- SUSEConnect
-
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- Recognize more formats when parsing .curlrc for proxy credentials (bsc#1155027)
- Add rpmlintrc to filter false-positive warning about patch not applied
- Update to 0.3.27
- SUSEConnect now ensures that it writes its configuration when it
encounters errors. This helps in the situation where SUSEConnect
announces itself, but fails during a later step. Without the saved
configuration, a system could have credentials, but be unsure which
registration proxy they're valid for.
- Update to 0.3.26
- Extend the YaST API in order to access to the package search
functionality (jsc#SLE-9109)
- Don't fail de-activation when '-release' package already got removed
- Update to 0.3.25
- Fix cloud_provider detection on AWS large instances (bsc#1160007)
- Update to 0.3.24
- Forbid de-registration for on-demand Public Cloud instances (bsc#1155911)
- 0.3.23
fix .spec file to correctly apply switch_server_cert_location_to_etc.patch to SLE15SP2+ (bsc#1130864)
- Update to 0.3.22
switch_server_cert_location_to_etc.patch: add patch to switch server cert path for SLE15.2+ to /etc (bsc#1130864)
- Update to 0.3.21
Fix error on first activation of packagehub extension (bsc#1124318)
- Update to 0.3.20
- Fix getting the list of installed products when zypper plugins are
present (bsc#1143635)
- Update to 0.3.19
- Fix failing on registered system without arguments (bsc#1144020)
- Update to 0.3.18
- Fix base product service removal during de-registration in public clouds (bsc#1136752)
- Update to 0.3.17
- Don't try to remove a service during migration if a zypper service
plugin already exists (bsc#1128969)
- Replace --no-ri --no-rdoc with --no-document - these options
are obsolete since at least ruby 2.1 - and finally removed in
ruby 2.6
- Only overwrite --bindir on fedora, it will overwrite --buildroot
(which needs to be combined on newer fedoras)
- Update to 0.3.16
- Show non-enabled extensions with a remark about availability
- Update to 0.3.15
- Output information about registration and de-registration progress
- Output proper message when SUSEConnect is called without parameters (bsc#959561)
- Default to https URI when no protocol prefix is provided for --url
- Support transactional-update systems (fate#326482)
- Changed "/openssl"/ recommendation to "/openssl(cli)"/
on SLE 12 SP3+ and SLE 15+ (bsc#1101470).
- Update to 0.3.14
- Fix s390 activation fails due to unavailable 'dmidecode' bsc#1112702
- Update to 0.3.13
- Fix migration targets sorting (bsc#1104183)
- Update to 0.3.12
- Detect if system is in cloud provider (AWS/Google/Azure)
(fate#320935)
- Don't fail when trying to parse an empty body. Fixes bsc#1098220
- Don't install release packages if they are already present
- Fix .spec file for running SUSEConnect on Fedora28
- Weaken dependencies of rmt-client-setup script to Recommends:
(bsc#1094348)
- Enhance error message generation
- Add not supported operation exception to PackageSearch API
- Update to 0.3.11
- Add dependencies needed by the rmt-client-setup script. bsc#1093658
- Prevent the automatic registration of recommended products that
are not mirrored by the registration proxy.
- Update to 0.3.10
- Fix rollback mechanism on SLE15 systems (bsc#1089320)
- Update to 0.3.9
- Enable access to package search via gem
- Don't try to delete directory of nonexistent service files
(bsc#1086420)
- Update to 0.3.8
- Fix list-extensions to show the full SLE 15 tree (bsc#1064264)
- Enable automatic activation of recommended extensions/modules
- Automatically deregister all installed extensions/modules when
deregistering a system
- Repackage gem
- Remove unnecessary .gz files
- Update to 0.3.7
- virt-create-rootfs connects to SMT server without breaking (bsc#914297)
- Update to 0.3.6
- Make target_base_product parameter mandatory.
- Update to 0.3.5
- Add YaST.system_offline_migrations
- Update to version 0.3.4:
- Packaging improvements (bsc#964013)
- Update to version 0.3.3:
- Fix SLE15 build
- Properly refresh zypper services when deactivating a product on SMT (bsc#1047153)
- Update to 0.3.2:
- Fix --namespace parameter persistence (bsc#1044493)
- Update to 0.3.1:
- Fix license auto-agree issue (bsc#1037783)
- Add missing archs to SLE 12 SP3 build target
- Update to 0.3.0:
- Single product deactivation feature (fate#320572)
- Update to 0.2.43:
- RPM spec fix for openSUSE:Factory rpmlint compliance (bsc#1028660)
- Update to 0.2.42:
- Better error message for network request failure (bsc#982630)
- Fix error message for --product with malformed identifier (bsc#1018190)
- Fix some errors and formatting in manpages and help output
- Update to 0.2.41:
- Better error message for --list-extensions on unregistered systems
- Update to 0.2.40:
- Update man page to include the --list-extensions option (bsc#998583)
- Update to 0.2.39:
- Fix for bnc#990475: support for aarch64 hardware info
- Update to 0.2.38:
- Fix for bnc#975484: better error message if SMT is too old
- Update to 0.2.37:
- Add method to YaST class to get Installer-Updates repositories (fate#319716).
- Update to 0.2.36:
- Fix for bnc#973851: More flexible exit codes handling in internal zypper calls
- Update to 0.2.35:
- Fix for bnc#973315: Direct update from <=0.2.27 does not remove /usr/bin symlink
- Update to 0.2.34:
- Fix for bnc#963996: Do not crash on --list-extensions when connected to SMT
- Fix for bnc#968245: Do not let zypper attempt to read products from remote locations
- Update to 0.2.33:
- Re-add SUSEConnect binary to /usr/sbin (bnc#963080)
- Use `--match-exact` when searching for a product (bnc#952804)
- Fix fonts on xterm (bnc#957354)
- Update to version 0.2.32: Remove unneeded link in %post which caused a warning (bnc#946183)
- Update to version 0.2.31 (bnc#946183)
- Drop url-implies-writeconfig.diff; it is included in upstream since commit 2ef5aa
- Correct RPM group
- Include SCCcredentials file as a ghost entry
- Further packaging improvements
- Update to version 0.2.30
- New packaging spec. One `SUSEConnect` package to rule them all (bnc#951671)
- Update manpages to match the latest CLI options
- Update to version 0.2.29
- bnc#954266 Silently ignore malformed lscpu lines instead of failing
- Update to version 0.2.28
- Properly handle empty repository lists from zypper (bnc#951566)
- Update to version 0.2.27
- Do not install recommended dependencies when installing the product release package (bnc#945462)
- Addd --rollback option (fate#319114)
- Update to version 0.2.26
- zypper migration extremly slow with lot of modules and extensions registered (bnc#945462)
- Update to version 0.2.25
- Solves Allow registration without system uid (dmidecode fails on qemu system) (bnc#934582)
- bnc#949424 ensure version of SUSEConnect is bumped in order to be
able to distinct requests from affected YaST version in SCC API
- Update to version 0.2.24
- Bug 943451 - [Migration] failure when "/zypper search"/ returns empty list
- Bug 946488 - Synchronization API call returns "/no implicit conversion of Symbol into Integer"/ error
- Bug 941565 - zypper migration not using --releasever
- Bug 945462 - zypper migration extremly slow with lot of modules and extensions registered
- Update to version 0.2.23
- Improve hwinfo detection on physical s390 systems
- Bug 939293 - [S390] Error: Registration failed. Undefined method 'strip' for nil:NilClass (bnc#939293)
- Update to version 0.2.22
- Migration rollback (fate#319114)
- [Migration rollback] zypper migrate: baseproduct mismatch (bnc#941303)
- Update to version 0.2.21
- Escape parameters of remove and add_repository methods
- Update to version 0.2.20
- Add find_products method to migration abstraction layer fate#319140
- Fix add_service method which also creates the credentials files
- Update to version 0.2.19
- Introduction of migration abstraction layer for migration script
- Clean up and re-factoring of yast abstraction layer
- Update to version 0.2.18
- Improve SUSEConnect error messages
- New --cleanup option (remove old system credentials and all zypper services installed by SUSEConnect)
- New --namespace option (forward SMT staging environment to proxy registration server)
- Update to version 0.2.17
- Added migrations endpoint support for Yast
- Use C locale for all the syscalls (solves output parsing issues in some locales)
- Stripping UUID from SCC API calls if it is not settable
- Moved examples from gist to project
- Update to version 0.2.16
- In case of wrong regcode provide meaningful message back to
the user (Wrong regcode in that case).
- Update to version 0.2.15
- Always write config file when --url parameter used (bnc#900689)
- aaa_base
-
- Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch
* Avoid semicolon within (t)csh login script on S/390.
(bsc#1179431)
- Add patch git-21-0064ecd132c30a939125acbc5b9a1c7bcd180fa0.patch
* add screen.xterm-256color to DIR_COLORS
- Add patch git-22-f5e90d70d119b6aa12d019947029f9337aec378d.patch
* check for Packages.db and use this instead of Packages
(boo#1171762)
- Add patch git-23-8f1fe28287466235ade9c62fa5995eba9e642660.patch
* Rename path() to _path() to avoid using a general name.
- Add patch git-24-2de52ae391e2963eb1913183a6b0530c7e781b55.patch
* DIR_COLORS add TERM rxvt-unicode-256color (bug#1006973)
- Add patch git-25-287cf7cb851c0636fa46a610015d2d22ad36acea.patch
* sort TERM entries in etc/DIR_COLORS
- Add patch git-26-0c2f2340cc6ebb51f20b36e550adc517a6b2ae42.patch
* DIR_COLORS: merge TERM entries with list from (bug#1006973)
- Add patch git-27-abf7927eebbd4d7f47a362d49ae7856520682c49.patch
* refresh_initrd call modprobe as /sbin/modprobe (bug#1011548)
- Add patch git-28-3351bcc9613ba022503103e7e4ffd01e7bd8e0fd.patch
* etc/profile add some missing ;; in case esac statements
- Add patch git-29-5220a5f6ba250503ccda326e65ca069d245a5ebe.patch
* profile and csh.login: on s390x set TERM to dumb on serial console
for sclp_line0 and ttyS0 console (bug#1153946)
- Add patch git-30-b9dd70f33a124556f16dbbafc89585a82218ad61.patch
* backup-rpmdb: exit if zypp.pid is there and running
(bug#1161239)
- Add patch git-31-52dc403d54f2c926ee5cc892d1a8a830a45d7412.patch
* also add color alias for ip command, jira#sle-9880, bsc#1153943
- Add patch git-32-0ee79834ea9ebf6573a7b903f374c21e53a56c14.patch
* alias.bash check if ip command knows color=auto (jsc#SLE-7679)
- Add patch git-19-1149066a54a372b30b7cbd79cd222e11d96dc984.patch
* Not all XTerm based emulators do have an terminfo entry (boo#1087982)
- Add patch git-20-6452441f2054b4b290c089ce6269889993b95fc1.patch
* Better support of Midnight Commander (bsc#1170527)
- Add patch git-16-ed897a1090cafb678f75dbed8802bd671d3c1921.patch
get_kernel_version: fix for current kernel on s390x (from azouhr)
(bsc#1151023) (bsc#1139939)
- Add patch git-17-fe967bddbd74af9aba435900878397c0c7ea0b0b.patch
added "/-h"//"/--help"/ to "/old"/ command (from Bernhard Lang)
- Add patch git-18-bb11f02d5dd940803c08d25b0cfd3650d9de7d41.patch
change feedback url from http://www.suse.de/feedback to
https://github.com/openSUSE/aaa_base/issues
- Add patch git-15-27e2c6180a45cca63d71ffa5de7b32dec749d2cd.patch
change rp_filter to 2 to follow the current default (bsc#1160735)
- Add patch git-14-12023f2e8aae5b2ac3a895301945566b9f5eb9c3.patch
drop dev.cdrom.autoclose = 0 from sysctl config (bsc#1160970)
- Clear broken ghost entry in patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
which breaks (lib)readline (bsc#1157278)
- Add patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
Use official key binding functions in inputrc
that is replace up-history with previous-history, down-history with
next-history and backward-delete-word with backward-kill-word
(bsc#1084934). Add some missed key escape sequences for urxvt-unicode
terminal as well (boo#1007715).
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
* service: check if there is a second argument before using it
(bsc#1051143)
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
* check if variables can be set before modifying them
to avoid warnings on login with a restricted shell
(bsc#1138869)
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
* Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
* Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
* fix string test to arithmetic test in /etc/profile.d/wsl.sh
- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)
- Add patch git-06-8640f848c6677f1149b9765a8c86135956604007.patch
* Make systemd detection cgroup oblivious (bsc#1140647)
systemd can work in three exclusive cgroup modes: legacy, hybrid and
unified. The mode affects where and what cgroup hierarchies are mounted.
detect running systemd as systemd itself does it
(src/libsystemd/sd-daemon/sd-daemon.c, function sd_booted)
- Add patch git-05-ae2a49183ba0ad9dff6b8c1efd4de076bd34ab0f.patch
* /etc/profile does not work in AppArmor-confined containers
(bsc#1096191)
- Add patch git-04-b66cf03e673e84902ce0330f88f84f4fbdc8c9e9.patch
* Restore old position of ssh/sudo source of profile
for bug bsc#1118364 but hopefully do not reintroduce
bug boo#1088524
- Add patch git-03-00d332a443062395957f422c89eaed9d0979ec00.patch
* update logic for JRE_HOME env variable (bsc#1128246)
- Add patch git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
Let bash.bashrc work even for (m)ksh (boo#1104531)
- Add patch git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
No error at login if java system directory is empty (bsc#1102310)
- Update to version 84.87+git20180409.04c9dae:
* In bash.bashrc move ssh/sudo source of profile to avoid removing
the `is' variable before last use (boo#1088524).
* Avoid the shell code checker stumble over `function' keys word
in ls.bash (git#54).
- Use %license (boo#1082318)
- Update to version 84.87+git20180208.8eeab90:
* Don't call fillup for removed sysconfig.news
* Adjust path for script converting sysctl config
* For ksh use builtin keyword 'function' to make sure that the
keyword 'typeset' really set the variable IFS to be local within
the function _ls.
- Update to version 84.87+git20180205.2d2832f:
* Move /lib/aaa_base/convert_sysctl to /usr/lib/base-scripts/convert_sysctl
to cleanup filesystem.
* Don't create /etc/init.d/{boot.local,after.local,halt.local} in
aaa_base.pre section.
* Remove dead code from pre/post install sections.
- Add /var/adm/backup subdirectories to aaa_base-extras, they are
only needed by this package.
- Update to version 84.87+git20180204.875cba8:
* Move sysconfig.backup into extra subpackage, where all the
scripts using it are, too.
* Create systemd timer for the cron.daily scripts for backup-rpmdb,
backup-sysconfig and check-battery. Move scripts to
/usr/lib/base-scripts.
* Remove suse.de-cron-local. If somebody really still has a
/root/cron.daily.local file, he can move it to /etc/cron.daily.
* Don't modify data in root's home directory
* Don't create userdel.local, this isn't in use since many years
- Update to version 84.87+git20180130.ae1f262:
* Really remove /usr/sbin/Check, obsolete since 8 years
* Remove ChangeSymlinks, 90% are obsolete, the rest is dangerous
* Remove 14 year old outdated documentation and dummy scripts for
Java
- Update to version 84.87+git20180130.36ea161:
* Remove obsolete/outdated manual pages (route.conf.5,init.d.7,
quick_halt.8)
- Cleanup PreReq and move some parts to Requires(post), so that
we can deinstall them if we no longer need them
- Update to version 84.87+git20171201.65000be:
* Revert changes on sysconfig language and make lang.(c)sh
to use sysconfig language as fallback or better use
locale.conf as default. See discussion in bsc#1069971
and FATE#319454 as well
- Update to version 84.87+git20171130.974ac5c:
* Better parsing of sh variable settings in lang.csh
- Update to version 84.87+git20171129.a45b936:
* Remove RC_* variables from language sysconf template
(bsc#1069971 as well as FATE#319454)
- Update to version 84.87+git20171128.945b960:
* lang.(c)sh: catch if ROOT_USES_LANG becomes not set
- Update to version 84.87+git20171128.aa232d3:
* Add wsl specific code to profile.d/wsl.csh
* move wsl specific code from profile into profile.d/wsl.sh
* Remove obsolete "/make package"/
- Update to version 84.87+git20171128.a6752e8:
* lang.(c)sh: handle locale.conf if sysconfig does not
- lang.(c)sh: handle locale.conf if sysconfig does not provide
default locale (bsc#1069971, FATE#319454)
- Update to version 84.87+git20171128.17ae554:
* Check for /proc/version before using it
* Remove legacy code for /proc/iSeries
* Move fillup-templates to /usr/share (boo#1069468)
- Fix installation of fillup-templates.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- use TW versioning, 13.2 is misleading
- Update to version 84.87+git20171120.d36b8b1:
* Fix double sourcing of /etc/bash_completion.d
* create wsl.sh in /etc/profile.d to set umask in WSL
* Add support for /usr/bin/fish (boo#1068840)
* Get mixed use case of service wrapper script straight (bsc#1040613)
- Update to version 13.2+git20170828.8f12a9e:
* profile: don't override PATH in WSL
* Remove passwd, group and shadow files. Remove %ghost entry for
/run/utmp, /var/log/wtmp and /var/log/btmp, systemd is taking
care of them
* Remove run/utmp, too.
- Update to version 13.2+git20170814.cc9e34e:
* Unset id in csh.cshrc instead of profile.csh (bsc#1049577)
* Restore the is variable within /etc/profile
- Update to version 13.2+git20170731.c10ca77:
* Fix csh.cshrc as tcsh does not handle stderr
* Do not set alias cwdcmd for experts (boo#1045889)
* unset unused variables on profile files (bsc#1049577)
* Deprecate DEFAULT_WM in sysconfig.windowmanager
- Fix csh.cshrc as tcsh does not handle stderr messages within {}
well (boo#1044876)
- Fix copy+paste error in /etc/csh.login boo#1043560
- Support changing PS1 even for mksh and user root (bsc#1036895)
- Be aware that on s390/s390x the ttyS0 is misused
- Reset extended screen TERM variables if no terminfo
- Better status line support even for tcsh
- Modernize /etc/ttytype as tset of ncurses use it
- Off application keypad (keyboard transmit) mode
- Missed a meta prefix in new inputrs.keys
- More 8bit key escape control sequences for XTerm
- Do not set INPUTRC as readline does know personal as well as system
inputrc also make /etc/inputrc do set know sequences for both vi
line editing modes as well as for emacs line editing mode.
- Do remove patch aaa_base-13.2+git20170308.c0ecf2e.dif not
only from package but also from spec file
- Update to version 13.2+git20170425.47e703a:
* Add Enlightenment to the list of windowmanagers
* Add a number of audio/video formats to be colorized
* Revert "/Avoid NAT on Bridges. Bridges are L2 devices, really."/
* aaa_base.pre: drop some system users from aaa_base and create them in the respective packages: bin,daemon,news,uucp,games,man
* Remove /var/log/faillog, there no application using this left [bsc#980484]
* Remove users and groups sys, mail, lp, wwwrun, ftp and nobody
- Make lang.csh work again (bsc#1025673)
- Update to version 13.2+git20170306.3deb627:
* aaa_base.pre: drop some system users from aaa_base and create
them in the respective packages: bin,daemon,news,uucp,games,man
- Update to version 13.2+git20160915.106a00d:
* enhance comment for NO_PROXY variable (bsc#990254)
* Fix spelling of SUSE (skipped copyright statements - they need more thoughts)
* fix regression introduced by fix for bnc#971567 (bnc#996442)
- Correct logic error in usage of variable restricted (boo#994111)
- enhance comment for NO_PROXY variable (bsc#990254)
- Update to version 13.2+git20160807.7f4c8c4:
* switch IPv6 privacy extensions (use_tempaddr) back to 1
* history see bsc#678066,bsc#752842,bsc#988023,bsc#990838
- Do not use the = sign for setenv in /etc/profile.d/lang.csh
- Follow the bash manual page that is respect --norc and --noprofile
- Update to version 13.2+git20160609.bf76b13:
* Mark scripts /etc/init.d/{boot.,after-,halt.}local as deprecated
- lang.sh, lang.csh: if GDM_LANG equals system LANG then use system defaults
- Update to version 13.2+git20160530.bd5210c:
+ Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#958295)
+ Remove spurious assignment to unknown variable term from /etc/inputrc
+ chkconfig: return 1 trying to list unknown service (bnc#971567)
+ chckconfig: add --no-systemctl option
+ fix typo in last patch (no-systemctl support for chkconfig)
+ lang.sh, lang.csh: allow GDM to override locale
+ There is no kde4 anymore
+ Removed '/usr/bin/X11' from PATH (boo #982185)
- fix typo in last patch (no-systemctl support for chkconfig)
- chckconfig: add --no-systemctl option
- chkconfig: return 1 trying to list unknown service (bnc#971567)
- Merge pull request #26 from andreas-schwab/master
- Remove spurious assignment to unknown variable term from /etc/inputrc
- Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324)
- Update to version 13.2+git20151221.244f2a3:
+ drop old dns6 hack migration from 2002
+ remove more dropped variables
+ make chkconfig -a/-d work (bsc#926539)
+ avoid recursion if systemd call chkconfig back for sysv units
+ fix non-working line breaks
- make _service generate .changes
- Replace UNICODE double dash with simple ASCII single dash (boo#954909)
- Use the `+' for find's -exec option as this also respects white
spaces in files names but is more like xargs. Respect status
of screen sessions.
- suse.de-backup-rc.config: trigger also if only files changed
that have spaces in their name (bnc#915259)
- sysconf_addword: do not insert spaces at start of string (bnc#932456)
- Merge pull request #19 from super7ramp/cleaning-references-to-suseconfig
- drop references to sysconfig/suseconfig
- drop SCANNER_TYPE variable
- Merge pull request #25 from ptesarik/master
- Enable SysRq dump by default
- Revert "/fix /etc/init.d/foo status return code (bnc#931388)"/
- Merge pull request #23 from bmwiedemann/master
- fix /etc/init.d/foo status return code (bnc#931388)
- xdg-environment: reduce list in /opt/* to gnome,kde4,kde3 (bnc#910904)
- add SOCKS5_SERVER and socks_proxy to proxy settings (bnc#928398)
- Simplify version check
- Handle also command lines starting with the env command
as this is used by gnome xsessions (bsc#921172)
- Correct the boolean in /etc/profile.d/lang.sh
- Even if GDM has done language setup the personal ~/.i18n should
be sourced (boo#567324)
- Remove the official patch for fate#314974 as now part of systemd
- Merge pull request #21 from arvidjaar/bnc/907873
- Avoid sourcing /etc/bash_completion.d twice
- Fix spelling of SUSE
- Add the official patch for Fate#314974 (bnc#903009)
- acl
-
- test: Add helper library to fake passwd/group files
- quote: escape literal backslashes (bsc#953659).
- Added patch:
* 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
* 0002-quote-escape-literal-backslashes.patch
- refresh acl-2.2.52-tests.patch to work with perl 5.26
- BuildRequires gettext-tools-mini instead of gettext-tools: as
acl is part of the bootstrap, we want to try to keep the dep
chain as small as possible.
- Remove --with-pic that's just for static libraries.
- Replace %__-type macro indirections.
Replace old $RPM_ by their macro equivalents for consistency.
Make the macro style consistent across the file again.
- reenable full Larg File Support for i586
- Make it possible to disable tests (for Ring0)
- Add BuildRequires: system-user-daemon for the testsuite
- Add BuildRequires for system user bin needed by test suite
- Update to git snapshot dated 21 Sep 2015.
- Added:
* 0001-Install-the-libraries-to-the-appropriate-directory.patch
* 0002-setfacl.1-fix-typo-inclu-de-include.patch
* 0003-test-fix-insufficient-quoting-of.patch
* 0004-Makefile-rename-configure.in-to-configure.ac.patch
* 0005-Bad-markup-in-acl.5-page.patch
* 0006-.gitignore-ignore-and-config.h.in.patch
* 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
* 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
* 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
* 0010-punt-debian-rpm-packaging-logic.patch
* 0011-move-gettext-logic-into-misc.h.patch
* 0012-test-make-running-parallel-out-of-tree-safe.patch
* 0013-modernize-build-system.patch
* 0014-po-regenerate-files-after-move.patch
* 0015-build-drop-aclincludedir-use-pkgincludedir.patch
* 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
* 0017-build-ship-a-pkgconfig-file-for-libacl.patch
* 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
* 0019-read_acl_-comments-seq-switch-to-next_line.patch
* 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
* 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
* 0022-add-__acl_-prefixes-to-internal-symbols.patch
* 0023-cp.test-Check-permissions-of-the-right-file.patch
* 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
* 0025-fix-compilation-with-latest-xattr-git.patch
* 0026-getfacl-Fix-memory-leak.patch
* 0027-Fix-the-display-block-nesting-in-acl.5.patch
* 0028-setfacl-man-page-Minor-wording-improvements.patch
* 0029-getfacl-Fix-minor-resource-leak.patch
* 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
* 0031-walk_tree-mark-internal-variables-as-static.patch
* 0032-ignore-configure.lineno.patch
- Signficant spec file restructuring due to 0013-modernize-build-system.patch
- removed builddefs.in.diff
- Reduce size of filelist by using wildcards;
remove %doc (some locations are always %doc),
remove %attr (files already have proper permissions)
- add acl-2.2.52-tests.patch and enable tests, check section taken
from Fedora package
- remove gpg-offline calls from bootstrap package
- Update to new upstream release 2.2.52
* This release fixes a few build system issues that were found and
merges in a tree walking bug fix.
- Remove acl-fiximplicit.patch (merged upstream),
config-guess-sub-update.diff (no longer applies)
- Sync baselibs.conf with in-.spec obsoletes/provides.
- add gpg checking
- use source url
- Add config-guess-sub-update.diff:
update config.guess/sub to latest state for AArch64
- Use OS byteswapping routines, application already Includes
"/endian.h"/ but then goes ahead defining ad-hoc equivalent
functionality (0001-Use-OS-byteswapping-macros.patch)
- remove useless automake deps
- patch license to follow spdx.org standard
- license update: GPL-2.0+;LGPL-2.1+
SPDX format
- add automake as buildrequire to avoid implicit dependency
- Fix provides/Obsoletes
- Implement shlib package (libacl1)
- Enable libacl-devel on all baselib arches
- upgrade to 2.2.51
- Test fixes
- upgrade to 2.2.50
- OPTIONS in man pages should be a section heading, not a subsection heading
- Fix a typo in the setfacl man page
- setfacl: Clarify that removing a non-existent acl entry is not an error
- Prevent setfacl --restore from SIGSEGV on malformed restore file
- setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
- libacl: fix potential null pointer dereference
- setfacl: fix restore crash on malformed input
- setfacl: print useful error from read_acl_comments
- setfacl: changing owner and when S_ISUID should be set --restore fix
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- readded incorrectly removed libattr-devel requires in -devel
- fixed implicit strchr() usage.
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.2.48
- Document the new flags comments
- Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "/setfacl --restore=file"/.
- Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
- Stop quoting nonprintable characters in the getfacl output
- Avoid unnecessary but destructive chown calls
- Clarify license notice
- apparmor
-
- update to AppArmor 2.13.6
- fix utils hotkey conflicts in some languages
- aa-autodep: load abstractions on start (boo#1178527)
- add usr.lib.dovecot.script-login profile
- minor additions in abstractions/X and the dovecot profile
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.6
for the detailed upstream changelog
- drop upstreamed patch libapparmor-so-number.diff
- update to AppArmor 2.13.5
- add missing permissions to several profiles and abstractions
- bugfixes in parser and tools
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
for the detailed upstream changelog
- remove upstream(ed) patches
- changes-since-2.13.4.diff
- abstractions-X-xauth-mr582.diff
- sevdb-caps-mr589.diff
- libvirt-leaseshelper.patch
- cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
cap_checkpoint_restore.diff)
- %service_del_postun_without_restart only works for Tumbleweed,
keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
- Make use of %service_del_postun_without_restart
And stop using DISABLE_RESTART_ON_UPDATE as this interface is
obsolete.
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
libvirt leaseshelper script (jsc#SLE-14253)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
to severity.db (lp#1890547)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
from its new sddm location (boo#1174290, boo#1174293)
- add changes-since-2.13.4.diff with upstream changes and fixes
since 2.13.4 up to 5f61bd4c:
- add several abstractions related to xdg-open:
dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
kde-open5, xdg-open
- introduce @{run} variable
- update dnsmasq and winbindd profile
- update mdns, mesa and nameservice abstraction
- some bugfixes in the aa-* tools, including a remote bugfix in the
YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-fix-utils-network-test.diff
- make-4.3-network.diff
- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
(bsc#1168306)
- fix build with make 4.3 by backporting some commits from upstream
master (boo#1167953):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-network.diff
- make-4.3-fix-utils-network-test.diff
- update to AppArmor 2.13.4
- several abstraction updates (including boo#1153162)
- disallow writing to fontconfig cache in abstractions/fonts
- some bugfixes in the aa-* tools
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
for the detailed upstream changelog
- drop upstreamed patches:
- abstractions-ssl-certbot-paths.diff
- apparmor-krb5-conf-d.diff
- libapparmor-python3.8.diff
- usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
- add usr-etc-abstractions-base-nameservice.diff to adjust
abstractions/base and nameservice for /usr/etc/ (boo#1161756)
- Properly pull in full python3 interpreter
- add libapparmor-python3.8.diff to fix building the libapparmor python
bindings (deb#943657)
- add usr-etc-abstractions-authentification.diff to allow reading
/usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
abstractions/ssl_certs and abstractions/ssl_keys
- add apparmor-krb5-conf-d.diff for kerberos client
- update to 2.13.3
- profile updates for dnsmasq, dovecot, identd, syslog-ng
- new "/lsb_release"/ profile (only used when using "/Px -> lsb_release"/)
- fix buggy syntax in tunables/share
- several abstraction updates
- parser: fix "/Px -> foo-bar"/ (the "/-"/ was rejected before)
- several bugfixes in aa-genprof and aa-logprof
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
for the detailed upstream changelog
- drop upstream(ed) patches:
- apparmor-nameservice-resolv-conf-link.patch
- profile_filename_cornercase.diff
- dnsmasq-libvirtd.diff
- dnsmasq-revert-alternation.diff
- usrmerge-fixes.diff
- libapparmor-swig-4.diff
- re-number remaining patches
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
4.0 (boo#1135751)
- Disable LTO (boo#1133091).
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
update-alternatives (boo#1127877)
- add dnsmasq-revert-alternation.diff: revert path alternation in
dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
breaking libvirtd (boo#1127073)
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
to match the newly added libvirtd profile name (boo#1118952#c3)
- Use %license instead of %doc [bsc#1082318]
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
error out in a corner-case (log event for a non-existing profile while
a profile file with the default filename for that non-existing profile
exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "/abi"/ rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update rpmlintrc:
- whitelist .features file which is part of the pre-compiled cache
- comment out filters for the disabled tomcat_apparmor subpackage
- Backport dnsmasq fix:
025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
(boo#1111342)
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
- add fix-samba-profiles.patch - smbd loads new shared libraries.
Allow winbindd to access new kerberos credential cache location
(boo#1092099)
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
(logprof-skip-cache-d.diff)
- add fix-apparmor-systemd-perms.diff - fix permissions of
/lib/apparmor/apparmor.systemd (boo#1090545)
- create and package precompiled cache (/usr/share/apparmor/cache,
read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
new btrfs layout, the only reason for using /var/lib/apparmor/cache/
(which was "/it's part of the / subvolume"/) is gone, and /var/cache
makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
cache locations
- clear cache also in %post of abstractions package
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- add support for conditional includes in policy
- remove group restrictions from aa-notify (boo#1058787)
- aa-complain etc.: set flags for profiles represented by a glob
- aa-status: split profile from exec name
- several profile and abstraction updates
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
- drop upstreamed patches and files:
- aa-teardown
- apparmor.service
- apparmor.systemd
- 32-bit-no-uid.diff
- disable-cache-on-ro-fs.diff
- dovecot-stats.diff
- parser-write-cache-warn-only.diff
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
and apparmor.systemd (now part of upstream Makefile)
- simplify "/make -C profiles parser-check"/ call (upstream Makefile bug
that required to call "/cd"/ was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
- Set flags for profiles represented by glob (bsc#1086154)
set-flags-for-profiles-represented-by-glob.patch
fix-regression-in-set-flags.patch
- add dovecot-stats.diff:
- add dovecot/stats profile and allow dovecot to run it (boo#1088161)
- allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
- Change of path of rpm in lessopen.sh (boo#1082956)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
read-only and don't bail out (bsc#1069906, bsc#1074429)
- add parser-write-cache-warn-only.diff to make cache write failures a
warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "/Suggests"/
to avoid pulling in several Gnome packages on servers (boo#1067477)
- update to AppArmor 2.12
- add support for 'owner' rules in aa-logprof and aa-genprof
- add support for includes with absolute path in aa-logprof etc. (lp#1733700)
- update aa-decode to also decode PROCTITLE (lp#1736841)
- several profile and abstraction updates, including boo#1069470
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
for the detailed upstream changelog
- drop upstreamed patches:
- read_inactive_profile-exactly-once.patch
- utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
32 bit systems
- update to AppArmor 2.11.95 aka 2.12 beta1
- add JSON interface to aa-logprof and aa-genprof (used by YaST)
- drop old YaST interface code
- update audio, base and nameservice abstractions
- allow @{pid} to match 7-digit pids
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
for the detailed upstream changelog
- drop upstreamed patches
- apparmor-yast-cleanup.patch
- apparmor-json-support.patch
- nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
- apparmor-utils-string-split
- apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
apparmor_parser
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
allow groff to execute several helpers (boo#1065388)
- read_inactive_profile-exactly-once.patch (bsc#1069346)
Perform reading of inactive profiles exactly once.
- update to AppArmor 2.11.1
- add permissions to several profiles and abstractions (including
lp#1650827 and boo#1057900)
- several fixes in the aa-* tools (including lp#1689667, lp#1628286,
lp#1661766 and boo#1062667)
- fix downgrading/converting of 'unix' rules (will be supported in
kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
upstream changelog
- remove upstream(ed) patches
- upstream-changes-r3616..3628.diff
- upstream-changes-r3629..3648.diff
- parser-tests-dbus-duplicated-conditionals.diff
- apparmor-fix-podsyntax.patch
- sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
in displaying the "/changed profiles"/ list in aa-logprof
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
new sockets mediation, until unix rules are upstreamed (boo#1061195)
- add apparmor-fix-podsyntax.patch from mailing list to fix
compilation with perl 5.26
- do not require exact X.Y version of "/python3"/
- require also matching python(abi) which is arguably more important
- don't rely on implementation details for reload in %post
- add JSON support. Required for FATE#323380.
(apparmor-yast-cleanup.patch, apparmor-json-support.patch)
- add upstream-changes-r3629..3648.diff:
- preserve unknown profiles when reloading apparmor.service
(CVE-2017-6507, lp#1668892, boo#1029696)
- add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
- update nvidia abstraction for newer nvidia drivers
- don't enforce ordering of dbus rule attributes in utils (lp#1628286)
- add --parser, --base and --Include option to aa-easyprof to allow
non-standard paths (useful for tests) (lp#1521031)
- move initialization code in apparmor.aa to init_aa(). This allows to
run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
don't exist.
- several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
- Cleanup spec file:
- don't use insserv if we afterwards call systemd, this can
have bad side effects
- remove dead code
- remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
- add upstream-changes-r3616..3628.diff:
- update abstractions/base, abstractions/apache2-common and dovecot profiles
- merge ask_the_questions() of aa-logprof and aa-mergeprof
- pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
- update to AppArmor 2.11.0
- apparmor_parser now supports parallel compiles and loads
- add full support for dbus, ptrace and signal rules and events to the
utils
- full rewrite of the file rule handling in the utils
- lots of improvements and fixes
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
detailed changelog
- patches:
- add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
- drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
- refresh apparmor-abstractions-no-multiline.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
- aa-unconfined switched to using ss (from iproute2), adjust Recommends:
- move libapparmor to /usr/lib*/
- drop %if %suse_version checks for 12.x
- change several Obsoletes from %version to < 2.9. Those package names
weren't used since years, and 2.9 is still a careful choice
- include apparmor.service independent of %suse_version
- techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
- drop latex2html, texlive-* and w3m BuildRequires
- techdoc.txt and techdoc.html not included, drop them from the package
- run most of utils/ make check (some tests expect /etc/apparmor.d/ and
/sbin/apparmor_parser to exist, skip them)
- BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
- drop sed'ing python3 into aa-* shebang (upstreamed)
- build binutils
- aa-exec is now written in C and lives in /usr/bin/, move it to the
apparmor_parser package and create a compability symlink in /usr/sbin/
- aa-exec manpage moved to section 1
- aa-enabled is a small new tool to find out if AppArmor is enabled
- package new aa_stack_profile(2) manpage
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
This is part of the root partition (at least with default partitioning)
and should be available earlier than /var/cache/apparmor/
(boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
- update to AppArmor 2.10.2 maintenance release
- lots of bugfixes and profile updates (including boo#1000201,
boo#1009964, boo#1014463)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
in aa-unconfined
- drop upstream(ed) patches:
- changes-since-2.10.1--r3326..3346.diff
- changes-since-2.10.1--r3347..3353.diff
- libapparmor-fix-import-path.diff (upstream fix is slightly different)
- nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
abstractions/nameservice (path changed in latest nscd in Tumbleweed)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
fixes in the 2.10 branch, including
- allow writing *.qf files (for disk-based buffering) in syslog-ng profile
- add several permissions to the dovecot profiles (deb#835826)
- add a missing path in the traceroute profile
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
fixes since the 2.10.1 release, including
- allow dac_override in winbindd profile (boo#990006#c5)
- allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
Samba 4.4.x, boo#990006)
- abstractions/nameservice: also support ConnMan-managed resolv.conf
- let aa-genprof ask about profiles in extra dir (again)
- fix aa-logprof "/add hat"/ endless loop (lp#1538306)
- honor 'chown' file events in logparser.py
- ignore log file events with a request mask of 'send' or 'receive'
because they are actually network events (lp#1577051, lp#1582374)
- accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
(libapparmor-fix-import-path.diff)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
- update to AppArmor 2.10.1 (2.10 branch r3326):
- fix incorrect output of child profile names (apparmor_parser -N) which
caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
- fix a crash in aa-logprof / logparser.py for change_hat log events
(lp#1523297) and log events that look like file events, but aren't
(lp#1540562, lp#1525119, lp#1466812)
- write unix rules when saving a profile (lp#1522938, boo#954104#c3)
- several fixes for variable handling in aa-logprof
- map c (create) log events to w instead of a
- add python to the "/no Px rule"/ list in logprof.conf
- let aa-logprof check for duplicate profiles
- let aa-status work without the apparmor.fail python module (boo#971917,
lp#1480492)
- add permissions in several profiles (including boo#948584, boo#948753,
boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
boo#921098#c15).
- and many more fixes, see the full changelog at
http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
- fix-initscript-aa_log_end_msg.diff
- syslog-ng-profile-boo948584.diff
- upstream-profile-updates-r3205-3241.diff
- refresh patches:
- apparmor-abstractions-no-multiline.diff
- apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
- add syslog-ng-profile-boo948584.diff - add several permissions needed
by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
- add /usr/share/locale-bundle/** to abstractions/base
- allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
- allow dovecot imap to read /run/dovecot/mounts
- allow avahi-daemon to write to /run/systemd/notify
- allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
- update dhclient profile
- allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
- and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
upstream-profile-updates patch)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
- add apparmor-winbindd-r3213.diff - add missing k permissions for
/etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
output (boo#862170)
- update to AppArmor 2.10 (trunk r3205)
- profile names can now contain variables
- improved profile compile time in apparmor_parser
- lots of improvements, refactoring and bugfixes in the aa-* tools
- new apis for managing and loading profile caches into the kernel in
libapparmor
- lots of profile updates
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the
complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- systemd-rpm-macros and %systemd_requires were at the wrong place,
move them to the parser package (boo#931792)
- update to AppArmor 2.9.2 (2.9 branch r2911)
- lots of bugfixes in the parser and the aa-* tools (including
boo#918787)
- update dovecot and dnsmasq profiles and several abstractions
(including boo#911001)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
apparmor-fix-stl-ostream.diff
- replace GPG key with new AppArmor GPG signing key, see
https://launchpad.net/apparmor/+announcement/13404
- make sure %service_del_postun doesn't call systemctl try-restart
(boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
profiles for samba 4.2 (boo#921098, boo#923201)
- only install apparmor.service for openSUSE > 13.2
- Add a native systemd unit which *at the moment* only
wraps/masks the early boot script.
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
std::ostream which are not valid. Fixes build with GCC 5
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't
part of python3-base (boo#917577)
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
2.9.1 release
- update logparser.py to support changed syslog format (lp#1399027)
- update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
(lp#1296667)
- update the mysqld profile
- fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
- update to AppArmor 2.9.1 (2.9 branch r2831)
- fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
- several fixes and performance improvements in the aa-* utils
- profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
bnc#908856), useradd, sendmail, man and passwd
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1
for full release notes
- refresh dnsmasq-profile-fixes.patch
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
leasehealper script to run even on x86_64.
dnsmasq-profile-fixes.patch. boo#911001
- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
script filename
- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
confinement. bnc#906858
- delete cache in apparmor-profiles %post (workaround for
bnc#904620#c8 / lp#1392042)
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- fix bashism in post script
- update to AppArmor 2.9.0 (r2759)
- change aa-mergeprof to the final commandline syntax
- lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
bugs without a formal bugreport)
- small additions to gnome, freedesktop.org, ubuntu-browsers.d/java
and user-mail abstractions
- fix mod_apparmor to not break basic auth
- update perl modules to support signal, unix and ptrace rules (bnc#900013)
- don't warn about rules not supported by the kernel
- fix logging of "/audit capability"/ (lp#1378091)
- add support for the "/hat"/ keyword in apparmor.vim
- build html version of apparmor.vim manpage again (lp#1366572)
- see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
- argon2
-
- add baselibs.conf as cryptsetup also has 32bit variants
- Update description.
- Update to version 0.0+git20171227.670229c:
* Added ABI version number
* AVX2/AVX-512F optimizations of BLAMKA
* Set Argon2 version number from the command line
* New bindings
* Minor bug and warning fixes (no security issue)
- use _service file
- ship libargon2.pc (bsc#1034441)
- moved argon2-specs.pdf to doc subpackage
- added packaging of man page
- make sure to call cc with -pthread option (implies -lpthread)
- run test suite
- Initial release
- attr
-
- Use %license instead of %doc [bsc#1082318]
- remove man5/attr.5, it is now part of man-pages
http://lwn.net/Articles/643559/
- Reduce size of filelist by using wildcards;
remove %doc (some locations are always %doc),
remove %attr (files already have proper permissions)
- remove gpg-offline from bootstrap packages
- Update to new upstream release 2.4.47
* This release fixes two functional bugs related to tree walking
and the return code from getfattr. Also, a number of build system
problems were fixed.
- Remove config-guess-sub-update.patch (no longer applies),
attr-syscalls.patch (resolved differently upstream),
builddefs.in.diff (replaced by logic in specfile)
- Signature verification
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
- Remove unused autoconf and automake build requires
- Add attr-syscalls.patch:
Define attr syscall numbers for aarch64
- Add config-guess-sub-update.patch:
Update confg.guess/sub for aarch64
- update license to new format
- add autoconf as buildrequire to avoid implicit dependency
- Add libattr-devel-static package
- Enable libattr-devel for all baselib arches
- Implement shlib package (libattr1)
- make shared library executable
- upgrade to 2.4.46
- Fix tests
- upgrade to 2.4.45
- OPTIONS in man pages should be a section heading, not a subsection heading
- getfattr: encode NULs properly with --encoding=text
- setfattr.1: document supported encodings of values
- convert the man pages into html
- attr_parse_attr_conf: eliminate a double free
- attr_parse_attr_conf: eliminate a memory leak
- quote: pull in string.h for strchr prototype
- libattr: fix memory leak in attr_copy_action()
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- fixed implicit strchr() call
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.4.44
- Stop quoting nonprintable characters in the getfattr output
- More license updates
- audit
-
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- Fix specfile to require libauparse0 and libaudit1 after splitting
audit-libs (bsc#1172295)
- Update to version 2.6.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
* Make systemd support files use /run rather than /var/run (Christian Hesse)
* Fix minor memory leak in auditd kerberos credentials code
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
* In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Remote zos building is now a configurable option.
It should be disabled in audit (and left enabled in audit-secondary).
- Make use of some %make_install.
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
* many features added to auparse_normalize
* cli option added to auditd and audispd for setting config dir
* in auditd, restore the umask after creating a log file
* option added to auditd for skipping email verification
- Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7 release
Changelog: https://people.redhat.com/sgrubb/audit/ChangeLog
- Create folder for the m4 file from previous commit to avoid install
failure
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
- C parameter of make
- Install m4 file to the devel package
- Do not depend on insserv nor fillup; the package provides
neither sysconfig nor sysvinit files
- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)
- Remove patch 'audit-no_m4_dir.patch'
(added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
No idea what earlier 'automake' build error this was trying to fix but
it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- Require pkgconfig for build
Changelog 2.4.4
- Fix linked list correctness in ausearch/report
- Add more cross compile fixups (Clayton Shotwell)
- Update auparse python bindings
- Update libev to 4.20
- Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
Changelog 2.4.3
- Add python3 support for libaudit
- Cleanup automake warnings
- Add AuParser_search_add_timestamp_item_ex to python bindings
- Add AuParser_get_type_name to python bindings
- Correct processing of obj_gid in auditctl (Aleksander Zdyb)
- Make plugin config file parsing more robust for long lines (#1235457)
- Make auditctl status print lost field as unsigned number
- Add interpretation mode for auditctl -s
- Add python3 support to auparse library
- Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
- Updates for cross compiling (Clayton Shotwell)
- Add MAC_CHECK audit event type
- Add libauparse pkgconfig file (Aleksander Zdyb)
Changelog 2.4.2
- Ausearch should parse exe field in SECCOMP events
- Improve output for short mode interpretations in auparse
- Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events
- If auditctl is reading rules from a file, send messages to syslog (#1144252)
- Correct lookup of ppc64le when determining machine type
- Increase time buffer for wide character numbers in ausearch/report (#1200314)
- In aureport, add USER_TTY events to tty report
- In audispd, limit reporting of queue full messages (#1203810)
- In auditctl, don't segfault when invalid options passed (#1206516)
- In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
- In auditctl, correct lookup of aarch64 in arch field (#1186313)
- Update lookup tables for 4.1 kernel
- Update to version 2.4.1
Changelog 2.4.1
- Make python3 support easier
- Add support for ppc64le (Tony Jones)
- Add some translations for a1 of ioctl system calls
- Add command & virtualization reports to aureport
- Update aureport config report for new events
- Add account modification summary report to aureport
- Add GRP_MGMT and GRP_CHAUTHTOK event types
- Correct aureport account change reports
- Add integrity event report to aureport
- Add config change summary report to aureport
- Adjust some syslogging level settings in audispd
- Improve parsing performance in everything
- When ausearch outputs a line, use the previously parsed values (Burn Alting)
- Improve searching and interpreting groups in events
- Fully interpret the proctitle field in auparse
- Correct libaudit and auditctl support for kernel features
- Add support for backlog_time_wait setting via auditctl
- Update syscall tables for the 3.18 kernel
- Ignore DNS failure for email validation in auditd (#1138674)
- Allow rotate as action for space_left and disk_full in auditd.conf
- Correct login summary report of aureport
- Auditctl syscalls can be comma separated list now
- Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
- audit-secondary
-
- Do not explicitly provide group(audit) in system-users-audit:
this is automatically handled by rpm/providers.
- Create new "/audit"/ group for read access to logs (bsc#1178154)
* add change-default-log_group.patch
* update audit-secondary.spec
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- prepare usrmerge (boo#1029961)
- Update to version 2.6.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
* Make systemd support files use /run rather than /var/run (Christian Hesse)
* Fix minor memory leak in auditd kerberos credentials code
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
* In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
New patch: audit-fno-common.patch
- Refresh audit-allow-manual-stop.patch
- Reduce scriptlets' hard dependency on systemd.
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
- Use %license instead of %doc [bsc#1082318]
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
present, tests were failing as python2 bindings are preferred in this
case.
- reverted -j1 force ppc specific only
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
- force -j1 for PowerPC make check to avoid build failure
(lookup_test.o: file not recognized: File truncated)
- Add conditions around python plugins to allow us to conditionalize
them in enviroment without python2
- Rename python binding packages to match current python packaging
standards
- Update python build dependencies to resolve future split of
python2/3
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
changelog
- Remove audit-implicit-writev.patch (fixed upstream across 2
commits)
* 3b30db20ad983274989ce9a522120c3c225436b3
* 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
readv and writev are declared.
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
changelog
Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
service (bsc#1042781).
Add config: audit-stop.rules
Refresh patch: audit-allow-manual-stop.patch
Refresh patch: audit-no-gss.patch
- Version update to 2.5. See audit.spec (libaudit1) for upstream
changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
changelog
- Add python3 bindings for libaudit and libauparse
- Remove patch 'audit-no_m4_dir.patch'
(added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
No idea what earlier 'automake' build error this was trying to fix but
it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- augeas
-
- update to 1.10.1:
General changes/additions
New CLI utility 'augmatch' to print the tree for a file and select
some of its contents
New command 'count' in augtool
New function 'not(bool) -> bool' for path expressions
The path expression 'label[. = "/value"/]' can now be written more
concisely as 'label["/value"/]'
API changes
libfa has now a function fa_json to export an FA as a JSON file, and
fa_state_* functions that make it possible to iterate over the FA's
states and transitions. (Pedro Valero Mejia)
Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
aug_ns_path to get the label (with index), the value, the number of
nodes, and the fully qualified path for nodes stored in a nodeset in
a variable efficiently
Lens changes/additions
Grubenv: new lens to process /boot/grub/grubenv (omgold)
Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
(Tomas Meszaros) (Issue #537)
Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
Properties: accept empty comments with DOS line endings (Issue #161)
Rancid: new lens for RANCiD router databases (Matt Dainty)
Resolv: accept empty comments with DOS line endings (Issue #161)
Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
YAML: process a document that is just a sequence (John Vandenberg)
- drop chrpath dependency, the offending dump binary is no longer shipped
- Use %license (boo#1082318)
- Version update to 1.9.0:
- General changes/additions
* Fix error in handling escaped whitespace at the end of path expressions
(addresses CVE-2017-7555)
* several improvements to the error messages when transforming a tree
back to text fails. They now make it clearer what part of the tree
was problematic, and what the tree should have looked like.
* Fixed the pkg-config file, which should now be usable
* Fix handling of backslash-escaping in strings and regular expressions
in the lens language. We used to handle constructs like "//"/ and
//// incorrectly. (Issue #495)
* do not unescape the default value of a del on create; otherwise we are
double unescaping these strings (Issue #507)
* remove tempfile when saving files because destination is not writable
(Issue #479)
* span information is now updated on save (Issue #467)
* fix lots of warnings generated by gcc 7.1
* Various changes to reduce bashisms in tests and make them run on
FreeBSD (Romain Tartière)
- API changes
* add function aug_ns_attr to allow iterating through a nodeset
quickly. See examples/dump.c for an example of how to use them
instead of aug_get, aug_label etc. and for a way to measure
performance gains.
- Lens changes/additions
* Ceph: new lens for /etc/ceph/ceph.conf
* Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
* Dovecot: also load files from /usr/local/etc (Roy Hubbard)
* Exports: relax the rules for the path at the beginning of a line so
that double-quoted paths are legal, too
* Getcap: new lens to parse generic termcap-style capability databases
* Grub: accept toplevel 'boot' entry (Pino Toscano)
* Httpd: handle empty comments with a continuation line (Issue #423);
handle '>"/"/' in a directive properly (Issue #429); make space between
quoted arguments optional (Issue #435); accept quoted strings as part
of bare arguments (Issue #470)
* Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
* Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
* Oz: New lense for /etc/oz/oz.cnf
* postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
* Properties: accept DOS line endings (Issue #468)
* Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
* Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
allow spaces before the # starting a comment; allow comments inside
config statements like 'module'
* Ssh: accept '=' to separate keyword from arguments
* Sshd: split HostKeyAlgorithms into list of values; recognize quoted
group names with spaces in them (Issue #477)
* Sudoers: recognize "/match_group_by_gid"/ (Luigi Toscano) (Issue #482)
* Syslog: allow spaces before the # starting a comment
* Termcap: new lens to parse termcap capability databases (Matt Dainty)
* Vsftpd: accept seccomp_sandbox (Denys Stroebel)
* Xymon: accept 'group-sorted' directive (Issue #462)
- Version update to 1.8.0:
* See the News file for all the details
- Verified it contains fixes for bsc#933210 bsc#975729 bsc#925225
bsc#1023204 CVE-2014-8119
- Version update to 1.6.0:
* See the NEWS file for the details
- Update to version 1.5.0:
- General changes/additions
* augtool: new --timing option that prints after each operation how long
it took
* augtool: print brief help message when incorrect options are given rather
than dumping all help text
* Path expressions: optimize performance of evaluating certain
expressions
* lots of safety improvements in libfa to avoid using uninitialized
values and the like (Daniel Trebbien)
* tolerate building against OSX' libedit (Issue #256)
- API changes
* aug_match: fix a bug where expressions like /foo/*[2] would match a
hidden node and pretend there was no match at all. We now make sure
we never match a hidden node. Thanks to Xavier Mol for reporting the
problem.
* aug_get: make sure we set *value to NULL, even if the provided path is
invalid (Issue #372)
* aug_rm: fix segfault when deleting a tree and one of its ancestors
(Issue #319)
* aug_save: fix segfault when trying to save an invalid subtree. A
routine that was generating details for the error message overflowed
a buffer it had created (Issue #349)
- Lens changes/additions
* AptConf: support hash comments
* AptSources: support options (Issue #295),
support brackets with spaces in URI (GH #296)
rename test file to test_aptsources.aug
* Chrony: allow signed numbers and indentation, fix stray EOL entry,
disallow comment on EOL, add many missing directives and
options (Miroslav Lichvar, RHBZ#1213281)
add new directives and options that were added in
chrony-2.2 and chrony-2.3 and improve parsing of
access configuration (Miroslav Lichvar, Issue #348)
add new options for chrony-2.4 (Miroslav Lichvar)
* Dhclient: avoid put ambiguity for node without value (Issue #294)
* Group: support NIS map, support an overridden and disabled password,
i.e. `+:*::` (Matt Dainty) (Issue #258)
* Host_Conf: support spaces between list items (Cedric Bosdonnat, Issue #358)
* Httpd: add paths to SLES vhosts
(Jan Doleschal) (Issue #268)
parse backslashes in directive arguments (Issue #307)
parse mismatching case of opening/closing tags
parse multiple ending section tags on one line
parse wordlists in braces in SSLRequire directives
parse directive args starting with double quote (Issue #330)
parse directive args containing quotes
support perl directives (Issue #327)
parse line breaks/continuations in section arguments
parse escaped spaces in directive/section arguments
parse backslashes at the start of directive args (Issue #324)
* Inputrc: support $else (Cedric Bosdonnat, Issue #359)
* Interfaces: add support for source-directory (Issue #306)
* Json: add comments support, refactor,
allow escaped quotes and blackslashes
* Keepalived: fix space/tag alignments and hanging spaces,
add vrrp_mcast_group4 and vrrp_mcast_group6,
add more vrrp_instance flags,
add mcast/unicast_src_ip and unicast_peer,
add missing garp options,
add vrrp_script options,
expand vrrp_sync_group block,
allow notify option
(Joe Topjian) (Issue #266)
* Known_Hosts: refactoring and description fixed
* Logrotate: support dateyesterday option (Chris Reeves) (GH #367, #368)
* MasterPasswd: new lens to parse /etc/master.passwd
(Matt Dainty) (Issue #258)
* Multipath: add various missing keywoards (Olivier Mangold) (Issue #289)
* MySQL: include /etc/my.cnf.d/*.cnf (Issue #353)
* Nginx: improve typechecking of lens,
allow masks in IP keys and IPv6 (Issue #260)
add @server simple nodes (Issue #335)
* Ntp: add support for basic interface syntax
* OpenShift_Quickstarts: Use Json.lns
* OpenVPN: add all options available in OpenVPN 2.3o
(Justin Akers) (Issue #278)
* Puppetfile: name separator is not mandatory
add support for moduledir (Christoph Maser)
* Rabbitmq: remove space in option name,
add support for cluster_partitioning_handling,
add missing simple options (Joe Topjian) (Issue #264)
* Reprepro_Uploaders: add support for distribution field
(Mathieu Alorent) (Issue #277),
add support for groups (Issue #283)
* Rhsm: new lens to parse subscription-manager's /etc/rhsm/rhsm.conf
* Rsyslog: improve property filter parsing,
treat whitespace after commas as optional.
recognize '~' as a valid syslog action (discard)
(Gregory Smith) (Issue #282),
add support for redirecting output to named pipes
(Gerlof Fokkema) (Issue #366)
* Shellvars: allow partial quoting, mixing multiple styles
(Kaarle Ritvanen) (Issue #183);
allow wrapping builtin argument to multiple lines
(Kaarle Ritvanen) (Issue #184);
support ;; on same line with multiple commands
(Kaarle Ritvanen) (Issue #185);
allow line wrapping and improve quoting support
(Kaarle Ritvanen) (Issue #187);
accept [] and [[]] builtins (Issue #188);
allow && and || constructs after condition
(Kaarle Ritvanen) (Issue #265);
add pattern nodes in case entries
(BREAKING CHANGE: case entry values are now in a
@pattern subnode) (Kaarle Ritvanen) (Issue #265)
add eval builtin support;
add alias builtin support;
allow (almost) any command;
allow && and || after commands (Issue #215);
allow wrapping command sequences
(Kaarle Ritvanen) (Issue #333);
allow command-specific environment variable
(Kaarle Ritvanen) (Issue #332);
support subshells (Issue #339)
newlines in start of functions
allow newlines after actions
support comments after function name (Issue #339)
exclude SuSEfirewall2 (Cedric Bosdonnat, Issue #357)
* Simplelines: parse OpenBSD's hostname.if(5)
files (Jasper Lievisse Adriaanse) (Issue #252)
* Smbusers: add support for ; comments
* Spacevars: support flags (Issue #279)
* Ssh: add support for HostKeyAlgorithms, KexAlgorithms
and PubkeyAcceptedKeyTypes (Oliver Mangold) (Issue #290),
add support for GlobalKnownHostsFile (Issue #316)
* Star: New lens to parse /etc/default/star
* Sudoers: support for negated command alias
(Geoff Williams) (Issue #262)
* Syslog: recognize '~' as a valid syslog action (discard)
(Gregory Smith) (Issue #282)
* Tmpfiles: new lens to parse systemd's tempfiles.d configuration
files (Julien Pivotto) (Issue #269)
* Trapperkeeper: new lens for Puppet server configuration files
* Util: add comment_c_style_or_hash lens
add empty_any lens
* Vsftpd: add isolate and isolate_network options
(Florian Chazal) (Issue #334)
* Xml: allow empty document (Issue #255)
* YAML: new lens (subset) (Dimitar Dimitrov) (Issue #338)
- Drop upstreamed patches:
27d8457-inputrc-lens-support-mapping-like.patch
2d12670-inputrc-lens-support-else.patch
49bcfbe-Exclude-network-if-up.d-SuSEfirewall2-in-shellvars-l.patch
7558c12-host_conf-lens-spaces-between-list-items-support.patch
- Fix errors showing up in guestfs tools.
Add upstreamed patches:
27d8457-inputrc-lens-support-mapping-like.patch
2d12670-inputrc-lens-support-else.patch
49bcfbe-Exclude-network-if-up.d-SuSEfirewall2-in-shellvars-l.patch
7558c12-host_conf-lens-spaces-between-list-items-support.patch
- Version bump to 1.4.0:
* Loads of bugfixes all around the package
* Read up NEWS file for the detailed changes
- Whitespace
- restore keyring and .sig file, as this is checked by the OBS
source service
- Update to version 1.3.0
+ General changes/additions
* Add missing cp entry in manpage (GH issue #78)
* Add seq to vim syntax highlight (Robert Drake)
* Update augtool.1 man page with new commands and --span, RHBZ#1100077
* augtool autocomplete includes command aliases, RHBZ#1100184
* Remove unused "/filename"/ argument from dump-xml command, RHBZ#1100106
* aug_save returns non-zero result when unable to delete files,
RHBZ#1091143
+ Lens changes/additions
* Aliases: permit missing whitespace between colon and recipients
* AptPreferences: Support spaces in origin fields
* Cgconfig: handle additional valid controllers (Andy Grimm)
* Chrony: New lens to parse /etc/chrony.conf (Pat Riehecky)
* CPanel: New lens to parse cpanel.config files
* Desktop: Allow @ in keys (GH issue #92)
* Device_map: Parse all device.map files under /boot (Mike Latimer)
* Dhclient: Add support for option modifiers (Robert Drake,
GH issue #95)
Parse hash statements with dhcp-eval strings
* Dhcpd: stmt_string quoted blocks no longer store quote marks
(incompatible change),
many changes to support more record types (Robert Drake)
* Group: NIS support (KaMichael)
* Grub: handle "/foreground"/ option, RHBZ#1059383 (Miguel Armas)
* Gshadow: New lens (Lorenzo Catucci)
* Httpd: Allow eol comments after section tags
Allow continued lines inside quoted value (GH issue #104)
Allow comparison operators in tags (GH issue #154)
* IPRoute2: handle "//"/ in protocol name, swap ID and name fields
(incompatible change), RHBZ#1063968,
handle hex IDs and hyphens, as present in
rt_dsfield, RHBZ#1063961
* Iptables: parse /etc/sysconfig/iptables.save, RHBZ#1144651
* Kdump: parse new options, permit EOL comments, refactor, RHBZ#1139298
* Keepalived: Add more virtual/real server settings and checks, RHBZ#1064388
* Known_Hosts: New lens for SSH known hosts files
* Krb5: permit braces in values when not in sub-section, RHBZ#1066419
* Ldso: handle "/hwcap"/ lines (GH issue #100)
* Lvm: support negative numbers, parse /etc/lvm/lvm.conf (Pino Toscano)
* Multipath: add support for rr_min_io_rq (Joel Loudermilk)
* NagiosConfig and NagiosObjects: Fix documentation (Simon Sehier)
* NetworkManager: Use the Quote module, support # in values (no eol comments)
* OpenVPN: Add support for fragment, mssfix, and script-security
(Frank Grötzner)
* Pagekite: New lens (Michael Pimmer)
* Pam: Add partial support for arguments enclosed in [] (Vincent Brillault)
* Passwd: Refactor lens (Lorenzo Catucci)
* Redis: Allow empty quoted values (GH issue #115)
* Rmt: New lens to parse /etc/default/rmt, RHBZ#1100549
* Rsyslog: support complex $template lines, property filters and file
actions with templates, RHBZ#1083016
* Services: permit colons in service name, RHBZ#1121263
* Shadow: New lens (Lorenzo Catucci)
* Shellvars: Handle case statements with same-line ';;', RHBZ#1033799
Allow any kind of quoted values in block
conditions (GH issue #118)
Support $(( .. )) arithmetic expansion in variable
assignment, RHBZ#1100550
* Simplevars: Support flags and empty values
* Sshd: Allow all types of entries in Match groups (GH issue #75)
* Sssd: Allow ; for comments
* Squid: Support configuration files for squid 3 (Mykola Nikishov)
* Sudoers: Allow wuoted string in default str/bool params (Nick Piacentine)
* Syslog: Support "/# !"/ style comments (Robert Drake, GH issue #65)
Permit IPv6 loghost addresses, RHBZ#1129388
* Systemd: Allow quoted Environment key=value pairs, RHBZ#1100547
Parse /etc/sysconfig/*.systemd, RHBZ#1083022
Parse semicolons inside entry values, RHBZ#1139498
* Tuned: New lens for /etc/tuned/tuned-main.conf (Pat Riehecky)
* UpdateDB: New lens to parse /etc/updatedb.conf
(incompatible change as this file used to be processed with
Simplevars)
* Xml: Allow backslash in #attribute values (GH issue #145)
Parse CDATA elements (GH issue #80)
* Xymon_Alerting: refactor lens (GH issue #89)
- Remove the sig and the keyring file as there is no gpg verification
anyway
- Remove augeas-device_map-grub2.patch, fixed on upstream release
- Change desc to describe the "/tools"/ not just the library
bnc#885495.
- Enable tests but "/pass"/ them even with 2 failures.
- Add check phase, comment out as 2 test fails now.
- Clean up with spec-cleaner
- Version bump to 1.2.0:
- API changes
* Add aug_cp and the cp and copy commands
* aug_to_xml now includes span information in the XML dump
- General changes/additions
* Fix documentation link in c_api NaturalDocs menu
* Fix NaturalDocs documentation for various lenses
* src/transform.c (filter_matches): wrap fnmatch to ensure that an incl
pattern containing "///"/ matches file paths, RHBZ#1031084
* Correct locations table for transform_save() (Tomas Hoger)
* Corrections for CVE-2012-0786 tests (Tomas Hoger)
* Fix umask handling when creating new files, RHBZ#1034261
- Lens changes/additions
* Access: support DOMAINuser syntax for users and groups, bug #353
* Authorized_Keys: Allow 'ssh-ed25519' as a valid authorized_key
type (Jasper Lievisse Adriaanse)
* Automounter: Handle hostnames with dashes in them, GH issue #27
* Build: Add combinatorics group
* Cyrus_Imapd: Create new entries without space before separator,
RHBZ#1014974 (Dietmar Kling)
* Desktop: Support square brackets in keys
* Dhclient: Add dhclient.conf path for Debian/Ubuntu (Esteve Fernandez)
* Dhcpd: Support conditionals, GH issue #34
Support a wider variety of allow/deny statement, including
booting and bootp (Yanis Guenane)
Support a wider variety of DHCP allow/deny/ignore statements
(Yanis Guenane)
* Dovecot: Various enhancements and bug fixes (Michael Haslgrübler):
add mailbox to block_names, fix for block_args in quotes,
fix for block's brackets upon write,
fixes broken tests for mailbox,
fixes indention,
test case for block_args with "/,
fixes broken indention
Use Quote module
* Exports: Permit colons for IPv6 client addresses, bug #366
* Grub: Support the 'setkey' and 'lock' directives
NFC fix whitespace errors
Handle makeactive menu command, bug #340
Add 'verbose' option, GH issue #73
* Interfaces: Add in support for the source stanza in
/etc/network/interfaces files
Map bond-slaves and bridge-ports to arrays (incompatible
change) (Kaarle Ritvanen)
Add /etc/network/interfaces.d/* support
Allow numeric characters in stanza options (Pascal Lalonde)
* Koji: New lens to parse Koji configs (Pat Riehecky)
* MongoDBServer: Accept quoted values (Tomas Klouda)
* NagiosCfg: Do not try to parse /etc/nagios/nrpe.cfg anymore, GH issue #43
/etc/nagios/nrpe.cfg is parsed by Nrpe (Yanis Guenane)
* Nagiosobjects: Add support for optional spaces and indents
and whole-line comments (Sean Millichamp)
* OpenVPN: Support daemon, client-config-dir, route, and management
directives (Freakin https://github.com/Freakin)
* PHP: allow php-fpm syntax in keys, GH issue #35
* Postfix_Main: Handle stray whitespace at end of multiline lines, bug #348
* Postfix_virtual: allow '+' and '=' in email addresses (Tom Hendrikx)
* Properties: support multiline starting with an empty string, GH issue #19
* Samba: Permit asterisk in key name, bug #354
* Shellvars: Read /etc/firewalld/firewalld.conf, bug #363
Support all types of quoted strings in arrays, bug #357
Exclude /etc/sysconfig/ip*tables.save files
* Shellvars, Sysconfig: map "/bare"/ export and unset lines to seq numbered
nodes to handle multiple variables (incompatible change), RHBZ#1033795
* Shellvars_list: Handle backtick variable assignments, bug #368
Allow end-of-line comments, bug #342
* Simplevars: Add /etc/selinux/semanage.conf
* Slapd: use smart quotes for database entries; rename by/what to by/access;
allow access to be absent as per official docs (incompatible change)
* Sshd: Indent Match entries by 2 spaces by default
Support Ciphers and KexAlgorithms groups, GH issue #69
Let all special keys be case-insensitive
* Sudoers: Permit underscores in group names, bug #370 (Matteo Cerutti)
Allow uppercase characters in user names, bug #376
* Sysconfig: Permit empty comments after comment lines, RHBZ#1043636
* Sysconfig_Route: New lens for RedHat's route configs
* Syslog: Accept UDP(@) and TCP(@@) protocol, bug #364 (Yanis Guenane)
* Xymon_Alerting: New lens for Xymon alerting files (François Maillard)
* Yum: Add yum-cron*.conf files (Pat Riehecky)
Include only *.repo files from yum.repos.d (Andrew N Golovkov)
Permit spaces after equals sign in list options, GH issue #45
Split excludes as lists, bug #275
- device_map lense: Find device.map in any dir beneath /boot (bnc#875086)
augeas-device_map-grub2.patch
- download url changed, also added keyring and .sig ring
- Update to version 1.1.0
- Handle files with special characters in their name, bug #343
- Fix type error in composition ('f; g') of functions, bug #328
- Improve detection of version script; make build work on Illumos with
GBU ld (Igor Pashev)
- augparse: add --trace option to print filenames of all modules being
loaded
- Various lens documentation improvements (Jasper Lievisse Adriaanse)
- Lens changes/additions
- ActiveMQ_*: new lens for ActiveMQ/JBoss A-MQ (Brian Harrington)
- AptCacherNGSecurity: new lens for /etc/apt-cacher-ng/security.conf
(Erik Anderson)
- Automaster: accept spaces between options
- BBHosts: support more flags and downtime feature (Mathieu Alorent)
- Bootconf: new lens for OpenBSD's /etc/boot.conf (Jasper Adriaanse)
- Desktop: Support dos eol
- Dhclient: read /etc/dhclient.conf used in OpenBSD (Jasper Adriaanse)
- Dovecot: New lens for dovecot configurations (Serge Smetana)
- Fai_Diskconfig: Optimize some regexps
- Fonts: exclude all README files (Jasper Adriaanse)
- Inetd: support IPv6 addresses, bug #320
- IniFile: Add lns_loose and lns_loose_multiline definitions
Support smart quotes
Warning: Smart quotes support means users should not add
escaped double quotes themselves. Tests need to be fixed
also.
Use standard Util.comment_generic and Util.empty_generic
Warning: Existing lens tests must be adapted to use standard
comments and empty lines
Allow spaces in entry_multiline* values
Add entry_generic and entry_multiline_generic
Add empty_generic and empty_noindent
Let multiline values begin with a single newline
Support dos eol
Warning: Support for dos eol means existing lenses usually
need to be adapted to exclude r as well as n.
- IPRoute2: Support for iproute2 files (Davide Guerri)
- JaaS: lens for the Java Authentication and Authorization Service
(Simon Vocella)
- JettyRealm: new lens for jetty-realm.properties (Brian Harrington)
- JMXAccess, JMXPassword: new lenses for ActiveMQ's JMX files
(Brian Harrington)
- Krb5: Use standard comments and empty lines
Support dos eol
Improve performance
Accept pkinit_anchors (Andrew Anderson)
- Lightdm: Use standard comments and empty lines
- LVM: New lens for LVM metadata (Gabriel)
- Mdadm_conf: optimize some regexps
- MongoDBServer: new lens (Brian Harrington)
- Monit: also load /etc/monitrc (Jasper Adriaanse)
- MySQL: Use standard comments and empty lines
Support dos eol
- NagiosCfg: handle Icinga and resources.cfg (Jasper Adriaanse)
- Nrpe: accept any config option rather than predefined list (Gonzalo
Servat); optimize some regexps
- Ntpd: new lense for OpenNTPD config (Jasper Adriaanse)
- Odbc: Use standard comments and empty lines
- Openshift_*: new lenses for Openshift support (Brian Harrington)
- Quote: allow multiple spaces in quote_spaces; improve docs
- Passwd: allow period in user names in spec, bug #337; allow overrides
in nisentry
- PHP: Support smart quotes
Use standard comments and empty lines
Load /etc/php*/fpm/pool.d/*.conf (Enrico Stahn)
- Postfix_master: allow [] in words, bug #345
- Resolv: support 'lookup' and 'family' key words, bug #320
(Jasper Adriaanse))
- Rsyslog: support :omusrmsg: list of users in actions
- RX: add CR to RX.space_in
- Samba: Use standard comments and empty lines
Support dos eol
- Schroot: Support smart quotes
- Services: support port ranges (Branan Purvine-Riley)
- Shellvars: optimize some regexps; reinstate /etc/sysconfig/network,
fixes bug #330, RHBZ#904222, RHBZ#920609; parse /etc/rc.conf.local
from OpenBSD
- Sip_Conf: New lens for sip.conf configurations (Rob Tucker)
- Splunk: new lens (Tim Brigham)
- Subversion: Support smart quotes
Use standard comments and empty lines
Use IniFile.entry_multiline_generic
Use IniFile.empty_noindent
Support dos eol
- Sudoers: allow user aliases in specs
- Sysctl: exclude README file
- Systemd: Support smart quotes; allow backslashes in values
- Xinetd: handle missing values in list, bug #307
- Xorg: allow 'Screen' in Device section, bug #344
- Yum: Support dos eol, optimize some regexps
- update to 1.0.0
- drop bnc-729491-recognize-suse-sysconfig-files.patch:
upstream ShellVars lense now uses /etc/sysconfig/* include filter
- drop patches, now upstream: augeas-pkgdeps.diff, augeas-stdio.h.patch
- license update: GPL-3.0+ and LGPL-2.1+
semicolon is ambiguous
- Fix build with missing gets declaration (glibc 2.16)
- Ensure libxml2 is present in .pc file
- update to 0.10.0
- support relative paths by taking them relative to the value of
/augeas/context in all API functions where paths are used
- add aug_to_xml to API: transform tree(s) into XML, exposed as dump-xml in
aug_srun and augtool. Introduces dependency on libxml2
- fix regular expression escaping. Previously, /[/]/ match either a backslash
or a slash. Now it only matches a slash
- path expressions: add function 'int' to convert a node value (string) to an
integer
- path expressions: make sure the regexp produced by empty nodesets from
regexp() and glob() matches nothing, rather than the empty word
- fix --autosave when running single command from command line, BZ 743023
- aug_srun: support 'insert' and 'move' as aliases for 'ins' and 'mv'
- aug_srun: allow escaping of spaces, quotes and brackets with + - aug_init: accept AUG_NO_ERR_CLOSE flag; return augeas handle even when
initialization fails so that caller gets some details about why
initialization failed
- aug_srun: tolerate trailing white space in commands
- much improved, expanded documentation of many lenses
- always interpret lens filter paths as absolute, bug #238
- fix bug in libfa that would incorrectly calculate the difference of a case
sensistive and case insensitive regexp (/[a-zA-Z]+/ - /word/i would match
'worD')
- new builtin 'regexp_match' for .aug files to make testing regexp matching
easier during development
- fix 'span' command, bug #220
- Lens changes/additions
* Access: parse user@host and (group) in users field; field separator need
not be surrounded by spaces
* Aliases: allow spaces before colons
* Aptconf: new lens for /etc/apt/apt.conf
* Aptpreferences: support origin entries
* Backuppchosts: new lens for /etc/backuppc/hosts, bug 233 (Adam Helms)
* Bbhosts: various fixes
* Cgconfig: id allowed too many characters
* Cron: variables aren't set like shellvars, semicolons are allowed in
email addresses; fix parsing of numeric fields, previously upper case
chars were allowed; support ranges in time specs
* Desktop: new lens for .desktop files
* Dhcpd: slashes must be double-quoted; add Red Hat's dhcpd.conf locations
* Exports: allow empty options
* Fai_diskconfig: new lens for FAI disk_config files
* Fstab: allow ',' in file names, BZ 751342
* Host_access: new lens for /etc/hosts.{allow,deny}
* Host_conf: new lens for /etc/host.conf
* Hostname: new lens for /etc/hostname
* Hosts: also load /etc/mailname by default
* Iptables: allow digits in ipt_match keys, bug #224
* Json: fix whitespace handling, removing some cf ambiguities
* Kdump: new lens for /etc/kdump.conf (Roman Rakus)
* Keepalived: support many more flags, fields and blocks
* Krb5: support [pam] section, bug #225
* Logrotate: be more tolerant of whitespace in odd places
* Mdadm_conf: new lens for /etc/mdadm.conf
* Modprobe: Parse commands in install/remove stanzas (this introduces a
backwards incompatibility); Drop support for include as it is not documented
in manpages and no unit tests are shipped.
* Modules: new lens for /etc/modules
* Multipath: add support for seveal options in defaults section, bug #207
* Mysql: includedir statements are not part of sections; support !include;
allow indentation of entries and flags
* Networks: new lens for /etc/networks
* Nrpe: allow '=' in commands, bug #218 (Marc Fournier)
* Php: allow indented entries
* Phpvars: allow double quotes in variable names; accept case insensitive
PHP tags; accept 'include_once'; allow empty lines at EOF; support define()
and bash-style and end-of-line comments
* ostfix_master: allow a lot more chars in words/commands, including commas
* PuppetFileserver: support same-line comments and trailing whitespace,
bug #214
* Reprepo_uploaders: new lens for reprepro's uploaders files
* Resolv: permit end-of-line comments
* Schroot: new lens for /etc/schroot/schroot.conf
* Shellvars: greatly expand shell syntax understood; support
various syntactic constructs like if/then/elif/else, for, while,
until, case, and select; load /etc/blkid.conf by default
* Spacevars: add toplevel lens 'lns' for consistency
* Ssh: new lens for ssh_config (Jiri Suchomel)
* Stunnel: new lens for /etc/stunnel/stunnel.conf (Oliver Beattie)
* Sudoers: support more parameter flags/options, bug #143
* Xendconfsxp: lens for Xen configuration (Tom Limoncelli)
* Xinetd: allow spaces after '{'
- update modprobe lens patch to apply on 0.10.0
- update shellvars lens patch to add some missing files on SUSE
distros mentioned in bnc#729491
- Remove rednudant tags/sections from specfile
- Patch shellvars.aug to recognize SUSE specific files in
sysconfig (bnc#729491)
- move lenses from /usr/share/libaugeas0/augeas
to /usr/share/augeas (bnc#719199)
- move vim lenses syntax files from -lenses to -devel package
- Remove redundant tags/sections from specfile
- Add augeas-devel to baselibs
- update to 0.9.0:
- augtool: keep history in ~/.augeas/history
- add aug_srun API function; this makes it possible to run a sequence of
commands through the API
- aug_mv: report error AUG_EMVDESC on attempts to move a node into one of
its descendants
- path expressions: allow whitespace inside names, making '/files/etc/foo
bar/baz' a legal path, but parse [expr1 or expr2] and [expr1 and expr2]
as the logical and/or of expr1 and expr2
- path expressions: interpret escape sequences in regexps; since '.' does
not match newlines, it has to be possible to write '.|n' to match any
character
- path expressions: allow concatenating strings and regexps; add
comparison operator '!~'; add function 'glob'; allow passing a nodeset
to function 'regexp'
- store the names of the functions available in path expressions under
/augeas/version
- fix several smaller memory leaks
- Lens changes/additions
* Aliases: allow spaces and commas in aliases (Mathieu Arnold)
* Grub: allow "/bootfs"/ Solaris/ZFS extension for dataset name, bug #201
(Dominic Cleal); allow kernel path starting with a BIOS device,
bug #199
* Inifile: allow multiline values
* Php: include files from Zend community edition, bug #210
* Properties: new lens for Java properties files, bug #194 (Craig Dunn)
* Spacevars: autoload two ldap files, bug #202 (John Morrissey)
* Sudoers: support users:groups format in a Runas_Spec line, bug #211;
add CSW paths (Dominic Cleal)
* Util: allow comment_or_eol to match whitespace-only comments,
bug #205 (Dominic Cleal)
* Xorg: accept InputClass section; autoload from /etc/X11/xorg.conf.d,
bug #197
- fate#311042: Update augeas packages for latest puppet support
in SLE-11
- update to 0.8.1
* augtool: respect autosave flag in oneshot mode, bug #193;
fix segfault caused by unmatched bracket in path expression,
bug #186
* eliminate a global variable in the lexer, fixes BZ 690286
* replace an erroneous assert(0) with a proper error message when
none of the alternatives in a union match during saving,
bug #183
* improve AIX support
* Lens changes/additions
* Access: support the format @netgroup@@nisdomain, bug #190
* Fstab: fix parsing of SELinux labels in the fscontext option
* Grub: support 'device' directive for UEFI boot, bug #189; support
'configfile' and 'background'
* Httpd: handle continuation lines; autoload httpd.conf on
Fedora/RHEL, BZ 688149; fix support for single-quoted
strings
* Iptables: support --tcp-flags, bug #157; allow blank and comment
lines anywhere
* Mysql: include /etc/my.cnf used on Fedora/RHEL, BZ 688053
* NagiosCfg: parse setting multiple values on one line
* NagiosObjects: process /etc/nagios3/objects/*.cfg
* Nsswitch: support 'sudoers' as a database, bug #187
* Shellvars: autoload /etc/rc.conf used in FreeBSD
* Sudoers: support '#include' and '#includedir', bug #188
* Yum: exclude /etc/yum/pluginconf.d/versionlock.list
- changes for 0.8.0
* add new 'square' lens combinator
* add new aug_span API function
* augtool: short options for --nostdinc, --noload, and --noautoload
* augtool: read commands from tty after executing file with --interactive
* augtool: add --autosave option
* augtool: add --span option to load nodes' span
* augtool: add span command to get the node's span according to the input
file
* augtool: really be quiet when we shouldn't be echoing
* fix segfault in get.c with L_MAYBE lens; bug #180
* fix segfault when a path expression called regexp() with an invalid
regexp; bug #168
* improved vim syntax file
* replace augtest by test-augtool.sh to obviate the need for Ruby to run
tests
* use sys_wait module from gnulib; bug #164
* Lens changes/additions
* Access: new lens for /etc/security/access.conf
* Crypttab: new lens for /etc/crypttab
* Dhcpd: new lens
* Exports: accept hostnames with dashes; bug #169
* Grub: add various Solaris extensions; support "/map"/ entries,
bug #148
* Httpd: new lens for Apache config
* Inifile: new lens indented_title_label
* Interfaces: allow indentation for "/iface"/ entries; bug #182
* Mysql: change default comment delimiter from ';' to '#'; bug #181
* Nsswitch: accept various add'l databases; bug #171
* PuppetFileserver: new lens for Puppet's fileserver.conf
* REsolv: allow comments starting with ';'; bug #173
* Shellvars: autoload various snmpd config files; bug #170
* Solaris_system: new lens for /etc/system on Solaris
* Util (comment_c_style, empty_generic, empty_c_style): new lenses
* Xml: generic lens to process XML files
* Xorg: make "/position"/ in "/screen"/ optional; allow "/Extensions"/
section; bug #175
- add baselibs.conf
- update to 0.7.4
* augtool: new clearm command to parallel setm
* augtool: add --file option
* Fix SEGV under gcc 4.5, caused by difficulties of the gcc
optimizer handling bitfields (bug #149; rhbz #651992)
* Preserve parse errors under /augeas//error: commit 5ee81630,
released in 0.7.3, introduced a regression that would cause
the loss of parse errors; bug #138
* Avoid losing already parsed nodes under certain circumstances;
bug #144
* Properly record the new mtime of a saved file; previously the
mtime in the tree was reset to 0 when a file was saved, causing
unnecessary file reloads
* fix a SEGV when using L_MAYBE in recursive lens; bug #136
* Incompatible lens changes
* Fstab: parse option values
* Squid: various improvements, see bug #46;
* Xinetd: map service names differently
* Lens changes/additions
* Aptsources: map comments properly, allow indented lines;
bug #151
* Grub: add indomU setting for Debian.
Allow '=' as separator in title; bug #150
* Fstab: also process /etc/mtab
* Inetd: support rpc services
* Iptables: allow underscore in chain names
* Keepalived: new lens for /etc/keepalived/keepalived.conf
* Krb5: allow digits in realm names; bug #139
* Login_defs: new lens for /etc/login.defs
(Erinn Looney-Triggs)
* Mke2fs: new lens for /etc/mke2fs.conf
* Nrpe: new lens for Nagios nrpe (Marc Fournier)
* Nsswitch: new lens for /etc/nsswitch.conf
* Odbc: new lens for /etc/odbc.ini (Marc Fournier)
* Pg_hba: New lens; bug #140 (Aurelien Bompard).
Add system path on Debian; bug #154 (Marc Fournier)
* Postfix_master: parse arguments in double quotes; bug #69
* Resolv: new lens for /etc/resolv.conf
* Shells: new lens for /etc/shells
* Shellvars: parse ulimit builtin
* Sudoers: load file from /usr/local/etc (Mathieu Arnold)
Allow 'visiblepw' parameter flag; bug #143. Read files from
/etc/sudoers.d
* Syslog: new lens for /etc/syslog.conf (Mathieu Arnold)
* Util: exclude dpkg backup files; bug #153 (Marc Fournier)
* Yum: accept continuation lines for gpgkey; bug #132
- added patch for allow_unsupported_modules command in modprobe.d conf files
- added vim files symlinks for lens syntax files
- fixed a few rpmlint warnings (fixed rpm group, no ldconfig run)
* Update to 0.7.3
* ug_load: only reparse files that have actually changed; greatly
speeds up reloading
* record all variables in /augeas/variables, regardless of whether
they were defined with aug_defvar or aug_defnode; make sure
/augeas/variables always exists
* redefine all variables (by reevaluating their corresponding
expressions) after a aug_load. This makes variables 'sticky'
across loads
* fix behavior of aug_defnode to not fail when the expression
evaluates to a nonempty node set
* make gnulib a git submodule so that we record the gnulib commit
off which we are based
* allow 'let rec' with non-recursive RHS
* fix memory corruption when reloading a tree into which a
variable defined by defnode points (BZ 613967)
* plug a few small memory leaks, and some segfaults
* Lens changes/additions
* Device_map: new lens for grub's device.map (Matt Booth)
* Limits: also look for files in /etc/security/limits.d
* Mysql: new lens (Tim Stoop)
* Shellvars: read /etc/sysconfig/suseconfig (Frederik Wagner)
* Sudoers: allow escaped spaces in user/group names (Raphael Pinson)
* Sysconfig: lens for the shell subdialect used in /etc/sysconfig;
lens strips quotes automatically
* 0.7.2 - 2010-06-22
* new API call aug_setm to set/create multiple nodes simultaneously
* record expression used in a defvar underneath /augeas/variables
* Lens changes/additions
* Group: add test for disabled account (Raphael Pinson)
* Grub: handle comments within a boot stanza
* Iptables: also look for /etc/iptables-save (Nicolas Valcarcel)
* Modules_conf: new lens for /etc/modules.conf (Matt Booth)
* Securetty: added handling of emtpy lines/comments (Frederik Wagner)
* Shellvars: added SuSE sysconfig puppet files (Frederik Wagner),
process /etc/environment (seph)
* Shellvars_list: Shellvars-like lens that treats strings of
space-separated words as lists (Frederik Wagner)
* 0.7.1 - 2010-04-21
* fix crash when recursive lens was used in a nonrecursive lens (bug #100)
* context free parser/recursive lenses: handle 'l?' properly (bug #119);
distinguish between successful parse and parse with an error at end of
input; do caller filtering to avoid spurious ambiguous parses with
grammars containing epsilon productions
* aug_get: return -1 when multiple nodes match (bug #121)
* much better error message when iteration stops prematurely during
put/create than the dreaded 'Short iteration'
* src/lens.c (lns_check_rec): fix refcounting mistake on error path (bug #120)
* Lens changes/additions
* Approx: lens and test for the approx proxy server (Tim Stoop)
* Cgconfig: lens and tests for libcgroup config (Ivana Hutarova Varekova)
* Cgrules: new lens and test (Ivana Hutarova Varekova)
* Cobblermodules: lens + tests for cobbler's modules.conf (Shannon Hughes)
* Debctrl: new lens and test (Dominique Dumont)
* Dput: add 'allow_dcut' parameter (bug #105) (Raphael Pinson)
* Dhclient: add rfc code parsing (bug #107) (Raphael Pinson)
* Group: handle disabled passwords
* Grub: support empty kernel parameters, Suse incl.s (Frederik Wagner)
* Inittab: allow ':' in the process field (bug #109)
* Logrotate: tolerate whitespace at the end of a line (bug #101); files
can be separated by newlines (bug #104) (Raphael Pinson)
* Modprobe: Suse includes (Frederik Wagner)
* Nagisocfg: lens and test for /etc/nagios3/nagios.cfg (Tim Stoop)
* Ntp: add 'tinker' directive (bug #103)
* Passwd: parse NIS entries on Solaris
* Securetty: new lens and test for /etc/securetty (Simon Josi)
* Shellvars: handle a bare 'export VAR'; Suse includes (Frederik
Wagner); allow spaces after/before opening/closing parens for array
* Sudoers: allow del_negate even if no negate_node is found (bug #106)
(Raphael Pinson); accept 'secure_path' (BZ 566134) (Stuart
Sears)
* 0.7.0 - 2010-01-14
* Support for context-free lenses via the 'let rec' keyword. The syntax
is experimental, though the feature is here to stay. See
lenses/json.aug for an example of what's possible with that.
* Support for case-insensitive regular expressions. Simply append 'i' to
a regexp literal to make it case-insensitive, e.g. /hello/i will match
all variations of hello, regardless of case.
* Major revamp of augtool. In particular, path expressions don't need to
be quoted anymore. The online help has been greatly improved.
* Check during load/save that each file is only matched by one transform
under /augeas/load. If there are multiple transforms for a file, the
file is skipped.
* New error codes AUG_ENOLENS and AUG_EMXFM
* Do not choke on non-existing lens during save
* Change the metadata for files under /augeas/files slightly: the node
/augeas/files/$PATH/lens now has the name of the lens used to load the
file; the source location of that lens has moved to
/augeas/files/$PATH/lens/info
* New public functions fa_nocase, fa_is_nocase, and fa_expand_nocase in
libfa
* Various smaller bug fixes, performance improvements and improved error
messages
* Lens changes/additions
* Cobblersettings: new lens and test (Bryan Kearney)
* Iptables: allow quoted strings as arguments; handle both negation
syntaxes
* Json: lens and tests for generic Json files
* Lokkit: allow '-' in arguments
* Samba: accept entry keys with ':' (Partha Aji)
* Shellvars: allow arrays that span multiple lines
* Xinetd (name): fix bad '-' in character class
* 0.6.0 - 2009-11-30
* Add error reporting API (aug_error and related calls); use to report
error details in a variety of places
* Path expressions: add regexp matching; add operator '|' to form union
of nodesets (ticket #89)
* Tolerate non-C locales from the environment (ticket #35); it is no
longer necessary to set the locale to C from the outside
* use stpcpy/stpncpy from gnulib (needed for building on Solaris)
* Properly check regexp literals for syntax errors (ticket #93)
* Distribute and install vim syntax files (ticket #97)
* many more bugfixes
* Lens changes/additions
* Apt_preferences: support version pin; filter out empty lines (Matt
Palmer)
* Cron: variables can contain '_' etc. (ticket #94)
* Ethers: new lens for /etc/ethers (Satoru SATOH)
* Fstab: allow '#' in spec (ticket #95)
* Group: allow empty password field (ticket #95)
* Inittab: parse end-of-line comments into a #comment
* Krb5: support kdc section; add v4_name_convert subsection to
libdefaults (ticket #95)
* Lokkit: add mising eol to forward_port; make argument for --trust
more permissive
* Pam: allow '-' before type
* Postfix_access: new lens for /etc/postfix/access (Partha Aji)
* Rx: allow '!' in device_name
* Sudoers: allow certain backslash-quoted characters in a command (Matt
Palmer)
* Wine: new lens to read Windows registry files
* 0.5.3 - 2009-09-14
* Match trees on label + value, not just label; see
tests/modules/pass_strip_quotes.aug for how that enables stripping
quotes
* Do not trip over symlinks to files on a different device during save;
fixes problems with writing to /etc/grub.conf on Fedora/RHEL
* API (defnode): always add the newly created node into the resulting
nodeset
* Add preceding-sibling and following-sibling axes to path expressions
* augtool, augparse: add --version option (bug #88)
* Change file info recorded under /augeas/files/FILE/*: remove lens/id
and move lens/info to lens
* Properly record new files under /augeas/files (bug #78)
* aug_load: clean up variables to avoid dangling references (bug #79)
* Make Augeas work on AIX
* Ignore anything but regular files when globbing
* Add 'clear' function to language for use in unit tests
* typechecker: print example trees in tree format
* libfa: properly support regexps with embedded NUL's
* Lens changes/additions
* Xorg: revamped, fixes various parse failures (Matt Booth)
* Inetd: new lens and test (Matt Palmer)
* Multipath: new lens and test
* Slapd: also read /etc/openldap.slapd.conf (bug #85)
* 0.5.2 - 2009-07-13
* Make Augeas work on Mac OS/X (bug #66) (Anders Bjoerklund)
* reduce symbols exported from libfa with linker script
* add --echo option to augtool
* require Automake 1.11 (Jim Meyering)
* avoid spurious save attempts for freshly read files
* Lens changes/additions
* Inittab: schema change: use 'id' field as name of subtree for a line,
instead of a generated number. Map comments as '#comment' (Matt Palmer)
* Logrotate: make owner/group in create statement optional, allow
filenames to be indented
* Ntp: allow additional options for server etc. (bug #72)
* Shellvars: allow backticks as quote characters (bug #74)
* Yum: also read files in /etc/yum/pluginconf.d (Marc Fournier)
* 0.5.1 - 2009-06-09
* augeas.h: flag AUG_NO_MODL_AUTOLOAD suppresses initial loading
of modules; exposed as --noautoload in augtool
* augtool: don't prompt when input is not from tty (Raphael Pinson)
* augparse: add --notypecheck option
* path expressions: allow things like '/foo and /bar[3]' in predicates
* Lens changes/additions
* Aliases: map comments as #comment (Raphael Pinson)
* Build, Rx, Sep: new utility modules (Raphael Pinson)
* Cron: new lens (Raphael Pinson)
* Dnsmasq: process files in /etc/dnsmasq.d/* (ticket #65)
* Grub: parse kernel and module args into separate nodes; parse
arguments for 'serial', 'terminal', and 'chainloader'; allow
optional argument for 'savedefault'
* Interfaces: make compliant with actual Debian spec (Matt Palmer)
* Iptables: relax regexp for chain names; allow comment lines mixed
in with chains and rules (ticket #51)
* Logrotate: allow '=' as separator (ticket #61); make newline at end
of scriptlet optional
* Modprobe: handle comments at end of line
* Ntp: parse fudge record (Raphael Pinson); parse all directives in
default Fedora ntp.conf; process 'broadcastdelay', 'leapfile',
and enable/disable flags (ticket #62)
* Pbuilder: new lens for Debian's personal builder (Raphael Pinson)
* Php: add default path on Fedora/RHEL (Marc Fournier)
* Squid: handle indented entries (Raphael Pinson)
* Shellvars: map 'export' and 'unset'; map comments as #comment
(Raphael Pinson)
* Sudoers: allow backslashes inside values (ticket #60) (Raphael Pinson)
* Vsftpd: map comments as #comment; handle empty lines; find
vsftpd.conf on Fedora/RHEL
* Xinetd: map comments as #comment (Raphael Pinson)
- enable parallel building
* Update to 0.5.0
* Upstream notes:
Clean up interface for libfa; the interface is now considered stable
* New aug_load API call; allows controlling which files to load by
modifying /augeas/load and then calling aug_load; on startup, the
transforms marked with autoload are reported under /augeas/load
* New flag AUG_NO_LOAD for aug_init to keep it from loading files on
startup; add --noload option to augtool
* New API calls aug_defvar and aug_defnode to define variables for
path expressions; exposed as 'defvar' and 'defnode' in augtool
* New program examples/fadot to draw various finite automata (Francis
Giraldeau)
* Report line number and character offset in the tree when parsing a
file with a lens fails
* Fix error in propagation of dirty flag, which could lead to only
parts of a tree being saved when multiple files were modified
* Flush files to disk before moving them
* Fix a number of memory corruptions in the XPath evaluator
* Several performance improvements in libfa
* Lens changes/additions
* Grub: process embedded comments for update-grub (Raphael Pinson)
* Iptables: new lens for /etc/sysconfig/iptables
* Krb5: new lens for /etc/krb5.conf
* Limits: map dpmain as value of 'domain' node, not as label
(Raphael Pinson)
* Lokkit: new lens for /etc/sysconfig/system-config-firewall
* Modprobe: new lens for /etc/modprobe.d/*
* Sudoers: more finegrained parsing (ticket #48) (Raphael Pinson)
* Update to 0.4.2
* Moved lense tests into separate package 'augeas-lense-tests'
* Added augeas-lenses-license-fix patch
* Upstream notes:
* Do not delete files that had an error upon parsing
* For Fedora/EPEL RPM's, BuildRequire libselinux-devel (bug #26)
* In path expressions, the meaning of '<' and '<=' was reversed
* Always create an entry /files in aug_init
* New builtin 'Sys' module with functions 'getenv' and 'read_file',
the latter reads a the contents of a file into a string
* Lens changes/additions
* Postfix_main: handle continuation lines
* Bbhosts, Hosts, Logrotate, Sudoers: label comment nodes as '#comment'
* Sshd: map comments as '#comment' nodes
* Squid: add all keywords from squid 2.7 and 3 (Francois Deppierraz)
* Logrotate: process unit suffixes for 'size' and 'minsize'
* Update to 0.4.1
* Moved lenses to separate package 'augeas-lenses'.
* Upstream notes:
* Remove files when their entire subtree under /files is deleted
* Various bug fixes and syntax enhancements for path expressions
(see tests/xpath.tests for details)
* Evaluate path expressions with multiple predicates correctly
* Fix incorrect setting of /augeas/events/saved
* Major cleanup of matching during get; drastically improves
performance for very large (on the order of 10k lines) config files
* Small performance improvement in the typechecker
* Reject invalid character sets like [x-u] during typecheck
* Build with compile warnings set to 'maximum' instead of 'error', so
that builds on platforms with broken headers will work out of the box
* Lens changes/additions
* Util.stdexcl now excludes .augsave and .augnew files
* Logrotate: allow 'yearly' schedule, spaces around braces
* Ntp: fix so that it processes ntp.conf on Fedora 10
* Services: lens for /etc/services (Raphael Pinson)
* Xorg: new lens and tests (Raphael Pinson)
- avahi
-
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
HUP event in client_work (boo#1184521 CVE-2021-3468).
https://github.com/lathiat/avahi/pull/330
- Update avahi-daemon-check-dns.sh from Debian. Our previous
version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
when invoking avahi-daemon-check-dns.sh (boo#1180827
CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
- When changing ownership of /var/lib/autoipd, only change
ownership of files owned by avahi, to mitigate against
possible exploits (bsc#1154063).
