This release extends Wisdom CreateContent and StartContentUpload APIs to
support PDF and MicrosoftWord docx document uploading.
- from version 1.29.39
* api-change:``elasticache``: This release allows you to modify the encryption in transit setting,
for existing Redis clusters. You can now change the TLS configuration of your Redis clusters
without the need to re-build or re-provision the clusters or impact application availability.
* api-change:``network-firewall``: AWS Network Firewall now provides status messages for firewalls
to help you troubleshoot when your endpoint fails.
* api-change:``rds``: This release adds support for Custom Engine Version (CEV) on RDS Custom SQL
Server.
* api-change:``route53-recovery-control-config``: Added support for Python paginators in the
route53-recovery-control-config List* APIs.
- from version 1.29.38
* api-change:``memorydb``: This release adds support for MemoryDB Reserved nodes which provides a
significant discount compared to on-demand node pricing. Reserved nodes are not physical nodes, but
rather a billing discount applied to the use of on-demand nodes in your account.
* api-change:``transfer``: Add additional operations to throw ThrottlingExceptions
- from version 1.29.37
* api-change:``connect``: Support for Routing Profile filter, SortCriteria, and grouping by Routing
Profiles for GetCurrentMetricData API. Support for RoutingProfiles, UserHierarchyGroups, and Agents
as filters, NextStatus and AgentStatusName for GetCurrentUserData. Adds ApproximateTotalCount to
both APIs.
* api-change:``connectparticipant``: Amazon Connect Chat introduces the Message Receipts feature.
This feature allows agents and customers to receive message delivered and read receipts after they
send a chat message.
* api-change:``detective``: This release adds a missed AccessDeniedException type to several
endpoints.
* api-change:``fsx``: Fix a bug where a recent release might break certain existing SDKs.
* api-change:``inspector2``: Amazon Inspector adds support for scanning NodeJS 18.x and Go 1.x AWS
Lambda function runtimes.
- from version 1.29.36
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
generate optimization recommendations for ecs services running on Fargate.
* api-change:``connect``: Amazon Connect Chat introduces the Idle Participant/Autodisconnect
feature, which allows users to set timeouts relating to the activity of chat participants, using
the new UpdateParticipantRoleConfig API.
* api-change:``iotdeviceadvisor``: This release adds the following new features: 1) Documentation
updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT Device Advisor
APIs. 3) Added new service feature: ability to provide the test endpoint when customer executing
the StartSuiteRun API.
* api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``rds``: Add support for managing master user password in AWS Secrets Manager for the
DBInstance and DBCluster.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.29.35
* api-change:``connect``: Amazon Connect Chat now allows for JSON (application/json) message types
to be sent as part of the initial message in the StartChatContact API.
* api-change:``connectparticipant``: Amazon Connect Chat now allows for JSON (application/json)
message types to be sent in the SendMessage API.
* api-change:``license-manager-linux-subscriptions``: AWS License Manager now offers cross-region,
cross-account tracking of commercial Linux subscriptions on AWS. This includes subscriptions
purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or brought to AWS via
Red Hat Cloud Access Program.
* api-change:``macie2``: This release adds support for analyzing Amazon S3 objects that use the S3
Glacier Instant Retrieval (Glacier_IR) storage class.
* api-change:``sagemaker``: This release enables adding RStudio Workbench support to an existing
Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
parameters for existing domains
* api-change:``scheduler``: Updated the ListSchedules and ListScheduleGroups APIs to allow the
NamePrefix field to start with a number. Updated the validation for executionRole field to support
any role name.
* api-change:``ssm``: Doc-only updates for December 2022.
* api-change:``support``: Documentation updates for the AWS Support API
* api-change:``transfer``: This release adds support for Decrypt as a workflow step type.
- from version 1.29.34
* api-change:``batch``: Adds isCancelled and isTerminated to DescribeJobs response.
* api-change:``ec2``: Adds support for pagination in the EC2 DescribeImages API.
* api-change:``lookoutequipment``: This release adds support for listing inference schedulers by
status.
* api-change:``medialive``: This release adds support for two new features to AWS Elemental
MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now now
support the ability to decode Dolby E audio when it comes in on an input.
* api-change:``nimble``: Amazon Nimble Studio now supports configuring session storage volumes and
persistence, as well as backup and restore sessions through launch profiles.
* api-change:``resource-explorer-2``: Documentation updates for AWS Resource Explorer.
* api-change:``route53domains``: Use Route 53 domain APIs to change owner, create/delete DS record,
modify IPS tag, resend authorization. New: AssociateDelegationSignerToDomain,
DisassociateDelegationSignerFromDomain, PushDomain, ResendOperationAuthorization. Updated:
UpdateDomainContact, ListOperations, CheckDomainTransferability.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for new objective metrics in
CreateAutoMLJob API.
* api-change:``transcribe``: Enable our batch transcription jobs for Swedish and Vietnamese.
- from version 1.29.33
* api-change:``athena``: Add missed InvalidRequestException in
GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
* api-change:``ecs``: This release adds support for alarm-based rollbacks in ECS, a new feature
that allows customers to add automated safeguards for Amazon ECS service rolling updates.
* api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``kinesisvideo``: Amazon Kinesis Video Streams offers capabilities to stream video and
audio in real-time via WebRTC to the cloud for storage, playback, and analytical processing.
Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming, as well as
media ingestion to the cloud.
* api-change:``rds``: Add support for --enable-customer-owned-ip to RDS
create-db-instance-read-replica API for RDS on Outposts.
* api-change:``sagemaker``: AWS Sagemaker - Sagemaker Images now supports Aliases as secondary
identifiers for ImageVersions. SageMaker Images now supports additional metadata for ImageVersions
for better images management.
- from version 1.29.32
* api-change:``appflow``: This release updates the ListConnectorEntities API action so that it
returns paginated responses that customers can retrieve with next tokens.
* api-change:``cloudfront``: Updated documentation for CloudFront
* api-change:``datasync``: AWS DataSync now supports the use of tags with task executions. With
this new feature, you can apply tags each time you execute a task, giving you greater control and
management over your task executions.
* api-change:``efs``: Update efs client to latest version
* api-change:``guardduty``: This release provides the valid characters for the Description and Name
field.
* api-change:``iotfleetwise``: Updated error handling for empty resource names in
"/UpdateSignalCatalog"/ and "/GetModelManifest"/ operations.
* api-change:``sagemaker``: AWS sagemaker - Features: This release adds support for random seed,
it's an integer value used to initialize a pseudo-random number generator. Setting a random seed
will allow the hyperparameter tuning search strategies to produce more consistent configurations
for the same tuning job.
- from version 1.29.31
* api-change:``backup-gateway``: This release adds support for VMware vSphere tags, enabling
customer to protect VMware virtual machines using tag-based policies for AWS tags mapped from
vSphere tags. This release also adds support for customer-accessible gateway-hypervisor interaction
log and upload bandwidth rate limit schedule.
* api-change:``connect``: Added support for "/English - New Zealand"/ and "/English - South African"/
to be used with Amazon Connect Custom Vocabulary APIs.
* api-change:``ecs``: This release adds support for container port ranges in ECS, a new capability
that allows customers to provide container port ranges to simplify use cases where multiple ports
are in use in a container. This release updates TaskDefinition mutation APIs and the Task
description APIs.
* api-change:``eks``: Add support for Windows managed nodes groups.
* api-change:``glue``: This release adds support for AWS Glue Crawler with native DeltaLake tables,
allowing Crawlers to classify Delta Lake format tables and catalog them for query engines to query
against.
* api-change:``kinesis``: Added StreamARN parameter for Kinesis Data Streams APIs. Added a new
opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when accessing
Kinesis Data Streams.
* api-change:``location``: This release adds support for a new style, "/VectorOpenDataStandardLight"/
which can be used with the new data source, "/Open Data Maps (Preview)"/.
* api-change:``m2``: Adds an optional create-only `KmsKeyId` property to Environment and
Application resources.
* api-change:``sagemaker``: SageMaker Inference Recommender now allows customers to load tests
their models on various instance types using private VPC.
* api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
* api-change:``translate``: Raised the input byte size limit of the Text field in the TranslateText
API to 10000 bytes.
- from version 1.29.30
* api-change:``ce``: This release supports percentage-based thresholds on Cost Anomaly Detection
alert subscriptions.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``networkmanager``: Appliance Mode support for AWS Cloud WAN.
* api-change:``redshift-data``: This release adds a new --client-token field to ExecuteStatement
and BatchExecuteStatement operations. Customers can now run queries with the additional client
token parameter to ensures idempotency.
* api-change:``sagemaker-metrics``: Update SageMaker Metrics documentation.
- from version 1.29.29
* api-change:``cloudtrail``: Merging mainline branch for service model into mainline release
branch. There are no new APIs.
* api-change:``rds``: This deployment adds ClientPasswordAuthType field to the Auth structure of
the DBProxy.
- from version 1.29.28
* bugfix:Endpoint provider: Updates ARN parsing ``resourceId`` delimiters
* api-change:``customer-profiles``: This release allows custom strings in PartyType and Gender
through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString and
GenderString.
* api-change:``ec2``: This release updates DescribeFpgaImages to show supported instance types of
AFIs in its response.
* api-change:``kinesisvideo``: This release adds support for public preview of Kinesis Video Stream
at Edge enabling customers to provide configuration for the Kinesis Video Stream EdgeAgent running
on an on-premise IoT device. Customers can now locally record from cameras and stream videos to the
cloud on configured schedule.
* api-change:``lookoutvision``: This documentation update adds kms:GenerateDataKey as a required
permission to StartModelPackagingJob.
* api-change:``migration-hub-refactor-spaces``: This release adds support for Lambda alias service
endpoints. Lambda alias ARNs can now be passed into CreateService.
* api-change:``rds``: Update the RDS API model to support copying option groups during the
CopyDBSnapshot operation
* api-change:``rekognition``: Adds support for "/aliases"/ and "/categories"/, inclusion and exclusion
filters for labels and label categories, and aggregating labels by video segment timestamps for
Stored Video Label Detection APIs.
* api-change:``sagemaker-metrics``: This release introduces support SageMaker Metrics APIs.
* api-change:``wafv2``: Documents the naming requirement for logging destinations that you use with
web ACLs.
- from version 1.29.27
* api-change:``iotfleetwise``: Deprecated assignedValue property for actuators and attributes.
Added a message to invalid nodes and invalid decoder manifest exceptions.
* api-change:``logs``: Doc-only update for CloudWatch Logs, for Tagging Permissions clarifications
* api-change:``medialive``: Link devices now support buffer size (latency) configuration. A higher
latency value means a longer delay in transmitting from the device to MediaLive, but improved
resiliency. A lower latency value means a shorter delay, but less resiliency.
* api-change:``mediapackage-vod``: This release provides the approximate number of assets in a
packaging group.
- Update to 1.29.26
* enhancement:Endpoint Provider Standard Library: Correct spelling of 'library' in
``StandardLibrary`` class
* api-change:``autoscaling``: Adds support for metric math for target tracking scaling policies,
saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for
VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to
the CreateAutoScalingGroup API.
* api-change:``iottwinmaker``: This release adds the following new features: 1) New APIs for
managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user
friendly names for component types (ComponentTypeName) and properties (DisplayName).
* api-change:``migrationhubstrategy``: This release adds known application filtering, server
selection for assessments, support for potential recommendations, and indications for configuration
and assessment status. For more information, see the AWS Migration Hub documentation at
https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.29.25
* api-change:``ce``: This release adds the LinkedAccountName field to the GetAnomalies API response
under RootCause
* api-change:``cloudfront``: Introducing UpdateDistributionWithStagingConfig that can be used to
promote the staging configuration to the production.
* api-change:``eks``: Adds support for EKS add-ons configurationValues fields and
DescribeAddonConfiguration function
* api-change:``kms``: Updated examples and exceptions for External Key Store (XKS).
- from version 1.29.24
* api-change:``billingconductor``: This release adds the Tiering Pricing Rule feature.
* api-change:``connect``: This release provides APIs that enable you to programmatically manage
rules for Contact Lens conversational analytics and third party applications. For more information,
see https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
* api-change:``dynamodb``: Endpoint Ruleset update: Use http instead of https for the "/local"/
region.
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``rds``: This release adds the BlueGreenDeploymentNotFoundFault to the
AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
* api-change:``sagemaker-featurestore-runtime``: For online + offline Feature Groups, added ability
to target PutRecord and DeleteRecord actions to only online store, or only offline store. If target
store parameter is not specified, actions will apply to both stores.
- from version 1.29.23
* api-change:``ce``: This release introduces two new APIs that offer a 1-click experience to
refresh Savings Plans recommendations. The two APIs are
StartSavingsPlansPurchaseRecommendationGeneration and
ListSavingsPlansPurchaseRecommendationGeneration.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``ivschat``: Adds PendingVerification error type to messaging APIs to block the
resource usage for accounts identified as being fraudulent.
* api-change:``rds``: This release adds the InvalidDBInstanceStateFault to the
RestoreDBClusterFromSnapshot operation.
* api-change:``transcribe``: Amazon Transcribe now supports creating custom language models in the
following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.29.22
* api-change:``appsync``: Fixes the URI for the evaluatecode endpoint to include the /v1 prefix
(ie. "//v1/dataplane-evaluatecode"/).
* api-change:``ecs``: Documentation updates for Amazon ECS
* api-change:``fms``: AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a
Service as a third-party policy type.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for
configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in
DASH and CMAF outputs.
* api-change:``medialive``: Updates to Event Signaling and Management (ESAM) API and documentation.
* api-change:``polly``: Add language code for Finnish (fi-FI)
* api-change:``proton``: CreateEnvironmentAccountConnection RoleArn input is now optional
* api-change:``redshift-serverless``: Add Table Level Restore operations for Amazon Redshift
Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to
Snapshots and Recovery Points in Amazon Redshift Serverless.
* api-change:``sns``: This release adds the message payload-filtering feature to the SNS Subscribe,
SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update to 1.29.21
* api-change:``codecatalyst``: This release adds operations that support customers using the AWS
Toolkits and Amazon CodeCatalyst, a unified software development service that helps developers
develop, deploy, and maintain applications in the cloud. For more information, see the
documentation.
* api-change:``comprehend``: Comprehend now supports semi-structured documents (such as PDF files
or image files) as inputs for custom analysis using the synchronous APIs (ClassifyDocument and
DetectEntities).
* api-change:``gamelift``: GameLift introduces a new feature, GameLift Anywhere. GameLift Anywhere
allows you to integrate your own compute resources with GameLift. You can also use GameLift
Anywhere to iteratively test your game servers without uploading the build to GameLift for every
iteration.
* api-change:``pipes``: AWS introduces new Amazon EventBridge Pipes which allow you to connect
sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any code, with
filtering, batching, input transformation, and an optional Enrichment stage (Lambda, StepFunctions,
ApiGateway, ApiDestinations)
* api-change:``stepfunctions``: Update stepfunctions client to latest version
- from version 1.29.20
* api-change:``accessanalyzer``: This release adds support for S3 cross account access points. IAM
Access Analyzer will now produce public or cross account findings when it detects bucket delegation
to external account access points.
* api-change:``athena``: This release includes support for using Apache Spark in Amazon Athena.
* api-change:``dataexchange``: This release enables data providers to license direct access to data
in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data Exchange. Subscribers
get read-only access to the data and can use it in downstream AWS services, like Amazon Athena,
without creating or managing copies.
* api-change:``docdb-elastic``: Launched Amazon DocumentDB Elastic Clusters. You can now use the
SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
* api-change:``glue``: This release adds support for AWS Glue Data Quality, which helps you
evaluate and monitor the quality of your data and includes the API for creating, deleting, or
updating data quality rulesets, runs and evaluations.
* api-change:``s3control``: Amazon S3 now supports cross-account access points. S3 bucket owners
can now allow trusted AWS accounts to create access points associated with their bucket.
* api-change:``sagemaker-geospatial``: This release provides Amazon SageMaker geospatial APIs to
build, train, deploy and visualize geospatial models.
* api-change:``sagemaker``: Added Models as part of the Search API. Added Model shadow deployments
in realtime inference, and shadow testing in managed inference. Added support for shared spaces,
geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on user profiles and
domains, Model sharing in Jumpstart.
- from version 1.29.19
* api-change:``ec2``: This release adds support for AWS Verified Access and the Hpc6id Amazon EC2
compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
* api-change:``firehose``: Allow support for the Serverless offering for Amazon OpenSearch Service
as a Kinesis Data Firehose delivery destination.
* api-change:``kms``: AWS KMS introduces the External Key Store (XKS), a new feature for customers
who want to protect their data with encryption keys stored in an external key management system
under their control.
* api-change:``omics``: Amazon Omics is a new, purpose-built service that can be used by healthcare
and life science organizations to store, query, and analyze omics data. The insights from that data
can be used to accelerate scientific discoveries and improve healthcare.