- Drop avahi-daemon-increase-rlimit.patch: rlimits are no longer
set by default.
- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use
what is upstream (boo#1110668).
- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as
UTF-8 (boo#1110668).
- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3
compatible (boo#1110668).
- Add CVE-2018-1000845.patch: drop legacy unicast queries from
address not on local link (boo#1120281 CVE-2018-1000845).
- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream.
- Add avahi-daemon-increase-rlimit.patch: increase rlimit as a
conservative way to handle certain crashes referring to upstream
commit 71ace71 (bsc#1085255).
- Drop the qt3 parts
- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402).
- Build python bindings against python 3, rather than python 2;
- Python-avahi is now python3-avahi, and python-avahi-gtk is now
python3-avahi-gtk
- Obsolete the python 2 packages
- Replace python_sitelib with python3_sitelib in %files, and add
__pycache__.
- Rename %*soname to %*sover to better reflect its use.
- Modernize spec file by calling spec-cleaner
- Use SPDX3.0 license tags and package COPYING as %license.
- Update to version 0.7:
+ The Avahi 0.7 release brings two new features, binary TXT
records in XML service files and the ability to start the
gobject client in a custom context.
+ New Features:
- Add support for binary values in TXT records in XML service
files by specifying
value-format="/text|binary-hex|binary-base64"/. If not
specified, defaults to the normal value of "/text"/ (thus
backwards compatible).
- avahi-gobject: Allow starting the client in a custom
GMainContext by passing context to ga_client_start_in_context
instead of ga_client_start (avahi-gobject minor version has
been incremented).
+ Notable Changes:
- avahi-daemon: Remove all default rlimits from
avahi-daemon.conf, as two main problems happened with firstly
rlimit-nproc causing avahi to fail when started in a
container without user namespaces and secondly because memory
rlimits were causing avahi to crash in some cases. Leave it
up to the init system to impose any modified limits instead.
It is recommend to ship this change in distribution default
config files.
- avahi-common: Fix watch cleanup issue in watch_free
- avahi-discover (python): Updated for Python3 & GTK3
- avahi-autoipd:
. Clear previously set address before binding a new one.
. Fix dhclient hooks to check for avahi-autoipd before
running.
- build: Move default rundir from /var/run to /run as per
modern system setups.
+ Other Changes:
- build:
. Fix the printed value of "/Building libavahi-client"/ in
./configure.
. autogen.sh improved to work when called from another
directory.
. Fix warnings when compiling against musl libc.
- avahi-compat-libdns_sd: Fix incorrect URL in warnings.
- service-type-database: Add new service Types: _ipps._tcp,
_xpra._tcp.
- avahi-dnsconfd: Update manpage with the correct action script
name.
- avahi-gobject:
. Use the correct shared library name in AvahiCore-0.6.gir
. Fix build failing under some locales.
- avahi-common/dbus-watch-glue.c: remove Unneeded semicolon.
- Update gentoo init scripts for newer openrc version.
+ Updated translations.
- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch,
avahi-move-everything-to-run.patch and avahi-outdated-URL.patch:
Fixed upstream.
- Drop systemd_requires macro: on a machine managed by systemd, we
don't have to require it. If the machine/container is not managed
by systemd, we don't want to require it.
- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Do not suppress errors from avahi-autoipd user creation, but do
suppress getent output.
- Replace $RPM_* shell vars by macros.
- Modify user generation (boo#1010384):
+ Use getent to check for existing users/groups, only creating
them if not found.
+ Do not hide output of groupadd/useradd.
+ Do not mask failures: if a user can't be added, we have a
problem.
- Drop %insserv_cleanup scriptlets: it's been a while that avahi
did not install any sysV init scripts anymore.
- Simplify avahi_spec-prepare.sh: OBS is well able to handle macros
in package names by now.
- Drop conditions to only handle systemd services on openSUSE >
12.1; it's been long that we did not ship the sysv scripts
anymore and openSUSE 12.1 is long EOL.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn
on missing resolv.conf if the options that use it are enabled.
https://github.com/lathiat/avahi/pull/63
- Update to version 0.6.32:
+ Don't log warnings about invalid packets, commonly triggered by
Windows 10 systems.
+ Fix issue with bad packet size estimation, causing probes to
continuously be sent when hosting large numbers of services.
+ Fix build on Solaris/SmartOS (filio.h issue).
+ Fix build on FreeBSD (PCAP_D_IN issue).
+ Fix debug output with libdaemon >= 0.14.
+ avahi_server_set_browse_domains now correctly uses the provided
list, instead of re-using the list from the configuration file.
+ Set nl_pid to 0, this will automatically assign the value and
prevent conflicts per netlink(7). (Bug #334).
+ Check for netlink pid=0 (kernel) instead of uid=0, which works
correctly with network & user namespaces.
+ Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355).
+ Don't fail the build on deprecated GTK/GLIB usage.
+ Gracefully fail if SO_REUSEPORT is not available.
+ Minor Python 3 update for the python ServiceTypeDatabase test
usage of print, should be backwards compatible.
+ avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of
IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42).
- Drop upstream fixed patches:
+ avahi-unicastdomains.patch
+ avahi-gtk_box_new.patch
+ avahi-fix-mkdir.diff
+ avahi-enable-ipv6.patch
+ avahi-reserve-space-for-record-data-when-size-e.patch
- Rebase avahi-0.6.31-invalid-packet.patch.
- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to
ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59).
- Update to GNOME 3.20.2 (Fate#318572)
- Added License field in spec file.
- Update to GNOME 3.20 Fate#318572
- No longer install sysv services: the systemd services have been
installed for a long time already and are masking the sysv
scripts; those scripts existance only add confusion (boo#959908).
- Temp disable 2 old Conflicts that are breaking staging. These can
back in once there is a new release of avahi.
- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for
invalid packets (boo#947140 bsc#948277).
- Sync up the multiple .spec files.
- Add avahi-outdated-URL.patch: Do not redirect users to
<http://0pointer.de/avahi-compat?s=libdns_sd&e=ntpd>, which no
longer exists, but bring them to the more generic blog entry
http://0pointer.de/blog/projects/avahi-compat.html (boo#914298).
- bash
-
- Add patch bash-4.4-jobctrl.patch to allow process group asignment
even for modern kernels (bsc#1057452, bsc#1188287)
- Add patch bsc1183064.patch
* Fix bug bsc#1183064: Segfault from reading a history file not
starting with # with HISTTIMEFORMAT set and history_multiline_entries
nonzero and with the history cleared and read on the same input line.
- Move /bin/bash to /usr/bin/bash and provide old location as
symbolic link of new location (jsc#SLE-15652)
- Remove minimal sh build option as not used
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "/screen(-xxx)?.yyy(-zzz)?"/ to "/screen"/ as well as
map "/konsole(-xxx)?"/ and "/gnome(-xxx)?"/ to "/xterm"/
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
5.0 to perform better with large numbers of sub processes (bsc#1133773)
- Rework patch readline-7.0-screen.patch
- Add bash-memmove.patch to make bash.html build reproducible (boo#1100488)
- Add patch readline-7.0-screen.patch to be able to parse settings
in inputrc for all screen TERM variables starting with "/screen."/
to fix boo#1095661
- In patch bash-4.4.dif avoid setgroups(2) but use initgroups(3) (boo#1095670)
- Add patch 20, 21, 22 and 23 to bash-4.4-patches.tar.bz2
* 20: In circumstances involving long-running scripts that create
and reap many processes, it is possible for the hash table bash
uses to store exit statuses from asynchronous processes to
develop loops. This patch fixes the loop causes and adds code
to detect any future loops.
* 21: A SIGINT received inside a SIGINT trap handler can possibly
cause the shell to loop.
* 22: There are cases where a failing readline command (e.g.,
delete-char at the end of a line) can cause a multi-character
key sequence to `back up' and attempt to re-read some of the
characters in the sequence.
* 23: When sourcing a file from an interactive shell, setting the
SIGINT handler to the default and typing ^C will cause the
shell to exit.
- remove bash-4.4-wait-sigint-handler.patch (upstreamed)
- Add patch bash-4.4-wait-sigint-handler.patch to fix bug bsc#1086247
that is repeating self inserting trap due external command in the
trap.
- Create readline-devel-static package to re-enable static libraries
again (boo#1082913)
- Use %license (boo#1082318)
- Add patch 19 to bash-4.4-patches.tar.bz2
* With certain values for PS1, especially those that wrap onto
three or more lines, readline will miscalculate the number of
invisible characters, leading to crashes and core dumps.
- Add patches 13-18 to bash-4.4-patches.tar.bz2
* 13: If a here-document contains a command substitution, the
command substitution can get access to the file descriptor used
to write the here-document.
* 14: Under some circumstances, functions that return via the
`return' builtin do not clean up memory they allocated to keep
track of FIFOs.
* 15: Process substitution can leak internal quoting to the
parser in the invoked subshell.
* 16: Bash can perform trap processing while reading command
substitution output instead of waiting until the command
completes.
* 17: There is a memory leak when `read -e' is used to read a
line using readline.
* 18: Under certain circumstances (e.g., reading from /dev/zero),
read(2) will not return -1 even when interrupted by a signal.
The read builtin needs to check for signals in this case.
- partial cleanup with spec-cleaner
- Modify patch bash-4.3-pathtemp.patch to avoid crash at full
file system (boo#1076909)
- Enable multibyte characters by default
- Modify patch bash-4.4.dif to let bashline.h install as well as
this header file is included by general.h due to the same patch
(boo#1060069)
- Make build reproducible in spite of profile based optimizations (boo#1040589)
- Allow to disable do_profiling in builds (related to boo#1040589)
- Simplify patch readline-5.2-conf.patch
- Do not throw info and manual pages away
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
was disabled and nobody had reported trouble)
- Add upstream patch readline70-002 which replace old one
There is a race condition in add_history() that can be triggered by a fatal
signal arriving between the time the history length is updated and the time
the history list update is completed. A later attempt to reference an
invalid history entry can cause a crash.
- Add upstream patch readline70-003
Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
interrupt read(2), such as SIGALRM, before reading another character. The
signal mask used in the pselect call did not take into account signals the
calling application blocked before calling readline().
- Add upstream patch bash44-006
Out-of-range negative offsets to popd can cause the shell to crash
attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007
When performing filename completion, bash dequotes the directory
name being completed, which can result in match failures and
potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008
Under certain circumstances, bash will evaluate arithmetic
expressions as part of reading an expression token even when
evaluation is suppressed. This happens while evaluating a
conditional expression and skipping over the failed branch of the
expression.
- Add upstream patch bash44-009
There is a race condition in add_history() that can be triggered
by a fatal signal arriving between the time the history length
is updated and the time the history list update is completed.
A later attempt to reference an invalid history entry can cause
a crash.
- Add upstream patch bash44-010
Depending on compiler optimizations and behavior, the `read'
builtin may not save partial input when a timeout occurs.
- Add upstream patch bash44-011
Subshells begun to run command and process substitutions may
attempt to set the terminal's process group to an incorrect
value if they receive a fatal signal. This depends on the
behavior of the process that starts the shell.
- Add upstream patch bash44-012
When -N is used, the input is not supposed to be split using
$IFS, but leading and trailing IFS whitespace was still removed.
- Remove -L option on screen call dues API change, now we depend
on environment variables only.
- Enable -fprofile-correction to cover misleading profile created due
to terminating_signal which does not return.
- Add upstream patch popd-offset-overflow.patch to fix boo#1010845
CVE-2016-9401: bash: popd controlled free (Segmentation fault)
Remark: this is a simple Segmentation fault, no security risk
- Add upstream patch bash44-001
Bash-4.4 changed the way the history list is initially allocated to reduce
the number of reallocations and copies. Users who set HISTSIZE to a very
large number to essentially unlimit the size of the history list will get
memory allocation errors
- Add upstream patch bash44-002
Bash-4.4 warns when discarding NUL bytes in command substitution output
instead of silently dropping them. This patch changes the warnings from
one per NUL byte encountered to one warning per command substitution.
- Drop no-null-warning.patch as bash44-002 is official replacement
- Add upstream patch bash44-003
Specially-crafted input, in this case an incomplete pathname expansion
bracket expression containing an invalid collating symbol, can cause the
shell to crash.
- Add upstream patch bash44-004
There is a race condition that can result in bash referencing freed memory
when freeing data associated with the last process substitution.
- Add upstream patch bash44-005
Under certain circumstances, a simple command is optimized to eliminate a
fork, resulting in an EXIT trap not being executed. (boo#1008459)
- Add upstream patch readline70-001
Readline-7.0 changed the way the history list is initially allocated to reduce
the number of reallocations and copies. Users who set the readline
history-size variable to a very large number to essentially unlimit the size
of the history list will get memory allocation errors
- no-null-warning.patch: Don't warn about null bytes in command
substitution
- Avoid confusing library path
- Update bash 4.4 final
* Latest bug fixes since 4.4 rc2
- Update readline 7.0 final
* Latest bug fixes since 7.0 rc2
* New application-callable function: rl_pending_signal(): returns the signal
number of any signal readline has caught but not yet handled.
* New application-settable variable: rl_persistent_signal_handlers: if set
to a non-zero value, readline will enable the readline-6.2 signal handler
behavior in callback mode: handlers are installed when
rl_callback_handler_install is called and removed removed when a complete
line has been read.
- Drop patch bash-4.3-async-bnc971410.dif as this one is part of 4.4
- Drop patch bash-3.2-longjmp.dif as now long time be fixed
- Drop patch bash-4.3-headers.dif as loadables now simply work
- Drop readline-6.1-wrap.patch as this seems to be fixed
- Disable patch bash-4.0-async-bnc523667.dif for now as it seems to be fixed
in an other way
- Update bash 4.4 rc2 -- Bugfixes
- Update readline 7.0 rc2 -- Bugfixes
- Make clear that the files /etc/profile as well as /etc/bash.bashrc
may source other files as well even if the bash does not.
Therefore modify patch bash-4.1-bash.bashrc.dif (bsc#959755)
- Update bash 4.4 beta 2
* Value conversions (arithmetic expansions, case modification, etc.) now
happen when assigning elements of an array using compound assignment.
* There is a new option settable in config-top.h that makes multiple
directory arguments to `cd' a fatal error.
* Bash now uses mktemp() when creating internal temporary files; it produces
a warning at build time on many Linux systems.
- Update to readline library 7.0 beta 2 (not enabled as not standalone)
* The default binding for ^W in vi mode now uses word boundaries specified
by Posix (vi-unix-word-rubout is bindable command name).
* rl_clear_visible_line: new application-callable function; clears all
screen lines occupied by the current visible readline line.
* rl_tty_set_echoing: application-callable function that controls whether
or not readline thinks it is echoing terminal output.
* Handle >| and strings of digits preceding and following redirection
specifications as single tokens when tokenizing the line for history
expansion.
* Fixed a bug with displaying completions when the prefix display length
is greater than the length of the completions to be displayed.
* The :p history modifier now applies to the entire line, so any expansion
specifying :p causes the line to be printed instead of expanded.
- Update bash 4.4 release candidate 1
* There is now a settable configuration #define that will cause the shell
to exit if the shell is running setuid without the -p option and setuid
to the real uid fails.
* Command and process substitutions now turn off the `-v' option when
executing, as other shells seem to do.
* The default value for the `checkhash' shell option may now be set at
compile time with a #define.
* The `mapfile' builtin now has a -d option to use an arbitrary character
as the record delimiter, and a -t option to strip the delimiter as
supplied with -d.
* The maximum number of nested recursive calls to `eval' is now settable in
config-top.h; the default is no limit.
* The `-p' option to declare and similar builtins will display attributes for
named variables even when those variables have not been assigned values
(which are technically unset).
* The maximum number of nested recursive calls to `source' is now settable
in config-top.h; the default is no limit.
* All builtin commands recognize the `--help' option and print a usage
summary.
* Bash does not allow function names containing `/' and `=' to be exported.
* The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.
* The shell now allows `time ; othercommand' to time null commands.
* There is a new `--enable-function-import' configuration option to allow
importing shell functions from the environment; import is enabled by
default.
* `printf -v var "/"/' will now set `var' to the empty string, as if `var="/"/'
had been executed.
* GLOBIGNORE, the pattern substitution word expansion, and programmable
completion match filtering now honor the value of the `nocasematch' option.
* There is a new ${parameter@spec} family of operators to transform the
value of `parameter'.
* Bash no longer attempts to perform compound assignment if a variable on the
rhs of an assignment statement argument to `declare' has the form of a
compound assignment (e.g., w='(word)' ; declare foo=$w); compound
assignments are accepted if the variable was already declared as an array,
but with a warning.
* The declare builtin no longer displays array variables using the compound
assignment syntax with quotes; that will generate warnings when re-used as
input, and isn't necessary.
* Executing the rhs of && and || will no longer cause the shell to fork if
it's not necessary.
* The `local' builtin takes a new argument: `-', which will cause it to save
and the single-letter shell options and restore their previous values at
function return.
* `complete' and `compgen' have a new `-o nosort' option, which forces
readline to not sort the completion matches.
* Bash now allows waiting for the most recent process substitution, since it
appears as $!.
* The `unset' builtin now unsets a scalar variable if it is subscripted with
a `0', analogous to the ${var[0]} expansion.
* `set -i' is no longer valid, as in other shells.
* BASH_SUBSHELL is now updated for process substitution and group commands
in pipelines, and is available with the same value when running any exit
trap.
* Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
not bash is being run in a GNU Emacs shell window.
* Bash now treats SIGINT received when running a non-builtin command in a
loop the way it has traditionally treated running a builtin command:
running any trap handler and breaking out of the loop.
* New variable: EXECIGNORE; a colon-separate list of patterns that will
cause matching filenames to be ignored when searching for commands.
* Aliases whose value ends in a shell metacharacter now expand in a way to
allow them to be `pasted' to the next token, which can potentially change
the meaning of a command (e.g., turning `&' into `&&').
* `make install' now installs the example loadable builtins and a set of
bash headers to use when developing new loadable builtins.
* `enable -f' now attempts to call functions named BUILTIN_builtin_load when
loading BUILTIN, and BUILTIN_builtin_unload when deleting it. This allows
loadable builtins to run initialization and cleanup code.
* There is a new BASH_LOADABLES_PATH variable containing a list of directories
where the `enable -f' command looks for shared objects containing loadable
builtins.
* The `complete_fullquote' option to `shopt' changes filename completion to
quote all shell metacharacters in filenames and directory names.
* The `kill' builtin now has a `-L' option, equivalent to `-l', for
compatibility with Linux standalone versions of kill.
* BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
environment.
* inherit_errexit: a new `shopt' option that, when set, causes command
substitutions to inherit the -e option. By default, those subshells disable
- e. It's enabled as part of turning on posix mode.
* New prompt string: PS0. Expanded and displayed by interactive shells after
reading a complete command but before executing it.
* Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to SIG_DFL
when the shell is started, so they are set to SIG_DFL in child processes.
* Posix-mode shells now allow double quotes to quote the history expansion
character.
* OLDPWD can be inherited from the environment if it names a directory.
* Shells running as root no longer inherit PS4 from the environment, closing a
security hole involving PS4 expansion performing command substitution.
* If executing an implicit `cd' when the `autocd' option is set, bash will now
invoke a function named `cd' if one exists before executing the `cd' builtin.
- Update to readline library 7.0 release candidate 1
* The history truncation code now uses the same error recovery mechansim as
the history writing code, and restores the old version of the history file
on error. The error recovery mechanism handles symlinked history files.
* There is a new bindable variable, `enable-bracketed-paste', which enables
support for a terminal's bracketed paste mode.
* The editing mode indicators can now be strings and are user-settable
(new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
variables). Mode strings can contain invisible character sequences.
Setting mode strings to null strings restores the defaults.
* Prompt expansion adds the mode string to the last line of a multi-line
prompt (one with embedded newlines).
* There is a new bindable variable, `colored-completion-prefix', which, if
set, causes the common prefix of a set of possible completions to be
displayed in color.
* There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
mode yank-pop.
* The redisplay code underwent several efficiency improvements for multibyte
locales.
* The insert-char function attempts to batch-insert all pending typeahead
that maps to self-insert, as long as it is coming from the terminal.
* rl_callback_sigcleanup: a new application function that can clean up and
unset any state set by readline's callback mode. Intended to be used
after a signal.
* If an incremental search string has its last character removed with DEL, the
resulting empty search string no longer matches the previous line.
* If readline reads a history file that begins with `#' (or the value of
the history comment character) and has enabled history timestamps, the history
entries are assumed to be delimited by timestamps. This allows multi-line
history entries.
* Readline now throws an error if it parses a key binding without a terminating
`:' or whitespace.
- Remove patches which are upstream solved
bash-3.2-longjmp.dif
bash-4.3-headers.dif
readline-6.1-wrap.patch
- Rename patches
bash-4.3.dif become bash-4.4.dif
readline-6.3.dif become readline-7.0.dif
- Refresh other patches as well
- Define the USE_MKTEMP and USE_MKSTEMP cpp macros as the
implementation is already there.
- Add patch bash-4.3-pathtemp.patch to allow root to clear the
file systems. Otherwise the completion does not work if /tmp
if full (ENOSPC for here documents)
- Remove --hash-size options as there is no any change in the final
binary nor library anymore
- Add upstream patch bash43-039
Using the output of `declare -p' when run in a function can result in variables
that are invisible to `declare -p'. This problem occurs when an assignment
builtin such as `declare' receives a quoted compound array assignment as one of
its arguments.
- Add upstream patch bash43-040
There is a memory leak that occurs when bash expands an array reference on
the rhs of an assignment statement.
- Add upstream patch bash43-041
There are several out-of-bounds read errors that occur when completing command
lines where assignment statements appear before the command name. The first
two appear only when programmable completion is enabled; the last one only
happens when listing possible completions.
- Add upstream patch bash43-042
There is a problem when parsing command substitutions containing `case'
commands within pipelines that causes the parser to not correctly identify
the end of the command substitution.
- add bash-4.3-perl522.patch to fix texi2html for perl 5.22
(defined(@array) has been deprecated since at least 2012)
- Add upstream patch bash43-034
If neither the -f nor -v options is supplied to unset, and a name argument is
found to be a function and unset, subsequent name arguments are not treated as
variables before attempting to unset a function by that name.
- Add upstream patch bash43-035
A locale with a long name can trigger a buffer overflow and core dump. This
applies on systems that do not have locale_charset in libc, are not using
GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
- Add upstream patch bash43-036
When evaluating and setting integer variables, and the assignment fails to
create a variable (for example, when performing an operation on an array
variable with an invalid subscript), bash attempts to dereference a null
pointer, causing a segmentation violation.
- Add upstream patch bash43-037
If an associative array uses `@' or `*' as a subscript, `declare -p' produces
output that cannot be reused as input.
- Add upstream patch bash43-038
There are a number of instances where `time' is not recognized as a reserved
word when the shell grammar says it should be.
- move info deletion to %preun sections
- bash-4.3-loadables.dif: One more warning fixed, in
examples/loadables/logname.c.
- bash-4.3-loadables.dif: Reverted one warning fix, which was
introducing another warning and possibly a bug.
- bash-4.3-loadables.dif: Split changes to shell.h to a separate
patch "/bash-4.3-include-unistd.dif"/, as the loadables build just
fine without these changes.
- bash-4.3-loadables.dif: Drop all header file inclusion fixups,
upstream fixed the problem differently 5 years ago.
- Do not restart all signal handlers for bash 4.3 as this breaks
trap handler in subshells waotiug for a process
- Remove -DMUST_UNBLOCK_CHLD(=1) as this breaks waitchild(2) on linux
- Add upstream patch bash43-031
The new nameref assignment functionality introduced in bash-4.3 did not perform
enough validation on the variable value and would create variables with
invalid names.
- Add upstream patch bash43-032
When bash is running in Posix mode, it allows signals -- including SIGCHLD --
to interrupt the `wait' builtin, as Posix requires. However, the interrupt
causes bash to not run a SIGCHLD trap for all exited children. This patch
fixes the issue and restores the documented behavior in Posix mode.
- Add upstream patch bash43-033
Bash does not clean up the terminal state in all cases where bash or
readline modifies it and bash is subsequently terminated by a fatal signal.
This happens when the `read' builtin modifies the terminal settings, both
when readline is active and when it is not. It occurs most often when a script
installs a trap that exits on a signal without re-sending the signal to itself.
- Fix the sed command that fixes up the patch headers. It was
printing a duplicate header line, which suprisingly did not
confuse patch, but could in the future.
- Fix all patches that had the duplicate header line issue.
- Use tail command to follow run-tests instead of a simpe cat command
- Really remove obsolete patches
- Skip autoconf on OS 10.2 or older
- Avoid fdupes on SLES-10
- Bump bash version to 4.3
- Allow building on targets from SL 10.1 to current since it's free
- bind
-
- * A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
[CVE-2021-25214, bind-CVE-2021-25214.patch]
* An assertion check can fail while answering queries
for DNAME records that require the DNAME to be processed to resolve
itself
[CVE-2021-25215, bind-CVE-2021-25215.patch]
* A second vulnerability in BIND's GSSAPI security
policy negotiation can be targeted by a buffer overflow attack
This does not affect this package as the affected code is
disabled.
[CVE-2021-25216]
[bsc#1185345]
- pass PIE compiler and linker flags via environment variables to make
/usr/bin/delv in bind-tools also position independent (bsc#1183453).
- drop pie_compile.diff: no longer needed, this patch is difficult to
maintain, the environment variable approach is less error prone.
[bsc#1183453, bind.spec, pie_compile.diff]
- /var/run is deprecated, replaced by /run
[bsc#1185073, bind-replace-varrun-with-run.patch,
bind-chrootenv.conf, vendor-files.tar.bz2]
- Removed baselibs.conf as SLE does not distribute 32 bit libraries.
[baselibs.conf]
- Added special make instruction for the "/Administrator Reference
Manual"/ which is built using python3-Sphinx
[bsc#1177983, bind.spec]
- Removed "/Before=nss-lookup.target"/ from named.service as that
leads to a systemd ordering cycle
[bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2]
- Add /usr/lib64/named to the files and directories in
bind-chrootenv.conf. This directory contains plugins loaded
after the chroot().
- Replaced named's dependency on time-sync with a dependency on time-set
in named.service. The former leads to a dependency-loop.
- Removed "/dnssec-enable"/ from named.conf as it has been obsoleted.
Added a comment for reference which should be removed
in the future.
- Added a comment to the "/dnssec-validation"/ in named.conf
with a reference to forwarders which do not return signed responses.
- Replaced an INSIST macro which calls abort with a test and a
diagnostic output.
[bsc#1177913,bsc#1178078,bsc#1177790,bsc#1177603,bsc#1175894,
bsc#1177915,
bind-Print-diagnostics-on-dns_name_issubdomain-failure-in.patch,
bind-chrootenv.conf,vendor-files.tar.bz2]
- Removed "/-r /dev/urandom"/ from all invocations of rndc-confgen
(init/named system/lwresd.init system/named.init in vendor-files)
as this option is deprecated and causes rndc-confgen to fail.
[bsc#1173311, bsc#1176674, bsc#1170713, vendor-files.tar.bz2]
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
of /usr/sbin/dnssec-keygen as BIND now uses the random number
functions provided by the crypto library (i.e., OpenSSL or a
PKCS#11 provider) as a source of randomness rather than /dev/random.
Therefore the -r command line option no longer has any effect on
dnssec-keygen. Leaving the option in genDDNSkey as to not break
compatibility. Patch provided by Stefan Eisenwiener.
[bsc#1171313, vendor-files.tar.bz2]
- Put libns into a separate subpackage to avoid file conflicts
in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
Fixes five vilnerabilities:
5481. [security] "/update-policy"/ rules of type "/subdomain"/ were
incorrectly treated as "/zonesub"/ rules, which allowed
keys used in "/subdomain"/ rules to update names outside
of the specified subdomains. The problem was fixed by
making sure "/subdomain"/ rules are again processed as
described in the ARM. (CVE-2020-8624) [GL #2055]
5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623)
[GL #2037]
5479. [security] named could crash in certain query resolution scenarios
where QNAME minimization and forwarding were both
enabled. (CVE-2020-8621) [GL #1997]
5478. [security] It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message.
(CVE-2020-8620) [GL #1996]
5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622) [GL #2028]
For the less severe bugs fixed, see the CHANGES file.
[bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
CVE-2020-8620, CVE-2020-8622]
- Added "//etc/bind.keys"/ to NAMED_CONF_INCLUDE_FILES in
/etc/sysconfig/named to suppress warning message re
missing file.
[vendor-files.tar.bz2, bsc#1173983]
- Upgrade to version bind-9.16.5
* The "/primary"/ and "/secondary"/ keywords, when used
as parameters for "/check-names"/, were not
processed correctly and were being ignored.
* 'rndc dnstap -roll <value>' did not limit the number of
saved files to <value>.
* Add 'rndc dnssec -status' command.
* Addressed a couple of situations where named could crash
For the full list, see the CHANGES file in the source RPM.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
so that named, being a/the only member of the "/named"/ group
has full r/w access yet cannot change directories owned by root
in the case of a compromized named.
[bsc#1173307, bind-chrootenv.conf]
- Upgrade to version bind-9.16.4
Fixing two security problems:
* It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer.
(CVE-2020-8618)
* It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone
content and query patterns. (CVE-2020-8619)
Also the following functional changes:
* Reject DS records at the zone apex when loading
master files. Log but otherwise ignore attempts to
add DS records at the zone apex via UPDATE.
* The default value of "/max-stale-ttl"/ has been changed
from 1 week to 12 hours.
* Zone timers are now exported via statistics channel.
Thanks to Paul Frieden, Verizon Media.
Added support for idn2 to spec file (Thanks to Holger Bruenjes
<holgerbruenjes@gmx.net>).
More internal changes see the CHANGES file in the source RPM
This update obsoletes Makefile.in.diff
[bsc#1172958, CVE-2020-8618, CVE-2020-8619, Makefile.in.diff
bind.spec]
- Upgrade to version bind-9.16.3
Fixing two security problems:
* Further limit the number of queries that can be triggered from
a request. Root and TLD servers are no longer exempt
from max-recursion-queries. Fetches for missing name server
address records are limited to 4 for any domain. (CVE-2020-8616)
* Replaying a TSIG BADTIME response as a request could trigger an
assertion failure. (CVE-2020-8617)
Also
* Add engine support to OpenSSL EdDSA implementation.
* Add engine support to OpenSSL ECDSA implementation.
* Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
* Warn about AXFR streams with inconsistent message IDs.
* Make ISC rwlock implementation the default again.
For more see CHANGS file in source RPM.
[CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
- bind needs an accurate clock, so wait for the time-sync.target
to be reached before starting bind.
[bsc#1170667, bsc#1170713, vendor-files.tar.bz2]
- Use sysusers.d to create named user
- Have only one package creating the user
- coreutils are not used in %post, remove Requires.
- Use systemd_ordering instead of hard requiring systemd
- Upgrade to version 9.16.1
* UDP network ports used for listening can no longer simultaneously
be used for sending traffic.
* The system-provided POSIX Threads read-write lock implementation
is now used by default instead of the native BIND 9 implementation.
* Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all.
[bind-9.16.1.tar.xz]
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
Major upgrade, see
https://downloads.isc.org/isc/bind9/9.16.0/RELEASE-NOTES-bind-9.16.0.html
and
CHANGES file in the source tree.
Major functional change:
* What was set with --with-tuning=large option in older BIND9
versions is now a default, and a --with-tuning=small option was
added for small (e.g. OpenWRT) systems.
* A new "/dnssec-policy"/ option has been added to named.conf to
implement a key and signing policy (KASP) for zones.
* The command (and manpage) bind9-config have been dropped as the
BIND 9 libraries are now purely internal.
No patches became obsolete through the upgrade.
[bind-9.16.0.tar.xz]
- Upgrade to bind-9.14.9
bug fixes and feature improvements
- Upgrade to version 9.14.8:
* Set a limit on the number of concurrently served pipelined TCP
queries.
* Some other bug fixing, see CHANGES file.
[CVE-2019-6477, bsc#1157051]
- Upgrade to version 9.14.7
* removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0,
queryperf, sdb, zkt from contrib as they are not supported
any more
* Added support for the GeoIP2 API from MaxMind
* See CHANGES file in the source RPM.
* obsoletes bind-CVE-2018-5745.patch (bsc#1126068)
* obsoletes bind-CVE-2019-6465.patch (bsc#1126069)
* obsoletes bind-CVE-2018-5743.patch (bsc#1133185)
* obsoletes bind-CVE-2019-6471.patch (bsc#1138687)
[bsc#1111722, bsc#1156205, bsc#1126068, bsc#1126069, bsc#1133185,
bsc#1138687, CVE-2019-6476, CVE-2019-6475,
CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465,
CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738,
CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, CVE-2017-3136,
configure.in.diff, bind-99-libidn.patch, perl-path.diff,
bind-sdb-ldap.patch, bind-CVE-2017-3145.patch,
bug-4697-Restore-workaro]und-for-Microsoft-Windows-T.patch,
bind-fix-fips.patch, bind-CVE-2018-5745.patch,
bind-CVE-2019-6465.patch, bind-CVE-2018-5743.patch,
bind-CVE-2019-6471.patch, CVE-2016-6170, bsc#1018700,
bsc#1018701, bsc#1018702, bsc#1033466, bsc#1033467, bsc#1033468,
bsc#1040039, bsc#1047184, bsc#1104129, bsc#906079, bsc#918330,
bsc#936476, bsc#937028, bsc#939567, bsc#977657, bsc#983505,
bsc#987866, bsc#989528, fate#320694, fate#324357, bnc#1127583,
bnc#1127583, bnc#1109160]
- removal of SuSEfirewall2 service from Factory, since SuSEfirewall2 has been
replaced by firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
- Don't rely on /etc/insserv.conf anymore for proper dependencies
against nss-lookup.target in named.service and lwresd.service
(bsc#1118367 bsc#1118368)
- Update named.root. One of the root servers IP has changed.
- Install the LICENSE file.
- Add bind.conf and bind-chrootenv.conf to install the default
files in /var/lib/named and create chroot environment on systems
using transactional-updates [bsc#1100369] [FATE#325524].
- Cleanup pre/post install: remove all old code which was needed to
update to SLES8.
- Fix a patch error in dnszone-schema file (bsc#901577)
- Add SPF records in dnszone-schema file (bsc#901577)
- Fix the hostname in ldapdump to be valid (bsc#965748)
- Patch file - bind-ldapdump-use-valid-host.patch
- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
Fixes dynamic DNS updates against samba and Microsoft DNS servers
(bsc#1094236).
- Move chroot related files from bind to bind-chrootenv
(bsc#1093338)
- Remove rndc.key generation from bind.spec file because bind
should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
script
- build with --enable-filter-aaaa to make it possible to use
config option "/filter-aaaa-on-v4 yes"/. Useful to workaround
broken websites like netflix which block traffic from certain
IPv6 tunnel providers. (bsc#1069633)
- Add /dev/urandom to chroot env
- Implement systemd init scripts for bind and lwresd (fate#323155)
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
- Use getent when adding user/group
- update changelog to mention removed options
- license changed to MPL-2.0 according to legal.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
* Enable python3
* Enable gssapi
* Enable dnssec scripts
* Remove no longer recognized --enable-rrl
- Drop idnkit from the build, the bind uses libidn since 2007 to run
all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
* bind-99-libidn.patch
- Refresh patch:
* pie_compile.diff
- Remove patches that are unused due to above:
* idnkit-powerpc-ltconfig.patch
* runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
* dns_dynamic_db.patch (upstream)
- Update to 9.11.2 release:
* Many changes compared to 9.10 see the README file for in-depth listing
* For detailed changes with issues see CHANGES file
* Fixes for CVE-2017-3141 CVE-2017-3140 CVE-2017-3138 CVE-2017-3137
CVE-3136 CVE-2016-9778
* OpenSSL 1.1 support
- Remove support for some old distributions and cleanup the spec file
to require only what is really needed
- Switch to systemd (bsc#1053808)
- Remove german from the postinst messages
- Remove patches merged upstream:
* bind-CVE-2017-3135.patch
* bind-CVE-2017-3142-and-3143.patch
- Refresh named.root with another update
- Use python3 by default (fate#323526)
- bind-openssl11.patch: add a patch for enabling
openssl 1.1 support (builds for 1.0 and 1.1 openssl).
(bsc#1042635)
- Enable JSON statistics
- named.root: refreshed from internic to 2017060102 (bsc#1048729)
- Run systemctl daemon-reload even when this is not build with
systemd support: if installing bind on a systemd service and not
reloading systemd daemon, then the service 'named' is not known
right after package installation, causing confusion.
- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
where an attacker with the ability to send and receive messages
to an authoritative DNS server was able to circumvent TSIG
authentication of AXFR requests. A server that relies solely on
TSIG keys for protection with no other ACL protection could be
manipulated into (1) providing an AXFR of a zone to an
unauthorized recipient and (2) accepting bogus Notify packets.
[bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143]
- Fix named init script to dynamically find the location of the
openssl engines (boo#1040027).
- Add with_systemd define with default off, since we still use init
scripts and no systemd units.
- Don't require and call insserv if we use systemd
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
* CVE-2017-3135, bsc#1024130
* bind-CVE-2017-3135.patch
- Update to latest release in the 9.10.X series
* Security fixes in 9.10.4
* Duplicate EDNS COOKIE options in a response could trigger an assertion failure.
CVE-2016-2088. [RT #41809]
* The resolver could abort with an assertion failure due to improper DNAME handling
when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
* Malformed control messages can trigger assertions in named and rndc.
CVE-2016-1285. [RT #41666]
* Certain errors that could be encountered when printing out or logging an OPT record containing
a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
* Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
* Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
a lookup. CVE-2015-8461. [RT#40945]
* Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
* For Features and other fixes in 9.10.4 see https://kb.isc.org/article/AA-01380/0/BIND-9.10.4-Release-Notes.html
* Description of patch changes
* BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
* BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
* BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
* BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
* BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and
a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected.
* Following patches removed, fixed upstream
* cve-2016-2776.patch
* cve-2016-8864.patch
- Apply cve-2016-8864.patch to fix CVE-2016-8864 (bsc#1007829).
- Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362).
- Remove the start/stop dependency of named and lwresd on remote-fs
to break a service dependency cycle (bsc#947483, bsc#963971).
- Make /var/lib/named owned by the named user (bsc#908850,
bsc#875691).
- Call systemd service macros with the full service name.
- remove BuildRequire libcap. That is only a legacy library, not
actually used for building. libcap-devel pulls in the right one.
- Security update 9.10.3-P4:
* CVE-2016-1285, bsc#970072: assert failure on input parsing can
cause premature exit.
* CVE-2016-1286, bsc#970073: An error when parsing signature
records for DNAME can lead to named exiting due to an assertion
failure.
* CVE-2016-2088, bsc#970074: a deliberately misconstructed packet
containing multiple cookie options to cause named to terminate
with an assertion failure.
- drop a changing timestamp making build reproducible
- Build with --with-randomdev=/dev/urandom otherwise
libisc will use /dev/random to gather entropy and that might
block, short read etc..
- Security update 9.10.3-P3:
* Specific APL data could trigger an INSIST (CVE-2015-8704,
bsc#962189).
* Certain errors that could be encountered when printing out or
logging an OPT record containing a CLIENT-SUBNET option could
be mishandled, resulting in an assertion failure
(CVE-2015-8705, bsc#962190).
* Authoritative servers that were marked as bogus (e.g.
blackholed in configuration or with invalid addresses) were
being queried anyway.
- Update to version 9.10.3-P2 to fix a remote denial of service by
misparsing incoming responses (CVE-2015-8000, bsc#958861).
- Avoid double %setup, it confuses some versions of quilt.
- Summary/description update
- Update to version 9.10.2-P4
* An incorrect boundary boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286] (bsc#944107)
* A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212] (bsc#944066)
- Update to version 9.10.2-P3
Security Fixes
* A specially crafted query could trigger an assertion failure in message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #39795]
* On servers configured to perform DNSSEC validation, an assertion failure
could be triggered on answers from a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone load was
already in progress; this could trigger a crash in zt.c. [RT #37573]
* Several bugs have been fixed in the RPZ implementation:
+ Policy zones that did not specifically require recursion could be treated
as if they did; consequently, setting qname-wait-recurse no; was
sometimes ineffective. This has been corrected. In most configurations,
behavioral changes due to this fix will not be noticeable. [RT #39229]
+ The server could crash if policy zones were updated (e.g. via
rndc reload or an incoming zone transfer) while RPZ processing
was still ongoing for an active query. [RT #39415]
+ On servers with one or more policy zones configured as slaves, if a
policy zone updated during regular operation (rather than at startup)
using a full zone reload, such as via AXFR, a bug could allow the RPZ
summary data to fall out of sync, potentially leading to an assertion
failure in rpz.c when further incremental updates were made to the zone,
such as via IXFR. [RT #39567]
+ The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an unexpected
action could be taken. This has been corrected. [RT #39481]
+ The server could crash if a reload of an RPZ zone was initiated while
another reload of the same zone was already in progress. [RT #39649]
- Update to version 9.10.2-P2
- An uninitialized value in validator.c could result in an assertion failure.
(CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
- Include client-ip rules when logging the number of RPZ rules of each type.
[RT #39670]
- Addressed further problems with reloading RPZ zones. [RT #39649]
- Addressed a regression introduced in change #4121. [RT #39611]
- The server could match a shorter prefix than what was available in
CLIENT-IP policy triggers, and so, an unexpected action could be taken.
This has been corrected. [RT #39481]
- On servers with one or more policy zones configured as slaves, if a policy
zone updated during regular operation (rather than at startup) using a full
zone reload, such as via AXFR, a bug could allow the RPZ summary data to
fall out of sync, potentially leading to an assertion failure in rpz.c when
further incremental updates were made to the zone, such as via IXFR.
[RT #39567]
- A bug in RPZ could cause the server to crash if policy zones were updated
while recursion was pending for RPZ processing of an active query.
[RT #39415]
- Fix a bug in RPZ that could cause some policy zones that did not
specifically require recursion to be treated as if they did; consequently,
setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
- Asynchronous zone loads were not handled correctly when the zone load was
already in progress; this could trigger a crash in zt.c. [RT #37573]
- Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
result in a bug during operation. If the read failed, named could segfault.
[RT #38559]
- Fix inappropriate use of /var/lib/named for locating dynamic-DB plugins.
Dynamic-DB plugins are now loaded from %{_libexecdir}/bind, consistent with
openSUSE packaging guideline.
- Install additional header files which are helpful to the development of
dynamic-DB plugins.
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.
- Update to version 9.10.2
- Handle timeout in legacy system test. [RT #38573]
- dns_rdata_freestruct could be called on a uninitialised structure when
handling a error. [RT #38568]
- Addressed valgrind warnings. [RT #38549]
- UDP dispatches could use the wrong pseudorandom
number generator context. [RT #38578]
- Fixed several small bugs in automatic trust anchor management, including a
memory leak and a possible loss of key state information. [RT #38458]
- 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
- Revoking a managed trust anchor and supplying an untrusted replacement
could cause named to crash with an assertion failure.
(CVE-2015-1349) [RT #38344]
- Fix a leak of query fetchlock. [RT #38454]
- Fix a leak of pthread_mutexattr_t. [RT #38454]
- RPZ could send spurious SERVFAILs in response
to duplicate queries. [RT #38510]
- CDS and CDNSKEY had the wrong attributes. [RT #38491]
- adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148
- Enable export libraries to support plugin development.
Install DNSSEC root key.
Expose new interface for developing dynamic zone database.
+ dns_dynamic_db.patch
- PowerPC can build shared libraries for sure.
idnkit-powerpc-ltconfig.patch
- Explicitly BuildRequire systemd-rpm-macros since it is used
for lwresd %post etc. Then drop pre-12.x material.
Remove configure.in.diff2.
- Corrections to baselibs.conf
- Update to version 9.10.1-P1
- A flaw in delegation handling could be exploited to put named into an
infinite loop. This has been addressed by placing limits on the number of
levels of recursion named will allow (default 7), and the number of
iterative queries that it will send (default 50) before terminating a
recursive query (CVE-2014-8500); (bnc#908994).
The recursion depth limit is configured via the "/max-recursion-depth"/
option, and the query limit via the "/max-recursion-queries"/ option.
[RT #37580]
- When geoip-directory was reconfigured during named run-time, the
previously loaded GeoIP data could remain, potentially causing wrong ACLs
to be used or wrong results to be served based on geolocation
(CVE-2014-8680). [RT #37720]; (bnc#908995).
- Lookups in GeoIP databases that were not loaded could cause an assertion
failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
- The caching of GeoIP lookups did not always handle address families
correctly, potentially resulting in an assertion failure (CVE-2014-8680).
[RT #37672]; (bnc#908995).
- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.
- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
in some POSIX-compliant shells.
- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
- Add /run/lwresd to the list of files of the lwresd package.
- Shift /run/named from the chroot sub to the main bind package.
- Drop /proc from the chroot as multi CPU systems work fine even without it.
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
- This release addresses the security flaws described in CVE-2014-3214 and
CVE-2014-3859.
- Update to version 9.10.0
- DNS Response-rate limiting (DNS RRL), which blunts the impact of
reflection and amplification attacks, is always compiled in and no longer
requires a compile-time option to enable it.
- An experimental "/Source Identity Token"/ (SIT) EDNS option is now available.
- A new zone file format, "/map"/, stores zone data in a
format that can be mapped directly into memory, allowing
significantly faster zone loading.
- "/delv"/ (domain entity lookup and validation) is a new tool with dig-like
semantics for looking up DNS data and performing internal DNSSEC
validation.
- Improved EDNS(0) processing for better resolver performance
and reliability over slow or lossy connections.
- Substantial improvement in response-policy zone (RPZ) performance. Up to
32 response-policy zones can be configured with minimal performance loss.
- To improve recursive resolver performance, cache records which are still
being requested by clients can now be automatically refreshed from the
authoritative server before they expire, reducing or eliminating the time
window in which no answer is available in the cache.
- New "/rpz-client-ip"/ triggers and drop policies allowing
response policies based on the IP address of the client.
- ACLs can now be specified based on geographic location using the MaxMind
GeoIP databases. Use "/configure --with-geoip"/ to enable.
- Zone data can now be shared between views, allowing multiple views to serve
the same zones authoritatively without storing multiple copies in memory.
- New XML schema (version 3) for the statistics channel includes many new
statistics and uses a flattened XML tree for faster parsing. The older
schema is now deprecated.
- A new stylesheet, based on the Google Charts API, displays XML statistics
in charts and graphs on javascript-enabled browsers.
- The statistics channel can now provide data in JSON format as well as XML.
- New stats counters track TCP and UDP queries received
per zone, and EDNS options received in total.
- The internal and export versions of the BIND libraries (libisc, libdns,
etc) have been unified so that external library clients can use the same
libraries as BIND itself.
- A new compile-time option, "/configure --enable-native-pkcs11"/, allows BIND
9 cryptography functions to use the PKCS#11 API natively, so that BIND can
drive a cryptographic hardware service module (HSM) directly instead of
using a modified OpenSSL as an intermediary.
- The new "/max-zone-ttl"/ option enforces maximum TTLs for zones. This can
simplify the process of rolling DNSSEC keys by guaranteeing that cached
signatures will have expired within the specified amount of time.
- "/dig +subnet"/ sends an EDNS CLIENT-SUBNET option when querying.
- "/dig +expire"/ sends an EDNS EXPIRE option when querying.
- New "/dnssec-coverage"/ tool to check DNSSEC key coverage for a zone and
report if a lapse in signing coverage has been inadvertently scheduled.
- Signing algorithm flexibility and other improvements
for the "/rndc"/ control channel.
- "/named-checkzone"/ and "/named-compilezone"/ can now read
journal files, allowing them to process dynamic zones.
- Multiple DLZ databases can now be configured. Individual zones can be
configured to be served from a specific DLZ database. DLZ databases now
serve zones of type "/master"/ and "/redirect"/.
- "/rndc zonestatus"/ reports information about a specified zone.
- "/named"/ now listens on IPv6 as well as IPv4 interfaces by default.
- "/named"/ now preserves the capitalization of names
when responding to queries.
- new "/dnssec-importkey"/ command allows the use of offline
DNSSEC keys with automatic DNSKEY management.
- New "/named-rrchecker"/ tool to verify the syntactic
correctness of individual resource records.
- When re-signing a zone, the new "/dnssec-signzone -Q"/ option drops
signatures from keys that are still published but are no longer active.
- "/named-checkconf -px"/ will print the contents of configuration files with
the shared secrets obscured, making it easier to share configuration (e.g.
when submitting a bug report) without revealing private information.
- "/rndc scan"/ causes named to re-scan network interfaces for
changes in local addresses.
- On operating systems with support for routing sockets, network interfaces
are re-scanned automatically whenever they change.
- "/tsig-keygen"/ is now available as an alternate command
name to use for "/ddns-confgen"/.
- Update to version 9.9.6
New Features
- Support for CAA record types, as described in RFC 6844 "/DNS
Certification Authority Authorization (CAA) Resource Record"/,
was added. [RT#36625] [RT #36737]
- Disallow "/request-ixfr"/ from being specified in zone statements where it
is not valid (it is only valid for slave and redirect zones) [RT #36608]
- Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "/Automating
DNSSEC Delegation Trust Maintenance"/ at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
- Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
- Added a "/no-case-compress"/ ACL, which causes named to use case-insensitive
compression (disabling change #3645) for specified clients. (This is useful
when dealing with broken client implementations that use case-sensitive
name comparisons, rejecting responses that fail to match the capitalization
of the query that was sent.) [RT #35300]
Feature Changes
- Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
- rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
- Improves the accuracy of dig's reported round trip times. [RT #36611]
- When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
- "/named"/ will now log explicitly when using rndc.key to configure
command channel. [RT #35316]
- The default setting for the -U option (setting the number of UDP
listeners per interface) has been adjusted to improve performance.
[RT #35417]
- Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
- DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
- The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
- Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
- When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
- The AD flag was being set inappopriately on RPZ responses. [RT #36833]
- Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
- RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
- Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
- A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
- Addresses a race condition issue in dispatch. [RT #36731]
- acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
- Corrects a deadlock between view.c and adb.c. [RT #36341]
- liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
- Buffers in isc_print_vsnprintf were not properly initialized
leading to potential overflows when printing out quad values.
[RT #36505]
- Don't call qsort() with a null pointer, and disable the GCC 4.9
"/delete null pointer check"/ optimizer option. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
- Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
- Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
- Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
- Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default.
- Update baselibs.conf (added libirs and library interface version updates).
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- blog
-
- Fix package split done for shared library packaging guideline (bsc#1184479).
- Update to version 2.20
* Silent some gcc warnings, also avoid common variable (boo#1160385)
* Include <sys/sysmacros.h> for makedev
* sort input files (boo#1041090)
* libconsole: never return empty list from getconsoles()
* libconsole: Really allow to use /dev/console as a fallback in showconsole
* libconsole: Add console into the list only when successfully allocated
* libconsole: Correctly ignore early consoles
- Remove obsolate patch blog-Remove-unused-header.patch
- Add blog-Remove-unused-header.patch: Fix build with new glibc
(gh#bitstreamout/showconsole#3).
- Implement shared library packaging guideline.
- Update to version 2.19 which integrates the patches now removed:
* sysmacros.patch
* libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
* libconsole-never-return-empty-list-from-getconsoles.patch
* showconsole-2.18.tar.gz
* libconsole-Add-console-into-the-list-only-when-succe.patch
* libconsole-Correctly-ignore-early-consoles.patch
as well as the changes
* Correct wants directory for systemd-ask-password-blog.service
* Sort input files for reproducible builds
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license instead of %doc [bsc#1082318]
- hardening of the console list generation (bsc#1071568):
* libconsole-never-return-empty-list-from-getconsoles.patch
* libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
* libconsole-Add-console-into-the-list-only-when-succe.patch
* libconsole-Correctly-ignore-early-consoles.patch
- Change description of blog-plymouth in same manner as used by
the release notes
- Add coreutils as required by post scriptlet (boo#1036436)
- Use github source from tagged version
- Use https://github.com/bitstreamout/showconsole as URL
- Install binaries with read permissions (bnc#990837)
- Do not use privata glibc API (boo#967437) but implement
missing shared memory mkstemp()
- Remove patch remove-bad-symbol-use.patch
- remove-bad-symbol-use.patch: Remove bad use of internal glibc interface
(bnc#967437)
- Make clear that blog is split off from sysvinit-tools
- Avoid to be tagged with GLIBC_PRIVATE
- Use libblogger.so with version, that is major and minor
- Bug fix version: Handle chached password request gracefully
- add blog-rpmlintrc. The all-manual handling of systemd services
is required according to Werner.
- Let libblogger become a shared library
- Clean up service uits for close and umount
- First initial package after splitting apart from sysvinit
* Now blogd can replace plymouth(9) even from initrd
* Also blogd is able to handle password requests from
from systemd API
* The blogd daemon writes out console messages even on reboot
or halt up to the file systems become unavailable.
* No locking of the console devices, no frame buffer switching.
- boost:base
-
- libreoffice_compat_backports.patch: add a backport of
Boost.Optional::has_value() for LibreOffice
- Use %license instead of %doc [bsc#1082318]
- Multibuild requires versioned Name: tag and doesn't seem to do
this automatically. (bnc#1076640)
- Update to version 1.66.0
+ Beast: new portable HTTP, WebSocket and network operations
using Boost.Asio. Header-only library.
+ Callable Traits: new library and successor to
Boost.FunctionTypes. Header-only library.
+ Mp11: new metaprogramming library
+ Asio:
* implemented interface changes to reflect the Networking TS
(N4656)
* functions and classes that have been superseded by
Networking TS functionality have been deprecated.
* added support for customized handler tracking
* removed previously deprecated functions
+ Atomic: improved compatibility with GCC 7. 128-bit operations
on x86_64 no longer require linking with compiled library.
+ DateTime: Fixed an integral overflow that could cause incorrect
results when adding or subtracting many years from a date.
+ Format: New format specifiers added and volatile arguments
can not be safely used with operator%
+ Fusion:
* fix compile error with std::array
* remove circular preprocessor include
+ PolyCollection: backported to GCC 4.8 and 4.9 with some
limitations
+ Uuid: added RTF-4122 namespaces in boost::uuids::ns
+ for complete changelog, see
http://www.boost.org/users/history/version_1_66_0.html
- refreshed patches: boost-rpmoptflags-only.patch
- re-enable Python 2 by default. It's still conditional, but
remains enabled by default. This can be disabled in project
config.
- build Python 2 conditionally
- Use multibuild setup - build no-dependency libraries in the
base package and build the rest of the compiled libraries in
the main variant. This should speed up bootstrapping.
- boost-devel not built by default anymore.
- libboost_headers-devel now provides boost-devel for legacy
dependencies. If you need compiled boost libraries depend on
the current compiled devel subpackage.
- run %fdupes only on the header files and documentation
- drop build dependencies on gcc-fortran, chrpath.
- Setup MPI environment prior to building boost.
- Switch to OpenMPI2 as OpenMPI1 is becoming deprecated.
- New upstream version 1.65.1
+ config, fiber - Return a continuation from functions executed
by resume_with.
+ stacktrace - Change preprocessor file extensions to work with
the installation system.
- Changes in version 1.65.0
+ stacktrace - new library providing call sequence in human
readable format.
+ polycollection - new library providing fast containers of
polymorphic objects, from Joaquín M López Muñoz.
+ For full list of changes, see
http://www.boost.org/users/history/version_1_65_1.html
- 1d862615.patch: upstreamed and removed
- gcc_path.patch: obsolete, tr1 module is removed
- mpi_upstream.patch: upstreamed and removed
- boost-1.57.0-python-abi_letters.patch: refreshed
- python_library_name.patch: refreshed and reverted upstream
changes to mpi/build/Jamfile as we are building python2 and
python3 versions of MPI separately.
- baselibs.conf
+ add libboost_stracktrace
+ update to version 1.65.1
- 1d862615.patch: Fix regression caused by refactoring of
serialization code (bnc#1038083)
- make python-numpy optional build dependency
- fix building of mpi python3 plugin
- New upstream version 1.64.0
+ process - new library providing cross platform methods to
- create child processes
- setup stream for child processes
- sync and async communication streams with children
- sync and async wait
- process termination
+ geometry library had some breaking changes,
- ublas_transformer is renamed to matrix_transformer
- explicit modifier is added to constructors of rtree
index::dynamic_* parameters
- strategy::area::huiller replaced by strategy::area::spherical
+ context library updates
- deprecated API:execution-context
- fixed bad assembly for fcontext on ppc64/sysv/elf
+ Updated libraries: any, atomic, config, container, context,
conversion, core, coroutine2, fiber, hash, interprocess,
intrusive, lexicalcast, math, multi-index containers,
multiprecision, predef, program options, regex, smart pointers,
test ,typeindex, typetraits, unordered, variant
+ for details, see
http://www.boost.org/users/history/version_1_64_0.html
- Build PyNumpy module
+ add build requires on python-numpy
- test_lowcase.patch: upstreamed
- refreshed patches: boost-strict_aliasing.patch, gcc_path.patch,
python_mpi.patch
- mpi_upstream.patch: pending upstream fixes to OpenMPI build
- python_library_name.patch: we are building python versions in
different stagings so drop library renames.
- python_numpy_retfunc.patch: rpmlint fixes
- update python macros
- baselibs.conf: (re)add python 2.7 and 3.x libraries
- Fix dependency typos.
- test_lowcase.patch: downcase Boost::Test usage of uppercase
variables. VERSION was clashing with GNU Autotools define
resulting in compilation errors of various packages.
- recombine headers from various devel subpackages under the
libboost_headers-devel package. Not all usage of headers that
have compiled parts pull in their associated compiled symbols.
- general cleanup of the spec file from old, commented stuffs
- remove non-existent dependency in the boost mpi python package
- update to version 1.63.0
* updated libraries: atomic, container, context, fiber,
fusion, geometry, hash, interprocess, intrusive, lexical cast,
log, metaparse, move, optional, phoenix, python, test,
typeindex, units, unordered
* see http://www.boost.org/users/history/version_1_63_0.html
for complete list of changes
- refresh patches
* boost-1.55.0-python-test-PyImport_AppendInittab.patch
* boost-strict_aliasing.patch, and enable -fno-strict-aliasing
for python module
- baselibs.conf:
* add libboost_locale
* rename python to include new soname
- remove python-2059618.patch, not needed
- make build condition --without buil_mpi work
- allow building without python3 bindings, for SLE11SP4
- remove versioned build dependency on libicu-devel, apparently
not needed.
- split out the boost-devel package into individudal compiled
libraries and their -devel subpackages and libboost_headers-devel
package for header-only libraries.
- remove all the -mt.so symlinks, probably not needed anymore.
- ship MPI python bindings for both Python 2.7 and 3.x
* add python_mpi.patch to allow proper compiled library loading
- dynamic_linking.patch: first attempt to remove static library
generation during build process.
- Revert upstream change that set default python version and
ignored user configuration.
python-2059618.patch (boo#1006584)
- Rectify groups and description
- package boost-jam
- add missing ldconfig for libboost_type_erasure
- fix EOL encoding for documentation files
- update to version 1.62.0
* new library: fiber: framework for userland-threads/fibers
* new library: QVM: library for working with quaternions,
vectors and matrices of static size
* see http://www.boost.org/users/history/version_1_62_0.html
for complete changelog
- remove boost-fix_include_config.patch - upstreamed
- gcc_path.patch - fix GCC search paths (bnc#996917)
Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x
onward while our version of GCC only has /usr/include/c++/x.y
for 4.x GCC and /usr/include/c++/x/ for 5.x onward.
- migrate to using %bcond_ instead of hardcoding macros
for different Boost features
- better way to limit max number of compilation units than
by reading /proc/meminfo and guesstimating.
- Fix boo#994378, boo#994381, boo#994382 boo#994383:
Fix build issues when optional_fwd.hpp is used before
including boost/config.hpp
- Add boost-fix_include_config.patch from
gh#boostorg/optional#19
- build it from "/boost.spec"/, but create versioned "/boost-1_61-devel"/
packages
- build quickbook also in versioned package
- update to version 1.61.0
Details on http://www.boost.org/users/history/version_1_61_0.html
Obsolete patches:
* boost-1.59-test-fenv.patch
* boost-deprecated-type_traits.patch
- rename package to boost-1_60 to allow multiple versions
- Fix build on systems with GCC4
- Added libboost_python3 to the dependency macro.
* boost-devel will now correctly requires libboost_python3.
- Add boost-deprecated-type_traits.patch to fix deprecated
type_traits usage in boost/graph/adjacency_matrix.hpp header.
- Add the following patches from Fedora to fix underlinking in
boost::python code
* boost-1.57.0-python-abi_letters.patch
* boost-1.57.0-python-libpython_dep.patch
* boost-1.55.0-python-test-PyImport_AppendInittab.patch
- Updated to version 1.60.0
* New library: VMD.
* Updated libraries: Atomic, Chrono, Container, Context, Core,
Filesystem, Flyweight, Fusion, Interprocess, Intrusive, Lexical
Cast, Locale, log, Move, Multi-index Containers, odeint,
Optional, Predef, Test, Thread, UUID
* See http://www.boost.org/users/history/version_1_60_0.html for
complete changelog.
- Modified patch:
* boost-disable-pch-on-aarch64.patch
- rediff to a new context
- Removed patch:
* boost-1.59-python-make_setter.patch
- integrated upstream
- Add libboost_type_erasure subpackage
- Add support to Boost:Python3 (boo#951902)
* New library: python3
- Add boost-visibility.patch to make members of basic_xml_grammar<char>
visible (boo#958150).
- Fix redefinition of _docdir.
- coroutine2 depends on context, disable it if context is not built
- Updated to version 1.59.0:
* New libraries: Convert, Coroutine2
* Updated Libraries: Container, Context, Coroutine, Fusion,
Geometry, Interprocess, Intrusive, Lexical Cast, Log, Move,
Multi-index Containers, Predef, Program Options, Property Tree,
Boost.Test v3, TypeIndex, Variant
* See http://www.boost.org/users/history/version_1_59_0.html for
complete changelog.
- context now builds on aarch64
- Import two patches from Fedora: boost-1.59-python-make_setter.patch,
boost-1.59-test-fenv.patch
- Drop 0001-Fix-exec_file-for-Python-3-3.4.patch,
0002-Fix-a-regression-with-non-constexpr-types.patch,
boost-uuid-comparison.patch, boost-unrecognized-option.patch.
Fixed upstream.
- Remove unneeded dependency on xorg-x11-devel
- boost-unrecognized-option.patch: remove unrecognized option -m32
- update to 1.58.0:
boost docs remain at 1.56 since upstream hasn't updated yet
* New Libraries: Endian, Sort.
* Updated Libraries: Asio, Chrono, Container, Context, Conversion,
DateTime, Flyweight, Function, Functional/Factory, Fusion, Geometry,
Hash, Interprocess, Intrusive, Lexical Cast, Log, Math, Move,
Multi-index Containers, Multiprecision, Optional, Phoenix,
Predef, Random, Thread, TypeErasure, TypeIndex, Units,
Unordered, Variant.
See http://www.boost.org/users/history/version_1_58_0.html
- add 0001-Fix-exec_file-for-Python-3-3.4.patch ,
0002-Fix-a-regression-with-non-constexpr-types.patch: Fixes regressions
in 1.58
- drop bjam-alignment.patch, boost-gcc5.patch: Already fixed upstream
differently
- add boost-rpmoptflags-only.patch: Build only with optflags
- add boost-aarch64-flags.patch: Avoid using -m64
- add boost-uuid-comparison.patch: Fix regression in UUID operator<
- add boost-disable-pch-on-aarch64.patch: Disable pch on math library
to avoid compiler segfault
- Add quickbook subpackage
- Use $RPM_OPT_FLAGS for building, force use of the GCC toolset.
Be more verbose and fail building with the first error.
- Add boost-gcc5.patch to use -std=c++11 when building the coroutines
module which fixes build with GCC 5.
- Revert the python3 building: it resulted in BOTH libboost_python
libraries to be using python 3 instructions, resulting in
failures of all Py2 related packages.
- bzip2
-
- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
selectors as the file format allows. This relaxes the previous
fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
files that use (too) many selectors again. It fixes a bzip2 and
lbzip2 incompatibility caused by previous patch [bsc#1139083]
[CVE-2019-12900]
- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
write in decompress.c when there are many nSelectors used in a
loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
free vulnerability that was reported in bzip2recover [bsc#985657]
[CVE-2016-3189]
- Update autotools patchset:
D bzip2-1.0.6-autoconfiscated.patch
A bzip2-1.0.6.2-autoconfiscated.patch
- Use %license (boo#1082318)
- Fix build on Fedora and Mageia
- Update bzip2-1.0.6-autoconfiscated.patch:
* Bump version to 1.0.6.
* Fix script symlinks on platforms with EXEEXT.
- Drop implicit pie building
- Try profiled build
- Move autoreconf to build section
- cleanup with spec-cleaner
- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
that always returns 0 as an exit code when grepping multiple
archives [bsc#970260]
- Remove bzip2-faster.patch, it causes a crash with libarchive and
valgrind points out uninitialized memory. See
https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
- Avoid noarch sub package in SLE_11
- Cleanup a bit.
- Remove the profiling stuff as it should not be used nowdays.
At least even factory builds without it.
- Provide libbz2.so.1.0 as other distros do, so we can run tiny
things like steam.
- Respect cflags again, borked by previous commit.
- build with PIE
- fix basisms in bzgrep and bznew
- add patches:
* bzip2-1.0.6-fix-bashisms.patch
- c-ares
-
- Version update to git snapshot 1.17.1+20200724:
* fixes missing input validation on hostnames returned by DNS
servers (bsc#1188881, CVE-2021-3672)
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as
per RFC1035 5.1 to prevent spoofing
* Use unbuffered /dev/urandom for random data to prevent early startup
performance issues
- missing_header.patch: upstreamed
- add BR for pkg-config to get the provides in the devel package
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
- simplify conditions bit to make it tad more readable
- Implement multibuild specfile to split out tests into its own
flavor; this way we can build and run tests, which require
static lib, as well as avoid packaging the latter without issues
with the installed cmake file..
- Version update to 1.16.1
Security:
* Prevent possible use-after-free and double-free in ares_getaddrinfo() if
ares_destroy() is called prior to ares_getaddrinfo() completing.
Reported by Jann Horn at Google Project Zero.
Changes:
* Allow TXT records on CHAOS qclass. Used for retriving things like
version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
Bug fixes:
* Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
* Silence false cast-align compiler warnings due to valid casts of struct
sockaddr to struct sockaddr_in and struct sockaddr_in6.
* MacOS should use libresolv for retrieving DNS servers, like iOS
* CMake build system should populate the INCLUDE_DIRECTORIES property of
installed targets [2]
* Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
Changes:
* Introduction of ares_getaddrinfo() API which provides similar output
(including proper sorting as per RFC 6724) to the system native API, but
utilizes different data structures in order to provide additional
information such as TTLs and all aliases. Please reference the respective
man pages for usage details.
* Parse SOA records from ns_t_any response
* CMake: Provide c-ares version in package export file
* CMake: Add CPACK functionality for DEB and RPM
* CMake: Generate PDB files during build
* CMake: Support manpage installation
Bug fixes:
* Fix bad expectation in IPv6 localhost test.
* AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
prevent complaints about CPPFLAGS in CFLAGS.
* Fix .onion handling
* Command line usage was out of date for adig and ahost.
* Typos in manpages
* If ares_getenv is defined, it must return a value on all platforms
* If /etc/resolv.conf has invalid lookup values, use the defaults.
* Tests: Separate live tests from SetServers* tests as only live tests
should require internet access.
* ares_gethostbyname() should return ENODATA if no valid A or AAAA record
is found, but a CNAME was found.
* CMake: Rework library function checking to prevent unintended linking
with system libraries that aren't needed.
* Due to use of inet_addr() it was not possible to return 255.255.255.255
from ares_gethostbyname().
* CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
included in package
- Run spec-cleaner
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
ares_getaddrinfo function uses the getservbyport_r function which
requires the /etc/services file to function properly. That config
file is provided by the netcfg package. Unit tests rely on it
too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
Some packages need the cmake build files.
- Fix version number of the snapshot to not be downgrade:
bsc#1156601
- Update to upstream snapshot 20191108
* getaddrinfo - avoid infinite loop in case of NXDOMAIN
* ares_getenv - return NULL in all cases
* implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
0007-getaddrinfo-enhancements-257.patch
0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
0010-Disable-failing-test.patch
- disable-live-tests.patch - updated
- Add upstream patches with the ares_getaddrinfo function:
* 0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
* 0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
* 0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
* 0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
* 0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
* 0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
* 0007-getaddrinfo-enhancements-257.patch
* 0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
* 0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
- Add a patch which disables test failing on OBS (but passing in
local environment):
* 0010-Disable-failing-test.patch
- Version update to 1.15.0:
* Add ares_init_options() configurability for path to resolv.conf file
* Ability to exclude building of tools (adig, ahost, acountry) in CMake
* Report ARES_ENOTFOUND for .onion domain names as per RFC7686
(bsc#1125306)
* Apply the IPv6 server blacklist to all nameserver sources
* Prevent changing name servers while queries are outstanding
* ares_set_servers_csv() on failure should not leave channel in a
bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
- Remove ineffective --with-pic.
- Version update to 1.14.0:
* Fix patch for CVE-2017-1000381 to not be overly aggressive
* gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
* ares_gethostbyname.3: fix callback status values
* docs: Document WSAStartup requirement
* Fix a typo in init_by_resolv_conf
- Rename everything to c-ares
- Version update to 1.13.0:
* Fixes bsc#1044946 CVE-2017-1000381
* Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
* Fixes bsc#1007728 CVE-2016-5180
* api: add ARES_OPT_NOROTATE optmask value
* Collection of bugfixes
- update to 1.11.0:
* Allow multiple -s options to the ahost command
* api: Expose the ares_library_initialized() function
* api: Add ares_set_sortlist(3) entrypoint
* api: Add entrypoints to allow use of per-server ports
* api: introduce `ares_parse_txt_reply_ext`
* api: Add ares_set_socket_configure_callback()
* Add -t u option to ahost
* collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- ca-certificates
-
- openssl is no longer required but coreutils and findutils are
(boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this
package might be the only one pulling it in.
- backport bash rewrite from Factory to make sure to trigger in
transactional mode (boo#1179884)
- Changed "/openssl"/ requirement to "/openssl(cli)"/
* (bsc#1101470)
- Use %license instead of %doc [bsc#1082318]
- Revert last change since we fixed systemd-preset-branding and
this requires is no longer needed.
- Re-add systemd requires, else package will be installed to early
and services never enabled [bsc#1071776].
- Don't require systemd, since we could be used in environments
like container images, where we don't have systemd. If systemd
is installed the systemd units will be used, else they are not
needed.
- Update to version 2+git20170807.10b2785:
* Check TRANSACTIONAL_UPDATE is set (boo#1045942)
* Add systemd units
- Run update-ca-certificate by systemd unit when the content of
one of the paths changes. Needed for read-only root and/or
transactional updates.
- Update to version 2+git20151110.c15593c:
+ set proper umask (boo#948724)
- require p11-kit-tools >= 0.23.1
- Update to version 2+git20150324.e3ee392:
+ p11-kit 0.23.1 supports pem-directory-hash now
- use service file to generate tarball
- fix bashism in postun script
- ca-certificates-mozilla
-
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
- EE Certification Centre Root CA
- Taiwan GRCA
- Added CAs:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
- AddTrust External CA Root
- AddTrust Class 1 CA Root
- LuxTrust Global Root 2
- Staat der Nederlanden Root CA - G2
- Symantec Class 1 Public Primary Certification Authority - G4
- Symantec Class 2 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
- certSIGN Root CA G2
- e-Szigno Root CA 2017
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- also run update-ca-certificates in %posttrans
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
- removed:
- Certplus Class 2 Primary CA
- Deutsche Telekom Root CA 2
- CN=Swisscom Root CA 2
- UTN-USERFirst-Client Authentication and Email
- added:
- Entrust Root Certification Authority - G4
- make sure p11-kit with patches is installed on SLE (boo#1154871)
- export correct p11kit trust attributes so Firefox detects built in
certificates (boo#1154871). Courtesy of Fedora.
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
- Certinomis - Root CA
- includes added root CAs from the 2.32 version:
- emSign ECC Root CA - C3 (email and server auth)
- emSign ECC Root CA - G3 (email and server auth)
- emSign Root CA - C1 (email and server auth)
- emSign Root CA - G1 (email and server auth)
- Hongkong Post Root CA 3 (server auth)
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
- Removed CAs:
- AC Raiz Certicamara S.A.
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
- Visa eCommerce Root
- Added Root CAs:
- Certigna Root CA (email and server auth)
- GTS Root R1 (server auth)
- GTS Root R2 (server auth)
- GTS Root R3 (server auth)
- GTS Root R4 (server auth)
- OISTE WISeKey Global Root GC CA (email and server auth)
- UCA Extended Validation Root (server auth)
- UCA Global G2 Root (email and server auth)
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
- removed server auth
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
- remove CA
- ComSign CA
- added new CA
- GlobalSign
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
- Removed CAs:
* S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt
* TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt
* TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:2.7.0.142.23.254.36.32.129.crt
- Use %license instead of %doc [bsc#1082318]
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
bsc#1071390, bsc#1010996)
- Removed CAs:
* ACEDICOM Root
* AddTrust Public CA Root
* AddTrust Qualified CA Root
* ApplicationCA - Japanese Government
* CA Disig Root R1
* CA WoSign ECC Root
* Certification Authority of WoSign G2
* Certinomis - Autorité Racine
* China Internet Network Information Center EV Certificates Root
* CNNIC ROOT
* Comodo Secure Certificate Services
* Comodo Trusted Certificate Services
* ComSign Secured CA
* DST ACES CA X6
* GeoTrust Global CA 2
* StartCom Certification Authority
* StartCom Certification Authority
* StartCom Certification Authority G2
* Swisscom Root CA 1
* TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
* UTN USERFirst Hardware Root CA
* UTN USERFirst Object Root CA
* VeriSign Class 3 Secure Server CA - G2
* WellsSecure Public Root Certificate Authority
* Certification Authority of WoSign
* WoSign China
- Added CAs:
* D-TRUST Root CA 3 2013
* GDCA TrustAUTH R5 ROOT
* SSL.com EV Root Certification Authority ECC
* SSL.com EV Root Certification Authority RSA R2
* SSL.com Root Certification Authority ECC
* SSL.com Root Certification Authority RSA
* TrustCor RootCert CA-1
* TrustCor RootCert CA-2
* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
- convert processing script to Python 3
- ensure a stable conversion of UTF8 hex-encoded certificate names
- ensure a stable ordering of trust/distrust bits in headers
- updated to 2.11 state of the Mozilla NSS Certificate store.
- removed CAs:
- Buypass_Class_2_CA_1:2.1.1.crt
serverAuth
- EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt
codeSigning emailProtection serverAuth
- Equifax_Secure_CA:2.4.53.222.244.207.crt
emailProtection
- Equifax_Secure_eBusiness_CA_1:2.1.4.crt
emailProtection
- Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
emailProtection
- IGC_A:2.5.57.17.69.16.148.crt
codeSigning emailProtection serverAuth
- Juur-SK:2.4.59.142.75.252.crt
codeSigning serverAuth
- Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt
codeSigning emailProtection serverAuth
- RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt
codeSigning emailProtection serverAuth
- Sonera_Class_1_Root_CA:2.1.36.crt
emailProtection
- S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt
emailProtection
- Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt
emailProtection
- Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt
emailProtection
- Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt
emailProtection
- added CAs:
+ AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt
serverAuth
+ Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt
emailProtection serverAuth
+ Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt
emailProtection serverAuth
+ Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt
emailProtection serverAuth
+ Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt
emailProtection serverAuth
+ Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt
emailProtection serverAuth
+ Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt
emailProtection serverAuth
+ Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
emailProtection serverAuth
+ Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
emailProtection serverAuth
+ ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996)
serverAuth
+ LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt
serverAuth
+ OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt
emailProtection serverAuth
+ OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt
emailProtection serverAuth
+ OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt
emailProtection serverAuth
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt
emailProtection
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt
emailProtection
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt
emailProtection
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt
emailProtection
- diff-from-upstream-2.7.patch: removed as we should be able to do
intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
is able to do so.
- diff-from-upstream-2.7.patch: restore some important legacy
CAs, otherwise Pidgin fails to talk to Google Talk for instance.
- Updated to 2.7 (bsc#973042).
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
immediate root CAs.
- Removed server trust from:
AC Raíz Certicámara S.A.
ComSign Secured CA
NetLock Uzleti (Class B) Tanusitvanykiado
NetLock Business (Class B) Root
NetLock Expressz (Class C) Tanusitvanykiado
TC TrustCenter Class 3 CA II
TURKTRUST Certificate Services Provider Root 1
TURKTRUST Certificate Services Provider Root 2
Equifax Secure Global eBusiness CA-1
Verisign Class 4 Public Primary Certification Authority G3
- enable server trust
Actalis Authentication Root CA
- Deleted CAs:
A Trust nQual 03
Buypass Class 3 CA 1
CA Disig
Digital Signature Trust Co Global CA 1
Digital Signature Trust Co Global CA 3
E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
NetLock Expressz (Class C) Tanusitvanykiado
NetLock Kozjegyzoi (Class A) Tanusitvanykiado
NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
NetLock Uzleti (Class B) Tanusitvanykiado
SG TRUST SERVICES RACINE
Staat der Nederlanden Root CA
TC TrustCenter Class 2 CA II
TC TrustCenter Universal CA I
TDC Internet Root CA
UTN DATACorp SGC Root CA
Verisign Class 1 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
- New added CAs:
CA WoSign ECC Root
Certification Authority of WoSign
Certification Authority of WoSign G2
Certinomis - Root CA
Certum Trusted Network CA 2
CFCA EV ROOT
COMODO RSA Certification Authority
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert Trusted Root G4
Entrust Root Certification Authority - EC1
Entrust Root Certification Authority - G2
GlobalSign
GlobalSign
IdenTrust Commercial Root CA 1
IdenTrust Public Sector Root CA 1
OISTE WISeKey Global Root GB CA
QuoVadis Root CA 1 G3
QuoVadis Root CA 2 G3
QuoVadis Root CA 3 G3
Staat der Nederlanden EV Root CA
Staat der Nederlanden Root CA - G3
S-TRUST Universal Root CA
SZAFIR ROOT CA2
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
USERTrust ECC Certification Authority
USERTrust RSA Certification Authority
沃通根证书
- diff-from-upstream-2.2.patch:
Temporary reenable some root ca trusts, as openssl/gnutls
have trouble using intermediates as root CA.
- GTE CyberTrust Global Root
- Thawte Server CA
- Thawte Premium Server CA
- ValiCert Class 1 VA
- ValiCert Class 2 VA
- RSA Root Certificate 1
- Entrust.net Secure Server CA
- America Online Root Certification Authority 1
- America Online Root Certification Authority 2
- Updated to 2.2 (bnc#888534)
- The following CAs were removed:
+ America_Online_Root_Certification_Authority_1
+ America_Online_Root_Certification_Authority_2
+ GTE_CyberTrust_Global_Root
+ Thawte_Premium_Server_CA
+ Thawte_Server_CA
- The following CAs were added:
+ COMODO_RSA_Certification_Authority
codeSigning emailProtection serverAuth
+ GlobalSign_ECC_Root_CA_-_R4
codeSigning emailProtection serverAuth
+ GlobalSign_ECC_Root_CA_-_R5
codeSigning emailProtection serverAuth
+ USERTrust_ECC_Certification_Authority
codeSigning emailProtection serverAuth
+ USERTrust_RSA_Certification_Authority
codeSigning emailProtection serverAuth
+ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
- The following CAs were changed:
+ Equifax_Secure_eBusiness_CA_1
remote code signing and https trust, leave email trust
+ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
only trust emailProtection
- catatonit
-
- Update to catatonit v0.1.5, which fixes two bugs where catatonit would hang
endlessly when pid1 died in very specific ways. bsc#1176155
- Update to catatonit v0.1.4, which includes support for "/-g"/.
- Update to catatonit v0.1.3, which includes a fix for docker compatiblity so
that dockerd doesn't give spurrious warnings.
- Fix build to correctly build a static binary (which will allow it to work in
all containers). This was caused by forgetting to include
'glibc-devel-static'. I've added a check to ensure it doesn't happen by
accident again.
- Add catatonit-rpmlintrc to include filters for "/static binary"/ warnings,
since this is intentional.
- Update package descriptions.
- Update to catatonit v0.1.2 and update links to point to openSUSE repo.
- Update to catatonit v0.1.1, which includes a fix for the libtool requirement.
This lets us build on much older distributions.
- Initial import of catatonit v0.1.0.
- chrony
-
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
but needed for calculating refids from IPv6 addresses as part of
the NTP protocol (rfc5905). As this is a non-cryptographic use of
MD5 we can use our own implementation without violating FIPS
rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
Fix build with glibc-2.31
- bsc#1184400, chrony-pidfile.patch:
Use /run instead of /var/run for PIDFile in chronyd.service.
- Integrate three upstream patches to fix an infinite loop in
chronyc (bsc#1171806).
* chrony-select-timeout.patch
* chrony-gettimeofday.patch
* chrony-urandom.patch
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
"/make check"/ builds made after 2019-12-20. Existing installations
do not need to be updated as the bug only affects the test, but
not chrony itself.
- Fix ordering and dependencies of chronyd.service, so that it is
started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Make sure to generate correct sysconfig file (boo#1117147)
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
Modifed default chrony.conf to add "/include /etc/chrony.d/*"/
- Use %license instead of %doc [bsc#1082318]
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
- Enable pps support
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Cleanup spec file:
* Drop pre systemd support
* Run spec-cleaner
- Modified the spec file to comment out the pool statement
in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
- refresh patches to apply cleanly again
- chrony-config.patch
- chrony-fix-open.patch
- Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
- Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
- chrony-config.patch
- chrony-service-helper.patch
- chrony-fix-open.patch
- Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
- Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
- update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
- Removed features
- Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
- add IP_PKTINFO socket option
- accept environment variables in make
- fix building with FORTIFY_SOURCE
- fix compiler warning
- support multiple SHM refclocks
- fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
update
- drop patches:
- chrony-include-termios.patch
- make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
info packages
- no longer use make install-docs: it only installed 0 byte html
files.
- Provide ntp-daemon (bsc#973981)
- chrony-fix-open.patch: make sure _open and _close are initialized
in open()/close() override, as libfreebl3 also calls from the
the ELF constructor. FATE#319508
- enable mozilla-nss
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
build
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
x86_64
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
the patch is not particularly version-dependent.
- Added clknetsim for "/make check"/ processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
and running "/make check"/.
- Changed Buildrequires and Requires to specify the minimum level of
libseccomp needed to build on s390x and ppc64le.
- Removed "/-Recommends: timedatex"/ since I couldn't find any instance
of it anywhere in the build service.
- Modified the description to use some of the information from the
chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "/make check"/
will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "/interruption code
0x2003B in chronyd"/ errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
point to the actual location of the service command, not the symlink
in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun.
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
- update to 2.3
- Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X,
FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on
NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
is disabled
- Resolve names in separate process when seccomp filter is
enabled
- Replace old records in client log when memory limit is
reached
- Don't reveal local time and synchronisation state in client
packets
- Don't keep client sockets open for longer than necessary
- Ignore poll in KoD RATE packets as ntpd doesn't always set it
correctly
- Warn when using keys shorter than 80 bits
- Add keygen command to generate random keys easily
- Add serverstats command to report NTP and command packet
statistics
- Bug fixes
- Fix clock correction after making step on Mac OS X
- Fix building on Solaris
- refreshed patches to apply cleanly again:
chrony-2.2_logrotate.patch
chrony-config.patch
chrony-service-helper.patch
- update to 2.2.1
Restrict authentication of NTP server/peer to specified key
(CVE-2016-1567)
- silence groupadd/useradd call and drop the shell from the user.
- update to 2.2
see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
- cifs-utils
-
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
* add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
container; (bsc#1183239); CVE-2021-20208.
- CVE-2020-14342: Shell command injection vulnerability in mount.cifs;
(bsc#1174477); (bso#14442); CVE-2020-14342.
* add 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch
- Fix invalid free in mount.cifs; (bsc#1152930).
* add 0012-mount.cifs-Fix-invalid-free.patch
- Fix double-free in mount.cifs; (bsc#1149164).
* add 0011-fix-doublefree.patch
- Update to cifs-utils 6.9; (bsc#1132087); (bsc#1136031).
* adds fixes for Azure
* new smbinfo utility
* remove cifs-utils-6.8.tar.bz2
* remove cifs-utils-6.8.tar.bz2.asc
* add cifs-utils-6.9.tar.bz2
* add cifs-utils-6.9.tar.bz2.asc
* add 0001-smbinfo-Improve-help-usage-and-add-h-option.patch
* add 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch
* add 0003-getcifsacl-Add-support-to-accept-more-paths.patch
* add 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch
* add 0005-smbinfo-add-GETCOMPRESSION-support.patch
* add 0006-getcifsacl-Add-support-for-R-recursive-option.patch
* add 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch
* add 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch
* add 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch
* add 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch
- Remove backports that are already in 6.9; (fate#325270); (bsc#1130528);
* remove 0001-docs-cleanup-rst-formating.patch
* remove 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
* remove 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
* remove 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
* remove 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
* remove 0006-cifs-utils-support-rst2man-3.patch
* remove 0007-checkopts-report-duplicated-options-in-man-page.patch
* remove 0008-mount.cifs.rst-more-cleanups.patch
* remove 0009-mount.cifs.rst-document-vers-3-mount-option.patch
* remove 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
* remove allow-dns-resolver-key-to-expire.patch
* remove suse-document-new-vers-default-SMB2.1.patch
- Remove dependency workaround regarding python2/python3
- Fix dependency failure on SLE15 regarding python2/python3.
- Allow cached DNS entry to expire; (fate#325270).
* add allow-dns-resolver-key-to-expire.patch
- Document new SMB2.1+ defaults; (bsc#1130528).
* be more verbose on mount errors, especially with EHOSTDOWN which
is often returned on SMB version issues.
* add suse-document-new-vers-default-SMB2.1.patch
- Fix python dependency stalemate by requiring python3 version of
samba-libs.
- Update to cifs-utils 6.8.
+ document more mount options
+ man pages now generated from RST files
+ add python-docutils build dependency
+ update keyring to check tarball signature
+ remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
+ add 0001-docs-cleanup-rst-formating.patch
+ add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
+ add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
+ add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
+ add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
+ add 0006-cifs-utils-support-rst2man-3.patch
+ add 0007-checkopts-report-duplicated-options-in-man-page.patch
+ add 0008-mount.cifs.rst-more-cleanups.patch
+ add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
+ add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
* assume SUSE vendor and SLE >= 11
- Update BuildIgnore to break build cycle samba-client <-> cifs-utils
- update to 6.7:
* mount.cifs cleanups
- includes 6.6:
* cleanup/overhaul of cifs.upcall krb5 credcache handling
- partial cleanup with spec-cleaner
- Document SMB3+ and new seal option; (fate#322075).
+ add patch 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ add patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Get rid of init script on everything based off SLE12+ (bsc#1025471).
- Use https urls.
- Don't ignore libldb, libtalloc, libtevent, and samba-client-libs at build
time; (bsc#966174).
- Update to cifs-utils 6.5.
+ mount.cifs: ignore x- mount options
+ minor build fixes; obsoletes include_paths.h_for__PATH_MOUNTED.patch
+ minor manpage fix
- Ignore samba-client-libs at build-time on post-22 Fedora systems.
- Add include_paths.h_for__PATH_MOUNTED.patch
- Use rccifs -> service symlink for proper status (bnc#908023).
- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.
- Add README.cifstab.migration to document the cifstab removal; (bnc#902947).
- Fix broken rccifs symbolic link.
- Remove dead code associated with cifstab file which is no longer used.
- cloud-init
-
- Add cloud-init-bonding-opts.patch (bsc#1184085)
+ Write proper bonding option configuration for SLE/openSUSE
- Fix application and inclusion of
use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Do not including sudoers.d directory twice
- Update cloud-init-write-routes.patch (bsc#1180176)
+ Follow up to previous changes. Fix order of operations
error to make gateway comparison between subnet configuration and
route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
- Python 3.4 compatibility in setup.py
- Disable some test for mock version compatibility
- Add wget as a requirement (bsc#1178029)
+ wget is used in the CloudStack data source
- Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151)
+ Properly set the password for the default user in all circumstances
- Patch the full package version into the cloud-init version file
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Fix missing default route when dual stack network setup is used. Once
a default route was configured for Ipv6 or IPv4 the default route
configuration for the othre protocol was skipped.
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Avoid exception if no gateway information is present and warning
is triggered for existing routing.
- Update to version 20.2 (bsc#1174443, bsc#1174444)
+ Remove patches included upstream:
- 0001-Make-tests-work-with-Python-3.8-139.patch
- cloud-init-ostack-metadat-dencode.patch
- cloud-init-use-different-random-src.diff
- cloud-init-long-pass.patch
- cloud-init-mix-static-dhcp.patch
+ Remove patches build switched to Python 3 for all distributions
(jsc#PM-2335)
- cloud-init-python2-sigpipe.patch
- cloud-init-template-py2.patch
+ Add
- cloud-init-after-kvp.diff
- cloud-init-recognize-hpc.patch
+ doc/format: reference make-mime.py instead of an inline script (#334)
+ Add docs about creating parent folders (#330) [Adrian Wilkins]
+ DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470)
+ schema: ignore spurious pylint error (#332)
+ schema: add json schema for write_files module (#152)
+ BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder]
+ nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder]
+ cloudinit: drop dependencies on unittest2 and contextlib2 (#322)
+ distros: handle a potential mirror filtering error case (#328)
+ log: remove unnecessary import fallback logic (#327)
+ .travis.yml: don't run integration test on ubuntu/* branches (#321)
+ More unit test documentation (#314)
+ conftest: introduce disable_subp_usage autouse fixture (#304)
+ YAML align indent sizes for docs readability (#323) [Tak Nishigori]
+ network_state: add missing space to log message (#325)
+ tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910)
+ test_mounts: expand happy path test for both happy paths (#319)
+ cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836)
+ swap file "/size"/ being used before checked if str (#315) [Eduardo Otubo]
+ HACKING.rst: add pytest version gotchas section (#311)
+ docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers]
+ readme: OpenBSD is now supported (#309) [Gonéri Le Bouder]
+ net: ignore 'renderer' key in netplan config (#306) (LP: #1870421)
+ Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370)
+ openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder]
+ tools/.github-cla-signers: add beezly as CLA signer (#301)
+ util: remove unnecessary lru_cache import fallback (#299)
+ HACKING.rst: reorganise/update CLA signature info (#297)
+ distros: drop leading/trailing hyphens from mirror URL labels (#296)
+ HACKING.rst: add note about variable annotations (#295)
+ CiTestCase: stop using and remove sys_exit helper (#283)
+ distros: replace invalid characters in mirror URLs with hyphens (#291)
(LP: #1868232)
+ rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy]
+ Fix cloud-init ignoring some misdeclared mimetypes in user-data.
[Kurt Garloff]
+ net: ubuntu focal prioritize netplan over eni even if both present
(#267) (LP: #1867029)
+ cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292)
+ net/cmdline: replace type comments with annotations (#294)
+ HACKING.rst: add Type Annotations design section (#293)
+ net: introduce is_ip_address function (#288)
+ CiTestCase: remove now-unneeded parse_and_read helper method (#286)
+ .travis.yml: allow 30 minutes of inactivity in cloud tests (#287)
+ sources/tests/test_init: drop use of deprecated inspect.getargspec (#285)
+ setup.py: drop NIH check_output implementation (#282)
+ Identify SAP Converged Cloud as OpenStack [Silvio Knizek]
+ add Openbsd support (#147) [Gonéri Le Bouder]
+ HACKING.rst: add examples of the two test class types (#278)
+ VMWware: support to update guest info gc status if enabled (#261)
[xiaofengw-vmware]
+ Add lp-to-git mapping for kgarloff (#279)
+ set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder]
+ HACKING.rst: add Unit Testing design section (#277)
+ util: read_cc_from_cmdline handle urlencoded yaml content (#275)
+ distros/tests/test_init: add tests for _get_package_mirror_info (#272)
+ HACKING.rst: add links to new Code Review Process doc (#276)
+ freebsd: ensure package update works (#273) [Gonéri Le Bouder]
+ doc: introduce Code Review Process documentation (#160)
+ tools: use python3 (#274)
+ cc_disk_setup: fix RuntimeError (#270) (LP: #1868327)
+ cc_apt_configure/util: combine search_for_mirror implementations (#271)
+ bsd: boottime does not depend on the libc soname (#269)
[Gonéri Le Bouder]
+ test_oracle,DataSourceOracle: sort imports (#266)
+ DataSourceOracle: update .network_config docstring (#257)
+ cloudinit/tests: remove unneeded with_logs configuration (#263)
+ .travis.yml: drop stale comment (#255)
+ .gitignore: add more common directories (#258)
+ ec2: render network on all NICs and add secondary IPs as static (#114)
(LP: #1866930)
+ ec2 json validation: fix the reference to the 'merged_cfg' key (#256)
[Paride Legovini]
+ releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini]
+ cloudinit: remove six from packaging/tooling (#253)
+ util/netbsd: drop six usage (#252)
+ workflows: introduce stale pull request workflow (#125)
+ cc_resolv_conf: introduce tests and stabilise output across Python
versions (#251)
+ fix minor issue with resolv_conf template (#144) [andreaf74]
+ doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder]
+ Add Netbsd support (#62) [Gonéri Le Bouder]
+ tox.ini: avoid substition syntax that causes a traceback on xenial (#245)
+ Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby]
+ Introduce and use of a list of GitHub usernames that have signed CLA
(#244)
+ workflows/cla.yml: use correct username for CLA check (#243)
+ tox.ini: use xenial version of jsonpatch in CI (#242)
+ workflows: CLA validation altered to fail status on pull_request (#164)
+ tox.ini: bump pyflakes version to 2.1.1 (#239)
+ cloudinit: move to pytest for running tests (#211)
+ instance-data: add cloud-init merged_cfg and sys_info keys to json
(#214) (LP: #1865969)
+ ec2: Do not fallback to IMDSv1 on EC2 (#216)
+ instance-data: write redacted cfg to instance-data.json (#233)
(LP: #1865947)
+ net: support network-config:disabled on the kernel commandline (#232)
(LP: #1862702)
+ ec2: only redact token request headers in logs, avoid altering request
(#230) (LP: #1865882)
+ docs: typo fixed: dta → data [Alexey Vazhnov]
+ Fixes typo on Amazon Web Services (#217) [Nick Wales]
+ Fix docs for OpenStack DMI Asset Tag (#228)
[Mark T. Voelker] (LP: #1669875)
+ Add physical network type: cascading to openstack helpers (#200)
[sab-systems]
+ tests: add focal integration tests for ubuntu (#225)
- From 20.1 (first vesrion after 19.4)
+ ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
(LP: #1863943)
+ utils: use SystemRandom when generating random password. (#204)
[Dimitri John Ledkov]
+ docs: mount_default_files is a list of 6 items, not 7 (#212)
+ azurecloud: fix issues with instances not starting (#205) (LP: #1861921)
+ unittest: fix stderr leak in cc_set_password random unittest
output. (#208)
+ cc_disk_setup: add swap filesystem force flag (#207)
+ import sysvinit patches from freebsd-ports tree (#161) [Igor Galić]
+ docs: fix typo (#195) [Edwin Kofler]
+ sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
[Robert Schweikert] (LP: #1800854)
+ cloudinit: replace "/from six import X"/ imports (except in util.py) (#183)
+ run-container: use 'test -n' instead of 'test ! -z' (#202)
[Paride Legovini]
+ net/cmdline: correctly handle static ip= config (#201)
[Dimitri John Ledkov] (LP: #1861412)
+ Replace mock library with unittest.mock (#186)
+ HACKING.rst: update CLA link (#199)
+ Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
[Louis Bouchard]
+ cloudinit/cmd/devel/net_convert.py: add missing space (#191)
+ tools/run-container: drop support for python2 (#192) [Paride Legovini]
+ Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
+ Make the RPM build use Python 3 (#190) [Paride Legovini]
+ cc_set_password: increase random pwlength from 9 to 20 (#189)
(LP: #1860795)
+ .travis.yml: use correct Python version for xenial tests (#185)
+ cloudinit: remove ImportError handling for mock imports (#182)
+ Do not use fallocate in swap file creation on xfs. (#70)
[Eduardo Otubo] (LP: #1781781)
+ .readthedocs.yaml: install cloud-init when building docs (#181)
(LP: #1860450)
+ Introduce an RTD config file, and pin the Sphinx version to the RTD
default (#180)
+ Drop most of the remaining use of six (#179)
+ Start removing dependency on six (#178)
+ Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
+ docs: add proposed SRU testing procedure (#167)
+ util: rename get_architecture to get_dpkg_architecture (#173)
+ Ensure util.get_architecture() runs only once (#172)
+ Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann]
+ freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder]
+ ssh_auth_key_fingerprints_disable test: fix capitalization (#165)
[Paride Legovini]
+ util: move uptime's else branch into its own boottime function (#53)
[Igor Galić] (LP: #1853160)
+ workflows: add contributor license agreement checker (#155)
+ net: fix rendering of 'static6' in network config (#77) (LP: #1850988)
+ Make tests work with Python 3.8 (#139) [Conrad Hoffmann]
+ fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74]
+ freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder]
+ doc: make apt_update example consistent (#154)
+ doc: add modules page toc with links (#153) (LP: #1852456)
+ Add support for the amazon variant in cloud.cfg.tmpl (#119)
[Frederick Lefebvre]
+ ci: remove Python 2.7 from CI runs (#137)
+ modules: drop cc_snap_config config module (#134)
+ migrate-lp-user-to-github: ensure Launchpad repo exists (#136)
+ docs: add initial troubleshooting to FAQ (#104) [Joshua Powers]
+ doc: update cc_set_hostname frequency and descrip (#109)
[Joshua Powers] (LP: #1827021)
+ freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder]
+ cc_snappy: remove deprecated module (#127)
+ HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130)
+ freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder]
+ cloud-init: fix capitalisation of SSH (#126)
+ doc: update cc_ssh clarify host and auth keys
[Joshua Powers] (LP: #1827021)
+ ci: emit names of tests run in Travis (#120)
- Disable testing to aid elimination of unittest2 in Factory
- bsc#1170154: rsyslog warning, '~' is deprecated
+ replace deprecated syntax '& ~' by '& stop'
for more information please see https://www.rsyslog.com/rsyslog-error-2307/
- Update cloud-init-write-routes.patch
+ Explicitly test for netconfig version 1 as well as 2
- Update cloud-init-write-routes.patch
+ Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995)
- Update cloud-init-write-routes.patch
+ In cases where the config contains 2 or more default gateway
specifications for an interface only write the first default route,
log warning message about skipped routes
+ Avoid writing invalid route specification if neither the network
nor destination is specified in the route configuration
- Update cloud-init-write-routes.patch
+ Still need to consider the "/network"/ configuration uption
for the v1 config implementation. Fixes regression
introduced with update from Wed Feb 12 19:30:42
- Update cloud-init-write-routes.patch (bsc#1165296)
+ Add the default gateway to the ifroute config file when specified
as part of the subnet configuration
+ Fix typo to properly extrakt provided netmask data (bsc#1163178)
- Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632)
+ Increase the default length of generated passwords
- Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631)
+ Use non-deterministic generator for password generation.
- Update cloud-init-write-routes.patch (bsc#1163178)
+ Entries in the routes definition have changed causing a traceback
during rout config file writing. This patch update addresses the
issue by extracting the new entries properly.
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
- Add cloud-init-no-tempnet-oci.patch (bsc#1161132, bsc#1161133)
+ Do not attempt to configure an ephemeral network on OCI. We
boot off iSCSI and the network is up. Just read the data.
- Add patch to build properly with python 3.8:
* 0001-Make-tests-work-with-Python-3.8-139.patch
- Update to version 19.4
+ Remove patches included upstream:
- cloud-init-after-wicked.patch
- cloud-init-noresolv-merge-no-dns-data.diff
- cloud-init-renderer-detect.patch
- cloud-init-trigger-udev.patch
+ Removed patches merged with cloud-init-mix-static-dhcp.patch
- cloud-init-proper-ipv6-setting.patch
- cloud-init-static-net.patch
+ Added cloud-init-mix-static-dhcp.patch (bsc#1157894)
+ Forward port cloud-init-sysconf-path.patch
+ doc: specify _ over - in cloud config modules
+ [Joshua Powers] (LP: #1293254)
+ tools: Detect python to use via env in migrate-lp-user-to-github
+ [Adam Dobrawy]
+ Partially revert "/fix unlocking method on FreeBSD"/ (#116)
+ tests: mock uid when running as root (#113)
+ [Joshua Powers] (LP: #1856096)
+ cloudinit/netinfo: remove unused getgateway (#111)
+ docs: clear up apt config sections (#107) [Joshua Powers] (LP: #1832823)
+ doc: add kernel command line option to user data (#105)
+ [Joshua Powers] (LP: #1846524)
+ config/cloud.cfg.d: update README [Joshua Powers] (LP: #1855006)
+ azure: avoid re-running cloud-init when instance-id is byte-swapped
+ (#84) [AOhassan]
+ fix unlocking method on FreeBSD [Igor Galić] (LP: #1854594)
+ debian: add reference to the manpages [Joshua Powers]
+ ds_identify: if /sys is not available use dmidecode (#42)
+ [Igor Galić] (LP: #1852442)
+ docs: add cloud-id manpage [Joshua Powers]
+ docs: add cloud-init-per manpage [Joshua Powers]
+ docs: add cloud-init manpage [Joshua Powers]
+ docs: add additional details to per-instance/once [Joshua Powers]
+ Update doc-requirements.txt [Joshua Powers]
+ doc-requirements: add missing dep [Joshua Powers]
+ dhcp: Support RedHat dhcp rfc3442 lease format for option 121 (#76)
+ [Eric Lafontaine] (LP: #1850642)
+ network_state: handle empty v1 config (#45) (LP: #1852496)
+ docs: Add document on how to report bugs [Joshua Powers]
+ Add an Amazon distro in the redhat OS family [Frederick Lefebvre]
+ removed a couple of "/the"/s [gaughen]
+ docs: fix line length and remove highlighting [Joshua Powers]
+ docs: Add security.md to readthedocs [Joshua Powers]
+ Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo]
+ Revert "/travis: only run CI on pull requests"/
+ doc: update links on README.md [Joshua Powers]
+ doc: Updates to wording of README.md [Joshua Powers]
+ Add security.md [Joshua Powers]
+ setup.py: Amazon Linux sets libexec to /usr/libexec (#52)
+ [Frederick Lefebvre]
+ Fix linting failure in test_url_helper (#83) [Eric Lafontaine]
+ url_helper: read_file_or_url should pass headers param into readurl
+ (#66) (LP: #1854084)
+ dmidecode: log result *after* stripping n [Igor Galić]
+ cloud_tests: add azure platform support to integration tests
+ [ahosmanmsft]
+ set_passwords: support for FreeBSD (#46) [Igor Galić]
+ tools: migrate-lp-user-to-github removes repo_dir if created (#35)
+ Correct jumbled documentation for cc_set_hostname module (#64)
+ [do3meli] (LP: #1853543)
+ FreeBSD: fix for get_linux_distro() and lru_cache (#59)
+ [Igor Galić] (LP: #1815030)
+ ec2: Add support for AWS IMDS v2 (session-oriented) (#55)
+ tests: Fix cloudsigma tests when no dmidecode data is present. (#57)
+ [Scott Moser]
+ net: IPv6, accept_ra, slaac, stateless (#51)
+ [Harald] (LP: #1806014, #1808647)
+ docs: Update the configdrive datasource links (#44)
+ [Joshua Powers] (LP: #1852461)
+ distro: correctly set usr_lib_exec path for FreeBSD distro (#40)
+ [Igor Galić] (LP: #1852491)
+ azure: support secondary ipv6 addresses (#33)
+ Fix metadata check when local-hostname is null (#32)
+ [Mark Goddard] (LP: #1852100)
+ switch default FreeBSD salt minion pkg from py27 to py36
+ [Dominic Schlegel]
+ travis: only run CI on pull requests
+ add data-server dns entry as new metadata server detection [Joshua Hügli]
+ pycodestyle: remove unused local variable
+ reporting: Using a uuid to enforce uniqueness on the KVP keys. [momousta]
+ docs: touchups in rtd intro and README.md
+ doc: update launchpad git refs to github
+ github: drop pull-request template to prepare for migration
+ tools: add migrate-lp-user-to-github script to link LP to github
+ github: new basic project readme
- From 19.3
+ azure: support matching dhcp route-metrics for dual-stack ipv4 ipv6
+ (LP: #1850308)
+ configdrive: fix subplatform config-drive for /config-drive source
+ [David Kindred] (LP: #1849731)
+ DataSourceSmartOS: reconfigure network on each boot
+ [Mike Gerdts] (LP: #1765801)
+ Add config for ssh-key import and consuming user-data [Pavel Zakharov]
+ net: fix subnet_is_ipv6() for stateless|stateful
+ [Harald Jensås] (LP: #1848690)
+ OVF: disable custom script execution by default [Xiaofeng Wang]
+ cc_puppet: Implement csr_attributes.yaml support [Matthias Baur]
+ cloud-init.service: on centos/fedora/redhat wait on NetworkManager.service
+ (LP: #1843334)
+ azure: Do not lock user on instance id change [Sam Eiderman] (LP: #1849677)
+ net/netplan: use ipv6-mtu key for specifying ipv6 mtu values
+ Fix usages of yaml, and move yaml_dump to safeyaml.dumps. (LP: #1849640)
+ exoscale: Increase url_max_wait to 120s. [Chris Glass]
+ net/sysconfig: fix available check on SUSE distros
+ [Robert Schweikert] (LP: #1849378)
+ docs: Fix incorrect Azure IMDS IP address [Joshua Powers] (LP: #1849508)
+ introduce .travis.yml
+ net: enable infiniband support in eni and sysconfig renderers
+ [Darren Birkett] (LP: #1847114)
+ guestcust_util: handle special characters in config file [Xiaofeng Wang]
+ fix some more typos in comments [Dominic Schlegel]
+ replace any deprecated log.warn with log.warning
+ [Dominic Schlegel] (LP: #1508442)
+ net: handle openstack dhcpv6-stateless configuration
+ [Harald Jensås] (LP: #1847517)
+ Add .venv/ to .gitignore [Dominic Schlegel]
+ Small typo fixes in code comments. [Dominic Schlegel]
+ cloud_test/lxd: Retry container delete a few times
+ Add Support for e24cloud to Ec2 datasource. (LP: #1696476)
+ Add RbxCloud datasource [Adam Dobrawy]
+ get_interfaces: don't exclude bridge and bond members (LP: #1846535)
+ Add support for Arch Linux in render-cloudcfg [Conrad Hoffmann]
+ util: json.dumps on python 2.7 will handle UnicodeDecodeError on binary
+ (LP: #1801364)
+ debian/ubuntu: add missing word to netplan/ENI header (LP: #1845669)
+ ovf: do not generate random instance-id for IMC customization path
+ sysconfig: only write resolv.conf if network_state has DNS values
+ (LP: #1843634)
+ sysconfig: use distro variant to check if available (LP: #1843584)
+ systemd/cloud-init.service.tmpl: start after wicked.service
+ [Robert Schweikert]
+ docs: fix zstack documentation lints
+ analyze/show: remove trailing space in output
+ Add missing space in warning: "/not avalid seed"/ [Brian Candler]
+ pylintrc: add 'enter_context' to generated-members list
+ Add datasource for ZStack platform. [Shixin Ruan] (LP: #1841181)
+ docs: organize TOC and update summary of project [Joshua Powers]
+ tools: make clean now cleans the dev directory, not the system
+ docs: create cli specific page [Joshua Powers]
+ docs: added output examples to analyze.rst [Joshua Powers]
+ docs: doc8 fixes for instancedata page [Joshua Powers]
+ docs: clean up formatting, organize boot page [Joshua Powers]
+ net: add is_master check for filtering device list (LP: #1844191)
+ docs: more complete list of availability [Joshua Powers]
+ docs: start FAQ page [Joshua Powers]
+ docs: cleanup output & order of datasource page [Joshua Powers]
+ Brightbox: restrict detection to require full domain match .brightbox.com
+ VMWware: add option into VMTools config to enable/disable custom script.
+ [Xiaofeng Wang]
+ net,Oracle: Add support for netfailover detection
+ atomic_helper: add DEBUG logging to write_file (LP: #1843276)
+ doc: document doc, create makefile and tox target [Joshua Powers]
+ .gitignore: ignore files produced by package builds
+ docs: fix whitespace, spelling, and line length [Joshua Powers]
+ docs: remove unnecessary file in doc directory [Joshua Powers]
+ Oracle: Render secondary vnic IP and MTU values only
+ exoscale: fix sysconfig cloud_config_modules overrides (LP: #1841454)
+ net/cmdline: refactor to allow multiple initramfs network config sources
+ ubuntu-drivers: call db_x_loadtemplatefile to accept NVIDIA EULA
+ (LP: #1840080)
+ Add missing #cloud-config comment on first example in documentation.
+ [Florian Müller]
+ ubuntu-drivers: emit latelink=true debconf to accept nvidia eula
+ (LP: #1840080)
+ DataSourceOracle: prefer DS network config over initramfs
+ format.rst: add text/jinja2 to list of content types (+ cleanups)
+ Add GitHub pull request template to point people at hacking doc
+ cloudinit/distros/parsers/sys_conf: add docstring to SysConf
+ pyflakes: remove unused variable [Joshua Powers]
+ Azure: Record boot timestamps, system information, and diagnostic events
+ [Anh Vo]
+ DataSourceOracle: configure secondary NICs on Virtual Machines
+ distros: fix confusing variable names
+ azure/net: generate_fallback_nic emits network v2 config instead of v1
+ Add support for publishing host keys to GCE guest attributes [Rick Wright]
+ New data source for the Exoscale.com cloud platform [Chris Glass]
+ doc: remove intersphinx extension
+ cc_set_passwords: rewrite documentation (LP: #1838794)
+ net/cmdline: split interfaces_by_mac and init network config determination
+ stages: allow data sources to override network config source order
+ cloud_tests: updates and fixes
+ Fix bug rendering MTU on bond or vlan when input was netplan. (LP: #1836949)
+ net: update net sequence, include wait on netdevs, opensuse netrules path
(LP: #1817368)
- Add cloud-init-proper-ipv6-setting.patch (bsc#1156139)
+ Set proper IPv6 interface variable in ifcfg file
- Update cloud-init-write-routes.patch (bsc#1155376)
+ Write a route's destination network in CIDR notation instead of using the
netmask. This provides support for correctly recording IPv6 routes.
- Add cloud-init-renderer-detect.patch (bsc#1154092, boo#1142988)
+ Short curcuit the conditional for identifying the sysconfig renderer.
If we find ifup/ifdown accept the renderer as available.
- Add cloud-init-break-resolv-symlink.patch (bsc#1151488)
+ If /etc/resolv.conf is a symlink break it. This will avoid netconfig
from clobbering the changes cloud-init applied.
- Update to cloud-init 19.2 (bsc#1099358, bsc#1145622)
+ Remove, included upstream
- cloud-init-detect-nova.diff
- cloud-init-add-static-routes.diff
+ net: add rfc3442 (classless static routes) to EphemeralDHCP
(LP: #1821102)
+ templates/ntp.conf.debian.tmpl: fix missing newline for pools
(LP: #1836598)
+ Support netplan renderer in Arch Linux [Conrad Hoffmann]
+ Fix typo in publicly viewable documentation. [David Medberry]
+ Add a cdrom size checker for OVF ds to ds-identify
[Pengpeng Sun] (LP: #1806701)
+ VMWare: Trigger the post customization script via cc_scripts module.
[Xiaofeng Wang] (LP: #1833192)
+ Cloud-init analyze module: Added ability to analyze boot events.
[Sam Gilson]
+ Update debian eni network configuration location, retain Ubuntu setting
[Janos Lenart]
+ net: skip bond interfaces in get_interfaces
[Stanislav Makar] (LP: #1812857)
+ Fix a couple of issues raised by a coverity scan
+ Add missing dsname for Hetzner Cloud datasource [Markus Schade]
+ doc: indicate that netplan is default in Ubuntu now
+ azure: add region and AZ properties from imds compute location metadata
+ sysconfig: support more bonding options [Penghui Liao]
+ cloud-init-generator: use libexec path to ds-identify on redhat systems
(LP: #1833264)
+ tools/build-on-freebsd: update to python3 [Gonéri Le Bouder]
+ Allow identification of OpenStack by Asset Tag
[Mark T. Voelker] (LP: #1669875)
+ Fix spelling error making 'an Ubuntu' consistent. [Brian Murray]
+ run-container: centos: comment out the repo mirrorlist [Paride Legovini]
+ netplan: update netplan key mappings for gratuitous-arp (LP: #1827238)
+ freebsd: fix the name of cloudcfg VARIANT [Gonéri Le Bouder]
+ freebsd: ability to grow root file system [Gonéri Le Bouder]
+ freebsd: NoCloud data source support [Gonéri Le Bouder] (LP: #1645824)
+ Azure: Return static fallback address as if failed to find endpoint
[Jason Zions (MSFT)]
- Add cloud-init-after-wicked.patch
- Change the service order, the cloud-init service wants to run after
networking is started
- Add cloud-init-noresolv-merge-no-dns-data.diff
- Avoid writing resolv.conf if the network configuration contains no
dns entries.
- Follow up to update cloud-init-trigger-udev.patch (bsc#1144363)
- In this implementation the "/name"/ is not yet an attribute, use
get() to obtain the value from a dict. Source code version confusion.
- Add cloud-init-add-static-routes.diff (bsc#1141969)
+ Properly handle static routes. The EphemeralDHCP context manager did
not parse or handle rfc3442 classless static routes which prevented
reading datasource metadata in some clouds.
- Update cloud-init-trigger-udev.patch (bsc#1144363)
- The __str__ implementation no longer delivers the name of the interface,
use the "/name"/ attribute instead to form a proper path in the
sysfs tree
- Update cloud-init-write-routes.patch (boo#1144881, bsc#1148645)
+ If no routes are set for a subnet but the subnet has a gateway
specified, set the gateway as the default route for the interface
- Follow the ever changing inconsistencies of version definitions and
detection in the build service.
+ No more suse_version in SUSE internal instance for SLES 15 SP1
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini
- Update to version 19.1 (bsc#1136440, bsc#1129124)
+ Remove, included upstream
- fix-default-systemd-unit-dir.patch
- cloud-init-sysconf-ethsetup.patch
- cloud-init-handle-def-route-set.patch
- cloud-init-no-empty-resolv.patch
- cloud-init-proper-ipv6-varname.patch
+ Forward port
- cloud-init-trigger-udev.patch
+ Add cloud-init-detect-nova.diff (bsc#1136440)
+ Modify cloud-init-python2-sigpipe.patch, import signal and constants
+ Update spec to account for new location of bash completion
+ freebsd: add chpasswd pkg in the image [Gonéri Le Bouder]
+ tests: add Eoan release [Paride Legovini]
+ cc_mounts: check if mount -a on no-change fstab path
[Jason Zions (MSFT)] (LP: #1825596)
+ replace remaining occurrences of LOG.warn [Daniel Watkins]
+ DataSourceAzure: Adjust timeout for polling IMDS [Anh Vo]
+ Azure: Changes to the Hyper-V KVP Reporter [Anh Vo]
+ git tests: no longer show warning about safe yaml.
+ tools/read-version: handle errors [Chad Miller]
+ net/sysconfig: only indicate available on known sysconfig distros
(LP: #1819994)
+ packages: update rpm specs for new bash completion path
[Daniel Watkins] (LP: #1825444)
+ test_azure: mock util.SeLinuxGuard where needed
[Jason Zions (MSFT)] (LP: #1825253)
+ setup.py: install bash completion script in new location [Daniel Watkins]
+ mount_cb: do not pass sync and rw options to mount
[Gonéri Le Bouder] (LP: #1645824)
+ cc_apt_configure: fix typo in apt documentation [Dominic Schlegel]
+ Revert "/DataSource: move update_events from a class to an instance..."/
[Daniel Watkins]
+ Change DataSourceNoCloud to ignore file system label's case.
[Risto Oikarinen]
+ cmd:main.py: Fix missing 'modules-init' key in modes dict
[Antonio Romito] (LP: #1815109)
+ ubuntu_advantage: rewrite cloud-config module
+ Azure: Treat _unset network configuration as if it were absent
[Jason Zions (MSFT)] (LP: #1823084)
+ DatasourceAzure: add additional logging for azure datasource [Anh Vo]
+ cloud_tests: fix apt_pipelining test-cases
+ Azure: Ensure platform random_seed is always serializable as JSON.
[Jason Zions (MSFT)]
+ net/sysconfig: write out SUSE-compatible IPv6 config [Robert Schweikert]
+ tox: Update testenv for openSUSE Leap to 15.0 [Thomas Bechtold]
+ net: Fix ipv6 static routes when using eni renderer
[Raphael Glon] (LP: #1818669)
+ Add ubuntu_drivers config module [Daniel Watkins]
+ doc: Refresh Azure walinuxagent docs [Daniel Watkins]
+ tox: bump pylint version to latest (2.3.1) [Daniel Watkins]
+ DataSource: move update_events from a class to an instance attribute
[Daniel Watkins] (LP: #1819913)
+ net/sysconfig: Handle default route setup for dhcp configured NICs
[Robert Schweikert] (LP: #1812117)
+ DataSourceEc2: update RELEASE_BLOCKER to be more accurate
[Daniel Watkins]
+ cloud-init-per: POSIX sh does not support string subst, use sed
(LP: #1819222)
+ Support locking user with usermod if passwd is not available.
+ Example for Microsoft Azure data disk added. [Anton Olifir]
+ clean: correctly determine the path for excluding seed directory
[Daniel Watkins] (LP: #1818571)
+ helpers/openstack: Treat unknown link types as physical
[Daniel Watkins] (LP: #1639263)
+ drop Python 2.6 support and our NIH version detection [Daniel Watkins]
+ tip-pylint: Fix assignment-from-return-none errors
+ net: append type:dhcp[46] only if dhcp[46] is True in v2 netconfig
[Kurt Stieger] (LP: #1818032)
+ cc_apt_pipelining: stop disabling pipelining by default
[Daniel Watkins] (LP: #1794982)
+ tests: fix some slow tests and some leaking state [Daniel Watkins]
+ util: don't determine string_types ourselves [Daniel Watkins]
+ cc_rsyslog: Escape possible nested set [Daniel Watkins] (LP: #1816967)
+ Enable encrypted_data_bag_secret support for Chef
[Eric Williams] (LP: #1817082)
+ azure: Filter list of ssh keys pulled from fabric [Jason Zions (MSFT)]
CVE-2019-0816
+ doc: update merging doc with fixes and some additional details/examples
+ tests: integration test failure summary to use traceback if empty error
+ This is to fix https://bugs.launchpad.net/cloud-init/+bug/1812676
[Vitaly Kuznetsov]
+ EC2: Rewrite network config on AWS Classic instances every boot
[Guilherme G. Piccoli] (LP: #1802073)
+ netinfo: Adjust ifconfig output parsing for FreeBSD ipv6 entries
(LP: #1779672)
+ netplan: Don't render yaml aliases when dumping netplan (LP: #1815051)
+ add PyCharm IDE .idea/ path to .gitignore [Dominic Schlegel]
+ correct grammar issue in instance metadata documentation
[Dominic Schlegel] (LP: #1802188)
+ clean: cloud-init clean should not trace when run from within cloud_dir
(LP: #1795508)
+ Resolve flake8 comparison and pycodestyle over-ident issues
[Paride Legovini]
+ opennebula: also exclude epochseconds from changed environment vars
(LP: #1813641)
+ systemd: Render generator from template to account for system
differences. [Robert Schweikert]
+ sysconfig: On SUSE, use STARTMODE instead of ONBOOT
[Robert Schweikert] (LP: #1799540)
+ flake8: use ==/!= to compare str, bytes, and int literals
[Paride Legovini]
+ opennebula: exclude EPOCHREALTIME as known bash env variable with a
delta (LP: #1813383)
+ tox: fix disco httpretty dependencies for py37 (LP: #1813361)
+ run-container: uncomment baseurl in yum.repos.d/*.repo when using a
proxy [Paride Legovini]
+ lxd: install zfs-linux instead of zfs meta package
[Johnson Shi] (LP: #1799779)
+ net/sysconfig: do not write a resolv.conf file with only the header.
[Robert Schweikert]
+ net: Make sysconfig renderer compatible with Network Manager.
[Eduardo Otubo]
+ cc_set_passwords: Fix regex when parsing hashed passwords
[Marlin Cremers] (LP: #1811446)
+ net: Wait for dhclient to daemonize before reading lease file
[Jason Zions] (LP: #1794399)
+ [Azure] Increase retries when talking to Wireserver during metadata walk
[Jason Zions]
+ Add documentation on adding a datasource.
+ doc: clean up some datasource documentation.
+ ds-identify: fix wrong variable name in ovf_vmware_transport_guestinfo.
+ Scaleway: Support ssh keys provided inside an instance tag. [PORTE Loïc]
+ OVF: simplify expected return values of transport functions.
+ Vmware: Add support for the com.vmware.guestInfo OVF transport.
(LP: #1807466)
+ HACKING.rst: change contact info to Josh Powers
+ Update to pylint 2.2.2.
- Update cloud-init-write-routes.patch (bsc#1132692)
+ Properly accumulate all the defined routes for a given network device.
Previously only the last defined route was written to the routes file.
- Update cloud-init-trigger-udev.patch (bsc#1125950)
+ Write the udev rules to a different file than the default
+ Settle udev if not all configured devices are in the device tree to
avoid race condition between udev and cloud-init
- Add cloud-init-trigger-udev.patch (bsc#1125950)
+ When the user configures a new rules file for network devices
the rules may not apply immediately, trigger udevadm
- Modify cloud-init-write-routes.patch (bsc#1125992)
+ Fix the order of calls, the SUSE implementation of route config file
writing must clobber the default implementation.
- Add cloud-init-proper-ipv6-varname.patch (bsc#1126101)
+ Use the proper name to designate IPv6 addresses in ifcfg-* files
- Modify cloud-init-write-routes.patch (boo#1123694)
+ Drop a '-' in the route file for the last column
- Add cloud-init-no-empty-resolv.patch (bsc#1119397)
- Update to version 18.5 (bsc#1121878, boo#1116767)
+ Remove
0001-Fix-the-service-order-for-SUSE-distributions.patch
0001-Follow-the-ever-bouncing-ball-for-openSUSE-distribut.patch
0002-Add-tests-for-additional-openSUSE-distro-condition-m.patch
included upstream
+ Forward port cloud-init-sysconf-ethsetup.patch
+ Add cloud-init-write-routes.patch
+ Add cloud-init-handle-def-route-set.patch
+ tests: add Disco release [Joshua Powers]
+ net: render 'metric' values in per-subnet routes (LP: #1805871)
+ write_files: add support for appending to files. [James Baxter]
+ config: On ubuntu select cloud archive mirrors for armel, armhf, arm64.
(LP: #1805854)
+ dhclient-hook: cleanups, tests and fix a bug on 'down' event.
+ NoCloud: Allow top level 'network' key in network-config. (LP: #1798117)
+ ovf: Fix ovf network config generation gateway/routes (LP: #1806103)
+ azure: detect vnet migration via netlink media change event
[Tamilmani Manoharan]
+ Azure: fix copy/paste error in error handling when reading azure ovf.
+ [Adam DePue]
+ tests: fix incorrect order of mocks in test_handle_zfs_root.
+ doc: Change dns_nameserver property to dns_nameservers. [Tomer Cohen]
+ OVF: identify label iso9660 filesystems with label 'OVF ENV'.
+ logs: collect-logs ignore instance-data-sensitive.json on non-root user
(LP: #1805201)
+ net: Ephemeral*Network: add connectivity check via URL
+ azure: _poll_imds only retry on 404. Fail on Timeout (LP: #1803598)
+ resizefs: Prefix discovered devpath with '/dev/' when path does not
exist [Igor Galić]
+ azure: retry imds polling on requests.Timeout (LP: #1800223)
+ azure: Accept variation in error msg from mount for ntfs volumes
[Jason Zions] (LP: #1799338)
+ azure: fix regression introduced when persisting ephemeral dhcp lease
[asakkurr]
+ azure: add udev rules to create cloud-init Gen2 disk name symlinks
(LP: #1797480)
+ tests: ec2 mock missing httpretty user-data and instance-identity routes
+ azure: remove /etc/netplan/90-hotplug-azure.yaml when net from IMDS
+ azure: report ready to fabric after reprovision and reduce logging
[asakkurr] (LP: #1799594)
+ query: better error when missing read permission on instance-data
+ instance-data: fallback to instance-data.json if sensitive is absent.
(LP: #1798189)
+ docs: remove colon from network v1 config example. [Tomer Cohen]
+ Add cloud-id binary to packages for SUSE [Jason Zions]
+ systemd: On SUSE ensure cloud-init.service runs before wicked
[Robert Schweikert] (LP: #1799709)
+ update detection of openSUSE variants [Robert Schweikert]
+ azure: Add apply_network_config option to disable network from IMDS
(LP: #1798424)
+ Correct spelling in an error message (udevadm). [Katie McLaughlin]
+ tests: meta_data key changed to meta-data in ec2 instance-data.json
(LP: #1797231)
+ tests: fix kvm integration test to assert flexible config-disk path
(LP: #1797199)
+ tools: Add cloud-id command line utility
+ instance-data: Add standard keys platform and subplatform. Refactor ec2.
+ net: ignore nics that have "/zero"/ mac address. (LP: #1796917)
+ tests: fix apt_configure_primary to be more flexible
+ Ubuntu: update sources.list to comment out deb-src entries. (LP: #74747)
- Add cloud-init-ostack-metadat-dencode.patch (bsc#1101894)
- Add cloud-init-static-net.patch (boo#1114160)
- Update to version 18.4 (bsc#1087331, bsc#1097388, boo#1111427, bsc#1095627)
+ Remove cloud-init-no-user-lock-if-already-locked.patch
cloud-init 18.4 is not supported on SLE 11 code base
+ Remove 0001-Support-chrony-configuration-lp-1731619.patch
Included upstream
+ Remove 0003-Distro-dependent-chrony-config-file.patch
Included upstream
+ Remove 0001-switch-to-using-iproute2-tools.patch
Included upstream
+ Remove cloud-init-no-python-linux-dist.patch
Included upstream
+ Remove cloud-init-no-trace-empt-sect.patch
Included upstream
+ Remove cloud-init-setpath-dsitentify.patch
Included upstream
+ Modify fix-default-systemd-unit-dir.patch
Use pkg-config, only modify the generator
+ Remove cloud-init-sysconfig-netpathfix.patch
Fixed upstream
+ Removed cloud-init-skip-ovf-tests.patch
Fixed upstream
+ Removed cloud-init-translate-netconf-ipv4-keep-gw.patch
Fixed upstream
+ Add cloud-init-template-py2.patch avoid Python 3 dependency when we build
for distros with Python 2 support
+ Add 0001-Follow-the-ever-bouncing-ball-for-openSUSE-distribut.patch
+ Add 0002-Add-tests-for-additional-openSUSE-distro-condition-m.patch
+ Add cloud-init-sysconf-path.patch
+ Add cloud-init-sysconf-ethsetup.patch
+ Add 0001-Fix-the-service-order-for-SUSE-distributions.patch
+ Add dhcp-client as requirement
cloud-init uses dhclient to setup temporary network for
metadata retrieval. THis is needed until lp#1733226 is addressed
+ add rtd example docs about new standardized keys
+ use ds._crawled_metadata instance attribute if set when writing
instance-data.json
+ ec2: update crawled metadata. add standardized keys
+ tests: allow skipping an entire cloud_test without running.
+ tests: disable lxd tests on cosmic
+ cii-tests: use unittest2.SkipTest in ntp_chrony due to new deps
+ lxd: adjust to snap installed lxd.
+ docs: surface experimental doc in instance-data.json
+ tests: fix ec2 integration tests. process meta_data instead of meta-data
+ Add support for Infiniband network interfaces (IPoIB). [Mark Goddard]
+ cli: add cloud-init query subcommand to query instance metadata
+ tools/tox-venv: update for new features.
+ pylint: ignore warning assignment-from-no-return for _write_network
+ stages: Fix bug causing datasource to have incorrect sys_cfg.
(LP: #1787459)
+ Remove dead-code _write_network distro implementations.
+ net_util: ensure static configs have netmask in translate_network result
[Thomas Berger] (LP: #1792454)
+ Fall back to root:root on syslog permissions if other options fail.
[Robert Schweikert]
+ tests: Add mock for util.get_hostname. [Robert Schweikert] (LP: #1792799)
+ ds-identify: doc string cleanup.
+ OpenStack: Support setting mac address on bond.
[Fabian Wiesel] (LP: #1682064)
+ bash_completion/cloud-init: fix shell syntax error.
+ EphemeralIPv4Network: Be more explicit when adding default route.
(LP: #1792415)
+ OpenStack: support reading of newer versions of metdata.
+ OpenStack: fix bug causing 'latest' version to be used from network.
(LP: #1792157)
+ user-data: jinja template to render instance-data.json in cloud-config
(LP: #1791781)
+ config: disable ssh access to a configured user account
+ tests: print failed testname instead of docstring upon failure
+ tests: Disallow use of util.subp except for where needed.
+ sysconfig: refactor sysconfig to accept distro specific templates paths
+ Add unit tests for config/cc_ssh.py [Francis Ginther]
+ Fix the built-in cloudinit/tests/helpers:skipIf
+ read-version: enhance error message [Joshua Powers]
+ hyperv_reporting_handler: simplify threaded publisher
+ VMWare: Fix a network config bug in vm with static IPv4 and no gateway.
[Pengpeng Sun] (LP: #1766538)
+ logging: Add logging config type hyperv for reporting via Azure KVP
[Andy Liu]
+ tests: disable other snap test as well [Joshua Powers]
+ tests: disable snap, fix write_files binary [Joshua Powers]
+ Add datasource Oracle Compute Infrastructure (OCI).
+ azure: allow azure to generate network configuration from IMDS per boot.
+ Scaleway: Add network configuration to the DataSource [Louis Bouchard]
+ docs: Fix example cloud-init analyze command to match output.
[Wesley Gao]
+ netplan: Correctly render macaddress on a bonds and bridges when
provided. (LP: #1784699)
+ tools: Add 'net-convert' subcommand command to 'cloud-init devel'.
+ redhat: remove ssh keys on new instance. (LP: #1781094)
+ Use typeset or local in profile.d scripts. (LP: #1784713)
+ OpenNebula: Fix null gateway6 [Akihiko Ota] (LP: #1768547)
+ oracle: fix detect_openstack to report True on OracleCloud.com DMI data
(LP: #1784685)
+ tests: improve LXDInstance trying to workaround or catch bug.
+ update_metadata re-config on every boot comments and tests not quite
right [Mike Gerdts]
+ tests: Collect build_info from system if available.
+ pylint: Fix pylint warnings reported in pylint 2.0.0.
+ get_linux_distro: add support for rhel via redhat-release.
+ get_linux_distro: add support for centos6 and rawhide flavors of redhat
(LP: #1781229)
+ tools: add '--debug' to tools/net-convert.py
+ tests: bump the version of paramiko to 2.4.1.
+ docs: note in rtd about avoiding /tmp when writing files (LP: #1727876)
+ ubuntu,centos,debian: get_linux_distro to align with platform.dist
(LP: #1780481)
+ Fix boothook docs on environment variable name (INSTANCE_I ->
INSTANCE_ID) [Marc Tamsky]
+ update_metadata: a datasource can support network re-config every boot
+ tests: drop salt-minion integration test (LP: #1778737)
+ Retry on failed import of gpg receive keys.
+ tools: Fix run-container when neither source or binary package requested.
+ docs: Fix a small spelling error. [Oz N Tiram]
+ tox: use simplestreams from git repository rather than bzr.
- From 18.3
+ docs: represent sudo:false in docs for user_groups config module
+ Explicitly prevent `sudo` access for user module
[Jacob Bednarz] (LP: #1771468)
+ lxd: Delete default network and detach device if lxd-init created them.
(LP: #1776958)
+ openstack: avoid unneeded metadata probe on non-openstack platforms
(LP: #1776701)
+ stages: fix tracebacks if a module stage is undefined or empty
[Robert Schweikert] (LP: #1770462)
+ Be more safe on string/bytes when writing multipart user-data to disk.
(LP: #1768600)
+ Fix get_proc_env for pids that have non-utf8 content in environment.
(LP: #1775371)
+ tests: fix salt_minion integration test on bionic and later
+ tests: provide human-readable integration test summary when --verbose
+ tests: skip chrony integration tests on lxd running artful or older
+ test: add optional --preserve-instance arg to integraiton tests
+ netplan: fix mtu if provided by network config for all rendered types
(LP: #1774666)
+ tests: remove pip install workarounds for pylxd, take upstream fix.
+ subp: support combine_capture argument.
+ tests: ordered tox dependencies for pylxd install
+ util: add get_linux_distro function to replace platform.dist
[Robert Schweikert] (LP: #1745235)
+ pyflakes: fix unused variable references identified by pyflakes 2.0.0.
+ Do not use the systemd_prefix macro, not available in this environment
[Robert Schweikert]
+ doc: Add config info to ec2, openstack and cloudstack datasource docs
+ Enable SmartOS network metadata to work with netplan via per-subnet
routes [Dan McDonald] (LP: #1763512)
+ openstack: Allow discovery in init-local using dhclient in a sandbox.
(LP: #1749717)
+ tests: Avoid using https in httpretty, improve HttPretty test case.
(LP: #1771659)
+ yaml_load/schema: Add invalid line and column nums to error message
+ Azure: Ignore NTFS mount errors when checking ephemeral drive
[Paul Meyer]
+ packages/brpm: Get proper dependencies for cmdline distro.
+ packages: Make rpm spec files patch in package version like in debs.
+ tools/run-container: replace tools/run-centos with more generic.
+ Update version.version_string to contain packaged version. (LP: #1770712)
+ cc_mounts: Do not add devices to fstab that are already present.
[Lars Kellogg-Stedman]
+ ds-identify: ensure that we have certain tokens in PATH. (LP: #1771382)
+ tests: enable Ubuntu Cosmic in integration tests [Joshua Powers]
+ read_file_or_url: move to url_helper, fix bug in its FileResponse.
+ cloud_tests: help pylint [Ryan Harper]
+ flake8: fix flake8 errors in previous commit.
+ typos: Fix spelling mistakes in cc_mounts.py log messages [Stephen Ford]
+ tests: restructure SSH and initial connections [Joshua Powers]
+ ds-identify: recognize container-other as a container, test SmartOS.
+ cloud-config.service: run After snap.seeded.service. (LP: #1767131)
+ tests: do not rely on host /proc/cmdline in test_net.py
[Lars Kellogg-Stedman] (LP: #1769952)
+ ds-identify: Remove dupe call to is_ds_enabled, improve debug message.
+ SmartOS: fix get_interfaces for nics that do not have addr_assign_type.
+ tests: fix package and ca_cert cloud_tests on bionic
(LP: #1769985)
+ ds-identify: make shellcheck 0.4.6 happy with ds-identify.
+ pycodestyle: Fix deprecated string literals, move away from flake8.
+ azure: Add reported ready marker file. [Joshua Chan] (LP: #1765214)
+ tools: Support adding a release suffix through packages/bddeb.
+ FreeBSD: Invoke growfs on ufs filesystems such that it does not prompt.
[Harm Weites] (LP: #1404745)
+ tools: Re-use the orig tarball in packages/bddeb if it is around.
+ netinfo: fix netdev_pformat when a nic does not have an address
assigned. (LP: #1766302)
+ collect-logs: add -v flag, write to stderr, limit journal to single
boot. (LP: #1766335)
+ IBMCloud: Disable config-drive and nocloud only if IBMCloud is enabled.
(LP: #1766401)
+ Add reporting events and log_time around early source of blocking time
[Ryan Harper]
+ IBMCloud: recognize provisioning environment during debug boots.
(LP: #1767166)
+ net: detect unstable network names and trigger a settle if needed
[Ryan Harper] (LP: #1766287)
+ IBMCloud: improve documentation in datasource.
+ sysconfig: dhcp6 subnet type should not imply dhcpv4 [Vitaly Kuznetsov]
+ packages/debian/control.in: add missing dependency on iproute2.
(LP: #1766711)
+ DataSourceSmartOS: add locking of serial device.
[Mike Gerdts] (LP: #1746605)
+ DataSourceSmartOS: sdc:hostname is ignored [Mike Gerdts] (LP: #1765085)
+ DataSourceSmartOS: list() should always return a list
[Mike Gerdts] (LP: #1763480)
+ schema: in validation, raise ImportError if strict but no jsonschema.
+ set_passwords: Add newline to end of sshd config, only restart if
updated. (LP: #1677205)
+ pylint: pay attention to unused variable warnings.
+ doc: Add documentation for AliYun datasource. [Junjie Wang]
+ Schema: do not warn on duplicate items in commands. (LP: #1764264)
+ net: Depend on iproute2's ip instead of net-tools ifconfig or route
+ DataSourceSmartOS: fix hang when metadata service is down
[Mike Gerdts] (LP: #1667735)
+ DataSourceSmartOS: change default fs on ephemeral disk from ext3 to
ext4. [Mike Gerdts] (LP: #1763511)
+ pycodestyle: Fix invalid escape sequences in string literals.
+ Implement bash completion script for cloud-init command line
[Ryan Harper]
+ tools: Fix make-tarball cli tool usage for development
+ renderer: support unicode in render_from_file.
+ Implement ntp client spec with auto support for distro selection
[Ryan Harper] (LP: #1749722)
+ Apport: add Brightbox, IBM, LXD, and OpenTelekomCloud to list of clouds.
+ tests: fix ec2 integration network metadata validation
+ tests: fix integration tests to support lxd 3.0 release
+ correct documentation to match correct attribute name usage.
[Dominic Schlegel] (LP: #1420018)
+ cc_resizefs, util: handle no /dev/zfs [Ryan Harper]
+ doc: Fix links in OpenStack datasource documentation.
[Dominic Schlegel] (LP: #1721660)
- Add a modified version of fix-default-systemd-unit-dir.patch
+ Removed pre-maturely, still needs 1 part of the patch
- Remove fix-default-systemd-unit-dir.patch
+ No longer needed, proper systemd config dir is queried from pckg-config
- The distribution inidcator is set to suse during template expansion,
we do not replace anything set to ubuntu
- Do not run cloud-init after network-online, this breaks functionality in
cloud-init. Certain parts of the code running in this phase expect to run
before the network is on-line. This "/re-introduces"/ boo#1097388. But the
changes made are not generic enough.
- Root should not be enabled by default. For image builders/users that want
root access by default they should provide an appropriate configuration
file during image build or image setup
- Let distribution default to opensuse/sles (boo#1099340)
- do not disable root user to make it easier to work with
- Run metadata detection after network-online (boo#1097388)
- Re-add generator (bsc#1089824, boo#1093501)
+ Add cloud-init-setpath-dsitentify.patch, upstream solution to
hanle PATH issue
+ Re-enable th egenerator to reduce effort in cloud-init configuration
- Drop the generator (bsc#1089824, boo#1093501)
+ The generator spawns a script called ds-identify which in turn calls
blkid. When the generator executes the environment may or may not be
ready. The generator speeds up the boot process in cases where
cloud-init is enabled but we are not in an environment where cloud-init
should run -> Don't do that.
- Update to version 18.2 (bsc#1092637, bsc#1084509)
+ Forward port cloud-init-python2-sigpipe.patch
+ Forward port cloud-init-no-python-linux-dist.patch
+ Add cloud-init-no-trace-empt-sect.patch
+ Hetzner: Exit early if dmi system-manufacturer is not Hetzner.
+ Add missing dependency on isc-dhcp-client to trunk ubuntu packaging.
+ (LP: #1759307)
+ FreeBSD: resizefs module now able to handle zfs/zpool.
+ [Dominic Schlegel] (LP: #1721243)
+ cc_puppet: Revert regression of puppet creating ssl and ssl_cert dirs
+ Enable IBMCloud datasource in settings.py.
+ IBMCloud: Initial IBM Cloud datasource.
+ tests: remove jsonschema from xenial tox environment.
+ tests: Fix newly added schema unit tests to skip if no jsonschema.
+ ec2: Adjust ec2 datasource after exception_cb change.
+ Reduce AzurePreprovisioning HTTP timeouts.
+ [Douglas Jordan] (LP: #1752977)
+ Revert the logic of exception_cb in read_url.
+ [Kurt Garloff] (LP: #1702160, #1298921)
+ ubuntu-advantage: Add new config module to support
+ ubuntu-advantage-tools
+ Handle global dns entries in netplan (LP: #1750884)
+ Identify OpenTelekomCloud Xen as OpenStack DS.
+ [Kurt Garloff] (LP: #1756471)
+ datasources: fix DataSource subclass get_hostname method signature
+ (LP: #1757176)
+ OpenNebula: Update network to return v2 config rather than ENI.
+ [Akihiko Ota]
+ Add Hetzner Cloud DataSource
+ net: recognize iscsi root cases without ip= on kernel command line.
+ (LP: #1752391)
+ tests: fix flakes warning for unused variable
+ tests: patch leaked stderr messages from snap unit tests
+ cc_snap: Add new module to install and configure snapd and snap
+ packages.
+ tests: Make pylint happy and fix python2.6 uses of assertRaisesRegex.
+ netplan: render bridge port-priority values (LP: #1735821)
+ util: Fix subp regression. Allow specifying subp command as a string.
+ (LP: #1755965)
+ doc: fix all warnings issued by 'tox -e doc'
+ FreeBSD: Set hostname to FQDN. [Dominic Schlegel] (LP: #1753499)
+ tests: fix run_tree and bddeb
+ tests: Fix some warnings in tests that popped up with newer python.
+ set_hostname: When present in metadata, set it before network bringup.
+ (LP: #1746455)
+ tests: Centralize and re-use skipTest based on json schema presense.
+ This commit fixes get_hostname on the AzureDataSource.
+ [Douglas Jordan] (LP: #1754495)
+ shellify: raise TypeError on bad input.
+ Make salt minion module work on FreeBSD.
+ [Dominic Schlegel] (LP: #1721503)
+ Simplify some comparisions. [Rémy Léone]
+ Change some list creation and population to literal. [Rémy Léone]
+ GCE: fix reading of user-data that is not base64 encoded. (LP: #1752711)
+ doc: fix chef install from apt packages example in RTD.
+ Implement puppet 4 support [Romanos Skiadas] (LP: #1446804)
+ subp: Fix subp usage with non-ascii characters when no system locale.
+ (LP: #1751051)
+ salt: configure grains in grains file rather than in minion config.
[Daniel Wallace]
- Update to version 18.1 (bsc#1085787, bsc#1084749)
+ Forward port cloud-init-python2-sigpipe.patch
+ Forward port 0003-Distro-dependent-chrony-config-file.patch
partial integration into 0001-Support-chrony-configuration-lp-1731619.patch
+ Forward port cloud-init-no-python-linux-dist.patch
+ Remove 0002-Disable-method-deprecation-warning-for-pylint.patch
use new cloud-init internal distro detection code
+ Remove cloud-init-resize-ro-btrfs.patch included upstream
+ Remove 0001-Set-syslog_fix_perms-for-SUSE-distro-addresses-bsc-1.patch
included upstream
+ OVF: Fix VMware support for 64-bit platforms. [Sankar Tanguturi]
+ ds-identify: Fix searching for iso9660 OVF cdroms. (LP: #1749980)
+ SUSE: Fix groups used for ownership of cloud-init.log [Robert Schweikert]
+ ds-identify: check /writable/system-data/ for nocloud seed.
(LP: #1747070)
+ tests: run nosetests in cloudinit/ directory, fix py26 fallout.
+ tools: run-centos: git clone rather than tar.
+ tests: add support for logs with lxd from snap and future lxd 3.
(LP: #1745663)
+ EC2: Fix get_instance_id called against cached datasource pickle.
(LP: #1748354)
+ cli: fix cloud-init status to report running when before result.json
(LP: #1747965)
+ net: accept network-config in netplan format for renaming interfaces
(LP: #1709715)
+ Fix ssh keys validation in ssh_util [Tatiana Kholkina]
+ docs: Update RTD content for cloud-init subcommands.
+ OVF: Extend well-known labels to include OVFENV. (LP: #1698669)
+ Fix potential cases of uninitialized variables. (LP: #1744796)
+ tests: Collect script output as binary, collect systemd journal, fix lxd.
+ HACKING.rst: mention setting user name and email via git config.
+ Azure VM Preprovisioning support. [Douglas Jordan] (LP: #1734991)
+ tools/read-version: Fix read-version when in a git worktree.
+ docs: Fix typos in docs and one debug message. [Florian Grignon]
+ btrfs: support resizing if root is mounted ro.
[Robert Schweikert] (LP: #1734787)
+ OpenNebula: Improve network configuration support.
[Akihiko Ota] (LP: #1719157, #1716397, #1736750)
+ tests: Fix EC2 Platform to return console output as bytes.
+ tests: Fix attempted use of /run in a test case.
+ GCE: Improvements and changes to ssh key behavior for default user.
[Max Illfelder] (LP: #1670456, #1707033, #1707037, #1707039)
+ subp: make ProcessExecutionError have expected types in stderr, stdout.
+ tests: when querying ntp server, do not do dns resolution.
+ Recognize uppercase vfat disk labels [James Penick] (LP: #1598783)
+ tests: remove zesty as supported OS to test [Joshua Powers]
+ Do not log warning on config files that represent None. (LP: #1742479)
+ tests: Use git hash pip dependency format for pylxd.
+ tests: add integration requirements text file [Joshua Powers]
+ MAAS: add check_instance_id based off oauth tokens. (LP: #1712680)
+ tests: update apt sources list test [Joshua Powers]
+ tests: clean up image properties [Joshua Powers]
+ tests: rename test ssh keys to avoid appearance of leaking private keys.
[Joshua Powers]
+ tests: Enable AWS EC2 Integration Testing [Joshua Powers]
+ cli: cloud-init clean handles symlinks (LP: #1741093)
+ SUSE: Add a basic test of network config rendering. [Robert Schweikert]
+ Azure: Only bounce network when necessary. (LP: #1722668)
+ lint: Fix lints seen by pylint version 1.8.1.
+ cli: Fix error in cloud-init modules --mode=init. (LP: #1736600)
- update cloud-init-sysconfig-netpathfix.patch:
* skip checking for files in /etc/sysconfig that never exist
on a wickedd based system
- Fix logfile permission settings (bsc#1080595)
+ Add 0001-Set-syslog_fix_perms-for-SUSE-distro-addresses-bsc-1.patch
- drop dependency on boto (only used in examples, and
should really be ported to botocore/boto3 instead)
- Update to version 17.2 (boo#1069635, bsc#1072811)
+ Add cloud-init-skip-ovf-tests.patch
+ Add cloud-init-no-python-linux-dist.patch
+ Add 0001-switch-to-using-iproute2-tools.patch
+ Add 0001-Support-chrony-configuration-lp-1731619.patch
+ Add 0002-Disable-method-deprecation-warning-for-pylint.patch
+ Add 0003-Distro-dependent-chrony-config-file.patch
+ removed cloud-init-add-variant-cloudcfg.patch replaced by
cloud-init-no-python-linux-dist.patch
+ removed zypp_add_repos.diff included upstream
+ removed zypp_add_repo_test.patch included upstream
+ removed cloud-init-hosts-template.patch included upstream
+ removed cloud-init-more-tasks.patch included upstream
+ removed cloud-init-final-no-apt.patch included upstream
+ removed cloud-init-ntp-conf-suse.patch included upstream
+ removed cloud-init-break-cycle-local-service.patch included upstream
+ removed cloud-init-reproduce-build.patch included upstream
+ For the complete changelog see https://launchpad.net/cloud-init/trunk/17.2
- patch distribution detection until a fix is delivered to python3 (bsc#997614)
add cloud-init-add-variant-cloudcfg.patch
- Fix usage of fdupes macro: there is no '-n' parameter to the
macro (there would be to fdupes, the command, though).
- Add cloud-init-reproduce-build.patch (boo#1069635)
+ Make builds reproducible
- Add cloud-init-resize-ro-btrfs.patch
+ cc_resizefs fails if the current root is a read-only btrfs
subvolume, use an always writeable subvolume instead [bsc#1042913]
- Add cloud-init-break-cycle-local-service.patch
+ Let systemd pull in the default targets. This breaks a cycle
- Fix variable name in cloud-init-translate-netconf-ipv4-keep-gw.patch
- Add cloud-init-translate-netconf-ipv4-keep-gw.patch (boo#1064854)
+ Properly insert the gateway information for v1 json network config data
- Add cloud-init-ntp-conf-suse.patch
+ ntp configuration was broken on sles and opensuse lp#1726572
- Add cloud-init-hosts-template.patch (bsc#1064594)
+ Properly expand the /etc/hosst file when manage_etc_hosts is set
- Fix sed expression to set distro properly (boo#1063716)
- Update to version 17.1 (bsc#1035106)
+ Version numbering scheme change now YY.NUMBER_OF_RELESE_THAT_YEAR
+ Remove cloud.cfg.suse, use generated default config file
+ Remove addopenSUSEBase.patch, included upstream
+ Remove suseIntegratedHandler.patch, included upstream
+ Remove openSUSEhostsTemplate.diff, included upstream
+ Remove cloud-init-handle-no-carrier.patch, included upstream
+ Remove cloud-init-digital-ocean-datasource.patch,
use upstream implementation
+ Remove cloud-init-digital-ocean-datasource-enable-by-default.patch,
use upstream implementation
+ Remove cloud-init-fix-unicode-handling-binarydecode.patch,
included upstream
+ Remove cloud-init-no-dmidecode-on-ppc64.patch, included upstream
+ Remove dataSourceOpenNebula.patch, use upstream implementation
+ Remove setupSUSEsysVInit.diff, included upstream
+ Remove suseSysVInit.diff, included upstream
+ Remove cloud-init-finalbeforelogin.patch, don't block login
+ Remove cloud-init-handle-not-implemented-query.patch, query option removed
+ Remove cloud-init-spceandtabs-clean.patch, indentation fixed upstream
+ Remove dynamicInitCmd.diff, different solution from upstream
+ Added cloud-init-more-tasks.patch, (bsc#1047363)
replace cloud-init-finalbeforelogin.patch
+ Forward port cloud-init-python2-sigpipe.patch
+ Remove cloud-init-net-eni.patch, included upstream
+ Remove cloud-init-service.patch, included upstream
+ Forward port cloud-init-sysconfig-netpathfix.patch
+ Remove cloud-init-net-sysconfig-lp1665441.patch, included upstream
+ Remove cloud-init-python26.patch, included upstream
+ Remove skip-argparse-on-python3.patch
+ Add cloud-init-tests-set-exec.patch
+ Add cloud-init-final-no-apt.patch
+ Add zypp_add_repo_test.patch
+ doc: document GCE datasource. [Arnd Hannemann]
+ suse: updates to templates to support openSUSE and SLES.
+ [Robert Schweikert] (LP: #1718640)
+ suse: Copy sysvinit files from redhat with slight changes.
+ [Robert Schweikert] (LP: #1718649)
+ docs: fix sphinx module schema documentation [Chad Smith]
+ tests: Add cloudinit package to all test targets [Chad Smith]
+ Makefile: No longer look for yaml files in obsolete ./bin/.
+ tests: fix ds-identify unit tests to set EC2_STRICT_ID_DEFAULT.
+ ec2: Fix maybe_perform_dhcp_discovery to use /var/tmp as a tmpdir
+ [Chad Smith] (LP: #1717627)
+ Azure: wait longer for SSH pub keys to arrive.
+ [Paul Meyer] (LP: #1717611)
+ GCE: Fix usage of user-data. (LP: #1717598)
+ cmdline: add collect-logs subcommand. [Chad Smith] (LP: #1607345)
+ CloudStack: consider dhclient lease files named with a hyphen.
+ (LP: #1717147)
+ resizefs: Drop check for read-only device file, do not warn on
+ overlayroot. [Chad Smith]
+ Do not provide systemd-fsck drop-in which could cause ordering cycles.
+ [Balint Reczey] (LP: #1717477)
+ tests: Enable the NoCloud KVM platform [Joshua Powers]
+ resizefs: pass mount point to xfs_growfs [Dusty Mabe]
+ vmware: Enable nics before sending the SUCCESS event. [Sankar Tanguturi]
+ cloud-config modules: honor distros definitions in each module
+ [Chad Smith] (LP: #1715738, #1715690)
+ chef: Add option to pin chef omnibus install version
+ [Ethan Apodaca] (LP: #1462693)
+ tests: execute: support command as string [Joshua Powers]
+ schema and docs: Add jsonschema to resizefs and bootcmd modules
+ [Chad Smith]
+ tools: Add xkvm script, wrapper around qemu-system [Joshua Powers]
+ vmware customization: return network config format
+ [Sankar Tanguturi] (LP: #1675063)
+ Ec2: only attempt to operate at local mode on known platforms.
+ (LP: #1715128)
+ Use /run/cloud-init for tempfile operations. (LP: #1707222)
+ ds-identify: Make OpenStack return maybe on arch other than intel.
+ (LP: #1715241)
+ tests: mock missed openstack metadata uri network_data.json
+ [Chad Smith] (LP: #1714376)
+ relocate tests/unittests/helpers.py to cloudinit/tests
+ [Lars Kellogg-Stedman]
+ tox: add nose timer output [Joshua Powers]
+ upstart: do not package upstart jobs, drop ubuntu-init-switch module.
+ tests: Stop leaking calls through unmocked metadata addresses
+ [Chad Smith] (LP: #1714117)
+ distro: allow distro to specify a default locale [Ryan Harper]
+ tests: fix two recently added tests for sles distro.
+ url_helper: dynamically import oauthlib import from inside oauth_headers
+ [Chad Smith]
+ tox: make xenial environment run with python3.6
+ suse: Add support for openSUSE and return SLES to a working state.
+ [Robert Schweikert]
+ GCE: Add a main to the GCE Datasource.
+ ec2: Add IPv6 dhcp support to Ec2DataSource. [Chad Smith] (LP: #1639030)
+ url_helper: fail gracefully if oauthlib is not available
+ [Lars Kellogg-Stedman] (LP: #1713760)
+ cloud-init analyze: fix issues running under python 2. [Andrew Jorgensen]
+ Configure logging module to always use UTC time.
+ [Ryan Harper] (LP: #1713158)
+ Log a helpful message if a user script does not include shebang.
+ [Andrew Jorgensen]
+ cli: Fix command line parsing of coniditionally loaded subcommands.
+ [Chad Smith] (LP: #1712676)
+ doc: Explain error behavior in user data include file format.
+ [Jason Butz]
+ cc_landscape & cc_puppet: Fix six.StringIO use in writing configs
+ [Chad Smith] (LP: #1699282, #1710932)
+ schema cli: Add schema subcommand to cloud-init cli and cc_runcmd schema
+ [Chad Smith]
+ Debian: Remove non-free repositories from apt sources template.
+ [Joonas Kylmälä] (LP: #1700091)
+ tools: Add tooling for basic cloud-init performance analysis.
+ [Chad Smith] (LP: #1709761)
+ network: add v2 passthrough and fix parsing v2 config with bonds/bridge
+ params [Ryan Harper] (LP: #1709180)
+ doc: update capabilities with features available, link doc reference,
+ cli example [Ryan Harper]
+ vcloud directory: Guest Customization support for passwords
+ [Maitreyee Saikia]
+ ec2: Allow Ec2 to run in init-local using dhclient in a sandbox.
+ [Chad Smith] (LP: #1709772)
+ cc_ntp: fallback on timesyncd configuration if ntp is not installable
+ [Ryan Harper] (LP: #1686485)
+ net: Reduce duplicate code. Have get_interfaces_by_mac use
+ get_interfaces.
+ tests: Fix build tree integration tests [Joshua Powers]
+ sysconfig: Dont repeat header when rendering resolv.conf
+ [Ryan Harper] (LP: #1701420)
+ archlinux: Fix bug with empty dns, do not render 'lo' devices.
+ (LP: #1663045, #1706593)
+ cloudinit.net: add initialize_network_device function and tests
+ [Chad Smith]
+ makefile: fix ci-deps-ubuntu target [Chad Smith]
+ tests: adjust locale integration test to parse default locale.
+ tests: remove 'yakkety' from releases as it is EOL.
+ tests: Add initial tests for EC2 and improve a docstring.
+ locale: Do not re-run locale-gen if provided locale is system default.
+ archlinux: fix set hostname usage of write_file.
+ [Joshua Powers] (LP: #1705306)
+ sysconfig: support subnet type of 'manual'.
+ tools/run-centos: make running with no argument show help.
+ Drop rand_str() usage in DNS redirection detection
+ [Bob Aman] (LP: #1088611)
+ sysconfig: use MACADDR on bonds/bridges to configure mac_address
+ [Ryan Harper] (LP: #1701417)
+ net: eni route rendering missed ipv6 default route config
+ [Ryan Harper] (LP: #1701097)
+ sysconfig: enable mtu set per subnet, including ipv6 mtu
+ [Ryan Harper] (LP: #1702513)
+ sysconfig: handle manual type subnets [Ryan Harper] (LP: #1687725)
+ sysconfig: fix ipv6 gateway routes [Ryan Harper] (LP: #1694801)
+ sysconfig: fix rendering of bond, bridge and vlan types.
+ [Ryan Harper] (LP: #1695092)
+ Templatize systemd unit files for cross distro deltas. [Ryan Harper]
+ sysconfig: ipv6 and default gateway fixes. [Ryan Harper] (LP: #1704872)
+ net: fix renaming of nics to support mac addresses written in upper
+ case. (LP: #1705147)
+ tests: fixes for issues uncovered when moving to python 3.6.
+ (LP: #1703697)
+ sysconfig: include GATEWAY value if set in subnet
+ [Ryan Harper] (LP: #1686856)
+ Scaleway: add datasource with user and vendor data for Scaleway.
+ [Julien Castets]
+ Support comments in content read by load_shell_content.
+ cloudinitlocal fail to run during boot [Hongjiang Zhang]
+ doc: fix disk setup example table_type options
+ [Sandor Zeestraten] (LP: #1703789)
+ tools: Fix exception handling. [Joonas Kylmälä] (LP: #1701527)
+ tests: fix usage of mock in GCE test.
+ test_gce: Fix invalid mock of platform_reports_gce to return False
+ [Chad Smith]
+ test: fix incorrect keyid for apt repository.
+ [Joshua Powers] (LP: #1702717)
+ tests: Update version of pylxd [Joshua Powers]
+ write_files: Remove log from helper function signatures.
+ [Andrew Jorgensen]
+ doc: document the cmdline options to NoCloud [Brian Candler]
+ read_dmi_data: always return None when inside a container. (LP: #1701325)
+ requirements.txt: remove trailing white space.
+ Azure: Add network-config, Refactor net layer to handle duplicate macs.
+ [Ryan Harper]
+ Tests: Simplify the check on ssh-import-id [Joshua Powers]
+ tests: update ntp tests after sntp added [Joshua Powers]
+ FreeBSD: Make freebsd a variant, fix unittests and
+ tools/build-on-freebsd.
+ FreeBSD: fix test failure
+ FreeBSD: replace ifdown/ifup with "/ifconfig down"/ and "/ifconfig up"/.
+ [Hongjiang Zhang] (LP: #1697815)
+ FreeBSD: fix cdrom mounting failure if /mnt/cdrom/secure did not exist.
+ [Hongjiang Zhang] (LP: #1696295)
+ main: Don't use templater to format the welcome message
+ [Andrew Jorgensen]
+ docs: Automatically generate module docs form schema if present.
+ [Chad Smith]
+ debian: fix path comment in /etc/hosts template.
+ [Jens Sandmann] (LP: #1606406)
+ suse: add hostname and fully qualified domain to template.
+ [Jens Sandmann]
+ write_file(s): Print permissions as octal, not decimal [Andrew Jorgensen]
+ ci deps: Add --test-distro to read-dependencies to install all deps
+ [Chad Smith]
+ tools/run-centos: cleanups and move to using read-dependencies
+ pkg build ci: Add make ci-deps-<distro> target to install pkgs
+ [Chad Smith]
+ systemd: make cloud-final.service run before apt daily services.
+ (LP: #1693361)
+ selinux: Allow restorecon to be non-fatal. [Ryan Harper] (LP: #1686751)
+ net: Allow netinfo subprocesses to return 0 or 1.
+ [Ryan Harper] (LP: #1686751)
+ net: Allow for NetworkManager configuration [Ryan McCabe] (LP: #1693251)
+ Use distro release version to determine if we use systemd in redhat spec
+ [Ryan Harper]
+ net: normalize data in network_state object
+ Integration Testing: tox env, pyxld 2.2.3, and revamp framework
+ [Wesley Wiedenmeier]
+ Chef: Update omnibus url to chef.io, minor doc changes. [JJ Asghar]
+ tools: add centos scripts to build and test [Joshua Powers]
+ Drop cheetah python module as it is not needed by trunk [Ryan Harper]
+ rhel/centos spec cleanups.
+ cloud.cfg: move to a template. setup.py changes along the way.
+ Makefile: add deb-src and srpm targets. use PYVER more places.
+ makefile: fix python 2/3 detection in the Makefile [Chad Smith]
+ snap: Removing snapcraft plug line [Joshua Powers] (LP: #1695333)
+ RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration.
+ [Andreas Karis] (LP: #1696176)
+ test: Fix pyflakes complaint of unused import.
+ [Joshua Powers] (LP: #1695918)
+ NoCloud: support seed of nocloud from smbios information
+ [Vladimir Pouzanov] (LP: #1691772)
+ net: when selecting a network device, use natural sort order
+ [Marc-Aurèle Brothier]
+ fix typos and remove whitespace in various docs [Stephan Telling]
+ systemd: Fix typo in comment in cloud-init.target. [Chen-Han Hsiao]
+ Tests: Skip jsonschema related unit tests when dependency is absent.
+ [Chad Smith] (LP: #1695318)
+ azure: remove accidental duplicate line in merge.
+ azure: identify platform by well known value in chassis asset tag.
+ [Chad Smith] (LP: #1693939)
+ tools/net-convert.py: support old cloudinit versions by using kwargs.
+ ntp: Add schema definition and passive schema validation.
+ [Chad Smith] (LP: #1692916)
+ Fix eni rendering for bridge params that require repeated key for
+ values. [Ryan Harper]
+ net: remove systemd link file writing from eni renderer [Ryan Harper]
+ AliYun: Enable platform identification and enable by default.
+ [Junjie Wang] (LP: #1638931)
+ net: fix reading and rendering addresses in cidr format.
+ [Dimitri John Ledkov] (LP: #1689346, #1684349)
+ disk_setup: udev settle before attempting partitioning or fs creation.
+ (LP: #1692093)
+ GCE: Update the attribute used to find instance SSH keys.
+ [Daniel Watkins] (LP: #1693582)
+ nplan: For bonds, allow dashed or underscore names of keys.
+ [Dimitri John Ledkov] (LP: #1690480)
+ python2.6: fix unit tests usage of assertNone and format.
+ test: update docstring on test_configured_list_with_none
+ fix tools/ds-identify to not write None twice.
+ tox/build: do not package depend on style requirements.
+ cc_ntp: Restructure cc_ntp unit tests. [Chad Smith] (LP: #1692794)
+ flake8: move the pinned version of flake8 up to 3.3.0
+ tests: Apply workaround for snapd bug in test case. [Joshua Powers]
+ RHEL/CentOS: Fix dual stack IPv4/IPv6 configuration.
+ [Andreas Karis] (LP: #1679817, #1685534, #1685532)
+ disk_setup: fix several issues with gpt disk partitions. (LP: #1692087)
+ function spelling & docstring update [Joshua Powers]
+ Fixing wrong file name regression. [Joshua Powers]
+ tox: move pylint target to 1.7.1
+ Fix get_interfaces_by_mac for empty macs (LP: #1692028)
+ DigitalOcean: remove routes except for the public interface.
+ [Ben Howard] (LP: #1681531.)
+ netplan: pass macaddress, when specified, for vlans
+ [Dimitri John Ledkov] (LP: #1690388)
+ doc: various improvements for the docs on cc_users_groups.
+ [Felix Dreissig]
+ cc_ntp: write template before installing and add service restart
+ [Ryan Harper] (LP: #1645644)
+ cloudstack: fix tests to avoid accessing /var/lib/NetworkManager
+ [Lars Kellogg-Stedman]
+ tests: fix hardcoded path to mkfs.ext4 [Joshua Powers] (LP: #1691517)
+ Actually skip warnings when .skip file is present.
+ [Chris Brinker] (LP: #1691551)
+ netplan: fix netplan render_network_state signature.
+ [Dimitri John Ledkov] (LP: #1685944)
+ Azure: fix reformatting of ephemeral disks on resize to large types.
+ (LP: #1686514)
+ Revert "/tools/net-convert: fix argument order for render_network_state"/
+ make deb: Add devscripts dependency for make deb. Cleanup
+ packages/bddeb. [Chad Smith] (LP: #1685935)
+ tools/net-convert: fix argument order for render_network_state
+ [Ryan Harper] (LP: #1685944)
+ openstack: fix log message copy/paste typo in _get_url_settings
+ [Lars Kellogg-Stedman]
+ unittests: fix unittests run on centos [Joshua Powers]
+ Improve detection of snappy to include os-release and kernel cmdline.
+ (LP: #1689944)
+ Add address to config entry generated by _klibc_to_config_entry.
+ [Julien Castets] (LP: #1691135)
+ sysconfig: Raise ValueError when multiple default gateways are present.
+ [Chad Smith] (LP: #1687485)
+ FreeBSD: improvements and fixes for use on Azure
+ [Hongjiang Zhang] (LP: #1636345)
+ Add unit tests for ds-identify, fix Ec2 bug found.
+ fs_setup: if cmd is specified, use shell interpretation.
+ [Paul Meyer] (LP: #1687712)
+ doc: document network configuration defaults policy and formats.
+ [Ryan Harper]
+ Fix name of "/uri"/ key in docs for "/cc_apt_configure"/ module
+ [Felix Dreissig]
+ tests: Enable artful [Joshua Powers]
+ nova-lxd: read product_name from environment, not platform.
+ (LP: #1685810)
+ Fix yum repo config where keys contain array values
+ [Dylan Perry] (LP: #1592150)
+ template: Update debian backports template [Joshua Powers] (LP: #1627293)
+ rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
+ Doc: add additional RTD examples [Joshua Powers] (LP: #1459604)
+ Fix growpart for some cases when booted with root=PARTUUID.
+ (LP: #1684869)
+ pylint: update output style to parseable [Joshua Powers]
+ pylint: fix all logging warnings [Joshua Powers]
+ CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
+ [Syed]
+ net: kernel lies about vlans not stealing mac addresses, when they do
+ [Dimitri John Ledkov] (LP: #1682871)
+ ds-identify: Check correct path for "/latest"/ config drive
+ [Daniel Watkins] (LP: #1673637)
+ doc: Fix example for resolve.conf configuration.
+ [Jon Grimm] (LP: #1531582)
+ Fix examples that reference upstream chef repository.
+ [Jon Grimm] (LP: #1678145)
+ doc: correct grammar and improve clarity in merging documentation.
+ [David Tagatac]
+ doc: Add missing doc link to snap-config module. [Ryan Harper]
+ snap: allows for creating cloud-init snap [Joshua Powers]
+ DigitalOcean: assign IPv4ll address to lowest indexed interface.
+ [Ben Howard]
+ DigitalOcean: configure all NICs presented in meta-data. [Ben Howard]
+ Remove (and/or fix) URL shortener references [Jon Grimm] (LP: #1669727)
+ HACKING.rst: more info on filling out contributors agreement.
+ util: teach write_file about copy_mode option
+ [Lars Kellogg-Stedman] (LP: #1644064)
+ DigitalOcean: bind resolvers to loopback interface. [Ben Howard]
+ tests: fix AltCloud tests to not rely on blkid (LP: #1636531)
+ OpenStack: add 'dvs' to the list of physical link types. (LP: #1674946)
+ Fix bug that resulted in an attempt to rename bonds or vlans.
+ (LP: #1669860)
+ tests: update OpenNebula and Digital Ocean to not rely on host
+ interfaces.
+ net: in netplan renderer delete known image-builtin content.
+ (LP: #1675576)
+ doc: correct grammar in capabilities.rst [David Tagatac]
+ ds-identify: fix detecting of maas datasource. (LP: #1677710)
+ netplan: remove debugging prints, add debug logging [Ryan Harper]
+ ds-identify: do not write None twice to datasource_list.
+ support resizing partition and rootfs on system booted without
+ initramfs. [Steve Langasek] (LP: #1677376)
+ apt_configure: run only when needed. (LP: #1675185)
+ OpenStack: identify OpenStack by product 'OpenStack Compute'.
+ (LP: #1675349)
+ GCE: Search GCE in ds-identify, consider serial number in check.
+ (LP: #1674861)
+ Add support for setting hashed passwords [Tore S. Lonoy] (LP: #1570325)
+ Fix filesystem creation when using "/partition: auto"/
+ [Jonathan Ballet] (LP: #1634678)
+ ConfigDrive: support reading config drive data from /config-drive.
+ (LP: #1673411)
+ ds-identify: fix detection of Bigstep datasource. (LP: #1674766)
+ test: add running of pylint [Joshua Powers]
+ ds-identify: fix bug where filename expansion was left on.
+ advertise network config v2 support (NETWORK_CONFIG_V2) in features.
+ Bigstep: fix bug when executing in python3. [root]
+ Fix unit test when running in a system deployed with cloud-init.
+ Bounce network interface for Azure when using the built-in path.
+ [Brent Baude] (LP: #1674685)
+ cloudinit.net: add network config v2 parsing and rendering [Ryan Harper]
+ net: Fix incorrect call to isfile [Joshua Powers] (LP: #1674317)
+ net: add renderers for automatically selecting the renderer.
+ doc: fix config drive doc with regard to unpartitioned disks.
+ (LP: #1673818)
+ test: Adding integratiron test for password as list [Joshua Powers]
+ render_network_state: switch arguments around, do not require target
+ support 'loopback' as a device type.
+ Integration Testing: improve testcase subclassing [Wesley Wiedenmeier]
+ gitignore: adding doc/rtd_html [Joshua Powers]
+ doc: add instructions for running integration tests via tox.
+ [Joshua Powers]
+ test: avoid differences in 'date' output due to daylight savings.
+ Fix chef config module in omnibus install. [Jeremy Melvin] (LP: #1583837)
+ Add feature flags to cloudinit.version. [Wesley Wiedenmeier]
+ tox: add a citest environment
+ Further fix regression to support 'password' for default user.
+ fix regression when no chpasswd/list was provided.
+ Support chpasswd/list being a list in addition to a string.
+ [Sergio Lystopad] (LP: #1665694)
+ doc: Fix configuration example for cc_set_passwords module.
+ [Sergio Lystopad] (LP: #1665773)
+ net: support both ipv4 and ipv6 gateways in sysconfig.
+ [Lars Kellogg-Stedman] (LP: #1669504)
+ net: do not raise exception for > 3 nameservers
+ [Lars Kellogg-Stedman] (LP: #1670052)
+ ds-identify: report cleanups for config and exit value. (LP: #1669949)
+ ds-identify: move default setting for Ec2/strict_id to a global.
+ ds-identify: record not found in cloud.cfg and always add None.
+ Support warning if the used datasource is not in ds-identify's list.
+ tools/ds-identify: make report mode write namespaced results.
+ Move warning functionality to cloudinit/warnings.py
+ Add profile.d script for showing warnings on login.
+ Z99-cloud-locale-test.sh: install and make consistent.
+ tools/ds-identify: look at cloud.cfg when looking for ec2 strict_id.
+ tools/ds-identify: disable vmware_guest_customization by default.
+ tools/ds-identify: ovf identify vmware guest customization.
+ Identify Brightbox as an Ec2 datasource user. (LP: #1661693)
+ DatasourceEc2: add warning message when not on AWS.
+ ds-identify: add reading of datasource/Ec2/strict_id
+ tools/ds-identify: add support for found or maybe contributing config.
+ tools/ds-identify: read the seed directory on Ec2
+ tools/ds-identify: use quotes in local declarations.
+ tools/ds-identify: fix documentation of policy setting in a comment.
+ ds-identify: only run once per boot unless --force is given.
+ flake8: fix flake8 complaints in previous commit.
+ net: correct errors in cloudinit/net/sysconfig.py
+ [Lars Kellogg-Stedman] (LP: #1665441)
+ ec2_utils: fix MetadataLeafDecoder that returned bytes on empty
+ apply the runtime configuration written by ds-identify.
+ ds-identify: fix checking for filesystem label (LP: #1663735)
+ ds-identify: read ds=nocloud properly (LP: #1663723)
+ support nova-lxd by reading platform from environment of pid 1.
+ (LP: #1661797)
+ ds-identify: change aarch64 to use the default for non-dmi systems.
+ Remove style checking during build and add latest style checks to tox
+ [Joshua Powers] (LP: #1652329)
+ code-style: make master pass pycodestyle (2.3.1) cleanly, currently:
+ [Joshua Powers]
+ manual_cache_clean: When manually cleaning touch a file in instance dir.
+ Add tools/ds-identify to identify datasources available.
+ Fix small typo and change iso-filename for consistency [Robin Naundorf]
+ Fix eni rendering of multiple IPs per interface
+ [Ryan Harper] (LP: #1657940)
+ tools/mock-meta: support python2 or python3 and ipv6 in both.
+ tests: remove executable bit on test_net, so it runs, and fix it.
+ tests: No longer monkey patch httpretty for python 3.4.2
+ Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
+ [Lars Kellogg-Stedman] (LP: #1658174)
+ reset httppretty for each test [Lars Kellogg-Stedman] (LP: #1658200)
+ build: fix running Make on a branch with tags other than master
+ EC2: Do not cache security credentials on disk
+ [Andrew Jorgensen] (LP: #1638312)
+ doc: Fix typos and clarify some aspects of the part-handler
+ [Erik M. Bray]
+ doc: add some documentation on OpenStack datasource.
+ OpenStack: Use timeout and retries from config in get_data.
+ [Lars Kellogg-Stedman] (LP: #1657130)
+ Fixed Misc issues related to VMware customization. [Sankar Tanguturi]
+ Fix minor docs typo: perserve > preserve [Jeremy Bicha]
+ Use dnf instead of yum when available
+ [Lars Kellogg-Stedman] (LP: #1647118)
+ validate-yaml: use python rather than explicitly python3
+ Get early logging logged, including failures of cmdline url.
- From 0.7.9
+ doc: adjust headers in tests documentation for consistency.
+ pep8: fix issue found in zesty build with pycodestyle.
+ integration test: initial commit of integration test framework
+ [Wesley Wiedenmeier]
+ LICENSE: Allow dual licensing GPL-3 or Apache 2.0 [Jon Grimm]
+ Fix config order of precedence, putting kernel command line over system.
+ [Wesley Wiedenmeier] (LP: #1582323)
+ pep8: whitespace fix
+ Update the list of valid ssh keys. [Michael Felt]
+ network: add ENI unit test for statically rendered routes.
+ set_hostname: avoid erroneously appending domain to fqdn
+ [Lars Kellogg-Stedman] (LP: #1647910)
+ doc: change 'nobootwait' to 'nofail' in docs [Anhad Jai Singh]
+ Replace an expired bit.ly link in code comment.
+ user-groups: fix bug when groups was provided as string and had spaces
+ (LP: #1354694)
+ mounts: use mount -a again to accomplish mounts (LP: #1647708)
+ CloudSigma: Fix bug where datasource was not loaded in local search.
+ (LP: #1648380)
+ when adding a user, strip whitespace from group list [Lars Kellogg-Stedman]
+ (LP: #1354694)
+ fix decoding of utf-8 chars in yaml test
+ Replace usage of sys_netdev_info with read_sys_net (LP: #1625766)
+ fix problems found in python2.6 test.
+ OpenStack: extend physical types to include hyperv, hw_veb, vhost_user.
+ (LP: #1642679)
+ tests: fix assumptions that expected no eth0 in system. (LP: #1644043)
+ net/cmdline: Consider ip= or ip6= on command line not only ip=
+ (LP: #1639930)
+ Just use file logging by default (LP: #1643990)
+ Improve formatting for ProcessExecutionError [Wesley Wiedenmeier]
+ flake8: fix trailing white space
+ Doc: various documentation fixes [Sean Bright]
+ cloudinit/config/cc_rh_subscription.py: Remove repos before adding
+ [Brent Baude]
+ packages/redhat: fix rpm spec file.
+ main: set TZ in environment if not already set. [Ryan Harper]
+ Azure: No longer rely on walinux agent. (LP: #1538522)
+ disk_setup: Use sectors as unit when formatting MBR disks with sfdisk.
+ [Daniel Watkins] (LP: #1460715)
+ Add activate_datasource, for datasource specific code paths. (LP: #1611074)
+ systemd: cloud-init-local use RequiresMountsFor=/var/lib/cloud
+ (LP: #1642062)
+ systemd: cloud-init remove After=systemd-networkd-wait-online
+ systemd: cloud-init-local change Before basic to sysinit
+ pep8: fix style errors reported by pycodestyle 2.1.0
+ systemd: drop both Wants and After local-fs.target
+ systemd: networking service adjustments. (LP: #1636912)
+ systemd: replace Before=basic.target, dbus.target with sysinit.target
+ (LP: #1629797)
+ doc: Add documentation on stages of boot.
+ doc: make the RST files consistently formated and other improvements.
+ Ec2: fix syntax and tox in previous commit.
+ Ec2: protect against non-dictionary in block-device-mapping.
+ doc: fixed example to not overwrite /etc/hosts [Chris Glass]
+ Doc: fix spelling / typos in ca_certs and scripts_vendor.
+ pyflakes: fix issue with pyflakes 1.3 found in ubuntu zesty-proposed.
+ net/cmdline: Further adjustments to ipv6 support [LaMont Jones]
+ (LP: #1621615)
+ Add coverage dependency to bddeb to fix package build.
+ doc: improve HACKING.rst file
+ dmidecode: Allow dmidecode to be used on aarch64 [Robert Schweikert]
+ AliYun: Add new datasource for Ali-Cloud ECS [kaihuan.pkh]
+ Add coverage collection to tox unit tests. [Joshua Powers]
+ cc_users_groups: fix remaing call to ds.normalize_user_groups [Ryan Harper]
+ disk-config: udev settle after partitioning in gpt format. (LP: #1626243)
+ unittests: do not read system /etc/cloud/cloud.cfg.d (LP: #1635350)
+ Add documentation for logging features. [Wesley Wiedenmeier]
+ Add support for snap create-user on Ubuntu Core images. [Ryan Harper]
+ Fix sshd restarts for rhel distros. [Jim Gorz]
+ OpenNebula: replace 'ip' parsing with cloudinit.net usage.
+ Fix python2.6 things found running in centos 6.
+ Move user/group functions to new ug_util file
+ DigitalOcean: enable usage of data source by default.
+ update Gentoo initscripts to run in the correct order [Matthew Thode]
+ MAAS: improve the main of datasource to look at kernel cmdline config.
+ tests: silence the Cheetah UserWarning about NameMapper C version.
+ systemd: Run cloud-init.service Before dbus.socket not dbus.target
+ [Daniel Watkins] (LP: #1629797)
+ systemd: run cloud-init.service Before dbus.service (LP: #1629797)
+ unittests: fix use of mock 2.0 'assert_called' when running make check
+ [Ryan Harper]
+ Improve module documentation and doc cleanup. [Wesley Wiedenmeier]
+ lxd: Update network config for LXD 2.3 [Stéphane Graber]
+ DigitalOcean: use meta-data for network configruation [Ben Howard]
+ ntp: move to run after apt configuration (LP: #1628337)
+ Decode unicode types in decode_binary [Robert Schweikert]
+ systemd: Ensure that cloud-init-local happens before NetworkManager
+ Allow ephemeral drive to be unpartitioned [Paul Meyer]
+ subp: add 'update_env' argument
+ net: support reading ipv6 dhcp config from initramfs [LaMont Jones]
+ (LP: #1621615, #1621507)
+ Adjust mounts and disk configuration for systemd. (LP: #1611074)
+ dmidecode: run dmidecode only on i?86 or x86_64 arch. [Robert Schweikert]
+ systemd: put cloud-init.target After multi-user.target (LP: #1623868)
- add skip-argparse-on-python3.patch: don't depend on argparse
for python3, it is builtin there (as of python 3.2, so the
patch should be good enough)
- python_sitelib does not seem to exist for non single-spec
python modules, use python2_sitelib and python3_sitelib instead.
- Drop python-cheetah as requirement
+ Cheetah is no maintained and cloud-init switches to Jinja2 as
templating engine if Cheetah is not available
- Drop argparse as dependency for Py3 build
+ argparse is built into Python
- Modify cloud-init-finalbeforelogin.patch (bsc#1047363)
+ Support user processes running in coud-init-final to consume a
large number of threads.
- Modify cloud-init-service.patch (bsc#1055649)
+ Start after dbus.service, needed by hotnamectl
- Modify cloud-init-handle-not-implemented-query.patch
+ print needs () for Python3
- Add cloud-init-spceandtabs-clean.patch
+ Fix inconsistent use of spaces and tabs in various files
- Modify suseIntegratedHandler.patch
+ Fix mode setting passed to function for file writing
- Set packag up to build with Python 3 for distros later than SLE 12
- On Tumbleweed we need net-tools-deprecated to setup the network
- add cloud-init-net-sysconfig-lp1665441.patch (lp#1665441)
- Don't call insserv if we use systemd
- Do not set mount options for ephemeral drive, use the defaults
that are built into the code (bsc#930524)
- Update fix-default-systemd-unit-dir.patch (bsc#1024709)
+ based on work by Thomas Abraham
- Add cloud-init-handle-not-implemented-query.patch (boo#1017832)
- Require net-tools for network setup
- Configuration split (bsc#1016160)
- fix syntax error in datasource LocalDisk (fix got somehow lost)
- adjust license (as of 0.7.8 AGPL-3.0 was added)
- fix unintentional edit in last change again
- Modify suseIntegratedHandler.patch (bsc#998103)
+ Store previous hostname so update_hostname module does not
overwrite manually set hostnames
- cloud-init-python26.patch
+ Compatibility fixes with Python 2.6
- fix the cloud.cfg split, cyclic non-versioned dependencies are
bad. also fix changelog entries
- add datasourceLocalDisk.patch:
* Fix datasourceLocalDisk module in case directory exists but is
empty.
- Add Conflicts for otherproviders of cloud-init-config.
- Add require for python-six (used by several modules)
- Add LocalDisk datasource datasourceLocalDisk.patch [FATE#321107]
- Reworked zypp_add_repos.diff to behave similar to zypper ar
- Move cloud.cfg into an own sub-package, so that we can have
a product specific version. [FATE#322039]
- Add zypp_add_repos.diff to support repos for zypper [FATE#322038]
- Modify suseIntegratedHandler.patch (bsc#1007529)
+ Fall back to the previous method of writing network information
We have to work out upstream how to have distro specific renderer
for sysconfig
- Add cloud-init-sysconfig-netpathfix.patch (bsc#1007529)
+ Fix the default path for network scripts
- Cosmetic changes to suseIntegratedHandler.patch
- Update cloud-init-no-dmidecode-on-ppc64.patch (bsc#1005616)
+ aarch64 does support dmidecode
- Update cloud-init-service.patch
+ Break another cycle this one in -final
- Update cloud-init-service.patch
+ Better match upstream intend Ubuntu networking.service is equivalent
to SUSE wicked, thus we cannot translate networking to network, but need
to translate it to wicked
- Update cloud-init-service.patch
+ We need the following order:
- something brings networking fully up (in our case wicked)
- cloud-init.service runs
- network-online.target is reached
- Update cloud-init-service.patch
+ The network must be up an running in order to get ssh key injected
- Update cloud-init-service.patch
+ Had self reference and thus cloud-init.service was never executed
which caused ssh key loading failure
- Do not own /lib/udev to not conflict with udev rpm
- Forward port suseIntegratedHandler.patch
+ Implement new abstract interfaces
+ Some minor implementation fixes
- Appease the build service, differences between OBS and IBS,
and own the directories
- Fix package, udev rules should be in /usr for distros after
SLES 11
- add cloud-init-digital-ocean-datasource-enable-by-default.patch,
cloud-init-digital-ocean-datasource.patch: add DigitalOcean support
- run tests on build
- Add cloud-init-handle-no-carrier.patch (boo#1003977)
- Handle the exception when attempting to detect if the network
device is up when it is not
- Update cloud-init-service.patch (boo#999942)
- Backport upstream commits 3705bb5964a and 6e45ffb21e96
- Decoding error (boo#998843)
+ Added cloud-init-fix-unicode-handling-binarydecode.patch
- Fix dependencies, depends on oauthlib instead of oauth
- Fix dataSourceOpenNebula.patch, missing closing paren (boo#998836)
- Fix typo in cloud-init-service.patch
- update to version 0.7.8 (bsc#998103)
+ added cloud-init-net-eni.patch based on work by eblock
- Using config-drive instead of metadata failed because the network
translation to Ubuntu-style did not return gateway information to
opensuse.py
+ added cloud-init-service.patch based on work by eblock
- The service file cloud-init.service referenced networking.service
which on SUSE is network.service
+ remove no_logic_change.patch included in updated upstream source
+ forward port suseIntegratedHandler.patch
+ forward port setupSUSEsysVInit.diff
+ forward port cloud-init-no-dmidecode-on-ppc64.patch
+ foward port dataSourceOpenNebula.patch
+ forward port fix-default-systemd-unit-dir.patch
+ forward port cloud-init-finalbeforelogin.patch
+ forward port cloud-init-python2-sigpipe.patch
+ SmartOS: more improvements for network configuration
+ add ntp config module [Ryan Harper]
+ ChangeLog: update changelog for previous commit.
+ Add distro tags on config modules that should have it.
+ NoCloud: fix bug providing network-interfaces via meta-data. (LP: 1577982)
+ ConfigDrive: recognize 'tap' as a link type. (LP: #1610784)
+ Upgrade to a configobj package new enough to work
+ MAAS: add vendor-data support (LP: #1612313)
+ DigitalOcean: use the v1.json endpoint [Ben Howard]
+ Get Azure endpoint server from DHCP client [Brent Baude]
+ Apt: add new apt configuration format [Christian Ehrhardt]
+ distros: fix get_primary_arch method use of os.uname [Andrew Jorgensen]
+ Fix Gentoo net config generation [Matthew Thode]
+ Minor cleanups to atomic_helper and add unit tests.
+ azure dhclient-hook cleanups
+ network: fix get_interface_mac for bond slave, read_sys_net for ENOTDIR
+ Generate a dummy bond name for OpenStack (LP: #1605749)
+ add install option for openrc [Matthew Thode]
+ Add a module that can configure spacewalk.
+ python2.6: fix dict comprehension usage in _lsb_release.
+ apt-config: allow both old and new format to be present.
[Christian Ehrhardt] (LP: #1616831)
+ bddeb: add --release flag to specify the release in changelog.
+ salt minion: update default pki directory for newer salt minion.
(LP: #1609899)
+ Fix typo in default keys for phone_home [Roland Sommer] (LP: #1607810)
+ apt config conversion: treat empty string as not provided. (LP: #1621180)
+ tests: cleanup tempdirs in apt_source tests
+ systemd: Better support package and upgrade. (LP: #1576692, #1621336)
+ remove obsolete .bzrignore
+ DataSourceOVF: fix user-data as base64 with python3 (LP: #1619394)
+ Allow link type of null in network_data.json [Jon Grimm] (LP: #1621968)
from 0.7.7:
+ Digital Ocean: add datasource for Digital Ocean. [Neal Shrader]
+ expose uses_systemd as a distro function (fix rhel7)
+ fix broken 'output' config (LP: #1387340)
+ begin adding cloud config module docs to config modules (LP: #1383510)
+ retain trailing eol from template files (sources.list) when
rendered with jinja (LP: #1355343)
+ Only use datafiles and initsys addon outside virtualenvs
+ Fix the digital ocean test case on python 2.6
+ Increase the usefulness, robustness, configurability of the chef module
so that it is more useful, more documented and better for users
+ Fix how '=' signs are not handled that well in ssh_utils (LP: #1391303)
+ Be more tolerant of ssh keys passed into 'ssh_authorized_keys'; allowing
for list, tuple, set, dict, string types and warning on other unexpected
types
+ Update to use newer/better OMNIBUS_URL for chef module
+ GCE: Allow base64 encoded user-data (LP: #1404311) [Wayne Witzell III]
+ GCE: use short hostname rather than fqdn (LP: #1383794) [Ben Howard]
+ systemd: make init stage run before login prompts shown [Steve Langasek]
+ hostname: on first boot apply hostname to be same as is written for
persistent hostname. (LP: #1246485)
+ remove usage of dmidecode on linux in favor of /sys interface [Ben Howard]
+ python3 support [Barry Warsaw, Daniel Watkins, Josh Harlow] (LP: #1247132)
+ support managing gpt partitions in disk config [Daniel Watkins]
+ Azure: utilze gpt support for ephemeral formating [Daniel Watkins]
+ CloudStack: support fetching password from virtual router [Daniel Watkins]
(LP: #1422388)
+ readurl, read_file_or_url returns bytes, user must convert as necessary
+ SmartOS: use v2 metadata service (LP: #1436417) [Daniel Watkins]
+ NoCloud: fix local datasource claiming found without explicit dsmode
+ Snappy: add support for installing snappy packages and configuring.
+ systemd: use network-online instead of network.target (LP: #1440180)
[Steve Langasek]
+ Add functionality to fixate the uid of a newly added user.
+ Don't overwrite the hostname if the user has changed it after we set it.
+ GCE datasource does not handle instance ssh keys (LP: 1403617)
+ sysvinit: make cloud-init-local run before network (LP: #1275098)
[Surojit Pathak]
+ Azure: do not re-set hostname if user has changed it (LP: #1375252)
+ Fix exception when running with no arguments on Python 3. [Daniel Watkins]
+ Centos: detect/expect use of systemd on centos 7. [Brian Rak]
+ Azure: remove dependency on walinux-agent [Daniel Watkins]
+ EC2: know about eu-central-1 availability-zone (LP: #1456684)
+ Azure: remove password from on-disk ovf-env.xml (LP: #1443311) [Ben Howard]
+ Doc: include information on user-data in OpenStack [Daniel Watkins]
+ Systemd: check for systemd using sd_booted symantics (LP: #1461201)
[Lars Kellogg-Stedman]
+ Add an rh_subscription module to handle registration of Red Hat instances.
[Brent Baude]
+ cc_apt_configure: fix importing keys under python3 (LP: #1463373)
+ cc_growpart: fix specification of 'devices' list (LP: #1465436)
+ CloudStack: fix password setting on cloudstack > 4.5.1 (LP: #1464253)
+ GCE: fix determination of availability zone (LP: #1470880)
+ ssh: generate ed25519 host keys (LP: #1461242)
+ distro mirrors: provide datasource to mirror selection code to support
GCE regional mirrors. (LP: #1470890)
+ add udev rules that identify ephemeral device on Azure (LP: #1411582)
+ _read_dmi_syspath: fix bad log message causing unintended exception
+ rsyslog: add additional configuration mode (LP: #1478103)
+ status_wrapper in main: fix use of print_exc when handling exception
+ reporting: add reporting module for web hook or logging of events.
+ NoCloud: fix consumption of vendordata (LP: #1493453)
+ power_state_change: support 'condition' to disable or enable poweroff
+ ubuntu fan: support for config and installing of ubuntu fan (LP: #1504604)
+ Azure: support extracting SSH key values from ovf-env.xml (LP: #1506244)
+ AltCloud: fix call to udevadm settle (LP: #1507526)
+ Ubuntu templates: modify sources.list template to provide same sources
as install from server or desktop ISO. (LP: #1177432)
+ cc_mounts: use 'nofail' if system uses systemd. (LP: #1514485)
+ Azure: get instance id from dmi instead of SharedConfig (LP: #1506187)
+ systemd/power_state: fix power_state to work even if cloud-final
exited non-zero (LP: #1449318)
+ SmartOS: Add support for Joyent LX-Brand Zones (LP: #1540965)
[Robert C Jennings]
+ systemd: support using systemd-detect-virt to detect container
(LP: #1539016) [Martin Pitt]
+ docs: fix lock_passwd documentation [Robert C Jennings]
+ Azure: Handle escaped quotes in WALinuxAgentShim.find_endpoint.
(LP: #1488891) [Dan Watkins]
+ lxd: add support for setting up lxd using 'lxd init' (LP: #1522879)
+ Add Image Customization Parser for VMware vSphere Hypervisor
Support. [Sankar Tanguturi]
+ timezone: use a symlink rather than copy for /etc/localtime
unless it is already a file (LP: #1543025).
+ Enable password changing via a hashed string [Alex Sirbu]
+ Added BigStep datasource [Alex Sirbu]
+ No longer run pollinate in seed_random (LP: #1554152)
+ groups: add defalt user to 'lxd' group. Create groups listed
for a user if they do not exist. (LP: #1539317)
+ dmi data: fix failure of reading dmi data for unset dmi values
+ doc: mention label for nocloud datasource must be 'cidata' [Peter Hurley]
+ ssh_pwauth: fix module to support 'unchanged' and match behavior
described in documentation [Chris Cosby]
+ quickly check to see if the previous instance id is still valid to
avoid dependency on network metadata service on every boot (LP: #1553815)
+ support network configuration in cloud-init --local with support
device naming via systemd.link.
+ FreeBSD: add support for installing packages, setting password and
timezone. Change default user to 'freebsd'. [Ben Arblaster]
+ locale: list unsupported environment settings in warning (LP: #1558069)
+ disk_setup: correctly send --force to mkfs on block devices (LP: #1548772)
+ chef: fix chef install from gems (LP: #1553345)
+ systemd: do not specify After of obsolete syslog.target (LP: #1536964)
+ centos: Ensure that resolve conf object is written as a str (LP: #1479988)
+ chef: straighten out validation_cert and validation_key (LP: #1568940)
+ phone_home: allow usage of fqdn (LP: #1566824) [Ollie Armstrong]
+ cloudstack: Only use DHCPv4 lease files as a datasource (LP: #1576273)
[Wido den Hollander]
+ Paths: fix instance path if datasource's id has a '/'. (LP: #1575938)
[Robert Jennings]
+ Ec2: do not retry requests for user-data path on 404.
+ settings on the kernel command line (cc:) override all local settings
rather than only those in /etc/cloud/cloud.cfg (LP: #1582323)
+ Improve merging documentation [Daniel Watkins]
+ apt sources: support inserting key/key-id only, custom sources.list,
long gpg key fingerprints with spaces, and dictionary format (LP: #1574113)
+ SmartOS: datasource improvements and support for metadata service
providing networking information.
+ Datasources: centrally handle 'dsmode' and no longer require datasources
to "/pass"/ if modules_init should be executed with network access.
+ ConfigDrive: improved support for networking information from
a network_data.json or older interfaces formated network_config.
+ Change missing Cheetah log warning to debug [Andrew Jorgensen]
+ Remove trailing dot from GCE metadata URL (LP: #1581200) [Phil Roche]
+ support network rendering to sysconfig (for centos and RHEL)
+ write_files: if no permissions are given, just use default without warn.
+ user_data: fix error when user-data is not utf-8 decodable (LP: #1532072)
+ fix mcollective module with python3 (LP: #1597699) [Sergii Golovatiuk]
- Add cloud-init-python2-sigpipe.patch (bsc#903449)
+ Restore SIGPIPE default handler when executing shell scripts
- Add cloud-init-finalbeforelogin.patch (bsc#978048)
+ Ordering issue, avoid login prompt before cloud-init is finished
- Update suseIntegratedHandler.patch (bsc#971275)
+ Properly handle the package_upgrade configuration option
- Add dependency on jinja2 (bsc#948995,bsc#948996)
- Add no_logic_change.patch to undo upstream logic changes introduced during
style clean up
- Properly write the routes file for static networks (bnc#920190)
+ modify suseIntegratedHandler.patch
- Remove suseSetInitCmd.patch
+ is now integrated with suseIntegratedHandler.patch
- pmtools only exist on Intel architecture (bnc#928552)
- update to 0.7.6:
- open 0.7.6
- Enable vendordata on CloudSigma datasource (LP: #1303986)
- Poll on /dev/ttyS1 in CloudSigma datasource only if dmidecode says
we're running on cloudsigma (LP: #1316475) [Kiril Vladimiroff]
- SmartOS test: do not require existance of /dev/ttyS1. [LP: #1316597]
- doc: fix user-groups doc to reference plural ssh-authorized-keys
(LP: #1327065) [Joern Heissler]
- fix 'make test' in python 2.6
- support jinja2 as a templating engine. Drop the hard requirement on
cheetah. This helps in python3 effort. (LP: #1219223)
- change install path for systemd files to /lib/systemd/system
[Dimitri John Ledkov]
- change trunk debian packaging to use pybuild and drop cdbs.
[Dimitri John Ledkov]
- SeLinuxGuard: remove invalid check that looked for stat.st_mode in os.lstat.
- do not write comments in /etc/timezone (LP: #1341710)
- ubuntu: provide 'ubuntu-init-switch' module to aid in systemd testing.