* api-change:``opensearchserverless``: Publish SDK for Amazon OpenSearch Serverless
* api-change:``securitylake``: Amazon Security Lake automatically centralizes security data from
cloud, on-premises, and custom sources into a purpose-built data lake stored in your account.
Security Lake makes it easier to analyze security data, so you can improve the protection of your
workloads, applications, and data
* api-change:``simspaceweaver``: AWS SimSpace Weaver is a new service that helps customers build
spatial simulations at new levels of scale - resulting in virtual worlds with millions of dynamic
entities. See the AWS SimSpace Weaver developer guide for more details on how to get started.
https://docs.aws.amazon.com/simspaceweaver
- from version 1.29.18
* api-change:``arc-zonal-shift``: Amazon Route 53 Application Recovery Controller Zonal Shift is a
new service that makes it easy to shift traffic away from an Availability Zone in a Region. See the
developer guide for more information:
https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
* api-change:``compute-optimizer``: Adds support for a new recommendation preference that makes it
possible for customers to optimize their EC2 recommendations by utilizing an external metrics
ingestion service to provide metrics.
* api-change:``config``: With this release, you can use AWS Config to evaluate your resources for
compliance with Config rules before they are created or updated. Using Config rules in proactive
mode enables you to test and build compliant resource templates or check resource configurations at
the time they are provisioned.
* api-change:``ec2``: Introduces ENA Express, which uses AWS SRD and dynamic routing to increase
throughput and minimize latency, adds support for trust relationships between Reachability Analyzer
and AWS Organizations to enable cross-account analysis, and adds support for Infrastructure
Performance metric subscriptions.
* api-change:``eks``: Adds support for additional EKS add-ons metadata and filtering fields
* api-change:``fsx``: This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP file systems
and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP, this also
adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route table
updates.
* api-change:``glue``: This release allows the creation of Custom Visual Transforms (Dynamic
Transforms) to be created via AWS Glue CLI/SDK.
* api-change:``inspector2``: This release adds support for Inspector to scan AWS Lambda.
* api-change:``lambda``: Adds support for Lambda SnapStart, which helps improve the startup
performance of functions. Customers can now manage SnapStart based functions via CreateFunction and
UpdateFunctionConfiguration APIs
* api-change:``license-manager-user-subscriptions``: AWS now offers fully-compliant,
Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
launch instances on-demand without any long-term licensing commitments.
* api-change:``macie2``: Added support for configuring Macie to continually sample objects from S3
buckets and inspect them for sensitive data. Results appear in statistics, findings, and other data
that Macie provides.
* api-change:``quicksight``: This release adds new Describe APIs and updates Create and Update APIs
to support the data model for Dashboards, Analyses, and Templates.
* api-change:``s3control``: Added two new APIs to support Amazon S3 Multi-Region Access Point
failover controls: GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. The
failover control APIs are supported in the following Regions: us-east-1, us-west-2, eu-west-1,
ap-southeast-2, and ap-northeast-1.
* api-change:``securityhub``: Adding StandardsManagedBy field to DescribeStandards API response
- from version 1.29.17
* api-change:``backup``: AWS Backup introduces support for legal hold and application stack
backups. AWS Backup Audit Manager introduces support for cross-Region, cross-account reports.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``drs``: Non breaking changes to existing APIs, and additional APIs added to support
in-AWS failing back using AWS Elastic Disaster Recovery.
* api-change:``ecs``: This release adds support for ECS Service Connect, a new capability that
simplifies writing and operating resilient distributed applications. This release updates the
TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also adds a new
ListServicesByNamespace API.
* api-change:``efs``: Update efs client to latest version
* api-change:``iot-data``: This release adds support for MQTT5 properties to AWS IoT HTTP Publish
API.
* api-change:``iot``: Job scheduling enables the scheduled rollout of a Job with start and end
times and a customizable end behavior when end time is reached. This is available for continuous
and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish Action.
* api-change:``iotwireless``: This release includes a new feature for customers to calculate the
position of their devices by adding three new APIs: UpdateResourcePosition, GetResourcePosition,
and GetPositionEstimate.
* api-change:``kendra``: Amazon Kendra now supports preview of table information from HTML tables
in the search results. The most relevant cells with their corresponding rows, columns are displayed
as a preview in the search result. The most relevant table cell or cells are also highlighted in
table preview.
* api-change:``logs``: Updates to support CloudWatch Logs data protection and CloudWatch
cross-account observability
* api-change:``mgn``: This release adds support for Application and Wave management. We also now
support custom post-launch actions.
* api-change:``oam``: Amazon CloudWatch Observability Access Manager is a new service that allows
configuration of the CloudWatch cross-account observability feature.
* api-change:``organizations``: This release introduces delegated administrator for AWS
Organizations, a new feature to help you delegate the management of your Organizations policies,
enabling you to govern your AWS organization in a decentralized way. You can now allow member
accounts to manage Organizations policies.
* api-change:``rds``: This release enables new Aurora and RDS feature called Blue/Green Deployments
that makes updates to databases safer, simpler and faster.
* api-change:``textract``: This release adds support for classifying and splitting lending
documents by type, and extracting information by using the Analyze Lending APIs. This release also
includes support for summarized information of the processed lending document package, in addition
to per document results.
* api-change:``transcribe``: This release adds support for 'inputType' for post-call and real-time
(streaming) Call Analytics within Amazon Transcribe.
- from version 1.29.16
* api-change:``grafana``: This release includes support for configuring a Grafana workspace to
connect to a datasource within a VPC as well as new APIs for configuring Grafana settings.
* api-change:``rbin``: This release adds support for Rule Lock for Recycle Bin, which allows you to
lock retention rules so that they can no longer be modified or deleted.
- from version 1.29.15
* bugfix:Endpoints: Resolve endpoint with default partition when no region is set
* bugfix:s3: fixes missing x-amz-content-sha256 header for s3 object lambda
* api-change:``appflow``: Adding support for Amazon AppFlow to transfer the data to Amazon Redshift
databases through Amazon Redshift Data API service. This feature will support the Redshift
destination connector on both public and private accessible Amazon Redshift Clusters and Amazon
Redshift Serverless.
* api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.15 in Kinesis Data Analytics.
- from version 1.29.14
* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Hyderabad) Region
(ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
- from version 1.29.13
* api-change:``appflow``: AppFlow provides a new API called UpdateConnectorRegistration to update a
custom connector that customers have previously registered. With this API, customers no longer need
to unregister and then register a connector to make an update.
* api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Evidence
finder. You can now use evidence finder to quickly query your evidence, and add the matching
evidence results to an assessment report.
* api-change:``chime-sdk-voice``: Amazon Chime Voice Connector, Voice Connector Group and PSTN
Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
* api-change:``cloudfront``: CloudFront API support for staging distributions and associated
traffic management policies.
* api-change:``connect``: Added AllowedAccessControlTags and TagRestrictedResource for Tag Based
Access Control on Amazon Connect Webpage
* api-change:``dynamodb``: Updated minor fixes for DynamoDB documentation.
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``ec2``: This release adds support for copying an Amazon Machine Image's tags when
copying an AMI.
* api-change:``glue``: AWSGlue Crawler - Adding support for Table and Column level Comments with
database level datatypes for JDBC based crawler.
* api-change:``iot-roborunner``: AWS IoT RoboRunner is a new service that makes it easy to build
applications that help multi-vendor robots work together seamlessly. See the IoT RoboRunner
developer guide for more details on getting started.
https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
* api-change:``quicksight``: This release adds the following: 1) Asset management for centralized
assets governance 2) QuickSight Q now supports public embedding 3) New Termination protection flag
to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role 5) QuickSight
supports connectivity to Databricks
* api-change:``sagemaker``: Added DisableProfiler flag as a new field in ProfilerConfig
* api-change:``servicecatalog``: This release 1. adds support for Principal Name Sharing with
Service Catalog portfolio sharing. 2. Introduces repo sourced products which are created and
managed with existing SC APIs. These products are synced to external repos and auto create new
product versions based on changes in the repo.
* api-change:``ssm-sap``: AWS Systems Manager for SAP provides simplified operations and management
of SAP applications such as SAP HANA. With this release, SAP customers and partners can automate
and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``transfer``: Adds a NONE encryption algorithm type to AS2 connectors, providing
support for skipping encryption of the AS2 message body when a HTTPS URL is also specified.
- from version 1.29.12
* api-change:``amplify``: Adds a new value (WEB_COMPUTE) to the Platform enum that allows customers
to create Amplify Apps with Server-Side Rendering support.
* api-change:``appflow``: AppFlow simplifies the preparation and cataloging of SaaS data into the
AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics and ML
services. AppFlow now also supports data field partitioning and file size optimization to improve
query performance and reduce cost.
* api-change:``appsync``: This release introduces the APPSYNC_JS runtime, and adds support for
JavaScript in AppSync functions and AppSync pipeline resolvers.
* api-change:``dms``: Adds support for Internet Protocol Version 6 (IPv6) on DMS Replication
Instances
* api-change:``ec2``: This release adds a new optional parameter "/privateIpAddress"/ for the
CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4 address
instead of having it be auto-assigned.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``emr-serverless``: Adds support for AWS Graviton2 based applications. You can now
select CPU architecture when creating new applications or updating existing ones.
* api-change:``ivschat``: Adds LoggingConfiguration APIs for IVS Chat - a feature that allows
customers to store and record sent messages in a chat room to S3 buckets, CloudWatch logs, or
Kinesis firehose.
* api-change:``lambda``: Add Node 18 (nodejs18.x) support to AWS Lambda.
* api-change:``personalize``: This release provides support for creation and use of metric
attributions in AWS Personalize
* api-change:``polly``: Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
* api-change:``rum``: CloudWatch RUM now supports custom events. To use custom events, create an
app monitor or update an app monitor with CustomEvent Status as ENABLED.
* api-change:``s3control``: Added 34 new S3 Storage Lens metrics to support additional customer use
cases.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager.
* api-change:``securityhub``: Added SourceLayerArn and SourceLayerHash field for security findings.
Updated AwsLambdaFunction Resource detail
* api-change:``servicecatalog-appregistry``: This release adds support for tagged resource
associations, which allows you to associate a group of resources with a defined resource tag key
and value to the application.
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``textract``: This release adds support for specifying and extracting information from
documents using the Signatures feature within Analyze Document API
* api-change:``workspaces``: The release introduces CreateStandbyWorkspaces, an API that allows you
to create standby WorkSpaces associated with a primary WorkSpace in another Region.
DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
CreateWorkspaceBundle now return more bundle details.
- from version 1.29.11
* api-change:``batch``: Documentation updates related to Batch on EKS
* api-change:``billingconductor``: This release adds a new feature BillingEntity pricing rule.
* api-change:``cloudformation``: Added UnsupportedTarget HandlerErrorCode for use with CFN Resource
Hooks
* api-change:``comprehendmedical``: This release supports new set of entities and traits. It also
adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
* api-change:``connect``: This release adds a new MonitorContact API for initiating monitoring of
ongoing Voice and Chat contacts.
* api-change:``eks``: Adds support for customer-provided placement groups for Kubernetes control
plane instances when creating local EKS clusters on Outposts
* api-change:``elasticache``: for Redis now supports AWS Identity and Access Management
authentication access to Redis clusters starting with redis-engine version 7.0
* api-change:``iottwinmaker``: This release adds the following: 1) ExecuteQuery API allows users to
query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to configure and
manage their pricing mode 3) Support for property groups and tabular property values in existing
AWS IoT TwinMaker APIs.
* api-change:``personalize-events``: This release provides support for creation and use of metric
attributions in AWS Personalize
* api-change:``proton``: Add support for sorting and filtering in ListServiceInstances
* api-change:``rds``: This release adds support for container databases (CDBs) to Amazon RDS Custom
for Oracle. A CDB contains one PDB at creation. You can add more PDBs using Oracle SQL. You can
also customize your database installation by setting the Oracle base, Oracle home, and the OS user
name and group.
* api-change:``ssm-incidents``: Add support for PagerDuty integrations on ResponsePlan,
IncidentRecord, and RelatedItem APIs
* api-change:``ssm``: This release adds support for cross account access in CreateOpsItem,
UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for SSM resources:
PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
* api-change:``transfer``: Allow additional operations to throw ThrottlingException
* api-change:``xray``: This release adds new APIs - PutResourcePolicy, DeleteResourcePolicy,
ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.29.10
* bugfix:s3: fixes missing x-amz-content-sha256 header for s3 on outpost
* enhancement:sso: Add support for loading sso-session profiles from the aws config
* api-change:``connect``: This release updates the APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
specified Amazon Connect instance.
* api-change:``greengrassv2``: Adds new parent target ARN paramater to CreateDeployment,
GetDeployment, and ListDeployments APIs for the new subdeployments feature.
* api-change:``route53``: Amazon Route 53 now supports the Europe (Spain) Region (eu-south-2) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
* api-change:``workspaces``: This release introduces ModifyCertificateBasedAuthProperties, a new
API that allows control of certificate-based auth properties associated with a WorkSpaces
directory. The DescribeWorkspaceDirectories API will now additionally return certificate-based auth
properties in its responses.
- from version 1.29.9
* api-change:``customer-profiles``: This release enhances the SearchProfiles API by providing
functionality to search for profiles using multiple keys and logical operators.
* api-change:``lakeformation``: This release adds a new parameter "/Parameters"/ in the
DataLakeSettings.
* api-change:``managedblockchain``: Updating the API docs data type: NetworkEthereumAttributes, and
the operations DeleteNode, and CreateNode to also include the supported Goerli network.
* api-change:``proton``: Add support for CodeBuild Provisioning
* api-change:``rds``: This release adds support for restoring an RDS Multi-AZ DB cluster snapshot
to a Single-AZ deployment or a Multi-AZ DB instance deployment.
* api-change:``workdocs``: Added 2 new document related operations, DeleteDocumentVersion and
RestoreDocumentVersions.
* api-change:``xray``: This release enhances GetServiceGraph API to support new type of edge to
represent links between SQS and Lambda in event-driven applications.
- Update to 1.29.8
* api-change:``glue``: Added links related to enabling job bookmarks.
* api-change:``iot``: This release add new api listRelatedResourcesForAuditFinding and new member
type IssuerCertificates for Iot device device defender Audit.
* api-change:``license-manager``: AWS License Manager now supports onboarded Management Accounts or
Delegated Admins to view granted licenses aggregated from all accounts in the organization.
* api-change:``marketplace-catalog``: Added three new APIs to support tagging and tag-based
authorization: TagResource, UntagResource, and ListTagsForResource. Added optional parameters to
the StartChangeSet API to support tagging a resource while making a request to create it.
* api-change:``rekognition``: Adding support for ImageProperties feature to detect dominant colors
and image brightness, sharpness, and contrast, inclusion and exclusion filters for labels and label
categories, new fields to the API response, "/aliases"/ and "/categories"/
* api-change:``securityhub``: Documentation updates for Security Hub
* api-change:``ssm-incidents``: RelatedItems now have an ID field which can be used for referencing
them else where. Introducing event references in TimelineEvent API and increasing maximum length of
"/eventData"/ to 12K characters.
- from version 1.29.7
* api-change:``autoscaling``: This release adds a new price capacity optimized allocation strategy
for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling,
EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability
and Spot Instance price.
* api-change:``ec2``: This release adds a new price capacity optimized allocation strategy for Spot
Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2
Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and
Spot Instance price.
* api-change:``ecs``: This release adds support for task scale-in protection with
updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
service managed task from being terminated by scale-in events and getTaskProtection API to get the
scale-in protection status of a task.
* api-change:``es``: Amazon OpenSearch Service now offers managed VPC endpoints to connect to your
Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature allows
you to privately access OpenSearch Service domain without using public IPs or requiring traffic to
traverse the Internet.
* api-change:``resource-explorer-2``: Text only updates to some Resource Explorer descriptions.
* api-change:``scheduler``: AWS introduces the new Amazon EventBridge Scheduler. EventBridge
Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one
central, managed service.
- from version 1.29.6
* api-change:``connect``: This release adds new fields SignInUrl, UserArn, and UserId to
GetFederationToken response payload.
* api-change:``connectcases``: This release adds the ability to disable templates through the
UpdateTemplate API. Disabling templates prevents customers from creating cases using the template.
For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are purpose built
for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge High Memory
instances are purpose-built to run large in-memory databases.
* api-change:``groundstation``: This release adds the preview of customer-provided ephemeris
support for AWS Ground Station, allowing space vehicle owners to provide their own position and
trajectory information for a satellite.
* api-change:``mediapackage-vod``: This release adds "/IncludeIframeOnlyStream"/ for Dash endpoints.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.5
* api-change:``acm``: Support added for requesting elliptic curve certificate key algorithm types
P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
* api-change:``billingconductor``: This release adds the Recurring Custom Line Item feature along
with a new API ListCustomLineItemVersions.
* api-change:``ec2``: This release enables sharing of EC2 Placement Groups across accounts and
within AWS Organizations using Resource Access Manager
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fms``: AWS Firewall Manager now supports importing existing AWS Network Firewall
firewalls into Firewall Manager policies.
* api-change:``lightsail``: This release adds support for Amazon Lightsail to automate the
delegation of domains registered through Amazon Route 53 to Lightsail DNS management and to
automate record creation for DNS validation of Lightsail SSL/TLS certificates.
* api-change:``opensearch``: Amazon OpenSearch Service now offers managed VPC endpoints to connect
to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature
allows you to privately access OpenSearch Service domain without using public IPs or requiring
traffic to traverse the Internet.
* api-change:``polly``: Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO), Laura (nl-NL) and
Suvi (fi-FI). They are available as neural voices only.
* api-change:``resource-explorer-2``: This is the initial SDK release for AWS Resource Explorer.
AWS Resource Explorer lets your users search for and discover your AWS resources across the AWS
Regions in your account.
* api-change:``route53``: Amazon Route 53 now supports the Europe (Zurich) Region (eu-central-2)
for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- from version 1.29.4
* api-change:``athena``: Adds support for using Query Result Reuse
* api-change:``autoscaling``: This release adds support for two new attributes for attribute-based
instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``cloudtrail``: This release includes support for configuring a delegated
administrator to manage an AWS Organizations organization CloudTrail trails and event data stores,
and AWS Key Management Service encryption of CloudTrail Lake event data stores.
* api-change:``ec2``: This release adds support for two new attributes for attribute-based instance
type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``elasticache``: Added support for IPv6 and dual stack for Memcached and Redis
clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual stack
networking support.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for setting the
SDR reference white point for HDR conversions and conversion of HDR10 to DolbyVision without
mastering metadata.
* api-change:``ssm``: This release includes support for applying a CloudWatch alarm to multi
account multi region Systems Manager Automation
* api-change:``wafv2``: The geo match statement now adds labels for country and region. You can
match requests at the region level by combining a geo match statement with label match statements.
* api-change:``wellarchitected``: This release adds support for integrations with AWS Trusted
Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up your
workload reviews.
* api-change:``workspaces``: This release adds protocols attribute to workspaces properties data
type. This enables customers to migrate workspaces from PC over IP (PCoIP) to WorkSpaces Streaming
Protocol (WSP) using create and modify workspaces public APIs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.3
* api-change:``ec2``: This release adds API support for the recipient of an AMI account share to
remove shared AMI launch permissions.
* api-change:``emr-containers``: Adding support for Job templates. Job templates allow you to
create and store templates to configure Spark applications parameters. This helps you ensure
consistent settings across applications by reusing and enforcing configuration overrides in data
pipelines.
* api-change:``logs``: Doc-only update for bug fixes and support of export to buckets encrypted
with SSE-KMS
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- Add psuffix on the name to have the multibuild flavor packages identify themselves by a different name
- Update to 1.29.2
* api-change:``memorydb``: Adding support for r6gd instances for MemoryDB Redis with data tiering.
In a cluster with data tiering enabled, when available memory capacity is exhausted, the least
recently used data is automatically tiered to solid state drives for cost-effective capacity
scaling with minimal performance impact.
* api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.trn1 instance
types.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.1
* api-change:``iotsitewise``: This release adds the ListAssetModelProperties and
ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
using these two new APIs.
* api-change:``s3control``: S3 on Outposts launches support for Lifecycle configuration for
Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they are stored cost
effectively. You can manage objects using size-based rules and specify how many noncurrent versions
bucket will retain.
* api-change:``sagemaker``: This release updates Framework model regex for ModelPackage to support
new Framework version xgboost, sklearn.
* api-change:``ssm-incidents``: Adds support for tagging replication-set on creation.
- from version 1.29.0
* feature:Endpoints: Migrate all services to use new AWS Endpoint Resolution framework
* Enhancement:Endpoints: Discontinued use of `sslCommonName` hosts as detailed in 1.27.0 (see
`#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
* api-change:``rds``: Relational Database Service - This release adds support for configuring
Storage Throughput on RDS database instances.
* api-change:``textract``: Add ocr results in AnalyzeIDResponse as blocks
- from version 1.28.5
* api-change:``apprunner``: This release adds support for private App Runner services. Services may
now be configured to be made private and only accessible from a VPC. The changes include a new
VpcIngressConnection resource and several new and modified APIs.
* api-change:``connect``: Amazon connect now support a new API DismissUserContact to dismiss or
remove terminated contacts in Agent CCP
* api-change:``ec2``: Elastic IP transfer is a new Amazon VPC feature that allows you to transfer
your Elastic IP addresses from one AWS Account to another.
* api-change:``iot``: This release adds the Amazon Location action to IoT Rules Engine.
* api-change:``logs``: SDK release to support tagging for destinations and log groups with
TagResource. Also supports tag on create with PutDestination.
* api-change:``sesv2``: This release includes support for interacting with the Virtual
Deliverability Manager, allowing you to opt in/out of the feature and to retrieve recommendations
and metric data.
* api-change:``textract``: This release introduces additional support for 30+ normalized fields
such as vendor address and currency. It also includes OCR output in the response and accuracy
improvements for the already supported fields in previous version
- from version 1.28.4
* api-change:``apprunner``: AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
* api-change:``appstream``: This release includes CertificateBasedAuthProperties in
CreateDirectoryConfig and UpdateDirectoryConfig.
* api-change:``cloud9``: Update to the documentation section of the Cloud9 API Reference guide.
* api-change:``cloudformation``: This release adds more fields to improves visibility of AWS
CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance,
ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
* api-change:``gamesparks``: Add LATEST as a possible GameSDK Version on snapshot
* api-change:``mediatailor``: This release introduces support for SCTE-35 segmentation descriptor
messages which can be sent within time signal messages.
- from version 1.28.3
* api-change:``ec2``: Feature supports the replacement of instance root volume using an updated AMI
without requiring customers to stop their instance.
* api-change:``fms``: Add support NetworkFirewall Managed Rule Group Override flag in
GetViolationDetails API
* api-change:``glue``: Added support for custom datatypes when using custom csv classifier.
* api-change:``redshift``: This release clarifies use for the ElasticIp parameter of the
CreateCluster and RestoreFromClusterSnapshot APIs.
* api-change:``sagemaker``: This change allows customers to provide a custom entrypoint script for
the docker container to be run while executing training jobs, and provide custom arguments to the
entrypoint script.
* api-change:``wafv2``: This release adds the following: Challenge rule action, to silently verify
client browsers; rule group rule action override to any valid rule action, not just Count; token
sharing between protected applications for challenge/CAPTCHA token; targeted rules option for Bot
Control managed rule group.
- from version 1.28.2
* api-change:``iam``: Doc only update that corrects instances of CLI not using an entity.
* api-change:``kafka``: This release adds support for Tiered Storage. UpdateStorage allows you to
control the Storage Mode for supported storage tiers.
* api-change:``neptune``: Added a new cluster-level attribute to set the capacity range for Neptune
Serverless instances.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying Grid
Search strategy for tuning jobs, which evaluates all hyperparameter combinations exhaustively based
on the categorical hyperparameters provided.
- from version 1.28.1
* api-change:``accessanalyzer``: This release adds support for six new resource types in IAM Access
Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated
service API, documentation, and paginators.
* api-change:``location``: Added new map styles with satellite imagery for map resources using HERE
as a data provider.
* api-change:``mediatailor``: This release is a documentation update
* api-change:``rds``: Relational Database Service - This release adds support for exporting DB
cluster data to Amazon S3.
* api-change:``workspaces``: This release adds new enums for supporting Workspaces Core features,
including creating Manual running mode workspaces, importing regular Workspaces Core images and
importing g4dn Workspaces Core images.
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 1.28.0
* feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and
settings for services
* api-change:``acm-pca``: AWS Private Certificate Authority (AWS Private CA) now offers usage modes
which are combination of features to address specific use cases.
* api-change:``batch``: This release adds support for AWS Batch on Amazon EKS.
* api-change:``datasync``: Added support for self-signed certificates when using object storage
locations; added BytesCompressed to the TaskExecution response.
* api-change:``sagemaker``: SageMaker Inference Recommender now supports a new API
ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
inference recommendation job.
- from version 1.27.96
* api-change:``cognito-idp``: This release adds a new "/DeletionProtection"/ field to the UserPool in
Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting
this field to ACTIVE will prevent a user pool from accidental deletion.
* api-change:``sagemaker``: CreateInferenceRecommenderjob API now supports passing endpoint details
directly, that will help customers to identify the max invocation and max latency they can achieve
for their model and the associated endpoint along with getting recommendations on other instances.
- from version 1.27.95
* api-change:``devops-guru``: This release adds information about the resources DevOps Guru is
analyzing.
* api-change:``globalaccelerator``: Global Accelerator now supports AddEndpoints and
RemoveEndpoints operations for standard endpoint groups.
* api-change:``resiliencehub``: In this release, we are introducing support for regional
optimization for AWS Resilience Hub applications. It also includes a few documentation updates to
improve clarity.
* api-change:``rum``: CloudWatch RUM now supports Extended CloudWatch Metrics with Additional
Dimensions
- from version 1.27.94
* api-change:``chime-sdk-messaging``: Documentation updates for Chime Messaging SDK
* api-change:``cloudtrail``: This release includes support for exporting CloudTrail Lake query
results to an Amazon S3 bucket.
* api-change:``config``: This release adds resourceType enums for AppConfig, AppSync, DataSync,
EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
* api-change:``connect``: This release adds API support for managing phone numbers that can be used
across multiple AWS regions through telephony traffic distribution.
* api-change:``events``: Update events client to latest version
* api-change:``managedblockchain``: Adding new Accessor APIs for Amazon Managed Blockchain
* api-change:``s3``: Updates internal logic for constructing API endpoints. We have added
rule-based endpoints and internal model parameters.
* api-change:``s3control``: Updates internal logic for constructing API endpoints. We have added
rule-based endpoints and internal model parameters.
* api-change:``support-app``: This release adds the RegisterSlackWorkspaceForOrganization API. You
can use the API to register a Slack workspace for an AWS account that is part of an organization.
* api-change:``workspaces-web``: WorkSpaces Web now supports user access logging for recording
session start, stop, and URL navigation.
- from version 1.27.93
* api-change:``frauddetector``: Documentation Updates for Amazon Fraud Detector
* api-change:``sagemaker``: This change allows customers to enable data capturing while running a
batch transform job, and configure monitoring schedule to monitoring the captured data.
* api-change:``servicediscovery``: Updated the ListNamespaces API to support the NAME and HTTP_NAME
filters, and the BEGINS_WITH filter condition.
* api-change:``sesv2``: This release allows subscribers to enable Dedicated IPs (managed) to send
email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in
the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the
response of ListImportJobs API.
- from version 1.27.92
* api-change:``greengrass``: This change allows customers to specify FunctionRuntimeOverride in
FunctionDefinitionVersion. This configuration can be used if the runtime on the device is different
from the AWS Lambda runtime specified for that function.
* api-change:``sagemaker``: This release adds support for C7g, C6g, C6gd, C6gn, M6g, M6gd, R6g, and
R6gn Graviton instance types in Amazon SageMaker Inference.
- Remove version constraint for python-pytest in BuildRequires
- Update to 1.27.91
* api-change:``mediaconvert``: MediaConvert now supports specifying the minimum percentage of the
HRD buffer available at the end of each encoded video segment.
- from version 1.27.90
* api-change:``amplifyuibuilder``: We are releasing the ability for fields to be configured as
arrays.
* api-change:``appflow``: With this update, you can choose which Salesforce API is used by Amazon
AppFlow to transfer data to or from your Salesforce account. You can choose the Salesforce REST API
or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API automatically.
* api-change:``connect``: This release adds support for a secondary email and a mobile number for
Amazon Connect instance users.
* api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
set up.
* api-change:``ecs``: Documentation update to address tickets.
* api-change:``guardduty``: Add UnprocessedDataSources to CreateDetectorResponse which specifies
the data sources that couldn't be enabled during the CreateDetector request. In addition, update
documentations.
* api-change:``iam``: Documentation updates for the AWS Identity and Access Management API
Reference.
* api-change:``iotfleetwise``: Documentation update for AWS IoT FleetWise
* api-change:``medialive``: AWS Elemental MediaLive now supports forwarding SCTE-35 messages
through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages from an
inactive source.
* api-change:``mediapackage-vod``: This release adds SPEKE v2 support for MediaPackage VOD. Speke
v2 is an upgrade to the existing SPEKE API to support multiple encryption keys, based on an
encryption contract selected by the customer.
* api-change:``panorama``: Pause and resume camera stream processing with
SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
application state information in DescribeApplicationInstance response.
* api-change:``rds-data``: Doc update to reflect no support for schema parameter on
BatchExecuteStatement API
* api-change:``ssm-incidents``: Update RelatedItem enum to support Tasks
* api-change:``ssm``: Support of AmazonLinux2022 by Patch Manager
* api-change:``transfer``: This release adds an option for customers to configure workflows that
are triggered when files are only partially received from a client due to premature session
disconnect.
* api-change:``translate``: This release enables customers to specify multiple target languages in
asynchronous batch translation requests.
* api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
list for classifying and grouping recommendations.
- from version 1.27.89
* api-change:``codeguru-reviewer``: Documentation update to replace broken link.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``greengrassv2``: This release adds error status details for deployments and
components that failed on a device and adds features to improve visibility into component
installation.
* api-change:``quicksight``: Amazon QuickSight now supports SecretsManager Secret ARN in place of
CredentialPair for DataSource creation and update. This release also has some minor documentation
updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.27.88
* api-change:``resiliencehub``: Documentation change for AWS Resilience Hub. Doc-only update to fix
Documentation layout
- from version 1.27.87
* api-change:``glue``: This SDK release adds support to sync glue jobs with source control
provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
* api-change:``network-firewall``: StreamExceptionPolicy configures how AWS Network Firewall
processes traffic when a network connection breaks midstream
* api-change:``outposts``: This release adds the Asset state information to the ListAssets
response. The ListAssets request supports filtering on Asset state.
- from version 1.27.86
* api-change:``connect``: Updated the CreateIntegrationAssociation API to support the CASES_DOMAIN
IntegrationType.
* api-change:``connectcases``: This release adds APIs for Amazon Connect Cases. Cases allows your
agents to quickly track and manage customer issues that require multiple interactions, follow-up
tasks, and teams in your contact center. For more information, see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute,
DescribeVpcAttribute APIs.
* api-change:``ecs``: Documentation updates to address various Amazon ECS tickets.
* api-change:``s3control``: S3 Object Lambda adds support to allow customers to intercept
HeadObject and ListObjects requests and introduce their own compute. These requests were previously
proxied to S3.
* api-change:``workmail``: This release adds support for impersonation roles in Amazon WorkMail.
- drop remove-six.patch, rejected by upstream and breaks
all dependent projects of botocore
- Add remove-six.patch, which eliminates need for the six dependency.
- Update to 1.27.85
* api-change:``accessanalyzer``: AWS IAM Access Analyzer policy validation introduces new checks
for role trust policies. As customers author a policy, IAM Access Analyzer policy validation
evaluates the policy for any issues to make it easier for customers to author secure policies.
* api-change:``ec2``: Adding an imdsSupport attribute to EC2 AMIs
* api-change:``snowball``: Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute
Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.27.84
* api-change:``codedeploy``: This release allows you to override the alarm configurations when
creating a deployment.
* api-change:``devops-guru``: This release adds filter feature on AddNotificationChannel API,
enable customer to configure the SNS notification messages by Severity or MessageTypes
* api-change:``dlm``: This release adds support for archival of single-volume snapshots created by
Amazon Data Lifecycle Manager policies
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: A new parameter called ExplainerConfig is added to CreateEndpointConfig
API to enable SageMaker Clarify online explainability feature.
* api-change:``sso-oidc``: Documentation updates for the IAM Identity Center OIDC CLI Reference.
- from version 1.27.83
* api-change:``acm``: This update returns additional certificate details such as certificate SANs
and allows sorting in the ListCertificates API.
* api-change:``ec2``: u-3tb1 instances are powered by Intel Xeon Platinum 8176M (Skylake)
processors and are purpose-built to run large in-memory databases.
* api-change:``emr-serverless``: This release adds API support to debug Amazon EMR Serverless jobs
in real-time with live application UIs
* api-change:``fsx``: This release adds support for Amazon File Cache.
* api-change:``migrationhuborchestrator``: Introducing AWS MigrationHubOrchestrator. This is the
first public release of AWS MigrationHubOrchestrator.
* api-change:``polly``: Added support for the new Cantonese voice - Hiujin. Hiujin is available as
a Neural voice only.
* api-change:``proton``: This release adds an option to delete pipeline provisioning repositories
using the UpdateAccountSettings API
* api-change:``sagemaker``: SageMaker Training Managed Warm Pools let you retain provisioned
infrastructure to reduce latency for repetitive training workloads.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``translate``: This release enables customers to access control rights on Translate
resources like Parallel Data and Custom Terminology using Tag Based Authorization.