- status/result json: remove 'end' entry which was always null
- systemd: make cloud-init block ssh service startup to guarantee keys
are generated. [Jordan Evans] (LP: #1333920)
- default settings: fix typo resulting in OpenStack and GCE not working
unless config explicitly provided (LP: #1329583) [Garrett Holmstrom])
- fix rendering resolv.conf if no 'options' are provided (LP: #1328953)
- docs: fix disk-setup to reference 'table_type' [Rail Aliiev] (LP: #1313114)
- ssh_authkey_fingerprints: fix bug that prevented disabling the module.
(LP: #1340903) [Patrick Lucas]
- no longer use pylint as a checker, fix pep8 [Jay Faulkner].
- Openstack: do not load some urls twice.
- FreeBsd: fix initscripts and add working config file [Harm Weites]
- Datasource: fix broken logic to provide hostname if datasource does not
provide one
- Improved and less verbose logging.
- resizefs: first check that device is writable.
- configdrive: fix reading of vendor data to be like metadata service reader.
[Jay Faulkner]
- resizefs: fix broken background resizing [Jay Faulkner] (LP: #1338614)
- cc_grub_dpkg: fix EC2 hvm instances to avoid prompt on grub update.
(LP: #1336855)
- FreeBsd: support config drive datasource [Joseph bajin]
- cc_mounts: support creating a swap file
- Refresh addopenSUSEBase.patch
- Refresh setupSUSEsysVInit.diff
- Removed cloudinit-datasources.patch. Applied upstream
- BuildRequires pkg-config. Needed to find correct systemd unit dir.
- Add fix-default-systemd-unit-dir.patch . Use better default for
systemd system unit dir.
- Fix (bnc#919305 & bnc#918952)
- Properly handle persistent network device names for OpenNebula
+ add dataSourceOpenNebula.patch
- Properly set up network mode if interface config file
+ modified suseIntegratedHandler.patch
- Require e2fsprogs for filesystem resizing
- Remove Requires for python-yaml . There's already the right
requirement for python-PyYAML
- fixed syntax error in dmidecode on ppc64 patch (bnc#914920)
- conntrack-tools
-
- conntrackd-cthelper-Add-new-SLP-helper.patch:
userspace conntrack helper for SLP (Service Location Protocol) to
replace SUSE specific kernel helper (rejected by upstream) from
openSUSE / SLE kernel packages (FATE#324143 bsc#1127886)
- run autoreconf before build (patch above touches Makefile.am)
- add commented out conntrack helper config example to default
conntrackd.conf
- drop deprecated (and ignored) options Nice and UNIX/Backlog from
default conntrackd.conf
- Fix 1.4.5 parser issues (bsc#1141480):
conntrackd-use-strncpy-to-unix-path.patch
conntrackd-Use-strdup-in-lexer.patch
conntrackd-use-correct-max-unix-path-length.patch
- Update to new upstream release 1.4.5
* new synproxy support
* improved logging support (both stdout/stderr and log files)
* new mDNS ct helper
* deprecate unix backlog configuration
* drop old/obsolete/deprecated conntrackd.conf config options
* improved support for UPnP in the SSDP ct helper
* add stronger TCP flags support
* conntrack CLI tool: new support for IPv6 NAT
* nfct CLI tool: some improvements to the build (-z lazy)
- Add tirpc for openSUSE 15 and onwards.
- submission from lars@linux-schulserver.de, partially applied
- split out new subpackage "/conntrackd"/ for the eponymous
daemon (has systemd dependencies)
- add systemd service, logrotate config, sample sysconfig,
and sample config file.
- Update to new upstream release 1.4.4
* conntrackd: add systemd support
* conntrack: support delete by label
* conntrack: add support for netmask filtering
* conntrack: add support for CIDR notation
* conntrack: Add missing tables "/dying"/ and "/unconfirmed"/
to usage output.
- Update to new upstream release 1.4.3
* conntrack: fix expectation entry creation
* expect: Fix wrong memset usage
* cthelper: don't pass up a 0 length queue
* conntrackd: allow strings with underscore from flex scanner
* conntrack: fix setting labels in updates
- Update to new git snapshot 1.4.2.g26
* Chromecast/SSDP support, SSDP userspace helper
* TFTP userspace helper support
* Support for attaching expectations via nfqueue
* Fix directory lookup for helper plugins
* Fixes a possible crash if conntrackd sees DCCP, SCTP and ICMPv6
traffic and the corresponding kernel modules that track this
traffic are not available. [bnc#942419, CVE-2015-6496]
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
- Update to new upstream release 1.4.2
* This release includes bugfixes and the connlabel support.
- containerd
-
- Add patch for CVE-2021-32760. bsc#1188282
+ bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
SLES:
- 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
bsc#1181594
- Install the containerd-shim* binaries and stop creating
docker-containerd-shim because that isn't used by Docker anymore.
bsc#1183024
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
* 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
bsc#1172377
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
bsc#1153367 bsc#1157330
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
bsc#1139649
- Remove containerd-test (it's not useful for actual testing).
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
bsc#1128376 boo#1134068
https://github.com/containerd/containerd/releases/tag/v1.2.5
- Update containerd to v1.2.4
* cri: Set /etc/hostname
* cri: Fix env performance issue
* runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
bsc#1121967 CVE-2019-5736
* cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
* Windows: NewDirectIOFromFIFOSet
* Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.3
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
bsc#1124308
* Fix rare deadlock on FIFO creation with timeout
* Fix a bug that a container can't be stopped or inspected when its
corresponding image is deleted
* Fix a bug that the cri plugin handles containerd events outside of
k8s.io namespace
more changes at:
https://github.com/containerd/containerd/releases/tag/v1.2.2
Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.1
https://github.com/containerd/containerd/releases/tag/v1.2.0
https://github.com/containerd/containerd/releases/tag/v1.1.4
https://github.com/containerd/containerd/releases/tag/v1.1.3
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
- 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "/go get -u"/
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
- Add backport of https://github.com/containerd/containerd/pull/2764, which is
required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
like emoji in shell scripts). bsc#1102522 bsc#1113313
+ 0001-makefile-remove-emoji.patch
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
bsc#1102522
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "/kubic"/ flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
- Update to containerd v1.1.1, which is the required version for the Docker
v18.06.0-ce upgrade. bsc#1102522
- Add backport of https://github.com/containerd/containerd/pull/2534 to make
the man page no longer pollute the global namespace.
+ 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
- bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
aligns with the upstream defaults where dockerd will execute
docker-containerd. Version upgrades of docker are expected to work more
smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
/usr/src/containerd/* rpmlint errors (which don't affect normal users of this
package).
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
- Review obsoletes tag to fix bsc#1080978
- Put containerd under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- do not build on s390, only on s390x (no go on s390)
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
packaged, but should only be used if the files are to be excluded
from a glob when they end up in a different package. Rather
remove the unwanted files in the install section.
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
requried by Docker 17.09.1_ce.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Set --start-timeout=2m by default to match upstream. bsc#1064926
- Use the upstream makefile so that Docker can get the commit ID in `docker
info`. This also will avoid possible future warnings being spit out like
bsc#1065109 and boo#1053532.
- Backport https://github.com/containerd/containerd/pull/1686, which is
required for the above fix. bsc#1065109 boo#1053532
+ bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
bugfixes missing).
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- change dependency to docker-runc
- fix golang requirement to 1.7 for the subpackages
- fix golang requirement to 1.7
- Replace %__-type macro indirections
- update containerd to the commit version needed for
docker-v17.04.0-ce (bsc#1034053)
fix bsc#1032769: containerd spurious messages filling journal
- make sure this package is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
is available in all archs
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
- update to docker 1.13.0 requirement
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
CVE-2016-9962 (bsc#1012568).
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
This fixes bsc#1015661
- fix runc version
fix bsc#1009961
- fix version so that it contains a sequence number and zypper does
not think is a downgrade
- fix bsc#1006368: docker/containerd is broken when installed by
SuSE Studio in an appliance: We were missing the
Requires(post): %fillup_prereq
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
(see RUNC_COMMIT in Dockerfile)
- update to commit 0366d7e which is the one required for docker-1.12.2
(bsc#1004490)
- fix go_arches definition: use global instead of define, otherwise
it fails to build
- Remove GOPATH at the end of the GOPATH assignment
cause GOPATH is empty and if we do that, we get the path "/"/
appended, which causes gcc6-go to complain
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
- Add containerd-test package which contains the source code and the test. This
package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
cp -avr. go list gets confused by symlinks hence, we need to copy the source
code anyway if we want to run unit tests during package build at some point.
* Explicitly state the version dependency for runC, to avoid potential
issues with incompatible component versions. These must be updated
* each time we do a release*. Unfortunately we cannot create a hard
dependency because that would conflict with Docker, and was a mistake
on upstream's part. bsc#993847
* Set --runtime option specifically to runC. bsc#978260
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
* Includes updates to the out-of-tree patches.
* Remove MountFlags=slave from containerd.service. This causes many issues with
interactions with Docker.
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
* Updated socket activation patches to use the same patchset that was merged
upstream (https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Removed aarch64 that was patched upstream:
- fix-aarch64-epoll.patch
* Update containerd to 0.2.1. Upstream changelog:
* Fixes for cgroup memory updates and process labeling.
* Truncate the event log on disk and in memory so that it does not
grow forever. This is mainly used for higher levels to receive past
events if they miss any.
* Use the gc compiler for aarch64 builds.
* Add a patch to fix the new aarch64 build support, which has not yet been
merged upstream (https://github.com/docker/containerd/pull/195):
+ fix-aarch64-epoll.patch
* Rebase the socket activation patchset which has yet to be merged
(https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Update to containerd 0.2.0. Changelog:
+ Add Limit to PidsStats
+ Add timeout flag for container start times.
+ Add timeout option for GRPC connection.
+ Add no_pivot_root support.
+ Add runtimeArgs to pass to shim
* Move epoll syscall to a separate package so we can build on aarch64.
* Fix ctr termios restoration isssues.
* Several bug fixes.
- Remove dependencies on larger packages.
* Use socket activation with the containerd-daemon. This requires a
not-yet-upstream patchset (https://github.com/docker/containerd/pull/178):
+ socket-activation-01-vendor.patch
+ socket-activation-02-daemon.patch
+ socket-activation-03-ctr.patch
* Remove MountFlags=slave since it's not relevant to containerd and might cause
issues in the future.
* Update to containerd 0.1.0. This required quite a few fixes.
* Add initial packaging of containerd 0.0.5.
* Add service and sysconfig files.
* Separately package the client from the server.
* Install to /usr/sbin.
- coreutils
-
- prepare usrmerge (boo#1029961)
- gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
avoid false-positive error in gnulib tests 'test-perror2' and
'test-strerror_r', visible on armv7l.
- coreutils.spec: Reference the patch.
- Drop suse-module-tools BuildRequires: this was used for the macro
regenerate_initrd_post/posttrans, which have been moved to
rpm-config-SUSE in Jan 2019.
- coreutils-gnulib-disable-test-float.patch: Add patch to temporarily
disable the gnulib test 'test-float' failing on ppc and ppc64le.
- coreutils.spec: Reference the patch. While at it, avoid conditional
Patch and Source entries as that break cross-platform builds from
source RPMs.
- add coreutils-use-python3.patch to minimally port away from
python 2.x use of pyinotify in the testsuite
- Update to 8.32:
* Noteworthy changes in release 8.32 (2020-03-05) [stable]
* * Bug fixes
cp now copies /dev/fd/N correctly on platforms like Solaris where
it is a character-special file whose minor device number is N.
[bug introduced in fileutils-4.1.6]
dd conv=fdatasync no longer reports a "/Bad file descriptor"/ error
when fdatasync is interrupted, and dd now retries interrupted calls
to close, fdatasync, fstat and fsync instead of incorrectly
reporting an "/Interrupted system call"/ error.
[bugs introduced in coreutils-6.0]
df now correctly parses the /proc/self/mountinfo file for unusual entries
like ones with 'r' in a field value ("/mount -t tmpfs tmpfs /foo$'r'bar"/),
when the source field is empty ('mount -t tmpfs "/"/ /mnt'), and when the
filesystem type contains characters like a blank which need escaping.
[bugs introduced in coreutils-8.24 with the introduction of reading
the /proc/self/mountinfo file]
factor again outputs immediately when stdout is a tty but stdin is not.
[bug introduced in coreutils-8.24]
ln works again on old systems without O_DIRECTORY support (like Solaris 10),
and on systems where symlink ("/x"/, "/."/) fails with errno == EINVAL
(like Solaris 10 and Solaris 11).
[bug introduced in coreutils-8.31]
rmdir --ignore-fail-on-non-empty now works correctly for directories
that fail to be removed due to permission issues. Previously the exit status
was reversed, failing for non empty and succeeding for empty directories.
[bug introduced in coreutils-6.11]
'shuf -r -n 0 file' no longer mistakenly reads from standard input.
[bug introduced with the --repeat feature in coreutils-8.22]
split no longer reports a "/output file suffixes exhausted"/ error
when the specified number of files is evenly divisible by 10, 16, 26,
for --numeric, --hex, or default alphabetic suffixes respectively.
[bug introduced in coreutils-8.24]
seq no longer prints an extra line under certain circumstances (such as
'seq -f "/%g "/ 1000000 1000000').
[bug introduced in coreutils-6.10]
* * Changes in behavior
Several programs now check that numbers end properly. For example,
'du -d 1x' now reports an error instead of silently ignoring the 'x'.
Affected programs and options include du -d, expr's numeric operands
on non-GMP builds, install -g and -o, ls's TABSIZE environment
variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size
and --parallel.
date now parses military time zones in accordance with common usage:
"/A"/ to "/M"/ are equivalent to UTC+1 to UTC+12
"/N"/ to "/Y"/ are equivalent to UTC-1 to UTC-12
"/Z"/ is "/zulu"/ time (UTC).
For example, 'date -d "/09:00B"/ is now equivalent to 9am in UTC+2 time zone.
Previously, military time zones were parsed according to the obsolete
rfc822, with their value negated (e.g., "/B"/ was equivalent to UTC-2).
[The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating
coreutils package.]
ls issues an error message on a removed directory, on GNU/Linux systems.
Previously no error and no entries were output, and so indistinguishable
from an empty directory, with default ls options.
uniq no longer uses strcoll() to determine string equivalence,
and so will operate more efficiently and consistently.
* * New Features
ls now supports the --time=birth option to display and sort by
file creation time, where available.
od --skip-bytes now can use lseek even if the input is not a regular
file, greatly improving performance in some cases.
stat(1) supports a new --cached= option, used on systems with statx(2)
to control cache coherency of file system attributes,
useful on network file systems.
* * Improvements
stat and ls now use the statx() system call where available, which can
operate more efficiently by only retrieving requested attributes.
stat and tail now know about the "/binderfs"/, "/dma-buf-fs"/, "/erofs"/,
"/ppc-cmm-fs"/, and "/z3fold"/ file systems.
stat -f -c%T now reports the file system type, and tail -f uses inotify.
* * Build-related
gzip-compressed tarballs are distributed once again
- Refresh patches:
* coreutils-disable_tests.patch
* coreutils-getaddrinfo.patch
* coreutils-i18n.patch
* coreutils-invalid-ids.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch:
* uniq: remove collation handling as required by newer POSIX; see
- https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8e81d44b5
- https://www.austingroupbugs.net/view.php?id=963
- coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch:
* Add patch for 'ls' to restore 8.31 behavior on removed directories.
- coreutils.spec:
* Version: bump version.
* %check: re-enable regular 'make check' for non-multibuild package.
* reference the above new patch.
- coreutils.keyring:
* Update from upstream (Savannah).
- disable single and testsuite builds in rings/staging
- remove duplicate "/coreutils"/ in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
- Do not recommend lang package. The lang package already has a
supplements.
- Update to 8.31:
* Noteworthy changes in release 8.31 (2019-03-10) [stable]
* * Bug fixes
'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
[bug introduced in coreutils-5.3.0]
When B already exists, 'cp -il A B' no longer immediately fails
after asking the user whether to proceed.
[This bug was present in "/the beginning"/.]
df no longer corrupts displayed multibyte characters on macOS.
[bug introduced with coreutils-8.18]
seq no longer outputs inconsistent decimal point characters
for the last number, when locales are misconfigured.
[bug introduced in coreutils-7.0]
shred, sort, and split no longer falsely report ftruncate errors
when outputting to less-common file types. For example, the shell
command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
an "/error truncating"/ diagnostic.
[bug was introduced with coreutils-8.18 for sort and split, and
(for shared memory objects only) with fileutils-4.1 for shred]
sync no longer fails for write-only file arguments.
[bug introduced with argument support to sync in coreutils-8.24]
'tail -f file | filter' no longer exits immediately on AIX.
[bug introduced in coreutils-8.28]
'tail -f file | filter' no longer goes into an infinite loop
if filter exits and SIGPIPE is ignored.
[bug introduced in coreutils-8.28]
* * Changes in behavior
cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
uptime, users, whoami, yes: now always process --help and --version options,
regardless of any other arguments present before any optional '--'
end-of-options marker.
nohup now processes --help and --version as first options even if other
parameters follow.
'yes a -- b' now outputs 'a b' instead of including the end-of-options
marker as before: 'a -- b'.
echo now always processes backslash escapes when the POSIXLY_CORRECT
environment variable is set.
When possible 'ln A B' now merely links A to B and reports an error
if this fails, instead of statting A and B before linking. This
uses fewer system calls and avoids some races. The old statting
approach is still used in situations where hard links to directories
are allowed (e.g., NetBSD when superuser).
ls --group-directories-first will also group symlinks to directories.
'test -a FILE' is not supported anymore. Long ago, there were concerns about
the high probability of humans confusing the -a primary with the -a binary
operator, so POSIX changed this to 'test -e FILE'. Scripts using it were
already broken and non-portable; the -a unary operator was never documented.
wc now treats non breaking space characters as word delimiters
unless the POSIXLY_CORRECT environment variable is set.
* * New features
id now supports specifying multiple users.
'date' now supports the '+' conversion specification flag,
introduced in POSIX.1-2017.
printf, seq, sleep, tail, and timeout now accept floating point
numbers in either the current or the C locale. For example, if the
current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
now mean the same thing. Previously, these commands accepted only
C-locale syntax with '.' as the decimal point. The new behavior is
more compatible with other implementations in non-C locales.
test now supports the '-N FILE' unary operator (like e.g. bash) to check
whether FILE exists and has been modified since it was last read.
env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
'--block-signal[=SIG], to setup signal handling before executing a program.
env now supports '--list-signal-handling' to indicate non-default
signal handling before executing a program.
* * New commands
basenc is added to complement existing base64,base32 commands,
and encodes and decodes printable text using various common encodings:
base64,base64url,base32,base32hex,base16,base2,z85.
* * Improvements
ls -l now better aligns abbreviated months containing digits,
which is common in Asian locales.
stat and tail now know about the "/sdcardfs"/ file system on Android.
stat -f -c%T now reports the file system type, and tail -f uses inotify.
stat now prints file creation time when supported by the file system,
on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-misc.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
* Version: bump version.
* URL: Use https scheme.
* %description: Add 'basenc' tool.
* Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
* Update for added section headers ('GPG keys of <MAINTAINER>').
- Update to 8.30:
* Noteworthy changes in release 8.30 (2018-07-01) [stable]
* * Bug fixes
'cp --symlink SRC DST' will again correctly validate DST.
If DST is a regular file and SRC is a symlink to DST,
then cp will no longer allow that operation to clobber DST.
Also with -d, if DST is a symlink, then it can always be replaced,
even if it points to SRC on a separate device.
[bugs introduced with coreutils-8.27]
'cp -n -u' and 'mv -n -u' now consistently ignore the -u option.
Previously, this option combination suffered from race conditions
that caused -u to sometimes override -n.
[bug introduced with coreutils-7.1]
'cp -a --no-preserve=mode' now sets appropriate default permissions
for non regular files like fifos and character device nodes etc.,
and leaves mode bits of existing files unchanged.
Previously it would have set executable bits on created special files,
and set mode bits for existing files as if they had been created.
[bug introduced with coreutils-8.20]
'cp --remove-destination file symlink' now removes the symlink
even if it can't be traversed.
[bug introduced with --remove-destination in fileutils-4.1.1]
ls no longer truncates the abbreviated month names that have a
display width between 6 and 12 inclusive. Previously this would have
output ambiguous months for Arabic or Catalan locales.
'ls -aA' is now equivalent to 'ls -A', since -A now overrides -a.
[bug introduced in coreutils-5.3.0]
'mv -n A B' no longer suffers from a race condition that can
overwrite a simultaneously-created B. This bug fix requires
platform support for the renameat2 or renameatx_np syscalls, found
in recent Linux and macOS kernels. As a side effect, ‘mv -n A A’
now silently does nothing if A exists.
[bug introduced with coreutils-7.1]
* * Changes in behavior
'cp --force file symlink' now removes the symlink even if
it is self referential.
ls --color now matches file extensions case insensitively.
* * New features
cp --reflink now supports --reflink=never to enforce a standard copy.
env supports a new -v/--debug option to show verbose information about
each processing step.
env supports a new -S/--split-string=S option to split a single argument
string into multiple arguments. Used to pass multiple arguments in scripts
(shebang lines).
md5sum accepts a new option: --zero (-z) to delimit the output lines with a
NUL instead of a newline character. This also disables file name escaping.
This also applies to sha*sum and b2sum.
rm --preserve-root now supports the --preserve-root=all option to
reject any command line argument that is mounted to a separate file system.
* * Improvements
cut supports line lengths up to the max file size on 32 bit systems.
Previously only offsets up to SIZE_MAX-1 were supported.
stat and tail now know about the "/exfs"/ file system, which is a
version of XFS. stat -f --format=%T now reports the file system type,
and tail -f uses inotify.
wc avoids redundant processing of ASCII text in multibyte locales,
which is especially significant on macOS.
* * Build-related
Adjust to glibc >= 2.28 (bsc#1182550, jsc#SLE-13520, jsc#SLE-13756)
- Refresh patches (line number changes only):
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
* (License): osc changed the value from "/GPL-3.0+"/ to "/GPL-3.0-or-later"/.
* (build): Make sure that parse-datetime.{c,y} ends up in debuginfo (rh#1555079).
- coreutils-i18n.patch:
* src/exand.c,src/unexpand.c: Avoid -Wcomment warning.
* src/cut.c (cut_characters_or_cut_bytes_no_split): Change idx from size_t
to uintmax_t type to avoid a regression on i586, armv7l and ppc.
Compare upstream, non-MB commit:
https://git.sv.gnu.org/cgit/coreutils.git/commit/?id=d1a754c8272
(cut_fields_mb): Likewise for field_idx.
* tests/misc/cut.pl: Remove downstream tweaks as upstream MB tests are
working since a while.
- coreutils.keyring: Update Assaf Gordon's GPG public key.
- Use %license (boo#1082318)
- Update to 8.29:
* Noteworthy changes in release 8.29 (2017-12-27) [stable]
* * Bug fixes
b2sum no longer crashes when processing certain truncated check files.
[bug introduced with b2sum coreutils-8.26]
dd now ensures the correct cache ranges are specified for the "/nocache"/
and "/direct"/ flags. Previously some pages in the page cache were not
invalidated. [bug introduced for "/direct"/ in coreutils-7.5,
and with the "/nocache"/ implementation in coreutils-8.11]
df no longer hangs when given a fifo argument.
[bug introduced in coreutils-7.3]
ptx -S no longer infloops for a pattern which returns zero-length matches.
[the bug dates back to the initial implementation]
shred --remove will again repeatedly rename files with shortening names
to attempt to hide the original length of the file name.
[bug introduced in coreutils-8.28]
stty no longer crashes when processing settings with -F also specified.
[bug introduced in fileutils-4.0]
tail --bytes again supports non seekable inputs on all systems.
On systems like android it always tried to process as seekable inputs.
[bug introduced in coreutils-8.24]
timeout will again notice its managed command exiting, even when
invoked with blocked CHLD signal, or in a narrow window where
this CHLD signal from the exiting child was missed. In each case
timeout would have then waited for the time limit to expire.
[bug introduced in coreutils-8.27]
* * New features
timeout now supports the --verbose option to diagnose forced termination.
* * Improvements
dd now supports iflag=direct with arbitrary sized files on all file systems.
tail --bytes=NUM will efficiently seek to the end of block devices,
rather than reading from the start.
Utilities which do not support long options (other than the default --help
and --version), e.g. cksum and sleep, now use more consistent error diagnostic
for unknown long options.
* * Build-related
Default man pages are now distributed which are used if perl is
not available on the build system, or when cross compiling.
- Refresh patches (line number changes only):
* coreutils-i18n.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- Update to 8.28
(for details see included NEWS file)
- Refresh patches:
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.keyring: Update from upstream (Savannah).
- Remove now-upstream patches:
* coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch
* coreutils-tests-port-to-timezone-2017a.patch
- coreutils.spec: Add "/BuildRequires: user(bin)"/ for the tests.
- Drop coreutils-ocfs2_reflinks.patch
OCFS2 file system has supported file clone ioctls like btrfs,
then, coreutils doesn't need this patch from the kernel v4.10-rc1
- coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch:
Add upstream patch to fix an heap overflow security issue
in date(1) and touch(1) with a large TZ variable
(CVE-2017-7476, rh#1444774, boo#1037124).
- Update to 8.27
(for details see included NEWS file)
- Refresh patches:
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-getaddrinfo.patch
* coreutils-i18n.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
* coreutils-testsuite.spec
- coreutils.keyring: Update (now ascii-armored) by
'osc service localrun download_files'.
- coreutils-tests-port-to-timezone-2017a.patch: Add patch to
workaround a FP test failure with newer timezone-2017a.
- Update to 8.26
(for details see included NEWS file)
- coreutils.spec (%description): Add b2sum, a new utility.
(BuildRequires): Add timezone to enable new 'date-debug.sh' test.
- coreutils-i18n.patch: Sync I18N patch from Fedora, as the diff
for the old i18n implementation of expand/unexpand has become
unmaintainable:
git://pkgs.fedoraproject.org/coreutils.git
- Remove now-upstream patches:
* coreutils-df-hash-in-filter.patch
* coreutils-diagnose-fts-readdir-failure.patch
* coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch
* coreutils-maint-fix-dependency-of-man-arch.1.patch
- Refresh/merge all other patches:
* coreutils-invalid-ids.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-sysinfo.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch:
Add upstream patch to fix "/md5sum --check --ignore-missing"/ which
treated files with checksums starting with "/00"/ as missing.
- coreutils-maint-fix-dependency-of-man-arch.1.patch: Add Upstream
patch to fix the build dependency between src/arch -> man/arch.1
which lead to spurious build failures.
- coreutils-df-hash-in-filter.patch: Refresh with -p0.
- Add coreutils-df-hash-in-filter.patch that speeds up df.
- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
to diagnose readdir() failures in fts-based utilities: rm, chmod,
du, etc. (boo#984910)
- Update to 8.25
(for details see included NEWS file)
- coreutils.spec (%description): Add base32, a new utility.
- Remove now-upstream patch:
* coreutils-tests-avoid-FP-of-ls-stat-free-color.patch
- Refresh/merge all other patches:
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-invalid-ids.patch
* coreutils-misc.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-test_without_valgrind.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch: Sync I18N patch from semi-official repository
(shared among distributions, maintained by Padraig Brady):
https://github.com/pixelb/coreutils/tree/i18n
This fixes the following issues in multi-byte locales:
* sort: fix large mem leak with --month-sort (boo#945361, rh#1259942):
https://github.com/pixelb/coreutils/commit/b429f5d8c7
* sort: fix assertion with some inputs to --month-sort
https://github.com/pixelb/coreutils/commit/31e8211aca
- coreutils-tests-avoid-FP-of-ls-stat-free-color.patch: Add upstream
patch on top of v8.24 to avoid a FP test failure with glibc>=2.22.
- Sync I18N patch from semi-official repository (shared among
distributions, maintained by Padraig Brady):
https://github.com/pixelb/coreutils/tree/i18n
* coreutils-i18n.patch: Improve cut(1) performance in field-mode
in UTF8 locales. Squash in sort-keycompare-mb.patch.
* sort-keycompare-mb.patch: Remove.
- coreutils-build-timeout-as-pie.patch: Refresh.
- Update to 8.24:
* * Bug fixes
* dd supports more robust SIGINFO/SIGUSR1 handling for outputting statistics.
Previously those signals may have inadvertently terminated the process.
* df --local no longer hangs with inaccessible remote mounts.
[bug introduced in coreutils-8.21]
* du now silently ignores all directory cycles due to bind mounts.
Previously it would issue a warning and exit with a failure status.
[bug introduced in coreutils-8.1 and partially fixed in coreutils-8.23]
* chroot again calls chroot(DIR) and chdir("//"/), even if DIR is "//"/.
This handles separate bind mounted "//"/ trees, and environments
depending on the implicit chdir("//"/).
[bugs introduced in coreutils-8.23]
* cp no longer issues an incorrect warning about directory hardlinks when a
source directory is specified multiple times. Now, consistent with other
file types, a warning is issued for source directories with duplicate names,
or with -H the directory is copied again using the symlink name.
* factor avoids writing partial lines, thus supporting parallel operation.
[the bug dates back to the initial implementation]
* head, od, split, tac, tail, and wc no longer mishandle input from files in
/proc and /sys file systems that report somewhat-incorrect file sizes.
* mkdir --parents -Z now correctly sets the context for the last component,
even if the parent directory exists and has a different default context.
[bug introduced with the -Z restorecon functionality in coreutils-8.22]
* numfmt no longer outputs incorrect overflowed values seen with certain
large numbers, or with numbers with increased precision.
[bug introduced when numfmt was added in coreutils-8.21]
* numfmt now handles leading zeros correctly, not counting them when
settings processing limits, and making them optional with floating point.
[bug introduced when numfmt was added in coreutils-8.21]
* paste no longer truncates output for large input files. This would happen
for example with files larger than 4GiB on 32 bit systems with a 'n'
character at the 4GiB position.
[the bug dates back to the initial implementation]
* rm indicates the correct number of arguments in its confirmation prompt,
on all platforms. [bug introduced in coreutils-8.22]
* shuf -i with a single redundant operand, would crash instead of issuing
a diagnostic. [bug introduced in coreutils-8.22]
* tail releases inotify resources when unused. Previously it could exhaust
resources with many files, or with -F if files were replaced many times.
[bug introduced in coreutils-7.5]
* tail -f again follows changes to a file after it's renamed.
[bug introduced in coreutils-7.5]
* tail --follow no longer misses changes to files if those files were
replaced before inotify watches were created.
[bug introduced in coreutils-7.5]
* tail --follow consistently outputs all data for a truncated file.
[bug introduced in the beginning]
* tail --follow=name correctly outputs headers for multiple files
when those files are being created or renamed.
[bug introduced in coreutils-7.5]
* * New features
* chroot accepts the new --skip-chdir option to not change the working directory
to "//"/ after changing into the chroot(2) jail, thus retaining the current wor-
king directory. The new option is only permitted if the new root directory is
the old "//"/, and therefore is useful with the --group and --userspec options.
* dd accepts a new status=progress level to print data transfer statistics
on stderr approximately every second.
* numfmt can now process multiple fields with field range specifications similar
to cut, and supports setting the output precision with the --format option.
* split accepts a new --separator option to select a record separator character
other than the default newline character.
* stty allows setting the "/extproc"/ option where supported, which is
a useful setting with high latency links.
* sync no longer ignores arguments, and syncs each specified file, or with the
- -file-system option, the file systems associated with each specified file.
* tee accepts a new --output-error option to control operation with pipes
and output errors in general.
* * Changes in behavior
* df no longer suppresses separate exports of the same remote device, as
these are generally explicitly mounted. The --total option does still
suppress duplicate remote file systems.
[suppression was introduced in coreutils-8.21]
* mv no longer supports moving a file to a hardlink, instead issuing an error.
The implementation was susceptible to races in the presence of multiple mv
instances, which could result in both hardlinks being deleted. Also on case
insensitive file systems like HFS, mv would just remove a hardlinked 'file'
if called like `mv file File`. The feature was added in coreutils-5.0.1.
* numfmt --from-unit and --to-unit options now interpret suffixes as SI units,
and IEC (power of 2) units are now specified by appending 'i'.
* tee will exit early if there are no more writable outputs.
* tee does not treat the file operand '-' as meaning standard output any longer,
for better conformance to POSIX. This feature was added in coreutils-5.3.0.
* timeout --foreground no longer sends SIGCONT to the monitored process,
which was seen to cause intermittent issues with GDB for example.
* * Improvements
* cp,install,mv will convert smaller runs of NULs in the input to holes,
and cp --sparse=always avoids speculative preallocation on XFS for example.
* cp will read sparse files more efficiently when the destination is a
non regular file. For example when copying a disk image to a device node.
* mv will try a reflink before falling back to a standard copy, which is
more efficient when moving files across BTRFS subvolume boundaries.
* stat and tail now know about IBRIX. stat -f --format=%T now reports the file
system type, and tail -f uses polling for files on IBRIX file systems.
* wc -l processes short lines much more efficiently.
* References from --help and the man pages of utilities have been corrected
in various cases, and more direct links to the corresponding online
documentation are provided.
- Patches adapted because of changed sources:
coreutils-disable_tests.patch
coreutils-i18n.patch
coreutils-misc.patch
coreutils-ocfs2_reflinks.patch
coreutils-remove_hostname_documentation.patch
coreutils-remove_kill_documentation.patch
coreutils-skip-gnulib-test-tls.patch
coreutils-tests-shorten-extreme-factor-tests.patch
sort-keycompare-mb.patch
- Patches removed because they're included in 8.24:
coreutils-chroot-perform-chdir-unless-skip-chdir.patch
coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
coreutils-df-improve-mount-point-selection.patch
coreutils-df-show-all-remote-file-systems.patch
coreutils-df-total-suppress-separate-remotes.patch
coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch
coreutils-fix_false_du_failure_on_newer_xfs.patch
coreutils-fix-man-deps.patch
coreutils-tests-aarch64-env.patch
coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
coreutils-tests-rm-ext3-perf-increase-timeout.patch
- coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch:
add upstream patch:
doc: adjust reference to info nodes in man pages (boo#933396)
- coreutils-i18n.patch: Use a later version of the previous patch
to fix the sort I18N issue (boo#928749, CVE-2015-4041) to also
avoid CVE-2015-4042.
https://github.com/pixelb/coreutils/commit/bea5e36cc876
- Download keyring file from Savannah; prefer HTTPS over FTP
for remote sources.
- Fix memory handling error with case insensitive sort using UTF-8
(boo#928749): coreutils-i18n.patch
src/sort.c (keycompare_mb): Ensure the buffer is big enough
to handle anything output from wctomb(). Theoretically any
input char could be converted to multiple output chars,
and so we need to multiply the storage by MB_CUR_MAX.
- If coreutils changes, for consistency, we must regenerate
the initrd.
- Add gpg signature
- For openSUSE > 13.2 drop coreutils-build-timeout-as-pie.patch and
instead add a BuildRequire for gcc-PIE.
- coreutils-tests-aarch64-env.patch: Add patch to avoid false
positive failures of the coreutils-testsuite on OBS/aarch64:
work around execve() reversing the order of "/env"/ output.
- Add upstream patches for df(1) from upstream, thus aligning with SLES12:
* df: improve mount point selection with inaccurate mount list:
- coreutils-df-improve-mount-point-selection.patch
* doc: mention that df -a includes duplicate file systems (deb#737399)
- coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
* df: ensure -a shows all remote file system entries (deb#737399)
- coreutils-df-show-all-remote-file-systems.patch
* df: only suppress remote mounts of separate exports with --total
(deb#737399, rh#920806, boo#866010, boo#901905)
- coreutils-df-total-suppress-separate-remotes.patch
- Refresh patches:
* coreutils-chroot-perform-chdir-unless-skip-chdir.patch
* coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
Avoid spurious false positive failures of the testsuite on OBS due
to high load.
- coreutils-tests-rm-ext3-perf-increase-timeout.patch:
Add patch to increase timeout.
- coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch:
Add upstream patch.
- cpio
-
- Add another patch to fix regression (bsc#1189465)
* fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
(CVE-2021-38185, bsc#1189206)
* fix-CVE-2021-38185.patch
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
cpio does not properly validate the values written in the header
of a TAR file through the to_oct() function [bsc#1155199]
[CVE-2019-14866]
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
causing cpio to crash for tar and ustar archive types
[bsc#1028410]
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
- cleanup with spec-cleaner
- Recommend mt_st as it is not hard dependency
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
'mt' binary
- Disable mt building: this binary from mt_st package offers
advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
write in a way cpio parses certain cpio files [bsc#963448],
[CVE-2016-2037]
- update to 2.12
* Improved documentation
* Manpages are installed by make install
* New options for copy-out mode: --ignore-devno,
- -renumber-inodes, --device-independent, --reproducible
* update
* cpio-use_new_ascii_format.patch
* cpio-mt.patch
* cpio-eof_tape_handling.patch
* cpio-pattern-file-sigsegv.patch
* cpio-check_for_symlinks.patch
* remove (no longer needed)
* cpio-stdio.in.patch
* 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
* add
* cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
- build with PIE
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
* added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
- cpupower
-
- jsc#SLE-17797 cpupower updates for Milan
All patches have been fetched from mainline git repo:
A cpupower-Add-CPUPOWER_CAP_AMD_HW_PSTATE-cpuid-caps-flag.patch
A cpupower-Add-cpuid-cap-flag-for-MSR_AMD_HWCR-support.patch
A cpupower-Condense-pstate-enabled-bit-checks-in-decode_pstates.patch
A cpupower-Correct-macro-name-for-CPB-caps-flag.patch
A cpupower-Remove-family-arg-to-decode_pstates.patch
A cpupower-Remove-unused-pscur-variable.patch
A cpupower-Update-family-checks-when-decoding-HW-pstates.patch
A cpupower-Update-msr_pstate-union-struct-naming.patch
- Add AMD Fam 19h support (bsc#1177394)
D tools-power-turbostat-Support-AMD-Family-19h.patch
Already included in the mainline sources now
- Update turbostat to latest version 20.09.30 including:
* jsc#SLE-13412, jsc#SLE-13174 (rocket lake support)
* jsc#SLE-13448 (Alder Lake support)
* jsc#SLE-13348, jsc#SLE-13171 (Sapphire Rapid support)
* Support AMD Fam 19h
- Touched patches:
Deleted mainline integrated patches:
D Correction-to-manpage-of-cpupower.patch
D cpupower-Revert-library-ABI-changes-from-commit-ae2917093fb60bdc1ed3e.patch
Patches refreshed:
M rapl_monitor.patch
M turbostat_makefile_fix_asm_header.patch
- Update intel-speed-select to version 1.6 (jsc#SLE-13334)
- Add -fcommon to allow building against GCC10
- Update to latest:
turbostat 20.03.20
intel-speed-select 1.3 (bsc#1171810)
verions
- Adjust needed kernel and userspace requirements in:
cpupower_export_tarball_from_git.sh
and
BuildRequires: libcap-devel
A remove_bits_h.patch
- Do not show 0 boost states if boost states are supported, but could
not be read from PCI registers.
bsc#1165712, bsc#1164983
A amd_do_not_show_amount_of_boost_states_if_zero.patch
- Add mainline patch with proper patch header and filename:
D libcpupower_fix_api_cpufreq_get_frequencies_breakage.patch
A cpupower-Revert-library-ABI-changes-from-commit-ae2917093fb60bdc1ed3e.patch
- Fix manpage (bsc#1162142)
A Correction-to-manpage-of-cpupower.patch
- Update intel-speed-select to latest 5.5-rc1 kernel version
latest mainline commit:
commit b3abfd778bf1dbdd
- Update cpupower to latest 5.5-rc1 kernel version
latest mainline commit:
commit 4611a4fb0cce3
Fixes aperf/mperf monitoring on latest AMD Rome CPUs (bsc#1152967)
- Fix library API breakage (bsc#1154240)
A libcpupower_fix_api_cpufreq_get_frequencies_breakage.patch
- Update turbostat to latest version 19.08.31
- Add intel-speed-select tool (jsc#SLE-5364)
A intel-speed-select-1.0.tar.bz2
A intel-speed-select_remove_DATE_TIME.patch
- Fix missing governors when running cpupower frequency-info (bsc#1117709)
M rapl_monitor.patch
- jira#5244 Turbostat for Ice Lake
- Remove very old cpufrequtils provides and requires (predecessor)
- Update libcpupower description
- Sidenote about fate#321274 - This feature is on the kernel side
and got wrongly mentioned in cpupower in a released product.
- Update to latest kernel HEAD sources
(5.1-rc4, 15ade5d2e7775667cf191cf2f94327a4889f8b9d)
Patches included mainline:
D cpupower_fix_compilation_and_sysfs_read_file_mess.patch
D cpupower_bash-completion_for_cpupower_tool.patch
Adjusted patches:
M turbostat_makefile_fix_asm_header.patch
M x86_perf_makefile_fix_asm_header.patch
M rapl_monitor.patch
M cpupower_rapl.patch
- Description updates.
- Run spec-cleaner
- Don't disable as-needed, it works now.
- Add bash completion for cpupower command (from mainline submit)
A cpupower_bash-completion_for_cpupower_tool.patch
- Fix static compilation and sysfs_read_file mess
A cpupower_fix_compilation_and_sysfs_read_file_mess.patch
- Updating to latest 4.19(-rc6) kernel sources
Turbostat is increased to version 18.07.27 by this
Patches which got deleted because they are now mainline:
D turbostat_decode_MSR_IA32_MISC_ENABLE_only_on_Intel.patch
D turbostat_fix_man_perm.patch
D x86_perf_fix_man_permissions.patch
- Update cpupower to latest kernel version (version name 4.15, but
checked out against latest kernel tag 4.15-rc7. There will not
be important changes any more, maybe a fix).
- cpu online/offline fixes
- This is the first cpupower package (with updated version) which
includes x86_energy_perf_policy binary.
This is important for later package dependencies, namely tuned.
A cpupower_exclude_kernel_Makefile.patch
- Add x86_energy_perf_bias tool
This is a tool which is, same as turbostat, located in kernel sources here:
tools/power/x86/
A x86_energy_perf_policy-17.05.11.tar.bz2
A x86_perf_fix_man_permissions.patch
A x86_perf_makefile_fix_asm_header.patch
fate#321274
- Provide rapl domain info (cpupower powercap-info cmd)
* Add: cpupower_rapl.patch
- Provide rapl power monitoring
* Add: rapl_monitor.patch
- Added missing references.
[bsc#1041332,bsc#996052,bsc#976983]
- Rectify RPM groups. Replace old $RPM_ shell variables by macros.
Apply consistent styling to macros.
- Enter decode_misc_enable_msr() only if genuine_intel.
[bsc#1048546,
turbostat_decode_MSR_IA32_MISC_ENABLE_only_on_Intel.patch]
- Update to latest mainline sources
- turbostat changed versioning scheme (we now have version 17.04.12)
- Update cpupower and turbostat to latest kernel v4.10 sources
D library_cleanup.patch
- Change .c file header file modification, modify in Makefile instead:
D turbostat_set_asm_header_fixed.patch
A turbostat_makefile_fix_asm_header.patch
- fate #320908: KBL: Turbostat for KBL H/S & U/Y
- fate #321191: [KNL] turbostat reports to report corect MSR_TURBO_RATIO_LIMIT
information
- fate #321193: [KNL] turbostat should report correct cpu clock values for
Knights Landing
- fate #321285: turbostat support for Skylake-SP server
- fate #321286: turbostat support for Harrisonville (Denverton SoC)
- fate #321925: [HPC, KNM, kernel] turbostat support
- Update turbostat to version 4.12
- Update cpupower to latest sources
- Let turbostat only build against a local msr-index.h
Also add the msr-index.h export to the tarball from git repo script
* Delete make_header_file_passable_from_outside.patch
- Add cpuidle functions to public libcpupower
* Add library_cleanup.patch
- Move from kernel version to turbostat internal version for turbostat
- Add latest turbostat sources (latest git commit: 30f05309bde492)
- Adds Skylake, Broadwell and Knights Landing support for turbostat
(fate#319798, fate#319183, fate#319516)
- Drop dead link.
- Fix Obsoletes statement, cpufrequtils package versions were
greater than cpupower package versions so we must obsolete all
versions of cpufrequtils.
- Make sources also build against 13.1 and older by providing
asm-index.h which is included in linux-glibc-devel in newer
distributions
* Add turbostat_set_asm_header_fixed.patch
- Update cpupower and turbostat to latest git kernel HEAD version
this currently is 3.19-rc6, but it is expected that there are no
changes anymore and the version gets named 3.19 already.
The patches are already included mainline and get removed from osc:
cpupower_disable_by_latency.patch
add_idle_manpages_in_Makefile.patch
cpupower-always_try_to_load_msr_driver_as_root.patch
cpupower-return_zero_on_success.patch
cpupower-remove_mc_scheduler_bits.patch
- cracklib
-
- Update to version 2.9.7:
+ fix a buffer overflow processing long words.
- Drop 0003-overflow-processing-gecos.patch and
0004-overflow-processing-long-words.patch: fixed upstream.
- Update source URI.
- Remove use of translation-update-upstream. It cannot be added to
ring 0 on leap, and 2.9.7 has some translation fixes
(bsc#1172396).
- Enable translation-update-upstream on leap, to remove the use of
is_opensuse (jsc#SLE-12096).
- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
contain internal binaries, not data
- Use %license (boo#1082318)
- Update to 2.9.6
* fix issue with sort and locale
* some particularly bad cases to the cracklib small dictionary
* updates to cracklib-words (adds a bunch of other dictionary lists)
* migration to github
- run spec-cleaner
- Only buildrequire and call translation-update-upstream on SLE:
the package in openSUSE is a dummy and is empty.
- Add patch 0004-overflow-processing-long-words.patch
to fix a new buffer overflow identified together with bsc#992966.
- Relabel patches:
cracklib-magic.diff -> 0001-cracklib-magic.diff
cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
- Add patch 0003-overflow-processing-gecos.patch
to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
- Update to 2.9.5
* fix matching against first password in dictionary (Anton Dobkin)
- Changes for 2.9.4
* remove doubled prototype
- Changes for 2.9.3
* expose additional functions externally
- Cleanup spec file with spec-cleaner
- Remove old ppc provides/obsoletes
- Update to version 2.9.2
+ support build of python support outside of source tree
+ fix bug in Python string distance calculation
+ fix bug #16 / debian bug 724570 - broken optimization with packlib
prevblock
- Adapt patch to upstream changes
+ cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
- cryptsetup
-
- SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
- prepare usrmerge (boo#1029961)
- Update to 2.3.4:
* Fix a possible out-of-bounds memory write while validating LUKS2 data
segments metadata (CVE-2020-14382, boo#1176128).
* Ignore reported optimal IO size if not aligned to minimal page size.
* Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
* Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
* Support --master-key-file option for online LUKS2 reencryption
* Always return EEXIST error code if a device already exists.
* Fix a problem in integritysetup if a hash algorithm has dash in the name.
* Fix crypto backend to properly handle ECB mode.
* TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
with a larger sector.
* LUKS2: Do not create excessively large headers.
* Fix unspecified sector size for BitLocker compatible mode.
* Fix reading key data size in metadata for BitLocker compatible mode.
- Update to 2.3.3:
* Fix BitLocker compatible device access that uses native 4kB
sectors
* Support large IV count (--iv-large-sectors) cryptsetup option
for plain device mapping
* Fix a memory leak in BitLocker compatible handling
* Allow EBOIV (Initialization Vector algorithm) use
* LUKS2: Require both keyslot cipher and key size option, do
not fail silently
- includes changes from 2.3.2:
* Add option to dump content of LUKS2 unbound keyslot
* Add support for discards (TRIM) for standalone dm-integrity
devices (Kernel 5.7) via --allow-discards, not for LUKS2
* Fix cryptsetup-reencrypt to work on devices that do not allow
direct-io device access.
* Fix a crash in the BitLocker-compatible code error path
* Fix Veracrypt compatible support for longer (>64 bytes)
passphrases
- Split translations to -lang package
- New version to 2.3.1
* Support VeraCrypt 128 bytes passwords.
VeraCrypt now allows passwords of maximal length 128 bytes
(compared to legacy TrueCrypt where it was limited by 64 bytes).
* Strip extra newline from BitLocker recovery keys
There might be a trailing newline added by the text editor when
the recovery passphrase was passed using the --key-file option.
* Detect separate libiconv library.
It should fix compilation issues on distributions with iconv
implemented in a separate library.
* Various fixes and workarounds to build on old Linux distributions.
* Split lines with hexadecimal digest printing for large key-sizes.
* Do not wipe the device with no integrity profile.
With --integrity none we performed useless full device wipe.
* Workaround for dm-integrity kernel table bug.
Some kernels show an invalid dm-integrity mapping table
if superblock contains the "/recalculate"/ bit. This causes
integritysetup to not recognize the dm-integrity device.
Integritysetup now specifies kernel options such a way that
even on unpatched kernels mapping table is correct.
* Print error message if LUKS1 keyslot cannot be processed.
If the crypto backend is missing support for hash algorithms
used in PBKDF2, the error message was not visible.
* Properly align LUKS2 keyslots area on conversion.
If the LUKS1 payload offset (data offset) is not aligned
to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
* Validate LUKS2 earlier on conversion to not corrupt the device
if binary keyslots areas metadata are not correct.
- Update to 2.3.0 (include release notes for 2.2.0)
* BITLK (Windows BitLocker compatible) device access
* Veritysetup now supports activation with additional PKCS7 signature
of root hash through --root-hash-signature option.
* Integritysetup now calculates hash integrity size according to algorithm
instead of requiring an explicit tag size.
* Integritysetup now supports fixed padding for dm-integrity devices.
* A lot of fixes to online LUKS2 reecryption.
* Add crypt_resume_by_volume_key() function to libcryptsetup.
If a user has a volume key available, the LUKS device can be resumed
directly using the provided volume key.
No keyslot derivation is needed, only the key digest is checked.
* Implement active device suspend info.
Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
that informs the caller that device is suspended (luksSuspend).
* Allow --test-passphrase for a detached header.
Before this fix, we required a data device specified on the command
line even though it was not necessary for the passphrase check.
* Allow --key-file option in legacy offline encryption.
The option was ignored for LUKS1 encryption initialization.
* Export memory safe functions.
To make developing of some extensions simpler, we now export
functions to handle memory with proper wipe on deallocation.
* Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
* Add optional global serialization lock for memory hard PBKDF.
* Abort conversion to LUKS1 with incompatible sector size that is
not supported in LUKS1.
* Report error (-ENOENT) if no LUKS keyslots are available. User can now
distinguish between a wrong passphrase and no keyslot available.
* Fix a possible segfault in detached header handling (double free).
* Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
* The libcryptsetup now keeps all file descriptors to underlying device
open during the whole lifetime of crypt device context to avoid excessive
scanning in udev (udev run scan on every descriptor close).
* The luksDump command now prints more info for reencryption keyslot
(when a device is in-reencryption).
* New --device-size parameter is supported for LUKS2 reencryption.
* New --resume-only parameter is supported for LUKS2 reencryption.
* The repair command now tries LUKS2 reencryption recovery if needed.
* If reencryption device is a file image, an interactive dialog now
asks if reencryption should be run safely in offline mode
(if autodetection of active devices failed).
* Fix activation through a token where dm-crypt volume key was not
set through keyring (but using old device-mapper table parameter mode).
* Online reencryption can now retain all keyslots (if all passphrases
are provided). Note that keyslot numbers will change in this case.
* Allow volume key file to be used if no LUKS2 keyslots are present.
* Print a warning if online reencrypt is called over LUKS1 (not supported).
* Fix TCRYPT KDF failure in FIPS mode.
* Remove FIPS mode restriction for crypt_volume_key_get.
* Reduce keyslots area size in luksFormat when the header device is too small.
* Make resize action accept --device-size parameter (supports units suffix).
- Create a weak dependency cycle between libcryptsetup and
libcryptsetup-hmac to make sure they are installed together
(bsc#1090768)
- Use noun phrase in summary.
- New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB.
It includes metadata and the area used for binary keyslots;
it means that LUKS header backup is now 16MB in size.
* Cryptsetup now doubles LUKS default key size if XTS mode is used
(XTS mode uses two internal keys). This does not apply if key size
is explicitly specified on the command line and it does not apply
for the plain mode.
This fixes a confusion with AES and 256bit key in XTS mode where
code used AES128 and not AES256 as often expected.
* Default cryptographic backend used for LUKS header processing is now
OpenSSL. For years, OpenSSL provided better performance for PBKDF.
* The Python bindings are no longer supported and the code was removed
from cryptsetup distribution. Please use the libblockdev project
that already covers most of the libcryptsetup functionality
including LUKS2.
* Cryptsetup now allows using --offset option also for luksFormat.
* Cryptsetup now supports new refresh action (that is the alias for
"/open --refresh"/).
* Integritysetup now supports mode with detached data device through
new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
someone has time to evaluate the fallout from switching to LUKS2.
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
* Fixes static build for integritysetup if the pwquality library is used.
* Allows passphrase change for unbound keyslots.
* Fixes removed keyslot number in verbose message for luksKillSlot,
luksRemoveKey and erase command.
* Adds blkid scan when attempting to open a plain device and warn the user
about existing device signatures in a ciphertext device.
* Remove LUKS header signature if luksFormat fails to add the first keyslot.
* Remove O_SYNC from device open and use fsync() to speed up
wipe operation considerably.
* Create --master-key-file in luksDump and fail if the file already exists.
* Fixes a bug when LUKS2 authenticated encryption with a detached header
wiped the header device instead of dm-integrity data device area (causing
unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12
- New version 2.0.4
Changes since version 2.0.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Use the libblkid (blockid) library to detect foreign signatures
on a device before LUKS format and LUKS2 auto-recovery.
This change fixes an unexpected recovery using the secondary
LUKS2 header after a device was already overwritten with
another format (filesystem or LVM physical volume).
LUKS2 will not recreate a primary header if it detects a valid
foreign signature. In this situation, a user must always
use cryptsetup repair command for the recovery.
Note that libcryptsetup and utilities are now linked to libblkid
as a new dependence.
To compile code without blockid support (strongly discouraged),
use --disable-blkid configure switch.
* Add prompt for format and repair actions in cryptsetup and
integritysetup if foreign signatures are detected on the device
through the blockid library.
After the confirmation, all known signatures are then wiped as
part of the format or repair procedure.
* Print consistent verbose message about keyslot and token numbers.
For keyslot actions: Key slot <number> unlocked/created/removed.
For token actions: Token <number> created/removed.
* Print error, if a non-existent token is tried to be removed.
* Add support for LUKS2 token definition export and import.
The token command now can export/import customized token JSON file
directly from command line. See the man page for more details.
* Add support for new dm-integrity superblock version 2.
* Add an error message when nothing was read from a key file.
* Update cryptsetup man pages, including --type option usage.
* Add a snapshot of LUKS2 format specification to documentation
and accordingly fix supported secondary header offsets.
* Add bundled optimized Argon2 SSE (X86_64 platform) code.
If the bundled Argon2 code is used and the new configure switch
- -enable-internal-sse-argon2 option is present, and compiler flags
support required optimization, the code will try to use optimized
and faster variant.
Always use the shared library (--enable-libargon2) if possible.
This option was added because an enterprise distribution
rejected to support the shared Argon2 library and native support
in generic cryptographic libraries is not ready yet.
* Fix compilation with crypto backend for LibreSSL >= 2.7.0.
LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
wrapper must be commented out.
* Fix on-disk header size calculation for LUKS2 format if a specific
data alignment is requested. Until now, the code used default size
that could be wrong for converted devices.
Changes since version 2.0.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Expose interface to unbound LUKS2 keyslots.
Unbound LUKS2 keyslot allows storing a key material that is independent
of master volume key (it is not bound to encrypted data segment).
* New API extensions for unbound keyslots (LUKS2 only)
crypt_keyslot_get_key_size() and crypt_volume_key_get()
These functions allow to get key and key size for unbound keyslots.
* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
* Add --unbound keyslot option to the cryptsetup luksAddKey command.
* Add crypt_get_active_integrity_failures() call to get integrity
failure count for dm-integrity devices.
* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
setting.
* Add new flag to crypt_keyslot_add_by_key() to force update device
volume key. This call is mainly intended for a wrapped key change.
* Allow volume key store in a file with cryptsetup.
The --dump-master-key together with --master-key-file allows cryptsetup
to store the binary volume key to a file instead of standard output.
* Add support detached header for cryptsetup-reencrypt command.
* Fix VeraCrypt PIM handling - use proper iterations count formula
for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
* Add --with-default-luks-format configure time option.
(Option to override default LUKS format version.)
* Fix LUKS version conversion for detached (and trimmed) LUKS headers.
* Add luksConvertKey cryptsetup command that converts specific keyslot
from one PBKDF to another.
* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
header is detected.
* More cleanup and hardening of LUKS2 keyslot specific validation options.
Add more checks for cipher validity before writing metadata on-disk.
* Do not allow LUKS1 version downconversion if the header contains tokens.
* Add "/paes"/ family ciphers (AES wrapped key scheme for mainframes)
to allowed ciphers.
Specific wrapped ley configuration logic must be done by 3rd party tool,
LUKS2 stores only keyslot material and allow activation of the device.
* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
This flag can be dangerous; if you can control underlying device
(you can change its content after it was verified) it will no longer
prevent reading tampered data and also it does not prevent silent
data corruptions that appear after the block was once read.
* Fix return code (EPERM instead of EINVAL) and retry count for bad
passphrase on non-tty input.
* Enable support for FEC decoding in veritysetup to check dm-verity devices
with additional Reed-Solomon code in userspace (verify command).
Changes since version 2.0.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix a regression in early detection of inactive keyslot for luksKillSlot.
It tried to ask for passphrase even for already erased keyslot.
* Fix a regression in loopaesOpen processing for keyfile on standard input.
Use of "/-"/ argument was not working properly.
* Add LUKS2 specific options for cryptsetup-reencrypt.
Tokens and persistent flags are now transferred during reencryption;
change of PBKDF keyslot parameters is now supported and allows
to set precalculated values (no benchmarks).
* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
combination. Persistent flags are now stored only if the device was
successfully activated with the specified flags.
* Fix integritysetup format after recent Linux kernel changes that
requires to setup key for HMAC in all cases.
Previously integritysetup allowed HMAC with zero key that behaves
like a plain hash.
* Fix VeraCrypt PIM handling that modified internal iteration counts
even for subsequent activations. The PIM count is no longer printed
in debug log as it is sensitive information.
Also, the code now skips legacy TrueCrypt algorithms if a PIM
is specified (they cannot be used with PIM anyway).
* PBKDF values cannot be set (even with force parameters) below
hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
it is 4 iterations and 32 KiB of memory cost.
* Introduce new crypt_token_is_assigned() API function for reporting
the binding between token and keyslots.
* Allow crypt_token_json_set() API function to create internal token types.
Do not allow unknown fields in internal token objects.
* Print message in cryptsetup that about was aborted if a user did not
answer YES in a query.
- update to 2.0.1:
* To store volume key into kernel keyring, kernel 4.15 with
dm-crypt 1.18.1 is required
* Increase maximum allowed PBKDF memory-cost limit to 4 GiB
* Use /run/cryptsetup as default for cryptsetup locking dir
* Introduce new 64-bit byte-offset *keyfile_device_offset functions.
* New set of fucntions that allows 64-bit offsets even on 32bit systems
are now availeble:
- crypt_resume_by_keyfile_device_offset
- crypt_keyslot_add_by_keyfile_device_offset
- crypt_activate_by_keyfile_device_offset
- crypt_keyfile_device_read
The new functions have added the _device_ in name.
Old functions are just internal wrappers around these.
* Also cryptsetup --keyfile-offset and --new-keyfile-offset now
allows 64-bit offsets as parameters.
* Add error hint for wrongly formatted cipher strings in LUKS1 and
properly fail in luksFormat if cipher format is missing required IV.
- Update to version 2.0.0:
* Add support for new on-disk LUKS2 format
* Enable to use system libargon2 instead of bundled version
* Install tmpfiles.d configuration for LUKS2 locking directory
* New command integritysetup: support for the new dm-integrity kernel target
* Support for larger sector sizes for crypt devices
* Miscellaneous fixes and improvements
- Update to version 1.7.5:
* Fixes to luksFormat to properly support recent kernel running
in FIPS mode (bsc#1031998).
* Fixes accesses to unaligned hidden legacy TrueCrypt header.
* Fixes to optional dracut ramdisk scripts for offline
re-encryption on initial boot.
- Update to version 1.7.4:
* Allow to specify LUKS1 hash algorithm in Python luksFormat
wrapper.
* Use LUKS1 compiled-in defaults also in Python wrapper.
* OpenSSL backend: Fix OpenSSL 1.1.0 support without backward
compatible API.
* OpenSSL backend: Fix LibreSSL compatibility.
* Check for data device and hash device area overlap in
veritysetup.
* Fix a possible race while allocating a free loop device.
* Fix possible file descriptor leaks if libcryptsetup is run from
a forked process.
* Fix missing same_cpu_crypt flag in status command.
* Various updates to FAQ and man pages.
- Changes for version 1.7.3:
* Fix device access to hash offsets located beyond the 2GB device
boundary in veritysetup.
* Set configured (compile-time) default iteration time for
devices created directly through libcryptsetup
* Fix PBKDF2 benchmark to not double iteration count for specific
corner case.
* Verify passphrase in cryptsetup-reencrypt when encrypting a new
drive.
* OpenSSL backend: fix memory leak if hash context was repeatedly
reused.
* OpenSSL backend: add support for OpenSSL 1.1.0.
* Fix several minor spelling errors.
* Properly check maximal buffer size when parsing UUID from
/dev/disk/.
- Update to version 1.7.2:
* Update LUKS documentation format.
Clarify fixed sector size and keyslots alignment.
* Support activation options for error handling modes in
Linux kernel dm-verity module:
- -ignore-corruption - dm-verity just logs detected corruption
- -restart-on-corruption - dm-verity restarts the kernel if
corruption is detected
If the options above are not specified, default behavior for
dm-verity remains. Default is that I/O operation fails with
I/O error if corrupted block is detected.
- -ignore-zero-blocks - Instructs dm-verity to not verify
blocks that are expected to contain zeroes and always
return zeroes directly instead.
NOTE that these options could have security or functional
impacts, do not use them without assessing the risks!
* Fix help text for cipher benchmark specification
(mention --cipher option).
* Fix off-by-one error in maximum keyfile size.
Allow keyfiles up to compiled-in default and not that value
minus one.
* Support resume of interrupted decryption in cryptsetup-reencrypt
utility. To resume decryption, LUKS device UUID (--uuid option)
option must be used.
* Do not use direct-io for LUKS header with unaligned keyslots.
Such headers were used only by the first cryptsetup-luks-1.0.0
release (2005).
* Fix device block size detection to properly work on particular
file-based containers over underlying devices with 4k sectors.
- Update to version 1.7.1:
* Code now uses kernel crypto API backend according to new
changes introduced in mainline kernel
While mainline kernel should contain backward compatible
changes, some stable series kernels do not contain fully
backported compatibility patches.
Without these patches most of cryptsetup operations
(like unlocking device) fail.
This change in cryptsetup ensures that all operations using
kernel crypto API works even on these kernels.
* The cryptsetup-reencrypt utility now properly detects removal
of underlying link to block device and does not remove
ongoing re-encryption log.
This allows proper recovery (resume) of reencrypt operation later.
NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
this link disappears once the device metadata is temporarily
removed from device.
* Cryptsetup now allows special "/-"/ (standard input) keyfile handling
even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
* Cryptsetup now fails if there are more keyfiles specified
for non-TCRYPT device.
* The luksKillSlot command now does not suppress provided password
in batch mode (if password is wrong slot is not destroyed).
Note that not providing password in batch mode means that keyslot
is destroyed unconditionally.
- update to 1.7.0:
* The cryptsetup 1.7 release changes defaults for LUKS,
there are no API changes.
* Default hash function is now SHA256 (used in key derivation
function and anti-forensic splitter).
* Default iteration time for PBKDF2 is now 2 seconds.
* Fix PBKDF2 iteration benchmark for longer key sizes.
* Remove experimental warning for reencrypt tool.
* Add optional libpasswdqc support for new LUKS passwords.
* Update FAQ document.
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Update to 1.6.8
* If the null cipher (no encryption) is used, allow only empty
password for LUKS. (Previously cryptsetup accepted any password
in this case.)
The null cipher can be used only for testing and it is used
temporarily during offline encrypting not yet encrypted device
(cryptsetup-reencrypt tool).
Accepting only empty password prevents situation when someone
adds another LUKS device using the same UUID (UUID of existing
LUKS device) with faked header containing null cipher.
This could force user to use different LUKS device (with no
encryption) without noticing.
(IOW it prevents situation when attacker intentionally forces
user to boot into different system just by LUKS header
manipulation.)
Properly configured systems should have an additional integrity
protection in place here (LUKS here provides only
confidentiality) but it is better to not allow this situation
in the first place.
(For more info see QubesOS Security Bulletin QSB-019-2015.)
* Properly support stdin "/-"/ handling for luksAddKey for both new
and old keyfile parameters.
* If encrypted device is file-backed (it uses underlying loop
device), cryptsetup resize will try to resize underlying loop
device as well. (It can be used to grow up file-backed device
in one step.)
* Cryptsetup now allows to use empty password through stdin pipe.
(Intended only for testing in scripts.)
- Enable verbose build log.
- regenerate the initrd if cryptsetup tool changes
(wanted by 90crypt dracut module)
- Update to 1.6.7
* Cryptsetup TCRYPT mode now supports VeraCrypt devices
(TrueCrypt extension)
* Support keyfile-offset and keyfile-size options even for plain
volumes.
* Support keyfile option for luksAddKey if the master key is
specified.
* For historic reasons, hashing in the plain mode is not used if
keyfile is specified (with exception of --key-file=-). Print
a warning if these parameters are ignored.
* Support permanent device decryption for cryptsetup-reencrypt.
To remove LUKS encryption from a device, you can now use
- -decrypt option.
* Allow to use --header option in all LUKS commands. The
- -header always takes precedence over positional device argument.
* Allow luksSuspend without need to specify a detached header.
* Detect if O_DIRECT is usable on a device allocation. There are
some strange storage stack configurations which wrongly allows
to open devices with direct-io but fails on all IO operations later.
* Add low-level performance options tuning for dmcrypt (for
Linux 4.0 and later).
* Get rid of libfipscheck library.
(Note that this option was used only for Red Hat and derived
distributions.) With recent FIPS changes we do not need to
link to this FIPS monster anymore. Also drop some no longer
needed FIPS mode checks.
* Many fixes and clarifications to man pages.
* Prevent compiler to optimize-out zeroing of buffers for on-stack
variables.
* Fix a crash if non-GNU strerror_r is used.
- cups
-
- When cupsd creates directories with specific owner group
and permissions (usually owner is 'root' and group matches
"/configure --with-cups-group=lp"/) specify same owner group and
permissions in the RPM spec file to ensure those directories
are installed by RPM with the right settings because if those
directories were installed by RPM with different settings then
cupsd would use them as is and not adjust its specific owner
group and permissions which could lead to privilege escalation
from 'lp' user to 'root' via symlink attacks e.g. if owner is
falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960)
Fix web UI kerberos authentication
- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
heap-buffer-overflow in libcups ppdFindOption() function
- cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch fixes
CVE-2019-8675 and CVE-2019-8696 (bsc#1146358 and bsc#1146359)
and some other security/disclosure issues
https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
(Apple's internal issues rdar://51685251, rdar://50035411,
rdar://51373853, rdar://51373929)
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
Fixes https://github.com/apple/cups/issues/5509
- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session
cookie is extremely predictable, effectively breaking the
CSRF protection of the CUPS web interface (bsc#1115750)
- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff
is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
https://github.com/apple/cups/commit/97cb566568a8c3a9c07c7ccec09f28f5c5015954
(except the not needed hunk for patching CHANGES.md which fails)
that fixes local privilege escalation to root and sandbox
bypasses in scheduler (Apple's internal issues rdar://37836779,
rdar://37836995, rdar://37837252, rdar://37837581)
in the CUPS 2.2 branch
bsc#1096405 CVE-2018-4180:
Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
bsc#1096406 CVE-2018-4181:
Limited Local File Reads as Root via cupsd.conf Include Directive
bsc#1096407 CVE-2018-4182:
cups-exec Sandbox Bypass Due to Insecure Error Handling
bsc#1096408 CVE-2018-4183:
cups-exec Sandbox Bypass Due to Profile Misconfiguration
- Version upgrade to 2.2.7:
CUPS 2.2.7 is a general bug fix release.
For details see https://github.com/apple/cups/releases
or the CHANGES.md file.
Changes include:
* Additional security fixes for:
bsc#1061066 DBUS library aborts caller process
in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
and
bsc#1087018 CVE-2017-18248: cups: The add_job function in
scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
enabled, can be crashed by remote attackers by sending print
jobs with an invalid username, related to a D-Bus notification
which are the CUPS upstream issues
https://github.com/apple/cups/issues/5143
Remote DoS attack against cupsd via invalid username
and malicious D-Bus library
and
https://github.com/apple/cups/issues/5186
squash non-UTF-8 strings into ASCII on plain IPP level
and
https://github.com/apple/cups/issues/5229
persistently substitute invalid job attributes
with default values - not only in add_job
see also
bsc#1087072 dbus-1:
Disable assertions to prevent un-expected DDoS attacks
* NOTICE: Raw print queues are now deprecated (Issue #5269)
so that now there is a warning message when you
add or modify a queue to use the "/raw driver"/ but
raw printing will continue to work through CUPS 2.3.x, cf.
https://lists.cups.org/pipermail/cups/2018-March/074060.html
* Fixed an Avahi crash bug in the scheduler (Issue #5268)
* Systemd did not restart cupsd when configuration changes
were made that required a restart (Issue #5263)
* The scheduler could crash while adding an IPP Everywhere
printer (Issue #5258)
* The scheduler now supports using temporary print queues
for older IPP/1.1 print queues like those shared by CUPS 1.3
and earlier (Issue #5241)
* Kerberized printing to another CUPS server did not work
correctly (Issue #5233)
* More fixes for printing to old CUPS servers (Issue #5211)
* The scheduler now substitutes default values for invalid
job attributes when running in "/relaxed conformance"/
mode (Issue #5186)
* The cups-driverd program incorrectly stopped scanning PPDs
as soon as a loop was seen (Issue #5170)
* The `SSLOptions` directive now supports `MinTLS` and `MaxTLS`
options to control the minimum and maximum TLS versions
that will be allowed, respectively (Issue #5119)
* The scheduler did not write out dirty configuration and
state files if there were open client connections (Issue #5118)
* The `lpadmin` command now provides a better error message when
an unsupported System V interface script is used (Issue #5111)
* No longer support backslash, question mark, or quotes
in printer names (Issue #4966)
* The CUPS library now supports the latest HTTP Digest
authentication specification including support
for SHA-256 (Issue #4862)
* TLS connections now properly timeout (rdar://34938533)
- Make sure cups-libs-<targettype> is removed
- Version upgrade to 2.2.6:
CUPS 2.2.6 is a general bug fix release.
For details see https://github.com/apple/cups/releases
Changes include:
* DBUS notifications could crash the scheduler (Issue #5143)
(see also bsc#1061066 "/DBUS library aborts caller process"/)
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
CUPS 2.2.5 is a general bug fix release.
For details see https://github.com/apple/cups/releases
- Version upgrade to 2.2.4:
CUPS 2.2.4 is a general bug fix release.
For details see https://github.com/apple/cups/releases
- Removed
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch
0002-Save-work-on-Avahi-code.patch
0003-Avahi-fixes-for-cupsEnumDests.patch
because since CUPS 2.2.4 it is fixed in the upstream code
via https://github.com/apple/cups/pull/4989 more precisely via
https://github.com/apple/cups/commit/a2187a63425a3d6c05de1e1cbf8c26fd39a1aced
https://github.com/apple/cups/commit/657c5b5f91e6d5120c4ad7b118cf9098dd27f03d
https://github.com/apple/cups/commit/3fae3b337df0be1a766857be741173d8a9915da7
- Fix typo in requires
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.
- Remove redundant Requires(pre) line — the use of %post -p
already implies it.
- Pre-require user(lp) in cups-libs
- In /usr/lib/tmpfiles.d/cups.conf use
group 'root' for /run/cups/certs (boo#1042916).
- Major backward incompatible change since CUPS 2.2.0:
There is no longer the directory /etc/cups/interfaces because
since CUPS 2.2.0 so called "/System V style Interface Scripts"/
are no longer supported for security reasons (see below the
entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
because it does no longer apply which needs to be examined
and decided by someone who knows about systemd internals.
- Disabled
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch
0002-Save-work-on-Avahi-code.patch
0003-Avahi-fixes-for-cupsEnumDests.patch
because they do no longer apply which needs to be examined
and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
CUPS 2.2.3 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* The IPP backend could get into an infinite loop for certain
errors, causing a hung queue (rdar://problem/28008717)
* The scheduler could pause responding to client requests in
order to save state changes to disk (rdar://problem/28690656)
* Added support for PPD finishing keywords
(Issue #4960, Issue #4961, Issue #4962)
* The IPP backend did not send a media-col attribute for just
the source or type (Issue #4963)
* IPP Everywhere print queues did not always support all print
qualities supported by the printer (Issue #4953)
* IPP Everywhere print queues did not always support all media
types supported by the printer (Issue #4953)
* The IPP Everywhere PPD generator did not return useful error
messages (Issue #4954)
* The IPP Everywhere finishings support did not work correctly
with common UI or command-line options (Issue #4976)
* Fixed an error handling issue for the network backends
(Issue #4979)
* The "/reprint job"/ option was not available for some canceled
jobs (Issue #4915)
* Updated the job listing in the web interface (Issue #4978)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
CUPS 2.2.2 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Fixed some issues with IPP Everywhere printer support
(Issue #4893, Issue #4909, Issue #4916, Issue #4921,
Issue #4923, Issue #4932, Issue #4933, Issue #4938)
* The rastertopwg filter could crash with certain input
(Issue #4942)
* The scheduler did not detect when an encrypted connection
was closed by the client on Linux (Issue #4901)
* The cups-lpd program did not catch all legacy usage
of ISO-8859-1 (Issue #4899)
* The scheduler no longer creates log files on startup
(<rdar://problem/28332470>)
* The ippContainsString function now uses case-insensitive
comparisons for mimeMediaType, name, and text values in
conformance with RFC 2911.
* The network backends now log the addresses that were found
for a printer (<rdar://problem/29268474>)
* Let's Encrypt certificates did not work when the hostname
contained uppercase letters (Issue #4919)
* Fixed reporting of printed pages in the web interface
(Issue #4924)
* Updated systemd config files (Issue #4935)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
CUPS 2.2.1 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Added "/CreateSelfSignedCerts"/ directive for cups-files.conf
to control whether the scheduler automatically creates
its own self-signed X.509 certificates for TLS connections
(Issue #4876)
* http*Connect did not handle partial failures (Issue #4870)
* cupsHashData did not use the correct hashing algorithm
(<rdar://problem/28209220>)
* Updated man pages (PR #4885)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
CUPS 2.2.0 adds support for local IPP Everywhere print queues
and includes several performance and security improvements.
See https://github.com/apple/cups/releases
Changes include:
* Normalized the TLS certificate validation code and added
additional error messages to aid troubleshooting.
* http*Connect did not work on Linux when cupsd was not running
(Issue #4870)
* The --no-remote-any option of cupsctl had no effect
(Issue #4866)
* http*Connect did not return early when all addresses failed
(Issue #4870)
* The IPP backend did not validate TLS credentials properly.
* The printer-state-message attribute was not cleared after a
print job with no errors (Issue #4851)
* The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
operations did not always return an error for failed
adds (Issue #4854)
* PPD files with names longer than 127 bytes did not work
(Issue #4860)
* CUPS now supports Let's Encrypt certificates on Linux.
* All CUPS commands now support POSIX options (Issue #4813)
* The scheduler now restarts faster (Issue #4760)
* Improved performance of web interface with large numbers
of jobs (Issue #3819)
* Encrypted printing can now be limited to only trusted
printers and servers (<rdar://problem/25711658>)
* The scheduler now advertises PWG Raster attributes for
IPP Everywhere clients (Issue #4428)
* The scheduler now logs informational messages for jobs
at LogLevel "/info"/ (Issue #4815)
* The scheduler now uses the getgrouplist function
when available (Issue #4611)
* The IPP backend no longer enables compression by default
except for certain raster formats that generally benefit
from it (<rdar://problem/25166952>)
* The scheduler did not handle out-of-disk situations
gracefully (Issue #4742)
* The LPD mini-daemon now detects invalid UTF-8 sequences
in job, document, and user names (Issue #4748)
* The IPP backend now continues on to the next job
when the remote server/printer puts the job on hold
(<rdar://problem/24858548>)
* The scheduler did not cancel multi-document jobs immediately
(<rdar://problem/24854834>)
* The scheduler did not return non-shared printers to local
clients unless they connected to the domain socket
(<rdar://problem/24566996>)
* The scheduler now reads the spool directory if one or more
job cache entries point to deleted jobs
(<rdar://problem/24048846>)
* Added support for disc media sizes (<rdar://problem/20219536>)
* The httpAddrConnect and httpConnect* APIs now try connecting
to multiple addresses in parallel (<rdar://problem/20643153>)
* Interface scripts are no longer supported for security reasons
(<rdar://problem/23135640>)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
CUPS 2.1.4 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
* Fixed printing of multiple files to raw queues (Issue #4782)
* The scheduler did not implement the Hold-New-Jobs opertion
correctly (Issue #4767)
* The cups-lpd mini-daemon incorrectly included the document-name
attribute when creating a job. It should only be included when
sending a job (Issue #4790)
A detailed list of changes can be found in the CHANGES.txt file.
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
suse_version >= 1315: give OBS a better chance to break up build
cycles.
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch,
0002-Save-work-on-Avahi-code.patch and
0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
finally commited to cups 2.2 sources in response to
https://github.com/apple/cups/pull/4989 in order to fix cupsEnumDests
to react to the ALL_FOR_NOW avahi event (and also include a similar
fix for the dnssd case). Related to bsc#955432.
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
Avahi sends an ALL_FOR_NOW event when it finishes sending
its cache contents. This patch makes cupsEnumDests finish
when the signal is received so it doesn't block the caller
doing nothing until the timeout finishes (related to bsc#955432,
submitted upstream at https://github.com/apple/cups/pull/4989)
- Add /etc/cups to cups-libs package [bsc#1025689]
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
sub-libraries have been merged into libsystemd since version 209.
openSUSE 13.1 was the last product to ship systemd 208.
- Remove CUPS.desktop and pixmap
* Obsoletes patch cups-1.3.9-desktop_file.patch
- Version upgrade to 2.1.3:
CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
and user commands.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* The scheduler should not exit under memory pressure
(<rdar://problem/23255001>)
* Fixed some issues in ipptool for skipped tests
(<rdar://problem/24137160>)
* The "/lp -H resume"/ command did not reset the
"/job-state-reasons"/ attribute value (STR #4752)
* The scheduler did not allow access to resource files
(icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
actually contained a current 2.2 snapshot.
There are no other changes.
- Version upgrade to 2.1.1:
CUPS 2.1.1 fixes a number of USB and IPP printing issues,
addresses some error reporting and hardening issues in
the scheduler, and updates some localizations.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* Security hardening fixes (<rdar://problem/23131948>,
<rdar://problem/23132108>, <rdar://problem/23132353>,
<rdar://problem/23132803>, <rdar://problem/23133230>,
<rdar://problem/23133393>, <rdar://problem/23133466>,
<rdar://problem/23133833>, <rdar://problem/23133998>,
<rdar://problem/23134228>, <rdar://problem/23134299>,
<rdar://problem/23134356>, <rdar://problem/23134415>,
<rdar://problem/23134506>, <rdar://problem/23135066>,
<rdar://problem/23135122>, <rdar://problem/23135207>,
<rdar://problem/23144290>, <rdar://problem/23144358>,
<rdar://problem/23144461>)
* The cupsGetPPD* functions did not work with IPP printers
(STR #4725)
* Some older HP LaserJet printers need a delayed close when
printing using the libusb-based USB backend (STR #4549)
* The libusb-based USB backend did not unload the kernel usblp
module if it was preventing the backend from accessing the
printer (STR #4707)
* Current Primera printers were incorrectly reported as Fargo
printers (STR #4708)
* The IPP backend did not always handle jobs getting canceled
at the printer (<rdar://problem/22716820>)
* Added USB quirk for Canon MP530 (STR #4730)
* The scheduler did not deliver job notifications for jobs
submitted to classes (STR #4733)
* Changing the printer-is-shared value for a remote queue
did not produce an error (STR #4738)
* The IPP backend incorrectly included the job-password
attribute in Validate-Job requests (<rdar://problem/23531939>)
- add -devel to build a 32bit wine on 64bit only Leap systems.
- Version upgrade to 2.1.0:
CUPS 2.1.0 offers improved support for IPP Everywhere,
adds support for advanced logging using journald on Linux, and
includes new security features for encrypted printing and
reduced network visibility in the default configuration.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* Added support for 3D printers (basic types only,
no built-in filters) based on PWG white paper.
* The IPP backend now stops sending print data
if the printer indicates the job has been aborted
or canceled (<rdar://problem/17837631>)
* The IPP backend now sends the job-pages-per-set
attribute when printing multiple copy jobs with
finishings (<rdar://problem/16792757>)
* The IPP backend now updates the cupsMandatory values when the
printer configuration changes (<rdar://problem/18126570>)
* No longer install banner files since third-party banner
filters now supply their own (STR #4518)
* The scheduler no longer listens on the loopback
interface unless the web interface or printer sharing
are enabled (<rdar://problem/9136448>)
* Added a PPD generator for IPP Everywhere printers (STR #4258)
* Now install "/default"/ versions of more configuration
files (<rdar://problem/19024491>) in particular
cups-files.conf.default and snmp.conf.default
* Added SSLOptions values to allow Diffie-Hellman key exchange
and disable TLS/1.0 support.
* Updated the scheduler to support more IPP Everywhere
attributes (STR #4630)
* The scheduler now supports advanced ASL and journald logging
when "/syslog"/ output is configured (STR #4474)
* The scheduler now supports logging to stderr when running
in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:
* cups-2.1.0-choose-uri-template.patch replaces
cups-1.2rc1-template.patch
* cups-2.1.0-default-webcontent-path.patch replaces
cups-1.4.3-default-webcontent-path.patch
* cups-2.1.0-cups-systemd-socket.patch replaces
cups-systemd-socket.patch
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
in comment.
- Add gpg verification for the tarball
- Version update to 2.0.4:
* Fixed a bug in cupsRasterWritePixels (STR #4650)
* Fixed redirection in the web interface (STR #4538)
* The IPP backend did not respond to side-channel
requests (STR #4645)
* The scheduler did not start all pending jobs
at once (STR #4646)
* The web search incorrectly searched time-at-xxx
values (STR #4652)
* Fixed an RPM spec file issue (STR #4657)
* The scheduler incorrectly started jobs while canceling
multiple jobs (STR #4648)
* Fixed processing of server overrides without
port numbers (STR #4675)
* Documentation changes (STR #4651, STR #4674)
- cups-2.0.3-additional_policies.patch replaces
cups-1.7-additional_policies.patch that still adds the same
"/allowallforanybody"/ policy but now with separated "/Limit All"/
to avoid https://www.cups.org/str.php?L4659 (boo#936309).
- Added "/-p /bin/bash"/ to RPM shell commands scriptlets that
enforces bash to be safe against any possible "/bashisms"/, cf
https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
- Fix the previous commit by using direct systemd call and
ensuring we work even on older distros
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
macro on our cups.conf
- Version upgrade to 2.0.3:
The new release addresses two security vulnerabilities,
add localizations for German and Russian, and includes several
general bug fixes. Changes include (excerpt):
* Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
exploiting the dynamic linker (STR #4609) (bsc#924208)
* Security: The scheduler could hang with malformed gzip data
(STR #4602)
* Restored missing generic printer icon file (STR #4587)
* Fixed logging of configuration errors to show up as errors
(STR #4582)
* Fixed potential buffer overflows in raster code and filters
(STR #4598, STR #4599, STR #4600, STR #4601)
* Fixed <Limit> inside <Location> (STR #4575)
* Fixed lpadmin when both -m and -o are used (STR #4578)
* The web interface always showed support for 2-sided printing
(STR #4595)
* cupsRasterReadHeader did not fully validate the raster header
(STR #4596)
* The rastertopwg filter did not check for truncated input
(STR #4597)
* The cups-lpd mini-daemon did not check for request parameters
(STR #4603)
* The scheduler could get caught in a busy loop (STR #4605)
* The sample Epson driver could crash (STR #4616)
* The IPP backend now correctly monitors jobs
(<rdar://problem/20495955>)
* The ppdhtml and ppdpo utilities crashed when the -D option
was used before a driver information file (STR #4627)
* ippfind incorrectly substituted "/=port"/ for service_port.
* The IPP/1.1 test file did not handle the initial print job
completing early (STR #4576)
* Fixed a memory leak in cupsConnectDest (STR #4634)
* PWG Raster Format output contained invalid ImageBox values
(<rdar://problem/21144309>)
* Added Russian translation (STR #4577)
* Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
possible and removed trailing whitespaces).
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.
- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid
page header and compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD
keyword was already an IPP keyword (<rdar://problem/19121005>)
* cupsGetPPD* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
as most do not want it
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package
* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only
as needs newer gnutls, so don't bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:
* cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
* cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
* cups-0003-systemd-secure-cups.service-unit-file.patch
* cups-1.3.6-access_conf.patch
* cups-1.5-additional_policies.patch
* cups-1.5.4-CVE-2012-5519.patch
* cups-1.5.4-strftime.patch
* cups-move-everything-to-run.patch
* cups-polld_avoid_busy_loop.patch
* cups-provides-cupsd-service.patch
* str4190.patch
* str4351.patch
* str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:
* cups-1.3.9-desktop_file.patch
* cups-config-libs.patch
- Added patches:
* cups-1.7-additional_policies.patch
* cups-systemd-socket.patch
- curl
-
- Security fix: [bsc#1188220, CVE-2021-22925]
* TELNET stack contents disclosure again
* Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
* Bad connection reuse due to flawed path name checks
* Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
* Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
* Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
* TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183934, CVE-2021-22890]
* When using a HTTPS proxy and TLS 1.3, libcurl can confuse
session tickets arriving from the HTTPS proxy but work as
if they arrived from the remote server and then wrongly
"/short-cut"/ the host handshake.
- Add curl-CVE-2021-22890.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
* The automatic referer leaks credentials
- Add curl-CVE-2021-22876.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
* Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
the OCSP response that a server responds with as part of the TLS
handshake. It then aborts the TLS negotiation if something is
wrong with the response. The same feature can be enabled with
'--cert-status' using the curl tool.
* As part of the OCSP response verification, a client should verify
that the response is indeed set out for the correct certificate.
This step was not performed by libcurl when built or told to use
OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
* FTP wildcard stack overflow: The wc_statemach() internal
function has been rewritten to use an ordinary loop instead of
the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
* Trusting FTP PASV responses: When curl performs a passive FTP
transfer, it first tries the 'EPSV' command and if that is not
supported, it falls back to using 'PASV'. A malicious server
can use the 'PASV' response to trick curl into connecting
back to a given IP address and port, and this way potentially
make curl extract information about services that are otherwise
private and not disclosed.
* The IP address part of the response is now ignored by default,
by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
goes for the command line tool, which then might need
'--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
* An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then.
- Add curl-CVE-2020-8231.patch
- Security fix: [bsc#1173027, CVE-2020-8177]
* curl can be tricked my a malicious server to overwrite a local
file when using '-J' ('--remote-header-name') and '-i' ('--head')
in the same command line.
- Add curl-CVE-2020-8177.patch
- Security fix: [bsc#1173026, CVE-2020-8169]
* Partial password leak over DNS on HTTP redirect
- Add curl-CVE-2020-8169.patch
- Fix segfault in zypper ref: [bsc#1156481]
* remove_handle: clear expire timers after multi_done()
* Add patch curl-expire-clear.patch
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
[bsc#1149604, bsc#1149572, jsc#SLE-9295]
* Changes:
- CURLINFO_RETRY_AFTER: parse the Retry-After header value
- HTTP3: initial (experimental still not working) support
- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
- curl: support parallel transfers with -Z
- curl_multi_poll: a sister to curl_multi_wait() that waits more
- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
* Bugfixes:
- CVE-2019-5481: FTP-KRB double-free
- CVE-2019-5482: TFTP small blocksize heap buffer overflow
- CMake: remove needless newlines at end of gss variables
- CMake: use platform dependent name for dlopen() library
- CURLINFO docs: mention that in redirects times are added
- CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
- CURLOPT_HEADERFUNCTION.3: clarify
- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
- CURLOPT_READFUNCTION.3: provide inline example
- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
- Curl_addr2string: take an addrlen argument too
- Curl_fillreadbuffer: avoid double-free trailer buf on error
- HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
- alt-svc: add protocol version selection masking
- alt-svc: fix removal of expired cache entry
- alt-svc: make it use h3-22 with ngtcp2 as well
- alt-svc: more liberal ALPN name parsing
- alt-svc: send Alt-Used: in redirected requests
- alt-svc: with quiche, use the quiche h3 alpn string
- asyn-thread: create a socketpair to wait on
- cleanup: move functions out of url.c and make them static
- cleanup: remove the 'numsocks' argument used in many places
- configure: avoid undefined check_for_ca_bundle
- curl.h: add CURL_HTTP_VERSION_3 to the version enum
- curl: cap the maximum allowed values for retry time arguments
- curl: handle a libcurl build without netrc support
- curl: make use of CURLINFO_RETRY_AFTER when retrying
- curl: use CURLINFO_PROTOCOL to check for HTTP(s)
- curl_global_init_mem.3: mention it was added in 7.12.0
- curl_version: bump string buffer size to 250
- curl_version_info.3: mentioned ALTSVC and HTTP3
- curl_version_info: offer quic (and h3) library info
- curl_version_info: provide nghttp2 details
- defines: avoid underscore-prefixed defines
- docs/ALTSVC: remove what works and the experimental explanation
- docs/EXPERIMENTAL: explain what it means and what's experimental now
- docs/MANUAL.md: converted to markdown from plain text
- docs/examples/curlx: fix errors
- docs: s/curl_debug/curl_dbg_debug in comments and docs
- easy: resize receive buffer on easy handle reset
- examples: Avoid reserved names in hiperfifo examples
- examples: add http3.c, altsvc.c and http3-present.c
- http09: disable HTTP/0.9 by default in both tool and library
- http2: when marked for closure and wanted to close == OK
- http2_recv: trigger another read when the last data is returned
- http: fix use of credentials from URL when using HTTP proxy
- http_negotiate: improve handling of gss_init_sec_context() failures
- md4: Use our own MD4 when no crypto libraries are available
- multi: call detach_connection before Curl_disconnect
- nss: use TLSv1.3 as default if supported
- openssl: build warning free with boringssl
- openssl: use SSL_CTX_set__proto_version() when available
- plan9: add support for running on Plan 9
- progress: reset download/uploaded counter between transfers
- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
- scp: fix directory name length used in memcpy
- smb: init *msg to NULL in smb_send_and_recv()
- smtp: check for and bail out on too short EHLO response
- source: remove names from source comments
- spnego_sspi: add typecast to fix build warning
- src/makefile: fix uncompressed hugehelp.c generation
- ssh-libssh: do not specify O_APPEND when not in append mode
- ssh: move code into vssh for SSH backends
- sspi: fix memory leaks
- tests: Replace outdated test case numbering documentation
- tftp: return error when packet is too small for options
- timediff: make it 64 bit (if possible) even with 32 bit time_t
- travis: reduce number of torture tests in 'coverage'
- url: make use of new HTTP version if alt-svc has one
- urlapi: verify the IPv6 numerical address
- urldata: avoid 'generic', use dedicated pointers
- vauth: Use CURLE_AUTH_ERROR for auth function errors
* Removed patches:
- curl-CVE-2018-0500.patch
- curl-CVE-2018-14618.patch
- curl-CVE-2018-16839.patch
- curl-CVE-2018-16840.patch
- curl-CVE-2018-16842.patch
- curl-CVE-2018-16890.patch
- curl-CVE-2019-3822.patch
- curl-CVE-2019-3823.patch
- curl-CVE-2019-5436.patch
- curl-CVE-2019-5481.patch
- curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
* TFTP small blocksize heap buffer overflow
* Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
* FTP-KRB: double-free during kerberos FTP data transfer
* Added curl-CVE-2019-5481.patch
- Update to 7.65.3
* progress: make the progress meter appear again
- Update to 7.65.2
* Bugfixes:
- CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
- CMake: Fix finding Brotli on case-sensitive file systems
- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
- CURLOPT_SEEKDATA.3: fix variable name
- bindlocal: detect and avoid IP version mismatches in bind()
- build: fix Codacy warnings
- c-ares: honor port numbers in CURLOPT_DNS_SERVERS
- config-os400: add getpeername and getsockname defines
- configure: --disable-progress-meter
- configure: fix --disable-code-coverage
- configure: more --disable switches to toggle off individual features
- configure: remove CURL_DISABLE_TLS_SRP
- conn_maxage: move the check to prune_dead_connections()
- curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
- docs: Explain behavior change in --tlsv1. options since 7.54
- docs: Fix links to OpenSSL docs
- docs: fix string suggesting HTTP/2 is not the default
- headers: Remove no longer exported functions
- http2: call done_sending on end of upload
- http2: don't call stream-close on already closed streams
- http2: remove CURL_DISABLE_TYPECHECK define
- http: allow overriding timecond with custom header
- http: clarify header buffer size calculation
- krb5: fix compiler warning
- lib: Use UTF-8 encoding in comments
- libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
- multi: enable multiplexing by default (again)
- multi: fix the transfer hashes in the socket hash entries
- multi: make sure 'data' can present in several sockhash entries
- netrc: Return the correct error code when out of memory
- nss: don't set unused parameter
- nss: inspect returnvalue of token check
- nss: only cache valid CRL entries
- openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
- openssl: fix pubkey/signature algorithm detection in certinfo
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
- quote.d: asterisk prefix works for SFTP as well
- runtests: keep logfiles around by default
- runtests: report single test time + total duration
- test1165: verify that CURL_DISABLE_ symbols are in sync
- test1521: adapt to SLISTPOINT
- test1523: test CURLOPT_LOW_SPEED_LIMIT
- test153: fix content-length to avoid occasional hang
- test188/189: fix Content-Length
- tests: have runtests figure out disabled features
- tests: support non-localhost HOSTIP for dict/smb servers
- tests: update fixed IP for hostip/clientip split
- tool_cb_prg: Fix integer overflow in progress bar
- typecheck: CURLOPT_CONNECT_TO takes an slist too
- typecheck: add 3 missing strings and a callback data pointer
- unit1654: cleanup on memory failure
- unpause: trigger a timeout for event-based transfers
- url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
* Bugfixes:
- CURLOPT_LOW_SPEED_* repaired
- NTLM: reset proxy "/multipass"/ state when CONNECT request is done
- PolarSSL: deprecate support step 1. Removed from configure
- cmake: check for if_nametoindex()
- cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
- conncache: Remove the DEBUGASSERT on length check
- conncache: make "/bundles"/ per host name when doing proxy tunnels
- curl_share_setopt.3: improve wording
- dump-header.d: spell out that no headers == empty file
- example/http2-download: fix format specifier
- examples: cleanups and compiler warning fixes
- http2: Stop drain from being permanently set
- http: don't parse body-related headers in bodyless responses
- md4: build correctly with openssl without MD4
- md4: include the mbedtls config.h to get the MD4 info
- multi: track users of a socket better
- nss: allow to specify TLS 1.3 ciphers if supported by NSS
- parse_proxy: make sure portptr is initialized
- parse_proxy: use the IPv6 zone id if given
- sectransp: handle errSSLPeerAuthCompleted from SSLRead()
- singlesocket: use separate variable for inner loop
- ssl: Update outdated "/openssl-only"/ comments for supported backends
- tests: add HAProxy keywords
- tests: make test 1420 and 1406 work with rtsp-disabled libcurl
- tls13-docs: mention it is only for OpenSSL >= 1.1.1
- tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
- url: fix bad feature-disable #ifdef
- url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
* Changes:
- CURLOPT_DNS_USE_GLOBAL_CACHE: removed
- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
- pipelining: removed
* Bugfixes:
- CVE-2019-5435: Integer overflows in curl_url_set
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
- --config: clarify that initial : and = might need quoting
- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
- CURLOPT_ADDRESS_SCOPE: fix range check and more
- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
- Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
- OS400/ccsidcurl: replace use of Curl_vsetopt
- OpenSSL: Report -fips in version if OpenSSL is built with FIPS
- WRITEFUNCTION: add missing set_in_callback around callback
- altsvc: Fix building with cookies disabled
- auth: Rename the various authentication clean up functions
- base64: build conditionally if there are users
- cmake: avoid linking executable for some tests with cmake 3.6+
- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
- cmake: set SSL_BACKENDS
- configure: avoid unportable '==' test(1) operator
- configure: error out if OpenSSL wasn't detected when asked for
- configure: fix default location for fish completions
- cookie: Guard against possible NULL ptr deref
- curl: make code work with protocol-disabled libcurl
- curl: report error for "/--no-"/ on non-boolean options
- curlver.h: use parenthesis in CURL_VERSION_BITS macro
- docs/INSTALL: fix broken link
- doh: acknowledge CURL_DISABLE_DOH
- doh: disable DOH for the cases it doesn't work
- examples: remove unused variables
- ftplistparser: fix LGTM alert "/Empty block without comment"/
- hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
- http: acknowledge CURL_DISABLE_HTTP_AUTH
- http: mark bundle as not for multiuse on < HTTP/2 response
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
- http_ntlm: Corrected the name of the include guard
- http_ntlm_wb: Handle auth for only a single request
- http_ntlm_wb: Return the correct error on receiving an empty auth message
- lib509: add missing include for strdup
- lib557: initialize variables
- mbedtls: enable use of EC keys
- mime: acknowledge CURL_DISABLE_MIME
- multi: improved HTTP_1_1_REQUIRED handling
- netrc: acknowledge CURL_DISABLE_NETRC
- nss: allow fifos and character devices for certificates
- nss: provide more specific error messages on failed init
- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- openssl: mark connection for close on TLS close_notify
- openvms: Remove pre-processor for SecureTransport
- parse_proxy: use the URL parser API
- parsedate: disabled on CURL_DISABLE_PARSEDATE
- pingpong: disable more when no pingpong protocols are enabled
- polarssl_threadlock: remove conditionally unused code
- progress: acknowledge CURL_DISABLE_PROGRESS_METER
- proxy: acknowledge DISABLE_PROXY more
- resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
- revert "/multi: support verbose conncache closure handle"/
- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- sasl: only enable if there's a protocol enabled using it
- singleipconnect: show port in the verbose "/Trying ..."/ message
- socks5: user name and passwords must be shorter than 256
- socks: fix error message
- socksd: new SOCKS 4+5 server for tests
- spnego_gssapi: fix return code on gss_init_sec_context() failure
- ssh-libssh: remove unused variable
- ssh: define USE_SSH if SSH is enabled (any backend)
- ssh: move variable declaration to where it's used
- test1002: correct the name
- test2100: Fix typos in test description
- tests: Run global cleanup at end of tests
- tests: make Impacket (SMB server) Python 3 compatible
- tool_cb_wrt: fix bad-function-cast warning
- tool_formparse: remove redundant assignment
- tool_help: Warn if curl and libcurl versions do not match
- tool_help: include for strcasecmp
- url: always clone the CUROPT_CURLU handle
- url: convert the zone id from a IPv6 URL to correct scope id
- urlapi: add CURLUPART_ZONEID to set and get
- urlapi: increase supported scheme length to 40 bytes
- urlapi: require a non-zero host name length when parsing URL
- urlapi: stricter CURLUPART_PORT parsing
- urlapi: strip off zone id from numerical IPv6 addresses
- urlapi: urlencode characters above 0x7f correctly
- vauth/cleartext: update the PLAIN login to match RFC 4616
- vauth/oauth2: Fix OAUTHBEARER token generation
- vauth: Fix incorrect function description for Curl_auth_user_contains_domain
- vtls: fix potential ssl_buffer stack overflow
- wildcard: disable from build when FTP isn't present
- xattr: skip unittest on unsupported platforms
- Security fix [bsc#1135170, CVE-2019-5436]
* A heap buffer overflow exists in tftp_receive_packet that
receives data from a TFTP server
* Added curl-CVE-2019-5436.patch
- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
* Changes:
- alt-svc: experiemental support added
- configure: add --with-amissl
* Bugfixes:
- AppVeyor: switch VS 2015 builds to VS 2017 image
- CURLU: fix NULL dereference when used over proxy
- Curl_easy: remove req.maxfd - never used!