* api-change:``workspaces``: This release includes diagnostic log uploading feature. If it is
enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces automatically
for troubleshooting. You can use modifyClientProperty api to enable/disable this feature.
- from version 1.27.82
* api-change:``ce``: This release is to support retroactive Cost Categories. The new field will
enable you to retroactively apply new and existing cost category rules to previous months.
* api-change:``kendra``: My AWS Service (placeholder) - Amazon Kendra now provides a data source
connector for DropBox. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
* api-change:``location``: This release adds place IDs, which are unique identifiers of places,
along with a new GetPlace operation, which can be used with place IDs to find a place again later.
UnitNumber and UnitType are also added as new properties of places.
- from version 1.27.81
* api-change:``cur``: This release adds two new support regions(me-central-1/eu-south-2) for OSG.
* api-change:``iotfleetwise``: General availability (GA) for AWS IoT Fleetwise. It adds AWS IoT
Fleetwise to AWS SDK. For more information, see
https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
* api-change:``ssm``: This release includes support for applying a CloudWatch alarm to Systems
Manager capabilities like Automation, Run Command, State Manager, and Maintenance Windows.
- from version 1.27.80
* api-change:``apprunner``: AWS App Runner adds a Node.js 16 runtime.
* api-change:``ec2``: Letting external AWS customers provide ImageId as a Launch Template override
in FleetLaunchTemplateOverridesRequest
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lightsail``: This release adds Instance Metadata Service (IMDS) support for
Lightsail instances.
* api-change:``nimble``: Amazon Nimble Studio adds support for on-demand Amazon Elastic Compute
Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU instance types for
their creative projects.
* api-change:``ssm``: This release adds new SSM document types ConformancePackTemplate and
CloudFormation
* api-change:``wafv2``: Add the default specification for ResourceType in ListResourcesForWebACL.
- from version 1.27.79
* api-change:``backup-gateway``: Changes include: new GetVirtualMachineApi to fetch a single user's
VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and improving
GetGatewayApi to now also return the gateway's MaintenanceStartTime.
* api-change:``devicefarm``: This release adds the support for VPC-ENI based connectivity for
private devices on AWS Device Farm.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``glue``: Added support for S3 Event Notifications for Catalog Target Crawlers.
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
- from version 1.27.78
* api-change:``comprehend``: Amazon Comprehend now supports synchronous mode for targeted sentiment
API operations.
* api-change:``s3control``: S3 on Outposts launches support for object versioning for Outposts
buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of every object
stored in your buckets. You can recover from both unintended user actions and application failures.
* api-change:``sagemaker``: SageMaker now allows customization on Canvas Application settings,
including enabling/disabling time-series forecasting and specifying an Amazon Forecast execution
role at both the Domain and UserProfile levels.
- from version 1.27.77
* api-change:``ec2``: This release adds support for blocked paths to Amazon VPC Reachability
Analyzer.
- Update to 1.27.76
* api-change:``cloudtrail``: This release includes support for importing existing trails into
CloudTrail Lake.
* api-change:``ec2``: This release adds CapacityAllocations field to DescribeCapacityReservations
* api-change:``mediaconnect``: This change allows the customer to use the SRT Caller protocol as
part of their flows
* api-change:``rds``: This release adds support for Amazon RDS Proxy with SQL Server compatibility.
- from version 1.27.75
* api-change:``codestar-notifications``: This release adds tag based access control for the
UntagResource API.
* api-change:``ecs``: This release supports new task definition sizes.
- from version 1.27.74
* api-change:``dynamodb``: Increased DynamoDB transaction limit from 25 to 100.
* api-change:``ec2``: This feature allows customers to create tags for vpc-endpoint-connections and
vpc-endpoint-service-permissions.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop
underperforming hyperparameter configurations early.
- from version 1.27.73
* api-change:``amplifyuibuilder``: Amplify Studio UIBuilder is introducing forms functionality.
Forms can be configured from Data Store models, JSON, or from scratch. These forms can then be
generated in your project and used like any other React components.
* api-change:``ec2``: This update introduces API operations to manage and create local gateway
route tables, CoIP pools, and VIF group associations.
- Update to 1.27.72
* api-change:``customer-profiles``: Added isUnstructured in response for Customer Profiles
Integration APIs
* api-change:``drs``: Fixed the data type of lagDuration that is returned in Describe Source Server
API
* api-change:``ec2``: Two new features for local gateway route tables: support for static routes
targeting Elastic Network Interfaces and direct VPC routing.
* api-change:``evidently``: This release adds support for the client-side evaluation - powered by
AWS AppConfig feature.
* api-change:``kendra``: This release enables our customer to choose the option of Sharepoint 2019
for the on-premise Sharepoint connector.
* api-change:``transfer``: This release introduces the ability to have multiple server host keys
for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.27.71
* api-change:``eks``: Adding support for local Amazon EKS clusters on Outposts
- from version 1.27.70
* api-change:``cloudtrail``: This release adds CloudTrail getChannel and listChannels APIs to allow
customer to view the ServiceLinkedChannel configurations.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``pi``: Increases the maximum values of two RDS Performance Insights APIs. The maximum
value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is now 25 for the
following APIs: DescribeDimensionKeys, GetResourceMetrics, ListAvailableResourceDimensions, and
ListAvailableResourceMetrics.
* api-change:``redshift``: This release updates documentation for AQUA features and other
description updates.
- from version 1.27.69
* api-change:``ec2``: This release adds support to send VPC Flow Logs to kinesis-data-firehose as
new destination type
* api-change:``emr-containers``: EMR on EKS now allows running Spark SQL using the newly introduced
Spark SQL Job Driver in the Start Job Run API
* api-change:``lookoutmetrics``: Release dimension value filtering feature to allow customers to
define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
* api-change:``medialive``: This change exposes API settings which allow Dolby Atmos and Dolby
Vision to be used when running a channel using Elemental Media Live
* api-change:``route53``: Amazon Route 53 now supports the Middle East (UAE) Region (me-central-1)
for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
* api-change:``sagemaker``: This release adds Mode to AutoMLJobConfig.
* api-change:``ssm``: This release adds support for Systems Manager State Manager Association
tagging.
- from version 1.27.68
* api-change:``dataexchange``: Documentation updates for AWS Data Exchange.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``eks``: Adds support for EKS Addons ResolveConflicts "/preserve"/ flag. Also adds new
update failed status for EKS Addons.
* api-change:``fsx``: Documentation update for Amazon FSx.
* api-change:``inspector2``: This release adds new fields like fixAvailable, fixedInVersion and
remediation to the finding model. The requirement to have vulnerablePackages in the finding model
has also been removed. The documentation has been updated to reflect these changes.
* api-change:``iotsitewise``: Allow specifying units in Asset Properties
* api-change:``sagemaker``: SageMaker Hosting now allows customization on ML instance storage
volume size, model data download timeout and inference container startup ping health check timeout
for each ProductionVariant in CreateEndpointConfig API.
* api-change:``sns``: Amazon SNS introduces the Data Protection Policy APIs, which enable customers
to attach a data protection policy to an SNS topic. This allows topic owners to enable the new
message data protection feature to audit and block sensitive data that is exchanged through their
topics.
- from version 1.27.67
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
* api-change:``sagemaker``: This release adds HyperParameterTuningJob type in Search API.
- from version 1.27.66
* api-change:``cognito-idp``: This release adds a new "/AuthSessionValidity"/ field to the
UserPoolClient in Cognito. Application admins can configure this value for their users'
authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
field will also apply to the SMS MFA authentication flow.
* api-change:``connect``: This release adds search APIs for Routing Profiles and Queues, which can
be used to search for those resources within a Connect Instance.
* api-change:``mediapackage``: Added support for AES_CTR encryption to CMAF origin endpoints
* api-change:``sagemaker``: This release enables administrators to attribute user activity and API
calls from Studio notebooks, Data Wrangler and Canvas to specific users even when users share the
same execution IAM role. ExecutionRoleIdentityConfig at Sagemaker domain level enables this
feature.
- from version 1.27.65
* api-change:``codeguru-reviewer``: Documentation updates to fix formatting issues in CLI and SDK
documentation.
* api-change:``controltower``: This release contains the first SDK for AWS Control Tower. It
introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
ListEnabledControls.
* api-change:``route53``: Documentation updates for Amazon Route 53.
- Update to 1.27.64
* api-change:``cloudfront``: Update API documentation for CloudFront origin access control (OAC)
* api-change:``identitystore``: Expand IdentityStore API to support Create, Read, Update, Delete
and Get operations for User, Group and GroupMembership resources.
* api-change:``iotthingsgraph``: This release deprecates all APIs of the ThingsGraph service
* api-change:``ivs``: IVS Merge Fragmented Streams. This release adds support for
recordingReconnectWindow field in IVS recordingConfigurations. For more information see
https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
* api-change:``rds-data``: Documentation updates for RDS Data API
* api-change:``sagemaker``: SageMaker Inference Recommender now accepts Inference Recommender
fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes, SupportedInstanceTypes,
directly in our CreateInferenceRecommendationsJob API through ContainerConfig
- from version 1.27.63
* enhancement:Endpoints: Deprecate SSL common name
* api-change:``greengrassv2``: Adds topologyFilter to ListInstalledComponentsRequest which allows
filtration of components by ROOT or ALL (including root and dependency components). Adds
lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a component
changed state on a device.
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
* api-change:``lookoutequipment``: This release adds new apis for providing labels.
* api-change:``macie2``: This release of the Amazon Macie API adds support for using allow lists to
define specific text and text patterns to ignore when inspecting data sources for sensitive data.
* api-change:``sso-admin``: Documentation updates for the AWS IAM Identity Center CLI Reference.
* api-change:``sso``: Documentation updates for the AWS IAM Identity Center Portal CLI Reference.
- from version 1.27.62
* api-change:``fsx``: Documentation updates for Amazon FSx for NetApp ONTAP.
* api-change:``voice-id``: Amazon Connect Voice ID now detects voice spoofing. When a prospective
fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID will
return a risk score and outcome to indicate the how likely it is that the voice is spoofed.
- from version 1.27.61
* api-change:``mediapackage``: This release adds Ads AdTriggers and AdsOnDeliveryRestrictions to
describe calls for CMAF endpoints on MediaPackage.
* api-change:``rds``: Removes support for RDS Custom from DBInstanceClass in ModifyDBInstance
- Update to 1.27.60
* enhancement:Identity: TokenProvider added for bearer auth support
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``gamelift``: This release adds support for eight EC2 local zones as fleet locations;
Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los Angeles, and
Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
* api-change:``iotwireless``: This release includes a new feature for the customers to enable the
LoRa gateways to send out beacons for Class B devices and an option to select one or more gateways
for Class C devices when sending the LoRaWAN downlink messages.
* api-change:``ivschat``: Documentation change for IVS Chat API Reference. Doc-only update to add a
paragraph on ARNs to the Welcome section.
* api-change:``panorama``: Support sorting and filtering in ListDevices API, and add more fields to
device listings and single device detail
* api-change:``sso-oidc``: Updated required request parameters on IAM Identity Center's OIDC
CreateToken action.
- from version 1.27.59
* api-change:``cloudfront``: Adds support for CloudFront origin access control (OAC), making it
possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and
more.
* api-change:``config``: AWS Config now supports ConformancePackTemplate documents in SSM Docs for
the deployment and update of conformance packs.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``ivs``: Documentation Change for IVS API Reference - Doc-only update to type field
description for CreateChannel and UpdateChannel actions and for Channel data type. Also added
Amazon Resource Names (ARNs) paragraph to Welcome section.
* api-change:``quicksight``: Added a new optional property DashboardVisual under
ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
QuickSight dashboards.
* api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.27.58
* api-change:``rds``: RDS for Oracle supports Oracle Data Guard switchover and read replica backups.
* api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
- from version 1.27.57
* api-change:``docdb``: Update document for volume clone
* api-change:``ec2``: R6a instances are powered by 3rd generation AMD EPYC (Milan) processors
delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are powered by 3rd
generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz.
* api-change:``forecast``: releasing What-If Analysis APIs and update ARN regex pattern to be more
strict in accordance with security recommendation
* api-change:``forecastquery``: releasing What-If Analysis APIs
* api-change:``iotsitewise``: Enable non-unique asset names under different hierarchies
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added FixAvailable,
FixedInVersion and Remediation to Vulnerability.
* api-change:``support-app``: This is the initial SDK release for the AWS Support App in Slack.
- from version 1.27.56
* api-change:``connect``: This release adds SearchSecurityProfiles API which can be used to search
for Security Profile resources within a Connect Instance.
* api-change:``ivschat``: Documentation Change for IVS Chat API Reference - Doc-only update to
change text/description for tags field.
* api-change:``kendra``: This release adds support for a new authentication type - Personal Access
Token (PAT) for confluence server.
* api-change:``lookoutmetrics``: This release is to make GetDataQualityMetrics API publicly
available.
- Update to 1.27.55
* api-change:``chime-sdk-media-pipelines``: The Amazon Chime SDK now supports live streaming of
real-time video from the Amazon Chime SDK sessions to streaming platforms such as Amazon IVS and
Amazon Elemental MediaLive. We have also added support for concatenation to create a single media
capture file.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``cognito-idp``: This change is being made simply to fix the public documentation
based on the models. We have included the PasswordChange and ResendCode events, along with the
Pass, Fail and InProgress status. We have removed the Success and Failure status which are never
returned by our APIs.
* api-change:``dynamodb``: This release adds support for importing data from S3 into a new DynamoDB
table
* api-change:``ec2``: This release adds support for VPN log options , a new feature allowing S2S
VPN connections to send IKE activity logs to CloudWatch Logs
* api-change:``networkmanager``: Add TransitGatewayPeeringAttachmentId property to
TransitGatewayPeering Model
- from version 1.27.54
* api-change:``appmesh``: AWS App Mesh release to support Multiple Listener and Access Log Format
feature
* api-change:``connectcampaigns``: Updated exceptions for Amazon Connect Outbound Campaign api's.
* api-change:``kendra``: This release adds Zendesk connector (which allows you to specify Zendesk
SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server (which allows you
to specify the proxy configuration if proxy is required to connect to your Sharepoint/Confluence
Server as data source).
* api-change:``lakeformation``: This release adds a new API support "/AssumeDecoratedRoleWithSAML"/
and also release updates the corresponding documentation.
* api-change:``lambda``: Added support for customization of Consumer Group ID for MSK and Kafka
Event Source Mappings.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``rds``: Adds support for Internet Protocol Version 6 (IPv6) for RDS Aurora database
clusters.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager.
- from version 1.27.53
* api-change:``rekognition``: This release adds APIs which support copying an Amazon Rekognition
Custom Labels model and managing project policies across AWS account.
* api-change:``servicecatalog``: Documentation updates for Service Catalog
- from version 1.27.52
* enhancement:AWSCRT: Upgrade awscrt version to 0.14.0
* api-change:``cloudfront``: Adds Http 3 support to distributions
* api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
(successor to AWS Single Sign-On)
* api-change:``wisdom``: This release introduces a new API PutFeedback that allows submitting
feedback to Wisdom on content relevance.
- from version 1.27.51
* api-change:``amp``: This release adds log APIs that allow customers to manage logging for their
Amazon Managed Service for Prometheus workspaces.
* api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports channels with up to one
million participants with elastic channels.
* api-change:``ivs``: Updates various list api MaxResults ranges
* api-change:``personalize-runtime``: This release provides support for promotions in AWS
Personalize runtime.
* api-change:``rds``: Adds support for RDS Custom to DBInstanceClass in ModifyDBInstance
- from version 1.27.50
* api-change:``backupstorage``: This is the first public release of AWS Backup Storage. We are
exposing some previously-internal APIs for use by external services. These APIs are not meant to be
used directly by customers.
* api-change:``glue``: Add support for Python 3.9 AWS Glue Python Shell jobs
* api-change:``privatenetworks``: This is the initial SDK release for AWS Private 5G. AWS Private
5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile
network at your on-premises location.
- from version 1.27.49
* api-change:``dlm``: This release adds support for excluding specific data (non-boot) volumes from
multi-volume snapshot sets created by snapshot lifecycle policies
* api-change:``ec2``: This release adds support for excluding specific data (non-root) volumes from
multi-volume snapshot sets created from instances.
- from version 1.27.48
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``location``: Amazon Location Service now allows circular geofences in
BatchPutGeofence, PutGeofence, and GetGeofence APIs.
* api-change:``sagemaker-a2i-runtime``: Fix bug with parsing ISO-8601 CreationTime in Java SDK in
DescribeHumanLoop
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
multiple alternate EC2 instance types to make tuning jobs more robust when the preferred instance
type is not available due to insufficient capacity.
- from version 1.27.47
* api-change:``glue``: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare
capacity
* api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``iotwireless``: AWS IoT Wireless release support for sidewalk data reliability.