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
- DoH: inherit some SSL options from user's easy handle
- Secure Transport: no more "/darwinssl"/
- Secure Transport: tvOS 11 is required for ALPN support
- cirrus: Added FreeBSD builds using Cirrus CI
- cleanup: make local functions static
- cli tool: do not use mime.h private structures
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
- configure: add additional libraries to check for LDAP support
- configure: remove the unused fdopen macro
- configure: show features as well in the final summary
- conncache: use conn->data to know if a transfer owns it
- connection: never reuse CONNECT_ONLY connections
- connection_check: restore original conn->data after the check
- connection_check: set ->data to the transfer doing the check
- cookie: Add support for cookie prefixes
- cookies: dotless names can set cookies again
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
- curl.1: --user and --proxy-user are hidden from ps output
- curl.1: mark the argument to --cookie as
- curl.h: use __has_declspec_attribute for shared builds
- curl: display --version features sorted alphabetically
- curl: fix FreeBSD compiler warning in the --xattr code
- curl: remove MANUAL from -M output
- curl_easy_duphandle.3: clarify that a duped handle has no shares
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
- curl_url.3: this API is not experimental anymore
- dns: release sharelock as soon as possible
- docs: update max-redirs.d phrasing
- examples/10-at-a-time.c: improve readability and simplify
- examples/cacertinmem.c: use multiple certificates for loading CA-chain
- examples/crawler: Fix the Accept-Encoding setting
- examples/ephiperfifo.c: various fixes
- examples/externalsocket: add missing close socket calls
- examples/http2-download: cleaned up
- examples/http2-serverpush: add some sensible error checks
- examples/http2-upload: cleaned up
- examples/httpcustomheader: Value stored to 'res' is never read
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
- examples/sftpuploadresume: Value stored to 'result' is never read
- examples: only include
- examples: remove recursive calls to curl_multi_socket_action
- examples: remove superfluous null-pointer checks
- file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
- fnmatch: disable if FTP is disabled
- gnutls: remove call to deprecated gnutls_compression_get_name
- gopher: remove check for path == NULL
- gssapi: fix deprecated header warnings
- hostip: make create_hostcache_id avoid alloc + free
- http2: multi_connchanged() moved from multi.c, only used for h2
- http2: verify :athority in push promise requests
- http: make adding a blank header thread-safe
- http: send payload when (proxy) authentication is done
- http: set state.infilesize when sending multipart formposts
- makefile: make checksrc and hugefile commands "/silent"/
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
- mbedtls: release sessionid resources on error
- memdebug: log pointer before freeing its data
- memdebug: make debug-specific functions use curl_dbg_ prefix
- mime: put the boundary buffer into the curl_mime struct
- multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
- multi: remove verbose "/Expire in"/ ... messages
- multi: removed unused code for request retries
- multi: support verbose conncache closure handle
- negotiate: fix for HTTP POST with Negotiate
- openssl: add support for TLS ASYNC state
- openssl: if cert type is ENG and no key specified, key is ENG too
- pretransfer: don't strlen() POSTFIELDS set for GET requests
- rand: Fix a mismatch between comments in source and header
- runtests: detect "/schannel"/ as an alias for "/winssl"/
- schannel: be quiet - remove verbose output
- schannel: close TLS before removing conn from cache
- schannel: support CALG_ECDH_EPHEM algorithm
- scripts/completion.pl: also generate fish completion file
- singlesocket: fix the 'sincebefore' placement
- source: fix two 'nread' may be used uninitialized warnings
- ssh: fix Condition '!status' is always true
- ssh: loop the state machine if not done and not blocking
- strerror: make the strerror function use local buffers
- test578: make it read data from the correct test
- tests: Fixed XML validation errors in some test files
- tests: add stderr comparison to the test suite
- tests: fix multiple may be used uninitialized warnings
- threaded-resolver: shutdown the resolver thread without error message
- tool_cb_wrt: fix writing to Windows null device NUL
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
- tool_operate: build on AmigaOS
- tool_operate: fix typecheck warning
- transfer.c: do not compute length of undefined hex buffer
- travis: add build using gnutls
- travis: add scan-build
- travis: bump the used wolfSSL version to 4.0.0
- travis: enable valgrind for the iconv tests
- travis: use updated compiler versions: clang 7 and gcc 8
- unit1307: require FTP support
- unit1651: survive curl_easy_init() fails
- url/idnconvert: remove scan for <= 32 ascii values
- url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
- urlapi: reduce variable scope, remove unreachable 'break'
- urldata: convert bools to bitfields and move to end
- urldata: simplify bytecounters
- urlglob: Argument with 'nonnull' attribute passed null
- version.c: silent scan-build even when librtmp is not enabled
- vtls: rename some of the SSL functions
- wolfssl: stop custom-adding curves
- x509asn1: "/Dereference of null pointer"/
- x509asn1: cleanup and unify code layout
- zsh.pl: escape ':' character
- zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
* curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
missing to notify sockets. [bsc#1129083, bsc#1129470]
* Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
due to cmake pulling libcurl4
- update to version 7.64.0
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
[bcs#1123378, CVE-2019-3823]
* Changes:
- cookies: leave secure cookies alone
- hostip: support wildcard hosts
- http: Implement trailing headers for chunked transfers
- http: added options for allowing HTTP/0.9 responses
- timeval: Use high resolution timestamps on Windows
* Bugfixes:
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
- FAQ: remove mention of sourceforge for github
- OS400: handle memory error in list conversion
- OS400: upgrade ILE/RPG binding.
- README: add codacy code quality badge
- Revert http_negotiate: do not close connection
- THANKS: added several missing names from year <= 2000
- build: make 'tidy' target work for metalink builds
- cmake: added checks for variadic macros
- cmake: updated check for HAVE_POLL_FINE to match autotools
- cmake: use lowercase for function name like the rest of the code
- configure: detect xlclang separately from clang
- configure: fix recv/send/select detection on Android
- configure: rewrite --enable-code-coverage
- conncache_unlock: avoid indirection by changing input argument type
- cookie: fix comment typo
- cookies: allow secure override when done over HTTPS
- cookies: extend domain checks to non psl builds
- cookies: skip custom cookies when redirecting cross-site
- curl --xattr: strip credentials from any URL that is stored
- curl -J: refuse to append to the destination file
- curl/urlapi.h: include "/curl.h"/ first
- curl_multi_remove_handle() don't block terminating c-ares requests
- darwinssl: accept setting max-tls with default min-tls
- disconnect: separate connections and easy handles better
- disconnect: set conn->data for protocol disconnect
- docs/version.d: mention MultiSSL
- docs: fix the --tls-max description
- docs: use $(INSTALL_DATA) to install man page
- docs: use meaningless port number in CURLOPT_LOCALPORT example
- gopher: always include the entire gopher-path in request
- http2: clear pause stream id if it gets closed
- if2ip: remove unused function Curl_if_is_interface_name
- libssh: do not let libssh create socket
- libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
- libssh: free sftp_canonicalize_path() data correctly
- libtest/stub_gssapi: use "/real"/ snprintf
- mbedtls: use VERIFYHOST
- multi: multiplexing improvements
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
- ntlm: fix NTMLv2 compliance
- ntlm_sspi: add support for channel binding
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
- openvms: fix OpenSSL discovery on VAX
- openvms: fix typos in documentation
- os400: add a missing closing bracket
- os400: fix extra parameter syntax error
- pingpong: change default response timeout to 120 seconds
- pingpong: ignore regular timeout in disconnect phase
- printf: fix format specifiers
- runtests.pl: Fix perl call to include srcdir
- schannel: fix compiler warning
- schannel: preserve original certificate path parameter
- schannel: stop calling it "/winssl"/
- sigpipe: if mbedTLS is used, ignore SIGPIPE
- smb: fix incorrect path in request if connection reused
- ssh: log the libssh2 error message when ssh session startup fails
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
- test1561: improve test name
- test1653: make it survive torture tests
- tests: allow tests to pass by 2037-02-12
- tests: move objnames-* from lib into tests
- timediff: fix math for unsigned time_t
- timeval: Disable MSVC Analyzer GetTickCount warning
- tool_cb_prg: avoid integer overflow
- travis: added cmake build for osx
- urlapi: Fix port parsing of eol colon
- urlapi: distinguish possibly empty query
- urlapi: fix parsing ipv6 with zone index
- urldata: rename easy_conn to just conn
- winbuild: conditionally use /DZLIB_WINAPI
- wolfssl: fix memory-leak in threaded use
- spnego_sspi: add support for channel binding
- Security fix [bsc#1123378, CVE-2019-3823]
* SMTP end-of-response out-of-bounds read
* Added patch curl-CVE-2019-3823.patch
- Security fix [bsc#1123377, CVE-2019-3822]
* NTLMv2 type-3 header stack buffer overflow
* Added patch curl-CVE-2019-3822.patch
- Fix wrong summary, curl is at version 7, not 4.
- Security fix [bsc#1123371, CVE-2018-16890]
* NTLM type-2 out-of-bounds buffer read
* Added patch curl-CVE-2018-16890.patch
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
Changes:
* curl: add %{stderr} and %{stdout} for --write-out
* curl: add undocumented option --dump-module-paths for w32
* setopt: add CURLOPT_CURLU
Bugfixes:
* (lib)curl.rc: fixup for minor bugs
* CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
* CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
* CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
* Curl_follow: accept non-supported schemes for "/fake"/ redirects
* KNOWN_BUGS: add --proxy-any connection issue
* NTLM: Remove redundant ifdef USE_OPENSS
* NTLM: force the connection to HTTP/1.1
* OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
* SECURITY-PROCESS: bountygraph shuts down again
* TODO: Have the URL API offer IDN decoding
* ares: remove fd from multi fd set when ares is about to close the fd
* axtls: removed
* checksrc: add COPYRIGHTYEAR check
* cmake: fix MIT/Heimdal Kerberos detection
* configure: include all libraries in ssl-libs fetch
* configure: show CFLAGS, LDFLAGS etc in summary
* connect: fix building for recent versions of Minix
* cookies: create the cookiejar even if no cookies to save
* cookies: expire "/Max-Age=0"/ immediately
* curl: --local-port range was not "/including"/
* curl: fix --local-port integer overflow
* curl: fix memory leak reading --writeout from file
* curl: fixed UTF-8 in current console code page (Win)
* curl_easy_perform: fix timeout handling
* curl_global_sslset(): id == -1 is not necessarily an error
* curl_multibyte: fix a malloc overcalculation
* curle: move deprecated error code to ifndef block
* docs: curl_formadd field and file names are now escaped
* docs: escape "/n"/ codes
* doh: fix memory leak in OOM situation
* doh: make it work for h2-disabled builds too
* examples/ephiperfifo: report error when epoll_ctl fails
* ftp: avoid unsigned int overflows in FTP listing parser
* host names: allow trailing dot in name resolve, then strip it
* http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
* http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
* http: fix HTTP DIgest auth to include query in URI
* http_negotiate: do not close connection until negotiation is completed
* impacket: add LICENSE
* infof: clearly indicate truncation
* ldap: fix LDAP URL parsing regressions
* libcurl: stop reading from paused transfers
* mprintf: avoid unsigned integer overflow warning
* netrc: don't ignore the login name specified with "/--user"/
* nss: Fall back to latest supported SSL version
* nss: Fix compatibility with nss versions 3.14 to 3.15
* nss: fix fallthrough comment to fix picky compiler warning
* nss: remove version selecting dead code
* nss: set default max-tls to 1.3/1.2
* openssl: Remove SSLEAY leftovers
* openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
* openssl: do not use file BIOs if not requested
* openssl: fix unused variable compiler warning with old openssl
* openssl: support session resume with TLS 1.3
* openvms: fix example name
* os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
* os400: add CURLOPT_CURLU to ILE/RPG binding
* os400: fix return type of curl_easy_pause() in ILE/RPG binding
* packages: remove old leftover files and dirs
* pop3: only do APOP with a valid timestamp
* runtests: use the local curl for verifying
* schannel: be consistent in Schannel capitalization
* schannel: better CURLOPT_CERTINFO support
* schannel: use Curl_prefix for global private symbols
* snprintf: renamed and now we only use msnprintf()
* ssl: fix compilation with OpenSSL 0.9.7
* ssl: replace all internal uses of CURLE_SSL_CACERT
* symbols-in-versions: add missing CURLU_symbols
* test328: verify Content-Encoding: none
* tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
* tests: drop http_pipe.py script no longer used
* tests: drop http_pipe.py script no longer used
* tool_cb_wrt: Silence function cast compiler warning
* tool_doswin: Fix uninitialized field warning
* travis: build with clang sanitizers
* travis: remove curl before a normal build
* url: a short host name + port is not a scheme
* url: fix IPv6 numeral address parser
* urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
Changes:
* multiplex: enable by default
* url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
* setopt: add CURLOPT_DOH_URL
* curl: --doh-url added
* setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
* imap: change from "/FETCH"/ to "/UID FETCH"/
* configure: add option to disable automatic OpenSSL config loading
* upkeep: add a connection upkeep API: curl_easy_upkeep()
* URL-API: added five new functions
* vtls: MesaLink is a new TLS backend
Bugfixes:
* CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
* CVE-2018-16840: use-after-free in handle close [bsc#1113029]
* CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
* CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
* Curl_dedotdotify(): always nul terminate returned string
* Curl_follow: Always free the passed new URL
* Curl_http2_done: fix memleak in error path
* Curl_retry_request: fix memory leak
* Curl_saferealloc: Fixed typo in docblock
* FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
* GnutTLS: TLS 1.3 support
* SECURITY-PROCESS: mention the bountygraph program
* VS projects: add USE_IPV6:
* certs: generate tests certs with sha256 digest algorithm
* checksrc: enable strict mode and warnings
* checksrc: handle zero scoped ignore commands
* cmake: Backport to work with CMake 3.0 again
* cmake: Improve config installation
* cmake: add support for transitive ZLIB target
* cmake: disable -Wpedantic-ms-format
* cmake: don't require OpenSSL if USE_OPENSSL=OFF
* cmake: fixed path used in generation of docs/tests
* cmake: remove unused *SOCKLEN_T variables
* cmake: suppress MSVC warning C4127 for libtest
* cmake: test and set missed defines during configuration
* config: Remove unused SIZEOF_VOIDP
* configure: force-use -lpthreads on HPUX
* configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
* cookies: Remove redundant expired check
* cookies: fix leak when writing cookies to file
* curl-config.in: remove dependency on bc
* curl.1: --ipv6 mutexes ipv4 (fixed typo)
* curl: update the documentation of --tlsv1.0
* curl_multi_wait: call getsock before figuring out timeout
* curl_ntlm_wb: check aprintf() return codes
* data-binary.d: clarify default content-type is x-www-form-urlencoded
* docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
* docs/CIPHERS: fix the TLS 1.3 cipher names
* docs/CIPHERS: mention the colon separation for OpenSSL
* docs/examples: URL updates
* docs: add "/see also"/ links for SSL options
* example/asiohiper: insert warning comment about its status
* example/htmltidy: fix include paths of tidy libraries
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
* examples/parseurl.c: show off the URL API
* examples: Fix memory leaks from realloc errors
* examples: do not wait when no transfers are running
* ftp: include command in Curl_ftpsend sendbuffer
* gskit: make sure to terminate version string
* gtls: Values stored to but never read
* hostip: fix check on Curl_shuffle_addr return value
* http2: fix memory leaks on error-path
* http: fix memleak in rewind error path
* krb5: fix memory leak in krb_auth
* memory: add missing curl_printf header
* memory: ensure to check allocation results
* multi: Fix error handling in the SENDPROTOCONNECT state
* multi: fix memory leak in content encoding related error path
* multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
* netrc: free temporary strings if memory allocation fails
* nss: try to connect even if libnssckbi.so fails to load
* ntlm_wb: Fix memory leaks in ntlm_wb_response
* ntlm_wb: bail out if the response gets overly large
* openssl: assume engine support in 0.9.8 or later
* openssl: enable TLS 1.3 post-handshake auth
* openssl: fix gcc8 warning
* openssl: load built-in engines too
* openssl: make 'done' a proper boolean
* openssl: output the correct cipher list on TLS 1.3 error
* openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
* openssl: show "/proper"/ version number for libressl builds
* pipelining: deprecated
* rand: add comment to skip a clang-tidy false positive
* rtmp: fix for compiling with lwIP
* runtests: ignore disabled even when ranges are given
* schannel: unified error code handling
* sendf: Fix whitespace in infof/failf concatenation
* ssh: free the session on init failures
* ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
* system.h: use proper setting with Sun C++ as well
* test1299: use single quotes around asterisk
* test1452: mark as flaky
* test1651: unit test Curl_extract_certinfo()
* test320: strip out more HTML when comparing
* tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
* tests: add unit tests for url.c
* tool_cb_hdr: handle failure of rename()
* travis: add a "/make tidy"/ build that runs clang-tidy
* travis: add build for "/configure --disable-verbose"/
* travis: bump the Secure Transport build to use xcode
* travis: make distcheck scan for BOM markers
* unit1300: fix stack-use-after-scope AddressSanitizer warning
* urldata: Fix "/connecting"/ comment
* urlglob: improve error message on bad globs
* vtls: fix ssl version "/or later"/ behavior change for many backends
* x509asn1: Fix SAN IP address verification
* x509asn1: always check return code from getASN1Element()
* x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
* x509asn1: suppress left shift on signed value
- Rebased patches after update:
* curl-disabled-redirect-protocol-message.patch
* curl-use_OPENSSL_config.patch
- Security fix [bsc#1113660, CVE-2018-16842]
* Fixed Out-of-bounds Read in tool_msgs.c
* Added curl-CVE-2018-16842.patch
- Security fix [bsc#1113029, CVE-2018-16840]
* use-after-free in handle close
* Added curl-CVE-2018-16840.patch
- Security fix [bsc#1112758, CVE-2018-16839]
* SASL password overflow via integer overflow
* Added curl-CVE-2018-16839.patch
- Security fix [CVE-2018-14618, bsc#1106019]
* NTLM password overflow via integer overflow
* Added patch curl-CVE-2018-14618.patch
- Update to version 7.61.1
Bugfixes:
* CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
* CURLINFO_SIZE_UPLOAD: fix missing counter update
* CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
* CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
* Curl_getoff_all_pipelines: improved for multiplexed
* DEPRECATE: remove release date from 7.62.0
* HTTP: Don't attempt to needlessly decompress redirect body
* INTERNALS: require GnuTLS >= 2.11.3
* README.md: add LGTM.com code quality grade for C/C++
* SSLCERTS: improve the openssl command line
* Silence GCC 8 cast-function-type warnings
* ares: check for NULL in completed-callback
* asyn-thread: Remove unused macro
* auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
* auth: pick Bearer authentication whenever a token is available
* cmake: CMake config files are defining CURL_STATICLIB for static builds
* cmake: Respect BUILD_SHARED_LIBS
* cmake: Update scripts to use consistent style
* cmake: bumped minimum version to 3.4
* cmake: link curl to the OpenSSL targets instead of lib absolute paths
* configure: conditionally enable pedantic-errors
* configure: fix for -lpthread detection with OpenSSL and pkg-config
* conn: remove the boolean 'inuse' field
* content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
* cookie tests: treat files as text
* cookies: support creation-time attribute for cookies
* curl: Fix segfault when -H @headerfile is empty
* curl: add http code 408 to transient list for --retry
* curl: fix time-of-check, time-of-use race in dir creation
* curl: use Content-Disposition before the "/URL end"/ for -OJ
* curl: warn the user if a given file name looks like an option
* curl_threads: silence bad-function-cast warning
* darwinssl: add support for ALPN negotiation
* docs/CURLOPT_URL: fix indentation
* docs/CURLOPT_WRITEFUNCTION: size is always 1
* docs/SECURITY-PROCESS: mention bounty, drop pre-notify
* docs/examples: add hiperfifo example using linux epoll/timerfd
* docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
* docs: clarify NO_PROXY env variable functionality
* docs: improved the manual pages of some callbacks
* docs: mention NULL is fine input to several functions
* formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
* gopher: Do not translate `?' to `%09'
* header output: switch off all styles, not just unbold
* hostip: fix unused variable warning
* http2: Use correct format identifier for stream_id
* http2: abort the send_callback if not setup yet
* http2: avoid set_stream_user_data() before stream is assigned
* http2: check nghttp2_session_set_stream_user_data return code
* http2: clear the drain counter in Curl_http2_done
* http2: make sure to send after RST_STREAM
* http2: separate easy handle from connections better
* http: fix for tiny "/HTTP/0.9"/ response
* http_proxy: Remove unused macro SELECT_TIMEOUT
* lib/Makefile: only do symbol hiding if told to
* lib1502: fix memory leak in torture test
* lib1522: fix curl_easy_setopt argument type
* libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
* mime: check Curl_rand_hex's return code
* multi: always do the COMPLETED procedure/state
* openssl: assume engine support in 1.0.0 or later
* openssl: fix debug messages
* projects: Improve Windows perl detection in batch scripts
* retry: return error if rewind was necessary but didn't happen
* reuse_conn(): memory leak - free old_conn->options
* schannel: client certificate store opening fix
* schannel: enable CALG_TLS1PRF for w32api >= 5.1
* schannel: fix MinGW compile break
* sftp: don't send post-qoute sequence when retrying a connection
* smb: fix memory leak on early failure
* smb: fix memory-leak in URL parse error path
* smb_getsock: always wait for write socket too
* ssh-libssh: fix infinite connect loop on invalid private key
* ssh-libssh: reduce excessive verbose output about pubkey auth
* ssh-libssh: use FALLTHROUGH to silence gcc8
* ssl: set engine implicitly when a PKCS#11 URI is provided
* sws: handle EINTR when calling select()
* system_win32: fix version checking
* telnet: Remove unused macros TELOPTS and TELCMDS
* test1143: disable MSYS2's POSIX path conversion
* test1148: disable if decimal separator is not point
* test1307: (fnmatch testing) disabled
* test1422: add required file feature
* test1531: Add timeout
* test1540: Remove unused macro TEST_HANG_TIMEOUT
* test214: disable MSYS2's POSIX path conversion for URL
* test320: treat curl320.out file as binary
* tests/http_pipe.py: Use /usr/bin/env to find python
* tests: Don't use Windows path %PWD for SSH tests
* tests: fixes for Windows line endlings
* tool_operate: Fix setting proxy TLS 1.3 ciphers
* travis: build darwinssl on macos 10.12 to fix linker errors
* travis: execute "/set -eo pipefail"/ for coverage build
* travis: run a 'make checksrc' too
* travis: update to GCC-8
* travis: verify that man pages can be regenerated
* upload: allocate upload buffer on-demand
* upload: change default UPLOAD_BUFSIZE to 64KB
* urldata: remove unused pipe_broke struct field
* vtls: reinstantiate engine on duplicated handles
* windows: implement send buffer tuning
* wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
* curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
which might mess up the terminal (bsc#1105624)
- security update
* CVE-2018-0500 [bsc#1099793]
+ curl-CVE-2018-0500.patch
- Update to version 7.61.0
[bsc#1099793, CVE-2018-0500]
Changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url
Bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "/version 1"/
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding #2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "/taking"/ a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
crashes due to openssl engines conflicts (bsc#1086367)
* add curl-use_OPENSSL_config.patch
- Update to version 7.60.0
[bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
Changes:
* Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
* Add --haproxy-protocol for the command line tool
* Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
Bugfixes:
* FTP: shutdown response buffer overflow CVE-2018-1000300
* RTSP: bad headers buffer over-read CVE-2018-1000301
* FTP: fix typo in recursive callback detection for seeking
* test1208: marked flaky
* HTTP: make header-less responses still count correct body size
* user-agent.d:: mention --proxy-header as well
* http2: fixes typo
* cleanup: misc typos in strings and comments
* rate-limit: use three second window to better handle high speeds
* examples/hiperfifo.c: improved
* pause: when changing pause state, update socket state
* multi: improved pending transfers handling => improved performance
* curl_version_info.3: fix ssl_version description
* add_handle/easy_perform: clear errorbuffer on start if set
* cmake: add support for brotli
* parsedate: support UT timezone
* vauth/ntlm.h: fix the #ifdef header guard
* lib/curl_path.h: added #ifdef header guard
* vauth/cleartext: fix integer overflow check
* CURLINFO_COOKIELIST.3: made the example not leak memory
* cookie.d: mention that "/-"/ as filename means stdin
* CURLINFO_SSL_VERIFYRESULT.3: fixed the example
* http2: read pending frames (including GOAWAY) in connection-check
* timeval: remove compilation warning by casting
* cmake: avoid warn-as-error during config checks
* travis-ci: enable -Werror for CMake builds
* openldap: fix for NULL return from ldap_get_attribute_ber()
* threaded resolver: track resolver time and set suitable timeout values
* cmake: Add advapi32 as explicit link library for win32
* docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
* test1148: set a fixed locale for the test
* cookies: when reading from a file, only remove_expired once
* cookie: store cookies per top-level-domain-specific hash table
* openssl: fix build with LibreSSL 2.7
* tls: fix mbedTLS 2.7.0 build + handle sha256 failures
* openssl: RESTORED verify locations when verifypeer==0
* file: restore old behavior for file:////foo/bar URLs
* FTP: allow PASV on IPv6 connections when a proxy is being used
* build-openssl.bat: allow custom paths for VS and perl
* winbuild: make the clean target work without build-type
* build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
* curl: retry on FTP 4xx, ignore other protocols
* configure: detect (and use) sa_family_t
* examples/sftpuploadresume: Fix Windows large file seek
* build: cleanup to fix clang warnings/errors
* winbuild: updated the documentation
* lib: silence null-dereference warnings
* travis: bump to clang 6 and gcc 7
* travis: build libpsl and make builds use it
* proxy: show getenv proxy use in verbose output
* duphandle: make sure CURLOPT_RESOLVE is duplicated
* all: Refactor malloc+memset to use calloc
* checksrc: Fix typo
* system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
* vauth: Fix typo
* ssh: show libSSH2 error code when closing fails
* test1148: tolerate progress updates better
* urldata: make service names unconditional
* configure: keep LD_LIBRARY_PATH changes local
* ntlm_sspi: fix authentication using Credential Manager
* schannel: add client certificate authentication
* winbuild: Support custom devel paths for each dependency
* schannel: add support for CURLOPT_CAINFO
* http2: handle on_begin_headers() called more than once
* openssl: support OpenSSL 1.1.1 verbose-mode trace messages
* openssl: fix subjectAltName check on non-ASCII platforms
* http2: avoid strstr() on data not zero terminated
* http2: clear the "/drain counter"/ when a stream is closed
* http2: handle GOAWAY properly
* tool_help: clarify --max-time unit of time is seconds
* curl.1: clarify that options and URLs can be mixed
* http2: convert an assert to run-time check
* curl_global_sslset: always provide available backends
* ftplistparser: keep state between invokes
* Curl_memchr: zero length input can't match
* examples/sftpuploadresume: typecast fseek argument to long
* examples/http2-upload: expand buffer to avoid silly warning
* ctype: restore character classification for non-ASCII platforms
* mime: avoid NULL pointer dereference risk
* cookies: ensure that we have cookies before writing jar
* os400.c: fix checksrc warnings
* configure: provide --with-wolfssl as an alias for --with-cyassl
* cyassl: adapt to libraries without TLS 1.0 support built-in
* http2: get rid of another strstr
* checksrc: force indentation of lines after an else
* cookies: remove unused macro
* CURLINFO_PROTOCOL.3: mention the existing defined names
* tests: provide 'manual' as a feature to optionally require
* travis: enable libssh2 on both macos and Linux
* CURLOPT_URL.3: added ENCODING section
* wolfssl: Fix non-blocking connect
* vtls: don't define MD5_DIGEST_LENGTH for wolfssl
* docs: remove extraneous commas in man pages
* URL: fix ASCII dependency in strcpy_url and strlen_url
* ssh-libssh.c: fix left shift compiler warning
* configure: only check for CA bundle for file-using SSL backends
* travis: add an mbedtls build
* http: don't set the "/rewind"/ flag when not uploading anything
* configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
* transfer: don't unset writesockfd on setup of multiplexed conns
* vtls: use unified "/supports"/ bitfield member in backends
* URLs: fix one more http url
* travis: add a build using WolfSSL
* openssl: change FILE ops to BIO ops
* travis: add build using NSS
* smb: reject negative file sizes
* cookies: accept parameter names as cookie name
* http2: getsock fix for uploads
* all over: fixed format specifiers
* http2: use the correct function pointer typedef
- Added message about protocol redirection not supported or
disabled to the function findprotocol() [bsc#1076446]
* Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
[bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
[bsc#1084532, CVE-2018-1000122]
Changes:
* curl: add --proxy-pinnedpubkey
* added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
* CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
* Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
* Add new tool option --happy-eyeballs-timeout-ms
* Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
Bugfixes:
* openldap: check ldap_get_attribute_ber() results for NULL before using
* FTP: reject path components with control codes
* readwrite: make sure excess reads don't go beyond buffer end
* lib555: drop text conversion and encode data as ascii codes
* lib517: make variable static to avoid compiler warning
* lib544: sync ascii code data with textual data
* GSKit: restore pinnedpubkey functionality
* darwinssl: Don't import client certificates into Keychain on macOS
* parsedate: fix date parsing for systems with 32 bit long
* openssl: fix pinned public key build error in FIPS mode
* SChannel/WinSSL: Implement public key pinning
* cookies: remove verbose "/cookie size:"/ output
* progress-bar: don't use stderr explicitly, use bar->out
* build: open VC15 projects with VS 2017
* curl_ctype: private is*() type macros and functions
* configure: set PATH_SEPARATOR to colon for PATH w/o separator
* curl_easy_reset: clear digest auth state
* curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
* range: commonize FTP and FILE range handling
* progress-bar docs: update to match implementation
* fnmatch: do not match the empty string with a character set
* fnmatch: accept an alphanum to be followed by a non-alphanum in char set
* build: fix termios issue on android cross-compile
* getdate: return -1 for out of range
* formdata: use the mime-content type function
* openssl: Don't add verify locations when verifypeer==0
* fnmatch: optimize processing of consecutive *s and ?s pattern characters
* schannel: fix compiler warnings
* content_encoding: Add "/none"/ alias to "/identity"/
* get_posix_time: only check for overflows if they can happen
* http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
* README: language fix
* sha256: build with OpenSSL < 0.9.8
* smtp: fix processing of initial dot in data
* --tlsauthtype: works only if libcurl is built with TLS-SRP support
* tests: new tests for http raw mode
* libcurl-security.3: man page discussion security concerns when using libcurl
* curl_gssapi: make sure this file too uses our *printf()
* BINDINGS: fix curb link (and remove ruby-curl-multi)
* nss: use PK11_CreateManagedGenericObject() if available
* travis: add build with iconv enabled
* ssh: add two missing state names
* CURLOPT_HEADERFUNCTION.3: mention folded headers
* http: fix the max header length detection logic
* header callback: don't chop headers into smaller pieces
* CURLOPT_HEADER.3: clarify problems with different data sizes
* curl --version: show PSL if the run-time lib has it enabled
* examples/sftpuploadresume: resume upload via CURLOPT_APPEND
* Return error if called recursively from within callbacks
* sasl: prefer PLAIN mechanism over LOGIN
* winbuild: Use CALL to run batch scripts
* curl_share_setopt.3: connection cache is shared within multi handles
* projects/README: remove reference to dead IDN link/package
* lib655: silence compiler warning
* configure: Fix version check for OpenSSL 1.1.1
* docs/MANUAL: formfind.pl is not accessible on the site anymore
* unit1307: proper cleanup on OOM to fix torture tests
* curl_ctype: fix macro redefinition warnings
* build: get CFLAGS (including -werror) used for examples and tests
* NO_PROXY: fix for IPv6 numericals in the URL
* krb5: use nondeprecated functions
* http2: mark the connection for close on GOAWAY
* limit-rate: kick in even before "/limit"/ data has been received
* HTTP: allow "/header;"/ to replace an internal header with a blank one
* http2: verbose output new MAX_CONCURRENT_STREAMS values
* SECURITY: distros' max embargo time is 14 days
* curl tool: accept --compressed also if Brotli is enabled and zlib is not
* WolfSSL: adding TLSv1.3
* checksrc.pl: add -i and -m options
* CURLOPT_COOKIEFILE.3: "/-"/ as file name means stdin
- Refreshed patch libcurl-ocloexec.patch
- Sort a bit with spec-cleaner
- Install license with the library
- ignore all test failures for PowerPC as bypass boo#1075219
(not only the 1501 previously skipped)
* Added patch ignore_runtests_failure.patch
- Build curl with libssh.org
libssh offers a lot more features than libssh2, for example:
* Key Exchange Methods: curve25519-sha256@libssh.org
* Hostkey Types: ssh-ed25519
* Authentication: gssapi-with-mic
- Update to version 7.58.0
[bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007]
Changes:
* new libssh-powered SSH SCP/SFTP back-end
* curl-config: add --ssl-backends
Bugfixes:
* http2: fix incorrect trailer buffer size
* http: prevent custom Authorization headers in redirects
* travis: add boringssl build
* examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
* SSL: Avoid magic allocation of SSL backend specific data
* lib: don't export all symbols, just everything curl_*
* libssh2: send the correct CURLE error code on scp file not found
* libssh2: return CURLE_UPLOAD_FAILED on failure to upload
* openssl: enable pkcs12 in boringssl builds
* libssh2: remove dead code from SSH_SFTP_QUOTE
* sasl_getmesssage: make sure we have a long enough string to pass
* conncache: fix several lock issues
* threaded-shared-conn.c: new example
* conncache: only allow multiplexing within same multi handle
* configure: check for netinet/in6.h
* URL: tolerate backslash after drive letter for FILE:
* openldap: add commented out debug possibilities
* include: get netinet/in.h before linux/tcp.h
* CONNECT: keep close connection flag in http_connect_state struct
* BINDINGS: another PostgreSQL client
* curl: limit -# update frequency for unknown total size
* configure: add AX_CODE_COVERAGE only if using gcc
* curl.h: remove incorrect comment about ERRORBUFFER
* openssl: improve data-pending check for https proxy
* curl: remove __EMX__ #ifdefs
* CURLOPT_PRIVATE.3: fix grammar
* sftp: allow quoted commands to use relative paths
* CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
* RESOLVE: output verbose text when trying to set a duplicate name
* multi_done: prune DNS cache
* tests: update .gitignore for libtests
* tests: mark data files as non-executable in git
* CURLOPT_DNS_LOCAL_IP4.3: fixed the "/SEE ALSO"/ to not self-reference
* curl.1: documented two missing valid exit codes
* curl.1: mention http:// and https:// as valid proxy prefixes
* vtls: replaced getenv() with curl_getenv()
* setopt: less *or equal* than INT_MAX/1000 should be fine
* examples/smtp-mail.c: use separate defines for options and mail
* curl: support >256 bytes warning messsages
* conncache: fix a return code
* krb5: fix a potential access of uninitialized memory
* rand: add a clang-analyzer work-around
* CURLOPT_READFUNCTION.3: refer to argument with correct name
* brotli: allow compiling with version 0.6.0
* content_encoding: rework zlib_inflate
* curl_easy_reset: release mime-related data
* examples/rtsp: fix error handling macros
* curl: Support size modifiers for --max-filesize
* examples/cacertinmem: ignore cert-already-exists error
* brotli: data at the end of content can be lost
* curl_version_info.3: call the argument 'age'
* openssl: fix memory leak of SSLKEYLOGFILE filename
* build: remove HAVE_LIMITS_H check
* --mail-rcpt: fix short-text description
* scripts: allow all perl scripts to be run directly
* progress: calculate transfer speed on milliseconds if possible
* system.h: check __LONG_MAX__ for defining curl_off_t
* easy: fix connection ownership in curl_easy_pause
* setopt: reintroduce non-static Curl_vsetopt() for OS400 support
* setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
* configure.ac: append extra linker flags instead of prepending them
* HTTP: bail out on negative Content-Length: values
* docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
* mime: clone mime tree upon easy handle duplication
* openssl: enable SSLKEYLOGFILE support by default
* smtp/pop3/imap_get_message: decrease the data length too...
* CURLOPT_TCP_NODELAY.3: fix typo
* SMB: fix numeric constant suffix and variable types
* ftp-wildcard: fix matching an empty string with "/*[^a]"/
* curl_fnmatch: only allow 5 '*' sections in a single pattern
* openssl: fix potential memory leak in SSLKEYLOGFILE logic
* SSH: Fix state machine for ssh-agent authentication
* examples/url2file.c: add missing curl_global_cleanup() call
* http2: don't close connection when single transfer is stopped
* libcurl-env.3: first version
* curl: progress bar refresh, get width using ioctl()
* CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
- disable 1501 test for PowerPC as byass boo#1075219
- Update to version 7.57.0 [bsc#1069226, CVE-2017-8816]
[bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
Changes:
* auth: add support for RFC7616 - HTTP Digest access authentication
* share: add support for sharing the connection cache
* HTTP: implement Brotli content encoding
Bugfixes:
* CVE-2017-8816: NTLM buffer overflow via integer overflow
* CVE-2017-8817: FTP wildcard out of bounds read
* CVE-2017-8818: SSL out of buffer access
* curl_mime_filedata.3: fix typos
* libtest: Add required test libraries for lib1552 and lib1553
* fix time diffs for systems using unsigned time_t
* ftplistparser: memory leak fix: free temporary memory always
* multi: allow table handle sizes to be overridden
* wildcards: don't use with non-supported protocols
* curl_fnmatch: return error on illegal wildcard pattern
* transfer: Fix chunked-encoding upload too early exit
* resolvers: only include anything if needed
* setopt: fix CURLOPT_SSH_AUTH_TYPES option read
* Curl_timeleft: change return type to timediff_t
* cmake: Export libcurl and curl targets to use by other cmake projects
* curl: in -F option arg, comma is a delimiter for files only
* curl: improved "/;type="/ handling in -F option arguments
* timeval: use mach_absolute_time() on MacOS
* curlx: the timeval functions are no longer provided as curlx_*
* mkhelp.pl: do not generate comment with current date
* memdebug: use send/recv signature for curl_dosend/curl_dorecv
* cookie: avoid NULL dereference
* url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
* include: remove conncache.h inclusion from where its not needed
* CURLOPT_MAXREDIRS: allow -1 as a value
* tests: Fixed torture tests on tests 556 and 650
* http2: Fixed OOM handling in upgrade request
* url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
* CURLOPT_INFILESIZE: accept -1
* curl: pass through [] in URLs instead of calling globbing error
* curl: speed up handling of many URLs
* ntlm: avoid malloc(0) for zero length passwords
* url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
* HTTP: support multiple Content-Encodings
* travis: add a job with brotli enabled
* url: remove unncessary NULL-check
* fnmatch: remove dead code
* connect: store IPv6 connection status after valid connection
* imap: deal with commands case insensitively
* --interface: add support for Linux VRF
* content_encoding: fix inflate_stream for no bytes available
* cmake: Add missing setmode check
* connect.c: remove executable bit on file
* SMB: fix uninitialized local variable
* zlib/brotli: only include header files in modules needing them
* URL: return error on malformed URLs with junk after IPv6 bracket
* openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
* macOS: Fix missing connectx function with Xcode version older than 9.0
* --resolve: allow IP address within [] brackets
* examples/curlx: Fix code style
* ntlm: remove unnecessary NULL-check to please scan-build
* Curl_llist_remove: fix potential NULL pointer deref
* mime: fix "/Value stored to 'sz' is never read"/ scan-build error
* openssl: fix "/Value stored to 'rc' is never read"/ scan-build error
* http2: fix "/Value stored to 'hdbuf' is never read"/ scan-build error
* http2: fix "/Value stored to 'end' is never read"/ scan-build error
* Curl_open: fix OOM return error correctly
* url: reject ASCII control characters and space in host names
* examples/rtsp: clear RANGE again after use
* connect: improve the bind error message
* make: fix "/make distclean"/
* connect: add support for new TCP Fast Open API on Linux
* metalink: fix memory-leak and NULL pointer dereference
* URL: update "/file:"/ URL handling
* ssh: remove check for a NULL pointer
* global_init: ignore CURL_GLOBAL_SSL's absense
- Update to version 7.56.1 [bsc#1063824]
Bugfixes:
* imap: if a FETCH response has no size, don't call write
callback [CVE-2017-1000257]
* ftp: UBsan fixup 'pointer index expression overflowed
* failf: skip the sprintf() if there are no consumers
* fuzzer: move to using external curl-fuzzer
* lib/Makefile.m32: allow customizing dll suffixes
* docs: fix typo in curl_mime_data_cb man page
* darwinssl: add support for TLSv1.3
* build: fix --disable-crypto-auth
* openssl: fix build without HAVE_OPAQUE_EVP_PKEY
* strtoofft: Remove extraneous null check
* multi_cleanup: call DONE on handles that never got that
* tests: added flaky keyword to tests 587 and 644
* pingpong: return error when trying to send without connection
* remove_handle: call multi_done() first, then clear dns cache pointer
* mime: be tolerant about setting the same header list twice in a part
* mime: improve unbinding top multipart from easy handle
* mime: avoid resetting a part's encoder when part's contents change
* mime: refuse to add subparts to one of their own descendants
* RTSP: avoid integer overflow on funny RTSP responses
* curl: don't pass semicolons when parsing Content-Disposition
* openssl: enable PKCS12 support for !BoringSSL
* FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
* CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
* CURLOPT_XFERINFODATA.3: fix duplicate see also
* test298: verify --ftp-method nowcwd with URL encoded path
* FTP: URL decode path for dir listing in nocwd mode
* smtp_done: fix memory leak on send failure
* ftpserver: support case insensitive commands
* test950; verify SMTP with custom request
* openssl: don't use old BORINGSSL_YYYYMM macros
* setopt: update current connection SSL verify params
* curl: reimplement stdin buffering in -F option
* mime: keep "/text/plain"/ content type if user-specified
* mime: fix the content reader to handle >16K data properly
* configure: remove the C++ compiler check
* memdebug: trace send, recv and socket
* runtests: use valgrind for torture as well
* ldap: silence clang warning
* makefile.m32: allow to override gcc, ar and ranlib
* setopt: avoid integer overflows when setting millsecond values
* setopt: range check most long options
* ftp: reject illegal IP/port in PASV 227 response
* mime: do not reuse previously computed multipart size
* vtls: change struct Curl_ssl `close' field name to `close_one'
* os400: add missing symbols in config file
* mime: limit bas64-encoded lines length to 76 characters
* mk-ca-bundle: Remove URL for aurora
* mk-ca-bundle: Fix URL for NSS
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
Changes:
* curl: enable compression for SCP/SFTP with --compressed-ssh
* libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
* vtls: added dynamic changing SSL backend with curl_global_sslset()
* new MIME API, curl_mime_init() and friends
* openssl: initial SSLKEYLOGFILE implementation
Security fixes:
* CVE-2017-1000254 FTP PWD response parser out of bounds read
Bugfixes:
* FTP: zero terminate the entry path even on bad input
* examples/ftpuploadresume.c: use portable code
* runtests: match keywords case insensitively
* strtoofft: reduce integer overflow risks globally
* zsh.pl: produce a working completion script again
* cmake: remove dead code for CURL_DISABLE_RTMP
* progress: Track total times following redirects
* configure: fix --disable-threaded-resolver
* configure: fix clang version detection
* darwinssi: fix error: variable length array used
* configure: check for __builtin_available() availability
* http_proxy: fix build error for CURL_DOES_CONVERSIONS
* examples/ftpuploadresume: checksrc compliance
* ftp: fix CWD when doing multicwd then nocwd on same connection
* system.h: remove all CURL_SIZEOF_* defines
* http: Don't wait on CONNECT when there is no proxy
* system.h: check for __ppc__ as well
* http2_recv: return error better on fatal h2 errors
* tftp: fix memory leak on too long filename
* system.h: fix build for hppa
* cmake: enable picky compiler options with clang and gcc
* makefile.m32: add support for libidn2
* curl: shorten and clean up CA cert verification error message
* imap: support PREAUTH
* CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
* examples/threaded-ssl: mention that this is for openssl before 1.1
* tests: Make sure libtests & unittests call curl_global_cleanup()
* system.h: include sys/poll.h for AIX
* darwinssl: handle long strings in TLS certs
* strtooff: fix build for systems with long long but no strtoll
* asyn-thread: Improved cleanup after OOM situations
* curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
* unit1301: fix error message on first test
* ossfuzz: moving towards the ideal integration
* http: fix a memory leakage in checkrtspprefix()
* examples/post-callback: stop returning one byte at a time
* schannel: return CURLE_SSL_CACERT on failed verification
* http-proxy: treat all 2xx as CONNECT success
* openssl: use OpenSSL's default ciphers by default
* runtests.pl: support attribute "/nonewline"/ in part verify/upload
* configure: remove --enable-soname-bump and SONAME_BUMP
* vtls: fix WolfSSL 3.12 build problems
* http-proxy: when not doing CONNECT, that phase is done immediately
* configure: fix curl_off_t check's include order
* configure: use -Wno-varargs on clang 3.9[.X] debug builds
* rtsp: do not call fwrite() with NULL pointer FILE *
* mbedtls: enable CA path processing
* checksrc: verify more code style rules
* HTTP proxy: on connection re-use, still use the new remote port
* tests: add initial gssapi test using stub implementation
* rtsp: Segfault when using WRITEDATA
* docs: clarify the CURLOPT_INTERLEAVE* options behavior
* non-ascii: use iconv() with 'char **' argument
* server/getpart: provide dummy function to build conversion enabled
* conversions: fix several compiler warnings
* openssl: add missing includes
* schannel: Support partial send for when data is too large
* socks: fix incorrect port number in SOCKS4 error message
* curl: fix integer overflow in timeout options
* cookies: reject oversized cookies instead of truncating
* cookies: use lock when using CURLINFO_COOKIELIST
* curl: check fseek() return code and bail on error
* examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
* openssl: only verify RSA private key if supported
* tests: make the imap server not verify user+password
* imap: quote atoms properly when escaping characters
* tests: fix a compiler warning in test 643
* file_range: avoid integer overflow when figuring out byte range
* reuse_conn: don't copy flags that are known to be equal
* http: fix adding custom empty headers to repeated requests
* docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
* connect: fix race condition with happy eyeballs timeout
* cookie: fix memory leak if path was set twice in header
* vtls: compare and clone ssl configs properly
* proxy: read the "/no_proxy"/ variable only if necessary
- Refreshed patches:
* libcurl-ocloexec.patch
- Removed patches fixed upstream:
* curl-man3.patch
* ppc-build.patch
* curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch
* curl-disable-test1427-i586.patch
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
Fix NetworkManagers connectivity test.
- ppc-build.patch: Fix build for powerpc
- Upstream fix to build libcurl man3 pages
* Added patch curl-man3.patch
- Disabled test1425 that fails in i586 architecture
* Added patch curl-disable-test1427-i586.patch
- Update to 7.55.0
Changes:
* curl: allow --header and --proxy-header read from file
* getinfo: provide sizes as curl_off_t
* curl: prevent binary output spewed to terminal
* curl: added --request-target
* curl: added --socks5-{basic,gssapi}: control socks5 auth
* libcurl: added CURLOPT_REQUEST_TARGET
* libcurl: added CURLOPT_SOCKS5_AUTH
Bugfixes:
* Security Fixes:
- glob: do not parse after a strtoul() overflow range
(CVE-2017-1000101, bsc#1051643)
- tftp: reject file name lengths that don't fit
(CVE-2017-1000100, bsc#1051644)
- file: output the correct buffer to the user
(CVE-2017-1000099, bsc#1051645)
* includes: remove curl/curlbuild.h and curl/curlrules.h
* dist: make the hugehelp.c not get regenerated unnecessarily
* timers: store internal time stamps as time_t instead of doubles
* progress: let "/current speed"/ be UL + DL speeds combined
* http-proxy: do the HTTP CONNECT process entirely non-blocking
* lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
* fuzz: bring oss-fuzz initial code converted to C89
* configure: disable nghttp2 too if HTTP has been disabled
* mk-ca-bundle.pl: Check curl's exit code after certdata download
* test1148: verify the -# progressbar
* tests: stabilize test 2032 and 2033
* HTTPS-Proxy: don't offer h2 for https proxy connections
* http-proxy: only attempt FTP over HTTP proxy
* curl-compilers.m4: enable vla warning for clang
* curl-compilers.m4: enable double-promotion warning
* curl-compilers.m4: enable missing-variable-declarations clang
warning
* curl-compilers.m4: enable comma clang warning
* CURLOPT_PREQUOTE: not supported for SFTP
* http2: fix OOM crash
* PIPELINING_SERVER_BL: cleanup the internal list use
* mkhelp.pl: fix script name in usage text
* lib1521: add curl_easy_getinfo calls to the test set
* travis: do the distcheck test build out-of-tree as well
* if2ip: fix compiler warning in ISO C90 mode
* lib: fix the djgpp build
* typecheck-gcc: add support for CURLINFO_OFF_T
* travis: enable typecheck-gcc warnings
* maketgz: switch to xz instead of lzma
* CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
* curl/system.h: add check for XTENSA for 32bit gcc
* test1537: fixed memory leak on OOM
* test1521: fix compiler warnings
* curl: fix memory leak on test 1147 OOM
* libtest/make: generate lib1521.c dynamically at build-time
* curl_strequal.3: fix typo in SYNOPSIS
* progress: prevent resetting t_starttransfer
* openssl: improve fallback seed of PRNG with a time based hash
* http2: improved PING frame handling
* test1450: add simple testing for DICT
* make: build the docs subdir only from within src
* gtls: fix build when sizeof(long) < sizeof(void *)
* url: make the original string get used on subsequent transfers
* timeval.c: Use long long constant type for timeval assignment
* tool_sleep: typecast to avoid macos compiler warning
* travis.yml: use --enable-werror on debug builds
* test1451: add SMB support to the testbed
* configure: remove checks for 5 functions never used
* configure: try ldap/lber in reversed order first
* smb: fix build for djgpp/MSDOS
* travis: install nghttp2 on linux builds
* smb: add support for CURLOPT_FILETIME
* select.h: avoid macro redefinition harder
* runtests: support "/threaded-resolver"/ as a feature
* test506: skip if threaded-resolver
* cmake: remove spurious "/-l"/ from linker flags
* cmake: add CURL_WERROR for enabling "/warning as errors"/
* memdebug: don't setbuf() if the file open failed
* curl_easy_escape.3: mention the (lack of) encoding
* test1452: add telnet negotiation
* CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
* cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
* tests/valgrind.supp: supress OpenSSL false positive seen on
travis
* curl_setup_once: Remove ERRNO/SET_ERRNO macros
* rtspd: fix MSVC level 4 warning
* sockfilt: suppress conversion warning with explicit cast
* libtest: fix MSVC warning C4706
* tests/server/resolve.c: fix deprecation warning
* nss: fix a possible use-after-free in SelectClientCert()
* checksrc: escape open brace in regex
* multi: mention integer overflow risk if using > 500 million
sockets
* timeval: struct curltime is a struct timeval replacement
* curl_rtmp: fix a compiler warning
* include.d: clarify that it concerns the response headers
* cmake: support make uninstall
* include.d: clarify --include is only for response headers
* libcurl: Stop using error codes defined under CURL_NO_OLDIES
* http: fix response code parser to avoid integer overflow
* configure: fix the check for IdnToUnicode
* multi: fix request timer management
* curl_threads: fix MSVC compiler warning
* cmake: set MSVC warning level to 4
* netrc: skip lines starting with '#'
* FTP: skip unnecessary CWD when in nocwd mode
* gssapi: fix memory leak of output token in multi round context
* getparameter: avoid returning uninitialized 'usedarg'
* curl (debug build) easy_events: make event data static
* curl: detect and bail out early on parameter integer overflows
- Removed patch curl-invalid-free.patch
- Update License to 'curl' as per review on OBS sr#505976.
- Have the -mini packages conflict the real ones.
- Add curl-invalid-free.patch to fix an invalid free in
curl_multi_setopt function.
- Update to 7.54.1
Changes:
* curl now shows release date in --version output
Bugfixes:
* Fixes CVE-2017-9502: default protocol drive letter
buffer overflow bsc#1044243
* openssl: fix memory leak in servercert
* curl: set a 100K buffer size by default
* nss: do not leak PKCS #11 slot while loading a key
* nss: load libnssckbi.so if no other trust is specified
* curl: use utimes instead of obsolescent utime when available
* url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
* CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
* curl: non-boolean command line args reject --no- prefixes
* telnet: Write full buffer instead of byte-by-byte
* curl: remove --environment and tool_writeenv.c
* curl: generate the --help output
* curl.1: clarify --config
* curl.1: mention --oauth2-bearer's argument
* ssh: fix memory leak in disconnect due to timeout
* redirect: store the "/would redirect to"/ URL when max redirs is reached
* file: make speedcheck use current time for checks
* urlglob: fix division by zero
- Create curl-mini for bootstrapping (boo#1042919)
- Update to 7.54.0
Changes:
* Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
* Add --max-tls
* Add CURLOPT_SUPPRESS_CONNECT_HEADERS
* Add --suppress-connect-headers
Bugfixes:
* CVE-2017-7468: switch off SSL session id when client cert is used
* bsc#1033413
* tests: use consistent environment variables for setting charset
* proxy: fixed a memory leak on OOM
* ftp: removed an erroneous free in an OOM path
* ftp: fixed a NULL pointer dereference on OOM
* gopher: fixed detection of an error condition from Curl_urldecode
* url: fix unix-socket support for proxy-disabled builds
* fix potential use of uninitialized variables
* ares: return error at once if timed out before name resolve starts
* URL: return error on malformed URLs with junk after port number
* http2: Fix assertion error on redirect with CL=0
* --insecure: clarify that this option is for server connections
* authneg: clear auth.multi flag at http_done
* curl_easy_reset: Also reset the authentication state
* proxy: skip SSL initialization for closed connections
* http_proxy: ignore TE and CL in CONNECT 2xx responses
* multi: fix streamclose() crash in debug mode
* openssl: fall back on SSL_ERROR_* string when no error detail
* asiohiper: make sure socket is open in event_cb
* curl: check for end of input in writeout backslash handling
* openssl: exclude DSA code when OPENSSL_NO_DSA is defined
* http: Fix proxy connection reuse with basic-auth
* pause: handle mixed types of data when paused
* http: do not treat FTPS over CONNECT as HTTPS
* conncache: make hashkey avoid malloc
* multi: fix queueing of pending easy handles
* low_speed_limit: improved function for longer time periods
* nss: load CA certificates even with --insecure
* Curl_expire_latest: ignore already expired timers
* http2: fix handle leak in error path
* openssl: make SSL_ERROR_to_str more future-proof
* openssl: fix thread-safety bugs in error-handling
* openssl: don't try to print nonexistant peer private keys
- Update to 7.53.1
Bugfixes:
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
- Update to 7.53.0
Changes:
* unix_socket: added --abstract-unix-socket and
CURLOPT_ABSTRACT_UNIX_SOCKET
* CURLOPT_BUFFERSIZE: support enlarging receive buffer
Bugfixes:
* CVE-2017-2629: make SSL_VERIFYSTATUS work again
* gnutls-random: check return code for failed random
* openssl-random: check return code when asking for random
* http: remove "/Curl_http_done: called premature"/ message
* cyassl: use time_t instead of long for timeout
* build-wolfssl: Sync config with wolfSSL 3.10
* ftp-gss: check for init before use
* configure: accept --with-libidn2 instead
* ftp: failure to resolve proxy should return that error code
* curl.1: add three more exit codes
* docs/ciphers: link to our own new page about ciphers
* vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
* darwinssl: fix iOS build
* darwinssl: fix CFArrayRef leak
* cmake: use crypt32.lib when building with OpenSSL on windows
* curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
* digest_sspi: copy terminating NUL as well
* curl: fix --remote-time incorrect times on Windows
* curl.1: several updates and corrections
* content_encoding: change return code on a failure
* curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
* docs: TCP_KEEPALIVE start and interval default to 60
* darwinssl: --insecure overrides --cacert if both settings are in use
* TheArtOfHttpScripting: grammar
* CIPHERS.md: document GSKit ciphers
* wolfssl: support setting cipher list
* wolfssl: display negotiated SSL version and cipher
* lib506: fix build for Open Watcom
* asiohiper: improved socket handling
* examples: make the C++ examples follow our code style too
* tests/sws: retry send() on EWOULDBLOCK
* cmake: Fix passing _WINSOCKAPI_ macro to compiler
* smtp: Fix STARTTLS denied error message
* imap/pop3: don't print response character in STARTTLS denied messages
* rand: make it work without TLS backing
* url: fix parsing for when 'file' is the default protocol
* url: allow file://X:/path URLs on windows again
* gnutls: check for alpn and ocsp in configure
* IDN: Use TR46 'non-transitional' for toASCII translations
* url: Fix NO_PROXY env var to work properly with --proxy option
* CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
* docs: Add note about libcurl copying strings to CURLOPT_* manpages
* curl: reset the easy handle at --next
* --next docs: --trace and --trace-ascii are also global
* --write-out docs: 'time_total' is not always shown with ms precision
* http: print correct HTTP string in verbose output when using HTTP/2
* docs: improved language in README.md HISTORY.md CONTRIBUTE.md
* http2: disable server push if not requested
* nss: use the correct lock in nss_find_slot_by_name()
* usercertinmem.c: improve the short description
* CURLOPT_CONNECT_TO: Fix compile warnings
* docs: non-blocking SSL handshake is now supported with NSS
* *.rc: escape non-ASCII/non-UTF-8 character for clarity
* mbedTLS: fix multi interface non-blocking handshake
* PolarSSL: fix multi interface non-blocking handshake
* VC: remove the makefile.vc6 build infra
* telnet: fix windows compiler warnings
* cookies: do not assume a valid domain has a dot
* polarssl: fix hangs
* gnutls: disable TLS session tickets
* mbedtls: disable TLS session tickets
* mbedtls: implement CTR-DRBG and HAVEGE random generators
* openssl: Don't use certificate after transferring ownership
* cmake: Support curl --xattr when built with cmake
* OS400: Fix symbols
* docs: Add more HTTPS proxy documentation
* docs: use more HTTPS links
* cmdline-opts: Fixed build and test in out of source tree builds
* CHANGES.0: removed
* schannel: Remove incorrect SNI disabled message
* darwinssl: Avoid parsing certificates when not in verbose mode
* test552: Fix typos
* telnet: Fix typos
* transfer: only retry nobody-requests for HTTP
* http2: reset push header counter fixes crash
* nss: make FTPS work with --proxytunnel
* test1139: Added the --manual keyword since the manual is required
* polarssl, mbedtls: Fix detection of pending data
* http_proxy: Fix tiny memory leak upon edge case connecting to proxy
* URL: only accept "/;options"/ in SMTP/POP3/IMAP URL schemes
* curl.1: ftp.sunet.se is no longer an FTP mirror
* tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
* http2: fix memory-leak when denying push streams
* configure: Allow disabling pthreads, fall back on Win32 threads
* curl: fix typo in time condition warning message
* axtls: adapt to API changes
* tool_urlglob: Allow a glob range with the same start and stop
* winbuild: add note on auto-detection of MACHINE in Makefile.vc
* http: fix missing 'Content-Length: 0' while negotiating auth
* proxy: fix hostname resolution and IDN conversion
* docs: fix timeout handling in multi-uv example
* digest_sspi: Fix nonce-count generation in HTTP digest
* sftp: improved checks for create dir failures
* smb: use getpid replacement for windows UWP builds
* digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- Remove curl-7.52.1-idn-fixes.patch, fixed upstream.
- build with libidn2 for IDNA2008 support
FATE#321897 CVE-2016-8625 bsc#1005649
add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing,
remove curl-disable_failing_tests.patch
- Update to 7.52.1
Bugfixes:
* CVE-2016-9594: unititialized random bsc#1016738
- Update to 7.52.0
Changes:
* nss: map CURL_SSLVERSION_DEFAULT to NSS default
* vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
* curl: introduce the --tlsv1.3 option to force TLS 1.3
* curl: Add --retry-connrefused
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
* curl: add --fail-early
Bugfixes:
* CVE-2016-9586: printf floating point buffer overflow
* curl -w: added more decimal digits to timing counters
* easy: Initialize info variables on easy init and duphandle
* http2: Don't send header fields prohibited by HTTP/2 spec
* ssh: check md5 fingerprints case insensitively (regression)
* openssl: initial TLS 1.3 adaptions
* SPNEGO: Fix memory leak when authentication fails
* realloc: use Curl_saferealloc to avoid common mistakes
* openssl: make sure to fail in the unlikely event that PRNG
seeding fails
* URL-parser: for file://[host]/ URLs, the [host] must be localhost
* timeval: prefer time_t to hold seconds instead of long
* glob: fix [a-c] globbing regression
* curl.1: Clarify --dump-header only writes received headers
* http2: Fix address sanitizer memcpy warning
* http2: Use huge HTTP/2 windows
* connects: Don't mix unix domain sockets with regular ones
* url: Fix conn reuse for local ports and interfaces
* x509: Limit ASN.1 structure sizes to 256K
* http2: check nghttp2_session_set_local_window_size exists
* http2: Fix crashes when parent stream gets aborted
* CURLOPT_CONNECT_TO: Skip non-matching "/connect-to"/ entries
* URL parser: reject non-numerical port numbers
* CONNECT: reject TE or CL in 2xx responses
* CONNECT: read responses one byte at a time
* curl: support zero-length argument strings in config files
* openssl: don't use OpenSSL's ERR_PACK
* curl.1: generated with the new man page system
* curl_easy_recv: Improve documentation and example program
* Curl_getconnectinfo: avoid checking if the connection is closed
* CIPHERS.md: attempt to document TLS cipher names
- Update to 7.51.0
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "/Transfer-Encoding: chunked"/ for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: don’t call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
* configure: Fixed builds with libssh2 in a custom location
* curl.1: --trace supports % for sending to stderr!
* cookies: same domain handling changed to match browser behavior
* formpost: trying to attach a directory no longer crashes
* CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
* formpost: avoid silent snprintf() truncation
* ftp: fix Curl_ftpsendf
* mprintf: return error on too many arguments
* smb: properly check incoming packet boundaries
* GIT-INFO: remove the Mac 10.1-specific details
* resolve: add error message when resolving using SIGALRM
* cmake: add nghttp2 support
* dist: remove PDF and HTML converted docs from the releases
* configure: disable poll() in macOS builds
* vtls: only re-use session-ids using the same scheme
* pipelining: skip to-be-closed connections when pipelining
* win: fix Universal Windows Platform build
* curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
* maketgz: make it support "/only"/ generating version info
* Curl_socket_check: add extra check to avoid integer overflow
* gopher: properly return error for poll failures
* curl: set INTERLEAVEDATA too
* polarssl: clear thread array at init
* polarssl: fix unaligned SSL session-id lock
* polarssl: reduce #ifdef madness with a macro
* curl_multi_add_handle: set timeouts in closure handles
* configure: set min version flags for builds on mac
* INSTALL: converted to markdown => INSTALL.md
* curl_multi_remove_handle: fix a double-free
* multi: fix inifinte loop in curl_multi_cleanup()
* nss: fix tight loop in non-blocking TLS handhsake over proxy
* mk-ca-bundle: Change URL retrieval to HTTPS-only by default
* mbedtls: stop using deprecated include file
* docs: fix req->data in multi-uv example
* configure: Fix test syntax for monotonic clock_gettime
* CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Refresh libcurl-ocloexec.patch
- update to 7.50.3
Bugfixes:
* CVE-2016-7167: escape and unescape integer overflows
* mk-ca-bundle.pl: use SHA256 instead of SHA1
* checksrc: detect strtok() use
* errors: new alias CURLE_WEIRD_SERVER_REPLY
* http2: support > 64bit sized uploads
* openssl: fix bad memory free (regression)
* CMake: hide private library symbols
* http: refuse to pass on response body when NO_NODY is set
* cmake: fix curl-config --static-libs
* mbedtls: switch off NTLM in build if md4 isn't available
* curl: --create-dirs on windows groks both forward and
backward slashes
- update to 7.50.2
Bugfixes:
* mbedtls: Added support for NTLM
* SSH: fixed SFTP/SCP transfer problems
* multi: make Curl_expire() work with 0 ms timeouts
* mk-ca-bundle.pl: -m keeps ca cert meta data in output
* TFTP: Fix upload problem with piped input
* CURLOPT_TCP_NODELAY: now enabled by default
* mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
* http2: always wait for readable socket
* cmake: Enable win32 large file support by default
* cmake: Enable win32 threaded resolver by default
* winbuild: Avoid setting redundant CFLAGS to compile commands
* curl.h: make CURL_NO_OLDIES define CURL_STRICTER
* docs: make more markdown files use .md extension
* docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
* winbuild: Allow changing C compiler via environment variable CC
* rtsp: accept any RTSP session id
* HTTP: retry failed HEAD requests on reused connections too
* configure: add zlib search with pkg-config
* openssl: accept subjectAltName iPAddress if no dNSName match
* MANUAL: Remove invalid link to LDAP documentation
* socks: improved connection procedure
* proxy: reject attempts to use unsupported proxy schemes
* proxy: bring back use of "/Proxy-Connection:"/
* curl: allow "/pkcs11:"/ prefix for client certificates
* spnego_sspi: fix memory leak in case *outlen is zero
* SOCKS: improve verbose output of SOCKS5 connection sequence
* SOCKS: display the hostname returned by the SOCKS5 proxy server
* http/sasl: Query authentication mechanism supported by SSPI before using
* sasl: Don't use GSSAPI authentication when domain name not specified
* win: Basic support for Universal Windows Platform apps
* nss: fix incorrect use of a previously loaded certificate from file,
https://curl.haxx.se/docs/adv_20160907.html
* nss: work around race condition in PK11_FindSlotByName()
* ftp: fix wrong poll on the secondary socket
* openssl: build warning-free with 1.1.0 (again)
* HTTP: stop parsing headers when switching to unknown protocols
* test219: Add http as a required feature
* TLS: random file/egd doesn't have to match for conn reuse
* schannel: Disable ALPN for Wine since it is causing problems
* http2: make sure stream errors don't needlessly close the connection
* http2: return CURLE_HTTP2_STREAM for unexpected stream close
* darwinssl: --cainfo is intended for backward compatibility only
* speed caps: not based on average speeds anymore
* configure: make the cpp -P detection not clobber CPPFLAGS
* http2: use named define instead of magic constant in read callback
* http2: skip the content-length parsing, detect unknown size
* http2: return EOF when done uploading without known size
* darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
* openssl: fix CURLINFO_SSL_VERIFYRESULT
- update to 7.50.1
Bugfixes:
* TLS: switch off SSL session id when client cert is used
* TLS: only reuse connections with the same client cert
* curl_multi_cleanup: clear connection pointer for easy handles
* include the CURLINFO_HTTP_VERSION man page into the release tarball
* include the http2-server.pl script in the release tarball
* test558: fix test by stripping file paths from FD lines
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
* tests: Fix for http/2 feature
* cmake: Fix for schannel support
* curl.h: make public types void * again
* win32: fix a potential memory leak in Curl_load_library
* travis: fix OSX build by re-installing libtool
* mbedtls: Fix debug function name
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch
- update to 7.50.0
Changes:
* http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
* openssl: fix build with OPENSSL_NO_COMP
* cmake: Added missing mbedTLS support
* URL parser: allow URLs to use one, two or three slashes
* curl: fix -q [regression]
* openssl: Use correct buffer sizes for error messages
* curl: fix SIGSEGV while parsing URL with too many globs
* vtls: fix ssl session cache race condition
* http: Fix HTTP/2 connection reuse [regression]
* checksrc: Add LoadLibrary to the banned functions list
* configure: occasional ignorance of --enable-symbol-hiding with GCC
* http2: test17xx are the first real HTTP/2 tests
* resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
* curl_multi_socket_action.3: rewording
* CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
* cmake: Fix build with winldap
* openssl: fix cert check with non-DNS name fields present
* curl.1: mention the units for the progress meter
* openssl: use more 'const' to fix build warnings with 1.1.0 branch
* cmake: now using BUILD_TESTING=ON/OFF
* vtls: Only call add/getsession if session id is enabled
* headers: forward declare CURL, CURLM and CURLSH as structs
* configure: improve detection of CA bundle path on FreeBSD
* SFTP: set a generic error when no SFTP one exists
* curl_global_init.3: expand on the SSL and WIN32 bits purpose
* conn: don't free easy handle data in handler->disconnect
* cookie.c: Fix misleading indentation
* library: Fix memory leaks found during static analysis
* CURLMOPT_SOCKETFUNCTION.3: fix typo
* curl_global_init: moved the "/IPv6 works"/ check here
* connect: disable TFO on Linux when using SSL
* vauth: Fixed memory leak due to function returning without free
- refresh libcurl-ocloexec.patch
- disable tests 1139 and 1140 which fail due to missing manpage
* add curl-disable_failing_tests.patch
- ship http2_server.pl for testing
* add 0001-tests-distribute-the-http2-server.pl-script-too.patch
- curl 7.49.1:
* http2: use HTTP/2 in the HTTP/1.1-alike response
* ssh: fix build for libssh2 before 1.2.6
* a number of bug and build fixes
- curl 7.49.0:
* schannel: Add ALPN support
* SSH: support CURLINFO_FILETIME
* SSH: new CURLOPT_QUOTE command "/statvfs"/
* wolfssl: Add ALPN support
* http2: added --http2-prior-knowledge
* http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
* libcurl: added CURLOPT_CONNECT_TO
* curl: added --connect-to
* libcurl: added CURLOPT_TCP_FASTOPEN
* curl: added --tcp-fastopen
* curl: remove support for --ftpport, -http-request and --socks
* a number of bug and build fixes
- update upstream signing key and download URLs
- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream
- Depend on libssh2 >= 1.6.0 since curl depends on the
libssh2_scp_recv2 symbol now. Fixes boo#983170
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
Fixes "/Network is unreachable"/ errors in valid situations when ipv6
is not available but ipv4 is working fine. This also fixes the same
error from happening in applications using libcurl4 (like zypper).
(bsc#915846)
- Update to 7.48.0
* configure: --with-ca-fallback: use built-in TLS CA fallback
* TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
* getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
* Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
superseded by --with-ca-fallback configure option.
- curl 7.47.1:
* getredirect.c: fix variable name
* tool_doswin: silence unused function warning
* curl.1: Explain remote-name behavior if file already exists
* sasl_sspi: Fix memory leak in domain populate
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
- Enable PSL (Publix Suffix List)
- Make building more verbose
- update to 7.47.0
* fixes CVE-2016-0755 (bsc#962983)
(NTLM credentials not-checked for proxy connection re-use)
* drop curl-fix-zsh-completion.patch (upstream)
Changes:
* version: Add flag CURL_VERSION_PSL for libpsl
* http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
* curl: use 2TLS by default
* curl --expect100-timeout: added
* Add .dir-locals and set c-basic-offset to 2 (for emacs)
- Fix path to curl in zsh.pl to unbreak _curl completion
* curl-fix-zsh-completion.patch
- Update to 7.46.0
* Added CURLOPT_STREAM_DEPENDS
* Added CURLOPT_STREAM_DEPENDS_E
* Added CURLOPT_STREAM_WEIGHT
* Added CURLFORM_CONTENTLEN
* oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,
POP3 and SNMP
* Many bugfixes, see http://curl.haxx.se/changes.html#7_46_0 for the
complete list.
- revert the curl-config change for bsc#900419 until we have a better
fix, because it was breaking builds of other packages
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)
- Update to 7.45.0
* added CURLOPT_DEFAULT_PROTOCOL
* added new tool option --proto-default
* getinfo: added CURLINFO_ACTIVESOCKET
* turned CURLINFO_* option docs as stand-alone man pages
* curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of
upstream
- drop a hack that made curl-config print only -lcurl (bsc#900419)
* --as-needed is used by default now
- update to 7.44.0
http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA
examples: added http2-serverpush.c
http2: added curl_pushheader_byname() and curl_pushheader_bynum()
docs: added CODE_OF_CONDUCT.md
curl: Add --ssl-no-revoke to disable certificate revocation checks
libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS
makefile: Added support for VC14
- dropped unexpire-test46.patch (upstream)
- unexpire-test46.patch: Unexpire test 46
- do not run flaky tests for any architecture (bnc#940009)
at least test 1510 do fail for i586 and ppc64le
- fix a typo in curl-secure-getenv.patch (bsc#936676)
- Update to 7.43.0
* Added CURLOPT_PROXY_SERVICE_NAME
* Added CURLOPT_SERVICE_NAME
* New curl option: --proxy-service-name
* Mew curl option: --service-name
* New curl option: --data-raw
* Added CURLOPT_PIPEWAIT
* Added support for multiplexing transfers using HTTP/2, enable
this with the new CURLPIPE_MULTIPLEX bit for
CURLMOPT_PIPELINING
* HTTP/2: requires nghttp2 1.0.0 or later
* scripts: add zsh.pl for generating zsh completion
* curl.h: add CURL_HTTP_VERSION_2
* CVE-2015-3236: lingering HTTP credentials in connection re-use
* CVE-2015-3237: SMB send off unrelated memory contents
- Disable HTTP/2 as it would create build cycle
- enable HTTP/2 support
- make the testsuite failure fatal
* added curl-disable_failing_tests.patch
* added groff to BuildRequires to enable builtin manual (test 1026)
- update to 7.42.1
* fixes CVE-2015-3153 (bnc#928533)
- sensitive HTTP server headers also sent to proxies
- rename curl-devel to libcurl-devel in baselibs.conf
- update to 7.42.0
* refresh libcurl-ocloexec.patch
- fixes security vulnerabilities:
* CVE-2015-3143 (bnc#927556)
- Re-using authenticated connection when unauthenticated
* CVE-2015-3144 (bnc#927608)
- host name out of boundary memory access
* CVE-2015-3145 (bnc#927607)
- cookie parser out of boundary memory access
* CVE-2015-3148 (bnc#927746)
- Negotiate not treated as connection-oriented
- don't hardcode /etc/ssl/certs. Use openssl's default instead
(curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff)
- update to 7.41.0:
* Changes:
NetWare build: added TLS-SRP enabled build
winbuild: Added option to build with c-ares
Added --cert-status
Added CURLOPT_SSL_VERIFYSTATUS
sasl: implement EXTERNAL authentication mechanism
- Re-enable metalink supoort
- Use pkgconfig() style dependencies
- update to 7.40.0:
* fixes CVE-2014-8150 (bnc#911363)
* Changes:
http_digest: Added support for Windows SSPI based authentication
version info: Added Kerberos V5 to the supported features
Makefile: Added VC targets for WinIDN
config-win32: Introduce build targets for VS2012+
SSL: Add PEM format support for public key pinning
smtp: Added support for the conversion of Unix newlines during mail send
smb: Added initial support for the SMB/CIFS protocol
Added support for HTTP over unix domain sockets,
via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
sasl: Added support for GSS-API based Kerberos V5 authentication
- build with PIE
- update to 7.39.0:
- changes:
SSLv3 is disabled by default
CURLOPT_COOKIELIST: Added "/RELOAD"/ command
build: Added WinIDN build configuration options to Visual Studio projects
ssh: improve key file search
SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
vtls: remove QsoSSL support, use gskit!
mk-ca-bundle: added SHA-384 signature algorithm
docs: added many examples for libcurl opts and other doc improvements
build: Added VC ssh2 target to main Makefile
MinGW: Added support to build with nghttp2
NetWare: Added support to build with nghttp2
build: added Watcom support to build with WinSSL
build: Added optional specific version generation of VC project files
... and a bunch of bugfixes
- refreshed libcurl-ocloexec.patch
- removed gpg-offline verification
- spec-cleaned curl.spec
- Ensure the curl command line tool always require
the same libcurl it was used for build, even expert users
got confused.
- cyrus-sasl
-
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Don’t prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- dbus-1
-
- Add missing patch for CVE-2020-12049
* fix-upstream-CVE-2020-12049_2.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
(CVE-2020-12049, bsc#1172505)
* fix-upstream-CVE-2020-12049.patch
- Rebased fix-CVE-2019-12749.patch
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
* fix-upstream-userdb-constpointer.patch
* fix-upstream-CVE-2020-35512.patch
- Fix CVE-2019-12749 Authentication bypass (CVE-2019-12749 bsc#1137832)
* added fix-CVE-2019-12749.patch
- Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory
- Use %license instead of %doc [bsc#1082318]
- Avoid bashisms in scriptlets.
- Avoid ugly error message from %pre(install) script when installing
for the first time.
- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
when we run the pre-script.
- Swap a missed libdir to libexecdir
- Do not hide errors during useradd.
- Fix dbus-daemon-launch-helper to use proper ref to libexecdir
- use %{_libexecdir}/dbus-1 as libexecdir
- Update to 1.12.2
Deprecations:
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
See the release notes for spec version 0.31 (in dbus 1.11.14).
• [Unix] Flag files in /var/run/console/${username} are deprecated.
See the release notes for 1.11.18.
New APIs:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="/true"/, send_broadcast="/false"/,
max_unix_fds="/N"/, min_unix_fds="/N"/ (for some integer N).
See the release notes for 1.11.18.
• dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returns a DBusError.
• New APIs around DBusMessageIter to simplify cleanup.
See the release notes for 1.11.16.
• The message bus daemon now implements the standard Introspectable,
Peer and Properties interfaces. See the release notes for
dbus 1.11.14 and spec version 0.31.
• DTDs for introspection XML and bus configuration are installed.
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
never uses Linux abstract sockets, which is advantageous for
containers. On non-Linux it is equivalent to unix:tmpdir=….
See the release notes for dbus 1.11.14 and spec version 0.31.
• [Unix] New option "/dbus-launch --exit-with-x11"/.
• [Unix] Session managers can create transient .service files in
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
Miscellaneous behaviour changes:
• [Unix] The session bus now logs to syslog if it was started by
dbus-launch.
• [Unix] Internal warnings are logged to syslog if configured.
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
or to stderr.
- Enabled "/make check test suite"/
- Patches removed, fixed upstream
* fix-upstream-drop-install-sections-from-user-services.patch
* fix-upstream-increase-backlog.patch
* fix-upstream-timeout-reset-1.patch
* fix-upstream-timeout-reset-2.patch
- boo#1027201 dbus-daemon not found
- boo#978477 systemd reseting under heavy load
* fix-upstream-timeout-reset-1.patch
* fix-upstream-timeout-reset-2.patch
- boo#1027200 don't generate machine-id in %post systemd will do it
on first boot.
- swap usage of /bin/false to /usr/bin/false
- Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1
- No need to set --libdir anymore now that prefix is /usr/bin,
* fixes boo#1047532
- No need to set --bindir, bindir in dbus-1-x11 was incorrect
- Other fixes required to properly change prefix
- Don't pass --with-initscripts we don't use them anymore.
- Update to 1.10.20
* Fixes:
+ Fix a reference leak when blocking on a pending call on a
connection that has been disconnected (fdo#101481, Shin-ichi
MORITA)
+ Don't put timestamps in the Doxygen-generated documentation,
for closer-to-reproducible builds (fdo#100692, Simon
McVittie)
+ Avoid an assertion failure when connecting to a
semicolon-separated series of addresses, one of which fails
(fdo#101257, Simon McVittie)
* Documentation:
+ Update git URIs in HACKING document to sync up with
cgit.freedesktop.org (fdo#100715, Simon McVittie)
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
* bsc#980928 increase listen() backlog of AF_UNIX sockets to
SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
entries
* bsc#867256 (No longer applicable)
* bsc#916785 (No longer applicable)
* bsc#1012564 (Not applicable)
* fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
* dbus-log-deny.patch to feature-suse-log-deny.patch
* dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch
* 0001-Add-RefuseManualStartStop.patch to
feature-suse-refuse-manual-start-stop.patch
* 0001-Drop-Install-sections-from-user-services.patch to
fix-upstream-drop-install-sections-from-user-services.patch
- Update to 1.10.18
* Fixes
+ Re-order dbus-daemon startup so that on SELinux systems, the
thread that reads AVC notifications retains the ability to
write to the audit log (fdo#92832, Debian #857660; Laurent
Bigonville)
+ Fix a harmless read overflow and some memory leaks in a unit
test (fdo#100568, Philip Withnall)
- Update to 1.10.16
Fixes:
* Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "/nonce"/, in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
(fd.o #99828, Simon McVittie) (bsc#1025950)
* Avoid symlink attacks in the "/embedded tests"/, which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie) (bsc#1025951)
* Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "/in flight"/ for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
* Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
Enhancements:
* Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
- A note for scripts bsc#974092 (remove sysvinit script) is already
fixed here.
- Don't restart dbus on upgrade - Includes temporary work around
for last version boo#1020301
- Add 0001-Add-RefuseManualStartStop.patch don't allow users to Manually
start or stop dbus.
- Add systemd unit files to start session bus via systemd
- Added patch:
* 0001-Drop-Install-sections-from-user-services.patch
+ remove install section from socket unit because it does not
need to be enabled explicitly (see fdo#92402)
- Requires systemd >= 209 and drop the compatibility pkg-config
names that don't exist in newer systemd
- Drop useless --with-pic which is only for static libs
- Abort installation when user/group creation fails
- Avoid calling %service_* more than once
- Build the dbus-1 package without X in the dbus-1.spec
- Move the dbus-launch.nox11 to the dbus-1 package and install
it by default
- Build devel-doc package in dbus-1.spec and don't build any
documentation in dbus-1-x11
- Make dbus-1-x11 package contains only the X11-enabled dbus-launch
- Fix some rpmlint warnings
- Delete the dbus-1-x11.spec.in file, since maintaining it is
more complicated then keeping in sync a dbus-1-x11.spec file of
less then 120 lines
- Create new subpackage: dbus-1-nox11
- contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
without X11
- Solves [bnc#934214]
- Update to 1.10.12
* Security fixes:
+ Do not treat ActivationFailure message received from
root-owned systemd name as a format string. In principle this
is a security vulnerability, but we do not believe it is
exploitable in practice, because only privileged processes can
own the org.freedesktop.systemd1 bus name, and systemd does
not appear to send activation failures that contain "/%"/.
Please note that this probably *was* exploitable in dbus
versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
check which at the time was only thought to be a denial of
service vulnerability (CVE-2015-0245). If you are still
running one of those versions, patch or upgrade immediately.
(fdo#98157, bsc#1003898, Simon McVittie)
* Other fixes:
+ Harden dbus-daemon against malicious or incorrect
ActivationFailure messages by rejecting them if they do not
come from a privileged process, or if systemd activation is
not enabled (fdo#98157, Simon McVittie)
+ Avoid undefined behaviour when setting reply serial number
without going via union DBusBasicValue (fdo#98035, Marc Mutz)
+ autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
- Moved dbus-run-session from dbus-1-x11 to dbus-1 (bdo#836296)
- Update to 1.10.10
* Fixes:
+ On Linux, when dbus-daemon is run with reduced susceptibility
to the OOM killer (typically via systemd), do not let child
processes inherit that setting (fdo#32851;
Kimmo Hämäläinen, WaLyong Cho)
+ Output valid shell syntax in ~/.dbus/session-bus/ if the bus
address contains a semicolon (fdo#94746, Thiago Macieira)
+ Fix memory leaks and thread safety in subprocess starting on
Windows (fdo#95191, Ralf Habacker)
+ Do not require systemd to have a service file if using it for
activation (fdo#93194; Simon McVittie; backport from 1.11.0)
+ Stop test-dbus-daemon incorrectly failing on platforms that
cannot discover the process ID of clients (fdo#96653,
Руслан Ижбулатов)
+ In tests that exercise correct handling of crashing D-Bus
services, suppress Windows crash handler (fdo#95155;
Yiyang Fei, Ralf Habacker)
+ Explicitly check for stdint.h (Ioan-Adrian Ratiu)
+ update-activation-environment: produce better diagnostics on
error (fdo#96653, Simon McVittie)
+ Don't fail the build with an unused const variable warning
under gcc 6 (fdo#97282; Thomas Zimmermann, Simon McVittie)
+ Merge dbus-1.10-ci branch, containing backports from 1.11.0
in build/test code to support continuous integration
(fdo#93194, Simon McVittie)
- Avoid -Wunused-label when compiling with libselinux but no
libaudit
- In development builds, allow OOM tests to be disabled as
documented
- Accept and ignore the --tap argument in all "/embedded
tests"/, and run all automated tests with that argument for
better diagnostics
- Fix the systemd activation test under CMake by installing
the required files
- In Automake, fix shell syntax for installcheck-local with
no DESTDIR
- In Automake, don't try to run manual tests in installcheck
- In CMake, don't run manual-tcp test as an automated test
- Add travis-ci.org build machinery
- Update to 1.10.8
* Fixes:
+ Enable "/large file support"/ on systems where it exists:
dbus-daemon is not expected to open large files, but it might
need to stat files that happen to have large inode numbers
(fdo#93545, Hongxu Jia)
+ Eliminate padding inside DBusMessageIter on 64-bit platforms,
which might result in a pedantic C compiler not copying the
entire contents of a DBusMessageIter; statically assert that
this is not an ABI change in practice (fdo#94136, Simon
McVittie)
+ Document dbus-test-tool echo --sleep-ms=N instead of
incorrect --sleep=N (fdo#94244, Dmitri Iouchtchenko)
+ Correctly report test failures in C tests from run-test.sh
(fdo#93379; amit tewari, Simon McVittie)
+ When tests are enabled, run all the marshal-validate tests,
not just the even-numbered ones (fdo#93908, Nick Lewycky)
+ Correct the expected error from one marshal-validate test,
which was previously not run due to the above bug(fdo#93908,
Simon McVittie)
- Update to 1.10.6
* Fixes:
- On Unix when running tests as root, don't assert that root
and the dbus-daemon user can still call
UpdateActivationEnvironment; assert that those privileged
users can call BecomeMonitor instead (fdo#93036, Simon
McVittie)
- On Windows, fix a memory leak in the autolaunch transport
(fdo#92899, Simon McVittie)
- On Windows Autotools builds, don't run tests that rely on
dbus-run-session and other Unix-specifics (fdo#92899, Simon
McVittie)
- Update to 1.10.4
* Changes between 1.10.2 and 1.10.4
- Enhancements:
+ GetConnectionCredentials, GetConnectionUnixUser and
GetConnectionUnixProcessID with argument
"/org.freedesktop.DBus"/ will now return details of the
dbus-daemon itself. This is required to be able to call
SetEnvironment on systemd. (fdo#92857, Jan Alexander
Steffens)
- Fixes:
+ Make UpdateActivationEnvironment always fail with
AccessDenied on the system bus. Previously, it was
possible to configure it so root could call it, but the
environment variables were not actually used, because the
launch helper would discard them. (fdo#92857, Jan Alexander
Steffens)
+ On Unix with --systemd-activation on a user bus, make
UpdateActivationEnvironment pass on its arguments to
systemd's SetEnvironment method, solving inconsistency
between the environments used for traditional activation
and systemd user-service activation. (fdo#92857, Jan
Alexander Steffens)
+ On Windows, don't crash if <syslog/> or --syslog is used
(fdo#92538, Ralf Habacker)
+ On Windows, fix a memory leak when setting a DBusError from
a Windows error (fdo#92721, Ralf Habacker)
+ On Windows, don't go into infinite recursion if we abort the
process with backtraces enabled (fdo#92721, Ralf Habacker)
+ Fix various failing tests, variously on Windows and
cross-platform:
. don't test system.conf features (users, groups) that only
make sense on the system bus, which is not supported on
Windows
. don't call _dbus_warn() when we skip a test, since it is
fatal
. fix computation of expected <standard_session_servicedirs/>
. when running TAP tests, translate newlines to Unix format,
fixing cross-compiled tests under Wine on Linux
. don't stress-test refcounting under Wine, where it's
really slow
. stop assuming that a message looped-back to the test will
be received immediately
. skip some system bus tests on Windows since they make no
sense there (fdo#92538, fdo#92721; Ralf Habacker, Simon
McVittie)
* Changes between 1.10.0 and 1.10.2
- Fixes:
+ Correct error handling for activation: if there are multiple
attempts to activate the same service and it fails
immediately, the first attempt would get the correct reply,
but the rest would time out. We now send the same error
reply to each attempt. (fdo#92200, Simon McVittie)
+ If BecomeMonitor is called with a syntactically invalid
match rule, don't crash with an assertion failure, fixing a
regression in 1.9.10. This was not exploitable as a denial
of service, because the check for a privileged user is done
first. (fdo#92298, Simon McVittie)
+ On Linux with --enable-user-session, add the bus address to
the environment of systemd services for better backwards
compatibility (fdo#92612, Jan Alexander Steffens)
+ On Windows, fix the logic for replacing the installation
prefix in service files' Exec lines (fdo#83539; Milan Crha,
Simon McVittie)
+ On Windows, if installed in the conventional layout with
${prefix}/etc and ${prefix}/share, use relative paths
between bus configuration files to allow the tree to be
relocated (fdo#92028, Simon McVittie)
+ Make more of the regression tests pass in Windows builds
(fdo#92538, Simon McVittie)
* Summary of major changes since 1.8.0:
- The basic setup for the well-known system and session buses is
now done in read-only files in ${datadir} (normally /usr/share).
- AppArmor integration has been merged, with features similar to
the pre-existing SELinux integration. It is mostly compatible
with the patches previously shipped by Ubuntu, with one
significant change: Ubuntu's GetConnectionAppArmorSecurityContext
method has been superseded by GetConnectionCredentials and was
not included.
- The --enable-user-session configure option can be enabled
by OS integrators intending to use systemd to provide a
session bus per user (in effect, treating all concurrent
graphical and non-graphical login sessions as one large session).
- The new listenable address mode "/unix:runtime=yes"/ listens on
$XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the
systemd user session. libdbus and "/dbus-launch --autolaunch"/
will connect to this address by default. GLib >= 2.45.3 and
sd-bus >= 209 have a matching default.
- All executables are now dynamically linked to libdbus-1.
Previously, some executables, most notably dbus-daemon, were
statically linked to a specially-compiled variant of libdbus.
This results in various private functions in the _dbus
namespace being exposed by the shared library. These are not
API, and must not be used outside the dbus source tree.
- On platforms with ELF symbol versioning, all public symbols
are versioned LIBDBUS_1_3.
* New bus APIs:
- org.freedesktop.DBus.GetConnectionCredentials returns
LinuxSecurityLabel where supported
- org.freedesktop.DBus.Monitoring interface (privileged)
. BecomeMonitor method supersedes match rules with eavesdrop=true,
which are now deprecated
- org.freedesktop.DBus.Stats interface (semi-privileged)
. now enabled by default
. new GetAllMatchRules method
- org.freedesktop.DBus.Verbose interface (not normally compiled)
. toggles the effect of DBUS_VERBOSE
* New executables:
- dbus-test-tool
- dbus-update-activation-environment
* New optional dependencies:
- The systemd: pseudo-transport requires libsystemd or libsd-daemon
- Complete documentation requires Ducktype and yelp-tools
- Full test coverage requires GLib 2.36 and PyGI
- AppArmor integration requires libapparmor and optionally libaudit
* Dependencies removed:
- dbus-glib
- Update to 1.8.20:
* Fixes:
- Fix a memory leak when GetConnectionCredentials() succeeds
(fdo#91008, Jacek Bukarewicz)
- Ensure that dbus-monitor does not reply to messages intended
for others (fdo#90952, Simon McVittie)
- Account for openSUSE:Leap in the conditional for chosing right
local state directories (boo#941352)
- Move common-begin sections around to make pre_checkin work again
- Unconditionally build with systemd features, there are no cycles
now, systemd no longer buildrequires dbus-1-devel
- Update to 1.8.18:
* Security hardening:
- On Unix platforms, change the default configuration for the
session bus to only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already done for
the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on
strongly unpredictable pseudo-random numbers; under certain
circumstances (/dev/urandom unreadable or malloc() returns
NULL), dbus could fall back to using rand(), which does not
have the desired unpredictability. The fallback to rand() has
not been changed in this stable-branch since the necessary
code changes for correct error-handling are rather intrusive.
If you are using D-Bus over the (unencrypted!) tcp: or
nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1
and a shared home directory using NFS or similar, you will
need to reconfigure the session bus to accept DBUS_COOKIE_SHA1
by commenting out the <auth> element. This configuration is
not recommended. (bsc#931066, fdo#90414, Simon McVittie)
* Other fixes:
- Add locking to DBusCounter's reference count and notify
function (fdo#89297, Adrian Szyndela)
- Ensure that DBusTransport's reference count is protected by
the corresponding DBusConnection's lock (fdo#90312,
Adrian Szyndela)
- On Windows, listen on the same port for IPv4 and IPv6
(previously broken by an endianness mistake), and fix a
failure to bind TCP sockets on approximately 1 attempt in 256
(fdo#87999, Ralf Habacker)
- Correctly release DBusServer mutex before early-return if we
run out of memory while copying authentication mechanisms
(fdo#90021, Ralf Habacker)
- Correctly initialize all fields of DBusTypeReader (fdo#90021,
Ralf Habacker, Simon McVittie)
- Fix some missing n in verbose (debug log) messages
(fdo#90021, Ralf Habacker)
- Clean up some memory leaks in test code (fdo#90021,
Ralf Habacker)
- Sync changes from SLE12 conditionalized for suse_version <= 1315
- Update to 1.8.16:
* Security fixes:
- Do not allow non-uid-0 processes to send forged
ActivationFailure messages. On Linux systems with systemd
activation, this would allow a local denial of service:
unprivileged processes could flood the bus with these forged
messages, winning the race with the actual service activation
and causing an error reply to be sent back when service
auto-activation was requested. This does not prevent the real
service from being started, so it only works while the real
service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
Simon McVittie)
* Other fixes:
- fix a Windows build failure (fdo#88009, Ralf Habacker)
- on Windows, allow up to 8K connections to the dbus-daemon
instead of the previous 64, completing a previous fix which
only worked under Autotools (fdo#71297, Ralf Habacker)
- Update to 1.8.14
* Security hardening:
- Do not allow calls to UpdateActivationEnvironment from uids
other than the uid of the dbus-daemon. If a system service
installs unsafe security policy rules that allow arbitrary
method calls (such as CVE-2014-8148) then this prevents
memory consumption and possible privilege escalation via
UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is
avoided by dbus-daemon-launch-helper sanitizing its
environment; but it seems better to be safe.
- Do not allow calls to UpdateActivationEnvironment or the
Stats interface on object paths other than
/org/freedesktop/DBus. Some system services install unsafe
security policy rules that allow arbitrary method calls to
any destination, method and interface with a specified object
path; while less bad than allowing arbitrary method calls,
these security policies are still harmful, since dbus-daemon
normally offers the same API on all object paths and other
system services might behave similarly.
* Other fixes:
- Add missing initialization so GetExtendedTcpTable doesn't
crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
- Update to 1.8.12:
* Fixes:
- Partially revert the CVE-2014-3639 patch by increasing the
default authentication timeout on the system bus from 5
seconds back to 30 seconds, since this has been reported to
cause boot regressions for some users, mostly with parallel
boot (systemd) on slower hardware.
On fast systems where local users are considered particularly
hostile, administrators can return to the 5 second timeout
(or any other value in milliseconds) by saving this as
/etc/dbus-1/system-local.conf:
<busconfig>
<limit name="/auth_timeout"/>5000</limit>
</busconfig>
(fdo#86431, Simon McVittie)
- Add a message in syslog/the Journal when the auth_timeout is
exceeded (fdo#86431, Simon McVittie)
- Send back an AccessDenied error if the addressed recipient is
not allowed to receive a message (and in builds with
assertions enabled, don't assert under the same conditions).
(fdo#86194, Jacek Bukarewicz)
- Update to 1.8.10:
* Security fixes:
- Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fdo#85105; Simon McVittie, Alban Crequy)
- dhcp
-
- Oops, when upgrading to 4.3.6-P1 in 2018 only isc_version was
bumped, but not the RPM package version.
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
overrun in lease file parsing code can be used to exploit a
common vulnerability shared by dhcpd and dhclient.
- bsc#1185157:
Use /run instead of /var/run for PIDFile in dhcrelay.service.
- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "/Run out of memory."/ on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "/expiry"/, the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
[ISC-Bugs #43592]
* When running in -6 mode, dhclient can enforce the require
option statement and will discard offered leases that do not
contain all the required options specified in the client
configuration [ISC-Bugs #41473].
* Altered DHCPv4 lease time calculation to avoid roll over
errors on 64-bit OS systems when using -1 or large values
for default-lease-time [ISC-Bugs #41976],
* Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
* The server nows checks both the address and length of a
prefix delegation when attempting to match it to a prefix
pool [ISC-Bugs #35378].
* Modified DDNS support initialization such that DNS related
ports will only be opened by the server (dhcpd) at startup
if ddns-update-style is not "/none"/; by dhclient only if and
when the it first attempts an update; and never by dhcrelay.
[ISC-Bugs #45290] [ISC-Bugs #33377]
* Added error logging to two memory allocation failure checks.
[ISC-Bugs #41185]
* Corrected a dhclient -6 issue that caused the client to crash
with an "/Impossible condition"/ error after de-preferencing its
only IA binding [ISC-Bugs #44373].
* By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
dhclient will now call the script with reason set to FAIL when
run with -1 (one try) and there are no server responses.