* api-change:``pinpoint``: Adds support for Advance Quiet Time in Journeys. Adds
RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
* api-change:``quicksight``: A series of documentation updates to the QuickSight API reference.
* api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso-oidc``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
(successor to AWS Single Sign-On)
- from version 1.27.46
* enhancement:Lambda: Add support for Trace ID in Lambda environments
* api-change:``chime-sdk-meetings``: Adds support for Tags on Amazon Chime SDK WebRTC sessions
* api-change:``config``: Add resourceType enums for Athena, GlobalAccelerator, Detective and EC2
types
* api-change:``dms``: Documentation updates for Database Migration Service (DMS).
* api-change:``iot``: The release is to support attach a provisioning template to CACert for JITP
function, Customer now doesn't have to hardcode a roleArn and templateBody during register a
CACert to enable JITP.
- Update to 1.27.45
* api-change:``cognito-idp``: Add a new exception type, ForbiddenException, that is returned when
request is not allowed
* api-change:``wafv2``: You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.
- from version 1.27.44
* api-change:``license-manager-user-subscriptions``: This release supports user based subscription
for Microsoft Visual Studio Professional and Enterprise on EC2.
* api-change:``personalize``: This release adds support for incremental bulk ingestion for the
Personalize CreateDatasetImportJob API.
- from version 1.27.43
* api-change:``config``: Documentation update for PutConfigRule and PutOrganizationConfigRule
* api-change:``workspaces``: This release introduces ModifySamlProperties, a new API that allows
control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories
API will now additionally return SAML properties in its responses.
- from version 1.27.42
* bugfix:TraceId: Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.27.41
* bugfix:Config: Obey _X_AMZN_TRACE_ID environment variable instead of _X_AMZ_TRACE_ID
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``fsx``: Documentation updates for Amazon FSx
* api-change:``shield``: AWS Shield Advanced now supports filtering for ListProtections and
ListProtectionGroups.
- from version 1.27.40
* api-change:``ec2``: Documentation updates for VM Import/Export.
* api-change:``es``: This release adds support for gp3 EBS (Elastic Block Store) storage.
* api-change:``lookoutvision``: This release introduces support for image segmentation models and
updates CPU accelerator options for models hosted on edge devices.
* api-change:``opensearch``: This release adds support for gp3 EBS (Elastic Block Store) storage.
- from version 1.27.39
* api-change:``auditmanager``: This release adds an exceeded quota exception to several APIs. We
added a ServiceQuotaExceededException for the following operations: CreateAssessment,
CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
* api-change:``chime``: Chime VoiceConnector will now support ValidateE911Address which will allow
customers to prevalidate their addresses included in their SIP invites for emergency calling
* api-change:``config``: This release adds ListConformancePackComplianceScores API to support the
new compliance score feature, which provides a percentage of the number of compliant rule-resource
combinations in a conformance pack compared to the number of total possible rule-resource
combinations in the conformance pack.
* api-change:``globalaccelerator``: Global Accelerator now supports dual-stack accelerators,
enabling support for IPv4 and IPv6 traffic.
* api-change:``marketplace-catalog``: The SDK for the StartChangeSet API will now automatically set
and use an idempotency token in the ClientRequestToken request parameter if the customer does not
provide it.
* api-change:``polly``: Amazon Polly adds new English and Hindi voice - Kajal. Kajal is available
as Neural voice only.
* api-change:``ssm``: Adding doc updates for OpsCenter support in Service Setting actions.
* api-change:``workspaces``: Added CreateWorkspaceImage API to create a new WorkSpace image from an
existing WorkSpace.
- from version 1.27.38
* api-change:``appsync``: Adds support for a new API to evaluate mapping templates with mock data,
allowing you to remotely unit test your AppSync resolvers and functions.
* api-change:``detective``: Added the ability to get data source package information for the
behavior graph. Graph administrators can now start (or stop) optional datasources on the behavior
graph.
* api-change:``guardduty``: Amazon GuardDuty introduces a new Malware Protection feature that
triggers malware scan on selected EC2 instance resources, after the service detects a potentially
malicious activity.
* api-change:``lookoutvision``: This release introduces support for the automatic scaling of
inference units used by Amazon Lookout for Vision models.
* api-change:``macie2``: This release adds support for retrieving (revealing) sample occurrences of
sensitive data that Amazon Macie detects and reports in findings.
* api-change:``rds``: Adds support for using RDS Proxies with RDS for MariaDB databases.
* api-change:``rekognition``: This release introduces support for the automatic scaling of
inference units used by Amazon Rekognition Custom Labels models.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``transfer``: AWS Transfer Family now supports Applicability Statement 2 (AS2), a
network protocol used for the secure and reliable transfer of critical Business-to-Business (B2B)
data over the public internet using HTTP/HTTPS as the transport mechanism.
- Update to 1.27.37
* api-change:``autoscaling``: Documentation update for Amazon EC2 Auto Scaling.
- from version 1.27.36
* api-change:``account``: This release enables customers to manage the primary contact information
for their AWS accounts. For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
* api-change:``ec2``: Added support for EC2 M1 Mac instances. For more information, please visit
aws.amazon.com/mac.
* api-change:``iotdeviceadvisor``: Added new service feature (Early access only) - Long Duration
Test, where customers can test the IoT device to observe how it behaves when the device is in
operation for longer period.
* api-change:``medialive``: Link devices now support remote rebooting. Link devices now support
maintenance windows. Maintenance windows allow a Link device to install software updates without
stopping the MediaLive channel. The channel will experience a brief loss of input from the device
while updates are installed.
* api-change:``rds``: This release adds the "/ModifyActivityStream"/ API with support for audit
policy state locking and unlocking.
* api-change:``transcribe``: Remove unsupported language codes for StartTranscriptionJob and update
VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.27.35
* api-change:``athena``: This feature allows customers to retrieve runtime statistics for completed
queries
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``dms``: Documentation updates for Database Migration Service (DMS).
* api-change:``docdb``: Enable copy-on-write restore type
* api-change:``ec2-instance-connect``: This release includes a new exception type
"/EC2InstanceUnavailableException"/ for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
* api-change:``frauddetector``: The release introduces Account Takeover Insights (ATI) model. The
ATI model detects fraud relating to account takeover. This release also adds support for new
variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs.
* api-change:``iotsitewise``: Added asynchronous API to ingest bulk historical and current data
into IoT SiteWise.
* api-change:``kendra``: Amazon Kendra now provides Oauth2 support for SharePoint Online. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
* api-change:``network-firewall``: Network Firewall now supports referencing dynamic IP sets from
stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
* api-change:``rds``: Adds support for creating an RDS Proxy for an RDS for MariaDB database.
- from version 1.27.34
* api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (PCA)
documentation updates
* api-change:``iot``: GA release the ability to enable/disable IoT Fleet Indexing for Device
Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs. This
includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.27.33
* api-change:``devops-guru``: Added new APIs for log anomaly detection feature.
* api-change:``glue``: Documentation updates for AWS Glue Job Timeout and Autoscaling
* api-change:``sagemaker-edge``: Amazon SageMaker Edge Manager provides lightweight model
deployment feature to deploy machine learning models on requested devices.
* api-change:``sagemaker``: Fixed an issue with cross account QueryLineage
* api-change:``workspaces``: Increased the character limit of the login message from 850 to 2000
characters.
- from version 1.27.32
* api-change:``discovery``: Add AWS Agentless Collector details to the GetDiscoverySummary API
response
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``elasticache``: Adding AutoMinorVersionUpgrade in the DescribeReplicationGroups API
* api-change:``kms``: Added support for the SM2 KeySpec in China Partition Regions
* api-change:``mediapackage``: This release adds "/IncludeIframeOnlyStream"/ for Dash endpoints and
increases the number of supported video and audio encryption presets for Speke v2
* api-change:``sagemaker``: Amazon SageMaker Edge Manager provides lightweight model deployment
feature to deploy machine learning models on requested devices.
* api-change:``sso-admin``: AWS SSO now supports attaching customer managed policies and a
permissions boundary to your permission sets. This release adds new API operations to manage and
view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.27.31
* api-change:``datasync``: Documentation updates for AWS DataSync regarding configuring Amazon FSx
for ONTAP location security groups and SMB user permissions.
* api-change:``drs``: Changed existing APIs to allow choosing a dynamic volume type for replicating
volumes, to reduce costs for customers.
* api-change:``evidently``: This release adds support for the new segmentation feature.
* api-change:``wafv2``: This SDK release provide customers ability to add sensitivity level for WAF
SQLI Match Statements.
- Update to 1.27.30
* api-change:``athena``: This release updates data types that contain either QueryExecutionId,
NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and contain only
non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
* api-change:``codeartifact``: This release introduces Package Origin Controls, a mechanism used to
counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and
DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in
support of the feature.
* api-change:``config``: Update ResourceType enum with values for Route53Resolver, Batch, DMS,
Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
* api-change:``ec2``: This release adds flow logs for Transit Gateway to allow customers to gain
deeper visibility and insights into network traffic through their Transit Gateways.
* api-change:``fms``: Adds support for strict ordering in stateful rule groups in Network Firewall
policies.
* api-change:``glue``: This release adds an additional worker type for Glue Streaming jobs.
* api-change:``inspector2``: This release adds support for Inspector V2 scan configurations through
the get and update configuration APIs. Currently this allows configuring ECR automated re-scan
duration to lifetime or 180 days or 30 days.
* api-change:``kendra``: This release adds AccessControlConfigurations which allow you to redefine
your document level access control without the need for content re-indexing.
* api-change:``nimble``: Amazon Nimble Studio adds support for IAM-based access to AWS resources
for Nimble Studio components and custom studio components. Studio Component scripts use these roles
on Nimble Studio workstation to mount filesystems, access S3 buckets, or other configured resources
in the Studio's AWS account
* api-change:``outposts``: This release adds the ShipmentInformation and AssetInformationList
fields to the GetOrder API response.
* api-change:``sagemaker``: This release adds support for G5, P4d, and C6i instance types in Amazon
SageMaker Inference and increases the number of hyperparameters that can be searched from 20 to 30
in Amazon SageMaker Automatic Model Tuning
- from version 1.27.29
* api-change:``appconfig``: Adding Create, Get, Update, Delete, and List APIs for new two new
resources: Extensions and ExtensionAssociations.
- from version 1.27.28
* api-change:``networkmanager``: This release adds general availability API support for AWS Cloud
WAN.
- from version 1.27.27
* api-change:``ec2``: Build, manage, and monitor a unified global network that connects resources
running across your cloud and on-premises environments using the AWS Cloud WAN APIs.
* api-change:``redshift-serverless``: Removed prerelease language for GA launch.
* api-change:``redshift``: This release adds a new --snapshot-arn field for
describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.27.26
* api-change:``backup``: This release adds support for authentication using IAM user identity
instead of passed IAM role, identified by excluding the IamRoleArn field in the StartRestoreJob
API. This feature applies to only resource clients with a destructive restore nature (e.g. SAP
HANA).
- from version 1.27.25
* api-change:``chime-sdk-meetings``: Adds support for AppKeys and TenantIds in Amazon Chime SDK
WebRTC sessions
* api-change:``dms``: New api to migrate event subscriptions to event bridge rules
* api-change:``iot``: This release adds support to register a CA certificate without having to
provide a verification certificate. This also allows multiple AWS accounts to register the same CA
in the same region.
* api-change:``iotwireless``: Adds 5 APIs: PutPositionConfiguration, GetPositionConfiguration,
ListPositionConfigurations, UpdatePosition, GetPosition for the new Positioning Service feature
which enables customers to configure solvers to calculate position of LoRaWAN devices, or specify
position of LoRaWAN devices & gateways.
* api-change:``sagemaker``: Heterogeneous clusters: the ability to launch training jobs with
multiple instance types. This enables running component of the training job on the instance type
that is most suitable for it. e.g. doing data processing and augmentation on CPU instances and
neural network training on GPU instances
- from version 1.27.24
* api-change:``cloudformation``: My AWS Service (placeholder) - Add a new feature Account-level
Targeting for StackSet operation
* api-change:``synthetics``: This release introduces Group feature, which enables users to group
cross-region canaries.
- from version 1.27.23
* api-change:``config``: Updating documentation service limits
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``quicksight``: This release allows customers to programmatically create QuickSight
accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for
embedding QuickSight dashboards at runtime through the embedding APIs.
* api-change:``rds``: Adds waiters support for DBCluster.
* api-change:``rolesanywhere``: IAM Roles Anywhere allows your workloads such as servers,
containers, and applications to obtain temporary AWS credentials and use the same IAM roles and
policies that you have configured for your AWS workloads to access AWS resources.
* api-change:``ssm-incidents``: Adds support for tagging incident-record on creation by providing
incident tags in the template within a response-plan.
- from version 1.27.22
* api-change:``dms``: Added new features for AWS DMS version 3.4.7 that includes new endpoint
settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
* api-change:``rds``: Adds support for additional retention periods to Performance Insights.
- from version 1.27.21
* api-change:``athena``: This feature introduces the API support for Athena's parameterized query
and BatchGetPreparedStatement API.
* api-change:``customer-profiles``: This release adds the optional
MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
the profile auto-merging step of the Identity Resolution process.
* api-change:``emr``: Update emr client to latest version
* api-change:``glue``: This release adds tag as an input of CreateDatabase
* api-change:``kendra``: Amazon Kendra now provides a data source connector for alfresco
* api-change:``mwaa``: Documentation updates for Amazon Managed Workflows for Apache Airflow.
* api-change:``pricing``: Documentation update for GetProducts Response.
* api-change:``wellarchitected``: Added support for UpdateGlobalSettings API. Added status filter
to ListWorkloadShares and ListLensShares.
* api-change:``workmail``: This release adds support for managing user availability configurations
in Amazon WorkMail.
- Update to 1.27.20
* api-change:``appstream``: Includes support for StreamingExperienceSettings in CreateStack and
UpdateStack APIs
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``medialive``: This release adds support for automatic renewal of MediaLive
reservations at the end of each reservation term. Automatic renewal is optional. This release also
adds support for labelling accessibility-focused audio and caption tracks in HLS outputs.
* api-change:``redshift-serverless``: Add new API operations for Amazon Redshift Serverless, a new
way of using Amazon Redshift without needing to manually manage provisioned clusters. The new
operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC
endpoints, delete resource policies, and more.
* api-change:``sagemaker``: This release adds: UpdateFeatureGroup, UpdateFeatureMetadata,
DescribeFeatureMetadata APIs; FeatureMetadata type in Search API; LastModifiedTime,
LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
* api-change:``translate``: Added ListLanguages API which can be used to list the languages
supported by Translate.
- from version 1.27.19
* api-change:``datasync``: AWS DataSync now supports Amazon FSx for NetApp ONTAP locations.
* api-change:``ec2``: This release adds a new spread placement group to EC2 Placement Groups: host
level spread, which spread instances between physical hosts, available to Outpost customers only.
CreatePlacementGroup and DescribePlacementGroups APIs were updated with a new parameter:
SpreadLevel to support this feature.
* api-change:``finspace-data``: Release new API GetExternalDataViewAccessDetails
* api-change:``polly``: Add 4 new neural voices - Pedro (es-US), Liam (fr-CA), Daniel (de-DE) and
Arthur (en-GB).
- from version 1.27.18
* api-change:``iot``: This release ease the restriction for the input of tag value to align with
AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.27.17
* api-change:``glue``: This release enables the new ListCrawls API for viewing the AWS Glue Crawler
run history.
* api-change:``rds-data``: Documentation updates for RDS Data API
- from version 1.27.16
* api-change:``lookoutequipment``: This release adds visualizations to the scheduled inference
results. Users will be able to see interference results, including diagnostic results from their
running inference schedulers.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has released support for automatic
DolbyVision metadata generation when converting HDR10 to DolbyVision.
* api-change:``mgn``: New and modified APIs for the Post-Migration Framework
* api-change:``migration-hub-refactor-spaces``: This release adds the new API UpdateRoute that
allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow
users to create route in ACTIVE/INACTIVE state.
* api-change:``sagemaker``: SageMaker Ground Truth now supports Virtual Private Cloud. Customers
can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.27.15
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``pricing``: This release introduces 1 update to the GetProducts API. The serviceCode
attribute is now required when you use the GetProductsRequest.
* api-change:``transfer``: Until today, the service supported only RSA host keys and user keys. Now
with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user
keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519
host and user keys.
- from version 1.27.14
* api-change:``ec2``: This release adds support for Private IP VPNs, a new feature allowing S2S VPN
connections to use private ip addresses as the tunnel outside ip address over Direct Connect as
transport.
* api-change:``ecs``: Amazon ECS UpdateService now supports the following parameters:
PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
* api-change:``wellarchitected``: Adds support for lens tagging, Adds support for multiple
helpful-resource urls and multiple improvement-plan urls.
- from version 1.27.13
* api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
settings
* api-change:``kafka``: Documentation updates to use Az Id during cluster creation.
* api-change:``outposts``: This release adds the AssetLocation structure to the ListAssets
response. AssetLocation includes the RackElevation for an Asset.
- from version 1.27.12
* api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
specified Amazon Connect instance.
* api-change:``connectcampaigns``: Added Amazon Connect high volume outbound communications SDK.
* api-change:``dynamodb``: Doc only update for DynamoDB service
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
- from version 1.27.11
* api-change:``redshift-data``: This release adds a new --workgroup-name field to operations that
connect to an endpoint. Customers can now execute queries against their serverless workgroups.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``securityhub``: Added Threats field for security findings. Added new resource details
for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS
AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules
- from version 1.27.10
* api-change:``finspace-data``: This release adds a new set of APIs, GetPermissionGroup,
DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser,
ListUsersByPermissionGroup.
* api-change:``guardduty``: Adds finding fields available from GuardDuty Console. Adds FreeTrial
related operations. Deprecates the use of various APIs related to Master Accounts and Replace them
with Administrator Accounts.
* api-change:``servicecatalog-appregistry``: This release adds a new API
ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
'Name' attribute.
* api-change:``workspaces``: Added new field "/reason"/ to OperationNotSupportedException. Receiving
this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context
on the failure.
- from version 1.27.9
* api-change:``budgets``: Add a budgets ThrottlingException. Update the CostFilters value pattern.
* api-change:``lookoutmetrics``: Adding filters to Alert and adding new UpdateAlert API.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.27.8
* api-change:``outposts``: This release adds API operations AWS uses to install Outpost servers.
- from version 1.27.7
* api-change:``frauddetector``: Documentation updates for Amazon Fraud Detector (AWSHawksNest)
- from version 1.27.6
* api-change:``chime-sdk-meetings``: Adds support for live transcription in AWS GovCloud (US)
Regions.
- from version 1.27.5
* api-change:``dms``: This release adds DMS Fleet Advisor APIs and exposes functionality for DMS
Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect
and analyze information about the local data infrastructure.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``m2``: AWS Mainframe Modernization service is a managed mainframe service and set of
tools for planning, migrating, modernizing, and running mainframe workloads on AWS
* api-change:``neptune``: This release adds support for Neptune to be configured as a global
database, with a primary DB cluster in one region, and up to five secondary DB clusters in other
regions.
* api-change:``redshift``: Adds new API GetClusterCredentialsWithIAM to return temporary
credentials.
- from version 1.27.4
* api-change:``auditmanager``: This release introduces 2 updates to the Audit Manager API. The
roleType and roleArn attributes are now required when you use the CreateAssessment or
UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
operation.
* api-change:``ce``: Added two new APIs to support cost allocation tags operations:
ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.27.3
* api-change:``chime-sdk-messaging``: This release adds support for searching channels by members
via the SearchChannels API, removes required restrictions for Name and Mode in UpdateChannel API
and enhances CreateChannel API by exposing member and moderator list as well as channel id as
optional parameters.
* api-change:``connect``: This release adds a new API, GetCurrentUserData, which returns real-time
details about users' current activity.
- Update to 1.27.2
* api-change:``codeartifact``: Documentation updates for CodeArtifact
* api-change:``voice-id``: Added a new attribute ServerSideEncryptionUpdateDetails to Domain and
DomainSummary.
* api-change:``proton``: Add new "/Components"/ API to enable users to Create, Delete and Update AWS
Proton components.
* api-change:``connect``: This release adds the following features: 1) New APIs to manage (create,
list, update) task template resources, 2) Updates to startTaskContact API to support task
templates, and 3) new TransferContact API to programmatically transfer in-progress tasks via a
contact flow.
* api-change:``application-insights``: Provide Account Level onboarding support through CFN/CLI
* api-change:``kendra``: Amazon Kendra now provides a data source connector for GitHub. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.27.1
* api-change:``backup-gateway``: Adds GetGateway and UpdateGatewaySoftwareNow API and adds
hypervisor name to UpdateHypervisor API
* api-change:``forecast``: Added Format field to Import and Export APIs in Amazon Forecast. Added
TimeSeriesSelector to Create Forecast API.
* api-change:``chime-sdk-meetings``: Adds support for centrally controlling each participant's
ability to send and receive audio, video and screen share within a WebRTC session. Attendee
capabilities can be specified when the attendee is created and updated during the session with the
new BatchUpdateAttendeeCapabilitiesExcept API.
* api-change:``route53``: Add new APIs to support Route 53 IP Based Routing
- from version 1.27.0
* api-change:``iotsitewise``: This release adds the following new optional field to the IoT
SiteWise asset resource: assetDescription.
* api-change:``lookoutmetrics``: Adding backtest mode to detectors using the Cloudwatch data source.
* api-change:``transcribe``: Amazon Transcribe now supports automatic language identification for
multi-lingual audio in batch mode.
* feature:Python: Dropped support for Python 3.6
* api-change:``cognito-idp``: Amazon Cognito now supports IP Address propagation for all
unauthenticated APIs (e.g. SignUp, ForgotPassword).
* api-change:``drs``: Changed existing APIs and added new APIs to accommodate using multiple AWS
accounts with AWS Elastic Disaster Recovery.
* api-change:``sagemaker``: Amazon SageMaker Notebook Instances now support Jupyter Lab 3.
- from version 1.26.10
* api-change:``sagemaker``: Amazon SageMaker Notebook Instances now allows configuration of
Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.
* api-change:``appflow``: Adding the following features/changes: Parquet output that preserves
typing from the source connector, Failed executions threshold before deactivation for scheduled
flows, increasing max size of access and refresh token from 2048 to 4096
* api-change:``datasync``: AWS DataSync now supports TLS encryption in transit, file system
policies and access points for EFS locations.
* api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
runtime environment that simplifies running analytics applications using the latest open source
frameworks such as Apache Spark and Apache Hive.
- from version 1.26.9
* api-change:``lightsail``: Amazon Lightsail now supports the ability to configure a Lightsail
Container Service to pull images from Amazon ECR private repositories in your account.
* api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
runtime environment that simplifies running analytics applications using the latest open source
frameworks such as Apache Spark and Apache Hive.
* api-change:``ec2``: C7g instances, powered by the latest generation AWS Graviton3 processors,
provide the best price performance in Amazon EC2 for compute-intensive workloads.
* api-change:``forecast``: Introduced a new field in Auto Predictor as Time Alignment Boundary. It
helps in aligning the timestamps generated during Forecast exports
- from version 1.26.8
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``fsx``: This release adds root squash support to FSx for Lustre to restrict root
level access from clients by mapping root users to a less-privileged user/group with limited
permissions.
* api-change:``lookoutmetrics``: Adding AthenaSourceConfig for MetricSet APIs to support Athena as
a data source.
* api-change:``voice-id``: VoiceID will now automatically expire Speakers if they haven't been
accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker APIs now
return a "/LastAccessedAt"/ time for Speakers, and the EvaluateSession API returns "/SPEAKER_EXPIRED"/
Auth Decision for EXPIRED Speakers.
* api-change:``cloudformation``: Add a new parameter statusReason to DescribeStackSetOperation
output for additional details
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``apprunner``: Documentation-only update added for CodeConfiguration.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for manually selecting features
from the input dataset using the CreateAutoMLJob API.
- from version 1.26.7
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
constrain Automatic-ABR rendition selection when generating ABR package ladders.
* api-change:``cognito-idp``: Amazon Cognito now supports requiring attribute verification (ex.
email and phone number) before update.
* api-change:``networkmanager``: This release adds Multi Account API support for a TGW Global
Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network Manager service
and dependency CloudFormation StackSets service.
* api-change:``ivschat``: Doc-only update. For MessageReviewHandler structure, added timeout period
in the description of the fallbackResult field
* api-change:``ec2``: Stop Protection feature enables customers to protect their instances from
accidental stop actions.
- from version 1.26.6
* api-change:``elasticache``: Added support for encryption in transit for Memcached clusters.
Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached
version 1.6.12 or later.
* api-change:``forecast``: New APIs for Monitor that help you understand how your predictors
perform over time.
* api-change:``personalize``: Adding modelMetrics as part of DescribeRecommender API response for
Personalize.
- from version 1.26.5
* api-change:``comprehend``: Comprehend releases 14 new entity types for DetectPiiEntities and
ContainsPiiEntities APIs.
* api-change:``logs``: Doc-only update to publish the new valid values for log retention
- python-certifi
-
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
- python-cryptography
-
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
* Don't allow update_into to mutate immutable objects
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
+ 5507-mitigate-Bleichenbacher-attacks.patch
- update to 3.3.2 (bsc#1182066, CVE-2020-36242, bsc#1198331):
* SECURITY ISSUE: Fixed a bug where certain sequences of update()
calls when symmetrically encrypting very large payloads (>2GB) could
result in an integer overflow, leading to buffer overflows.
CVE-2020-36242
- drops CVE-2020-36242-buffer-overflow.patch on older dists
- update to 3.3.1:
* Re-added a legacy symbol causing problems for older ``pyOpenSSL`` use
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 3.3.0
- BACKWARDS INCOMPATIBLE: Support for Python 3.5 has been removed
due to low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
- BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
- BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
- Updated Windows, macOS, and manylinux wheels to be compiled
with OpenSSL 1.1.1i.
- Python 2 support is deprecated in cryptography. This is the
last release that will support Python 2.
- Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
- Remove unnecessary dependency virtualenv.
- update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
- update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Support for OpenSSL 1.0.2 has been removed.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
- drops 5507-mitigate-Bleichenbacher-attacks.patch on older dists
- update to 3.1.1:
* wheels compiled with OpenSSL 1.1.1h.
- update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
the OpenSSL project. The next version of ``cryptography`` will drop support
for it.
* Deprecated support for Python 3.5. This version sees very little use and will
be removed in the next release.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2 :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
- update to 3.0
- refreshed disable-uneven-sizes-tests.patch and skip_openssl_memleak_test.patch
* Removed support for passing an Extension instance
to from_issuer_subject_key_identifier(), as per our deprecation policy.
* Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
* Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
* add disallow_implicit_tag_truncation.patch from
https://github.com/pyca/cryptography/commit/688e0f673bfb.patch
- python-libxml2-python
-
- Security update:
* [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
isn't deterministic
- Added patch libxml2-CVE-2023-29469.patch
* [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
xmlSchemaFixupComplexType
- Added patch libxml2-CVE-2023-28484-1.patch
- Added patch libxml2-CVE-2023-28484-2.patch
- Fix changelog entries in both .changes files.
- Apply al patches correctly for libxml2 and python-libxml2.
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
- Security fix: [bsc#1199132, CVE-2022-29824]
* Integer overflow leading to out-of-bounds write in buf.c
(xmlBuf*) and tree.c (xmlBuffer*)
* Add libxml2-CVE-2022-29824.patch
* Add libxml2-CVE-2022-23308.patch
* Add libxml2-CVE-2021-3541.patch
- python-msgpack
-
- Loose the filelist for the package info to avoid FTBFS on
SLE-15-SP5 (bsc#1203743).
- python-packaging
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
+ fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
* Add a pp3-none-any tag (gh#pypa/packaging#311)
* Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
(gh#pypa/packaging#481), (gh#pypa/packaging#486)
* Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
* Update documentation entry for 21.1.
* Update pin to pyparsing to exclude 3.0.0.
* PEP 656: musllinux support
* Drop support for Python 2.7, Python 3.4 and Python 3.5.
* Replace distutils usage with sysconfig
* Add support for zip files in ``parse_sdist_filename``
* Use cached ``_hash`` attribute to short-circuit tag equality comparisons
* Specify the default value for the ``specifier`` argument to ``SpecifierSet``
* Proper keyword-only "/warn"/ argument in packaging.tags
* Correctly remove prerelease suffixes from ~= check
* Fix type hints for ``Version.post`` and ``Version.dev``
* Use typing alias ``UnparsedVersion``
* Improve type inference for ``packaging.specifiers.filter()``
* Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
* Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
* Do not insert an underscore in wheel tags when the interpreter version number
is more than 2 digits (:issue:`372`)
* Fix flit configuration, to include LICENSE files (:issue:`357`)
* Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
* Add some missing type hints to `packaging.requirements` (issue:`350`)
* Officially support Python 3.9 (:issue:`343`)
* Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
* Handle ``OSError`` on non-dynamic executables when attempting to resolve
the glibc version string.
- update to 20.4:
* Canonicalize version before comparing specifiers. (:issue:`282`)
* Change type hint for ``canonicalize_name`` to return
``packaging.utils.NormalizedName``.
This enables the use of static typing tools (like mypy) to detect mixing of
normalized and un-normalized names.
- python-paramiko
-
- Add rsa-key-loading-fix.patch (bsc#1205132) fixing loading RSA
key.
- python-py
-
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
- python-rsa
-
- Add cve_2020-25658.patch (CVE-2020-25658 bsc#1178676)
+ Reduce timing sensitivity on devryption for false ciphers
- python-s3transfer
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 0.6.0
* feature:Python: Dropped support for Python 3.6
- from version 0.5.2
* enhancement:``s3``: Added support for flexible checksums
when uploading or downloading objects.
- from version 0.5.1
* enhancement:Python: Officially add Python 3.10 support
- Drop unused python-mock dependency from BuildRequires
- Refresh patches for new version
+ no-bundled-packages.patch
- python-setuptools
-
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
(ReDoS) in package_index.py.
bsc#1206667
- python3
-
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
which eliminates unnecessary and dangerous calls to
PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
bsc#1208471) blocklists bypass via the urllib.parse component
when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
email.generator.py from replacing a non-existent header
(bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
extremely long domain names.
- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
overflow in hashlib.sha3_* implementations (originally from the
XKCP library).
- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
CVE-2020-10735 (bsc#1203125) to limit amount of digits
converting text to int and vice vera (potential for DoS).
Originally by Victor Stinner of Red Hat.
- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
CRLF_injection_via_host_part.patch, and
CVE-2019-18348-CRLF_injection_via_host_part.patch.
- python3-ec2imgutils
-
- Update to version 10.0.1
+ Follow up fix to (bsc#1199722) allow the user a choice of 2.0 and v2.0 as
tpm versions on the command line
- Update to version 10.0.0 (bsc#1199722)
+ Add --tpm-support as command line option and tpm_support to the API
to register images that support NitroTPM
+ API change for ec2deprecateimg. It is now possible to deprecate
an image without providing a successor image.
- Add rpm-macros to build requirements in spec.
- python3-ec2metadata
-
- Update to version 4.0.0 (bsc#1204066)
+ Disambiguate cli options for duplicate endpoints. This is an
incompatible change for some API versions of IMDS. When a duplicate
endpoint is detected the cli option for both endpoints is expanded to a
unique name.
- release-notes-sles
-
- 15.3.20230301 (tracked in bsc#933411)
- Added note about silencing killmode=none (jsc#PED-407)
- Added note about by-id/wwn- change (bsc#1188762)
- Added note about frr (jsc#SLE-13591)
- Added note about ssh-import-id GitHub support (jsc#SLE-20079)
- Added note about adcli --dont-expire-password (jsc#SLE-21224)
- Added note about NVMe-oF in dracut (jsc#SLE-17091)
- Added note about vPMU optimization (jsc#SLE-12687)
- Added note about snapper btrfs snapshot cleanup (jsc#SLE-16031)
- Added note about redis and bindings (jsc#SLE-11036)
- Added note about zram on low-mem devices (jsc#SLE-17630)
- Added note about wsmancli moving to basesystem (jsc#SLE-22844)
- Added note about scap-security-guide (jsc#SLE-20292)
- Added note about libreiserfs removal (jsc#SLE-17723)
- Added note about icu 69.1 (jsc#SLE-17893)
- Added note about blog 2.26 (jsc#SLE-23233)
- Added note about libpwquality-tools (jsc#SLE-23623)
- Added note about DFS share failover (jsc#SLE-20042)
- Added note about git 2.35.3 (jsc#SLE-23332)
- Added note about tcl 8.6.12 (jsc#SLE-21016)
- Added note about Rust developer tools (jsc#SLE-23381)
- Added note about PostgreSQL 14 (jsc#SLE-20675)
- Added note about NodeJS 16 (jsc#SLE-21235)
- Added note about strongSwan namespace support (jsc#SLE-17756)
- Added note about mariadb-galera (jsc#SLE-22242)
- 15.3.20220930 (tracked in bsc#933411)
- Added note about SUSEConnect tracking (jsc#SLE-23312)
- Added note about BCI minimal container (jsc#SLE-22133)
- Added note about BCI containers (jsc#SLE-22144)
- Added note about XFS V4 filesystem (bsc#1200646)
- 15.3.20220906 (tracked in bsc#933411)
- Updated Java lifecycle (jsc#PED-1590)
- 15.3.20220831 (tracked in bsc#933411)
- Added note about schedutil (bsc#1176440)
- Added note about insserv-compat migration failure (bsc#1194837)
- Added note about Samba 4.15 (jsc#SLE-23330)
- rhnlib
-
- version 4.2.7-1
* Don't get stuck at the end of SSL transfers (bsc#1204032)
- rpm
-
- update pythondeps-python310.diff: replace with minimal fix to
support python 3.xx (bsc#1207294)
- add pythondeps-python310.diff
and add match-python-version-if-minor.diff:
* fix missing python(abi) for 3.XX versions (bsc#1207294)
- Strip critical bit in signature subpackage parsing
* modified patch: pgpharden.diff
- Add workaround to make newer dnf versions no longer deadlock
after it imported a pubkey [bnc#1202750]
* new patch: keyimportdeadlock.diff
- rsyslog
-
- fix parsing of legacy config syntax (bsc#1205275)
* add:
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- rubygem-nokogiri
-
- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408)
fixes possibility to DoS because of inefficient RE in HTML encoding
- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782)
fixes Improper Handling of Unexpected Data Types
- runc
-
- Update to runc v1.1.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
Includes fixes for the following CVEs:
- CVE-2023-25809 bsc#1209884
- CVE-2023-27561 bsc#1208962
- CVE-2023-28642 bsc#1209888
* Fix the inability to use `/dev/null` when inside a container.