[ISC-bugs #18183]
* The server now detects failover peers that are not referenced
in at least one pool when run with the command line option for
test mode, -T [ISC-Bugs #29892].
* Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
* Changed severity of the log message indicating UDP checksum
errors in the received packets from 'info' to 'debug'.
[ISC-bugs #41757]
* Corrected a bug which could cause the server to sporadically
crash while loading lease files with the lease-id-format is
set to "/hex"/ [ISC-Bugs #43185].
- Obsoleted patches:
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
* 0019-dhcp-4.2.4-P1-interval.patch
* 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
* 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
- Optimized if and when DNS client context and ports
are initted (bsc#1073935)
[+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch]
- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
[ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
- add PIDFile= setting to dhcrelay.service, without this systemd
stops the service immediately after starting
- Drop old sysvinit support from the spec file. All the supported
openSUSE distributions are systemd based so there isn't much point
in keeping sysvinit support and files around.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Replace net-tools Requires in dhcp-client with hostname on
suse_version >= 1330 (CODE15): net-tools does no longer provide
any tool referenced by dhclient-script, but we require hostname
(which is also a dependency to net-tools, thus hiding the issue).
- use .gz year instead of current one to make build reproducible
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "/hex"/. Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "/make check"/.
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
reporting this issue and supplying its patch.
[ISC-Bugs #42666]
- Correct how the pick-first-value expression is written to a lease
file. Previously it was written as a concat expression due to
a cut and paste error.
[ISC-Bugs #42253]
- Modify the DDNS code to clean up the PTR record even if there
are issues while cleaning up the A or AAAA records.
[ISC-Bugs #23954]
- Added global configuration parameter, abandon-lease-time, which determines
the amount of time a lease remains abandoned. The default is 84600 seconds.
Additionaly, the server now conducts a ping check (if ping checks are
enabled) prior to offering an abandoned lease to client. Our thanks to
David Zych at University of Illinois for reporting the issue and working
with us to produce a viable solution.
[ISC-Bugs #41815]
- Correct handling of interface names during interface discovery. This
addresses an issue where interface names of 15 characters in length
could lead to crashes or interface recognition errors during startup
of dhcpd, dhclient, and dhcrelay.
[ISC-Bugs #42226]
- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
The updates are: looking for the lease file in more places and skipping
the "/processing complete"/ output when creating machine readable
output. Thanks to Cameron Paine (cbp at null dot net) for the
patch.
[ISC-Bugs #42113]
- When reusing a lease for dhcp-cache-threshold return the hostname
to the original lease. Also if the host pointer, UID or hardware address
change don't allow reuse of the lease.
Thanks to Michael Vincent for reporting this and helping us
verify the problem and fix.
[ISC-Bugs #42849]
- Change dmalloc to use a size_t as the length argument to bring it
in line with the call it will make to malloc().
[ISC-Bugs #40843]
- If the failover socket can't be bound, close it. Otherwise if the
user configures an incorrect address in the failover stanza the
server will continue to open new sockets every 90 seconds until
it runs out.
[ISC-Bugs #42452]
- Add DHCPv4-mode, dhcrelay command line options, "/-iu"/ and "/-id"/, that
allow interfaces to be upstream or downstream respectively. Upstream
interfaces will accept and forward only BOOTP replies, while downstream
interfaces will accept and forward only BOOTP requests.
[ISC-Bugs #41547]
- Clean up some memory references in the vendor-class construct.
[ISC-Bugs #42984]
[*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch,
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
* 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
* 0016-infiniband-support.patch,
* 0017-server-no-success-report-before-send.919959.patch]
- Set all requested dhcp options on a single line, so they are
actually requested (boo#1046969, boo#1047004).
- Relax permission of dhclient-script for libguestfs(bsc#987170)
- Require insserv only if needed
- Fix requires of client subpackage
- Add config file for registering dhcp server in slp (bsc#992072)
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
/sbin/arping is a symlink to /usr/sbin/arping in order to ease the
transition for the /usr merge. Newest releases of iputils may only
install utilities in /usr/* so this dependency will no longer be valid.
Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
- Update to dhcp-4.3.3-P1 correcting bounds checking when
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- Applied a patch by Jiri Popelka catching dhcp server aborts with
"/Unable to set up timer: out of range"/ on very long or infinite
timer intervals / lease lifetimes (bsc#947780)
[+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
description in previous changelog entry.
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
features and obsoletes several patches we were using before.
For complete changelog, please read the RELNOTES file shipped
along with this package or online at:
https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
[- 0007-dhcp-4.2.6-ldap-mt01.patch,
- 0009-dhcp-4.2.6-xen-checksum.patch,
- 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
- 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
- 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
- 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
- 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
- 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
- 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
- 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
- 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
- 0011-dhcp-4.2.6-close-on-exec.patch,
- 0012-dhcp-4.2.2-quiet-dhclient.patch,
- 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
- 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
- 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
+ 0008-dhcp-4.2.2-dhclient-option-checks.patch,
+ 0009-dhcp-4.2.6-close-on-exec.patch,
+ 0010-dhcp-4.2.2-quiet-dhclient.patch,
+ 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
+ 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
+ 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
32bit) integers to scripts and properly format timestamps as long
to not break them on 64bit architectures (bsc#926159).
[+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
[+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
- 0018-dhcp-4.2.6-improved-xid.patch,
- 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
+ 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
to /usr/include/dhcp and /usr/lib/dhcp subdirectories.
DHCP requires a specific bind library version and conflicts
with the files shipped by bind-devel package, which is not
source and binary compatible (bsc#910686).
- Corrected changes to provide complete patch file references.
- Fixed server to not report success before send (bsc#919959)
[+ 0017-server-no-success-report-before-send.919959.patch]
- Fixed dhclient to check pre-init results reported by dhclient-script
and fail if pre-init fails for a requested interface (bsc#912098).
[+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- do not check scripts not in the src.rpm
- Applied fix by Jiri Slaby to not crash in interface discovery
when the interface address is NULL, which has been introduced
by the infiniband support patch (bsc#909189,bsc#870535).
[+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
reorder config to add all global options or option declarations
to the dhcpService object instead to create new service object
(bsc#886094,ISC-Bugs#37876).
[+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
mapping of SHA TSIG algorithm names to their constants to enable
hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
[+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
and stop client message exchanges on reached MRD rather than
at some point after it. Applied fedora patches by Jiri Popelka
and added DAD reporting via exit 3 to the dhclient-script and
a fix to use correct address variables in the DEPREF6 action
(bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
[+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
socket in the server when ddns-update-style is none (bsc#891655).
[+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
[+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- diffutils
-
- Add ppc64_disable_failing_test to disable a sporadically failing
test for ppc64 and ppc64le builds (boo#1156913)
- Use %license (boo#1082318)
- Update to version 3.6:
* When one file is a prefix of the other, cmp now appends the
shorter file's size to the EOF diagnostic.
* diff's default algorithm has been tweaked to deal better with
larger files, reversing some of the changes made in
diffutils-3.4.
- Define packager and bug reporting url
- Update to a pre-release version (3.5.15):
* remove big-file-performance.patch and gnulib-diffseq.patch
* comment signature source as the release is not officially signed yet
- gnulib-diffseq.patch, big-file-performance.patch: Avoid performance
regression on big files (bsc#1004991)
- Diffutils 3.5:
* diff3 no longer malfunctions due to use-after-free
[bug introduced in 3.4]
* diff --color no longer colorizes when TERM=dumb
- Update to version 3.4
* diff accepts two new options --color and --palette to generate
and configure colored output. --color takes an optional
argument specifying when to colorize a line: --color=always,
- -color=auto, --color=never. --palette is used to configure
which colors are used.
* many bugfixes
- New -lang subpackage
- Drop no longer needed gnulib-perl522.patch
- Make building more verbose
- Move info page removal to preun
- Cleanup spec file with spec-cleaner
- Update provides/obsoletes
- add gnulib-perl522.patch from gnulib upstream
- build with PIE
- dmidecode
-
1 recommended fix from upstream:
- dmidecode-missing-commas.patch: Two missing commas in data arrays
cause off-by-one or mangling during index resolution
(bsc#1174257).
Partial support for SMBIOS 3.4.0:
- dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch,
dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch,
dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch,
dmidecode-add-system-slot-types-from-smbios-3.4.0.patch: Add
enumerated values from SMBIOS 3.4.0 (bsc#1174257).
1 presentation fix from upstream:
- dmidecode-skip-details-of-uninstalled-memory-modules.patch:
Skip details of uninstalled memory modules (bsc#1174257).
Partial support for SMBIOS 3.3.0:
- dmidecode-add-enumerated-values-from-smbios-3.3.0.patch: Add
enumerated values from SMBIOS 3.3.0 (bsc#1153533 bsc#1158833
jsc#SLE-10875).
3 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
formatting of TPM table output (missing newlines).
- dmidecode-fix-system-slot-information-for-pcie-ssd.patch: Fix
System Slot Information for PCIe SSD.
- dmidecode-add-logical-non-volatile-device.patch: Add "/Logical
non-volatile device"/ to the memory device types (bsc#1120149).
- Use %doc directly on files instead of installing them explicitly.
- Don't overwrite the path of license (boo#1121851).
- dmidecode-fix-redfish-hostname-print-length.patch: Fix Redfish
Hostname print length (bsc#1112755).
- Update to upstream version 3.2 (FATE#326044):
* [COMPATIBILITY] The UUID is now displayed using lowercase
letters, per RFC 4122 (#53569). You must ensure that any code
parsing it is case-insensitive.
* Support for SMBIOS 3.2.0. This includes new processor names,
new socket and port connector types, new system slot state and
property, and support for non-volatile memory (NVDIMM).
* Support for Redfish management controllers.
* A new command line option to query a specific structure by its
handle.
* A new command line option to query the system family string.
* Support for 3 ThinkPad-specific structures (patch #9642).
* Support for HPE's new company name.
* Support UEFI on FreeBSD.
* Important bug fixes:
Fix firmware version of TPM device
Fix the HPE UEFI feature flag check
* (biosdecode) A new command line option to fully decode PIR
information (support request #109339).
* Obsoletes dmioem-reflect-hpe-new-company-name.patch,
dmidecode-fix-tpm-device-firmware-version.patch, and
dmioem-fix-hpe-type-219-uefi-flag.patch.
* CHANGELOG is gone, package more compact NEWS file instead.
- Reenable signature checking.
- Use %license for LICENSE file.
- dmioem-reflect-hpe-new-company-name.patch: Reflect HPE's new
company name.
- dmidecode-fix-tpm-device-firmware-version.patch: Fix firmware
version of TPM device.
- dmioem-fix-hpe-type-219-uefi-flag.patch: Fix the reporting of
HP/HPE UEFI feature.
- Add missing bug numbers and FATE references in changes file
(bsc#1041670).
- Update to upstream version 3.1:
* Support for SMBIOS 3.1.0 and 3.1.1. This includes new chassis
types, new processor family names, new processor family upgrade
names, and new slot types, as well as support of larger BIOS
ROM sizes and cache sizes, and a new structure type (43, TPM
Device.)
* A new command line option to query OEM strings.
* All error messages are now printed on stderr (#47274, #48158.)
* Fixes a crash with SIGBUS (#46066.)
* Various minor fixes, improvements and cleanups.
* Obsoletes dmidecode-01-add-no-sysfs-option-description-to-h-output.patch,
dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch,
dmidecode-03-let-read_file-return-the-actual-data-size.patch,
dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch,
dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch,
dmidecode-06-hide-irrelevant-fixup-message.patch, and
dmidecode-07-only-decode-one-dmi-table.patch.
- dmidecode-07-only-decode-one-dmi-table.patch: Only decode one
DMI table.
https://savannah.nongnu.org/bugs/?50022
- dmidecode-01-add-no-sysfs-option-description-to-h-output.patch:
Add "/--no-sysfs"/ option description to -h output.
- dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch:
Fix 'No SMBIOS nor DMI entry point found' on SMBIOS3.
- dmidecode-03-let-read_file-return-the-actual-data-size.patch:
Let read_file return the actual data size.
- dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch:
Use read_file() to read the DMI table from sysfs.
https://savannah.nongnu.org/bugs/?46176
- dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch:
Use DWORD for Structure table maximum size in SMBIOS3.
- dmidecode-06-hide-irrelevant-fixup-message.patch:
Hide irrelevant fixup message.
http://savannah.nongnu.org/support/?109024
- Update to upstream version 3.0 (FATE#320746, FATE#320773):
* Adds support for SMBIOS 3.0. This includes a new (64-bit) entry
point format and new enumerated values for recent hardware.
* Adds support for the new kernel interface (as of Linux v4.2) as
an alternative to relying on /dev/mem to access the entry point
and DMI table.
* Adds decoding of Acer-specific DMI type 170 and HP-specific DMI
types 212, 219 and 233.
* Obsoletes dmidecode-1.173-drop-cast.patch,
dmidecode-1.175-fix-SMBIOS-2.8.0.patch,
dmidecode-1.176-SMBIOS-2.8-is-supported.patch,
dmidecode-1.177-decode-pcie3-slot-id.patch,
dmidecode-1.181-decode-CPUID-recent-AMD.patch, and
dmidecode-1.182-decode-ddr4-memory-type.patch.
* Various minor fixes and clean-ups.
* Skip the SMBIOS version comparison in quiet mode (bsc#974862).
- dmidecode.keyring was empty, reference the savannah keyring.
but the tarball is signed by someone unknown without gpg signatures,
so no keyring for now.
- Cleanup spec file with spec-cleaner
- Add gpg signature
- dmidecode-1.181-decode-CPUID-recent-AMD.patch: Decode the CPUID
of recent AMD processors (DMI type 4).
- dmidecode-1.182-decode-ddr4-memory-type.patch: Add support for
DDR4 memory type (DMI type 17) (bsc#955705).
https://savannah.nongnu.org/bugs/?43370
- docker
-
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.5-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
- cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
tools. boo#1182476
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
It appears that SLES doesn't like the patch. bsc#1180401
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
the upstream runc package (it's stable enough and Docker no longer pins git
versions). docker-libnetwork is so unstable that it doesn't have any
versioning scheme and so it really doesn't make sense to maintain the project
as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
docker-runc and docker-libnetwork.
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
our patches. While doing this, I've collapsed all patches into one branch
per-release and thus all the patches are now just one series:
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- private-registry-0001-Add-private-registry-mirror-support.patch
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
was fixed.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
https://github.com/docker/docker-ce/releases/tag/v19.03.14
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with
nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
(boo#1178801, SLE-16460)
* boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols,
only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
spurrious errors due to Go returning -EINTR from I/O syscalls much more often
(due to Go 1.14's pre-emptive goroutine support).
- bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
dependencies much more quickly.
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
can build Docker with Go 1.14 (upstream uses Go 1.13).
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.
- Add backport of https://github.com/docker/docker/pull/39121. bsc#1122469
+ bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- Support older SLE systems which don't have "/usermod -w -v"/.
- Update to Docker 19.03.5-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
- Update to Docker 19.03.4-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Drop containerd.service workaround (we've released enough versions without
containerd.service -- there's no need to support package upgrades that old).
- Update to Docker 19.03.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1153367
- Update to Docker 19.03.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1150397
- Fix zsh-completion (docker -> _docker)
- Fix default installation such that --userns-remap=default works properly
(this appears to be an upstream regression, where --userns-remap=default
doesn't auto-create the group and results in an error on-start). boo#1143349
- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
- Remove upstreamed patches:
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Rebase pacthes:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Move bash-completion to correct location.
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
* Includes fixes for CVE-2019-13509 bsc#1142160.
- Update to Docker 18.09.7-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1139649
- Remove upstreamed patches:
- CVE-2018-15664.patch
- Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
- Add patch for CVE-2018-15664. bsc#1096726
+ CVE-2018-15664.patch
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Rebase patches:
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1128376 boo#1134068
- Rebase patches:
* bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
* bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Updated patch name:
+ bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to Docker 18.09.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- docker-test: improvements to test packaging (we don't need to ship around the
entire source tree, and we also need to build the born-again integration/
tests which contain a suite-per-directory). We also need a new patch which
fixes the handling of *-test images. bsc#1128746
+ bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Move daemon.json file to /etc/docker directory, bsc#1114832
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs cofiguration, bsc#1114832
- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
* Includes fix for CVE-2018-10892 bsc#1100331.
* Includes fix for CVE-2018-20699 bsc#1121768.
- Remove upstreamed patches.
- bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10.6 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "/go get -u"/
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
boo#1119634). I believe Docker is one of the only packages with this problem.
- Add backports of https://github.com/docker/docker/pull/37302 and
https://github.com/docker/cli/pull/1130, which allow for users to explicitly
specify the NIS domainname of a container. bsc#1001161
+ bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+ bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- Update docker.service to match upstream and avoid rlimit problems.
bsc#1112980
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. boo#1115464 bsc#1118990
- Add revert of an upstream patch to fix docker-* handling.
+ packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
- bsc1100727-0001-build-add-buildmode-pie.patch
- Reduce the disk footprint by recommending git-core instead of
hard requiring it.
bsc#1108038
- ExcludeArch i586 for entire docker-kubic flavour
- ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
- Add patch to make package reproducible, which is a backport of
https://github.com/docker/cli/pull/1306. boo#1047218
+ bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce
- Remove patches that were merged upstream:
- bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce
upgrade. This is a potential security issue (the CRI plugin was enabled by
default, which listens on a TCP port bound to 0.0.0.0) that will be fixed
upstream in the 18.06.1-ce upgrade. bsc#1102522
+ bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Kubic: Make crio default, docker as alternative runtime
(boo#1104821)
- Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
subpackage
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "/kubic"/ flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
- Rework docker-rpmlintrc with the new _multibuild setup.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
- Upgrade to docker-ce v18.06.0-ce. bsc#1102522
- Remove systemd-service dependency on containerd, which is now being started
by dockerd to align with upstream defaults.
- Removed the following patches as they are merged upstream:
- bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Rebased the following patches:
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* bsc1100727-0001-build-add-buildmode-pie.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Build the client binary with -buildmode=pie to fix issues on POWER.
bsc#1100727
+ bsc1100727-0001-build-add-buildmode-pie.patch
- Update the AppArmor patchset again to fix a separate issue where changed
AppArmor profiles don't actually get applied on Docker daemon reboot.
bsc#1099277
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+ bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to AppArmor patch so that signal mediation also works for signals
between in-container processes. bsc#1073877
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
- Update secrets patch to not log incorrect warnings when attempting to inject
non-existent host files. bsc#1065609
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Review Obsoletes to fix bsc#1080978
- Put docker under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
bsc#1073877 boo#1089732
+ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Fix manpage generation breaking ppc64le builds due to a missing
- buildemode=pie.
- Compile and install all manpages.
bsc#1085117
- Add requirement for catatonit, which provides a docker-init implementation.
fate#324652 bsc#1085380
- Fix private-registry-0001-Add-private-registry-mirror-support.patch to
deal corretly with TLS configs of 3rd party registries.
fix bsc#1084533
- Update patches to be sourced from https://github.com/suse/docker-ce (which
are based on the upstream docker/docker-ce repo). The reason for this change
(though it is functionally identical to the old patches) is so that public
patch maintenance is much simpler.
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- Disable all tests for docker/client and docker/pkg/discovery. The unit tests
of those packages broke reproducibly the builds in IBS.
- Disable flaky tests github.com/docker/docker/pkg/discovery/kv.
- Add patch to support mirroring of private/non-upstream registries. As soon as
the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this
patch will be replaced by the backported one from upstream.
+ private-registry-0001-Add-private-registry-mirror-support.patch
fix bsc#1074971
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
we've pretty much removed it from everywhere except the containers module.
bsc#1069758
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
Docker. bsc#1072798
- Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
- Removed patches (merged upstream):
- bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Update to Docker v17.09.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
- Rebased patches:
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
- bsc1064781-0001-Allow-to-override-build-date.patch
- Add a patch to dynamically probe whether libdevmapper supports
dm_task_deferred_remove. This is necessary because we build the containers
module on a SLE12 base, but later SLE versions have libdevmapper support.
This should not affect openSUSE, as all openSUSE versions have a new enough
libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
bsc#1021227 bsc#1029320 bsc#1058173
+ bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
backport into the SLE package.
- Include secrets fix to handle "/old"/ containers that have orphaned secret
data. It's not clear why Docker caches these secrets, but fix the problem by
trashing the references manually. bsc#1057743
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
around for a while, and we no longer support migrating from such an old
version "/nicely"/. Docker still has migration code that will run on
first-boot, we are merely removing all of the "/nice"/ warnings which tell
users how to avoid issues during an upgrade that ocurred more than a year
ago.
- Drop un-needed files:
- docker-plugin-message.txt
- docker-update-message.txt
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
security issue where a maliciously crafted image could be used to crash a
Docker daemon. bsc#1066210 CVE-2017-14992
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
security issue where a Docker container (with a disabled AppArmor profile)
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
CVE-2017-16539
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Correctly set `docker version` information, including the version, git
commit, and SOURCE_DATE_EPOCH (requires a backport). This should
* effectively* make Docker builds reproducible, with minimal cost. boo#1064781
+ bsc1064781-0001-Allow-to-override-build-date.patch
- Add backport of https://github.com/moby/moby/pull/35205. This used to be
fixed in docker-runc, but we're moving it here after upstream discussion.
bsc#1055676
+ bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Update to Docker v17.07.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
- Removed no-longer needed patches.
- bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- integration-cli-fix-TestInfoEnsureSucceeds.patch
- Added backport of https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Rewrite secrets patches to correctly handle directories in a way that doesn't
cause errors when starting new containers.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
start the daemon, which is insufficient in cases where the daemon
takes longer to start. Instead, set the service type from 'simple' to
'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
newer version of docker-libnetwork. This is necessary because of a versioning
bug we found in bsc#1057743.
- fix /var/adm/update-message/docker file name to be
/var/adm/update-message/docker-%{version}-%{release}
- devicemapper: add patch to make the dm storage driver remove a container's
rootfs mountpoint before attempting to do libdm operations on it. This helps
avoid complications when live mounts will leak into containers. Backport of
https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Fix a regression in our SUSE secrets patches, which caused the copied files
to not carry the correct {uid,gid} mapping when using user namespaces. This
would not cause any bugs (SUSEConnect does the right thing anyway) but it's
possible some programs would not treat the files correctly. This is
tangentially related to bsc#1055676.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- enable deferred removal for sle12sp2 and newer (and openSUSE
equivalent. fix bsc#1021227
- enable libseccomp on sle12sp2 and newer, 42.2 and newer
fix bsc#1028638 - docker: conditional filtering not supported on
libseccomp for sle12
- add SuSEfirewall2.service to the After clause in docker.service
in order to fix bsc#1046024
- fix path to docker-runc in systemd service file
- change dependency to docker-runc
- Fix bsc#1029630: docker does not wait for lvm on system startup
I added "/lvm2-monitor.service"/ as an "/After dependency"/ of the docker systemd
unit.
- Fix bsc#1032287: missing docker systemd configuration
- Update SUSE secrets patch to correctly handle restarting of containers.
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
backport of https://github.com/moby/moby/pull/33250.
+ bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- Fix bsc#1038476 warning about non-executable docker
* Simply verify we have binary prior using it, might happen if
someone had docker installed and then did remove it and install
from scratch again
- Add a partial fix for boo#1038493.
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
This is a backport of https://github.com/docker/cli/pull/52.
+ bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- Fix golang requirements in the subpackages
- Update golang build requirements to use golang(API) symbol: this is
needed to solve a conflict between multiple versions of Go being available
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
substitute docker/distribution/digest by opencontainers/digest
- Update to version 17.04.0-ce (fix bsc#1034053 )
- Patches removed because have been merged into this version:
* pr31549-cmd-docker-fix-TestDaemonCommand.patch
* pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Patches rebased:
* integration-cli-fix-TestInfoEnsureSucceeds.patch
- Build man pages for all archs (bsc#953182)
- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
see /usr/share/doc/packages/docker/CHANGELOG.md
- Make sure this is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
is available in all archs
- remove gcc specific patches
* gcc-go-patches.patch
* netlink_netns_powerpc.patch
* boltdb_bolt_add_brokenUnaligned.patch
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
understand.
- Update SUSE secrets patch to handle boo#1030702.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix (bsc#1032644)
Change lvm2 from Requires to Recommends
Docker usually uses a default storage driver, when it's not configured
explicitly. This default driver then depends on the underlying
system and gets chosen during installation.
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
docker needs a higher version. Otherwise, we get the error
"/conditional filtering requires libseccomp version >= 2.2.1
(bsc#1028639 and bsc#1028638)
- Add a backport of fix to AppArmor lazy loading docker-exec case.
https://github.com/docker/docker/pull/31773
+ pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
Docker 1.13.0, which removes the need to implement any secret handling
ourselves. This resulted in a split up of the patch.
- docker-mount-secrets.patch
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove old plugins.json to prevent docker-1.13 to fail to start
- Fix bsc#1026827: systemd TasksMax default throttles docker
- Fix post section by adding shadow as a package requirement
Otherwise the groupadd instruction fails
- Add patch to fix TestDaemonCommand failure in %check. This is an upstream
bug, and has an upstream PR to fix it https://github.com/docker/docker/pull/31549.
+ pr31549-cmd-docker-fix-TestDaemonCommand.patch
- update docker to 1.13.0
see details in https://github.com/docker/docker/releases/tag/v1.13.0
- use the same buildflags for building docker and for building the
tests.
- enable pkcs11:
https://github.com/docker/docker/commit/37fa75b3447007bb8ea311f02610bb383b0db77f
- enable architecture s390x for openSUSE
- provide the oci runtime so that containers which were using an old
runtime option, when started on the new docker version, the runtime
is changed to the new one. fix bsc#1020806 bsc#1016992
- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
plus an extra commit to fix liverestore:
https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218
- add "/a wait"/ when starting docker service to fix
bsc#1019251
- remove netlink_gcc_go.patch after integration of PR
https://github.com/golang/go/issues/11707
- new boltdb_bolt_add_brokenUnaligned.patch for ppc64
waiting for https://github.com/boltdb/bolt/pull/635
- Remove old flags from dockerd's command-line, to be more inline with
upstream (now that docker-runc is provided by the runc package). -H is
dropped because upstream dropped it due to concerns with socket
activation.
- Remove socket activation entirely.
- update docker to 1.12.5 (bsc#1016307).
This fixes bsc#1015661
- fix bash-completion
- Add packageand(docker:bash) to bash-completion to match zsh-completion.
- fix runc and containerd revisions
fix bsc#1009961
- update docker to 1.12.3
- fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
- other fixes:
https://github.com/docker/docker/releases/tag/v1.12.3
- update docker to 1.12.2 (bsc#1004490). See changelog
https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
- update docker-mount-secrets.patch to 1.12.2 code
- docker-mount-secrets.patch: change the internal mountpoint name to not use
"/:"/ as that character can be considered a special character by other tools.
bsc#999582
- fix go_arches definition: use global instead of define, otherwise
it fails to build
- Add dockerd(8) man page.
- add missing patch to changelog
- fix integration test case
- add integration-cli-fix-TestInfoEnsureSucceeds.patch
- update rpmlintrc
- make test timeout configurable
- Remove noarch from docker-test, which was causing lots of fun issues when
trying to run them.
- Fix build for ppc64le: use static libgo for dockerd and docker-proxy
as in docker build.
- Update docker to 1.12.1 (bsc#996015)
see changelog in https://github.com/docker/docker/releases/tag/v1.12.1
- Add asaurin@suse.com's test.sh test script.
- Add integration test binary in docker.spec file. This is work done by
asaurin@suse.com.
- Package docker-proxy (which was split out of the docker binary in 1.12).
boo#995620
- fix bsc#995102 - Docker "/migrator"/ prevents installing "/docker"/,
if docker 1.9 was installed before but there were no images
- Update docker.service file with several changes.
* Reapply fix for bsc#983015 (Limit*=infinity).
* Specify an "/OCI"/ runtime for our runc package explicitly. bsc#978260
- remove disable-pprof-trace.patch: We can remove this patch because
we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- remove bnc964673-boltdb-metadata-recovery.patch because it has already
been merged
- update to v1.12.0 (bsc#995058)
see detailed changelog at
https://github.com/docker/docker/releases/tag/v1.12.0
- disable test that fail in obs build context
- only run unit tests on architectures that provide the go list and go test
tools
- disable dockerd, parser, integration test, and devicemapper related tests
on versions below SLE12 and openSUSE_13.2
- bump test timeout to 10m (for aarch64)
- run unit tests during the build
- Adapt docker.service file.
- adapt install sections for gccgo builds: gccgo build are not built in separate
folders for client and daemon. They both reside in dyngccgo.
- gcc-go-patch: link against systemd when compiling the daemon.
- Add disable-pprof-trace.patch
pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
packages. This patch comments out the pprof.Trace() section.
- update gcc-go-patch and docker-mount-secrets.patch
- Fixed binary split, install both required binaries correctly
* Explicitly state the version dependencies for runC and containerd, to
avoid potential issues with incompatible component versions. These
must be updated *each time we do a release*. bsc#993847
- Don't exit mid install, add the ability to not restart the docker
service during certain updates with long migration phases
bsc#980555
- remove kernel dependency (bsc#987198)
- remove sysconfig.docker.ppc64le patch
setting iptables option on ppc64le works now (bsc#988707)
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
syntax error
* Update docker.service to include changes from upstream, including the
soon-to-be-merged patch https://github.com/docker/docker/pull/24307,
which fixes bnc#983015.
- readd dropped declaration for patch200
* Removed patches:
- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
* Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
* Networking
* Fix a stale endpoint issue on overlay networks during ungraceful restart
(#23015)
* Fix an issue where the wrong port could be reported by docker
inspect/ps/port (#22997)
* Runtime
* Fix a potential panic when running docker build (#23032)
* Fix interpretation of --user parameter (#22998)
* Fix a bug preventing container statistics to be correctly reported (#22955)
* Fix an issue preventing container to be restarted after daemon restart
(#22947)
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
* Fix a possible deadlock on image deletion and container attach (#22918)
* Fix an issue where containers fail to start after a daemon restart if they
depend on a containerized cluster store (#22561)
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
(#22168, #23067)
* Fix a bug preventing to docker exec into a container when using
devicemapper (#22168, #23067)
- Fix udev files ownership
- Pass over with spec-cleaner, no factual changes
* Make sure we *always* build unstripped Go binaries.
* Add a patch to fix database soft corruption issues if the Docker dameon dies
in a bad state. There is a PR upstream to vendor Docker to have this fix as
well, but it probably won't get in until 1.11.2. bnc#964673
(https://github.com/docker/docker/pull/22765)
+ bnc964673-boltdb-metadata-recovery.patch
* Remove conditional Patch directive for SUSE secrets, since conditionally
including patches results in incompatible .src.rpms. The patch is still
applied conditionally.
* Update to Docker 1.11.1. Changelog from upstream:
* Distribution
- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
* Documentation
+ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
* Builder
* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
* Networking
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
* Runtime
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
- Removed scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
- Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
- Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
- Revert deprecation of non-existing host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
- Fix go version to 1.5 (bsc#977394)
- Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
+ cve-2016-3697-numeric-uid.patch
The upstream PR is here[1] and was vendored into Docker here[2].
[1]: https://github.com/opencontainers/runc/pull/708
[2]: https://github.com/docker/docker/pull/21665
- Supplemnent zsh from zsh-completion
* zsh-completion will be automatically installed if zsh and
docker are installed
- Remove gcc5_socker_workaround.patch: This patch is not needed anymore
since gcc5 has been updated in all platforms
* Removed patches that have been fixed upstream and in gcc-go:
- boltdb_bolt_powerpc.patch
- fix-apparmor.patch
- fix-btrfs-ioctl-structure.patch
- fix-docker-init.patch
- libnetwork_drivers_bridge_powerpc.patch
- ignore-dockerinit-checksum.patch
* Require containerd, as it is the only currently supported Docker execdriver.
* Update docker.socket to require containerd.socket and use --containerd in
docker.service so that the services are self-contained.
* Update to Docker 1.11.0. Changelog from upstream:
* Builder
- Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
* Client
* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
+ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
+ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
+ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
* `docker info` now also report Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
* `docker ps` no longer show exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
* Distribution
- Fix a panic that occurred when pulling an images with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
+ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
+ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
* Logging
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
+ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
+ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
+ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
* Misc
+ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/c))
+ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
+ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
* Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
* Docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
+ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
+ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
* Networking
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
- Fix "/error creating vxlan interface"/ when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
+ Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
+ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
* Plugins
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
* Runtime
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
+ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
+ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
+ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
+ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
+ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
+ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
+ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
+ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
* Security
* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
* Volumes
* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
* Local volumes can now accepts options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
+ `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
- docker.spec: apply gcc5 socket patch also for sle12 and leap
because gcc5 has been updated there as well.
- docker.spec: add a "/is_opensuse"/ check for the mount-secrets patch.
This way we can use this same package for opensuse.
- use go-lang for aarch64:
- drop fix_platform_type_arm.patch (works around a gcc-go bug, so
unnecessary)
- Add patch from upstream (https://github.com/docker/docker/pull/21723) to fix
compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
+ fix-btrfs-ioctl-structure.patch bnc#974208
- Changed systemd unit file and default sysconfig file to include network options,
this is needed to get SDN like flannel to work
- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
by the migration script.
- docker.spec: only Reccomends: the docker-image-migrator package as it is no
longer required for our ugly systemctl hacks.
- docker.spec: fix up documentation to refer to the script you need to run in
the migrator package.
- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
- spec: switch to new done file name from docker-image-migrator
- update to docker 1.10.3 (bnc#970637)
Runtime
Fix Docker client exiting with an "/Unrecognized input header"/ error #20706
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
Distribution
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
Plugin system
Fix issue preventing volume plugins to start when SELinux is enabled #20834
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
Fix plugin system leaking file descriptors if a plugin has an error #20680
Security
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
Fix user namespaces not working on Linux From Scratch #20685
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
More at https://github.com/docker/docker/releases/tag/v1.10.3
- spec: improve file-based migration checks to make sure that it doesn't cause
errors if running on a /var/lib/docker without /var/lib/docker/graph.
- spec: implement file-based migration checks. The migrator will be updated to
match the warning message's instructions. This looks like it works with my
testing.
- more patches to build on ppc64 architecture
update netlink_gcc_go.patch
new netlink_netns_powerpc.patch
new boltdb_bolt_powerpc.patch
new libnetwork_drivers_bridge_powerpc.patch to replace
deleted fix-ppc64le.patch
- fix bsc#968972 - let docker manage the cgroups of the processes
that it launches without systemd
- Require docker-image-migrator (bnc#968933)
Update to version 1.10.2 (bnc#968933)
- Runtime
Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
Fix chown permissions used during docker cp when userns is used #20446
Fix configuration loading issue with all booleans defaulting to true #20471
Fix occasional panic with docker logs -f #20522
- Distribution
Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
Handle gracefully a corner case when canceling migration #20372
Fix docker import on compressed data #20367
Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
- Networking
Fix daemon crash if embedded DNS is sent garbage #20510
- Volumes
Fix issue with multiple volume references with same name #20381
- Security
Fix potential cache corruption and delegation conflict issues #20523
link to changelog:
https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
which also fixes several potential issues if the major version of apparmor
changes.
- Remove 1.10.0 tarball.
- Update to docker 1.10.1
It includes some fixes to 1.10.0, see detailed changelog in
https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
- Update docker to 1.10.0 (bnc#965918)
Add usernamespace support
Add support for custom seccomp profiles
Improvements in network and volume management
detailed changelog in
https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
- removed patches, because code has been merged in 1.10.0 release:
libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
use_fs_cgroups_by_default.patch
fix_cgroup.parent_path_sanitisation.patch
add_bolt_ppc64.patch
add_bolt_arm64.patch
add_bolt_s390x.patch
- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- added patches:
fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
Which "/fixes"/ the data type for RawSockaddr.Data
However, docker now expects the "/wrong"/ data type, since docker had a workaround
for that issue.
Thus, we need to workaround the workaround in tumbleweed
netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
version 2.8 and not openSUSE which has version 2.9.
fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
- reviewed patches:
ignore-dockerinit-checksum.patch: review context in patch
fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
gcc-go-patches.patch: review context in patch
- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
However, for version 1.10, we need go 1.5.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
- docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
- docker-mount-secrets.patch: properly register /run/secrets as a
mountpoint, so that it is unmounted properly when the container
is removed and thus container removal works. (bnc#963142)
- docker-mount-secrets.patch: in addition, add some extra debugging
information to the secrets patch.
- fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
in weird circumstances. https://github.com/docker/docker/issues/14203
- fix_bnc_958255.patch: fix Docker creates strange apparmor profile
(bnc#958255)
- use_fs_cgroups_by_default.patch: Use fs cgroups by default:
https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0
- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
sanitisation:
https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02
- Add rules for auditd. This is required to fix bnc#959405
- Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
* Removed:
- docker_missing_ppc64le_netlink_linux_files.patch: the code that this
bug refers to has benn removed upstream
- docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
refers to has been removed upstream
- Remove fix_15279.patch: code has been merged upstream
- Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
- Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
merged upstream
- Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
has been removed upstream
- Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
this patch is giving the error we were trying to fix, implying that the
code has been fixed somewhere else.
* Added:
- add_bolt_ppc64.patch
- add_bolt_arm64.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
- docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
In order to do this, we had to work-around an issue from gcc-go:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69357
* Modify:
- Upgrade to 1.9.1(bnc#956434)
* Runtime:
- Do not prevent daemon from booting if images could not be restored
(#17695)
- Force IPC mount to unmount on daemon shutdown/init (#17539)
- Turn IPC unmount errors into warnings (#17554)
- Fix `docker stats` performance regression (#17638)
- Clarify cryptic error message upon `docker logs` if `--log-driver=none`
(#17767)
- Fix seldom panics (#17639, #17634, #17703)
- Fix opq whiteouts problems for files with dot prefix (#17819)
- devicemapper: try defaulting to xfs instead of ext4 for performance
reasons (#17903, #17918)
- devicemapper: fix displayed fs in docker info (#17974)
- selinux: only relabel if user requested so with the `z` option
(#17450, #17834)
- Do not make network calls when normalizing names (#18014)
* Client:
- Fix `docker login` on windows (#17738)
- Fix bug with `docker inspect` output when not connected to daemon
(#17715)
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
* Builder:
- Fix regression with symlink behavior in ADD/COPY (#17710)
* Networking:
- Allow passing a network ID as an argument for `--net` (#17558)
- Fix connect to host and prevent disconnect from host for `host` network
(#17476)
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
is not the first block in the network (#17853)
- Restore deterministic `IPv6` generation from `MAC` address on default
`bridge` network (#17890)
- Allow port-mapping only for endpoints created on docker run (#17858)
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
* Distribution:
- Correct parent chain in v2 push when v1Compatibility files on the disk
are inconsistent (#18047)
- Update to version 1.9.0 (bnc#954812):
* Runtime:
- `docker stats` now returns block IO metrics (#15005)
- `docker stats` now details network stats per interface (#15786)
- Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
containers based on their ancestor images (#14570)
- Add `label=<somelabel>` filter to `docker ps --filter` to filter
containers based on label (#16530)
- Add `--kernel-memory` flag to `docker run` (#14006)
- Add `--message` flag to `docker import` allowing to specify an optional
message (#15711)
- Add `--privileged` flag to `docker exec` (#14113)
- Add `--stop-signal` flag to `docker run` allowing to replace the
container process stopping signal (#15307)
- Add a new `unless-stopped` restart policy (#15348)
- Inspecting an image now returns tags (#13185)
- Add container size information to `docker inspect` (#15796)
- Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
(#17275)
- Remove the deprecated `/container/ps` endpoint from the API (#15972)
- Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
- Share shm and mqueue between containers sharing IPC namespace (#15862)
- Event stream now shows OOM status when `--oom-kill-disable` is
set (#16235)
- Ensure special network files (/etc/hosts etc.) are read-only if
bind-mounted
with `ro` option (#14965)
- Improve `rmi` performance (#16890)
- Do not update /etc/hosts for the default bridge network, except for links
(#17325)
- Fix conflict with duplicate container names (#17389)
- Fix an issue with incorrect template execution in `docker inspect`
(#17284)
- DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
(#16271)
* Client:
- Allow `docker import` to import from local files (#11907)
* Builder:
- Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
stop-signal for the container process (#15307)
- Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
`docker build`
that allows to add build-time environment variables (#15182)
- Improve cache miss performance (#16890)
* Storage:
- devicemapper: Implement deferred deletion capability (#16381)
* Networking:
- `docker network` exits experimental and is part of standard release
(#16645)
- New network top-level concept, with associated subcommands and API
(#16645)
WARNING: the API is different from the experimental API
- Support for multiple isolated/micro-segmented networks (#16645)
- Built-in multihost networking using VXLAN based overlay driver (#14071)
- Support for third-party network plugins (#13424)
- Ability to dynamically connect containers to multiple networks (#16645)
- Support for user-defined IP address management via pluggable IPAM drivers
(#16910)
- Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
nodes discovery (#16229)
- Add `--cluster-store-opt` for setting up TLS settings (#16644)
- Add `--dns-opt` to the daemon (#16031)
- DEPRECATE following container `NetworkSettings` fields in API v1.21:
`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
`IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
Those are now specific to the `bridge` network. Use
`NetworkSettings.Networks` to inspect
the networking settings of a container per network.
* Volumes:
- New top-level `volume` subcommand and API (#14242)
- Move API volume driver settings to host-specific config (#15798)
- Print an error message if volume name is not unique (#16009)
- Ensure volumes created from Dockerfiles always use the local volume driver
(#15507)
- DEPRECATE auto-creating missing host paths for bind mounts (#16349)
* Logging:
- Add `awslogs` logging driver for Amazon CloudWatch (#15495)
- Add generic `tag` log option to allow customizing container/image
information passed to driver (e.g. show container names) (#15384)
- Implement the `docker logs` endpoint for the journald driver (#13707)
- DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
* Distribution:
- `docker search` now works with partial names (#16509)
- Push optimization: avoid buffering to file (#15493)
- The daemon will display progress for images that were already being
pulled by another client (#15489)
- Only permissions required for the current action being performed are
requested (#)
- Renaming trust keys (and respective environment variables) from `offline`
to `root` and `tagging` to `repository` (#16894)
- DEPRECATE trust key environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
* Security:
- Add SELinux profiles to the rpm package (#15832)
- Fix various issues with AppArmor profiles provided in the deb package
(#14609)
- Add AppArmor policy that prevents writing to /proc (#15571)
- Change systemd unit file to no longer use the deprecated "/-d"/ option
(bnc#954737)
- Changed docker-mount-secrets.patch: allow removal of containers
even when the entry point failed. bnc#954797
- Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
- Merged the fix_libsecomp_error_bnc_950931.patch and the
fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
- Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
had created and empty file jump_amd64.go instead of removing it.
This broke the build for x86_64.
This commit fixes it by removing that empty file.
fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
removes empty file jump_amd64.go
- Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
type.
gcc5_socket_workaround.patch
- Add patches for fixing ppc64le build (bnc#950931)
fix_libsecomp_error_bnc_950931.patch
fix_incompatible_assignment_error_bnc_950931.patch
docker_missing_ppc64le_netlink_linux_files.patch
- Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
with the previous patches.
- Exclude libgo as a requirement. The auto requires script was adding
libgo as a requirement when building with gcc-go which was wrong.
- Add patch for missing systemcall for s390x. See
https://github.com/docker/docker/commit/eecf6cd48cf7c48f00aa8261cf431c87084161ae
add_missing_syscall_for_s390x.patch: contains the patch
- Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
thus we don't want to exclude sle12sp1 but only sle12.
- Update docker to 1.8.3 version:
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
- Update docker to 1.8.2 version
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.2
fix bsc#946653 update do docker 1.8.2
- devicemapper: fix zero-sized field access
Fix issue #15279: does not build with Go 1.5 tip
Due to golang/go@7904946
the devices field is dropped.
This solution works on go1.4 and go1.5
See more in https://github.com/docker/docker/pull/15404
This fix was not included in v1.8.2. See previous link
on why.
fix_15279.patch: contains the patch for issue#15279
- new patch as per upstream issue
https://github.com/docker/docker/issues/14056#issuecomment-113680944
docker_rename_jump_amd64_as_jump_linux.patch
- ignore-dockerinit-checksum.patch need -p1 in spec
- Update to docker 1.8.1(bsc#942369 and bsc#942370):
- Fix a bug where pushing multiple tags would result in invalid images
- Update to docker 1.8.0:
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.0
- remove docker-netns-aarch64.patch: This patch was adding
vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go
which is now included upstream, so we don't need this patch anymore
- Remove 0002-Stripped-dockerinit-binary.patch because we do not
use it anymore (we got rid of that when updating to 1.7.1)
- Exclude archs where docker does not build. Otherwise it gets into
and infinite loop when building.
We'll fix that later if we want to release for those archs.
- Update to 1.7.1 (2015-07-14) (bnc#938156)
* Runtime
- Fix default user spawning exec process with docker exec
- Make --bridge=none not to configure the network bridge
- Publish networking stats properly
- Fix implicit devicemapper selection with static binaries
- Fix socket connections that hung intermittently
- Fix bridge interface creation on CentOS/RHEL 6.6
- Fix local dns lookups added to resolv.conf
- Fix copy command mounting volumes
- Fix read/write privileges in volumes mounted with --volumes-from
* Remote API
- Fix unmarshalling of Command and Entrypoint
- Set limit for minimum client version supported
- Validate port specification
- Return proper errors when attach/reattach fail
* Distribution
- Fix pulling private images
- Fix fallback between registry V2 and V1
- Exclude init scripts other than systemd from the test-package
- Exclude intel 32 bits arch. Docker does not built on that. Let's
make it explicit.
- rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
to make them apply again.
- introduce go_arches for architectures that use the go compiler
instead of gcc-go
- add docker-netns-aarch64.patch: Add support for AArch64
- enable build for aarch64
- Build man pages only on platforms where gc compiler is available.
- Updated to 1.7.0 (2015-06-16) - bnc#935570
* Runtime
- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
- The `exec` command supports the `-u|--user` flag to specify the new process owner
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
- Container block IO can be controlled in `docker run` using`--blkio-weight`
- ZFS support
- The `docker logs` command supports a `--since` argument
- UTS namespace can be shared with the host with `docker run --uts=host`
* Quality
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
* Build
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
* Distribution
- Client support for v2 mirroring support for the official registry
* Bugfixes
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
and fixed to build with latest version of docker
- Add test subpackage and fix line numbers in patches
- Fixed ppc64le name inside of spec file
- Build docker on PPC and S390x using gcc-go provided by gcc5
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
despite some iptables issues. To be removed soon
* ignore-dockerinit-checksum.patch: applied only when building with
gcc-go. Required to workaround a limitation of gcc-go
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
link libgo statically into docker itself.
- Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
from SUSEConnect by the container service
- Automatically set SCC_URL environment variable inside of the
containers by parsing the /etc/SUSEConnect.example file
* Add set-SCC_URL-env-variable.patch
- Place SCC machine credentials inside of /run/secrets/credentials.d
* Edit docker-mount-scc-credentials.patch¬
- pass the SCC machine credentials to the container
* Add docker-mount-scc-credentials.patch
- build and install man pages
- Update to version 1.6.2 (2015-05-13) [bnc#931301]
* Revert change prohibiting mounting into /sys
Updated to version 1.6.1 (2015-05-07) [bnc#930235]
* Security
- Fix read/write /proc paths (CVE-2015-3630)
- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
- Fix opening of file-descriptor 1 (CVE-2015-3627)
- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
- Prohibit mount of /sys
* Runtime
- Update Apparmor policy to not allow mounts
- Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
changes introduced by docker 1.6.1
- Get rid of SocketUser and SocketGroup workarounds for docker.socket
- Updated to version 1.6.0 (2015-04-07) [bnc#908033]
* Builder:
+ Building images from an image ID
+ build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
+ basic build cancellation
* Client:
+ Windows Support
* Runtime:
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
- Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
the latest version of Docker.
- bnc#908033: support of Docker Registry API v2.
- enable build for armv7l
- Updated docker.spec to fixed building with the latest version of our
Go pacakge.
- Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
the docker daemon against the dockerinit binary.
- Updated systemd service and socket units to fix socket activation
and to align with best practices recommended by upstram. Moreover
socket activation fixes bnc#920645.
- Updated to 1.5.0 (2015-02-10):
* Builder:
- Dockerfile to use for a given `docker build` can be specified with
the `-f` flag
- Dockerfile and .dockerignore files can be themselves excluded as part
of the .dockerignore file, thus preventing modifications to these files
invalidating ADD or COPY instructions cache
- ADD and COPY instructions accept relative paths
- Dockerfile `FROM scratch` instruction is now interpreted as a no-base
specifier
- Improve performance when exposing a large number of ports
* Hack:
- Allow client-side only integration tests for Windows
- Include docker-py integration tests against Docker daemon as part of our
test suites
* Packaging:
- Support for the new version of the registry HTTP API
- Speed up `docker push` for images with a majority of already existing
layers
- Fixed contacting a private registry through a proxy
* Remote API:
- A new endpoint will stream live container resource metrics and can be
accessed with the `docker stats` command
- Containers can be renamed using the new `rename` endpoint and the
associated `docker rename` command
- Container `inspect` endpoint show the ID of `exec` commands running in
this container
- Container `inspect` endpoint show the number of times Docker
auto-restarted the container
- New types of event can be streamed by the `events` endpoint: ‘OOM’
(container died with out of memory), ‘exec_create’, and ‘exec_start'
- Fixed returned string fields which hold numeric characters incorrectly
omitting surrounding double quotes
* Runtime:
- Docker daemon has full IPv6 support
- The `docker run` command can take the `--pid=host` flag to use the host
PID namespace, which makes it possible for example to debug host processes
using containerized debugging tools
- The `docker run` command can take the `--read-only` flag to make the
container’s root filesystem mounted as readonly, which can be used in
combination with volumes to force a container’s processes to only write to
locations that will be persisted
- Container total memory usage can be limited for `docker run` using the
`—memory-swap` flag
- Major stability improvements for devicemapper storage driver
- Better integration with host system: containers will reflect changes
to the host's `/etc/resolv.conf` file when restarted
- Better integration with host system: per-container iptable rules are moved
to the DOCKER chain
- Fixed container exiting on out of memory to return an invalid exit code
* Other:
- The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
properly taken into account by the client when connecting to the
Docker daemon
- Updated to 1.4.1 (2014-12-15):
* Runtime:
- Fix issue with volumes-from and bind mounts not being honored after
create (fixes bnc#913213)
- Added e2fsprogs as runtime dependency, this is required when the
devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
- Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
bnc#907014 (CVE-2014-6408)
* Security:
- Fix tar breakout vulnerability
- Extractions are now sandboxed chroot
- Security options are no longer committed to images
* Runtime:
- Fix deadlock in `docker ps -f exited=1`
- Fix a bug when `--volumes-from` references a container that failed to start
* Registry:
- `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
- Private registries whose IPs fall in the 127.0.0.0/8 range do no need
the `--insecure-registry` flag
- Skip the experimental registry v2 API when mirroring is enabled
- Fixed minor packaging issues.
- Updated to version 1.3.1 2014-10-28)
* Security:
- Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
registry [CVE-2014-5277]
- Secure HTTPS connection to registries with certificate verification and
without HTTP fallback unless `--insecure-registry` is specified
* Runtime:
- Fix issue where volumes would not be shared
* Client:
- Fix issue with `--iptables=false` not automatically
setting `--ip-masq=false`
- Fix docker run output to non-TTY stdout
* Builder:
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile instruction
- Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
`WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
- Upgraded to version 1.3.0 (2014-10-14)
* docker `exec` allows you to run additional processes inside existing containers
* docker `create` gives you the ability to create a container via the cli without executing a process
* `--security-opts` options to allow user to customize container labels and apparmor profiles
* docker `ps` filters
* wildcard support to copy/add
* move production urls to get.docker.com from get.docker.io
* allocate ip address on the bridge inside a valid cidr
* use drone.io for pr and ci testing
* ability to setup an official registry mirror
* Ability to save multiple images with docker `save`
- dosfstools
-
- Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863)
to work with different size of clusters.
- Update to version 4.1:
* Now the default for mkfs for filesystems smaller than 512 MB is
64 / 32 sectors
* The parsing of octal character specifications for filenames in
the -u and -d 25 options of fsck now works.
* Fixed a possible fatlabel crash when writing a label to an
unlabelled filesystem
* Testsuite is now available
- Update to 4.0
* Switch build system to autotools.
* Fixed data corruption errors in fsck.fat Writing to the third
to last cluster on FAT12 with an odd number of clusters would
corrupt the following cluster.
* The automatic alignment of data clusters that was added in
3.0.8 and broken for FAT32 starting with 3.0.20 has been
reinstated.
- Small spec file cleanup
- Drop no longer needed dosfstools-suse-dirs.patch
- Update to 3.0.28
* mkfs.fat now allows choosing 0xF0 as the media byte which was
previously rejected.
* mkfs.fat now supports the --invariant option to facilitate
testing mkfs.fat itself.
* Bugs fixed in fsck.fat are a read one byte beyond the end of
an allocated array when checking some FAT12 filesystems, and
checking that the first cluster of a file as specified in the
directory entry is not 1.
- Cleanup spec file with spec-cleaner
- fix url
- updated to 3.0.27:
* fsck.fat: Don't print version string every time -v is
encountered
* Fix attempt to rename root dir in fsck due to uninitialized
fields
* Support long file names in volume labeling code
- upstream changed
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
- added fsck.{v,}fat and mkfs.{v,}fat compat symlinks in /sbin
[bnc#884516]
- call spec-cleaner
- updated to 3.0.26:
* Fix "/odd"/ files created by frequent power-loss.
- updated to 3.0.25:
* Prevent corruption of FAT during fsck on 64 bit platforms.
unsigned long is 64 bit on x86-64, which means set_fat was writing two
entries, which corrupts the next entry. This can cause loss of data in
another file.
* Fixed remaining 64 bit build warnings.
- dracut
-
- Update to version 049.1+suse.203.g8ee14a90:
* fix(suse-initrd): use $kernel rather than $(uname -r)
* fix(suse-initrd): exclude modules that are built-in (bsc#1185646)
* fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
* docs: fix reference to insmodpost module (bsc#1187774)
- Update to version 049.1+suse.196.g8706843b:
* fix(suse-initrd): restore INITRD_MODULES in mkinitrd script
* fix(suse-initrd): call dracut_instmods with hostonly=
- Update to version 049.1+suse.192.g00425ead:
* fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
* fix(suse-initrd) fix list of modprobe.d directories
* fix(install): handle $LIB in ldd output parsing (bsc#1185615)
- Update to version 049.1+suse.188.gbf445638:
* 90kernel-modules-extra: don't resolve symlinks before instmod (bsc#1185277)
- Update to version 049.1+suse.187.g63c1504f:
* fix(shutdown): add timeout to umount calls (bsc#1178219)
- Update to version 049.1+suse.186.g320cc3d1:
* network-legacy: fix route parsing issues in ifup (bsc#1182688)
* 90kernel-modules: arm/arm64: Add reset controllers
* Prevent creating unexpected files on the host when running dracut
* As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
- Update to version 049.1+suse.185.g9324648a:
* 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336)
* Prevent creating unexpected files on the host when running dracut (bsc#1176171)
- Update to version 049.1+suse.183.g7282fe92:
* As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
(multiple backported commits, bsc#1180119)
- Update to version 049.1+suse.174.g150b9981:
* make collect optional (bsc#1177870)
* Inclusion of dracut modifications to enable nvme-fc boot support (bsc#1142248)
* suse.spec: add nvmf module
* 95nvmf: Implement 'fc,auto' commandline syntax
* 95nvmf: add nvmf-autoconnect script
* 95nvmf: Fixup FC connections
* 95nvmf: rework parameter handling
* 95nvmf: fix typo in the example documentation
* 95nvmf: add NVMe over TCP support
* 95nvmf: add module for NVMe-oF
Adds new module 95nvmf, see jsc#ECO-3063.
- Update to version 049.1+suse.171.g65b2addf:
* dracut.sh: FIPS workaround for openssl-libs (bsc#1178217)
* 01fips: turn info calls into fips_info calls (bsc#1164076)
* 00systemd: add missing cryptsetup-related targets (bsc#1177811)
- Update to version 049.1+suse.156.g7d852636:
* net-lib.sh: support infiniband network mac addresses (bsc#996146)
* 95nfs: use ip_params_for_remote_addr() (bsc#1167494)
* 95iscsi: use ip_params_for_remote_addr() (bsc#1167494)
* dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494)
- Update to version 049.1+suse.152.g8506e86f:
* 01fips: modprobe failures during manual module loading is not fatal (bsc#bsc#1169997)
* 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828)
* 95iscsi: fix ipv6 target discovery (bsc#1172807)
* 35network-legacy: correct conditional for creating did-setup file (bsc#1172807)
- Update to version 049.1+suse.148.gc4a6c2dd:
* 95fcoe: load 'libfcoe' module as a fallback (bsc#1173560)
* 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases.
(bsc#bsc#1161573)
- Update to version 049.1+suse.146.g6f5195cf:
* 35network-legacy: Fix dual stack setups (bsc#1172807)
- Update to version 049.1+suse.145.g8ae82192:
* 95iscsi: fix missing space when compiling cmdline args (bsc#1172816)
- Update to version 049.1+suse.144.ge0eaf296:
* Add wicked specific config files (bsc#1089333)
- Update to version 049.1+suse.143.g368f585a:
* modules.d: fix udev rules detection of multipath devices (bsc#1171370)
- Update to version 049.1+suse.142.gf8776da4:
* Run format_spec_file
- Update to version 049.1+suse.141.g7563c620:
* network-legacy/net-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1161438)
* 35network-legacy: call initqueue/online for DHCP, too (boo#1161438)
* 90nvdimm: include nvdimm keys in initrd (bsc#1161343)
- Update to version 049.1+git138.9068a629:
* systemd: install systemd-tty-ask-password-agent systemd-ask-password
* Mark interface setup after dhcp (bsc#1167161)
* Store nameserver received from wicked dhcp lease (bsc#1167161)
- Changed scheme to 049.1+suse.139.g8a7d3d9e to match systemd package
* Scheme pattern> <PARENT_TAG>+suse.<TAG_OFFSET>.g<SHA1>
* No functional change
- Update to version 049.1+git135.46dceb02:
* 40network: Do not require hostname binary
* suse.spec: add new modules 90nvdimm and 99suse-initrd
* 95fcoe: default rd.nofcoe to false (bsc#1163343)
* Add module "/99suse-initrd"/ for parsing "/SUSE INITRD"/ lines (bsc#1161343)
Dependent commits:
* Add module "/90nvdimm"/ for NVDIMM support
* 90kernel-modules: remove nfit from static module list
- Update to version 049.1+git129.0f19bbfd:
* 35network-legacy: dhclient is optional (bsc#1166188)
* suse.spec: Create -extra package (bsc#1166188)
* suse.spec: Remove obsolete permission fixups
* 00warpclock: Fix permissions in warpclock.sh
- Update to version 049.1+git125.e2b2c9ef:
* 01fips: handle SHA1 on machines without AVX (bsc#1160318)
* Update: 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git124.70941b30:
* 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git123.c2a6645e:
* dracut: add warning when including unsupported modules (bsc#1163055)
* 01fips: Boot without BOOT_IMAGE being set (bsc#1161292)
* 01fips: Use correct kernel image name for more platforms (bsc#1164076)
- Update to version 049.1+git120.dbfbfcb8:
* 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352)
- Update to version 049.1+git119.abf1a408:
* 30convertfs: adopt for SUSE (boo#1158777)
- Update to version 049+git118.a6090e2f:
* Implement support for verifying the boot with fipscheck (bsc#1158530)
- Update to version 049+git117.d3206e79:
* Remove purge-kernels scripts and service (jsc#SLE-10162)
- Update to version 049+git116.e9995c78:
* dracut.spec: add convertfs module correctly (boo#1158777)
- Update to version 049+git115.c2d8d6fb:
* suse: Remove incorrect usage of %_libexecdir (boo#1155785)
- Update to version 049+git114.058e566c:
* 35network-legacy: only skip waiting for interfaces if netroot is set (bsc#1152006)
* fixup "/Dracut: only login to one target at a time"/ (bsc#1152650)
- Update to version 049+git112.fe41ccd9:
* dracut: move /var/run and /var/lock from directory to symlink (bsc#1149103, ECO#323)
* 35network-legacy: signalize the setup in ifup when dhcp (bsc#1146661)
* 35network-legacy: fix typo
* 35network-legacy: install hostname required by ifup.sh (bsc#1146661)
- Update to version 049+git108.6c9d1156:
* dracut-init.sh: Nuke unused install_kmod_with_fw function
* dracut-install: Support the compressed firmware files correctly (boo#1146769)
* dracut: let module handling function accept optional path option
* dracut.sh: Fix udevdir detection
- Update to version 049+git104.1244eed7:
* mkinitrd-suse.sh: remove trailing "/|"/
- Update to version 049+git103.c8d99b62:
* Add support for compressed kernel modules (boo#1135854)
- Update to version 049+git102.9ee0c387:
* dracut-install: Add support for compressed firmware files (boo#1136677)
- Update to version 049+git101.17c579a0:
* call netroot on wicked dhcp setup
* nfsroot follow ifcfg settings for boot protocol
- Update to version 049+git99.76df40e7:
* 95fcoe: Fix startup when fcoe module is included (boo#1136977)
* tests: Ignore .testdir
* Add support for riscv64
* mkinitrd-suse.sh: simplify get_kernel_version (bsc#1139939)
* 95dasd-rules & 95zfcp_rules: Look for correct rule name (bsc#1137784)
- Update to version 049+git94.aef7a52b:
* ucode: properly include early only ucode (bsc#1098915, bsc#1125393)
* keep network device naming scheme on upgrade (bsc#1136927)
- Bump to 049
- Contains fixes for bsc#1134472, bsc#1134347 and bsc#1133819
- Patches are now maintained in git
* Removed 0012-40network-Fix-race-condition-when-wait-for-networks.patch
* Removed 0013-40network-always-start-netroot-in-ifup.sh.patch
* Removed 0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
* Removed 0016-Add-new-s390x-specific-rule-files.patch
* Removed 0017-45ifcfg-use-distro-specific-scripts.patch
* Removed 0020-00warpclock-Set-correct-timezone.patch
* Removed 0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
* Removed 0048-40network-Only-enable-network-interfaces-if-explicit.patch
* Removed 0053-01fips-fixup-loading-issues.patch
* Removed 0056-81cio_ignore-handle-cio_ignore-commandline.patch
* Removed 0057-01fips-Include-some-more-hmacs.patch
* Removed 0058-dracut-add-warning-when-including-unsupported-module.patch
* Removed 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
* Removed 0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
* Removed 0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
* Removed 0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
* Removed 0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch
* Removed 0079-95dasd_rules-fixup-rd.dasd-parsing.patch
* Removed 0080-95dasd_rules-print-out-rd.dasd-commandline.patch
* Removed 0081-95dasd_mod-do-not-set-module-parameters-if-dasd_cio_.patch
* Removed 0083-95zfcp_rules-Fixup-rd.zfcp-parsing.patch
* Removed 0085-95zfcp_rules-print-out-rd.zfcp-commandline-parameter.patch
* Removed 0086-95zfcp_rules-Auto-generate-udev-rule-for-ipl-device.patch
* Removed 0087-95dasd_rules-Auto-generate-udev-rule-for-ipl-device.patch
* Removed 0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
* Removed 0089-40network-create-var-lib-wicked-in-ifup.sh.patch
* Removed 0090-dracut-caps-Remove-whole-caps-module.patch
* Removed 0091-dracut-biosdevname-In-SUSE-biosdevname-package-is-in.patch
* Removed 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
* Removed 0107-Fixup-typo-firmare-instead-of-firmware.patch
* Removed 0108-91zipl-Store-commandline-correctly.patch
* Removed 0109-95dasd_rules-Store-all-devices-in-commandline.patch
* Removed 0110-95zfcp_rules-Store-all-devices-in-commandline.patch
* Removed 0113-91zipl-Install-script-as-executable.patch
* Removed 0114-91zipl-Translate-ext2-3-into-ext4.patch
* Removed 0116-Mark-scripts-as-executable.patch
* Removed 0117-95dasd_rules-Enable-the-device-before-checking-devic.patch
* Removed 0118-95zfcp_rules-Enable-the-device-before-checking-devic.patch
* Removed 0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
* Removed 0123-95zfcp_rules-fix-typo-in-module_setup.patch
* Removed 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
* Removed 0125-40network-separate-mask-and-prefix.patch
* Removed 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
* Removed 0128-90lvm-Install-dm-snapshot-module.patch
* Removed 0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
* Removed 0131-40network-handle-prefixed-IP-addresses-correctly.patch
* Removed 0132-40network-fixup-static-network-configuration.patch
* Removed 0133-Allow-multiple-configurations-per-network-interface-.patch
* Removed 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
* Removed 0138-fips_add_aesni-intel.patch
* Removed 0139-fips-kernel-4.4-fixes.patch
* Removed 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
* Removed 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
* Removed 0145-40network-handle-ip-ifname-static-correctly.patch
* Removed 0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
* Removed 0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
* Removed 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe.patch
* Removed 0159-network-Try-to-load-xennet.patch
* Removed 0160-s390-update_active_devices_initrd.patch
* Removed 0161-95zfcp_rules-simplified-rd.zfcp-commandline-for-NPIV.patch
* Removed 0162-network-Request-DHCP-lease-instead-of-getting-applyi.patch
* Removed 0163-Install-etc-sysconfig-console-to-see-specific-fonts.patch
* Removed 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
* Removed 0168-remove_plymouth_logo_file.patch
* Removed 0169-network_set_mtu_macaddr_for_dhcp.patch
* Removed 0170-iscsi-skip-ibft-invalid-dhcp.patch
* Removed 0180-i18n_add_correct_fontmaps.patch
* Removed 0182-fix-include-parsing.patch
* Removed 0183-fix_add_drivers_hang.patch
* Removed 0188-95dasd_rules-Install-collect-udev-helper-binary.patch
* Removed 0190-replace-iscsistart-with-systemd-service-files.patch
* Removed 0191-static_network_setup_return_zero.patch
* Removed 0192-iscsi_set_boot_protocol_from_ifcfg.patch
* Removed 0193-95iscsi-Set-number-of-login-retries.patch
* Removed 0196-ibft-wait-for-session-on-all-paths.patch
* Removed 0197-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
* Removed 0198-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
* Removed 0199-rd-iscsi-waitnet-default-false.patch
* Removed 0200-dracut_fix_multipath_without_config.patch
* Removed 0201-fix_nfs_with_ip_instead_of_hostname.patch
* Removed 0202-dracut_dmraid_use_udev.patch
* Removed 0203-no-fail-builtin-module.patch
* Removed 0204-mkinitrd-fix-monster.patch
* Removed 0205-mdraid_ignore_hostonly.patch
* Removed 0206-nfs_dns_alias.patch
* Removed 0207-handle_module_aliases.patch
* Removed 0208-no_forced_virtnet.patch
* Removed 0209-fix_modules_load_d_hostonly.patch
* Removed 0210-add_fcoe_uefi_check.patch
* Removed 0212-fcoe_reorder_init_path.patch
* Removed 0213-Fix-wrong-keymap-inclusion.patch
* Removed 0214-95fcoe-Do-not-overwrite-FCoE-configuration.patch
* Removed 0215-95fcoe-Do-not-complain-about-missing-etc-hba.conf.patch
* Removed 0216-95fcoe-silence-lldpad-warnings.patch
* Removed 0217-95fcoe-Allow-to-specify-the-FCoE-mode-via-the-fcoe-p.patch
* Removed 0218-40network-allow-persistent-interface-names.patch
* Removed 0219-95fcoe-use-interface-names-instead-of-MAC-addresses.patch
* Removed 0220-95fcoe-always-set-AUTO_VLAN-for-fcoemon.patch
* Removed 0221-95fcoe-Add-shutdown-script.patch
* Removed 0222-90dm-Fixup-shutdown-script.patch
* Removed 0223-90dm-fixup-dependency-cycle-between-MD-and-DM-shutdo.patch
* Removed 0224-95iscsi-setup-bnx2i-offload-connections-properly.patch
* Removed 0225-95fcoe-do-not-start-fcoemon-twice.patch
* Removed 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
* Removed 0301-include_sysconfig_language.patch
* Removed 0302-Revert-90multipath-add-hostonly-multipath.conf-in-ca.patch
* Removed 0303-fix_multipath_check_hostonly.patch
* Removed 0304-90multipath-Start-daemon-after-udev-settle.patch
* Removed 0305-90multipath-load-dm_multipath-module-during-startup.patch
* Removed 0306-90multipath-add-shutdown-script.patch
* Removed 0307-90multipath-parse-kernel-commandline-option-multipat.patch
* Removed 0308-mdraid_add_IMSM_NO_PLATFORM_env.patch
* Removed 0309-90dmraid-do-not-delete-partitions.patch
* Removed 0310-95resume-Do-not-resume-on-iSCSI.patch
* Removed 0311-95iscsi-ip-ibft-is-deprecated.patch
* Removed 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
* Removed 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
* Removed 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
* Removed 0402-driver-fail-summary.patch
* Removed 0403-95lunmask-Add-module-to-handle-LUN-masking.patch
* Removed 0404-dracut-emergency-optionally-print-fs-help.patch
* Removed 0450-Strip-NUL-bytes-in-stream-before-push-in-string.patch
* Removed 0451-systemd-initrd-add-initrd-root-device.target.patch
* Removed 0452-Always-try-to-add-pinctrl-cherryview.patch
* Removed 0453-Resolve-symbolic-links-for-i-and-k-parameters-bsc-90.patch
* Removed 0454-Add-md4-and-arc4-modules-for-ntlm.patch
* Removed 0500-Reset-IFS-variable.patch
* Removed 0501-dasd_fix_ssid_bigger_zero.patch
* Removed 0502-persistent_device_policy_param_enhance.patch
* Removed 0503-dracut.sh-create-the-initramfs-non-world-readable-al.patch
* Removed 0504-ibft-fix-boot-flag-check.patch
* Removed 0505-Allow-booting-from-degraded-MD-RAID-arrays.patch
* Removed 0506-Boot-on-s390x-with-fips-1-on-the-kernel-commnad-line.patch
* Removed 0507-Set-TaskMax-inifinite-for-the-emergency-shell.patch
* Removed 0508-90multipath-start-before-local-fs-pre.target.patch
* Removed 0509-01fips-Remove-zlib-module-as-requirement.patch
* Removed 0510-01fips-Some-modules-use-separators-other-than.patch
* Removed 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
* Removed 0512-Make-binutils-optional-when-elfutils-are-available.patch
* Removed 0513-Fix-regression-caused-by-6f9bf2b8ac436259bdccb110545.patch
* Removed 0514-man-make-the-k-option-clear-using-mkinitrd.patch
* Removed 0515-90kernel-modules-also-add-block-device-driver-revers.patch
* Removed 0516-mkinitrd-suse.sh-Fix-prefix-calculation.patch
* Removed 0517-95fcoe-fixup-fcoe-genrules.sh-for-VN2VN-mode.patch
* Removed 0518-90kernel-modules-Fix-backlight-on-Cherrytrail-device.patch
* Removed 0519-90kernel-modules-Ensure-phy-drivers-are-loaded-in-in.patch
* Removed 0520-Ignore-module-resolution-errors.patch
* Removed 0521-Ensure-udev-persistent-storage-compat-rules-get-crea.patch
* Removed 0522-Fix-typo-from-commit-3f1cdb520.patch
* Removed 0523-98dracut-systemd-Fix-module-force-loading-with-syste.patch
* Removed 0524-Suppress-nonsensical-error-message-bsc-1032029.patch
* Removed 0525-backport-bail-out-if-module-directory-does-not-exist.patch
* Removed 0526-iscsiroot-call-handle_firmware-only-for-non-iface-in.patch
* Removed 0527-switch-fips-checking-to-use-the-libkcapi-based-fipsc.patch
* Removed 0528-Ensure-dracut.sh-responds-properly-to-hostonly_cmdli.patch
* Removed 0529-systemd-add-missing-.slice-unit.patch
* Removed 0530-dracut-systemd-dracut-cmdline-ask-fix-dracut-kernel-.patch
* Removed 0531-dracut-systemd-.service-conflict-with-shutdown-targe.patch
* Removed 0532-List-drivers-rather-than-looking-for-reverse-depende.patch
* Removed 0533-instmods-check-modules.builtin-in-srcmods.patch
* Removed 0534-ssh-client-Include-nss_-libraries.patch
* Removed 0535-Sync-initramfs-after-creation.patch
* Removed 0536-90multipath-drop-67-kpartx-compat.rules.patch
* Removed 0537-dracut-init.sh-ignore-crc32.ko-in-builtin-test.patch
* Removed 0538-Enable-core-dumps-with-systemd-from-initrd.patch
* Removed 0539-Add-IMA-functionality-fate-323289.patch
* Removed 0540-Check-the-proper-variable-for-a-custom-IMA-keys-dire.patch
* Removed 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
* Removed 0542-Include-crc32c-intel-module-when-using-btrfs.patch
* Removed 0543-Remove-00systemd-bootchart.patch
* Removed 0544-40network-Make-ip-dhcp-work.patch
* Removed 0545-Add-early-microcode-support-for-AMD-family-16h.patch
* Removed 0546-Support-Microcode-Updates-for-AMD-CPU-Family-0x17.patch
* Removed 0547-Fix-task-limit-in-emergency.service-the-same-change-.patch
* Removed 0548-95fcoe-Switch-back-to-using-fipvlan-for-bnx2fc.patch
* Removed 0549-fcoe-up-Increase-sleeptime-to-13s.patch
* Removed 0550-95fcoe-add-timeout-initqueue-entries.patch
* Removed 0551-fips-use-lib-modules-uname-r-modules.fips.patch
* Removed 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
* Removed 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
* Removed 0554-98integrity-support-X.509-only-EVM-configuration.patch
* Removed 0555-Avoid-executing-emergency-hooks-twice.patch
* Removed 0556-95qeth_rules-Add-new-module-to-copy-qeth-rules.patch
* Removed 0557-40network-make-arping-optional.patch
* Removed 0558-40network-remove-brctl-dependency.patch
* Removed 0559-Add-wickedd-duid.xml-and-iaid.xml-if-available.patch
* Removed 0560-90kernel-modules-Ensure-PCI-host-modules-are-include.patch
* Removed 0561-Add-the-qedi-driver-to-driver-list-for-iscsi-boot.patch
* Removed 0562-Adjust-driver-list-to-modern-kernels.patch
* Removed 0563-40network-collapse-arping-and-dhcp-calls-into-wicked.patch
* Removed 0564-40network-Always-set-the-gw-variable.patch
* Removed 0565-90kernel-modules-Include-Intel-Volume-Management-Dev.patch
* Removed 0566-95nfs-If-no-server-is-configured-read-BOOTSERVERADDR.patch
* Removed 0567-Fix-booting-with-fips-1-on-SLES-15.patch
* Removed 0568-95multipath-Pickup-files-in-etc-multipath-conf.d.patch
* Removed 0569-10i18n-Load-all-keymaps-for-a-given-locale.patch
* Removed 0570-10i18n-Fix-possible-infinite-recursion.patch
* Removed 0571-40network-Fix-static-network-setup.patch
* Removed 0572-lsinitrd-no-more-cat-write-error-Broken-pipe.patch
* Removed 0573-lsinitrd.sh-quote-filename-in-extract_files.patch
* Removed 0574-s-find_btrfs_devs-btrfs_devs.patch
* Removed 0580-check_for_CONFIG_ACPI_TABLE_UPGRADE.patch
* Removed 0581-kernel-modules-add-nfit.patch
* Removed 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
* Removed 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
* Removed 0584-95dasd_rules-mark-dasd-rules-host_only.patch
* Removed 0585-emergency-mode-use-sulogin.patch
* Removed 0586-95zfcp_rules-parse-zfcp.sh-remove-rule-existence-check.patch
* Removed 0587-Fix-a-missing-space-in-example-configs.patch
* Removed 0588-Ensure-mmc-host-modules-get-included-properly.patch
* Removed 0589-Fix-98dracut-systemd-dracut-emergency.sh.patch
* Removed 0590-00systemd-check-if-systemd-version-is-a-number.patch
* Removed 0591-91zipl-Don-t-use-contents-of-commented-lines.patch
* Removed 0592-95iscsi-handle-qedi-like-bnx2i.patch
* Removed 0593-dracut-only-copy-xattr-if-root.patch
* Removed 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
* Removed 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
* Removed 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
* Removed 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
* Removed 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
* Removed 0599-iscsiroot-try-targets-only-once.patch
* Removed 0600-iscsiroot-remove-bashisms.patch
* Removed 0601-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- dracut-lib.sh:dev_unit_name() guard against $dev beginning with "/-"/ (bsc#1132448)
* adds 0601-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- 95iscsi: avoid error messages when building initrd, multipath timeouts
(bsc#1130114, bsc#1130107, bsc#1121238)
* adds 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
* adds 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
* adds 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
* adds 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
* adds 0599-iscsiroot-try-targets-only-once.patch
* adds 0600-iscsiroot-remove-bashisms.patch
- Bump version to 044.2 to provide a version to lock on to (bsc#1127891)
- Check SUSE kernel module dependencies recursively (bsc#1127891)
* adds 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
- Handle non-versioned dependency in purge-kernels.
- purge-kernels: Avoid endless loop when uninstalling kernels that depend on
KMPs which in themselves depend on other packages (bsc#1125327)
- Avoid "/Failed to chown ... Operation not permitted"/ when run from non-root,
by not copying xattrs. (osc#1092178)
* adds 0593-dracut-only-copy-xattr-if-root.patch
- Correct fix for displaying text on emergency consoles (boo#1124088)
* removes 0589-Fix-displaying-text-on-emergency-consoles.patch
* adds 0589-Fix-98dracut-systemd-dracut-emergency.sh.patch
- 95iscsi: handle qedi like bnx2i (bsc#1113712)
* adds 0592-95iscsi-handle-qedi-like-bnx2i.patch
- 91zipl: Don't use contents of commented lines (osc#1119499)
* adds 0591-91zipl-Don-t-use-contents-of-commented-lines.patch
- Fix displaying text on emergency consoles (boo#1124088)
- adds 0589-Fix-displaying-text-on-emergency-consoles.patch
- Fix systemd version check, will be required for systemd v241
- 0590-00systemd-check-if-systemd-version-is-a-number.patch
- Remove invalid "/FONT_MAP=none"/ from vconsole.conf (osc#1013573)
- Ensure mmc host modules get included properly (bsc#1119037)
* adds 0588-Ensure-mmc-host-modules-get-included-properly.patch
- Fix a missing space in example configs (boo#1121251)
* adds 0587-Fix-a-missing-space-in-example-configs.patch
- 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352).
* adds 0586-95zfcp_rules-parse-zfcp.sh-remove-rule-existence-check.patch
- dracut-installkernel: Stop keeping old kernel files as .old
(boo#1112327)
The .old kernel files are confusing grub2 which can't find a
matching directory under /lib/modules. Furthermore, there is no
guarantee that the new modules are fully compatible with the old
kernel.
If anything goes wrong with a new self-compiled kernel, the user
can always boot back to the distribution kernel, so the .old
backup files are not needed in the first place. Get rid of them
to simplify and speed up the whole process.
- emergency mode: bring shell and all vital information to
all ttys specified as console devices
(FATE#325386, bsc#1053248, bsc#937555)
* Adds 0585-emergency-mode-use-sulogin.patch
- 98dracut-systemd: Start systemd-vconsole-setup before dracut-cmdline-ask
(bsc#1055834)
* adds 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
- Fixed Patch 581 to apply cleanly
* Updates 0581-kernel-modules-add-nfit.patch
- Mark the DASD udev rules host-only and handle backslashes in paths for
hostonly files (bsc#1090884)
* adds 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
* adds 0584-95dasd_rules-mark-dasd-rules-host_only.patch
- Add nfit module (bsc#1110519)
* adds 0581-kernel-modules-add-nfit.patch
- Add kernel-syms to list of packages to remove with purge-kernels (bsc#1104090).
- Skip kernels that cannot be removed by purge-kernels due to dependencies and
continue removing other kernels (bsc#1104090).
- Fix finding btrfs devices (bsc#1104178).
* add 0574-s-find_btrfs_devs-btrfs_devs.patch
- Add fix to override ACPI tables via initrd, a kernel config variable
changed name (bsc#1098448)
This is mainline git commit 940169e8d8e500498a3f350b2b3f341ae6548492
A 0580-check_for_CONFIG_ACPI_TABLE_UPGRADE.patch
- 40network: Fix static network setup (bsc#1091099)
* adds 0571-40network-Fix-static-network-setup.patch
- lsinitrd: Fix cat: write error: Broken pipe error (bsc#1094603)
* adds 0572-lsinitrd-no-more-cat-write-error-Broken-pipe.patch
* adds 0573-lsinitrd.sh-quote-filename-in-extract_files.patch
- 95multipath: Pickup multipath files in /etc/multipath/conf.d (boo#1048551)
* adds 0568-95multipath-Pickup-files-in-etc-multipath-conf.d.patch
- 10i18n: Load all keymaps for a given locale (boo#1065058)
* adds 0569-10i18n-Load-all-keymaps-for-a-given-locale.patch
* adds 0570-10i18n-Fix-possible-infinite-recursion.patch
- 01fips: fix FIPS mode on SLES 15 (bsc#1074984)
* adds 0567-Fix-booting-with-fips-1-on-SLES-15.patch
- Do not attempt to run purge-kernels.service on ro rootfs (bsc#1087880)
- 95nfs: If no server is configured, read BOOTSERVERADDR from wicked's leaseinf
(bsc#1089332)
* adds 0566-95nfs-If-no-server-is-configured-read-BOOTSERVERADDR.patch
- Remove RH-specific s390 modules (bsc#1086216)
- Use %license instead of %doc [bsc#1082318]
- Instead of using arping, use wicked's own implementation (bsc#1078245)
Follow-up patch to "/disable arping"/, requires wicked 0.6.46.
* adds 0563-40network-collapse-arping-and-dhcp-calls-into-wicked.patch
- Wicked: Properly add set gateway variable when using dhcp (bsc#1085614)
* adds 0564-40network-Always-set-the-gw-variable.patch
- Allow booting from block devices using intel vmd (bsc#1079924)
* adds 0565-90kernel-modules-Include-Intel-Volume-Management-Dev.patch
- Enable aarch64 and adds critical drivers of ARM platform (bsc#1084272)
* adds 0562-Adjust-driver-list-to-modern-kernels.patch
- 95iscsi: Add the qedi driver to driver list for iscsi boot
* adds 0561-Add-the-qedi-driver-to-driver-list-for-iscsi-boot.patch
- purge-kernels: Handle SLE 15 kernel live patches (bsc#108437)
- 90kernel-modules: Ensure PCI host modules are included (boo#1079924)
* adds 0560-90kernel-modules-Ensure-PCI-host-modules-are-include.patch
- 40network: Add wickedd duid.xml and iaid.xml if available
(bsc#1022872, bsc#1082832)
* adds 0559-Add-wickedd-duid.xml-and-iaid.xml-if-available.patch
- 95qeth_rules: Fix file permissions (FATE#323440)
- 40network: disable arping, it is no longer part of default installation (bsc#1078245)
* Adds 0557-40network-make-arping-optional.patch
- 40network: replace brctl, it is longer part of default installation (bsc#1078245)
* Adds 0558-40network-remove-brctl-dependency.patch
- 95qeth_rules: Add new module to copy qeth rules (FATE#323440)
* Adds 0556-95qeth_rules-Add-new-module-to-copy-qeth-rules.patch
- Avoid executing emergency hook twice
* Adds 0555-Avoid-executing-emergency-hooks-twice.patch
- support validating the IMA policy file signature, needed since Kernel 4.7
* Adds 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
- IMA: improve support for evm key loading (bsc#1077359, fate#323906)
* Adds 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
* Adds 0554-98integrity-support-X.509-only-EVM-configuration.patch
- FIPS: Adjust dependencies to work for cryptsetup 2.0 (bsc#1077070)
- Added a few more patch annotations
- Fix typo for ima dependency (evmtcl vs evmctl) (bsc#1073466)
- Updated Patch annotation regarding their upstream state
- FIPS: Try to fetch list of fips modules from the kernel's modules dir (bsc#1074984)
* Adds 0551-fips-use-lib-modules-uname-r-modules.fips.patch
- Annotated patches regarding their upstream state
- dracut-ima requires evmctl and keyutils (bsc#1073466)
- Switch back to fipvlan for bnx2fc (bsc#1052840)
* adds 0548-95fcoe-Switch-back-to-using-fipvlan-for-bnx2fc.patch
- 95fcoe: Allow bnc2x driver more time to complete DCB negotiation (bsc#1052840)
* adds 0549-fcoe-up-Increase-sleeptime-to-13s.patch
- 95fcoe: add timeout initqueue entries (bsc#1052840)
* adds 0550-95fcoe-add-timeout-initqueue-entries.patch
- Fix task limit in emergency.service (same as in dracut-emergency.service) (bsc#1019938)
* adds 0547-Fix-task-limit-in-emergency.service-the-same-change-.patch
- Fix logic for applying 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
- Support AMD CPU families 0x16 and 0x17 (bsc#1072424)
* Adds 0545-Add-early-microcode-support-for-AMD-family-16h.patch
* Adds 0546-Support-Microcode-Updates-for-AMD-CPU-Family-0x17.patch
- Make ip=dhcp work. Previously, a network interface specifier was required.
The new behaviour matches documented behaviour.
Adds 0544-40network-Make-ip-dhcp-work.patch
- Remove 00systemd-bootchart, which is gone from systemd for some time (bsc#1067279)
Adds 0543-Remove-00systemd-bootchart.patch
- Ensure 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch is
not applied on Leap either
- Ensure 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
is not applied on SLE.
- This is to support predictable interface names (boo#960669)
* adds 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
- Include crc32c Intel module when using btrfs (bsc#1011554)
* adds 0542-Include-crc32c-intel-module-when-using-btrfs.patch
- Check the proper variable for a custom IMA keys directory (cherry-picked)
Part of fate#323289.
* adds 0540-Check-the-proper-variable-for-a-custom-IMA-keys-dire.patch
- Reword dracut-ima description to avoid misunderstandings.
- Replace old RPM constructs.
- Add IMA functionality (fate#323289)
This is implemented as a sub module analogous to FIPS
* adds 0539-Add-IMA-functionality-fate-323289.patch
- 90multipath: Remove compat rule that is no longer needed (bsc#1054539)
* adds 0536-90multipath-drop-67-kpartx-compat.rules.patch
- Don't detect crc32.ko as built-in (bsc#1054538)
* adds 0537-dracut-init.sh-ignore-crc32.ko-in-builtin-test.patch
- Enable systemd-based core dumps for initrd (bsc#1054809)
* adds 0538-Enable-core-dumps-with-systemd-from-initrd.patch
- Add missing coreutils dependency for initrd macros (bsc#1055492).
- Ensure that targets such as halt can be reached (bsc#1048698)
* adds 0529-systemd-add-missing-.slice-unit.patch
* adds 0530-dracut-systemd-dracut-cmdline-ask-fix-dracut-kernel-.patch
* adds 0531-dracut-systemd-.service-conflict-with-shutdown-targe.patch
- Do not add too many drivers all at once (bsc#1037344)
* adds 0532-List-drivers-rather-than-looking-for-reverse-depende.patch
- instmods: check modules.builtin in $srcmods (bsc#1048606)
* adds 0533-instmods-check-modules.builtin-in-srcmods.patch
- ssh-client: ensure is usable in all cases (bsc#1021846)
* adds 0534-ssh-client-Include-nss_-libraries.patch
- Sync initramfs after creation to ensure entigrity (bsc#1049113)
* adds 0535-Sync-initramfs-after-creation.patch
- Ensure dracut.sh responds properly to hostonly cmdline (bsc#1048748)
* adds 0528-Ensure-dracut.sh-responds-properly-to-hostonly_cmdli.patch
- switch fips checking to use the libkcapi based fipscheck toolset (bsc#1048565)
* adds 0527-switch-fips-checking-to-use-the-libkcapi-based-fipsc.patch
- iscsiroot: call handle_firmware only for non-iface invocations (bsc#1032284)
* adds 0526-iscsiroot-call-handle_firmware-only-for-non-iface-in.patch
- bail out if module directory does not exist (bsc#1043900)
* adds 0525-backport-bail-out-if-module-directory-does-not-exist.patch
- Suppress nonsensical error message (bsc#1032029)
* adds 0524-Suppress-nonsensical-error-message-bsc-1032029.patch
- 01fips: Fix typo (bsc#1033238)
* adds 0522-Fix-typo-from-commit-3f1cdb520.patch
- 98dracut-systemd: Fix module force loading with systemd (bsc#986216)
* adds 0523-98dracut-systemd-Fix-module-force-loading-with-syste.patch
- Ship udev files required by systemd (bsc#1040153)
* adds 0521-Ensure-udev-persistent-storage-compat-rules-get-crea.patch
- Bump package version to 044.1 to allow systemd to depend on this change
- Revert: "/Require version >= 3.18 btrfsprogs, rather than conflicting with
an older one"/. Dracut should never depend on optional components
- Ignore module resolution errors (e.g. with kgraft) (bsc#1037120)
* adds 0520-Ignore-module-resolution-errors.patch
- 90kernel-modules: Ensure phy drivers are loaded in initrd (bsc#1034893)
* adds 0519-90kernel-modules-Ensure-phy-drivers-are-loaded-in-in.patch
- 90kernel-modules: Fix backlight on Cherrytrail devices (boo#1034785)
* adds 0518-90kernel-modules-Fix-backlight-on-Cherrytrail-device.patch
- 95fcoe: fix rules generation (osc#1036323)
* adds 0517-95fcoe-fixup-fcoe-genrules.sh-for-VN2VN-mode.patch
- More correct patch description for 0512, no functional changes
* updates 0512-Make-binutils-optional-when-elfutils-are-available.patch
- Require version >= 3.18 btrfsprogs, rather than conflicting with
an older one
- Fix subnet calculation in mkinitrd (bsc#1035743)
* adds 0516-mkinitrd-suse.sh-Fix-prefix-calculation.patch
- Conflict with older btrfsprogs < 3.18 bsc#1035518
* otherwise when zypper duping we are not able to generate intrd
until the btrfsprogs are updated, this way we force the app
to be update beforehand (13.1 and SLE11 migrations)
- Ensure hisi_sas_v2_hw gets included (bsc#1034597)
* adds 0515-90kernel-modules-also-add-block-device-driver-revers.patch
- Fix mdraid regression (bsc#1028542)
* adds 0513-Fix-regression-caused-by-6f9bf2b8ac436259bdccb110545.patch
- man: make the -k option clear using mkinitrd (bsc#1012656)
* adds 0514-man-make-the-k-option-clear-using-mkinitrd.patch
- Fix typo in installkernel script (bsc#1032576)
- Drop binutils dependency in favor of elfutils
* add 0512-Make-binutils-optional-when-elfutils-are-available.patch
- 01fips: Make init on non-x86_64, specifically s390x, pass (bsc#1021687)
* add 0510-01fips-Some-modules-use-separators-other-than.patch
* add 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
- installkernel: handle make bin-rpmpkg (bsc#1008648)
- Do not pass ifname for bonding devices (bsc#995812)
* add 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
- Find devices by path for S390x (bsc#915218)
* add s390x_persistent_device.conf
- 01fips: Remove zlib module as requirement (bsc#1020063)
* add 0509-01fips-Remove-zlib-module-as-requirement.patch
- 90multipath: 90multipath: start before local-fs-pre.target
(bsc#1005410, bsc#1006118, bsc#1007925)
* add 0508-90multipath-start-before-local-fs-pre.target.patch
- unlimit TaskMax for xfs_repair in emergency shell (bsc#1019938)
* add 0507-Set-TaskMax-inifinite-for-the-emergency-shell.patch
- Boot on s390x with fips=1 on the kernel commnad line (bnc#1021687)
* add 0506-Boot-on-s390x-with-fips-1-on-the-kernel-commnad-line.patch
- Allow booting from degrated MD arrays with systemd (bsc#1017695)
* add 0505-Allow-booting-from-degraded-MD-RAID-arrays.patch
- Add md4 and arc4 modules for ntlm authentication
* add 0454-Add-md4-and-arc4-modules-for-ntlm.patch
- Resolve symbolic links for -i and -k parameters (bsc#902375)
* add 0453-Resolve-symbolic-links-for-i-and-k-parameters-bsc-90.patch
- purge-kernels: Handle kgraft patches (bsc#1017141)
Cleanup unused code.
- deal with incomplete ibft bootflag settings (bsc#1007648)
* add 0504-ibft-fix-boot-flag-check.patch
- Remove 0314-run-rpcbind.patch again, was solved by another
change in rpcbind
- Try to always add pinctrl-cherryview (bsc#998440)
* add 0452-Always-try-to-add-pinctrl-cherryview.patch
- nfs/rpcbind: rpcbind uses now /run/rpcbind for temporary data.
Create the needed directory.
* add 0314-run-rpcbind.patch
- systemd-initrd: Add initrd-root-device.target. Cherry-pick to get
systemd v230 into factory (bsc1009089)
* add 0451-systemd-initrd-add-initrd-root-device.target.patch
- Bash cannot handle binary strigns with embedded NULs. This used
to work by accident, it no longer does starting from bash 4.4.
Strip NULs during all comparison operations as a workaround.
Addresses bsc989218.
* add 0450-Strip-NUL-bytes-in-stream-before-push-in-string.patch
- Do not create initramfs with world-readable permissions if
early microcode update is used bsc#1008340 CVE-2016-8637
0503-dracut.sh-create-the-initramfs-non-world-readable-al.patch
- Add missing rules file for previous patch
* modify 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
- 90mdraid: Use stock MD rules to assemble RAID arrays (bsc#998860)
* add 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
- 95resume: Do not resume on iSCSI devices (bsc#999663)
* add 0310-95resume-Do-not-resume-on-iSCSI.patch
- 95iscsi: ip=ibft is deprecated (bsc#1004437)
* add 0311-95iscsi-ip-ibft-is-deprecated.patch
- 40network: do not print warning about non-existing file
(bsc#1004437)
* add 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
- 90dmraid: do not delete partitions (bsc#998860)
* add 0309-90dmraid-do-not-delete-partitions.patch
- Give-persistent_policy-precedence-over-dev-mapper-names (bsc#908143)
* add: 0502-persistent_device_policy_param_enhance.patch
- mdadm IMSM_NO_PLATFORM workaround for kdump (bsc#975404)
* add: 0308-mdraid_add_IMSM_NO_PLATFORM_env.patch
- 90multipath: parse commandline option 'multipath=off' (bsc#1001691)
* add 0307-90multipath-parse-kernel-commandline-option-multipat.patch
- 95fcoe: do not start fcoemon twice (bsc#1001512)
* add 0225-95fcoe-do-not-start-fcoemon-twice.patch
- Reformat patch headers:
* modify 0199-rd-iscsi-waitnet-default-false.patch
* modify 0200-dracut_fix_multipath_without_config.patch
* modify 0210-add_fcoe_uefi_check.patch
* modify 0212-fcoe_reorder_init_path.patch
- Rediff patches to apply cleanly:
* modify 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
* modify 0133-Allow-multiple-configurations-per-network-interface-.patch
* modify 0170-iscsi-skip-ibft-invalid-dhcp.patch
* modify 0218-40network-allow-persistent-interface-names.patch
- Remove spurious whitespaces:
* modify 0169-network_set_mtu_macaddr_for_dhcp.patch
- 40network: print out correct prefix (bsc#996141)
* modify 0125-40network-separate-mask-and-prefix.patch
- 95iscsi: setup bnx2i offload connection correctly (bsc#997598)
* add 0224-95iscsi-setup-bnx2i-offload-connections-properly.patch
- Rename patches to match sequence number:
* old: 0019-40network-Fix-race-condition-when-wait-for-networks.patch
* new: 0012-40network-Fix-race-condition-when-wait-for-networks.patch
* old: 0066-40network-always-start-netroot-in-ifup.sh.patch
* new: 0013-40network-always-start-netroot-in-ifup.sh.patch
- rd.iscsi.waitnet should default to false in order for dracut to
wait for the network devices (bsc#997598)
* add 0199-rd-iscsi-waitnet-default-false.patch
- 95multipath: Replace 'grep' with 'sed' for shutdown scripts
(bsc#999220)
* modify 0306-90multipath-add-shutdown-script.patch
- fix boot issues using RAID, bnc#970215
- Add missing whitespace for md raid suse kernel param parsing (bsc#970215)
* modify: 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
- Fix IFS separater in net-lib.sh (bsc#996141)
* modify: 0125-40network-separate-mask-and-prefix.patch
- Rename patch:
* From 0211-fix_multipath_check_hostonly.patch
to 0303-fix_multipath_check_hostonly.patch
- Rename patch:
* From 0213-10i18n-keymap-find.patch
to 0213-Fix-wrong-keymap-inclusion.patch
- 95fcoe: Do not complain about missing /etc/hba.conf (bsc#980539)
* Add 0215-95fcoe-Do-not-complain-about-missing-etc-hba.conf.patch
- 95fcoe: silence lldpad warnings
* Add 0216-95fcoe-silence-lldpad-warnings.patch
- 95fcoe: Allow to specify the FCoE mode via the fcoe= parameter
* Add 0217-95fcoe-Allow-to-specify-the-FCoE-mode-via-the-fcoe-p.patch
- 40network: allow persistent interface names (bsc#995284)
* Add 0218-40network-allow-persistent-interface-names.patch
- 95fcoe: use interface names instead of MAC addresses
* Add 0219-95fcoe-use-interface-names-instead-of-MAC-addresses.patch
- 95fcoe: always set AUTO_VLAN for fcoemon (bsc#995019)
* Add 0220-95fcoe-always-set-AUTO_VLAN-for-fcoemon.patch
- 95fcoe: Add shutdown script (bsc#994860)
* Add 0221-95fcoe-Add-shutdown-script.patch
- 90dm: Fixup shutdown script (bsc#994860)
* Add 0222-90dm-Fixup-shutdown-script.patch
- 90dm: fixup dependency cycle between MD and DM shutdown (bsc#994860)
* Add 0223-90dm-fixup-dependency-cycle-between-MD-and-DM-shutdo.patch
- 90multipath: Start daemon after udev settle (bsc#986734)
* Add 0304-90multipath-Start-daemon-after-udev-settle.patch
- 90multipath: load dm_multipath module during startup
* Add 0305-90multipath-load-dm_multipath-module-during-startup.patch
- 90multipath: add shutdown script (bsc#994860)
* Add 0306-90multipath-add-shutdown-script.patch
- Reformat patches and add patch header:
* 0053-01fips-fixup-loading-issues.patch
* 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
* 0128-90lvm-Install-dm-snapshot-module.patch
* 0133-Allow-multiple-configurations-per-network-interface-.patch
* 0138-fips_add_aesni-intel.patch
* 0168-remove_plymouth_logo_file.patch
* 0169-network_set_mtu_macaddr_for_dhcp.patch
* 0170-iscsi-skip-ibft-invalid-dhcp.patch
* 0180-i18n_add_correct_fontmaps.patch
* 0196-ibft-wait-for-session-on-all-paths.patch
* 0201-fix_nfs_with_ip_instead_of_hostname.patch
* 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
* fips-kernel-4.4-fixes.patch
- Rename patch:
* from fips-kernel-4.4-fixes.patch
* to 0139-fips-kernel-4.4-fixes.patch
- Do not overwrite existing FCoE configuration (bsc#993861)
* Add 0213-95fcoe-Do-not-overwrite-FCoE-configuration.patch
- Fix DASD SSID handling (bsc#989313)
* Add 0501-dasd_fix_ssid_bigger_zero.patch
- Advise user of fs recovery options when we fail to mount (fate#320443)
* Add 0404-dracut-emergency-optionally-print-fs-help.patch
- Add 32bit arm support to installkernel
- Add 0213-10i18n-keymap-find.patch:
- Fix choice of keymap for inclusion (bsc#942896)
- Refresh 0301-include_sysconfig_language.patch
- FCOE fix bsc#982588
* Add 0212-fcoe_reorder_init_path.patch
- fips-kernel-4.4-fixes.patch: adjust the kernel module list to
match the SLES 12 SP2 kernel. (bsc#976577)
- Port missing SLES patches
* Add 0197-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
* Add 0198-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
* Remove 0194-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
* Remove 0195-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
- Rewrite patch:
* Add 0302-Revert-90multipath-add-hostonly-multipath.conf-in-ca.patch
* Remove 0001-multipath_revert_mpathconf_binary_use.patch
- Update 0403-95lunmask-Add-module-to-handle-LUN-masking.patch
to match upstream kernel submission (FATE#319786)
- Add IFS restoring where it has been lost due to mainline merging
(bsc#977117)
* Add 0500-Reset-IFS-variable.patch
- Make sure to install collect binary (bsc#976466)
* Add: 0188-95dasd_rules-Install-collect-udev-helper-binary.patch
- Remove version from requires on subpackage
- Add a split provide because of the package split for SLE12 SP1 to SP2 upgrade
- Forward port of latest SLES patches (fate#320499)
Add:
* 0001-multipath_revert_mpathconf_binary_use.patch (fate#320499)
* 0170-iscsi-skip-ibft-invalid-dhcp.patch (bsc#953361)
* 0160-s390-update_active_devices_initrd.patch (bsc#939101)
* 0161-95zfcp_rules-simplified-rd.zfcp-commandline-for-NPIV.patch (bsc#964456)
* 0190-replace-iscsistart-with-systemd-service-files.patch (fate#319024)
* 0191-static_network_setup_return_zero.patch (bsc#919179)
* 0192-iscsi_set_boot_protocol_from_ifcfg.patch (bsc#919179)
* 0193-95iscsi-Set-number-of-login-retries.patch (bsc#951003)
* 0196-ibft-wait-for-session-on-all-paths.patch (bsc#951003)
* 0403-95lunmask-Add-module-to-handle-LUN-masking.patch (FATE#319786)
Added, but still commented in spec file (still needs adjusting):
- Fixup booting from qla4xxx (bsc#951003)
* 0194-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
* 0195-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
- dracut-installkernel: Fix for aarch64 (bsc#947670)
- Move dist config file to /usr/lib/dracut/dracut.conf.d (bsc#972143)
- Remove stale, unused patch file:
0181-no_systemd_cryptsetup.patch
- Still create a debug config example in /etc/dracut.conf.d
- Add 0211-fix_multipath_check_hostonly.patch:
- Fix warning about multipath
- Modify 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch:
- Don't try to include plymouth if plymouth-dracut pkg. not installed
- Add 0210-add_fcoe_uefi_check.patch:
- Only install fcoe-uefi module if needed (boo#965477)
- Fix 0208-no_forced_virtnet.patch:
- On non-QEMU systems it returned non-zero, causing dracut to fail
- Fixed boo#965477
- dracut.spec: Remove 90qemu-net entirely instead of disabling
- running_in_qemu was broken (reading output of >/dev/null)
- Fix 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe.patch:
- Patch did not have any effect whatsoever
- Fixes bsc#869496
- Rename from 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe..patch
- Add 0169-network_set_mtu_macaddr_for_dhcp.patch:
- Set MTU and LLADDR for DHCP if specified (boo#959803)
- Modify 0017-45ifcfg-use-distro-specific-scripts.patch:
- Also revert upstream commit f34e1d6b to not forcibly
include network and ifcfg modules (bsc#960669)
- Refresh:
- 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
- 0132-40network-fixup-static-network-configuration.patch
- 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
- 0402-driver-fail-summary.patch
- Add 0209-fix_modules_load_d_hostonly.patch:
- Fix modules-load.d with hostonly (boo#962224)
- Add 0208-no_forced_virtnet.patch:
Don't include qemu-net modules without reason.
Fix for bsc#960669
- Refresh and merge:
0133-Allow-multiple-configurations-per-network-interface-.patch
0145-40network-handle-ip-ifname-static-correctly.patch
0162-network-Request-DHCP-lease-instead-of-getting-applyi.patch
- Delete 0134-Remove-bootdev-warning-bnc-881112.patch:
- ip=ibft got deprecated, so workaround not necessary
- Add 0207-handle_module_aliases.patch:
Handle module aliases correctly to not generate unbootable
initrds with different kernel versions. Fix for boo#962694
- Don't require bind-utils, it conflicts with
minimal-base-conflicts
- Add warning about pkgconfig file to rpmlintrc's ignore list
- Fix spec file:
- Add dracut-catimages manpage to dracut-tools
- Fix summary of dracut-tools subpackage
- Remove 0400-use_fstab_systemd.patch
- Move dracut-catimages, /boot/dracut and /var/lib/dracut into
dracut-tools subpackage
- Cleanup spec file
- Refresh patches with line offsets:
0017-45ifcfg-use-distro-specific-scripts.patch
0048-40network-Only-enable-network-interfaces-if-explicit.patch
0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
0182-fix-include-parsing.patch
0183-fix_add_drivers_hang.patch
0203-no-fail-builtin-module.patc
- Update to dracut-044
- Patches upstream, removed here:
0119-Reset-IFS-variable.patch
0120-mkinitrd-suse.sh-Bail-out-with-exit-1-if-initrd-cann.patch
0122-Get_kernel_version_from_gz_file_for_arm.patch
0165-Order-root-fsck-after-pre-mount.patch
0184-fix_lvm_wc_warning.patch
0185-dracut.sh-remove-_EARLY-from-CONFIG_MICROCODE_-check.patch
0401-mount_option_mountpoint.patch
- Updated/Refreshed patches:
0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
0019-40network-Fix-race-condition-when-wait-for-networks.patch
0056-81cio_ignore-handle-cio_ignore-commandline.patch
0058-dracut-add-warning-when-including-unsupported-module.patch
0066-40network-always-start-netroot-in-ifup.sh.patch
0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
0125-40network-separate-mask-and-prefix.patch
0131-40network-handle-prefixed-IP-addresses-correctly.patch
0132-40network-fixup-static-network-configuration.patch
0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe..patch
0159-network-Try-to-load-xennet.patch
0202-dracut_dmraid_use_udev.patch
0203-no-fail-builtin-module.patch
0402-driver-fail-summary.patch
- Fix 0202-dracut_dmraid_use_udev.patch:
- Statement was missing a program to execute
- Add 0206-nfs_dns_alias.patch to fix boo#955592:
- Fix dracut run on nfs root where NFS host is a DNS ALIAS
- Require bind-utils. host is used in some lines
- Fix the wrong kernel config check for microcode with 4.4 kernel
(boo#955712):
0185-dracut.sh-remove-_EARLY-from-CONFIG_MICROCODE_-check.patch
- Disable 0400-use_fstab_systemd.patch
- Fully implementing this would take ages
- Fix boo#948771
- Add numbers to the filename of all patches:
fips_add_aesni-intel.patch -> 0138-fips_add_aesni-intel.patch
dracut_fix_multipath_without_config.patch -> 0200-dracut_fix_multipath_without_config.patch
fix_nfs_with_ip_instead_of_hostname.patch -> 0201-fix_nfs_with_ip_instead_of_hostname.patch
dracut_dmraid_use_udev.patch -> 0202-dracut_dmraid_use_udev.patch
dracut_dont_use_dpkg_defaults_on_SUSE.patch -> 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
- Update description in dracut.spec
- Add 0301-include_sysconfig_language.patch:
- Include /etc/sysconfig/language instead of forcibly generating
/etc/locale.conf
- Workaround and partial fix for boo#927250
- Add 0205-mdraid_ignore_hostonly.patch:
- Always install mdraid modules (boo#935993)
- Modify 0402-driver-fail-summary.patch
- Add notice (bsc#952491)
- Use mktemp instead of hardcoded filenames (bnc#935338)
- Modify 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
- Use mktemp instead of hardcoded filenames (bnc#935338)
- Add dracut-rpmlintrc
- Fix permissions of various scripts, as patch does not
create executable files
- Fix format of patch disablement
- Add 0204-mkinitrd-fix-monster.patch:
- Implement functionality of -A option
- Without this patch, -A sets host_only=0,
but host_only wasn't used
- Translates into --no-host-only now
- References boo#935993
- Add 0402-driver-fail-summary.patch:
- Port 0169-Enabled-Warning-for-failed-kernel-modules-per-defaul.patch:
Subject: Enable warning for failed kernel moduiles
Enabled Warning for failed kernel modules per default
and added summary of those to the end of dracut output
References: bnc#886839
- Disable inline warnings in favour of summary
- Add 0203-no-fail-builtin-module.patch:
Don't let inst1mod fail if module is built-in
- Fixes bsc#935563
- Always install dm-snaphost module if lvm dracut module is needed,
even if dm-snampshot is not loaded on the host yet (bsc#947518)
A 0128-90lvm-Install-dm-snapshot-module.patch
- Add patch 0184-fix_lvm_wc_warning.patch:
- Upstream commit 08eca6 to get rid of missing wc warning
- Fix 0181-no_systemd_cryptsetup.patch:
- Password input without plymouth didn't work
- Disable 0181-no_systemd_cryptsetup.patch: it breaks existing
installations of encrypted / on LVM.
- Fix 0182-fix-include-parsing.patch
- Didn't parse arguments with spaces correctly
- Add patch 0183-fix_add_drivers_hang.patch:
- Fix possible hang in dracut
caused by add_drivers+="/ "/ in dracut.conf (bsc#923116)
- Add patch 0182-fix-include-parsing.patch:
- Fix parsing of "/-i"/ and "/--include"/
- Fixes boo#908452
- Add patch 0181-no_systemd_cryptsetup.patch:
- rd.luks.key is not implemented (properly) if systemd is enabled,
so ignore systemd in 90crypt
- Fixes boo#915849
- Fix systemd-vconsole-error properly (bsc#943312 and bsc#932981)
Rewrite 0180-dracut-add-trivial-vconsole-fontmap.patch
as 0180-i18n_add_correct_fontmaps.patch
- fix systemd-vconsole-error in initrd (bsc#943312)
Add 0180-dracut-add-trivial-vconsole-fontmap.patch
- Add 0401-mount_option_mountpoint.patch:
Make it possible to use a mountpoint as --mount parameter
- Add experimental 0400-use_fstab_systemd.patch:
Add entry for /sysroot in /etc/fstab instead of relying
on root= and rootflags=
- fix plymouth installation if dpkg package is installed
- add dracut_dont_use_dpkg_defaults_on_SUSE.patch
- Do not recommend, but require binutils package. bsc#941928
- get_kernel_version is required for /sbin/mkinitrd
- Update to version 043
Minor change: add missing dmsquash-generator
- Fix dmraid issue bnc#905746
A dracut_dmraid_use_udev.patch
- Taken over from SLE12
A fips_add_aesni-intel.patch
- Do not touch /run vs /var/run bnc#922676
D 0106-dracut-Enable-converting-of-directory-var-run-var-lo.patch
- Update dracut to version 042
Remove these already included or unneeded patches:
D dracut_v041_to_HEAD.patch
D 0011-Correct-paths-for-openSUSE.patch
D 0068-95fcoe-uefi-Test-for-EFI-firmware.patch
D 0170-enable-logitech-hidpp.patch
- Fix nfs mount if IPv4 is used in fstab instead of hostname
A fix_nfs_with_ip_instead_of_hostname.patch
Adjust/refresh:
M 0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
M 0016-Add-new-s390x-specific-rule-files.patch
M 0017-45ifcfg-use-distro-specific-scripts.patch
M 0019-40network-Fix-race-condition-when-wait-for-networks.patch
M 0020-00warpclock-Set-correct-timezone.patch
M 0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
M 0048-40network-Only-enable-network-interfaces-if-explicit.patch
M 0053-01fips-fixup-loading-issues.patch
M 0056-81cio_ignore-handle-cio_ignore-commandline.patch
M 0057-01fips-Include-some-more-hmacs.patch
M 0058-dracut-add-warning-when-including-unsupported-module.patch
M 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
M 0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
M 0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
M 0066-40network-always-start-netroot-in-ifup.sh.patch
M 0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
M 0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch
M 0079-95dasd_rules-fixup-rd.dasd-parsing.patch
M 0080-95dasd_rules-print-out-rd.dasd-commandline.patch
M 0081-95dasd_mod-do-not-set-module-parameters-if-dasd_cio_.patch
M 0083-95zfcp_rules-Fixup-rd.zfcp-parsing.patch
M 0085-95zfcp_rules-print-out-rd.zfcp-commandline-parameter.patch
M 0086-95zfcp_rules-Auto-generate-udev-rule-for-ipl-device.patch
M 0087-95dasd_rules-Auto-generate-udev-rule-for-ipl-device.patch
M 0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
M 0089-40network-create-var-lib-wicked-in-ifup.sh.patch
M 0090-dracut-caps-Remove-whole-caps-module.patch
M 0091-dracut-biosdevname-In-SUSE-biosdevname-package-is-in.patch
M 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
M 0106-dracut-Enable-converting-of-directory-var-run-var-lo.patch
M 0107-Fixup-typo-firmare-instead-of-firmware.patch
M 0108-91zipl-Store-commandline-correctly.patch
M 0109-95dasd_rules-Store-all-devices-in-commandline.patch
M 0110-95zfcp_rules-Store-all-devices-in-commandline.patch
M 0113-91zipl-Install-script-as-executable.patch
M 0114-91zipl-Translate-ext2-3-into-ext4.patch
M 0116-Mark-scripts-as-executable.patch
M 0117-95dasd_rules-Enable-the-device-before-checking-devic.patch
M 0118-95zfcp_rules-Enable-the-device-before-checking-devic.patch
M 0119-Reset-IFS-variable.patch
M 0120-mkinitrd-suse.sh-Bail-out-with-exit-1-if-initrd-cann.patch
M 0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
M 0122-Get_kernel_version_from_gz_file_for_arm.patch
M 0123-95zfcp_rules-fix-typo-in-module_setup.patch
M 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
M 0125-40network-separate-mask-and-prefix.patch
M 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
M 0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
M 0131-40network-handle-prefixed-IP-addresses-correctly.patch
M 0132-40network-fixup-static-network-configuration.patch
M 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
M 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
M 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
M 0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
M 0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
M 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe..patch
M 0159-network-Try-to-load-xennet.patch
M 0163-Install-etc-sysconfig-console-to-see-specific-fonts.patch
M 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
M 0165-Order-root-fsck-after-pre-mount.patch
M 0168-remove_plymouth_logo_file.patch
M dracut_fix_multipath_without_config.patch
- Fix mkinitrd (get_kernel_version) for arm* arch by getting kernel version
from vmlinux.*.gz file instead of [uz]Image file.
Taken over from mkinitrd bnc#908454
* Add patch 0122-Get_kernel_version_from_gz_file_for_arm.patch
- Fix nfs ip= setup in case of IP instead of host in root= name (bsc#931307)
- Honor allow_unsupported_modules setting
From: Borislav Petkov <bp@suse.de>
$ make install
of a locally built kernel, you don't want dracut to do --check-supported
for supported modules when you have "/allow_unsupported_modules 1"/ in
/etc/modprobe.d/10-unsupported-modules.conf.
Teach /sbin/installkernel to pay attention to that setting.
Use modprobe --showconfig too, which is going to be the proper way to do
it starting with 12SP1.
- Add fix for multipath systems without multipathd.conf
bsc#927719: Tumbleweed Snapshot blocked: no multipath support in 20150416+ (likely dracut issue)
bsc#930019: multipath is broken in dracut due to missing /etc/multipath.conf
file (systemd multpath.service condition)
* Added patch: dracut_fix_multipath_without_config.patch
- Update to dracut mainline version 041.
Half of the patches got integrated mainline.
Some others have been merged together when it made sense some have
been left out, but are still in the repository as they need some special
treating and mainline discussion whether/how they get added. These are
also not urgently needed, but are debugging patches.
I broke the rule here to mention every added/deleted/modified patch as
every patch is touched and every 2nd got removed (mainline integrated).
I also re-ordered the patches in the PatchXY: area for easier merging them
and get them discussed and posted mainline easier, topic by topic.
- Patches merged in the git tracking repository:
0065-95iscsi-Fixup-bnx2i-offload-booting.patch
0028-95udev-rules-Include-correct-sg3_utils-rules.patch
0135-lvm-Fix-12819a579900b9691e2-check-for-existance-of-6.patch
0100-Add-btrfs-rescue-utilities.patch
0067-95fcoe-check-always-returns-255.patch
0138-warpclock-Do-not-use-warpclock-module-on-S390-x-hwcl.patch
0077-90multipath-add-missing-11-dm-mpath.rules-file.patch
0042-Enhance-suse.conf-example-with-SUSE-specific-setting.patch
0161-Fix-error-message-when-there-are-no-internal-kernel-.patch
0111-90mdraid-Remove-line-for-offroot-detection.patch
0129-Revert-commit-6ecab258710d158a7a6-and-only-do-not-wa.patch
0041-mkinitd-suse-remove-hostonly-and-hostonly-cmdline.patch
0030-95iscsi-Autodetect-iSCSI-firmware.patch
0052-99base-Add-chown-binary.patch
0105-95iscsi-parse-output-from-iscsiadm-correctly.patch
0101-Print-stored-dracut-commandline-during-initramfs-bui.patch
0096-dracut-Fix-error-local-can-only-be-used-in-a-functio.patch
0043-40network-always-add-network-module.patch
0035-Introduce-force-drivers-parameter-and-force_drivers-.patch
0136-Revert-95udev-rules-add-persistent-network-rule.patch
0143-iscsi-Fix-up-ipv6-in-brackets-iterate-over-all-possi.patch
0167-do-not-symlink-var-log-to-run-log.patch
0024-Fixup-mdraid-setup.patch
0032-mkinitrd-suse.sh-Use-hostonly-and-hostonly-cmdline-c.patch
0022-95udev-rules-add-persistent-network-rule.patch
0166-load-xhci-pci.patch
0047-95resume-skip-module-for-s390-x.patch
0014-Update-dracut-manpage-for-GRUB-Legacy-and-GRUB2.patch
0055-95fcoe-Only-install-fcoe-module-if-required.patch
0078-Restore-original-IFS-value.patch
0046-dracut-Do-not-wait-for-swap-device.patch
0074-More-empty-cmdline-fixes.patch
0112-99base-warn-on-invalid-command-for-initqueue.patch
0034-dracut-Do-not-stop-installing-drivers-if-one-fails.patch
0139-dracut.sh-check-for-logfile-logfile-option-and-creat.patch
0127-99base-Increase-initqueue-timeout-in-non-systemd-cas.patch
0104-Generate-fallback-mount-unit-for-root-filesystem.patch
0154-resume-Also-allow-this-module-on-S390-again-s2disk-c.patch
0149-dracut.sh-Fix-fstab-parsing-again.patch
0027-90multipath-install-dracut-specific-service-file.patch
0084-95rootfs-block-Correctly-terminate-commandline-param.patch
dracut_v37_to_HEAD.patch
0128-90lvm-Install-dm-snapshot-module.patch
0063-90multipath-Install-libgcc_s-library.patch
0062-95iscsi-Install-libgcc_s-library.patch
0146-dracut.sh-corrected-logfile-check.patch
0071-Fix-non-export-of-journal-dev-boot-options.patch
0044-Add-find-to-debug-binaries.patch
0039-Remove-force-parameter-from-mkinitrd.patch
0026-90multipath-add-67-kpartx-compat.rules.patch
0099-90multipath-Load-device_handler-modules-early-during.patch
0029-90multipath-install-correct-multipath-rules.patch
0031-90multipath-Fixup-service-file-for-booting.patch
0036-95fcoe-Store-current-configuration-in-dracut-cmdline.patch
A patch (dracut_v041_to_HEAD.patch) is being added without being properly referenced from the changelog.
0151-Go-back-to-xz-again-pixz-may-use-too-much-memory-whi.patch
0069-81cio_ignore-skip-module-if-cio_ignore-is-not-active.patch
0070-81cio_ignore-rewrite-module.patch
0033-95iscsi-Set-correct-iscsi_started-value-for-iSCSI-fi.patch
0098-Do-not-call-lvm-for-non-LVM-device-mapper-devices.patch
0023-systemd-always-tries-to-load-autofs4.patch
0051-mkinitrd-suse-add-update-bootloader-message.patch
0013-mkinitrd-suse-do-not-update-bootloader-if-no-kernel-.patch
0115-Handle-module-alias-properly.patch
0054-95iscsi-update-commandline-printing.patch
0148-dracut.sh-Fix-LABEL-and-other-fstab-syntax.patch
0122-btrfs-btrfs-dump-super-and-btrfs-select-super-do-not.patch
0045-40network-add-missing-_arch-variable-declaration.patch
0050-95iscsi-strip-one-set-of-quotes-when-calling-initque.patch
0152-Add-a-comment-to-easily-add-debug-modules-also-add-v.patch
0147-dracut.sh-Fix-UUID-fstab-parsing-in-case-mount-optio.patch
0038-95fcoe-start-lldpad-separately.patch
0082-00warpclock-check-for-sbin-hwclock.patch
0155-iscsi-iscsi.initiator-and-others-can-and-must-only-s.patch
0037-95fcoe-update-fcoe-interface-check.patch
0141-iscsi-Avoid-bad-ip-route-call-on-empty-address.patch
0049-95iscsi-Use-ip-ibft-for-ibft-autoconfiguration.patch
0153-Only-add-network-module-on-request-and-on-dependenci.patch
0097-Implement-rd.timeout-to-modify-the-device-timeout.patch
0169-fix-systemd-vconsole.patch
0073-Don-t-create-lots-of-empty-cmdline-files-for-hostonl.patch
0103-Fixup-missing-separators-in-rootfs-block-cmdline.patch
0064-90kernel-modules-install-scsi_dh_alua.patch
0012-Check-for-plymouth-lib-directories.patch
0092-dracut-nbd-Only-complain-of-missing-binary-in-hoston.patch
0160-nfs-Add-ip-.-and-root-nfs.-parameters-to-internal-dr.patch
0093-95iscsi-generate-commandline-for-software-iscsi.patch
0040-95fcoe-skip-VLAN-devices-in-fcoe-up.patch
0156-dracut.usage.asc-Remove-distro-specific-help-from-ma.patch
0018-mkinitrd-suse-Fix-whitespaces-when-adding-drivers.patch
0140-dracut.sh-Avoid-duplicate-devices-in-host_devs.patch
0095-95iscsi-use-static-configuration-for-software-iscsi.patch
0025-95udev-rules-Add-59-scsi-sg_utils.rules.patch
0072-Also-export-root-boot-param-for-hostonly-cmdline-cas.patch
0102-Align-dev_unit_name-with-systemd-s-function.patch
0001-kernel-modules-Fix-storage-module-selection-for-sdhc.patch
- Added dracut_v041_to_HEAD.patch: new patch from v041 against our git
- Add patch to load logitech-hidpp module in default initrd, fixes
issues with not being able to enter LUKS password with logitech
wireless keyboards (boo#918938)
+ Added: 0170-enable-logitech-hidpp.patch
- dracut-fix-systemd-vconsole.patch: patch from upstream to start
the vconsole for new systemd.
+ Added 0169-fix-systemd-vconsole.patch
- Add patch to remove PLYMOUTH_LOGO_FILE from
modules.d/50plymouth/plymouth-populate-initrd.sh (bnc#910952)
+ 0168-remove_plymouth_logo_file.patch
- Do no longer package 02caps: patch 90 takes care of removing it.
- regenerate the initrds on updating this package (or the -fips
subpackage)
- Apply patch for systemd-journald SIGTERMing on boot bnc#915575
* 0167-do-not-symlink-var-log-to-run-log.patch
- add 0166-load-xhci-pci.patch
load xhci-pci on Linux-3.18+ to allow USB-keyboard to give LUKS PW
(bnc#911319)
- 0001-kernel-modules-Fix-storage-module-selection-for-sdhc.patch: fix
storage module selection for sdhci/mmc/ahci
- add 0165-Order-root-fsck-after-pre-mount.patch
ensure root fsck runs after dracut-pre-mount.service which calls
resume (bnc#906592)
- dracut-initrd-restore.patch: dracut-shutdown.service invokes
dracut-initramfs-restore script which will never work in
openSUSE because initrd images are named initrd not initramfs.
Patch is from: Cristian Rodríguez <crrodriguez@opensuse.org>
* Add 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
- e2fsprogs
-
- Remove autoreconf call from e2fsprogs.spec (bsc#1183791)
- po-remove-unnecessary-buggy-positional-parameter-spe.patch: po: remove
unnecessary/buggy positional parameter specifiers (bsc#1170964)
- e2fsck-clarify-overflow-link-count-error-message.patch: e2fsck: clarify
overflow link count error message (bsc#1160979)
- ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch: ext2fs: update
allocation info earlier in ext2fs_mkdir() (bsc#1160979)
- ext2fs-implement-dir-entry-creation-in-htree-directo.patch: ext2fs: implement
dir entry creation in htree directories (bsc#1160979)
- tests-add-test-to-excercise-indexed-directories-with.patch: tests: add test
to excercise indexed directories with metadata_csum (bsc#1160979)
- tune2fs-update-dir-checksums-when-clearing-dir_index.patch: tune2fs: update
dir checksums when clearing dir_index feature (bsc#1160979)
- e2fsck-abort-if-there-is-a-corrupted-directory-block.patch: e2fsck: abort if
there is a corrupted directory block when rehashing (bsc#1160571
CVE-2019-5188)
- e2fsck-don-t-try-to-rehash-a-deleted-directory.patch: 2fsck: don't try to
rehash a deleted directory (bsc#1160571 CVE-2019-5188)
- resize2fs-Make-minimum-size-estimates-more-reliable.patch: resize2fs: Make
minimum size estimates more reliable for mounted fs (bsc#1154295)
- libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch: add checks to
prevent buffer overrun bugs in quota code (bsc#1152101, CVE-2019-5094)
- libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch: libext2fs: call
fsync(2) to clear stale errors for a new a unix I/O channel (bsc#1145716)
- e2fsck-check-and-fix-tails-of-all-bitmaps.patch: e2fsck: check and fix tails
of all bitmap blocks (bsc#1128383)
- libext2fs-Fix-fsync-2-detection.patch: libext2fs: Fix fsync(2) detection
(bsc#1038194)
- Add references from old package:
Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch
in 1.42.12 (bsc#1009532)
Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch
in 1.42.13 (bsc#918346 CVE-2015-1572)
Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch
in 1.42.12 (bsc#915402 CVE-2015-0247)
Got specfile fix through Factory (bsc#960273)
Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194)
- libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch:
libext2fs: fix build failure in swapfs.c on big-endian systems (bsc#1077420)
- Update to 1.43.8
* add forgotten byteswap of some new superblock fields
* fix use-after-free in e2fsck for corrupted root inode
* fix floating point exception due to corrupted superblock in e2fsck
* fix resize2fs's free block sanity checks
* updated translations
- Added %license tag to specfile
- Update to 1.43.7
* debugfs, tune2fs, fuse2fs fixes of error handling in journal replay
* e2fsck and debugfs fixes so that malicious filesystems do not cause
buffer overflows
* fix corner cases in offline resizing in resize2fs
* updated translations
- ignore errors for install-info calls in post scripts,
otherwise installing with "/--excludedocs"/ fails
- Update to 1.43.6
* fix printing of quota inconsistency messages
* fix out of bounds checks in e2fsck
* optimize e2fsck CPU usage for large sparse files
* increase inode size to 256 bytes if features require it
* various UI fixes
* updated translations
- Add missing coreutils dependency for initrd macros (bsc#1055492).
- Update to 1.43.5
* fix e2fsck infinite loop when rebuilding encrypted directories
* fix tune2fs support for enabling /disabling project quota
* fixes in debugfs, dumpe2fs, e2fsck, tune2fs, and resize2fs for maliciously
corrupted filesystems
* fix e2fsck to verify invalid quota inode numbers
* fix byte-swapping of backup superblocks
* fix e2fsck -E bmap2extent to work for sparse files
* fix e2fsck to correctly handle quota accounting for multiply claimed blocks
* lots of other fixes
- Update to 1.43.4
* fix e2fsck handling of system.data extended attributes for small files
* fixes in mke2fs -d
* make mke2fs refuse absurdly large devices
* make mke2fs properly report IO errors
* clarify default in mke2fs questions
* re-add uninit_bg to mke2fs.conf
* add support for project quota to debugfs
* improve xattr support in debugfs
* remove mkfs.ext4dev and fsck.ext4dev
- Remove suse-module-tools dependency as it creates cycle in dependency list
- Update download URL to poing to ftp.kernel.org which is more reliable
- Update to 1.43.3
* mke2fs will use larger journal for large filesystems by default
* e2fsck journal replay bugfixes
* debugfs improvements and fixes
* fix resize2fs migration of attribute blocks
- fuse2fs manpage is no longer installed when fuse2fs is not built
- fix last change
- Rebuild the initrd if this package changes (and we are not
building the -mini version)
- Update to 1.43.1
* Add support for the ext4 metadata checksum, checksum seed, inline data,
encryption, project quota, and read-only features
* Support for the very old, experimental, and never-added-to-mainline
compression feature has been removed
* Mke2fs will now create file systems with the metadata_csum and 64bit
features enabled by default
* The tune2fs program will ask the user for confirmation before starting
dangerous operations if the terminal is available, and it will replay
the journal if necessary
* Add an ext2/3/4 FUSE server
* The resize2fs command can now convert file systems between 64-bit and
32-bit mode
* We now use a new e2undo file format which is much more efficient and
faster than the old tdb-based scheme. Since it so much faster, e2fsck,
tune2fs, debugfs, and resize2fs now also can support using creating an
undo file.
* Multiple e2fsck fixes
* Multiple mke2fs improvements
* Multiple debugfs improvements
- spec: add static library dependencies
- enable static build and package static libraries
- e2fsprogs-1.41.1-splash_support.patch: Drop it, this patch
depends on the old in kernel "/bootsplash"/ patches that were
removed after the introduction of plymouth.
- Update to 1.42.13
* fix potential buffer overflow while closing a filesystem
* fix deadlock which occurs when using systemd and e2fsck.conf's logging
feature
* make tune2fs clear journal superblock backup when removing journal
* fix use after free bugs in resize2fs and e2fsck
* fix endianity bugs in libext2fs
...
- Remove e2fsck-fix-free-pointer-dereferences.patch: Merged upstream
- e2fsck-fix-free-pointer-dereferences.patch: Fix use after free (bnc#912229)
- efibootmgr
-
- Use %license instead of %doc [bsc#1082318]
- forcefully enable PIE
- Update to 14 plus upstream fixes. (fate#322108)
(0001-Don-t-use-fshort-wchar-when-building-63.patch,
0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch,
0003-Add-support-for-parsing-optional-data-as-ucs2.patch)
- Forward port and refresh SLE patches
(efibootmgr-derhat.diff, MARM-sanitize-set_mirror.diff
efibootmgr-delete-multiple.diff)
- Drop upstreamed patches
(efibootmgr-check-boot-order.diff,
efibootmgr-fix-efivar-0.24.patch,
efibootmgr-fix-usage-of-efi_loadopt_path-again.patch,
MARM-add-m-and-M-options.diff,
MARM-extend-man-for-M-option.diff,
MARM-fix-insufficient-validation-check-of-M-option.diff,
MARM-introduce-man-for-m-and-M-option.diff)
- Build on all archs. There is no reason not to. (boo#1025520)
- Depend on new enough efivar. Build fails otherwise.
- add efibootmgr-fix-usage-of-efi_loadopt_path-again.patch - fix
efibootmgr -v with new efivar (boo#993458)
- Add support for Memory Address Range Mirroring.
[fate#320999, bsc#987599]
(add MARM-add-m-and-M-options.diff,
MARM-fix-insufficient-validation-check-of-M-option.diff,
MARM-introduce-man-for-m-and-M-option.diff,
MARM-extend-man-for-M-option.diff,
MARM-sanitize-set_mirror.diff)
- Add efibootmgr-fix-efivar-0.24.patch fix the compilation errors
caused by the efivar update
- Properly latch long to short option for delete. [bsc#945705]
(efibootmgr-delete-multiple.diff)
- Refresh for SLE12. [bsc#929677]
(efibootmgr-gcc-Wall.diff, efibootmgr-delete-multiple.diff)
- Update to 0.12
* This release is mostly a maintenance release that uses
libefivar's new library API for creating device paths and load
options.
* Also DHCPv4 network boot entries are now something you can
create without knowing an awful lot about ACPI.
- Refresh patches
efibootmgr-0.11.0-derhat.diff as efibootmgr-derhat.diff
efibootmgr-0.11.0-check-boot-order.diff as
efibootmgr-check-boot-order.diff
- Update project and download url
- Allow disk/partition as selector for delete as well. [bsc#870211]
(efibootmgr-delete-multiple.diff)
- Remove version number from patches.
(add efibootmgr-derhat.diff, efibootmgr-fail-visibly.diff,
efibootmgr-gcc-Wall.diff, efibootmgr-set_boot_order.diff,
efibootmgr-write-unique-id-once.diff;
drop efibootmgr-0.6.0-check-boot-order.diff,
efibootmgr-0.6.0-delete-by-uuid.diff, efibootmgr-0.6.0-derhat.diff,
efibootmgr-0.6.0-fail-visibly.diff, efibootmgr-0.6.0-gcc-Wall.diff,
efibootmgr-0.6.0-set_boot_order.diff,
efibootmgr-0.6.0-write-unique-id-once.diff)
Note: this entry reflects obsoleted, SLE-only changes!
- Introduce partition UUID as selector for delete. [bsc#870211]
(efibootmgr-0.6.0-delete-by-uuid.diff)
- Enable i586 build
- efibootmgr-0.6.0-check-boot-order.diff, efibootmgr-0.6.0-derhat.diff:
pass source validator check
- switch homepage to https://github.com/vathpela/efibootmgr
- Update version number to 0.11.0
- Rebase patches
(efibootmgr-0.11.0-derhat.diff,
efibootmgr-0.11.0-check-boot-order.diff)
- Drop efibootmgr-0.6.0-set_boot_order.diff since the data size of
the variable is handled properly now
- Drop efibootmgr-0.6.0-fail-visibly.diff since err() and warn()
are introduced to show more meaningful messages
- Drop upstreamed patch
(efibootmgr-0.6.0-gcc-Wall.diff,
efibootmgr-0.6.0-write-unique-id-once.diff)
- Enable for aarch64 (fate#318444)
- Add efibootmgr-0.6.0-check-boot-order.diff to delete BootOrder
if there is no more boot option. [bnc#883545]
- Update version number to 0.6.0,
- Integrate SLE11 patches. [bnc#830784]
(efibootmgr-0.6.0-fail-visibly.diff,
efibootmgr-0.6.0-set_boot_order.diff)
- Fix gcc warnings.
(efibootmgr-0.6.0-gcc-Wall.diff)
- Make default '--loader' build-time configurable.
(efibootmgr-0.6.0-derhat.diff)
- Don't let '--write-signature' overwrite unique signatures.
(efibootmgr-0.6.0-write-unique-id-once.diff)
- Drop obsolete patches
(efibootmgr-0.5.4.diff,
efibootmgr-0.5.4-catchup.diff,
efibootmgr-0.5.4-sector-size.diff)
- Print EFI status for failed '--create' as well. [bnc#811767]
(efibootmgr-0.5.4-fail-visibly.diff)
- Fix '--bootorder' handling. [bnc#810899]
(efibootmgr-0.5.4-set_boot_order.diff)
- Print EFI status in case of failure. [bnc#811767]
(efibootmgr-0.5.4-fail-visibly.diff)
- Apply critical upstream fixes
o for memory leaking variable creation. [bnc#746324]
o to improve spec conformance by removing device path padding.
o to work around broken Apple firmware.
(efibootmgr-0.5.4-catchup.diff)
- Allow hard disk sector sizes not equal to 512. [bnc#711830]
(efibootmgr-0.5.4-sector-size.diff)
- Add zlib-devel to BuildRequires
- Remove redundant/obsolete tags/sections from specfile
(cf. packaging guidelines)
- efivar
-
- Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC
sysfs parsing (bsc#1187386)
- Add efivar-bsc1181967-fix-nvme-parsing.patch to fix the NVME
path parsing (bsc#1181967)
- Add efivar-bsc1175989-handle-NULL-set-variable.patch to fix
segfault on non-EFI systems (bsc#1175989)
- Delete unused file: reproducible.patch
- Add efivar-bsc1127544-fix-ucs2len.patch to fix logic that checks
for UCS-2 string termination (boo#1127544)
- Add efivar-fix-efidp_ipv4_addr-fields-assignment.patch to fix the
casting of IPv4 address.
- Update to 37
+ Improve ACPI device path formatting
+ Add support for SOC devices that use FDT as their PCI root node
+ Make devices we can't parse the "/device"/ sysfs link for use
DEV_ABBREV_ONLY
+ Handle SCSI port numbers better
+ Don't require an EUI for NVMe (boo#1100077)
+ Fix the accidental requirement on ACPI UID nodes existing
+ Add support for EMMC devices
+ Add support for PCI root nodes without a device link in sysfs
+ Add support for partitioned MD devices
+ Fix partition number detection when the number isn't provided
+ Add support for ACPI Generic Container and Embedded Controller
root nodes (boo#1101023)
+ Add limited support for SAS/SATA port expanders
- Add upstream patches to fix boo#1120862
+ efivar-make-format_guid-handle-misaligned-guid-pointer.patch
+ efivar-Fix-all-the-places-Werror-address-of-packed-member-c.patch
- Drop upstreamed reproducible.patch
- Refresh libefiboot-export-disk_get_partition_info.patch
- Use %license for COPYING
- Add reproducible.patch to initialize memory (boo#1061219)
- Downgrade to 35 (fate#326702)
+ 36 rewrote the linux interface parsers and caused several
problems in efibootmgr. Downgrade the version before the change
to avoid the failure of boot variable creation
(boo#1100077, boo#1101023)
- Refresh libefiboot-export-disk_get_partition_info.patch
- Update to version 36
- adjust libefiboot-export-disk_get_partition_info.patch to fit
new version
- RPM group fix
- libefiboot-export-disk_get_partition_info.patch:
(bsc#870211, bsc#945705)
- Update to 31 (fate#322108)
- Drop upstreamed patches
+ efivar-no-static.patch
+ deprecated-readdir_r.patch
+ efivar-use-sysmacros.patch
- Add efivar-use-sysmacros.patch to fix the Factory/Tumbleweed
build correctly.
- Amend the spec file to specify the gcc version for SLE11SP4
- Fix building for SLE11SP4, SLE12SP2, and Tumbleweed
(fate#322108, bnc#1012765)
- Drop obsolete patch
efivar-bsc988000-remove-versioning-efi_set_variable.patch
- Update to 0.24
- Drop upstreamed patches
+ efivar-0.21-gcc6.diff
+ efivar-nvme-rename.patch
+ efivar-nvme-no-kernel-header.patch
+ efivar-relicensing.patch
+ efivar-bsc988000-fix-mode-efi_set_variable.patch
- deprecated-readdir_r.patch: Remove use of deprecated readdir_r
- Add efivar-bsc988000-fix-mode-efi_set_variable.patch and
efivar-bsc988000-remove-versioning-efi_set_variable.patch to set
the default file mode rather than fetching a value randomly
(bsc#988000)
- Add efivar-relicensing.patch to update the license in some files
- Add the missing COPYING
- Update to 0.23 for fwupdate (FATE#319345)
- Add efivar-nvme-rename.patch and efivar-nvme-no-kernel-header.patch
to work around the missing kernel header.
- Add efivar-no-static.patch to remove efivar-static since it
causes build failure and we don't really need it.
- Remove efivar-fix-initializer.patch since it's already in 0.23.
- Remove _smp_mflags since the Makefile doesn't work well with
the flag.
- Add efivar-0.21-gcc6.diff to fix strict-aliasing issue.
- Build with -Wno-nonnull as efivar tests nonnull args for zero
and that breaks with its use of -Werror.
- Update the source link
- Update to 0.21
- Add efivar-fix-initializer.patch to initialize ifreq properly
- Drop patches
+ efivar-fix-vars_del_variable.patch: upstreamed
+ efivar-revert-linker-order.patch: not necessary
- Add efivar-fix-vars_del_variable.patch to fix the deletion of
the variable with the old efivar kernel modules
- Add efivar-revert-linker-order.patch to adjust the linker order
which caused the compilation error in pesign
- Use default CFLAGS
- Update to 0.20
* Make sure tester is build with the right link order for
libraries.
* Adjust linker order for pkg-config
* Work around LocateDevicePath() not grokking PcieRoot() devices
properly.
* Rectify some missing changelog entries
- Changes for 0.19
* Lots of debugging in this release, as well as some of the
documentation that's planned. There's more of that to come.
- Changes for 0.18
* This release is mostly about adding the efidp and libefiboot
APIs available.Next release will feature documentation for
them, verification that various different device path types
work, etc. Right now efi device path generation is basically
limited to:
+ full file paths on sata devices
+ full file paths on sas devices
+ HD() paths for SATA and SAS devices
+ ipv4 dhcp device paths that don't specify their own
filenames
- Drop upstreamed patche
* efivar-correct-license-header.patch
- Drop as Makefiles have been restructured, CFLAGS no longer
defined in them
* efivar-suse-build.patch
- Use fdupes to reduce amount of duplicate files
- Add efivar-correct-license-header.patch to correct the license of
util.h
- Amend the spec file with spec-cleaner
- Update to 0.15
+ Make FSF addresses in COPYING be URLS
+ Fix variables' DataSize field on 32-bit machines.
+ Add some vendor specific guids to our guid list
+ Add efi_id_guid_to_name() and efi_name_to_id_guid(), which
support {ID GUID} as a concept a la
http://technet.microsoft.com/en-us/library/cc766223%28v=ws.10%29.aspx
+ Call "/empty"/ "/zero"/ now, as many other places do. (empty
references still exist for ABI compatibility)
+ add "/efivar -L"/ to the man page
+ efi_symbol_to_guid()
+ efi_name_to_guid() will fall back on efi_symbol_to_guid()
+ "/efivar -L"/ to list all the guids we know about
+ better namespacing on libefivar.so
(rename well_known_* -> efi_well_known_*)
- Refresh efivar-suse-build.patch
- elfutils
-
- CVE-2018-16402: libelf: denial of service/double free on an
attempt to decompress the same section twice (bnc#1107066)
Add patch:
libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
Add patch:
arlib-check-that-sh_entsize-isnt-zero.patch
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bnc#1033088)
Add patch:
elflint-check-symbol-table-data-is-big-enough-before-check.patch
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bnc#1033087)
Add patch:
elflint-dont-check-section-group-without-flags-word.patch
- CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
Add patch:
libdw-check-end-of-attributes-list-consistently.patch
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
Add patch:
libdw-readelf-make-sure-there-is-enough-data-to-read.patch
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bnc#1111973)
Add patch:
libdwfl-sanity-check-partial-core-file-data-reads.patch
- CVE-2019-7150: dwfl_segment_report_module doesn't check whether
the dyn data read from core file is truncated (bnc#1123685)
Add patch:
libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
- CVE-2019-7665: NT_PLATFORM core file note should be a zero
terminated string (CVE is a bit misleading, as this is not a bug
in libelf as described) (bnc#1125007)
Add patch:
libebl-check-NT_PLATFORM-core-notes.patch
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bnc#1033086)
Add patch:
libelf-check-compression-before-allocate-output-buffer.patch
- CVE-2018-16402: Double-free crash in nm and readelf (bnc#1107066)
Add patch:
libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bnc#1033084)
Add patch:
readelf-fix-off-by-one-sanity-check.patch
- CVE-2018-18520: eu-size: Bad handling of ar files inside are
files (bnc#1112726)
Add patch:
size-handle-recursive-elf-ar-files.patch
- CVE-2017-7608: heap-based buffer overflow in
ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
Add patch:
use-the-empty-string-for-note-names-with-zero-size.patch
- CVE-2017-7613: elfutils: denial of service (memory consumption)
via a crafted ELF file (bnc#1033090)
Add patch:
elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
over-read and application crash) via a crafted ELF file
(bnc#1033089)
Add patch: elfutils-dont-trust-sh_entsize.patch
- Restore obsolete on libebl.
- Update package descriptions.
- Rename libebl1 to libebl-plugins as these are not linked,
but dlopened using their unversioned libebl_$ARCH.so name.
- Have libelf1 require libebl-plugins (libebl.a, which does the
dlopen call, is staticly built into libelf1). This is necessary
for pahole to display its results. [boo#1049871]
- ppc-machine-flags.patch: support EM_PPC machine flags
- disable-tests-with-ptrace.patch: disable more tests
- Update Git-Clone URL
- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
unconditionally in the spec file. As we can't support binary diff,
a newly added test-case is removed from the patch.
- Add 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch:
fix .gnu.attributes checking on ppc64{,le}.
- Add missing ldconfig calls for libasm1
- make tests pass when user does not want debuginfo (boo#1031556)
- Update to version 0.168:
libelf: gelf_newehdr and gelf_newehdr now return void *.
libdw: dwarf.h corrected the DW_LANG_PLI constant name (was DW_LANG_PL1).
readelf: Add optional --symbols[=SECTION] argument to select section name.
- Includes changes from 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch
and 0001-ar-Fix-GCC7-Wformat-length-issues.patch.
- Remove elfutils-0.137-dwarf-header-check-fix.diff which is no longer
required after a debugedit fix.
- Add 0001-Add-GCC7-Wimplicit-fallthrough-support-fixes.patch: fix
new warning introduced in GCC 7.
- Add 0001-ar-Fix-GCC7-Wformat-length-issues.patch: fix -Wformat-length
warning introduced in GCC 7.
- Update to version 0.167:
libasm: Add eBPF disassembler for EM_BPF files.
backends: Add m68k and BPF backends.
ld: Removed.
dwelf: Add ELF/DWARF string table creation functions. dwelf_strtab_init,
dwelf_strtab_add, dwelf_strtab_add_len, dwelf_strtab_finalize,
dwelf_strent_off, dwelf_strent_str and dwelf_strtab_free.
Support compressed sections from binutils 2.27.
- Remove patch elfutils-0.166-elfcmp-comp-gcc6.patch: included upstream.
- disable-tests-with-ptrace.patch: disable tests that use ptrace when
running under qemu-linux-user
- Update to version 0.166:
+ config: The default program prefix for the installed tools is now
eu-. Use configure --program-prefix="/"/ to not use a program
prefix.
+ Various bugfixes.
- Drop elfutils-0.164-dt-ppc-opt.patch and
elfutils-0.164-gcc6.patch (merged upstream)
- Add patch elfutils-0.166-elfcmp-comp-gcc6.patch: fix
self-comparison error with GCC 6.
- Changes from 0.165:
+ Add eu-elfcompress
+ Add pkg-config files for libelf and libdw.
- add elfutils-0.164-gcc6.patch
- rename dt-ppc-opt.patch as elfutils-0.164-dt-ppc-opt.patch
and add reference to upstream commit id
- dt-ppc-opt.patch: add support for DT_PPC_OPT
- Update to version 0.164
Drop the following patches, fixed upstream:
* elfutils-portability-0.163.patch
* elfutils-revert-portability-scanf.patch
* elfutils-uninitialized.diff
* libebl-prototype-fix.diff
Changelog:
- strip, unstrip:
* Handle ELF files with merged strtab/shstrtab tables.
* Handle missing SHF_INFO_LINK section flags.
- libelf:
* Use int64_t for offsets in libelf.h instead of loff_t.
- libdw:
* dwarf.h Add preliminary DWARF5 DW_LANG_Haskell.
- libdwfl:
* dwfl_standard_find_debuginfo now searches any subdir of the binary
path under the debuginfo root when the separate debug file couldn't
be found by build-id.
* dwfl_linux_proc_attach can now be called before any Dwfl_Modules
have been reported.
- Implement %check
- Update to version 0.163
Drop patch elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
Drop patch elfutils-0.148-dont-crash.diff (fixed by 9ceebe69)
Drop patch elfutils-portability-0.161.patch
Add patch elfutils-portability-0.163.patch
Changelog:
0.163:
- Bug fixes only, no new features.
0.162:
- libdw: Install new header elfutils/known-dwarf.h.
dwarf.h Add preliminary DWARF5 constants DW_TAG_atomic_type,
DW_LANG_Fortran03, DW_LANG_Fortran08. dwarf_peel_type now also
handles DW_TAG_atomic_type.
- addr2line: Input addresses are now always interpreted as hexadecimal
numbers, never as octal or decimal numbers.
New option -a, --addresses to print address before each entry.
New option -C, --demangle to show demangled symbols.
New option --pretty-print to print all information on one line.
- ar: CVE-2014-9447 Directory traversal vulnerability in ar extraction.
- backends: x32 support.
- Make ebl modversion predictable to allow build-compare (bnc#916043)
- CVE-2014-9447: elfutils: Directory traversal vulnerability (bnc#911662)
Add patch: elfutils-fix-dir-traversal-vuln-in-ar-extraction.patch
- Update to version 0.161
+ libdw: New function dwarf_peel_type. dwarf_aggregate_size now uses
dwarf_peel_type to also provide the sizes of qualified types.
dwarf_getmacros will now serve either of .debug_macro and
.debug_macinfo transparently. New interfaces
dwarf_getmacros_off, dwarf_macro_getsrcfiles,
dwarf_macro_getparamcnt, and dwarf_macro_param are available
for more generalized inspection of macros and their parameters.
dwarf.h: Add DW_AT_GNU_deleted, DW_AT_noreturn, DW_LANG_C11,
DW_LANG_C_plus_plus_11 and DW_LANG_C_plus_plus_14.
- Remove merged patches
+ elfutils-robustify.patch
+ elfutils-no-po-test-build.diff
+ elfutils-check-for-overflow-before-calling-malloc-to-uncompress-data.patch
- Refreshed patch (from Fedora sources)
+ elfutils-portability.patch > elfutils-portability-0.161.patch
- Add a lang subpackage
- Update homepage URL and improve RPM group classification
- expat
-
- Security fix (CVE-2019-15903, bsc#1149429)
* Crafted XML input results in heap-based buffer over-read by fooling
the parser into changing from DTD parsing to document parsing
* Added patches:
- expat-CVE-2019-15903.patch
- expat-CVE-2019-15903-tests.patch
- Security fix (CVE-2018-20843, bsc#1139937)
* Large number of colons in input makes parser consume high
amount of resources
* Added expat-CVE-2018-20843.patch
- Expand description of expat-devel.
- Do not generate manpages from docbook
- Temporarily disable profiling due to bug in build system
- Version update to 2.2.5 Tue October 31 2017
* Bug fixes:
- If the parser runs out of memory, make sure its internal
state reflects the memory it actually has, not the memory
it wanted to have.
- The default handler wasn't being called when it should for
a SYSTEM or PUBLIC doctype if an entity declaration handler
was registered.
- Fix a case of mistakenly reported parsing success where
XML_StopParser was called from an element handler
- Function XML_ErrorString was returning NULL rather than
a message for code XML_ERROR_INVALID_ARGUMENT
introduced with release 2.2.1
* Other changes:
- Add argument -N adding notation declarations
- various compiler-specific fixes
- Improve docbook2x-man detection
- drop expat-docbook.patch
* fixed in 0f5186c7b8e503c669e332d944712de010b265f3
- switch to github for release tarballs and website
- Version update to 2.2.4 Sat August 19 2017
* Bug fixes:
[#115] Fix copying of partial characters for UTF-8 input
* Other changes:
[#109] Fix "/make check"/ for non-x86 architectures that default
to unsigned type char (-128..127 rather than 0..255)
[#109] coverage.sh: Cover -funsigned-char
Autotools: Introduce --without-xmlwf argument
[#65] Autotools: Replace handwritten Makefile with GNU Automake
[#43] CMake: Auto-detect high quality entropy extractors, add new
option USE_libbsd=ON to use arc4random_buf of libbsd
[#74] CMake: Add -fno-strict-aliasing only where supported
[#114] CMake: Always honor manually set BUILD_* options
[#114] CMake: Compile man page if docbook2x-man is available, only
[#117] Include file tests/xmltest.log.expected in source tarball
(required for "/make run-xmltest"/)
[#111] Fix some typos in documentation
Version info bumped from 7:5:6 to 7:6:6
- Release 2.2.3 Wed August 2 2017
* Bug fixes:
[#85] Fix a dangling pointer issue related to realloc
* Other changes:
[#91] Linux: Allow getrandom to fail if nonblocking pool has not
yet been initialized and read /dev/urandom then, instead.
This is in line with what recent Python does.
[#86] Check that a UTF-16 encoding in an XML declaration has the
right endianness
[#4] #5 #7 Recover correctly when some reallocations fail
Repair "/./configure && make"/ for systems without any
provider of high quality entropy
and try reading /dev/urandom on those
Ensure that user-defined character encodings have converter
functions when they are needed
Fix mis-leading description of argument -c in xmlwf.1
Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
for CloudABI
[#100] Fix use of SIPHASH_MAIN in siphash.h
[#23] Test suite: Fix memory leaks
Version info bumped from 7:4:6 to 7:5:6
- Release 2.2.2 Wed July 12 2017
* Security fixes:
[#43] Protect against compilation without any source of high
quality entropy enabled, e.g. with CMake build system;
* [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
resulted in NULL dereference, previously;
* Bug fixes:
[#69] Fix improper use of unsigned long long integer literals
* Other changes:
[#73] Start requiring a C99 compiler
[#49] Fix "/=="/ Bashism in configure script
[#58] Address compile warnings
[#68] Fix "/./buildconf.sh && ./configure"/ for some versions
of Dash for /bin/sh
[#72] CMake: Ease use of Expat in context of a parent project
with multiple CMakeLists.txt files
[#72] CMake: Resolve mistaken executable permissions
[#76] Address compile warning with -DNDEBUG (not recommended!)
[#77] Address compile warning about macro redefinition
* Added patch expat-docbook.patch to compile the man pages with
docbook-to-man
* Cleaned spec file with spec-cleaner
- Allow building when do_profiling is undefined
- Build with profiling when possible
- Version update to 2.2.1 Sat June 17 2017
- Security fixes:
CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
- [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
(Fixed version of existing downstream patches!)
- (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names;
[#25] More integer overflow detection (function poolGrow);
- [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
- [MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
- [MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak,
- [MOX-003] Prevent use of uninitialised variable; commit
- [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
- [MOX-006] * NULL checks; commits
* Negative length (XML_Parse); commit
- [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
- [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
- Bug fixes:
[#32] Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
[#28] xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "/out of memory"/
[#3] Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
[#17] Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
xmlwf on Windows: Add missing calls to CloseHandle
- New features:
[#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Bump version info from 7:2:6 to 7:3:6
- Remove pointless --with-pic (for static only)
- Version update to 2.2.0:
* Fixes bnc#983215 CVE-2012-6702
* Fixes bnc#983216 CVE-2016-5300
* Various cmake and autotools script updates
* Fix detection of utf8 character boundaries
- Remove all patches merged upstream:
* expat-2.1.1-avoid_relying_on_undef_behaviour.patch
* expat-2.1.1-parser_crashes_on_malformed_input.patch
* expat-alloc-size.patch
* expat-visibility.patch
- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
relying on undefined behavior in the original CVE-2015-1283 fix
[bnc#980391], [bnc#983985], [CVE-2016-4472]
- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
Expat XML parser that mishandles certain kinds of malformed input
documents [bnc#979441], [CVE-2016-0718]
- use spec-cleaner to clean specfile
- After simplification of expat-visibility.patch, it became
uneffective as no symbols are getting hidden. add
- fvisibility=hidden to CFLAGS again.
- expat-alloc-size.patch: fix braino, realloc()-like functions
should not take __attribute__(malloc)
- Update to version 2.1.1
* Fixes CVE-2015-1283 — Multiple integer overflows in the
XML_GetBuffer function
* Fix potential null pointer dereference
* Symbol XML_SetHashSalt was not exported
* Output of xmlwf -h was incomplete
* Document behavior of calling XML_SetHashSalt with salt 0
* Minor improvements to man page xmlwf(1)
- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
- Drop config-guess-sub-update.patch, fixed upstream.
- Cleanup spec file with spec-cleaner
- Remove old ppc obsoletes/provides
- fdupes
-
- We cannot update from fdupes 1.51 to 1.6.1. That "/downgrade"/
works okay'ish for Tumbleweed because we can replace the old
package with the new one, but in SLE this is not possible. We
asked upstream to please release a "/2.0"/ version to remedy these
issues (https://github.com/adrianlopezroche/fdupes/issues/74),
but he does not respond. Therefore, we'll call this version 1.61,
ignoring upstreams change in the versioning scheme.
- Upstream has changed their versioning scheme after version 1.51.
Unfortunately, the new version 1.6.x won't be recognized as
"/newer"/ by zypper. This commit adds appropriate "/provides"/ and
"/obsoletes"/ attributes to the spec file to remedy that issue.
- Drop 50_bts284274_hardlinkreplace.dpatch. The --linkhard option
added by this patch has an implementation bug that can cause data
loss. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677419
has more details.
- Update to version 1.6.1. The following patches have been applied
upstream and were dropped:
* 0001-restore-pristine-code.patch
* 0002-Added-to-escape-minus-signs-in-manpage-lintian-warni.patch
* 0003-Fix-a-typo-in-a-manpage-bts353789.patch
* 0005-add-summarize-to-manpage-bts481809.patch
* 0006-add-nohidden-support-bts511702.patch
* 0007-Disambiguate-the-options-recurse-and-recurse-bts5371.patch
* 0008-speedup-the-file-compare.patch
* 0009-glibc-endianness-check-in-md5.patch
* 0010-add-permissions-mode.patch
* 0011-add-an-option-to-sort-duplicate-files-by-name.patch
- 50_bts284274_hardlinkreplace.dpatch had to be refreshed.
- By default relink hardlinks too, should fix bnc#940296
- Update to upstream git repo on github
- Refresh patches:
* fdupes-makefile.patch
* 0008-speedup-the-file-compare.patch
* 0010-add-permissions-mode.patch
* 0011-add-an-option-to-sort-duplicate-files-by-name.patch
* 50_bts284274_hardlinkreplace.dpatch
- Upstreamed patch:
* 0004-Large-file-support-for-2GB-files-bts447601.patch
- Remove whitespace from fdupes.macros file
- Cleanup with spec-cleaner
- Obey rpm-opt-flags
- run test phase
- add -L (--linkhard) option
add 50_bts284274_hardlinkreplace.dpatch
- sort the output of fdupes by filename to make it deterministic
for parallel builds
* 0011-add-an-option-to-sort-duplicate-files-by-name.patch
- update to 1.5.0-PR2
* new "/--summarize"/ option
* new "/--recurse:"/ selective recursion option
* new "/--noprompt"/ option for totally automated deletion of
duplicate files.
* sorts duplicates (old to new) for consistent order when
listing or deleteing duplicate files.
* tests for early matching of files, which should help speed up
the matching process when large files are involved.
* warns whenever a file cannot be deleted.
* bugfixes (proper file closing, zero-length files, ...)
- drop the fdupes-sort-output.diff (upstream uses mtime based)
- rename and rebase fdupes-speedup.patch to 0008-speedup-the-compare.patch
- rename and rebase fdupes-endianness.patch to
0009-glibc-endianness-check-in-md5.patch
- add -p/--permissions switch so files with different permissions or uid/gid
are not considered as duplicates (bnc#784670)
* this mode is a default one for fdupes macro
0010-add-permissions-mode.patch
- imported several fixes from Debian
* 0001-restore-pristine-code.patch - some common code fixes, partly obsoletes
speedup patch
* manual page fixes
0002-Added-to-escape-minus-signs-in-manpage-lintian-warni.patch
0003-Fix-a-typo-in-a-manpage-bts353789.patch
0005-add-summarize-to-manpage-bts481809.patch
0006-add-nohidden-support-bts511702.patch
0007-Disambiguate-the-options-recurse-and-recurse-bts5371.patch
* 0004-Large-file-support-for-2GB-files-bts447601.patch - large file support
- added "/which"/ requirement for red hat distros
- patch license to follow spdx.org standard
- cross-build workaround: fake gcc script to work around build
system not honoring CC
- Apply packaging guidelines (remove redundant/obsolete
tags/sections from specfile, etc.)
- fix bnc#406825: speedup fdupes
* fdupes-speedup.patch fixes some performance gaps in code
* fdupes-endianness.patch speedups the built in md5 on little endian machines
- make patch0 usage consistent
- file
-
- Add patchfix_of_backport_PR-62.patch as previous backport caused
a shorten output of the elf interprter (bsc#1176123)
- file-5.24-nitpick.dif: remove obsolete patch (bsc#1169512)
- file-secure_getenv.patch: refresh
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
- Add patch 0002-PR-62-spinpx-limit-size-of-file_printable.patch to
fix bsc#1126117, bsc#1126118, and bsc#1126119 for CVE-2019-8905,
CVE-2019-8906, and CVE-2019-8907
- Add patch file-a642587a9c.patch for bsc#1096974, bsc#1096984, and
CVE-2018-10360 -- Avoid reading past the end of buffer
- Use %license (boo#1082318)
- Add patch file-5.32-ncurses-6.1.patch to support extend magic
format for new ncurses 6.1
- Update package summaries. Replace old RPM constructs.
- Remove --with-pic which is useless with --disable-static.
- Edit pre_checkin.sh to remove dead python3 file.
- remove python build instructions from master spec file, move completely
into python-magic.spec
- Update to file version 5.32
* Always reset state in {file,buffer}_apprentice (Krzysztof Wilczynski)
* Fix always true condition (Thomas Jarosch)
* pickier parsing of numeric values in magic files.
* PR/615 add magic_getflags()
- This release fix the bug bsc#1056838 for CVE-2017-1000249
- Remove patch file-5.31-fix-tga.dif as now upstream
- Rename patch file-5.31.dif which now becomes file-5.32.dif
- Modify the patches
* file-5.16-ocloexec.patch
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
- add file-5.31-fix-tga.dif upstream commited after I reported
a failure in File::Unpack's test suite
- Update to file version 5.31
* remove trailing spaces from magic files
* refactor is_tar
* better bounds checks for cdf
- Remove patches now upstream
* file-5.30-150735.patch
* file-5.30-3c60e5.patch
- Rename patch file-5.30.dif which becomes file-5.31.dif
- Modify the patches
* file-4.24-autoconf.dif
* file-5.14-tex.dif
* file-5.16-ocloexec.patch
* file-5.19-printf.dif
* file-5.23-endian.patch
- Update to file version 5.30
* If we exceeded the offset in a search return no match
(Christoph Biedl)
* Be more lenient on corrupt CDF files (Christoph Biedl)
* pacify ubsan sign extension (oss-fuzz/524)
* off by one in cdf parsing (PR/593)
* report debugging sections in elf (PR/591)
* Allow @@@ in extensions
* Add missing overflow check in der magic (Jonas Wagner)
- Mofify the patches
file-5.16-ocloexec.patch
file-5.19-biorad.dif
file-5.28-btrfs-image.dif
- Rename patch file-5.29.dif to file-5.30.dif
- Add upstream patches
file-5.30-150735.patch
file-5.30-3c60e5.patch
- Modify patch file-5.29.dif that is
replace colon with dot in offset (boo#1012779)
- Update to file version 5.29
* der getlength overflow (Jonas Wagner)
* multiple magic file load failure (Christoph Biedl)
* CDF parsing improvements (Guy Helmer)
* Add support for signed indirect offsets
* cat /dev/null | file - should print empty (Christoph Biedl)
* Bump string size from 64 to 96.
* PR/556: Fix separators on annotations.
- Remove patch file-5.28-compress.patch now upstream
- Rename patch file-5.28.dif which becomes now file-5.29.dif
- Add patch file-5.28-btrfs-image.dif
to add support for files output by btrfs-image.
- Fix boo#995089:
* Do not attempt to produce a file-magic-32bit package: there is
nothing arch-dependant in this package (for completeness, this
was already fixed just before by Marcus)
* Fix baselibs.conf for libmagic1-32bit to require file-magic
instead of file-magic-32bit.
* Build file-magic as noarch on openSUSE >= 1200 (where rpm is
new enough to support this).
- file-magic is architecture independend, no need for a baselibs
package.
- Add patch file-5.28-compress.patch
to fix crash as found in build system
- Update to file version 5.28
* fix leak on allocation failure
* PR/555: Avoid overflow for offset > nbytes
* PR/550: Segv on DER parsing:
- use the correct variable for length
- set offset to 0 on failure.
- Port patches to 5.28
file-4.24-autoconf.dif
file-5.15-clear-invalid.patch
file-5.16-ocloexec.patch
file-5.19-biorad.dif
file-5.23-endian.patch
file-5.24-nitpick.dif
file-secure_getenv.patch
- Remove patches now upstream
file-5.26-revert-close.patch
- Rename patches
file-5.26.dif becomes file-5.28.dif
- Update to file version 5.27
* Errors comparing DER entries or computing offsets
are just indications of malformed non-DER files.
Don't print them.
* Offset comparison was off-by-one.
* Fix compression code (Werner Fink)
* Put new bytes constant in the right file (not the generated one)
- Remove patches
file-5.26-version.patch
file-5.26-downgrade_DER.patch
file-5.26-console.diff
file-5.26-zmagic.patch
as now upstream
- Disable patch file-5.26-revert-close.patch for test
- Modify patches
file-5.17-option.dif
file-5.26.dif
- Add and revert upstream patch file-5.26-revert-close.patch
(commit 0177f6dd30e1f8c5639c058dcdf1d9edd9f8528c) to help
rpmbuild not to loose stdin
- Add patch file-5.26-zmagic.patch
to fix detection chain if for compresses files are expanded
- Add upstream patch file-5.26-console.diff
to fix wrong detection of UNIF edb files
- Add upstream patch file-5.26-downgrade_DER.patch
to fix DER error messages as well oas offset handling
- Update to file version 5.26
* make the number of bytes read from files configurable.
* Add bounds checks for DER code (discovered by Thomas Jarosch)
* Change indirect recursion limit to indirect use count and
bump from 15 to 50 to prevent abuse.
* Add -00 which prints filename0description0
* Fix ID3 indirect parsing
* add DER parsing capability
* provide dprintf(3) for the OS's that don't have it.
* redo the compression code report decompression errors
* REG_STARTEND code is not working as expected, delete it.
* Add zlib support if we have it.
* PR/492: compression forking was broken with magic_buffer.
- Removed patches as upstream now
file-4.24-mips.dif
file-5.25-avoid-double-evaluation-in-python-bindings.dif
- Modified patches
file-5.12-zip.dif
file-5.16-ocloexec.patch
file-5.19-printf.dif
file-5.19-zip2.0.dif
file-5.22-elf.dif
file-5.23-endian.patch
file-5.24-nitpick.dif
file-secure_getenv.patch
- Renamed patches
file-5.23.dif becomes file-5.26.dif
- Added patch from upstream to fix version handling of PHP files
file-5.26-version.patch
- Make the python command a macro.
- add file-5.25-avoid-double-evaluation-in-python-bindings.dif (bsc#949905)
- file 5.25:
* add a limit to the length of regex searches
* fix problems with --parameter
- Update to file version 5.24
* redo long option encoding to fix off-by-one in 5.23
- Adapt and rename patch
file-5.12-nitpick.dif becomes file-5.24-nitpick.dif
- Update to file version 5.23
* Fix issue with regex range for magic with offset
* Always return true from mget with USE (success to mget not match
indication). Fixes mime evaluation after USE magic
* PR/459: Don't insert magic entries to the list if there are parsing
errors for them.
* PR/455: Add utf-7 encoding
* PR/455: Implement -Z, look inside, but don't report on compression
* PR/454: Fix allocation error on bad magic.
* handle MAGIC_CONTINUE everywhere, not just in softmagic
* don't print descriptions for NAME types when mime.
* Add --extension to list the known extensions for this file type
Idea by Andrew J Roazen
* Bump file search buffer size to 1M.
* Fix multiple issues with date formats reported by Christoph Biedl:
- T_LOCAL meaning was reversed
- Arithmetic did not work
Also stop adjusting daylight savings for gmt printing.
* PR/411: Fix memory corruption from corrupt cdf file.
- Refresh and rename patches
file-5.20-endian.patch becomes file-5.23-endian.patch
file-5.22.dif becomes file-5.23.dif
Refresh patch file-secure_getenv.patch
- Update to file version 5.22 (also related to bsc#913650 and bsc#913651)
* add indirect relative for TIFF/Exif
* restructure elf note printing to avoid repeated messages
* add note limit, suggested by Alexander Cherepanov
* Bail out on partial pread()'s (Alexander Cherepanov)
* Fix incorrect bounds check in file_printable (Alexander Cherepanov)
* PR/405: ignore SIGPIPE from uncompress programs
* change printable -> file_printable and use it in
more places for safety
* in ELF, instead of "/(uses dynamic libraries)"/ when PT_INTERP
is present print the interpreter name.
- Patch file-5.18-elf.dif is modified and renamed to file-5.22-elf.dif
- Patch file-5.20.dif s modified and renamed to file-5.22.dif
- build with PIE
- Drop patch file-5.20-CVE-2014-3710.patch as now part of upstream
- Update to file version 5.21
* Fix CVE-2014-8116 and CVE-2014-8117 (bsc#910252 and bsc#910253)
* there was an incorrect free in magic_load_buffers()
* there was an out of bounds read for some pascal strings
* there was a memory leak in magic lists
* don't interpret strings printed from files using the current
locale, convert them to ascii format first.
* there was an out of bounds read in elf note reads
* fix MacOS/X locale.h vs. xlocale.h issues
- Add patch file-5.20-CVE-2014-3710.patch to fic bsc#902367
CVE-2014-3710: file: out-of-bounds read in elf note headers
- Update to file version 5.20
* recognize encrypted CDF documents
* add magic_load_buffers from Brooks Davis
* add thumbs.db support
- Remove file-5.07-iso9660.dif as now upstream
- Remove file-5.19-gdbm.patch as now upstream
- Adapt and rename file-5.18-endian.patch to file-5.20-endian.patch
- Adapt and rename file-5.19.dif file-5.20.dif
- filesystem
-
- Remove duplicate line due to merge error
- add /etc/skel/.cache with perm 0700 (bsc#1181011)
- Set correct permissions when creating /proc and /sys
- Ignore postfix user (pulled in from buildsystem)
- /proc and /sys should be %ghost to allow filesystem package updates in
rootless container environments (rh#1548403) (bsc#1146705)
- Split /var/tmp out of fs-var.conf, new file is fs-var-tmp.conf.
Allows to override config to add cleanup options of /var/tmp
[bsc#1078466]
- Create fs-tmp.conf to cleanup /tmp regular (required with tmpfs)
[bsc#1175519]
- Fix bug about missing group in tmpfiles.d files
- Generic cleanup:
- Remove /usr/local/games
- pretrans lua script: try to move away /var/run and /var/lock
unless they are already symlinks (bsc#1084119)
- Add /etc/modprobe.d and /usr/lib/modprobe.d (bsc#1082050).
- drop /etc/xinetd.d (bsc#1084457)
- Handle aaa_base moving the license files to /usr/share/licenses.
- Use lib64 filelist on riscv64
- Exclude some directories from fs-var.conf which are already part
of systemd [bsc#1078466].
- Remove obsolete, outdated or duplicate directories:
/lib/YaST, /lib/lsb, /srv/ftp, /usr/lib/lsb, /usr/share/nls and
/usr/share/tmac.
- Adjust aaa_base test for latest aaa_base changes
- Remove /var/adm/fillup-templates, already prohibited by rpmlint
- Remove /var/adm/backup/{rpmdb,sysconfig}, they belong to
aaa_base-extras only.
- Fix incomplete /usr/X11R6 drop from 2013
- Create fs-var.conf for systemd-tmpfiles, which contains all
directories and links below /var. This is needed for systems,
which use transactional update, read-only root filesystem, or
other things, where either /var is not available during upgrade
or does not survive a reboot. So that systemd-tmpfiles could
create them at next boot.
- Drop deprecated /usr/tmp compat link
- Add /usr/share/fillup-templates: this is the new location for
fillup-templates
- Add /usr/share/metainfo: this is the new location defined by
AppStream to replace /usr/share/appdata.
- Remove /etc/ppp and subdirectories, the current, full list of
directories is part of the sysconfig package
- Require user root and group root
- Remove /etc/susehelp.d and subdirectories, susehelp is gone
- Remove /etc/tmpdirs.d, support was removed 2011 and migrated
to tmpfiles.d
- Remove /var/adm/perl-modules (support was removed with 11.4)
- Get ride of the last non-root group. /run/lock is created by
systemd, not filesystem, so remove it from here.
- Change ownership of /etc/ppp, group dialout has meanwhile another
meaning and there are no setgid dialout binaries who could need
that.
- Remove home directories for wwwrun, lp, mail and nobody.
They are now part of the corresponding system-user-* RPMs.
- Move /etc/init.d hiearchy to insserv-compat
- Move /etc/cups to cups-libs [bsc#1025689]
- Remove /usr/games (finally everything is moved to /usr/bin)
- Remove /*/news, now part of system-user-news
- Remove /var/cache/man, now part of system-user-man
- Remove /var/games, now part of system-user-games
- Add /usr/lib/sysusers.d
- Remove uucp directories, moved to system-user-uucp
- change /etc/cups to mode 0755 by cherry-picking SLE change
- own /usr/share/licenses to support %license tags in rpm, see
http://rpm.org/wiki/Releases/4.11.0
- Add /usr/lib/udev/rules.d: packages installing rules don't really
have to build depend on udev, it only increases their build time.
- Add some systemd directories so that uuidd does not have to own
them and still succeeds building in a systemd-less root.
- Add /usr/lib/tmpfiles.d, which can well be considered a base
system directory by now.
- fillup
-
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Also return back the /bin/fillup provides line
- Keep /bin/fillup as a symlink in the package: there are hundreds
of RPMs out there referencing it in the %post scriptlets, when
any of the %*fillup* macros was used. Even updating the macro
will not make the existing RPMs magically be fixed.
- Cleanup the mess in spec with spec-cleaner
- place binary into /usr tree (UsrMerge project)
- cross-build workarounds: disable %build section testing, use fake
gcc script to work around build system deficiencies
- Apply packaging guidelines (remove redundant/obsolete
tags/sections from specfile, etc.)
- Open all file descriptors with O_CLOEXEC
- handle out-of-disk-space situations somewhat better.
- use %_smp_mflags
- Do not compile in date into binary to create reproduceable binaries.
- enable parallel building
- make patch0 usage consistent
- findutils
-
- Use new Group Release Keyring
- update upstream signing key
- remove deprecated texinfo packaging macros
- run spec-cleaner
- Update to 4.8.0.
Announcement: https://savannah.gnu.org/forum/forum.php?forum_id=9914
- findutils.spec:
- Source0: Fix download URL: remove "/pub/"/.
- %check: Output the content of all test-suite files in case of errors.
- Remove now-upstream patches:
- disable-null-ptr-test.patch
- findutils-gnulib-disable-test-float.patch
- findutils-gnulib-test-avoid-FP-perror-strerror.patch
- prepare usrmerge (boo#1029961)
- findutils-gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
avoid false-positive error in gnulib tests 'test-perror2' and
'test-strerror_r', visible on armv7l.
- findutils.spec: Reference the patch.
- disable-null-ptr-test.patch: Refresh with -p0.
- findutils.keyring: Update GPG keys of Bob Proulx.
Prompted by an error of 'osc service localrun download_files'.
- findutils.spec: Avoid conditional Patch definition as this breaks
cross-platform building from source RPMs.
- findutils-gnulib-disable-test-float.patch: Add patch to temporarily
disable the gnulib test 'test-float' failing on ppc and ppc64le.
- findutils.spec: Reference the patch.
- Add disable-null-ptr-test.patch in order to fix boo#1157342.
- Upgrade to 4.7.0.
- findutils.spec:
- Change source compression from gzip to xz.
- Align comments about how to bump the version.
- Activate the signature checking via *.sig and keyring files.
- Remove downstream hack in %check section to make a test executable.
- Delete obsolete patches:
- disable-broken-tests.patch
- gnulib-libio.patch
- sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch
- sysmacros.patch
- findutils-4.4.2-xautofs.patch: Refresh, and rename ...
- findutils-xautofs.patch: ... to this.
- Add disable-broken-tests.patch in order to remove broken
tests (boo#1138800).
- gnulib-libio.patch: Update gnulib for libio.h removal
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license (boo#1082318)
- sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch:
Add upstream patch to fix https://savannah.gnu.org/bugs/?48030
- Upgrade to 4.6.0
stable release, removing 'oldfind'.
- Delete now-upstream patches: findutils-gnulib-ppc64le.patch,
gnulib-perl522.patch
- Refresh patch: findutils-4.4.2-xautofs.patch
- Upgrade to 4.5.15
- Delete now-upstream patch:
findutils-oldfind-fix-dotdot-skipping.patch
- Refresh patches:
findutils-4.4.2-xautofs.patch
gnulib-perl522.patch
- add gnulib-perl522.patch from gnulib upstream
- findutils-oldfind-fix-dotdot-skipping.patch: Add upstream patch
to fix 'oldfind' which skipped all files starting with "/.."/
(e.g. "/..file"/).
- findutils.spec: Add BuildRequires:dejagnu - otherwise only a
very limited set of the tests was run by 'make check'.
- fipscheck
-
- Remove #include of unused fips.h to fix build with OpenSSL 1.1.1
(bsc#1149792)
* add fipscheck-fips.h_not_needed.patch
- Port to OpenSSL 1.1 (bsc#1042649)
Adds openssl-1_1-port.patch
- Set RPM groups anew. Drop implicit cleaning parts.
- add baselibs.conf
- updated to 1.4.1
- added manpages
- fipscheck/fipshmac: Add -s option to specify the hmac suffix
- fipshmac: Add '-d' option to specify where to put the .hmac files
- various bugfixes
- license update: BSD-2-Clause
See LICENSE
- imported a generic fips helper to verify fips modules, linked
to openssl.
- freetype2
-
- Add CVE-2020-15999.patch to fix a heap buffer overflow has been
found in the handling of embedded PNG bitmaps
CVE-2020-15999 bsc#1177914
- Use the compiler default C std, since 2012 gcc defaults
have changed, we now only need to get rid of ANSIFLAGS, override
that variable instead.
- Update to version 2.10.1
* The bytecode hinting of OpenType variation fonts was flawed, since
the data in the `CVAR' table wasn't correctly applied.
* Auto-hinter support for Mongolian.
* The handling of the default character in PCF fonts as introduced
in version 2.10.0 was partially broken, causing premature abortion
of charmap iteration for many fonts.
* If `FT_Set_Named_Instance' was called with the same arguments
twice in a row, the function returned an incorrect error code the
second time.
* Direct rendering using FT_RASTER_FLAG_DIRECT crashed (bug
introduced in version 2.10.0).
* Increased precision while computing OpenType font variation
instances.
* The flattening algorithm of cubic Bezier curves was slightly
changed to make it faster. This can cause very subtle rendering
changes, which aren't noticeable by the eye, however.
* The auto-hinter now disables hinting if there are blue zones
defined for a `style' (i.e., a certain combination of a script and
its related typographic features) but the font doesn't contain any
characters needed to set up at least one blue zone.
- Add tarball signatures and freetype2.keyring
- Update to version 2.10.0
* A bunch of new functions has been added to access and process
COLR/CPAL data of OpenType fonts with color-layered glyphs.
* As a GSoC 2018 project, Nikhil Ramakrishnan completely
overhauled and modernized the API reference.
* The logic for computing the global ascender, descender, and
height of OpenType fonts has been slightly adjusted for
consistency.
* `TT_Set_MM_Blend' could fail if called repeatedly with the same
arguments.
* The precision of handling deltas in Variation Fonts has been
increased.The problem did only show up with multidimensional
designspaces.
* New function `FT_Library_SetLcdGeometry' to set up the geometry
of LCD subpixels.
* FreeType now uses the `defaultChar' property of PCF fonts to set
the glyph for the undefined character at glyph index 0 (as
FreeType already does for all other supported font formats). As
a consequence, the order of glyphs of a PCF font if accessed
with FreeType can be different now compared to previous
versions.
This change doesn't affect PCF font access with cmaps.
* `FT_Select_Charmap' has been changed to allow parameter value
`FT_ENCODING_NONE', which is valid for BDF, PCF, and Windows FNT
formats to access built-in cmaps that don't have a predefined
`FT_Encoding' value.
* A previously reserved field in the `FT_GlyphSlotRec' structure
now holds the glyph index.
* The usual round of fuzzer bug fixes to better reject malformed
fonts.
* `FT_Outline_New_Internal' and `FT_Outline_Done_Internal' have
been removed.These two functions were public by oversight only
and were never documented.
* A new function `FT_Error_String' returns descriptions of error
codes if configuration macro FT_CONFIG_OPTION_ERROR_STRINGS is
defined.
* `FT_Set_MM_WeightVector' and `FT_Get_MM_WeightVector' are new
functions limited to Adobe MultiMaster fonts to directly set and
get the weight vector.
- Remove old ppc64 parts in spec file
- Refresh patches:
+ bugzilla-308961-cmex-workaround.patch
+ don-t-mark-libpng-as-required-library.patch
+ enable-long-family-names-by-default.patch
- Enable subpixel rendering with infinality config:
+ enable-subpixel-rendering.patch
+ enable-infinality-subpixel-hinting.patch
- Re-enable freetype-config, there is just too many fallouts.
- Update to version 2.9.1
* Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
* CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
* Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
* Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
* The auto-hinter script ranges have been updated for Unicode 11.
No support for new scripts have been added, however, with the
exception of Georgian Mtavruli.
- freetype-config is now deprecated by upstream and not enabled
by default.
- Drop upstreamed patches:
* bnc1079600.patch
* psaux-flex.patch
* 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
* 0001-truetype-Better-protection-against-invalid-VF-data.patch
- Add bnc1079600.patch: Fix several integer overflow issues in
truetype/ttinterp.c (bsc#1079600)
- Refresh spec-file via spec-cleaner.
- Add shell script freetype2.sh in separate package
freetype2-profile-tti35 in order to be able to set TrueType
interpreter version 35 (boo#1084085).
- Added patch:
* enable-long-family-names-by-default.patch
+ Define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES to obtain 2.7.1
behaviour
- Added patches:
* 0001-src-truetype-ttinterp.c-Ins_GETVARIATION-Avoid-NULL-.patch
+ Upstream fix for bsc#1079603: Avoid NULL reference in
src/truetype/ttinterp.c
* 0001-truetype-Better-protection-against-invalid-VF-data.patch
+ Upstream fix for bsc#1079601: Protection against invalid VF
data
- Add psaux-flex.patch to fix a regression in Type1 rendering
- Update to version 2.9
* Advance width values of variation fonts were often wrong.
* More fixes for variation font support; you should update to
this version if you want to support them.
* As a GSoC project, Ewald Hew extended the new (Adobe) CFF
engine to handle Type 1 fonts also, thus greatly improving
the rendering of this format. This is the new default.
* A new function, `FT_Set_Named_Instance', can be used to set
or change the current named instance.
* Starting with this FreeType version, resetting variation
coordinates will return to the currently selected named
instance. Previously, FreeType returned to the base font
(i.e., no instance set).
* Some fuzzer fixes to better reject malformed fonts.
- Update to version 2.8.1
* B/W hinting of TrueType fonts didn't work properly if
interpreter version 38 or 40 was selected.
* Some severe problems within the handling of TrueType Variation
Fonts were found and fixed.
* Function `FT_Set_Var_Design_Coordinates' didn't correctly handle
the case with less input coordinates than axes.
* By default, FreeType now offers high quality LCD-optimized
output without resorting to ClearType techniques of resolution
tripling and filtering. In this method, called Harmony, each
color channel is generated separately after shifting the glyph
outline, capitalizing on the fact that the color grids on LCD
panels are shifted by a third of a pixel. This output is
indistinguishable from ClearType with a light 3-tap filter.
* Using the new function `FT_Get_Var_Axis_Flags', an application
can access the `flags' field of a variation axis (introduced in
OpenType version 1.8.2)
* FreeType now synthesizes a missing Unicode cmap for (older)
TrueType fonts also if glyph names are available.
* The warping option has moved from `light' to `normal' hinting
where it replaces the original hinting algorithm. The `light'
mode is now always void of any hinting in x-direction.
- Update to version 2.8
* Support for OpenType Variation Fonts is now complete. The last
missing part was handling the `VVAR' and `MVAR' tables, which is
available with this release.
* A new function `FT_Face_Properties' allows the control of some
module and library properties per font. Currently, the
following properties can be handled: stem darkening, LCD filter
weights, and the random seed for the `random' CFF operator.
* The PCF change to show more `colourful' family names (introduced
in version 2.7.1) was too radical; it can now be configured with
PCF_CONFIG_OPTION_LONG_FAMILY_NAMES at compile time. If
activated, it can be switched off at run time with the new pcf
property `no-long-family-names'. If the `FREETYPE_PROPERTIES'
environment variable is available, you can say
FREETYPE_PROPERTIES=pcf:no-long-family-names=1
* Support for the following scripts has been added to the
auto-hinter.
Adlam, Avestan, Bamum, Buhid, Carian, Chakma, Coptic, Cypriot,
Deseret, Glagolitic, Gothic, Kayah, Lisu, N'Ko, Ol Chiki, Old
Turkic, Osage, Osmanya, Saurashtra, Shavian, Sundanese, Tai
Viet, Tifinagh, Unified Canadian Syllabics, Vai
* `Light' auto-hinting mode no longer uses TrueType metrics for
TrueType fonts. This bug was introduced in version 2.4.6,
causing horizontal scaling also. Almost all GNU/Linux
distributions (with Fedora as a notable exception) disabled the
corresponding patch for good reasons; chances are thus high that
you won't notice a difference.
* If a TrueType font gets loaded with FT_LOAD_NO_HINTING, FreeType
now scales the font linearly again (bug introduced in version
2.4.6).
* Fixed CVE-2017-8105, CVE-2017-8287: Older FreeType versions
have out-of-bounds writes caused by heap-based buffer overflows
related to Type 1 fonts. (boo#1035807, boo#1036457)
- See https://sourceforge.net/projects/freetype/files/freetype2/2.8/ for
the complete changelog.
- Update to version 2.7.1:
* IMPORTANT CHANGES
+ Support for the new CFF2 font format as introduced with
OpenType 1.8 has been contributed by Dave Arnolds from Adobe.
+ Preliminary support for variation fonts as specified in
OpenType 1.8 (in addition to the already existing support for
Adobe's MM and Apple's GX formats). Dave Arnolds contributed
handling of advance width change variation; more will come in
the next version.
* IMPORTANT BUG FIXES
+ Handling of raw CID fonts was partially broken (bug introduced
in 2.6.4).
* MISCELLANEOUS
+ Some limits for TrueType bytecode execution have been tightened
to speed up FreeType's handling of malformed fonts, in
particular to quickly abort endless loops.
+ The number of twilight points can no longer be set to an
arbitrarily large value.
+ The total number of jump opcode instructions (like JMPR) with
negative arguments is dynamically restricted; the same holds
for the total number of iterations in LOOPCALL opcodes.
+ The dynamic limits are based on the number of points in a glyph
and the number of CVT entries. Please report if you encounter a
font where the selected values are not adequate.
+ PCF family names are made more `colourful'; they now include the
foundry and information whether they contain wide characters.
For example, you no longer get `Fixed' but rather `Sony Fixed'
or `Misc Fixed Wide'.
+ A new function `FT_Get_Var_Blend_Coordinates' (with its alias
name `FT_Get_MM_Blend_Coordinates') to retrieve the normalized
blend coordinates of the currently selected variation instance
has been added to the Multiple Masters interface.
+ A new function `FT_Get_Var_Design_Coordinates' to retrieve the
design coordinates of the currently selected variation instance
has been added to the Multiple Masters interface.
+ A new load flag `FT_LOAD_BITMAP_METRICS_ONLY' to retrieve bitmap
information without loading the (embedded) bitmap itself.
+ Retrieving advance widths from bitmap strikes (using
`FT_Get_Advance' and `FT_Get_Advances') have been sped up.
+ The usual round of fuzzer fixes to better reject malformed
fonts.
- Drop freetype2-bitmap-foundry.patch, merged upstream.
- update to version 2.7:
* IMPORTANT CHANGES
+ As announced earlier, the 2.7.x series now uses the new subpixel
hinting mode as the default, emulating a modern version of
ClearType.
This change inevitably leads to different rendering results, and
you might change the `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
configuration option to adapt it to your taste (or use the new
`FREETYPE_PROPERTIES' environment variable). See the
corresponding entry below for version 2.6.4, which gives more
information.
+ A new option `FT_CONFIG_OPTION_ENVIRONMENT_PROPERTIES' has been
introduced. If set (which is the default), an environment
variable `FREETYPE_PROPERTIES' can be used to control driver
properties. Example:
FREETYPE_PROPERTIES=truetype:interpreter-version=35 + cff:no-stem-darkening=1 + autofitter:warping=1
This allows to select, say, the subpixel hinting mode at runtime
for a given application. See file `ftoption.h' for more.
* IMPORTANT BUG FIXES
+ After loading a named instance of a GX variation font, the
`face_index' value in the returned `FT_Face' structure now
correctly holds the named instance index in the upper 16bits as
documented.
* MISCELLANEOUS
+ A new macro `FT_IS_NAMED_INSTANCE' to test whether a given face
is a named instance.
+ More fixes to GX font handling.
+ Apple's `GETVARIATION' bytecode operator (needed for GX
variation font support) has been implemented.
+ Another round of fuzzer fixes, mainly to reject invalid fonts
faster.
+ Handling of raw CID fonts was broken (bug introduced in version
2.6.4).
+ The smooth rasterizer has been streamlined to make it faster by
approx. 20%.
+ The `ftgrid' demo program now understands command line option
`-d' to give start-up design coordinates.
+ The `ftdump' demo program has a new command line option `-p' to
dump TrueType bytecode instructions.
- removed freetype2-subpixel.patch in favor of above
FREETYPE_PROPERTIES environment variable
- Update to version 2.6.5:
+ Compilation works again on Mac OS X (bug introduced in version
2.6.4).
+ The new subpixel hinting mode is now disabled by default; it
will be enabled by default in the forthcoming 2.7.x series.
Main reason for reverting this feature is the principle of least
surprise: a sudden change in appearance of all fonts (even if
the rendering improves for almost all recent fonts) should not
be expected in a new micro version of a series.
- Rebase freetype2-subpixel.patch.
- Upadte to version 2.6.4:
* A new subpixel hinting mode, which is now the default rendering
mode for TrueType fonts. It implements (almost everything of)
version 40 of the bytecode engine. The existing code base in
FreeType (the `Infinality code') was stripped to the bare
minimum and all configurability removed in the name of speed
and simplicity. The configurability was mainly aimed at legacy
fonts like Arial, Times New Roman, or Courier. [Legacy fonts
are fonts that modify vertical stems to achieve clean
black-and-white bitmaps.] The new mode focuses on applying a
minimal set of rules to all fonts indiscriminately so that
modern and web fonts render well while legacy fonts render
okay. Activation of the subpixel hinting support can be
controlled with the `TT_CONFIG_OPTION_SUBPIXEL_HINTING'
configuration option at compile time: If set to value 1, you
get the old Infinality mode (which was never the default due to
its slowness). Value 2 activates the new subpixel hinting mode,
and value 3 activates both. The default is value 2. At run
time, you can select the subpixel hinting mode with the
`interpreter-version' property (provided you have compiled in
the corresponding hinting mode); see `ftttdrv.h' for more.
* Support for the following scripts has been added to the
auto-hinter: Armenian, Cherokee, Ethiopic, Georgian, Gujarati,
Gurmukhi, Malayalam, Sinhala, Tamil.
- Rebase freetype2-subpixel.patch.
- Update to version 2.6.3
* IMPORTANT CHANGES
- Khmer, Myanmar, Bengali, and Kannada script support has been
added to the auto-hinter.
* MISCELLANEOUS
- Better support of Indic scripts like Devanagari by using a
top-to-bottom hinting flow.
- All FreeType macros starting with two underscores have been
renamed to avoid a violation of both the C and C++ standards.
Example: Header macros of the form `__FOO_H__' are now called
`FOO_H_'. In most cases, this should be completely transparent
to the user. The exception to this is `__FTERRORS_H__', which
must be sometimes undefined by the user to get FreeType error
strings: Both this form and the new `FTERRORS_H_' macro are
accepted for backwards compatibility.
- Minor improvements mainly to the Type 1 driver.
- The new CFF engine now supports all Type 2 operators except
`random'.
- The macro `_STANDALONE_', used for compiling the B/W and smooth
rasterizers as stand-alone modules, has been renamed to
`STANDALONE_', since macro names starting with an underscore and
followed by an uppercase letter are reserved in both C and C++.
- Function `FT_Library_SetLcdFilterWeights' now also activates
custom LCD filter weights (instead of just adjusting them).
- Support for `unpatented hinting' has been completely removed:
Consequently, the two functions `FT_Face_CheckTrueTypePatents'
and `FT_Face_SetUnpatentedHinting' now return always false,
doing nothing.
- Update to version 2.6.2
* IMPORTANT CHANGES
- The auto-hinter now supports stem darkening, to be controlled by
the new `no-stem-darkening' and `darkening-parameters'
properties. This is an experimental feature contributed by
Nikolaus Waxweiler, and the interface might change in a future
release.
- By default, stem darkening is now switched off (for both the CFF
engine and the auto-hinter). The main reason is that you need
linear alpha blending and gamma correction to get correct
rendering results, and the latter is not yet available in most
freely available rendering stacks like X11. Applying stem
darkening without proper gamma correction leads to far too dark
rendering results.
- The meaning of `FT_RENDER_MODE_LIGHT' has been slightly
modified. It now essentially means `no hinting along the
horizontal axis'; in particular, no change of glyph advance
widths. Consequently, the auto-hinter is used for all scalable
font formats except for CFF. It is planned that other
font-specific rendering engines (TrueType, Type 1) will follow.
* MISCELLANEOUS
- The default LCD filter has been changed to be normalized and
color-balanced.
- For better compatibility with FontConfig, function
`FT_Library_SetLcdFilter' accepts a new enumeration value
`FT_LCD_FILTER_LEGACY1' (which has the same meaning as
`FT_LCD_FILTER_LEGACY').
- A large number of bugs have been detected by using the libFuzzer
framework, which should further improve handling of invalid
fonts. Thanks again to Kostya Serebryany and Bungeman!
- `TT_CONFIG_OPTION_MAX_RUNNABLE_OPCODES', a new configuration
option, controls the maximum number of executed opcodes within a
bytecode program. You don't want to change this except for very
special situations (e.g., making a library fuzzer spend less
time to handle broken fonts).
- The smooth renderer has been made faster.
- Update to version 2.6.1
* IMPORTANT BUG FIXES
- It turned out that for CFFs only the advance widths should be
taken from the `htmx' table, not the side bearings. This bug,
introduced in version 2.6.0, makes it necessary to upgrade if
you are using CFFs; otherwise, you get cropped glyphs with GUI
interfaces like GTK or Qt.
- Accessing Type 42 fonts returned incorrect results if the glyph
order of the embedded TrueType font differs from the glyph order
of the Type 42 charstrings table.
* IMPORTANT CHANGES
- The header file layout has been changed (again), moving all
header files except `ft2build.h' into a subdirectory tree.
Doing so reduces the possibility of header file name clashes
(e.g., FTGL's `FTGlyph.h' with FreeType's `ftglyph.h') on case
insensitive file systems like Mac OS X or Windows.
Applications that use (a) the `freetype-config' script or
FreeType's `freetype2.pc' file for pkg-config to get the include
directory for the compiler, and (b) the documented way for
header inclusion like
[#]include <ft2build.h>
[#]include FT_FREETYPE_H
...
don't need any change to the source code.
- Simple access to named instances in GX variation fonts is now
available (in addition to the previous method via FreeType's MM
interface). In the `FT_Face' structure, bits 16-30 of the
`face_index' field hold the current named instance index for the
given face index, and bits 16-30 of `style_flags' contain the
number of instances for the given face index. `FT_Open_Face'
and friends also understand the extended bits of the face index
parameter.
You need to enable TT_CONFIG_OPTION_GX_VAR_SUPPORT for this new
feature. Otherwise, bits 16-30 of the two fields are zero (or
are ignored).
- Lao script support has been added to the auto-hinter.
* MISCELLANEOUS
- The auto-hinter's Arabic script support has been enhanced.
- Superscript-like and subscript-like glyphs as used by various
phonetic alphabets like the IPA are now better supported by the
auto-hinter.
- The TrueType bytecode interpreter now runs slightly faster.
- Improved support for builds with cmake.
- The function `FT_CeilFix' now always rounds towards plus
infinity.
- The function `FT_FloorFix' now always rounds towards minus
infinity.
- A new load flag `FT_LOAD_COMPUTE_METRICS' has been added; it
makes FreeType ignore pre-computed metrics, as needed by font
validating or font editing programs. Right now, only the
TrueType module supports it to ignore data from the `hdmx'
table.
- Another round of bug fixes to better handle broken fonts, found
by Kostya Serebryany <kcc@google.com>.
- Dropping upstreamed patch Dont-use-hmtx-table-for-LSB.patch.
- Add Dont-use-hmtx-table-for-LSB.patch: Fixes gnu#45520, cut off
fonts in gtk and qt. Taken from upstream git.
- Update to version 2.6
* Thread safety improvements
* Thai script support has been added to the auto-hinter.
* Arabic script support has been added to the auto-hinter.
* Following OpenType version 1.7, advance widths and side bearing
values in CFFs (wrapped in an SFNT structure) are now always
taken from the `hmtx' table.
* Following OpenType version 1.7, the PostScript font name of a
CFF font (wrapped in an SFNT structure) is now always taken from
the `name' table. This is also true for OpenType Collections
(i.e., TTCs using CFFs subfonts instead of TTFs), where it may
have a significant difference.