* Fix changing the ownership of host's `/dev/null` caused by fd redirection
(a regression in 1.1.1). bsc#1168481
* Fix rare runc exec/enter unshare error on older kernels.
* nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
bsc#1202021
- salt
-
- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
* skip-package-names-without-colon-bsc-1208691-578.patch
- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
* fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
* 3004-implement-zypper-removeptf-574.patch
- Control the collection of lvm grains via config (bsc#1204939)
- Added:
* control-the-collection-of-lvm-grains-via-config.patch
- Pass the context to pillar ext modules
- Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685)
- Detect module run syntax version
- Implement automated patches alignment for the Salt Bundle
- Ignore extend declarations from excluded SLS files (bsc#1203886)
- Clarify pkg.installed pkg_verify documentation
- Enhance capture of error messages for Zypper calls in zypperpkg module
- Make pass renderer configurable and fix detected issues
- Workaround fopen line buffering for binary mode (bsc#1203834)
- Added:
* clarify-pkg.installed-pkg_verify-documentation.patch
* make-pass-renderer-configurable-other-fixes-532.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
* detect-module.run-syntax.patch
* ignore-extend-declarations-from-excluded-sls-files.patch
* include-stdout-in-error-message-for-zypperpkg-559.patch
* pass-the-context-to-pillar-ext-modules.patch
- samba
-
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "/dnsHostname"/ attribute can be
deleted by unprivileged authenticated users; (bso#15276);
(bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
be discovered; (bso#15270); (bsc#1209485).
- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).
- CVE-2022-38023 Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231); (bsc#1205386);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
- Remove the systemd drop-in file for named service to allow
read/write access to the DLZ directory as bind is not using
systemd filesystem namespaces but bind-chrootenv; (bsc#1205946);
- Install a systemd drop-in file for named service to allow
read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)
- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)"/) at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
<sys/mount.h> in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
(bso#14833); (bsc#1202803);
- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).
- shadow
-
- bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch
- shim
-
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
The 86b73d1 patch added the logic that using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
86b73d1 Fix that bootx64.efi is not updated on Leap
f2e8143 Use the long name to specify the grub2 key protector
7283012 cryptodisk: support TPM authorized policies
49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
a5c5734 Introduce --no-grub-install option
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
be merged to v5.19. On the other hand, upstream is working on
improve compressed kernel stage for NX:
[PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
- shim-Enable-TDX-measurement-to-RTMR-register.patch
- Enable TDX measurement to RTMR register (jsc#PED-1273)
- 4fd484e4c2 15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
- Patches (git log --oneline --reverse 15.6..15.7)
0eb07e1 Make SBAT variable payload introspectable
092c2b2 Reference MokListRT instead of MokList
8b59b69 Add a link to the test plan in the readme.
4fd484e Enable TDX measurement to RTMR register
14d6339 Discard load-options that start with a NUL
5c537b3 shim: Flush the memory region from i-cache before execution
2d4ebb5 load_cert_file: Fix stack issue
ea4911c load_cert_file: Use EFI RT memory function
0cf43ac Add -malign-double to IA32 compiler flags
17f0233 pe: Fix image section entry-point validation
5169769 make-archive: Build reproducible tarball
aa1b289 mok: remove MokListTrusted from PCR 7
53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
616c566 More coverity modeling
ea0d0a5 Update shim's .sbat to sbat,3
dd8be98 Bump grub's sbat requirement to grub,3
1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
- 15.7 release note https://github.com/rhboot/shim/releases
Make SBAT variable payload introspectable by @chrisccoulson in #483
Reference MokListRT instead of MokList by @esnowberg in #488
Add a link to the test plan in the readme. by @vathpela in #494
[V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
Discard load-options that start with a NUL by @frozencemetery in #505
load_cert_file bugs by @esnowberg in #523
Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
pe: Fix image section entry-point validation by @iokomin in #518
make-archive: Build reproducible tarball by @julian-klode in #527
mok: remove MokListTrusted from PCR 7 by @baloo in #519
- Drop upstreamed patch:
- shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
- Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify()
- 53509eaf22 15.7
- shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
- For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
- The following patches are merged to 15.7
aa1b289a1a mok: remove MokListTrusted from PCR 7
0cf43ac6d7 Add -malign-double to IA32 compiler flags
ea4911c2f3 load_cert_file: Use EFI RT memory function
2d4ebb5a79 load_cert_file: Fix stack issue
5c537b3d0c shim: Flush the memory region from i-cache before execution
14d6339829 Discard load-options that start with a NUL
092c2b2bbe Reference MokListRT instead of MokList
0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
patches between 15.6 with aa1b289a1a (jsc#PED-127):
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
and shim.changes: (jsc#PED-127)
- Add some change log from SLE shim.changes to Factory shim.changes
Those messages are added "/(sync shim.changes from SLE)"/ tag.
- Add the following changes to shim.spec
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
on openSUSE.
- Enable the AArch64 signature check for SLE:
[#] AArch64 signature
signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
(bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
- shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
which is from upstream grub2.cve_2021_3695.ms keybase channel.
- For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
support efi-app-aarch64 target. So we need the following patches in bintuils:
- binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
- binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
- binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
- Patches (git log --oneline --reverse 15.5~..77144e5a4)
448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
a2da05f shim: implement SBAT verification for the shim_lock protocol
bda03b8 post-process-pe: Fix a missing return code check
af18810 CI: don't cancel testing when one fails
ba580f9 CI: remove EOL Fedoras from github actions
bfeb4b3 Remove aarch64 build tests before f35
38cc646 CI: Add f36 and centos9 CI build tests.
b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
31094e5 tests: also look for system headers in multi-arch directories
4df989a mock-variables.c: fix gcc warning
6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
2670c6a Allow MokListTrusted to be enabled by default
5c44aaf Add code of conduct
d6eb9c6 Modernize aarch64
9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
de87985 make: don't treat cert.S specially
803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
bb4b60e Add verify_image
acfd48f Abstract out image reading
35d7378 Load additional certs from a signed binary
8ce2832 post-process-pe: there is no 's' argument.
465663e Add some missing PE image flag definitions
226fee2 PE Loader: support and require NX
df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
f81a7cc SBAT revocation management
abe41ab make: unbreak scan-build again for gnu-efi
610a1ac sbat.h: minor reformatting for legibility
f28833f peimage.h: make our signature macros force the type
5d789ca Always initialize data/datasize before calling read_image()
a50d364 sbat policy: make our policy change actions symbolic
5868789 load_certs: trust dir->Read() slightly less.
a78673b mok.c: fix a trivial dead assignment
759f061 Fix preserve_sbat_uefi_variable() logic
aa61fdf Give the Coverity scanner some more GCC blinders...
0214cd9 load_cert_file(): don't defererence NULL
1eca363 mok import: handle OOM case
75449bc sbat: Make nth_sbat_field() honor the size limit
c0bcd04 shim-15.6~rc1
77144e5 SBAT Policy latest should be a one-shot
- 15.5 release note https://github.com/rhboot/shim/releases
Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
mok: allocate MOK config table as BootServicesData by @lcp in #361
Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
Relax the check for import_mok_state() by @lcp in #372
SBAT.md: trivial changes by @hallyn in #389
shim: another attempt to fix load options handling by @chrisccoulson in #379
Add tests for our load options parsing. by @vathpela in #390
arm/aa64: fix the size of .rela* sections by @lcp in #383
mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
mok: relax the maximum variable size check by @lcp in #369
Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
Fallback allocation errors by @vathpela in #402
shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
str: remove duplicate parameter check by @xypron in #408
fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
Test mok mirror by @vathpela in #394
Modify sbat.md to help with readability. by @eshiman in #398
csv: detect end of csv file correctly by @xypron in #404
Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
pe: simplify generate_hash() by @xypron in #411
Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
Fallback to default loader if parsed one does not exist by @julian-klode in #393
fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
Better console checks by @vathpela in #416
docs: update SBAT UEFI variable name by @nicholasbishop in #421
Don't parse load options if invoked from removable media path by @julian-klode in #399
fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
Shim 15.5 coverity by @vathpela in #439
Allocate mokvar table in runtime memory. by @vathpela in #447
Remove post-process-pe on 'make clean' by @vathpela in #448
pe: missing perror argument by @xypron in #443
- 15.6-rc1 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
- 15.6 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
SBAT Policy latest should be a one-shot by @jsetje in #481
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
pe: Perform image verification earlier when loading grub by @chriscoulson
Update advertised sbat generation number for shim by @jsetje
Update SBAT generation requirements for 05/24/22 by @jsetje
Also avoid CVE-2022-28737 in verify_image() by @vathpela
- Drop upstreamed patch:
- shim-bsc1184454-allocate-mok-config-table-BS.patch
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- 4068fd42c8 15.5-rc1~70
- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
- Handle ignore_db and user_insecure_mode correctly
- 822d07ad4f07 15.5-rc1~73
- shim-bsc1185621-relax-max-var-sz-check.patch
- Relax the maximum variable size check for u-boot
- 3f327f546c219634b2 15.5-rc1~49
- shim-bsc1185261-relax-import_mok_state-check.patch
- Relax the check for import_mok_state() when Secure Boot is off
- 9f973e4e95b113 15.5-rc1~67
- shim-bsc1185232-relax-loadoptions-length-check.patch
- Relax the check for the LoadOptions length
- ada7ff69bd8a95 15.5-rc1~52
- shim-fix-aa64-relsz.patch
- Fix the size of rela* sections for AArch64
- 34e3ef205c5d65 15.5-rc1~51
- shim-bsc1187260-fix-efi-1.10-machines.patch
- Don't call QueryVariableInfo() on EFI 1.10 machines
- 493bd940e5 15.5-rc1~69
- shim-bsc1185232-fix-config-table-copying.patch
- Avoid buffer overflow when copying the MOK config table
- 7501b6bb44 15.5-rc1~50
- shim-bsc1187696-avoid-deleting-rt-variables.patch
- Avoid deleting the mirrored RT variables
- b1fead0f7c9 15.5-rc1~37
- Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
to make sure all object files gets rebuilt
- reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
in shim-15.6.tar.bz2
- shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
pe: Fix a buffer overflow when SizeOfRawData VirtualSize
- shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
pe: Perform image verification earlier when loading grub
- shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
Update advertised sbat generation number for shim
- shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
Update SBAT generation requirements for 05/24/22
- shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
Also avoid CVE-2022-28737 in verify_image()
- 0006-shim-15.6-rc2.patch
- 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
sbat: add the parsed SBAT variable entries to the debug log
- 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
show the prompt to ask whether the user trusts openSUSE certificate or not
(bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
(sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
- slang
-
- spacewalk-backend
-
- version 4.2.27-1
* Fix the mgr-inter-sync not creating valid repository metadata when dealing
with empty channels (bsc#1207829)
* fix repo sync for cloud payg connected repositories (bsc#1208772)
* Fix issues with kickstart syncing on mirrorlist repositories
* Do not sync .mirrorlist and other non needed files
* reposync: catch local file not found urlgrabber error properly (bsc#1208288)
- version 4.2.26-1
* Fix reposync error about missing "/content-type"/ key when syncing certain channels
* Compute headers as list of two-tuples to be used by url grabber (bsc#1205523)
* Updated logrotate configuration (bsc#1206470)
* Add 'octet-stream' to accepted content-types for reposync mirrorlists
* Exclude invalid mirror urls for reposync (bsc#1203826)
* do not fetch mirrorlist when a file url is given
* Keep older module metadata files in database (bsc#1201893)
* Removed the activation keys report from the debug information
- spacewalk-certs-tools
-
- version 4.2.19-1
* some i18n functions moved to new module which needs to be loaded
(bsc#1201142)
* Generated bootstrap scripts installs all needed Salt 3004 dependencies
for Ubuntu 18.04 (bsc#1204517)
- spacewalk-client-tools
-
- version 4.2.23-1
* Update translation strings
- version 4.2.22-1
* Update translation strings
- spacewalk-proxy
-
- version 4.2.14-1
* Avoid unnecessary debug messages from proxy backend (bsc#1207490)
- version 4.2.13-1
* Updated logrotate configuration (bsc#1206470)
* Handle tftp in rhn-proxy (bsc#1205976)
- spacewalk-proxy-installer
-
- version 4.2.11-1
* Detect salt bundle when fetching certificate using salt event (bsc#1208306)
- version 4.2.10-1
* Correctly detect salt-bundle (bsc#1208306)
- version 4.2.9-1
* Prefer salt-bundle minion config if available (bsc#1198226, bsc#1208306)
- version 4.2.8-1
* Increase maximum object size to 500MB (bsc#1204011)
- spacewalk-web
-
- version 4.2.34-1
* Fix datetime picker appearing behind modal edge (bsc#1209703)
- version 4.2.33-1
* Deprecate jQuery datepicker, integrate React datepicker (bsc#1209689)
* Fix CLM environments UI for environment labels containing dots (bsc#1207838)
- version 4.2.32-1
* Add 'none' matcher to CLM AppStream filters (bsc#1206817)
* fix frontend logging in react pages
* Add bugzilla references to past security fixes
* shell-quote fix CVE-2021-42740 (bsc#1203287)
* moment fix CVE-2022-31129 (bsc#1203288)
- version 4.2.31-1
* Prevent proxy data from being logged (bsc#1205339)
- sqlite3
-
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
- sudo
-
- Fix CVE-2023-28486, sudo does not escape control characters in
log messages, (CVE-2023-28486, bsc#1209362)
* Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
* bsc#1203201
* Do not re-enable the reader when flushing the buffers as part
of pty_finish().
* While sudo-observe-SIGCHLD patch applied earlier prevents a
race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
* bsc#1206483
* Fix a situation where "/sudo -U otheruser -l"/ would dereference
a NULL pointer.
- Added sudo-CVE-2023-22809.patch
* CVE-2023-22809
* bsc#1207082
* Prevent '--' in the EDITOR environment variable which can allow
users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
* Change sudo-ldap schema from ASCII to UTF8.
* Fixes bsc#1197998
* Credit to William Brown <william.brown@suse.com>
* https://github.com/sudo-project/sudo/pull/163
- Added sudo-observe-SIGCHLD.patch
* Make sure SIGCHLD is not ignored when sudo is executed; fixes
race condition.
* bsc#1203201
* Sourced from https://github.com/sudo-project/sudo/commit/727056e
- Added sudo-CVE-2022-43995.patch
* CVE-2022-43995
* bsc#1204986
* Fixed a potential heap-based buffer over-read when entering a password
of seven characters or fewer and using the crypt() password backend.
- Fixed an issue where some redundant entries in a sudo configuration
file caused freed memory to be accessed in the error message thus
wrong information was output in the error message.
* [bsc#1190818]
* Added [sudo-1.9.5p2-no_free_alias_name.patch]
Sourced from the following git commit hashes:
| 9ed14870c Add garbage collection to the sudoers parser to clean
up on error. This makes it possible to avoid memory leaks when
there is a parse error.
| bdb02b1ef Got back to calling alias_free() on alias_add() failure.
We now need to remove the name and members from the leak list
* before* calling alias_add() since alias_add() will consume them
for both success and failure.
| b4cabdb39 Don't free the alias name in alias_add() if the alias
already exists. We need to be able to display it using
alias_error(). Only free what we actually allocated in alias_add()
on error and let the caller handle cleanup. Note that we cannot
completely fill in the alias until it is inserted. Otherwise,
we will have modified the file and members parameters even if
there was an error. As a result, we have to remove those from the
leak list after alias_add(), not before.
- supportutils
-
- Changes to supportconfig version 3.1.11-46.3
+ Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
+ Added check to _sanitize_file
+ Using variable for replement text in _sanitize_file
- Added lifecycle information (issue#140)
- Changes to version 3.1.21
+ Added type output with df command in fs-diskio.txt (issue#141)
+ Gather all files in /etc/security/limits.d/ (issue#142)
+ Fixed KVM virtualization detection on bare metal (bsc#1184689)
+ Added logging using journalctl (bsc#1200330)
+ Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
+ Added system logging configuration and checking in messages_config.txt (issue#103)
+ If rsyslog not installed collect more from journalctl (issue#120)
+ Added systemd-status.txt for the status of all service units (issue#125)
+ autofs includes files in (+dir:<path>) (issue#111)
+ Get current sar data before collecting files (bsc#1192648)
+ Collects everything in /etc/multipath/ (bsc#1192252)
+ Collects power management information in hardware.txt (bsc#1197428)
+ Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
+ Fixed conf_files and conf_text_files so y2log is gathered (issue#134, bsc#1202269)
+ Update to nvme_info and block_info #133 (bsc#1202417)
+ Added IO scheduler (issue#136)
+ Added includedir directories from /etc/sudoers (bsc#1188086)
- Added a listing to /dev/mapper/. #129
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.7 (bsc#1209026)
+ Include information about the cached registration data
+ Collect the data that is sent to the update infrastructure during
registration
- suse-build-key
-
- Establish multiple new 4096 RSA keys that we will switch
to mid of 2023. (jsc#PED-2777)
- gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
- gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
- suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
- build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
new RSA 4096 key for the SUSE registry registry.suse.com, installed as
suse-container-key-2023.pem and suse-container-key-2023.asc
- suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
New PTF container signing key for registry.suse.com/ptf/ space.
- added /usr/share/pki/containers directory for container pem keys
(cosign/sigstore style), put our PEM key there too (bsc#1204706)
- susemanager-build-keys
-
- Version 15.3.7 (jsc#PED-2777):
* add new 4096 bit RSA build key gpg-pubkey-3fa1d6ce-63c9481c.asc
* add new 4096 bit RSA reserve build key gpg-pubkey-d588dc46-63c939db.asc
* add 2022 2048 bit RSA PTF key suse_ptf_key-6F5DA62B.asc
* add new 4096 bit RSA PTF key suse_ptf_key_2023.asc
- Version 15.3.6
* Add rpmlintrc configuration, so "/W: backup-file-in-package"/ for
the keyring is ignored. We do not ship backup files, but we own them
because they are created each time gpg is called, and we want them
removed if the package is removed
- Added:
- uyuni-build-keys.rpmlintrc
- systemd
-
- Fix systemd-coredump to not allow user to access coredumps with changed
uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
Add 5000-coredump-Fix-format-string-type-mismatch.patch
Add 5001-coredump-drop-an-unused-variable.patch
Add 5002-coredump-adjust-whitespace.patch
Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit b83846dc8a5db633cc6cf05a33ddc054f725214e
4d53a5440f udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
f70647a7b7 udev/net_id: add debug logging for construction of device names
48f40fbc8e pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857)
7e4434d883 docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't document it
2bdfc2d8cf pid1: lookup owning PID of BusName= name of services asynchronously
dba888a4d3 pid1: watch bus name always when we have it
f524807b89 udev: add one more assertion
8558101c73 udev: drop assertion which is always false
566a66dc5c udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
b4c4edaada tests: minor simplification in test-execute
76d510c625 tests: make test-execute pass on openSUSE
- Drop the following patches which are part of 'SUSE/v246' now:
6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
Also update the rule files to make use of the "/CONST{arch}"/ syntax (available
since v244).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
42a26330fc time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
8a70235d8a core: Add trigger limit for path units
93e544f3a0 core/mount: also add default before dependency for automount mount units
5916a7748c logind: fix crash in logind on user-specified message string
- Add 1010-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
- systemd-presets-common-SUSE
-
- Enable systemd-pstore.service by default (jsc#PED-2663)
- systemd-rpm-macros
-
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
a chroot (bsc#1211272)
- Bump version to 12
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not
present as it's expected (bsc#1208079).
- tar
-
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
results in use of uninitialized memory for a conditional jump
(CVE-2022-48303, bsc#1207753)
* fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
* remove bsc1202436.patch
* bsc1202436-1.patch
* bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
* bsc1202436.patch
- Fix unexpected inconsistency when making directory, bsc#1203600
* tar-avoid-overflow-in-symlinks-tests.patch
* tar-fix-extract-unlink.patch
- Update race condition fix, bsc#1200657
* tar-fix-race-condition.patch
- Refresh bsc1200657.patch
- tcl
-
- [bsc#1206623], tcl-string-compare.patch:
Fix [string compare -length] on big endian and improve
[string equal] on little endian.
- Fix a race condition in test socket-13.1
(tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
sqlite3 to have only a single copy and keep it more up to date
(bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
- timezone
-
- timezone update 2023c:
* Revert changes made in 2023b
- timezone update 2023b:
* Lebanon delays the start of DST this year.
- timezone update 2023a:
* Egypt now uses DST again, from April through October.
* This year Morocco springs forward April 23, not April 30.
* Palestine delays the start of DST this year.
* Much of Greenland still uses DST from 2024 on.
* America/Yellowknife now links to America/Edmonton.
* tzselect can now use current time to help infer timezone.
* The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- timezone update 2022g (bsc#1177460):
* In the Mexican state of Chihuahua, the border strip near the US
will change to agree with nearby US locations on 2022-11-30.
The strip's western part, represented by Ciudad Juárez, switches
from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
The eastern part, represented by Ojinaga, will observe US DST next
year, like Presidio, TX.
A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
* Much of Greenland, represented by America/Nuuk, stops observing
winter time after March 2023, so its daylight saving time becomes
standard time.
* Changes for pre-1996 northern Canada
* Update to past DST transition in Colombia (1993), Singapore
(1981)
* timegm is now supported by default
- timezone update 2022f (bsc#1177460):
* Mexico will no longer observe DST except near the US border
* Chihuahua moves to year-round -06 on 2022-10-30
* Fiji no longer observes DST
* Move links to 'backward'
* In vanguard form, GMT is now a Zone and Etc/GMT a link
* zic now supports links to links, and vanguard form uses this
* Simplify four Ontario zones
* Fix a Y2438 bug when reading TZif data
* Enable 64-bit time_t on 32-bit glibc platforms
* Omit large-file support when no longer needed
* In C code, use some C23 features if available
* Remove no-longer-needed workaround for Qt bug 53071
- Refreshed patches:
* fat.patch
* tzdata-china.diff
- timezone update 2022e (bsc#1177460):
* Jordan and Syria switch from +02/+03 with DST to year-round +03
- timezone update 2022d:
* Palestine transitions are now Saturdays at 02:00
* Simplify three Ukraine zones into one
- timezone update 2022c:
* Work around awk bug
* Improve tzselect on intercontinental Zones
- timezone update 2022b:
* Chile's DST is delayed by a week in September 2022 boo#1202324
* Iran no longer observes DST after 2022
* Rename Europe/Kiev to Europe/Kyiv
* New zic -R option
* Vanguard form now uses %z
* Finish moving duplicate-since-1970 zones to 'backzone'
- Refresh tzdata-china.diff
- Remove upstreamed bsc1202310.patch
- util-linux
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- util-linux-systemd
-
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
to prevent error message if /var/lib/libuuid/clock.txt does not
exist.
- Fix file conflict during upgrade (boo#1204211).
- libuuid improvements (bsc#1201959, PED-1150):
* libuuid: Fix range when parsing UUIDs
(util-linux-libuuid-uuid_parse-overrun.patch).
* Improve cache handling for short running applications-increment
the cache size over runtime
(util-linux-libuuid-improve-cache-handling.patch).
* Implement continuous clock handling for time based UUIDs
(util-linux-libuuid-continuous-clock-handling.patch).
* Check clock value from clock file to provide seamless libuuid
update (util-linux-libuuid-check-clock-value.patch).
- uyuni-common-libs
-
- version 4.2.10-1
* Allow default component for context manager.
- version 4.2.9-1
* Fix crash due missing "/context_manager"/ when running
salt-secrets-config service (bsc#1200096)
- version 4.2.8-1
* some i18n functions moved to new module which needs to be loaded
(bsc#1201142)
- vim
-
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
* Make xxd conflicting the previous vim packages
- Updated to version 9.0 with patch level 1443, fixes the following security problems
* Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
* Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
* Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- Updated to version 9.0 with patch level 1386, fixes the following security problems
* Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
* Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
* Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
* Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
* Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
* Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
* Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
* Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
* Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
* Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
* Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
* Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
* Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
* Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
* Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
- Updated to version 9.0 with patch level 0814, fixes the following problems
* Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
* Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
* Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
* Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
* Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
* Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
* Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
* Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
* Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
* Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
* Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
* Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
* Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
* Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
* Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
- disable-unreliable-tests-arch.patch: Removed
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Truncate file name even if no directory structure
* [bsc#1204720]
- wicked
-
- version 0.6.70
- build: Link as Position Independent Executable (bsc#1184124)
- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
- team: Fix to configure port priority in teamd (bsc#1200505)
- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
- wireless: Add support for WPA3 and PMF (bsc#1198894)
- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
- dbus: Clear string array before append (gh#openSUSE/wicked#913)
- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
- version 0.6.69
- redfish: decode smbios and setup host interface
Add initial support to decode the SMBIOS Management Controller Host
Interface (Type 42) structure and expose it as wicked `firmware:redfish`
configuration to setup a Host Network Interface (to the BMC) using the
`Redfish over IP` protocol allowing access to the Redfish Service (via
redfish-localhost in /etc/hosts) used to manage the computer system.
Tech Preview (jsc#SLE-17762).
- buffer: fix size_t length downcast to uint, add guards to init functions
- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
- xml-schema: reference counting fix to not crash at exit on schema errors
- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
- removed obsolete patch included in the master sources (bsc#1194392)
[- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- dbus: cleanup the dbus-service.h file and unused property macros
e.g. tso has been split into several features and the
- cleanup: add missing/explicit designated field initializers
- dhcp: support to define and request custom options (bsc#988954),
- utils: fixed last byte formatting in ni_format_hex
- ifconfig: re-add broadcast calculation (bcs#971629).
- version 0.6.27
- xen
-
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
log-dirty mode use-after-free (XSA-427)
xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
pinned cache attributes mis-handling (XSA-428)
xsa428-1.patch
xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
vulnerability in 32bit SYSCALL path (XSA-429)
xsa429.patch
- Upstream bug fixes (bsc#1027519)
63624fa6-xenstored-call-remove_domid_from_perm-for-special.patch
637b5f4f-efifb-ignore-invalid.patch
63a03e28-x86-high-freq-TSC-overflow.patch
- Re-order some patches back into their proper upstream sequence.
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
speculative security issues (XSA-422)
636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
- bsc#1193923 - VUL-1: xen: Frontends vulnerable to backends
(XSA-376)
61dd5f64-limit-support-statement-for-Linux-and-Windows-frontends.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-10.patch (correction)
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
take excessively long (XSA-410)
63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
63455fe4-x86-HAP-monitor-table-error-handling.patch
63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
6345601d-x86-tolerate-shadow_prealloc-failure.patch
6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
63456075-x86-P2M-free-paging-pool-preemptively.patch
63456090-x86-p2m_teardown-preemption.patch
- bcs#1203804 - VUL-0: CVE-2022-33747: xen: unbounded memory consumption
for 2nd-level page tables on ARM systems (XSA-409)
63456175-libxl-per-arch-extra-default-paging-memory.patch
63456177-Arm-construct-P2M-pool-for-guests.patch
6345617a-Arm-XEN_DOMCTL_shadow_op.patch
6345617c-Arm-take-P2M-pages-P2M-pool.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
transitive grant copy handling (XSA-411)
634561aa-gnttab-locking-on-transitive-copy-error-path.patch
- Upstream bug fixes (bsc#1027519)
6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
6351095c-Arm-rework-p2m_init.patch
6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
635665fb-sched-fix-restore_vcpu_affinity.patch
63569723-x86-shadow-replace-bogus-assertions.patch
- Drop patches replaced by upstream versions:
xsa410-01.patch
xsa410-02.patch
xsa410-03.patch
xsa410-04.patch
xsa410-05.patch
xsa410-06.patch
xsa410-07.patch
xsa410-08.patch
xsa410-09.patch
xsa410-10.patch
xsa411.patch
- bsc#1204482 - VUL-0: CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316,
CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let
xenstored run out of memory (XSA-326)
xsa326-01.patch
xsa326-02.patch
xsa326-03.patch
xsa326-04.patch
xsa326-05.patch
xsa326-06.patch
xsa326-07.patch
xsa326-08.patch
xsa326-09.patch
xsa326-10.patch
xsa326-11.patch
xsa326-12.patch
xsa326-13.patch
xsa326-14.patch
xsa326-15.patch
xsa326-16.patch
- bsc#1204485 - VUL-0: CVE-2022-42309: xen: Xenstore: Guests can
crash xenstored (XSA-414)
xsa414.patch
- bsc#1204487 - VUL-0: CVE-2022-42310: xen: Xenstore: Guests can
create orphaned Xenstore nodes (XSA-415)
xsa415.patch
- bsc#1204488 - VUL-0: CVE-2022-42319: xen: Xenstore: Guests can
cause Xenstore to not free temporary memory (XSA-416)
xsa416.patch
- bsc#1204489 - VUL-0: CVE-2022-42320: xen: Xenstore: Guests can
get access to Xenstore nodes of deleted domains (XSA-417)
xsa417.patch
- bsc#1204490 - VUL-0: CVE-2022-42321: xen: Xenstore: Guests can
crash xenstored via exhausting the stack (XSA-418)
xsa418-01.patch
xsa418-02.patch
xsa418-03.patch
xsa418-04.patch
xsa418-05.patch
xsa418-06.patch
- bsc#1204494 - VUL-0: CVE-2022-42322,CVE-2022-42323: xen:
Xenstore: cooperating guests can create arbitrary numbers of
nodes (XSA-419)
xsa419-01.patch
xsa419-02.patch
xsa419-03.patch
- bsc#1204496 - VUL-0: CVE-2022-42325,CVE-2022-42326: xen:
Xenstore: Guests can create arbitray number of nodes via
transactions (XSA-421)
xsa421-01.patch
xsa421-02.patch
- yast2-bootloader
-
- prevent leak of grub2 password to logs(bsc#1201962)
- 4.3.32
- yast2-installation
-
- AutoYaST SecondStage: Revert changes introduced in 4.3.46 running
the initscript service before systemd-user-sessions again once
systemd patched logind (bsc#1195059, bsc#1200780)
- 4.3.55
- Do not restart services when updating the package (bsc#1199480,
bsc#1200274)
- 4.3.54
- AutoYaST Second Stage: Added a missing dependency to the service
to prevent getty-autogeneration listen on 5901 port (bsc#1199746)
- 4.3.53
- yast2-network
-
- Fixed issue when writing the NetworkManager config without a
gateway (bsc#1203866)
- 4.3.86
- Added a class to generate the configuration needed for a FCoE
device being aware of it during the installation (bsc#1199554)
- 4.3.85
- AY: Added missing route extrapara element to the networking
section (bsc#1201129)
- 4.3.84
- Allow more than 6 domains in resolver search list (bsc#1200155).
- 4.3.83
- yast2-online-update
-
- Fix showing of release notes when we update a rubygem
(bsc#1205913)
- 4.2.3
- yast2-registration
-
- Import the SSL certificate from the <reg_server_cert> AutoYaST
data also in the self-update step (bsc#1199091, bsc#1198642)
- 4.3.26
- yast2-schema
-
- Add 'extrapara' to routes in the networking section (bsc#1201129)
- 4.3.31
- Support for flatten and nested "/category_filter"/ element in the
"/online_update_configuration"/ section (bsc#1198848).
- 4.3.30
- yast2-transfer
-
- Fixed TFTP download, truncate the target file to avoid garbage
at the end of the file when saving to an already existing file
(bsc#1208754)
- 4.1.1
- zlib
-
- Fix deflateBound() before deflateInit(), bsc#1210593
bsc1210593.patch
- Add DFLTCC support for using inflate() with a small window,
fixes bsc#1206513
* bsc1206513.patch
- Follow up fix for bsc#1203652 due to libxml2 breakage
* bsc1203652-2.patch
- Fix bsc#1203652, inflate() does not update strm.adler if DFLTCC is used
* bsc1203652.patch
- zstd
-
- Fix CVE-2022-4899, bsc#1209533
* Disallow empty --output-dir-flat=
- Added patch:
* Disallow-empty-output-directory.patch
- zypper
-
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60
- BuildRequires: libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
A remove command which prefers replacing dependant packages to
removing them as well.
A PTF is typically removed as soon as the fix it provides is
applied to the latest official update of the dependant packages.
But you don't want the dependant packages to be removed together
with the PTF, which is what the remove command would do. The
removeptf command however will aim to replace the dependant
packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
(bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires: libzypp-devel >= 17.31.5
- version 1.14.58