* Fonts natively hinted for ClearType are now supported, properly
handling selector index 3 of the INSTCTRL bytecode instruction.
* Major improvements to the GX TrueType variation font handling.
- Merge with the version 2.5.5 from openSUSE:Factory
- Removed patches:
* CVE-2014-9656.patch
* CVE-2014-9657.patch
* CVE-2014-9658.patch
* CVE-2014-9659.patch
* CVE-2014-9660.patch
* CVE-2014-9661.patch
* CVE-2014-9662.patch
* CVE-2014-9663.patch
* CVE-2014-9664.patch
* CVE-2014-9665.patch
* CVE-2014-9666.patch
* CVE-2014-9667.patch
* CVE-2014-9668.patch
* CVE-2014-9669.patch
* CVE-2014-9670.patch
* CVE-2014-9671.patch
* CVE-2014-9672.patch
* CVE-2014-9673.patch
* CVE-2014-9674.patch
* CVE-2014-9675.patch
- Integrated in the 2.5.5 release
- Modified patches:
* don-t-mark-libpng-as-required-library.patch
* bugzilla-308961-cmex-workaround.patch
* freetype2-subpixel.patch
* freetype2-bitmap-foundry.patch
* overflow.patch
- Adapt to the new version of sources
- Modified patch:
* CVE-2014-9671.patch
- Adapt the code to correspond to the current git master of
freetype2 (fixes bsc#933247)
- Enable the bz2 compression in freetype2
- Remove patch overflow.patch from freetype2.spec where it is not
applied.
- Run spec-cleaner on the spec file.
- fixed vulnerabilities (bnc#916847, bnc#916856, bnc#916857,
bnc#916858, bnc#916859, bnc#916860, bnc#916861, bnc#916862,
bnc#916863, bnc#916864, bnc#916865, bnc#916867, bnc#916868,
bnc#916870, bnc#916871, bnc#916872, bnc#916873, bnc#916874,
bnc#916879, bnc#916881)
- CVE-2014-9656.patch
- CVE-2014-9657.patch
- CVE-2014-9658.patch
- CVE-2014-9659.patch
- CVE-2014-9660.patch
- CVE-2014-9661.patch
- CVE-2014-9662.patch
- CVE-2014-9663.patch
- CVE-2014-9664.patch
- CVE-2014-9665.patch
- CVE-2014-9666.patch
- CVE-2014-9667.patch
- CVE-2014-9668.patch
- CVE-2014-9669.patch
- CVE-2014-9670.patch
- CVE-2014-9671.patch
- CVE-2014-9672.patch
- CVE-2014-9673.patch
- CVE-2014-9674.patch
- CVE-2014-9675.patch
- Update to version 2.5.5
* IMPORTANT BUG FIXES
- Handling of uncompressed PCF files works again (bug
introduced in version 2.5.4).
- Drop freetype2-2.5.3-fix-pcf.patch, merged upstream
- Update to version 2.5.4
* IMPORTANT BUG FIXES
- A variant of vulnerability CVE-2014-2240 was identified
(cf. http://savannah.nongnu.org/bugs/?43661) and fixed
in the new CFF driver. All users should upgrade.
- The new auto-hinter code using HarfBuzz crashed for some
invalid fonts.
- Many fixes to better protect against malformed input.
* IMPORTANT CHANGES
- Full auto-hinter support of the Devanagari script.
- Experimental auto-hinter support of the Telugu script.
- CFF stem darkening behaviour can now be controlled at
build time using the eight macros
CFF_CONFIG_OPTION_DARKENING_PARAMETER_{X,Y}{1,2,3,4} .
- Some fields in the `FT_Bitmap' structure have been changed
from signed to unsigned type, which better reflects
the actual usage. It is also an additional means to
protect against malformed input. This change doesn't break
the ABI; however, it might cause compiler warnings.
* MISCELLANEOUS
- Improvements to the auto-hinter's algorithm to recognize
stems and local extrema.
- Function `FT_Get_SubGlyph_Info' always returned an error
even in case of success.
- Version 2.5.1 introduced major bugs in the cjk part of
the auto-hinter, which are now fixed.
- The `FT_Sfnt_Tag' enumeration values have been changed to
uppercase, e.g. `FT_SFNT_HEAD'. The lowercase variants
are deprecated. This is for orthogonality with all other
enumeration (and enumeration-like) values in FreeType.
- `cmake' now supports builds of FreeType as an OS X framework
and for iOS.
- Improved project files for vc2010,
introducing a property file
- The documentation generator for the API reference has been
updated to produce better HTML code (with proper CSS).
At the same time, the documentation got a better structure.
- The FT_LOAD_BITMAP_CROP flag is obsolete; it is not used
by any driver.
- The TrueType DELTAP[123] bytecode instructions now work in
subpixel hinting mode as described in the ClearType
whitepaper (i.e., for touched points in the
non-subpixel direction).
- Many small improvements to the internal arithmetic routines.
- Rebase don-t-mark-libpng-as-required-library.patch,
bugzilla-308961-cmex-workaround.patch, freetype2-subpixel.patch,
freetype2-bitmap-foundry.patch and overflow.patch
- Add freetype2-2.5.3-fix-pcf.patch from upstream to resolve
http://savannah.nongnu.org/bugs/?43774, "/Freetype 2.5.4 does not
load ungzipped PCF fonts"/
- fuse
-
- user_allow_other restriction may be bypassed (bsc#1101797, CVE-2018-10906)
- fusermount-prevent-silent-truncation-of-mount-options.patch
- fusermount-dont-feed-escaped-commans-into-mount-options.patch
- fusermount-bail-out-on-transient-config-read-failure.patch
- fusermount-refuse-unknown-options.patch
- fusermount-whitelist-known-good-filesystems-for-mountpoints.patch
- Fix download link in fuse.spec
- fuse 2.9.7
* Shared-object version has now been bumped correctly.
* Added SELinux support.
* Fixed race-condition when session is terminated right after
starting a FUSE file system.
- Ensure trusted group is available on Tumbleweed.
- fuse 2.9.5:
* fix warning in mount.c:receive_fd().
* fix possible memory leak.
* new upstream project and source URL
* add new maintainer keyring and verify source signature
- Update to version 2.9.4
- fix exec environment for mount and umount (bsc#931452,
CVE-2015-3202)
- properly restore the default signal handler
- fix directory file handle passed to ioctl() method.
- fix for uids/gids larger than 2147483647
- initialize stat buffer passed to ->getattr() and ->fgetattr()
- include commented default fuse.conf (bnc#908292)
- Update to version 2.9.3
- Bug fixes
- Remove fuse-gnu_source.patch (fixed upstream)
- add aarch64-build-fix.patch
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
- fix build for SLE_11
- Use autoreconf directly instead of makeconf.sh
- Update to version 2.9.2
- Add support for fallocate() (kernel >= 3.5)
- Bug fixes
- Remove fix-pthread-in-fuse.pc.patch; now included in upstream
- Don't patch generated files such as configure and Makefile.in;
instead, regenerate them using makeconf.sh from SVN repository
- update license to new format
- avoid autoreconf to avoid breaking on updates of auto* tools
- Remove redundant tags/sections from specfile
- Parallel build with %_smp_mflags
- Trim list of FUSE fses from description (it's literally endless)
and text inappropraite for subpackages
- Fix -pthread in fuse.pc [bnc#761117]
- place binaries in /usr tree (UsrMerge project)
- update to 2.9.0
- Add "/zero copy"/ support for kernel 2.6.35 or newer
- Make maximum background requests tunable on kernel 2.6.32 or
newer
- Require --no-canonicalize in (u)mount (util-linux version 2.18
or newer) to fix security problems with fusermount
- Use dynamically sized hash tables in high level library
- Memory use of filesystem daemon can shrink more easily
- Add "/auto_unmount"/ option
- Add "/remember"/ option
- Add man pages for fusermount, mount.fuse and ulockmgr_server
- API changes:
- Introduce "/store"/ and "/retrieve"/ for accessing kernel
buffers on kernel 2.6.36 or newer
- Introduce abstract buffer for zero copy operations
- Allow path calculation to be omitted on certain operations
- Allow batching forget requests
- Add "/flock"/ method
- Add support for ioctl on directories
- Add delete notification
- drop fuse-pc-remove-libdir-from-Libs.diff (upstream)
- use %set_permissions instead of %run_permissions in specfile
- compile /bin/fusermount as a position independent executable
[bnc#743155]
- update to 2.8.7
* fix ambiguous symbol version for fuse_chan_new
* prevent calling ulockmgr_server with illegal arguments
* fix hang in wait_on_path()
- handle case of failure to allocate request [bnc#723616]
- add libtool as buildrequire to make the spec file more reliable
- enabling libulockmgr
- Must define _GNU_SOURCE to get clone() system call.
- licenses package is about to die
- In case of failure to add to /etc/mtab don't umount. [bnc#668820]
[CVE-2011-0541]
- Fix symlink attack for mount and umount [bnc#651598]
- Remove /etc/init.d/boot.fuse [bnc#648843]
- update to 2.8.5
* fix option escaping for fusermount [bnc#641480]
- keep examples and internal docs in devel package (from jnweiger)
- update to 2.8.4
* fix checking for symlinks in umount from /tmp
* fix umounting if /tmp is a symlink
- update to 2.8.3
* fix unmounting with util-linux version >= 2.17
- update to 2.8.2
* fix unmount race (CVE-2009-3297)
* fix deadlock with "/audit"/ subsystem on mount (also requires
util-linux-ng version >=2.17)
- package baselibs.conf
- update to 2.8.1:
* fix missing versioned symbol fuse_get_context@FUSE_2.2
- update to 2.8.0:
* more scalable directory tree locking
* atomic open(O_TRUNC) support
* support big write requests on kernels 2.6.26 and newer
* out-of-tree fuse module removed
* better NFS exporting support
* new ioctl and poll requests
* new CUSE (Character Device in Userspace) interface
* allow umask processing in userspace
* added cache invalidation notifications
* bugfixes and small improvements
- Fix exclude usage.
- remove static libraries and "/la"/ files
- spec file cleanup
- update to version 2.7.4
* Fix missing pthread_mutex_destroy in error path of
fuse_lib_opendir(). Patch by Szabolcs Szakacsits
- adding baselibs.conf to build -xxbit
- gamin
-
- split lib* packages into own spec file to avoid a build cycle
- found a testsuite, run it, but ignore result since it show
breakages. Should be revisited.
- Added 0001-Poll-files-on-nfs4.patch (bgo#693006) and
gamin-0.1.11-double-lock.patch (bgo#669292)
- add conflict with libfam0-32bit
- Spec file cleanups
- Provide and obsolete libgamin in case of sonum changes
- Have the -devel package provide -devel-static as well since it has .a files
- Changed the baselibs.conf to use the libs per openSUSE policy
- Added duplicate files check
- Use exact EVR for Provide: symbols
- Added version for fam-server provides
- Added obsoletes for fam-server
- Added obsoletes for gamin-python
- Switched to original gzipped tar
- Changed source to include upstream source URL to comply with new
packaging guidelines
- Added patch to fix building in factory
- Cleaned up spec file formatting with spec-cleaner
- Added proper license header to spec file
- Split documentation package (fix for RPMLINT warning)
- Add fam-server provides to gamin-server (other gaming packages provide their fam counterpart)
- Implement shlib package (libfam0-gamin)
- Resolve build error due to source disabling deprecated contructs
that it used
- add gamin-32bit package through baselibs.conf to fix KDE 32bit compatibility libs (thanks to Martin Vogt for reporting), which requires splitting %{_libexecdir}/gam_server into its own subpackage (gamin-server) to avoid file conflicts when both gamin and gamin-32bit are installed -- note that gamin and gamin-32bit both require the package gamin-server, so nothing needs to be done on the user end
- add patch to be completely ABI compatible with fam, in order to avoid warnings and crashes caused by "/Symbol `FamErrlist' has different size in shared object, consider re-linking"/; references:
* http://lists.opensuse.org/yast-devel/2009-02/msg00000.html
* http://www.nabble.com/Bug-437307:-lighttpd-fails-to-restart-after-update-td12107383.html
- add return.patch
- gamin-devel
-
- Both library packages must require gamin-server sub-package.
- split lib* packages into own spec file to avoid a build cycle
(avoiding glib2)
- gawk
-
- GNU awk 4.2.1:
* documentation updates
* In MPFR mode, When ROUNDMODE changes, string values for
numerically type values will be redone
* various bug fixes
* drop fold-string.patch, upstream
- Use %license (boo#1082318)
- fold-string.patch: Don't fold constant strings if either is translatable
- Update to gawk 4.2.0
* If not in POSIX mode, changes to ENVIRON are reflected into
gawk's environment
* The series of numbers returned by rand() should now be "/more
random"/ than previously
* Multiple changes related to the pretty printer
* The igawk script and igawk.1 man page are no longer installed
* Gawk now processes a maximum of two hexadecimal digits in x
escape sequences inside strings
* Setting PROCINFO["/redirection"/, "/NONFATAL"/] to true makes I/O
errors for "/redirection"/ not fatal
* Gawk now supports retryable I/O via PROCINFO[input-file, "/RETRY"/]
* Revisions in the POSIX standard remove the special case for POSIX
mode when FS = "/ "/ where newline was not a field separator
* Gawk now supports strongly typed regexp constants
* The new typeof() function can be used to indicate if a variable or
array element is an array, regexp, string or number
* Optimizations are now enabled by default
* Passing negative operands to any of the bitwise functions now
produces a fatal error
* The mktime function now accepts an optional second argument
* The FIELDWIDTHS parsing syntax has been enhanced to allow specifying
how many characters to skip before a field starts
* The PROCINFO["/argv"/] array records all of gawk's command line arguments
as gawk received them
- gawk_ppc64le_ignore_transient_test_time_failure.patch: removed
- also ignore transient test time failure on ppc64
- Added an explicit rpmlint rule to keep one file (gawkapi.h)
from requiring a separate package.
[+gawk.rpmlintrc]
* GNU awk 4.1.4:
* z/OS support updated
* debugger improvements
* return value of system() enhanced to convey more information
* two-way pipe handling improved
* The -d option now allows -d- to print to standard output.
* The DJGPP port is now officially deprecated.
- new gawk_ppc64le_ignore_transient_test_time_failure.patch
- GNU awk 4.1.3:
* Regexp parsing with extra brackets should now be working again.
* Updated to latest config.guess and config.sub.
* bug fixes
- skip frequently failing and timing dependent test strftime
- Correct info files scriplet handling section
- Update info and update-alternatives requirements
- GNU awk 4.1.2:
* manual improved
* The debugger's "/restart"/ command now works again.
* Redirected getline is now allowed inside BEGINFILE/ENDFILE.
* A number of bugs have been fixed in the MPFR code.
* Indirect function calls now work for both built-in and extension
functions.
* Built-in functions are now included in FUNCTAB.
* In non-English locales, it was accidentally possible to use
non-english letters for identifiers
* The "/where"/ command has been added to the debugger as an alias
for "/backtrace"/.
* Gawk no longer explicitly checks the current directory after
doing a path search of AWKPATH.
* Infrastructure upgrades: Automake 1.15, Gettext 0.19.4,
Libtool 2.4.6, Bison 3.0.4.
* If a user-defined function has a parameter with the same name
as another user-defined function, it is no longer possible to
call the second function from inside the first.
* POSIX requires that the names of function parameters not be the
same as any of the special built-in variables and also not
conflict with the names of any functions. Gawk has checked for
the former since 3.1.7. With --posix, it now also checks for
the latter.
* The test suite should check for necessary locales and skip the
tests where it matters if support isn't what it should be.
* Gawk now expects to be compiled on a system with multibyte
character support.
- drop gawk-4.1.1-build-baddest.patch, upstream
- remove optional libsigsegv dependency
- GNU awk 4.1.1:
* The "/stat"/ extension now includes a "/devbsize"/ element which
indicates the units for the "/nblocks"/ element.
* A number of bugs in the pretty-printing / profiling code have
been fixed.
* The -O option now works again.
* The --include option, documented since 4.0, now actually works.
* Infrastructure updated to automake 1.13.4, bison 3.0.2, and
libtool 2.4.2.418.
* The configure script now accepts a --disable-extensions option,
which disables checking for and building the extensions.
* The API now provides functions pointers for malloc(), calloc(),
realloc() and free(), to insure that the same memory allocation
functions are always used. This bumps the minor version by one.
* The printf quote flag now works correctly in locales with
a different decimal point character but without a thousands
separator character. If the thousands separator is a string,
it will be correctly added to decimal numbers.
* The readfile extension now has an input parser that will read
whole files as a single record.
- packaging changes:
* remove added German po file and scanning of translations
* remove profiling, fixing warning make-check-outside-check-section
* remove autoreconf call
* drop gawk-3.1.8.diff
* drop older-automake.diff, not required for factory
* build with libsigsegv
* no not regenerate info pages
* add gawk-4.1.1-build-baddest.patch required for install
* switch to xz tarball
* verify source signature
- adjust update-alternative usage to packaging policy
(see http://lists.opensuse.org/opensuse-packaging/2014-02/msg00024.html)
- Update to version 4.1.0
* The three executables gawk, pgawk, and dgawk, have been merged into
one, named just gawk.
* The new -i option (from xgawk) is used for loading awk library files.
* The new -l option (from xgawk) is used for loading dynamic extensions.
* The dynamic extension interface has been completely redone. There is
now a defined API for C extensions to use. A C extension acts like
a function written in awk, except that it cannot do everything that awk
code can. However, this allows interfacing to any facility that is
available from C.
* The "/inplace"/ extension, built using the new facility, can be used to
simulate the GNU "/sed -i"/ feature.
* The and(), or() and xor() functions now take any number of arguments,
with a minimum of two.
* New arrays: SYMTAB, FUNCTAB, and PROCINFO["/identifiers"/]. SYMTAB allows
indirect access to any defined variable or array; it is possible to
"/walk"/ the symbol table, if that should be necessary.
- Refreshed gawk-3.1.8.diff
- Add older-automake.diff to support automake 1.12
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
- Remove unneded %clean section
- add explicit buildrequire makeinfo
- Update to version 4.0.1
* completed the implementation of Rational Range Interpretation
* failure to get the group set is no longer a fatal error
* lots of minor bugs fixed and portability clean-ups
- refreshed gawk-3.1.8.diff
- removed gawk-revert-gsub-gawk3.patch deprecated by this release
- keep binaries in /usr tree {UsrMerge project)
- Compress message catalog.
- Use latest german message catalog.
- Call update-po as part of package build.
- license update: GPL-3.0+
gawk is GPL-3.0+ in 4.0.0
- add automake as buildrequire to avoid implicit dependency
- Revert sub/gsub behavior to that of gawk 3.x. Upstream commit
16de770359370224129f23df745178efe518c02c
- Update to version 4.0.0 , important changes
* The special files /dev/pid, /dev/ppid, /dev/pgrpid and /dev/user are
now completely gone. Use PROCINFO instead.
* The POSIX 2008 behavior for `sub' and `gsub' are now the default.
* In POSIX mode, string comparisons use strcoll/wcscoll.
* Gawk now treats ranges of the form [d-h] as if they were in the C
- update to 3.1.8:
* The zero flag no longer applies to %c and %s; apparently the standards
changed at some point.
* Failure to open a socket is no longer a fatal error.
* dfa.h and dfa.c are now more-or-less in sync with GNU grep, for the first
time in many years.
* Gawk no longer includes its own copy of libsigsegv but it will use it if
installed on the build system. The --disable-libsigsegv configure option
is now gone.
* The ' flag (%'d) is now just ignored on systems that can't support it.
* Gawk now has support for z/OS (IBM S/390 architecture).
* Gawk now handles multibyte strings better in [s]printf with field
widths and such.
* A getline from a directory is no longer fatal; instead it returns -1.
* Per POSIX, special variable names (like FS) cannot be used as function
parameter names.
* The new -O / --optimize option enables simple constant folding on
the parse tree during parsing. We hope that with time the number
of optimizations will increase.
* Lots of bug fixes, see the ChangeLog.
- use %_smp_mflags
- use update-alternatives
- updated patches to apply with fuzz=0
- gcc10
-
- Update to GCC 10.3.0 release (63fa67847628e5f358e7e2e7e), git1587
- Disable nvptx offloading for aarch64 again since it doesn't work
- Update to gcc-10 branch head (892024d4af83b258801ff7484), git1574
* Includes GCC 10.3 RC1
- Update to gcc-10 branch head (592388d4f6e8a6adb470428fe), git1450
- Update to gcc-10 branch head (85977f624a34eac309f9d77a5), git1331
* Includes fix for [bsc#1182016]
- The 32bit nvptx libgomp plugin is no longer built, do not attempt
to package it.
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- Update to gcc-10 branch head (e563687cf9d3d1278f45aaebd), git1030
* Includes fix for firefox build [gcc#97918]
- Do not specify alternate offload compiler location at
configure time.
- Update README.First-for.SuSE.packagers
- Install offload compilers for gcc10-testresults build
- Enable fortran for offload compilers.
- Add gcc10-amdgcn-llvm-as.patch to fix build of amdgcn offload
compiler with llvm11.
- Update to gcc-10 branch head (98ba03ffe0b9f37b4916ce6238), git958.
* Includes fix for memcpy miscompilation on aarch64.
[bsc#1178624, bsc#1178577]
- Fix 32bit libgnat.so link. [bsc#1178675]
- prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it
stays /%lib. (boo#1029961)
- Update to gcc-10 branch head (a78cd759754c92cecbf235ac9b), git872.
- Build complete set of multilibs for arm-none target [bsc#1106014]
* Fixes inadvertant mixture of ARM and Thumb instructions in linker output
- Update to gcc-10 branch head (c0746a1beb1ba073c7981eb09f), git583.
* Fixes ABI breakage for as-base CDTORs of final classes. [gcc#95428]
- Update to gcc-10 branch head (d523b5201cce1796717a8ca669), git580.
* Includes gcc10-streamer-backports1.patch and
gcc10-streamer-backports2.patch.
* Includes fixes for LTO ICE [bsc#1175168] and aarc64 128bit
CAS miscompilation [bsc#1174753].
- Update to gcc-10 branch head (dda1e9d08434def88ed86557d0), git501.
* Includes fix for AARCH64 kernel build failure. [bsc#1174817]
* Includes aarch64 SLS mitigation changes. [bsc#1172798, CVE-2020-13844]
- Add gcc10-streamer-backports1.patch and gcc10-streamer-backports2.patch.
- Enable x86 CET runtime for SLES15 and Leap15 also.
- Do not enable the now deprecated HSA offloading capability.
- Update to gcc-10 branch head (c0438ced53bcf57e4ebb1c38c), git465.
* Includes GCC 10.2 release. [bsc#1173972] [jsc#ECO-2373]
* Picks up fixes for C++20 coroutines support. [jsc#SLE-12297]
* Picks up fix for a recent chromium build fail.
- Build x86 CET enabled runtime for Factory.
- Disable GCN offloading for SLE12 and SLE15 GA.
- Update to gcc-10 branch head (12e1a54b06777db74ce375496), git355.
* Includes fix for non-reproducible builds with LTO [bsc#1172846].
- Enable nvptx support for aarch64
- Update to gcc-10 branch head (c91e43e9363bd119a695d6450), git290.
* Includes fix for PR95719, fixing LibreOffice.
- Enable c++ for arm-none-eabi
- Update to gcc-10 branch head (b0461f44076c26ced5526e4fd6), git68.
- Add gcc10-foffload-default.patch to make offloading ignore
offload targets that have not been installed both at compile
and runtime (for the libgomp plugin part).
- Update to gcc-10 branch head (dd38686d9c810cecbaa80bb82e), git40.
* Includes GCC 10.1 release.
- Update to gcc-10 branch head (2aaa1dc3c87372fd55c1c33aa7a), git5.
* Includes first release candidate for GCC 10.1.
* Includes gcc10-pr94734.patch
- Update to master head (3685c5adf5c0b30268cb8f95c89e4), git176017.
- Add gcc10-pr94734.patch
- Update to master head (b835645c7a51b7e99092abe61d677), git175845.
- Drop to 4 jobs as constraint for s390x.
- Update to master head (effcb4181e143bc390286a489ff84), git175831.
- Package arm_cde.h and arm_mve_types.h for arm.
- Alter _constraints to also constrain jobs.
- Add libzstd-devel BuildRequires to cross compiler specs.
- Switch to release checking builds.
- Update to master head (2dc9294c3c7c81a6d5e1d4dedf58f), git175805.
- Update to master head (13e41d8b9d3d7598c72c38acc86a3), git175688.
- Update to master head (c72a1b6f8b26de37d1a922a8af143), git175641.
- Update to master head (038769535a8cbdd3dd3e100bde314), git175499.
- Update to master head (75c24a08d697d6442fe6c26142f05), git175422.
- Update to master head (7d4549b2cd209eb621453ce13be7f), git175366.
- Update to master head (c7e9019681857b329bbe4c1e7ec8d), git175348.
- Package arm_mve.h for arm.
- Update to master head (4e3d3e40726e1b68bf52fa205c68495124ea60b8).
- libgphobos and libgdruntime SONAME versions were reset to 1.
- Update to master head (3604480a6fe493c51d6ebd53d9b1abeebbbb828f).
- Update embedded newlib to newlib-3.3.0.tar.xz, drop old
newlib-3.1.0.tar.xz
- Enable support for amdgcn-amdhsa OpenMP/OpenACC offloading.
- Update to master head (655e5c29ae4080666154b3e10ac81116a1b7a638).
- Re-add gcc9-reproducible-builds.patch and
gcc9-reproducible-builds-buildid-for-checksum.patch.
- Update to master head (778a77357cad11e8dd4c810544330af0fbe843b1).
* Includes fix for binutils version parsing [gcc#93965]
- Add libstdc++6-pp provides and conflicts to avoid file conflicts
with same minor version of libstdc++6-pp from gcc9.
- Disable zstd use for SLES15 and older.
- Bump to rfa1160f6e50500aa38162fefb43bfb10c25e0363.
- Bump to r33351ff9faa21c4c1af377d661a52ac0ce366db3.
- Adjust installed headers for arm and aarch64, enable link-mutex
for riscv64.
- Don't remove go tool buildid, needed for bootstrapping go
- Increase disk constraint
- Bump to rc940105cc17111be98d8d42ba48a413b0e63aebe.
- Bump libtool version of libgo.
- Bump to r269e8130b77065452698ab97e5da77d132d00276.
- Bump to r507de5ee23efdc8a16d6b0b6488e118055c711cd.
- Add lto-dump to cross packages.
- New package, inherits from gcc9
* gcc-add-defaultsspec.diff, add the ability to provide a specs
file that is read by default
* tls-no-direct.diff, avoid direct %fs references on x86 to not
slow down Xen
* gcc43-no-unwind-tables.diff, do not produce unwind tables for
CRT files
* gcc41-ppc32-retaddr.patch, fix expansion of __builtin_return_addr
for ppc, just a testcase
* gcc44-textdomain.patch, make translation files version specific
and adjust textdomain to find them
* gcc44-rename-info-files.patch, fix cross-references in info files
when renaming them to be version specific
* gcc48-libstdc++-api-reference.patch, fix link in the installed
libstdc++ html documentation
* gcc48-remove-mpfr-2.4.0-requirement.patch, make GCC work with
earlier mpfr versions on old products
* gcc5-no-return-gcc43-workaround.patch, make build work with
host gcc 4.3
* gcc7-remove-Wexpansion-to-defined-from-Wextra.patch, removes
new warning from -Wextra
* gcc7-avoid-fixinc-error.diff
- gdbm
-
- Update to version 1.12
* New configuration variable COMPATINCLUDEDIR
- Small spec file cleanups
- Clenup spec file with spec-cleaner
- Update project and download url
- Add gpg signature
- Enable checks
- Add obsoletes to baselibs.conf.
- update to 1.11:
* Improved dump format.
* New function: gdbm_count.
* New utilities: gdbm_dump and gdbm_load.
* gdbmtool
- Specify exact version requirements for build
- buildrequire makeinfo
- license update: GPL-3.0+
See the COPYING file
- update license to new format
- update baselibs.conf
- update to 1.10
* fully internationalized. available in Finnish
,German, Japanese, Polish and Ukrainian
* Support for close-on-exec flag in gdbm_open (see GDBM_CLOEXEC in the docs)
* Improved testgdbm command system
* Fixed Bug #150, should handle read(2) returning less data
* Fixed Bug #151, uses uninitialized memory content
* Fixed handling of NDBM databases in read-only mode
- add zh_CN translation
* manually add. will submit to upstream.
- drop gdbm-1.8.3.diff (Patch0)
* seems this one is useless.
- regenerate and change gdbm-1.8.3-no-build-date.patch (Patch4) to
gdbm-no-build-date.patch
* its an universal solution no matter the version.
- drop gdbm-protoize_dbm_headers.patch (Patch1)
* upstream fixed.
- drop gdbm-prototype_static_functions.patch (Patch2)
* upstream fixed.
- drop gdbm-fix_testprogs.patch (Patch3)
* upstream code change. now useless.
- Fixed typos in gdbm.spec descriptions
- fix baselibs.conf
- Name library package according to shlib policy
- Update description, source text from GNU homepage
- Remove redundant tags/sections
- Replace /usr/%_lib by simpler %_libdir
- add libtool as buildrequire to make the spec file more reliable
- fixed wrong header of dbmclose() in our
protoize_dbm_headers.patch [bnc#640700]
- DO not include a compile date in the resulting binaries
- use %_smp_mflags
- add baselibs.conf as a source
- Enable parallel building for gdbm package
- gettext-runtime
-
- Fix boo941629-unnessary-rpath-on-standard-path.patch (boo#941629)
- update to 0.20.2:
* The programs 'gettext', 'ngettext', when invoked with option -e,
now expand '/' and octal escape sequences, instead of
swallowing them
* xgettext now recognizes 'gettext' program invocations with the
'-e' option, such as gettext -e 'somenstringn'
* xgettext now assumes a Python source file is in UTF-8 encoding
by default, as stated in PEP 3120
* The value of the 'Icon' property is no longer extracted into
the POT file by xgettext
- Don't disable openmp with qemu, the emulation works now
- Add libtextstyle0 to baselibs.conf: gettext-runtime-32bit has a
dependency on it, so we also need the library built as -32bit.
- Add missing Requires: libtextstyle0 in corresponding devel package,
drop gettext-runtime Requires.
- Skip creation of shared libtextstyle in -mini flavor.
- Statically link to libtextstyle in -mini flavor, fixes
broken bootstrap of gettext.
- Add -lm to LDFLAGS (boo#1138806)
- Added xz to requires (boo#1141380)
- The previous update to 0.20.1 also fixes (boo#1113719)
- Remove autoreconf call (not required), and drop the no longer
required libtool build dependency.
- Heed SLPP by placing libtextstyle.so.0 in the right package.
- Drop documentation from libtextstyle0, no one will read it there.
- Drop static library.
- Remove pointless ldconfig calls for libtextstyle-devel.
- Avoid pointless sh invocation of libtextstyle0 scriptlets.
- Avoid unnecessary |xargs rm.
- Remove redundant %clean section.
- Disable LTO (boo#1138806).
- Updatetd to 0.20.1
+ msgfmt now eliminates the POT-Creation-Date header field from .mo files.
+ update-po target in Makefile.in.in now uses msgmerge --previous.
+ msgmerge now has an option --for-msgfmt, that produces a PO file meant
for use by msgfmt only. This option saves processing time, in particular
by omitting fuzzy matching that is not useful in this situation.
+ The .pot file in a 'po' directory is now erased by "/make maintainer-clean"/.
+ It is now possible to override xgettext options from the po/Makefile.in.in
through options in XGETTEXT_OPTIONS (declared in po/Makevars).
+ The --intl option of the gettextize program (deprecated since 2010) is
no longer available. Instead of including the intl sources in your package,
we suggest making the libintl library an optional prerequisite of your
package. This will simplify the build system of your package.
+ Accordingly, the Autoconf macro AM_GNU_GETTEXT_INTL_SUBDIR is gone as well.
+ C, C++:
* xgettext now supports strings in u8"/..."/ syntax, as specified in C11
and C++11.
* xgettext now supports 'p'/'P' exponent markers in number tokens, as
specified in C99 and C++17.
+ C++:
* xgettext now supports single-quotes in number tokens, as specified in
C++14.
+ Shell:
* The programs 'gettext', 'ngettext' now support a --context argument.
* gettext.sh contains new function eval_pgettext and eval_npgettext
for producing translations of messages with context.
+ Perl:
* Native support for context functions (pgettext, dpgettext, dcpgettext,
npgettext, dnpgettext, dcnpgettext).
* better detection of question mark and slash as operators (as opposed
to regular expression delimiters).
+ Scheme:
* xgettext now parses the syntax for specialized byte vectors (#u8(...),
[#]vu8(...), etc.) correctly.
+ Pascal:
* xgettext can now extract strings from .rsj files, produced by the
Free Pascal compiler version 3.0.0 or newer.
+ Vala:
* xgettext now parses escape sequences in strings more accurately.
+ JavaScript:
* xgettext now parses template literals correctly.
- Rebased gettext-dont-test-gnulib.patch
- Removed gettext-needlessly_init_vars.patch (now in upstream)
- Rebased gettext-po-mode.diff
- Removed msgfmt-remove-pot-creation-date.patch (now in upstream)
- Removed msgfmt-reset-msg-length-after-remove.patch (now in upstream)
- Removed parts of reproducible.patch (now in upstream)
- reproducible.patch: generate timestamp in .pot files from SOURCE_DATE_EPOCH
for reproducible builds
- Only Require(Pre/Post) info in the non-mini variant: as the -mini
version is only used inside OBS, it is irrelevant if the info
files are present and registered or not.
- Add reproducible.patch to override build date (boo#1047218)
- Add patch msgfmt-reset-msg-length-after-remove.patch
which does reset the length of message string after a line
has been removed (boo#1106843)
- Use %license instead of %doc [bsc#1082318]
- Fix %install_info_delete usage:
* It has to be performed in %preun, not %postun.
* This fixes warning messages upon package removal.
- Ignore Recommends: on non-SUSE distributions
- Explicitly remove %{_infodir}/dir before creating package to
allow builds on RHEL and derived Linux distributions
- Ignore rpm-build's dependency on gettext-tools while building
the -mini variant: before gettext-runtime-mini is built, there is
no provider of this symbol in a bootstrap cycle.
- Explicitly call autoreconf, as we have patches touching the build
system. Implicit calling automake/autoconf works only as long as
the version on the system is the same as was used to bootstrap
originally.
- Add msgfmt-remove-pot-creation-date.patch
to enable reproducible builds of packages using gettext-runtime
such as dfc, e2fsprogs and acl
- GNU gettext 0.19.8.1:
* Fix unintentional soname bump
- GNU gettext 0.19.8:
* msgfmt now produces little-endian .mo files by default.
* xml: xgettext and msgfmt now look for .its files in directories
supplied through the GETTEXTDATADIRS or XDG_DATA_DIRS
environment variable.
* JavaScript: xgettext and msgfmt now recognize numbered
arguments in format strings.
- drop gettext-runtime-grep-2.24.patch, no longer required for 2.25
- GNU gettext 0.19.7:
* can now load custom string extraction rules in XML
Internationalization Tag Set (ITS) standard
* the existing XML-based language scanners (Glade, GSettings, and
AppData) rewritten using ITS
* Add msgfmt --xml option to merge translations back to the
original XML document.
- Add gettext-runtime-grep-2.24.patch: Fix test suite with
grep 2.24 (https://savannah.gnu.org/bugs/index.php?47674).
- Recommend bison-lang by gettext-tools, as it is used by them.
- GNU gettext 0.19.6:
* Support AppData file format
* New macro AM_GNU_GETTEXT_REQUIRE_VERSION
* po/Makefile.in.in can now insert the file $(DOMAIN).pot-header
to $(DOMAIN).pot, instead of the standard header comments.
* Fix mishandling of gettext version numbers for minor releases, in
po-mode.el and gettextize.
* Fix build with --enable-relocatable.
- remove no longer required gettext-0.19.5.1-gettextize.diff
- add patch: boo941629-unnessary-rpath-on-standard-path.patch
* config.rpath from gettext-tools will set rpath for ELF binaries
not in /usr/lib, even if it's the standard path the linker
would search anyway.
- Add gettext-0.19.5.1-gettextize.diff
* workaround gettextize in gettext 0.19.5.1, see
http://lists.gnu.org/archive/html/bug-gettext/2015-07/msg00027.html
- GNU gettext 0.19.5.1:
* fix build on old platforms where stpcpy and stpncpy is missing
- GNU gettext 0.19.5:
* xgettext: feature to perform syntax checks on msgid, via
- -check option or "/xgettext: "/ commentgs
* msgfilter, msgexec: new option --newline
* The base Unicode standard is now updated to 8.0.0.
* msginit is now capable of generating "/Plural-Forms:"/ from
Unicode CLDR. Via GETTEXTCLDRDIR environment variable.
* Improved Programming languages support
* drop gettext-check-allocated-size-for-static-segment.patch,
is upstream
- Add gettext-check-allocated-size-for-static-segment.patch from upstream
* Check if the embedded segment size is valid, before adding it to
the string length. Please see
http://lists.gnu.org/archive/html/bug-gettext/2015-03/msg00005.html
- GNU gettext 0.19.4:
* The --keyword option of xgettext now accepts same argument
number for both singular and plural forms.
* Programming languages support:
- C#: xgettext now properly handles Unicode characters encoded
with surrogate pairs.
- C/C++: xgettext now recognizes ISO/IEC 9899:2011 string
literals prefixed by R, u8, u8R, u, uR, U, UR, L, or LR.
- Shell: xgettext now properly recognizes Bash ANSI-C quoting
($'...').
* Bug fixes:
- Fix integer overflow when reading certain MO files with
msgunfmt.
- Avoid invalid memory access in various cases. In particular,
when the same argument number is specified for singular/
plural arguments, and when checking Lisp and Scheme format
strings.
- fix 'echo -e' in cvs.sh script that may be unsupported in some
POSIX-complete shells
- add patches:
* gettext-0.19.3-fix-bashisms.patch
- GNU gettext 0.19.3:
* Fix xgettext mishandling of octal character escapes in C.
* Fix autopoint infinite recursion with certain configure.ac.
* The po/Makevars file has a new field MSGINIT_OPTIONS, that can
be used to adjust msginit's operation. This is particularly
useful for controlling line wrapping behavior together with
MSGMERGE_OPTIONS and XGETTEXT_OPTIONS.
- glib2
-
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328,
glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
guint as parameter and sometimes leads into an integer overflow,
so add a g_memdup2 function which uses gsize to replace it.
(bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
glgo#GNOME/glib!1943)
- Add patches to support for slim format of timezone (bsc#1178346):
+ glib2-add-support-for-slim-timezone-format.patch: basic support
for slim format (glgo#GNOME/glib!1533).
+ glib2-fix-6-days-until-the-end-of-the-month.patch: fix DST
incorrect end day when using slim format
(glgo#GNOME/glib!1683).
- Update to version 2.62.6:
+ This is expected to be the final release in the 2.62.x stable
series; maintenance effort will shift to the newer 2.64.x
stable series now.
+ Fix SOCKS5 username/password authentication.
+ Exception handling fixes on Windows.
+ Bugs fixed: glgo#GNOME/GLib#1986, glgo#GNOME/GLib#1988,
glgo#GNOME/GLib#2049, glgo#GNOME/GLib!1378,
glgo#GNOME/GLib!1380, glgo#GNOME/GLib!1393,
glgo#GNOME/GLib!1394, glgo#GNOME/GLib!1411.
+ Updated translations.
- Update to version 2.62.5:
+ Fix potential relative read when calling g_printerr(), which
could lead to a denial of service from a setuid-root process
being used to block access to the TTY for another user.
+ Fix SOCKS proxy resolver sometimes not being used when
resolving addresses via Happy Eyeballs (CVE-2020-6750).
+ Several other Happy Eyeballs fixes for address resolution.
+ Fix parsing of full Julian day range from `$TZ` environment
variable.
+ Several race condition/crash fixes.
+ Bugs fixed: glgo#GNOME/GLib#1919, glgo#GNOME/GLib#1995,
glgo#GNOME/GLib#1999, glgo#GNOME/GLib!1323,
glgo#GNOME/GLib!1331, glgo#GNOME/GLib!1352,
glgo#GNOME/GLib!1361, glgo#GNOME/GLib!1365,
glgo#GNOME/GLib!1370, glgo#GNOME/GLib!1371.
+ Updated translations.
- No longer recommend -lang: supplements are in use
- Update to version 2.62.4:
+ Apply recursion depth limits to variants in D-Bus messages.
+ Bugs fixed: glgo#GNOME/GLib#1938, glgo#GNOME/GLib!1240,
glgo#GNOME/GLib!1257, glgo#GNOME/GLib!1266,
glgo#GNOME/GLib!1276, glgo#GNOME/GLib!1290.
- Update to version 2.62.3:
+ Use `poll()` in `g_spawn_sync()` rather than `select()`, which
is subject to FD limits.
+ Fix undefined behaviour with `g_utf8_find_prev_char()`.
+ Bugs fixed: glgo#GNOME/GLib#954, glgo#GNOME/GLib#1318,
glgo#GNOME/GLib#1897, glgo#GNOME/GLib#1903,
glgo#GNOME/GLib#1916, glgo#GNOME/GLib#1917,
glgo#GNOME/GLib!1174, glgo#GNOME/GLib!1184,
glgo#GNOME/GLib!1194, glgo#GNOME/GLib!1203,
glgo#GNOME/GLib!1207, glgo#GNOME/GLib!1215,
glgo#GNOME/GLib!1219, glgo#GNOME/GLib!1222,
glgo#GNOME/GLib!1228.
- Re-enable systemtap, and require systemtap-headers and
systemtap-dtrace, rather than systemtap-sdt-devel, to avoid build
cycle (boo#1145438).
- Own /usr/share/systemtap{|tapset} directories, since we no
longer have systemtap-sdt-devel in BuildRequires.
- Disable lto if systemtap is enabled: build fails otherwise.
- Update to version 2.62.2:
+ Bugs fixed:
- glgo#GNOME/GLib#1896: Use after free when calling
g_dbus_connection_flush_sync() in a dedicated thread.
- glgo#GNOME/GLib!1154: Backport glgo#GNOME/GLib!1152
“gwinhttpvfs: Handle g_get_prgname() returning NULL” to
glib-2-62.
- glgo#GNOME/GLib!1156: Backport glgo#GNOME/GLib!1146 Solaris
fixes to glib-2-62.
- Update to version 2.62.1:
+ Fix regression in g_file_copy() when passing
`G_FILE_COPY_TARGET_DEFAULT_PERMS` flag; the destination
permissions would be private rather than following the process’
umask.
+ Several `GDateTime` parsing fixes.
+ Always build the tests if installed-tests are enabled, so that
the tests can actually be installed.
+ Bugs fixed: glgo#GNOME/GLib#174, glgo#GNOME/GLib#1865,
glgo#GNOME/GLib#1875, glgo#GNOME/GLib#1887,
glgo#GNOME/GLib#1888, glgo#GNOME/GLib!1021,
glgo#GNOME/GLib!1094, glgo#GNOME/GLib!1101,
glgo#GNOME/GLib!1102, glgo#GNOME/GLib!1103,
glgo#GNOME/GLib!1127, glgo#GNOME/GLib!1128,
glgo#GNOME/GLib!1140, glgo#GNOME/GLib!1141,
glgo#GNOME/GLib!1142.
+ Updated translations.
- Update to version 2.62.0:
+ Fix new `GFileInfo` APIs to work when
`G_FILE_ATTRIBUTE_TIME_MODIFIED_USEC` was not queried.
+ Bugs fixed: glgo#GNOME/GLib#487, glgo#GNOME/GLib!1084,
glgo#GNOME/GLib!1086,glgo#GNOME/GLib!1087.
- Update to version 2.61.3:
+ Support setting thread name on BSD systems.
+ Install previously-uninstalled headers for public
`GNativeSocketAddress` object.
+ Very initial support for Windows apps (UWP).
+ Add various new valgrind suppressions to `glib.supp`.
+ Bugs fixed: glgo#GNOME/GLib!83, glgo#GNOME/GLib!512,
glgo#GNOME/GLib!873, glgo#GNOME/GLib!905, glgo#GNOME/GLib!1057,
glgo#GNOME/GLib!1309, glgo#GNOME/GLib!1620,
glgo#GNOME/GLib!1761, glgo#GNOME/GLib!1803,
glgo#GNOME/GLib!1819, glgo#GNOME/GLib!1852,
glgo#GNOME/GLib!1854, glgo#GNOME/GLib!1860,
glgo#GNOME/GLib!1863, glgo#GNOME/GLib!1867,
glgo#GNOME/GLib!1870, glgo#GNOME/GLib!1879,
glgo#GNOME/GLib!1880, glgo#GNOME/GLib!1881,
glgo#GNOME/GLib!1002, glgo#GNOME/GLib!1011,
glgo#GNOME/GLib!1015, glgo#GNOME/GLib!1016,
glgo#GNOME/GLib!1017, glgo#GNOME/GLib!1023,
glgo#GNOME/GLib!1026, glgo#GNOME/GLib!1027,
glgo#GNOME/GLib!1031, glgo#GNOME/GLib!1032,
glgo#GNOME/GLib!1033, glgo#GNOME/GLib!1034,
glgo#GNOME/GLib!1036, glgo#GNOME/GLib!1037,
glgo#GNOME/GLib!1044, glgo#GNOME/GLib!1049,
glgo#GNOME/GLib!1050, glgo#GNOME/GLib!1054,
glgo#GNOME/GLib!1057, glgo#GNOME/GLib!1059,
glgo#GNOME/GLib!1066, glgo#GNOME/GLib!1068,
glgo#GNOME/GLib!1071, glgo#GNOME/GLib!1074,
glgo#GNOME/GLib!1075.
- Update to version 2.61.2:
+ Add various new array functions (#236, #269, #373).
+ Rework how D-Bus connections are closed/unreffed when
`g_test_dbus_down()` is called. Tests which leak a
`GDBusConnection` may now time out and abort, rather than
silently leaking. (#787)
+ Add a deprecation macro for GLib macros, and use it;
third-party uses of long-deprecated GLib macros may now start
causing warnings. (#1060).
+ Deprecate `GTime` and `GTimeVal`, and various functions which
use them. Use `GDateTime` and `guint64` UNIX timestamps
instead.
+ Stop using `G_DISABLE_DEPRECATED` to allow disabling
deprecation warnings; third-party code should now be using
`GLIB_VERSION_{MIN_REQUIRED, MAX_ALLOWED}` to control symbol
usage.
+ Improve `GNetworkMonitor` detection of offline states (#1788).
+ Fix CVE-2019-12450, wide permissions of files when copying
using GIO.
- Changes from version 2.61.1:
+ Upgrade to Unicode Character Database v12.1.
+ Improve network availability detection with NetworkManager to
treat lower levels of connectivity as having reduced
availability.
- Changes from version 2.61.0:
+ Add coloured output support to `gdbus introspect.
+ Updated translations.
- Update to version 2.60.7:
+ Bugs fixed: glgo#GNOME/GLib#1819, glgo#GNOME/GLib#1847,
glgo#GNOME/GLib!1012, glgo#GNOME/GLib!1013,
glgo#GNOME/GLib!1061, glgo#GNOME/GLib!1065,
glgo#GNOME/GLib!1081.
- Update to version 2.60.6:
+ Fix various bugs with use of the `GKeyfileSettingsBackend`
within flatpaks (glgo#GNOME/GLib!984, glgo#GNOME/GLib!985,
glgo#GNOME/GLib#1825).
+ Bugs fixed: glgo#GNOME/GLib!993, glgo#GNOME/GLib!984,
glgo#GNOME/GLib!985.
- Drop glib2-keyfile-handle-filename-being-null.patch: Fixed
upstream.
- Add glib2-keyfile-handle-filename-being-null.patch: key file:
Handle filename being NULL (glgo#GNOME/GLib!1825,
glgo#GNOME/GLib#984).
- Update to version 2.60.5:
+ Fix implicit use of the `GKeyfileSettingsBackend`.
+ Fix opening a URI using the ‘Open URI’ portal.
+ Bugs fixed: glgo#GNOME/GLib!910, glgo#GNOME/GLib!949,
glgo#GNOME/GLib!956, glgo#GNOME/GLib!958, glgo#GNOME/GLib!969,
glgo#GNOME/GLib!977.
- Update to version 2.60.4:
+ Fixes to improved network status detection with NetworkManager.
+ Leak fixes to some `glib-genmarshal` generated code.
+ Further fixes to the Happy Eyeballs (RFC 8305) implementation.
+ File system permissions fix to clamp down permissions in a
small time window when copying files (CVE-2019-12450).
+ Bugs fixed: glgo#GNOME/GLib#1755, glgo#GNOME/GLib#1788,
glgo#GNOME/GLib#1792, glgo#GNOME/GLib#1793,
glgo#GNOME/GLib#1795, glgo#GNOME/GLib!865, glgo#GNOME/GLib!878.
- Set umask to 022 before running glib-compile-schemas
(boo#1131761).
- Update to version 2.60.3:
+ * Various fixes to small key/value support in `GHashTable`.
* Bugs fixed:
- Critical in g_socket_client_async_connect_complete.
- New GHashTable implementation confuses valgrind.
- test_month_names: assertion failed.
- GNetworkAddressAddressEnumerator unsafely modifies cache in
GNetworkAddress.
- Leaks in gsocketclient.c connection code.
- glib/date test fails.
- GDB pretty-printer for GHashTable no longer works
+ Updated translations.
- Move glib2.macros to %_rpmmacrodir. /etc is for the system admin.
- Update to version 2.60.2:
+ Fix crash when displaying notifications on macOS.
+ Improve network status detection with NetworkManager.
+ Bugs fixed: glgo#GNOME/GLib!790, glgo#GNOME/GLib!793,
glgo#GNOME/GLib!803.
+ Updated translations.
- Use FAT LTO objects in order to provide proper static library (boo#1133129).
- Update to version 2.60.1:
+ Fix documentation for `gdbus-tool wait` to use correct units.
+ Bugs fixed: glgo#GNOME/GLib#1709, glgo#GNOME/GLib#1725,
glgo#GNOME/GLib#1737, glgo#GNOME/GLib!711, glgo#GNOME/GLib!722,
glgo#GNOME/GLib!727, glgo#GNOME/GLib!729, glgo#GNOME/GLib!758,
glgo#GNOME/GLib!775.
+ Updated translations.
- Drop upstream fixed patch:
0001-Handle-an-UNKNOWN-NetworkManager-connectivity-as-NONE.patch.
- Add patch submitted upstream to handle an UNKNOWN NM connectivity
the same as a NONE value. This partly fixes boo#1103678
(packagekit reports the network as available on a computer
without network connectivity which makes plasma-pk-update start
an update check which obviously fails).
* 0001-Handle-an-UNKNOWN-NetworkManager-connectivity-as-NONE.patch
- Update to version 2.60.0:
+ Further fixes to the Happy Eyeballs (RFC 8305) implementation.
+ Add support for the XDG trash portal.
+ Bugs fixed: glgo#GNOME/GLib#1653, glgo#GNOME/GLib#1658,
glgo#GNOME/GLib#1668, glgo#GNOME/GLib#1675,
glgo#GNOME/GLib#1676, glgo#GNOME/GLib#1679,
glgo#GNOME/GLib#1693, glgo#GNOME/GLib#1697,
glgo#GNOME/GLib#1698, glgo#GNOME/GLib!276, glgo#GNOME/GLib!639,
glgo#GNOME/GLib!666, glgo#GNOME/GLib!674, glgo#GNOME/GLib!676,
glgo#GNOME/GLib!677, glgo#GNOME/GLib!686, glgo#GNOME/GLib!688,
glgo#GNOME/GLib!689, glgo#GNOME/GLib!691, glgo#GNOME/GLib!692,
glgo#GNOME/GLib!696, glgo#GNOME/GLib!698, glgo#GNOME/GLib!699,
glgo#GNOME/GLib!702, glgo#GNOME/GLib!703.
+ Updated translations.
- Update to version 2.59.2:
+ Fix check on GDBusMessage size when reading it.
+ Add async GIO API: g_file_query_default_handler_async(),
g_app_info_launch_uris_async().
+ Fix some bugs in the Happy Eyeballs implementation.
+ Install a new generated header with enum types for Unicode
enums.
+ Support the XDG trash portal.
+ Bugs fixed: glgo#GNOME/GLib#1224, glgo#GNOME/GLib#1249,
glgo#GNOME/GLib#1347, glgo#GNOME/GLib#1376,
glgo#GNOME/GLib#1642, glgo#GNOME/GLib#1646,
glgo#GNOME/GLib#1649, glgo#GNOME/GLib#1673,
glgo#GNOME/GLib!276, glgo#GNOME/GLib!481, glgo#GNOME/GLib!585,
glgo#GNOME/GLib!593, glgo#GNOME/GLib!609, glgo#GNOME/GLib!619,
glgo#GNOME/GLib!622, glgo#GNOME/GLib!626, glgo#GNOME/GLib!627,
glgo#GNOME/GLib!629, glgo#GNOME/GLib!630.
+ Updated translations.
- BuildIgnore glib2-devel: since we have to require gtk-doc in
order to produce the doc, we gained an implicit dependency on
ourselves. The gtk-doc dependency is correct, but glib happens
to be buildable without this dependency too.
- Rework the check section to be in an own if/endif block so that
spec-cleaner is not getting confused by it.
- Conditionalize enabling of systemtap, default disabled: it
creates a build loop.
- Update to version 2.59.1:
+ Autotools support is gone.
+ g_format_size() now uses a no-break space to separate digits
and units; translations will need to be updated accordingly.
+ New g_queue_clear_full() API.
+ Fix argument quoting on win32 when spawning subprocesses.
+ Allow polling more than 64 handles on win32 using g_poll().
+ Tag various tests as ‘flaky’. These are no longer run routinely
on our upstream CI machines, and downstream packagers may want
to not run them (or not treat those test failures as package
build failures) on their test machines either. They are in the
`flaky` test suite.
+ Add overlay support to g_resources_get_info().
+ Support defaults and locks in the keyfile GSettings backend.
This will be used for flatpaks.
+ Accept unquoted strings in the keyfile GSettings backend to
simplify things for sysadmins.
+ Update our contribution guidelines (`CONTRIBUTING.md`).
+ Add writev() and writev_all() APIs to GOutputStream and
GPollableOutputStream, and provide implementations of them for
many subclasses.
+ Many more bugs fixed, see package NEWS file for full list.
+ Updated translations.
- Remove conditionals for meson build, use meson unconditionally
following upstreams removal of autotools.
- Add new glib2-tests subpackage.
- Update to version 2.59.0:
+ This will be the last development release with autotools
support. As our Meson support has been around since 2.56.x, and
was used to release tarballs in 2.58.x, the next development
release (2.59.1) will drop autotools as used to build GLib. The
macros installed for other packages to use will remain.
+ Add `G_TEST_OPTION_ISOLATE_DIRS` to redirect `XDG_*_HOME` to a
temporary directory for each unit test.
+ Support `Property.EmitsChangedSignal` annotations in
`gdbus-codegen`.
+ Add `g_assert_cmpvariant()` API for unit tests.
+ Hide bind mounts from GIO mount listings.
+ Automatically realign data passed to
`g_variant_new_from_bytes()` or `g_variant_new_from_data()` if
it is not correctly aligned. This prevents misaligned accesses
on architectures which don’t support them. Callers should still
aim to correctly align data to get higher performance.
+ Support `ld -b binary` (on platforms which support it; i.e.
Linux) to provide large pre-compiled `GResource` resources with
a fast compilation time.
+ Unconditionally install GLib m4 macros, so that projects which
depend on GLib and which still build using autotools can
continue to build even once GLib has ported entirely to Meson.
+ Various fixes to the Meson build.
+ Drop Python 2 support and require Python 3.4+. See discussion
on https://mail.gnome.org/archives/desktop-devel-list/2018-July/msg00004.html.
+ `GHashTable` performance and memory improvements for common
cases. See
https://hpjansson.org/blag/2018/07/24/a-hash-table-re-hash/.
+ Add flags that allow a `GApplication` to signal and replace a
currently running other instance of the same `GApplication`.
This will be used for app upgrades with flatpak.
+ Autostart xdg-desktop-portal when using the network monitor and
proxy monitor portal backends.
+ Add a g_task_set_name() API to allow `GTask`s to be described;
useful for debugging.
+ Enable FreeBSD CI on every commit for upstream GLib.
+ Various GVariant, GMarkup and GDBus fuzzing fixes, including
buffer overflow fixes.
+ Various fixes to eliminate thread races, found by thread
sanitizer (tsan).
+ Deprecate TLS/DTLS rehandshaking, as it has been removed from
the protocol in TLS 1.3.
+ Support reading arguments from a file with `glib-mkenums`,
which is useful for long argument lists due to having deeply
nested build directories, on systems with a low limit on the
command line length.
+ Make `g_environ_*()` case-insensitive on Windows, as the
environment itself is case-insensitive on Windows.
+ Add Application Layer Protocol Negotiation (ALPN) support to
`GTlsConnection` and `GDtlsConnection`, so that higher layer
protocols can be negotiated when setting up a TLS connection,
without additional round trips and latency. This is needed for
eventual HTTP/2 support.
+ Add support for TPM keys in PEM files when loading TLS
certificates.
+ Add a `GRecMutexLocker` auto-pointer wrapper for `GRecMutex`.
+ Many more bugs fixed, see package NEWS file for full list.
+ Updated translations.
- Update to version 2.58.3:
+ Fix GVariant tests on i686.
+ Fix crashes caused by filtering of mounts.
+ Bugs fixed: glgo#gnome/GLib#1626, glgo#gnome/GLib#1637,
glgo#gnome/GLib#1645, glgo#gnome/GLib!558, glgo#gnome/GLib!577,
glgo#gnome/GLib!578.
- Update to version 2.58.2:
+ Fix calling gdbus-codegen with --interface-info-{header,body}.
+ Fix parsing month names in certain locales with
g_date_set_parse().
+ Fix ^*ay handling in g_variant_iter_loop().
+ Various buffer overflow fixes in GMarkup/GVariant/GDBus.
+ A huge number of fixes to the Meson build.
+ Prevent bind mounts being advertised as mounts.
+ Fix cross-compilation of 2.58.x releases with autotools.
+ Bugs fixed: glgo#gnome/GLib!527, glgo#gnome/GLib#1605,
glgo#gnome/GLib#1271, glgo#gnome/GLib#1546,
glgo#gnome/GLib#1527, glgo#gnome/GLib!406, glgo#gnome/GLib!334,
glgo#gnome/GLib#1528, glgo#gnome/GLib#1539,
glgo#gnome/GLib#1536, glgo#gnome/GLib#1544,
glgo#gnome/GLib#1562, glgo#gnome/GLib!367, glgo#gnome/GLib!416,
glgo#gnome/GLib#1572, glgo#gnome/GLib#1522,
glgo#gnome/GLib#1576, glgo#gnome/GLib!407,
glgo#gnome/GLib#1582, glgo#gnome/GLib!428,
glgo#gnome/GLib#1588, glgo#gnome/GLib!462,
glgo#gnome/GLib!238, glgo#gnome/GLib!312, glgo#gnome/GLib#1520,
glgo#gnome/GLib!403, glgo#gnome/GLib#1543,
glgo#gnome/GLib!414, glgo#gnome/GLib!409, glgo#gnome/GLib!400,
glgo#gnome/GLib!430, glgo#gnome/GLib!437, glgo#gnome/GLib#1337,
glgo#gnome/GLib!542, glgo#gnome/GLib#1343, glgo#gnome/GLib!471,
glgo#gnome/GLib!544, glgo#gnome/GLib#945, glgo#gnome/GLib#1014,
glgo#gnome/GLib#656, glgo#gnome/GLib#1313, glgo#gnome/GLib!346.
+ Updated translations.
- Drop upstream fixed patches:
+ 0001-gvariant-Fix-checking-arithmetic-for-tuple-element-e.patch
+ 0002-gvarianttype-Impose-a-recursion-limit-of-64-on-varia.patch
+ 0003-gvariant-Check-array-offsets-against-serialised-data.patch
+ 0004-gvariant-Check-tuple-offsets-against-serialised-data.patch
+ 0005-gvariant-Limit-GVariant-strings-to-G_MAXSSIZE.patch
+ 0006-gdbusmessage-Validate-type-of-message-header-signatu.patch
+ 0007-gdbusmessage-Improve-documentation-for-g_dbus_messag.patch
+ 0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
+ 0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
+ 0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
+ 0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
+ 0010-gdbusmessage-Check-for-valid-GVariantType-when-parsi.patch
+ 0011-gvariant-Clarify-internal-documentation-about-GVaria.patch
+ 0012-tests-Tidy-up-GError-handling-in-gdbus-serialization.patch
+ 0013-tests-Use-g_assert_null-in-gdbus-serialization-test.patch
+ 0014-gutf8-Add-a-g_utf8_validate_len-function.patch
+ 0015-glib-Port-various-callers-to-use-g_utf8_validate_len.patch
- Add patchset to fix gvariant parsing issues. (bsc#1111499).
0001-gvariant-Fix-checking-arithmetic-for-tuple-element-e.patch
0002-gvarianttype-Impose-a-recursion-limit-of-64-on-varia.patch
0003-gvariant-Check-array-offsets-against-serialised-data.patch
0004-gvariant-Check-tuple-offsets-against-serialised-data.patch
0005-gvariant-Limit-GVariant-strings-to-G_MAXSSIZE.patch
0006-gdbusmessage-Validate-type-of-message-header-signatu.patch
0007-gdbusmessage-Improve-documentation-for-g_dbus_messag.patch
0008-gdbusmessage-Clarify-error-returns-for-g_dbus_messag.patch
0009-gdbusmessage-Fix-a-typo-in-a-documentation-comment.patch
0010-gdbusmessage-Check-for-valid-GVariantType-when-parsi.patch
0011-gvariant-Clarify-internal-documentation-about-GVaria.patch
0012-tests-Tidy-up-GError-handling-in-gdbus-serialization.patch
0013-tests-Use-g_assert_null-in-gdbus-serialization-test.patch
0014-gutf8-Add-a-g_utf8_validate_len-function.patch
0015-glib-Port-various-callers-to-use-g_utf8_validate_len.patch
- Update to version 2.58.1:
+ Fix to a regression in listing GIcon fallbacks.
+ Changes to pkg-config paths to helper programs when building
with autotools: paths are now absolute with reference to the
.pc file’s ${prefix}.
+ Fix installation path of glib-gettextize helper on Meson.
+ Fix autostarting xdg-desktop-portal.
+ Various fixes to the network monitor.
+ Various compilation fixes on macOS (generally older versions
and older compilers).
+ Bugs fixed: glgo#GNOME/glib!318, glgo#GNOME/glib#1513,
glgo#GNOME/glib#1521, glgo#GNOME/glib!321,
glgo#GNOME/glib#1518, glgo#GNOME/glib#1509,
glgo#GNOME/glib!288, glgo#GNOME/glib!298, glgo#GNOME/glib!295,
glgo#GNOME/glib!294, glgo#GNOME/glib!290, glgo#GNOME/glib#1488,
glgo#GNOME/glib#1506.
+ Updated translations.
- Update to version 2.58.0:
+ Fix cancellation of g_subprocess_communicate_async() calls
(glgo#GNOME/glib!266.
+ Expose GSettings schema directory in gio-2.0.pc as `schemasdir`
(glgo#GNOME/glib!274).
+ Support v3 of the xdg-desktop-portal network monitor API
(glgo#GNOME/glib!265, glgo#GNOME/glib!279).
+ Bugs fixed: glgo#GNOME/glib!266, glgo#GNOME/glib!279,
glgo#GNOME/glib!265, glgo#GNOME/glib!274, glgo#GNOME/glib!239.
+ Updated translations.
- Set URL tag to https://wiki.gnome.org/Projects/GLib: Glib's wiki
page.
- Conditionalize meson use while disabling it: use of Meson is
still not recommended by upstream, plus openQA is having failures
where Glib seems to be the one to blame.
- Update to 2.57.3:
+ No visible changes for the user.
- Add:
+ meson BuildRequires and replace configure/make/make_install
with meson/meson_build/meson_install macros to follow upstream
build system port to Meson.
+ gtk-doc and m4 BuildRequires while dropping gtk-doc.m4: now
there is no pre-built API documentation so gtk-doc and m4
packages are build requirements now.
- Drop automake and libtool BuildRequires and autoreconf call: they
are no longer needed after switching to Meson build system.
- BuildIgnore shared-mime-info: we don't need this while building
glib2.
- Update to version 2.57.2:
+ Require pcre 8.31 and meson 0.47.0.
+ Bugs fixed: bgo#742456, bgo#795569, bgo#796341,
glgo#GNOME/glib#786, glgo#GNOME/glib#903, glgo#GNOME/glib#927,
glgo#GNOME/glib#976, glgo#GNOME/glib#1013,
glgo#GNOME/glib#1175, glgo#GNOME/glib#1360,
glgo#GNOME/glib#1447, glgo#GNOME/glib#1407,
glgo#GNOME/glib#1455, glgo#GNOME/glib#1459.
+ Security fixes:
- Fix NULL pointer dereference in
g_markup_parse_context_end_parse() (boo#1107121
glgo#GNOME/glib#1364 glgo#GNOME/glib#1461 CVE-2018-16428)
- Fix out-of-bounds read in g_markup_parse_context_parse()
(boo##1107116 glgo#GNOME/glib#1361 glgo#GNOME/glib#1462
CVE-2018-16429)
+ Updated translations.
- Drop glib2-gsettings-overrides-per-session.patch: fixed upstream.
- Update to version 2.57.1:
+ New API: g_hash_table_steal_extended and G_GNUC_NO_INLINE.
+ Bugs fixed: bgo#668132, bgo#736741, bgo#748620, bgo#784995,
bgo#788771, bgo#788773, bgo#789968, bgo#794325, bgo#795152,
bgo#795165, bgo#795180, bgo#795302, bgo#795376, bgo#795544,
bgo#795735, bgo#795802, bgo#795960, bgo#796138, bgo#796139,
bgo#796164, bgo#796186, bgo#796328.
+ Updated translations.
- Drop:
+ Posttrans section, and sed and coreutils PreReq aimed at
pristine openSUSE releases <= 10.3.
+ Conditionalized python BuildRequires aimed at pristine openSUSE
releases <= 1130.
- Enable building of systemtap tracing support to improve Glib
problems diagnosability (bsc#1090047).
- Update to version 2.56.2:
+ Support version 2 of the NetworkMonitor portal interface.
+ Bugs fixed: bgo#740791, bgo#755721, bgo#773435, bgo#793727,
bgo#794380, bgo#794801, bgo#795138, bgo#795234, bgo#795406,
bgo#795429, bgo#795711, bgo#795735, bgo#795802,
glgo#GNOME/glib2#1240, glgo#GNOME/glib2#1401,
glgo#GNOME/glib2#1452, glgo#GNOME/glib2#1458.
+ Updated translations.
- Drop glib2-codegen-headers.patch: Fixed upstream.
- Refresh patches with quilt.
- Add glib2-codegen-headers.patch: gdbus-codegen: Fix header
include in the body file (bgo#795802).
- Update to version 2.56.1:
+ Bugs fixed: bgo#793400, bgo#793578, bgo#793645, bgo#794194,
bgo#794473, bgo#794506, bgo#794528, bgo#794606, bgo#794686.
+ Updated translations.
- Refresh following patches with quilt:
+ glib2-bgo569829-gettext-gkeyfile.patch.
+ glib2-dbus-socket-path.patch.
+ glib2-fate300461-gettext-gkeyfile-suse.patch.
+ glib2-gsettings-overrides-per-session.patch.
- Unconditionally enable translation-update-upstream: on
Tumbleweed, this results in a NOP and for Leap in SLE paid
translations being used (boo#1086036).
- Update to version 2.56.0:
+ Bugs fixed: bgo#672777, bgo#732184, bgo#733338, bgo#742124,
bgo#749206, bgo#768507, bgo#791457, bgo#793272, bgo#793300,
bgo#793399, bgo#793555, bgo#793565, bgo#793578, bgo#793597,
bgo#793635, bgo#793880, bgo#794180.
+ Updated translations.
- Modernize spec-file by calling spec-cleaner
- Update to version 2.55.2:
+ GFile now has API to get the path without copying.
+ A network monitor implementation for Windows has been added.
+ Bugs fixed: bgo#520116, bgo#584284, bgo#605700, bgo#658713,
bgo#685442, bgo#723003, bgo#749583, bgo#757284, bgo#760324,
bgo#761102, bgo#767976, bgo#770335, bgo#772989, bgo#790698,
bgo#791015, bgo#791622, bgo#792050, bgo#792217, bgo#792338,
bgo#792351, bgo#792364, bgo#792370, bgo#792410, bgo#792432,
bgo#792455, bgo#792499, bgo#792516, bgo#792777, bgo#792780,
bgo#792856, bgo#792862, bgo#792903, bgo#793006, bgo#793026,
bgo#793074.
+ Updated translations.
- Update to version 2.55.1:
+ Build:
- The --enable-rebuilds configure option has been removed.
- The --with-charsetalias-dir configure option has been added.
+ GList and GSList now have autoptr support.
+ The gsettings list-schemas command has gained a --print-paths
option.
+ Bugs fixed: bgo#346816, bgo#508976, bgo#562334, bgo#662802,
bgo#684282, bgo#692034, bgo#694723, bgo#697715, bgo#701156,
bgo#720380, bgo#724383, bgo#724412, bgo#724794, bgo#732003,
bgo#734479, bgo#737677, bgo#741167, bgo#748534, bgo#749527,
bgo#749652, bgo#754634, bgo#756011, bgo#761102, bgo#773980,
bgo#776147, bgo#776195, bgo#777075, bgo#779413, bgo#780309,
bgo#780893, bgo#782057, bgo#784995, bgo#786796, bgo#788806,
bgo#788936, bgo#790416, bgo#790588, bgo#790697, bgo#790785,
bgo#790829, bgo#790830, bgo#790837, bgo#790839, bgo#790877,
bgo#790894, bgo#790896, bgo#790914, bgo#790934, bgo#790948,
bgo#791036, bgo#791128, bgo#791221, bgo#791235, bgo#791267,
bgo#791296, bgo#791318, bgo#791325, bgo#791334, bgo#791337,
bgo#791342, bgo#791460, bgo#791532, bgo#791622, bgo#791720,
bgo#791744, bgo#791745, bgo#791906, bgo#792064, bgo#792098,
bgo#792099, bgo#792129, bgo#792322, bgo#792324.
+ Updated translations.
- Rebase glib2-gdbus-codegen-version.patch.
- Drop glib2-gtester-report-py3.patch: fixed upstream.
- Drop glib2-gmain-partial-revert.patch: fixed upstream.
- Update to version 2.55.0:
+ New API:
- g_clear_handle_id, to simplify removing sources from the
default mainloop.
- g_file_load_bytes, to make it more convenient to load files
into GBytes.
+ Bugs fixed: bgo#330458, bgo#483341, bgo#569375, bgo#573251,
bgo#629347, bgo#630983, bgo#632953, bgo#636210, bgo#656502,
bgo#661442, bgo#668035, bgo#670139, bgo#677233, bgo#679347,
bgo#679467, bgo#689323, bgo#691436, bgo#695681, bgo#705331,
bgo#706667, bgo#711809, bgo#722256, bgo#723655, bgo#723743,
bgo#725014, bgo#727346, bgo#730296, bgo#731625, bgo#731705,
bgo#737278, bgo#738176, bgo#740223, bgo#740791, bgo#740826,
bgo#742548, bgo#742997, bgo#745723, bgo#749371, bgo#751738,
bgo#752239, bgo#752240, bgo#753459, bgo#753521, bgo#754026,
bgo#756009, bgo#756103, bgo#756128, bgo#756430, bgo#756470,
bgo#756588, bgo#760022, bgo#760109, bgo#760716, bgo#765063,
bgo#765552, bgo#767215, bgo#767239, bgo#769674, bgo#769846,
bgo#770459, bgo#773355, bgo#774083, bgo#776562, bgo#777308,
bgo#777310, bgo#777956, bgo#779182, bgo#779501, bgo#780202,
bgo#780296, bgo#781598, bgo#781867, bgo#783210, bgo#783270,
bgo#783825, bgo#786737, bgo#786785, bgo#787271, bgo#787485,
bgo#787551, bgo#787581, bgo#787671, bgo#787731, bgo#788138,
bgo#788270, bgo#788368, bgo#788384, bgo#788385, bgo#788401,
bgo#788467, bgo#788488, bgo#788489, bgo#788561, bgo#788594,
bgo#788705, bgo#788766, bgo#788772, bgo#788863, bgo#788880,
bgo#788927, bgo#788936, bgo#788948, bgo#788975, 7889bgo#78,
bgo#788989, bgo#788990, bgo#789087, bgo#789170, bgo#789245,
bgo#789444, bgo#789637, bgo#789681, bgo#789723, bgo#789755,
bgo#789820, bgo#790015, bgo#790030, bgo#790093, bgo#790126,
bgo#790147, bgo#790157, bgo#790272, bgo#790275, bgo#790310.
+ Updated translations.
- Switch libmount-devel by its pkgconfig counterpart as configure
only looks for this module.
- Add libgio-2_0-0 for the rpmlintrc shlib-fixed-dependency warning
filter. And add 2 extra filters:
+ non-conffile-in-etc warning for zzz-gilb2.csh, zzz-glib2.sh and
macros.glib2 files.
+ env-script-interpreter warning for gdbus-codegen,
glib-genmarshal nad glib-mkenums files.
- Update to version 2.54.3:
+ Bugs fixed: bgo#691436, bgo#761102, bgo#776147, bgo#779182,
bgo#782057, bgo#785113, bgo#788990, bgo#789637, bgo#789894,
bgo#790030, bgo#790093, bgo#790126, bgo#790829, bgo#790934,
bgo#791235, bgo#791267, bgo#791296, bgo#791325, bgo#791334,
bgo#791337, bgo#791720, bgo#791744, bgo#791754, bgo#791906.
+ Updated translations.
- Drop glib2-gtester-report-py3.patch: Fixed upstream.
- Add glib2-gmain-partial-revert.patch: gmain: Partial revert of
recent wakeup changes to gmain.c (bgo#761102).
- Add glib2-gsettings-overrides-per-session.patch: gsettings
default value can be overridden depending on session
(bgo#746592 bsc#1070090).
- Add glib2-gtester-report-py3.patch: gtester-reporter fails to
run with python3 (bgo#791296, boo#1071378).
- Switch to python3:
+ Pass --with-python=/usr/bin/python3 to configure.
+ Replace python-base and python-xml BuildRequires with their
python3 equivalents python3-base and python3-xml.
+ Replace the -devel package's python-xml requires with
python3-xml.
- Update to version 2.54.2:
+ Bugs fixed: bgo#780296.
+ Updated translations.
- Install dummy *-mimeapps.list files to prevent dead symlinks
(bsc#1061599).
- Update to version 2.54.1:
+ Bugs fixed: bgo#786737, bgo#787551, bgo#783270, bgo#783210,
bgo#781867.
+ Updated translations.
- Avoid running fdupes across hardlink boundaries.
Replace some old RPM macros.
- Update RPM groups and package summaries.
- Update to version 2.54.0:
+ Bugs fixed: bgo#780861, bgo#786983, bgo#787109, bgo#787123,
bgo#787146.
+ Updated translations.
- Update to version 2.53.7:
+ Bugs fixed: bgo#736710, bgo#785260, bgo#786456, bgo#786555,
bgo#786580, bgo#786807.
+ Updated translations.
- Ignore errors in postun of gio-fam: when uninstalling the entire
glib stack, we can end up with the -tools package no longer being
functional. As nothing will read the cache, we can accept that.
- Update to version 2.53.6:
+ Bugs fixed: bgo#766358, bgo#783270, bgo#785955, bgo#786060,
bgo#786360, bgo#786452, bgo#786460, bgo#786462, bgo#786463.
+ Updated translations.
- Update to version 2.53.5:
+ Bugs fixed: bgo#695573, bgo#725950, bgo#731703, bgo#769135,
bgo#779332, bgo#779607, bgo#784000, bgo#784815, bgo#784965,
bgo#784995, bgo#785113, bgo#785130, bgo#785438, bgo#785468,
bgo#785520, bgo#785577.
+ Updated translations.
- Rebase glib2-suppress-schema-deprecated-path-warning.patch.
- Update to version 2.53.4:
+ Unicode support has been updated to Unicode 10.0.0.
+ glib-genmarshal and glib-mkenums have been rewritten in python.
Every effort has been made to keep compatibility. Please report
problems related to these tools.
+ GLib can now be built with meson. Autotools are still
supported.
+ Bugs fixed: bgo#722047, bgo#733821, bgo#773842, bgo#779332,
bgo#780095, bgo#780634, bgo#783841, bgo#784000, bgo#784020,
bgo#784037, bgo#784433, bgo#784456, bgo#784528, bgo#784579,
bgo#784581, bgo#784739, bgo#784792.
+ Updated translations.
- Update to version 2.53.3:
+ Bugs fixed: bgo#658446, bgo#661926, bgo#674885, bgo#775593,
bgo#776169, bgo#776333, bgo#776504, bgo#777307, bgo#778422,
bgo#781301, bgo#782336, bgo#782996, bgo#783061, bgo#783130,
bgo#783193, bgo#783201, bgo#783340, bgo#783350, bgo#783392,
bgo#783593.
+ Updated translations.
- Update to version 2.53.2:
+ A few new number parsing functions have been added. These have
better error handling than the existing ones.
+ glib-mkenums now supports /*< private >*/ and /*< public >*/.
+ GSettings now consider XDG_DATA_HOME in addition to
XDG_DATA_DIRS.
+ Bugs fixed: bgo#674885, bgo#698064, bgo#732000, bgo#734946,
bgo#741335, bgo#748263, bgo#776876, bgo#777030, bgo#780300,
bgo#780309, bgo#781755, bgo#781826, bgo#781830, bgo#781847,
bgo#781867, bgo#782068, bgo#782075, bgo#782089, bgo#782162,
bgo#782237, bgo#782311, bgo#782628.
+ Updated translations.
- Add file triggers to libgio-2_0-0: whenever a package installs a
schema file to /usr/share/glib-2.0/schemas, the trigger will
automaticlaly fire, making it no longer a problem for packagers
to forget doing it.
- Require glib2-tools by libgio-2_0-0: it contains the tools for
the file trigger. Historically, every package installing schemas
already had to require the -tools package in order to be
functional.
- Change the macros %glib2_gsettings_schema_{requires,post,postun}
to be no-op fuctions. The macros are no longer needed with the
file trigger. Removing the macro would break a big number of
packages though.
- Update to version 2.53.1:
+ The gdbus tool gained a wait command.
+ g_unix_signal_source_new support SIGWINCH now.
+ There are now g_enum_to_string and g_flags_to_string functions.
+ A new function to instantiate objects:
g_objet_new_with_properties.
+ Parameter and related APIs have been deprecated.
+ Bugs fixed: bgo#447907, bgo#668962, bgo#669355, bgo#674885,
bgo#698064, bgo#709865, bgo#725894, bgo#734946, bgo#741229,
bgo#745971, bgo#755046, bgo#761102, bgo#761889, bgo#766660,
bgo#769534, bgo#772221, bgo#775879, bgo#776169, bgo#777961,
bgo#778049, bgo#778207, bgo#780066, bgo#780095, bgo#780306,
bgo#780310, bgo#780384, bgo#780441, bgo#780634, bgo#780908,
bgo#780924.
+ Updated translations.
- Drop
glib2-gmain-only-signal-GWakeup-right-before-or-during-a-b.patch:
fixed upstream.
- Update to version 2.52.3:
+ Bugs fixed: bgo#781301, bgo#781601, bgo#781867, bgo#783130,
bgo#783193, bgo#783201.
- Drop
glib2-gmain-only-signal-GWakeup-right-before-or-during-a-b.patch:
Fixed upstream.
- Add
glib2-gmain-only-signal-GWakeup-right-before-or-during-a-b.patch:
Fix event loop thread wakeup issue (bgo#761102).
- Remove version string from files generated by gdbus-codegen
to avoid needless republishing of pkgs depending on glib2-devel
added glib2-gdbus-codegen-version.patch
- Update to version 2.52.2:
+ Bugs fixed: bgo#734946, bgo#761102, bgo#780300, bgo#780309,
bgo#781298.
+ Updated translations.
- Update to version 2.52.1:
+ Bugs fixed: bgo#674885, bgo#698064, bgo#725894, bgo#734946,
bgo#755046, bgo#775879, bgo#777961, bgo#778049, bgo#778207,
bgo#778287, bgo#779409, bgo#780066, bgo#780095, bgo#780306,
bgo#780310, bgo#780384, bgo#780441, bgo#780471, bgo#780924.
+ Updated translations.
- Update to version 2.52.0:
+ gdatetime test fails with tzdata 2017a (bgo#779799).
+ Add missing attributes to two functions (bgo#780032).
+ gio/fam: Remove leftover debug print (bgo#780144).
+ Updated translations.
- Drop glib2-remove_fam_debug_print.patch: fixed upstream.
- Update to version 2.51.5:
+ OS X implementations of GContentType and GAppInfo have been
added.
+ Bugs fixed: bgo#673047, bgo#734946, bgo#747146, bgo#769983,
bgo#777203, bgo#778515, bgo#779456.
+ Updated translations.
- Update to version 2.51.4:
+ Memory leak fixes.
+ Fix the released tarball.
- Drop glib2-fix-broken-configure.patch: Fixed upstream.
- Update to version 2.51.3:
+ Bugs fixed: bgo#771997, bgo#778422, bgo#778581, bgo#778801,
bgo#778991, bgo#779183.
+ Updated translations.
- Add glib2-fix-broken-configure.patch: Workaround broken tarball
released by upstream, allows autoreconf to complete.
- Update to version 2.51.2:
+ Minimal support for UUIDs has been added.
+ A new file attribute, G_FILE_ATTRIBUTE_RECENT_MODIFIED has been
added to improve sorting of recent files.
+ Bugs fixed: bgo#639078, bgo#777135, bgo#777307, bgo#777481,
bgo#777493, bgo#777507, bgo#777592, bgo#778002, bgo#778096.
+ Updated translations.
- Update to version 2.51.1:
+ glib-compile-resources grew a --generate-phony-targets flag.
+ GLib now installs a valgrind suppressions file for GLib and
GIO.
+ Bugs fixed: bgo#642026, bgo#666114, bgo#729730, bgo#730932,
bgo#735731, bgo#736810, bgo#762283, bgo#767609, bgo#767952,
bgo#769745, bgo#770175, bgo#770646, bgo#772160, bgo#772989,
bgo#773823, bgo#774086, bgo#774368, bgo#774421, bgo#774520,
bgo#775309, bgo#775468, bgo#775510, bgo#775517, bgo#775621,
bgo#775765, bgo#775913, bgo#776198, bgo#776586, bgo#777077.
+ Updated translations.
- Drop glib2-fix-notify-id-FDO-notification-backend.patch and
glib2-Add-missing-check-for-termios_h.patch: fixed upstream.
- Update to version 2.51.0:
+ glib-genmarshal and glib-mkenums have gained --output options
for better build system integration.
+ New API: g_utf8_make_valid.
+ Bugs fixed: bgo#591603, bgo#610969, bgo#772160, bgo#772221,
bgo#773303.
+ Updated translations.
- Update to version 2.50.3:
+ Bugs fixed: bgo#775309, bgo#775468, bgo#775517, bgo#775765.
+ Updated translations.
- Drop glib2-Add-missing-check-for-termios_h.patch and
glib2-fix-notify-id-FDO-notification-backend.patch: Fixed
upstream.
- Conditionally apply translations-update-upstream BuildRequires
and macro for non-openSUSE only.
- Replace dbus-1-x11 Requires of libgio-2_0-0 to dbus-launch:
openSUSE provides two implementations of dbus-launch (with and
without X interaction). For glib, it does not matter which one is
being used (boo#1020651).
- Add glib2-Add-missing-check-for-termios_h.patch: Add missing
check for termios.h. Check for termios.h is missing and passwords
in the new gio tool are echoed in the terminal consequently,
which is really bad! (bgo#775517).
- Add glib2-fix-notify-id-FDO-notification-backend.patch: Fixed
notify id in FDO notification backend (bgo#775765).
- Update to version 2.50.2:
+ Bugs fixed: bgo#767882, bgo#769135, bgo#769630, bgo#772054,
bgo#773303, bgo#773344.
+ Updated translations.
- Update to version 2.50.1:
+ Update Unicode support to Unicode 9.0.0.
+ Bugs fixed: bgo#662946, bgo#771591, bgo#772054, bgo#772255,
bgo#772269, bgo#772297, bgo#772511.
+ Updated translations.
- Update to version 2.50.0:
+ bgo#771438: Turn on libmount by default on linux.
+ Fix the annotation for g_log_variant.
+ Updated translations.
- Add libmount-devel BuildRequires: follow upstreams recommendation
to use libmount on Linux.
- Update to version 2.49.7:
+ Add g_log_variant, binding-friendly api for structured logging.
+ Bugs fixed: bgo#646926.
+ Updated translations.
- Update to version 2.49.6:
+ The gsettings commandline tool now has a describe command.
+ Bugs fixed: bgo#745754, bgo#769076, bgo#770372.
+ Updated translations.
- Update to version 2.49.4:
+ Structured logging:
- Drop libsystemd dependency.
- Document that g_test_expect_message does not work with
structured logs.
+ Use libmount for unix mount support.
+ Add an async variant of g_app_info_launch_default_for_uri.
+ Bugs fixed: bgo#522053, bgo#682794, bgo#744456, bgo#766370,
bgo#767240, bgo#768198, bgo#768453, bgo#768752, bgo#769027,
bgo#769029, bgo#769042, bgo#769087, bgo#769089, bgo#769104,
bgo#769139, bgo#769238, bgo#769245, bgo#769507, bgo#769785,
bgo#769995.
+ Updated translations.
- Drop pkgconfig(libsystemd) BuildRequires following upstream
changes.
- Drop glib2-add-g_autoptr-support.patch,
glib2-gmessages-support-NULL.patch,
glib2-gvariant-Avoid-anonymous-struct.patch: Fixed upstream.
- Add glib2-add-g_autoptr-support.patch: gobject: add g_autoptr
support for GTypeModule, fix build of gobject-introspection
(bgo#769033).
- Add glib2-gmessages-support-NULL.patch: Don't crash wayland
session. The new g_log_structured have some bugs.. (bgo#769087).
- Add glib2-gvariant-Avoid-anonymous-struct.patch: Fix c++
building, patch from upstream git.
- Update to version 2.49.4:
+ Change the just-introduced structured logging API. The
arguments of g_log_structured() had to be reordered to enable
an implementation within the limits of what the standards
guarantee about var args.
+ Bugs fixed: bgo#744456, bgo#768936, bgo#768963, bgo#768968.
+ Updated translations.
- Update to version 2.49.3:
+ GLib has a structured logging API, g_log_structured, with
support for writing to the systemd journal. It also supports
colored output in terminals.
+ Some new GBytes API has been added:
- g_key_file_load_from_bytes.
- g_compute_hmac_for_bytes.
+ Stack-allocated GVariantBuilder and GVariantDict objects can
now be initialized with G_VARIANT_BUILDER_INIT and
G_VARIANT_DICT_INIT.
+ gio:
- Add a way to register handlers for custom uri schemes.
- Add a G_FILE_ATTRIBUTE_FILESYSTEM_REMOTE attribute to have
these heuristics in a single place.
- Include a gio tool that makes the functionality of the
various gvfs commandline tools available in a single place.
- Add portal support to g_app_info_launch_default_for_uri.
- Add portal support to GNetworkMonitor.
- Add portal support to GProxyResolver.
- Add portal support to g_application_send_notification.
+ Bugs fixed: bgo#547200, bgo#662802, bgo#723506, bgo#725902,
bgo#728207, bgo#729914, bgo#744456, bgo#744678, bgo#746685,
bgo#747134, bgo#750257, bgo#753231, bgo#754012, bgo#760115,
bgo#760423, bgo#761102, bgo#765338, bgo#766370, bgo#766899,
bgo#766933, bgo#767765, bgo#767880, bgo#767887, bgo#767949,
bgo#768029, bgo#768119, bgo#768357, bgo#768498, bgo#768504,
bgo#768549, bgo#768551, bgo#768560, bgo#768780, bgo#768806.
+ Updated translations.
- Add pkgconfig(libsystemd) BuildRequires: Configure looks for it.
- Update to version 2.49.2:
+ GMainContext and GTask have gained more systemtap probes.
+ Bugs fixed: bgo#673101, bgo#700756, bgo#730187, bgo#755439,
bgo#759813, bgo#761810, bgo#767172, bgo#767218, bgo#767245,
bgo#767824.
+ Updated translations.
- Update to version 2.49.1:
+ GDesktopAppInfo now allows bus activation with dashes. This is
not technically allowed per the Desktop Entry specification,
but it happens in the wild. Rather than forcing people to go
through another traumatic desktop file rename, accept it and
translate - to _.
+ The support for giving names to threads has been improved.
Thread names are now supported on Solaris as well, and the
Linux support no longer uses prctl() but the pthread api.
+ GIO resources can now be overridden at runtime, using the
G_RESOURCE_OVERLAYS environment variable.
+ gdbus-codegen can now generate autocleanup definitions for the
types it generates. Use the --c-generate-autocleanup option to
control this.
+ Bugs fixed: bgo#665446, bgo#742898, bgo#749583, bgo#755898,
bgo#760186, bgo#764163, bgo#764415, bgo#765173, bgo#765668,
bgo#765710, bgo#765712, bgo#765861, bgo#765900, bgo#765924,
bgo#765991, bgo#766092, bgo#766211, bgo#766407, bgo#766570.
+ Updated translations.
- Update to version 2.48.2:
+ Bugs fixed: bgo#547200, bgo#673101, bgo#700756, bgo#725902,
bgo#728207, bgo#730187, bgo#746685, bgo#750257, bgo#753231,
bgo#755439, bgo#760115, bgo#760423, bgo#761810, bgo#766211,
bgo#766899, bgo#766933, bgo#767172, bgo#767218, bgo#767824,
bgo#767949, bgo#768453, bgo#768504, bgo#768551, bgo#768560,
bgo#768806, bgo#769027.
+ Updated translations.
- Update to GNOME 3.20.2 Fate#318572
- Update to version 2.48.1:
+ Bugs fixed: bgo#731988, bgo#747107, bgo#747478, bgo#748474,
bgo#748530, bgo#748806, bgo#749606, bgo#758174, bgo#758738,
bgo#762994, bgo#763379, bgo#763821, bgo#764092, bgo#764574,
bgo#764575, bgo#764685, bgo#764754, bgo#765959, bgo#765990.
+ Updated translations.
- Update to GNOME 3.20 Fate#318572
- Remove patches: glib2-dbus-object-manager-ref.patch,
glib2-trash-on-other-partitions.patch,
glib2-bnc873225-add-get-default-value.patch,
glib2-missing-annotations.patch.
- baselibs.conf: also add the pkgconfig file to the -32bit package
(boo#973217).
- Update to version 2.48.0:
+ A minor build fix in the name of determinism.
+ A few coverity fixes.
+ bgo#763617: giotypefuncs.c: Sort _get_type functions in the 'C'
locale.
+ Updated translations.
- Update to version 2.47.92:
+ gdbus-codegen now supports g_autoptr().
+ g_get_user_runtime_dir() now reliably returns an existing
directory.
+ g_array_remove_range() can now remove 0 items from the end of
an array.
+ Many fixes for Windows.
+ Documentation improvements.
+ Other small bugfixes.
+ Bugs fixed: bgo#724847, bgo#743933, bgo#756706, bgo#757506,
bgo#760694, bgo#762202, bgo#762637, bgo#762748, bgo#762937,
bgo#763339, bgo#763344, bgo#763379.
+ Updated translations.
- Include the glibconfig.h in the baselibs glib2-devel-xxbit
package, as it contains the architecture specific configuration
(bsc#970694).
- Follow the freedesktop conventions for the mime handler
associations. The created link is gnome specific, so make it
specific (gnome-mimeapps.list). This prevents association
problems in Plasma 5 (boo#966739)
https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html
- Update to version 2.47.6:
+ Windows support:
- Fixes and improvements to the GSettings registry backend.
- Handle readability and writability of registry keys.
- Use Unicode registry APIs.
+ Bugs fixed: bgo#760852, bgo#744772, bgo#761126, bgo#747927,
bgo#761337, bgo#744570, bgo#761504, bgo#761550, bgo#761843,
bgo#744570, bgo#744772, bgo#747927, bgo#760852, bgo#761126,
bgo#761337, bgo#761504, bgo#761550, bgo#761843.
+ Updated translations.
- Fix default mime handler associtations: since GLIB 2.42, the file
in question is no longer defaults.list (too unspecific), but is
called mimeapps.list. Touch and link the right files.
- Update to version 2.47.5:
+ The system copy of PCRE is now used by default to implement
GRegex. Configure with --with-pcre=internal if a system PCRE
version is unavailable or undesired.
+ Interfaces for DTLS support have been added. A new version of
glib-networking will also be required.
+ GDBusMethodInvocation now drops replies if the sender set the
NO_REPLY_EXPECTED flag.
+ Several GApplication fixes, including fixes for commandline
arguments in interpreted languages on Windows.
+ Bugs fixed: bgo#624186, bgo#734095, bgo#735754, bgo#748064,
bgo#752240, bgo#755421, bgo#756875, bgo#759554, bgo#760199,
bgo#760215, bgo#760683.
+ Updated translations.
- Update to version 2.47.4:
+ gapplication: Acquire the main context before running.
+ Enable contenttype test on W32, tweak it to pass (mostly).
+ xdgmime Finer handling for cases where mmap() is not available.
+ Add GParamSpec object ref management annotations.
+ file monitors: reorder some code to avoid segfault.
+ glib-compile-resources: do not leak c_name.
+ macros: add G_GNUC_CHECK_VERSION() for compiler checks.
+ GApplication: destroy the impl on shutdown.
+ Stop supporting non-POSIX getpwuid_r, getgrgid_r.
+ glib.py: Fix Python 3 TypeError in gdb pretty-printers.
+ W32: fix uninitialized var in g_app_info_get_all_for_type.
+ Add missing checks for gnulib vasnprintf().
+ glibconfig.h.win32.in: remove G_CAN_INLINE.
+ GDBusProxy: Fix a memory leak during initialization.
+ Bugs fixed: bgo#752983, bgo#735696, bgo#735696, bgo#710243,
bgo#756214, bgo#758823, bgo#758553, bgo#578363, bgo#757299,
bgo#728099, bgo#757372, bgo#756475, bgo#749092, bgo#759408,
bgo#759134, bgo#757374, bgo#758641.
+ Updated translations.
- Update to version 2.47.3:
+ The inline cleanup in the last release accidentally removed
three symbols from libglib-2.0.so. It is unlikely that this
will have caused any problems because these symbols were only
backup symbols for definitions exported as inlines in the
header files, but ABI is ABI. This release corrects only this
problem.
- Update to version 2.47.2:
+ We have formalised the assumption that all compilers that are
interested in support 'static inline' and simplified the macros
around this considerably. Please watch for and report
unintentional fallout.
+ New API: hardware-assisted helpers for overflow-checked integer
math.
+ Bugs fixed: bgo#696324, bgo#719966, bgo#752837, bgo#755364,
bgo#756134, bgo#756179, bgo#756988, bgo#757294, bgo#757374,
bgo#757451, bgo#757628, bgo#757693, bgo#757742, bgo#758181.
+ Updated translations.
- Update to version 2.47.1:
+ GDesktopAppInfo no longer sets the DISPLAY environment variable
when launching apps. This is now done in the GAppLaunchContext
implementations when appropriate.
+ Bugs fixed: bgo#664740, bgo#687223, bgo#692085, bgo#697907,
bgo#735754, bgo#737116, bgo#743011, bgo#749161, bgo#749314,
bgo#751924, bgo#752240, bgo#752837, bgo#753310, bgo#753935,
bgo#754855, bgo#754983, bgo#754994, bgo#755083, bgo#755351,
bgo#755355, bgo#755374, bgo#755496, bgo#755609, bgo#755766,
bgo#755795, bgo#755961, bgo#756053, bgo#756054, bgo#756077,
bgo#756099, bgo#756139, bgo#756179, bgo#756251, bgo#756255,
bgo#756316, bgo#756382, bgo#756477, bgo#756550, bgo#756875,
bgo#756952.
+ Updated translations.
- Update to version 2.46.2:
+ Varioius small fixes, with a focus on win32.
+ The docs should now be complete when doing non-srcdir builds.
+ Bugs fixed: bgo#687223, bgo#754983, bgo#754994, bgo#755609,
bgo#756179, bgo#756382, bgo#757628.
- Add glib2-remove_fam_debug_print.patch: remove debug output
"/II 1"/ from the fam monitor (boo#951221, bgo#756879).
- Update to version 2.46.1:
+ Remove system_header pragma (should fix lack of warnings with
things like g_return_if_fail).
+ Move GStrv typedef (and auto-cleanup) from libgobject to
libglib.
+ Fix order of trashing files to be closer to what is required in
the specification. Namely, trashinfo files are written first.
This should fix issues with the gvfs trash backend failing to
correctly read the info for recently trashed files (preventing
'restore').
+ Tweak mime logic to return text/plain on all empty files
instead of returning application/octet-stream. This includes
files that have extensions that imply that they may be other
types of files, which is a slight change of behaviour with
respect to old GLib versions.
+ Many win32 fixes.
+ Many docs fixes.
+ Bugs fixed: bgo#735754, bgo#743011, bgo#749161, bgo#751924,
bgo#752837, bgo#753310, bgo#755083, bgo#755351, bgo#755355,
bgo#755496, bgo#755795, bgo#756179, bgo#756251, bgo#756255.
+ Updated translations.
- Update to version 2.46.0:
+ Disable runtime-deprecation warnings.
+ Fix marshalling of flags on bigendian 64bit architectures.
+ Updated translations.
- Update to version 2.45.8:
+ Utf8 validation and utf8-to-ucs4 conversion are faster.
+ Small speedups to property change notification.
+ Various other small optimizations for GQuark, GData.
+ Bugs fixed: bgo#696426, bgo#735429, bgo#738504, bgo#742903,
bgo#748633, bgo#754431, bgo#754560, bgo#754582, bgo#754601,
bgo#754636, bgo#754788, bgo#754831, bgo#754924, bgo#754986.
+ Updated translations.
- Update to version 2.45.7:
+ Add G_FILE_ATTRIBUTE_STANDARD_IS_VOLATILE for use by
non-POSIX-like backends (e.g. cloud storage).
+ GFileMonitor: Make the inotify backend work with atomic renames
again.
+ GSettings: change notification is again working
unconditionally.
+ GListStore has a sort function now.
+ Test infrastructure:
- Tests are now required to have unique names.
- TAP support has been improved.
- A macro for asserting that two memory regions have identical
content has been added.
+ Bugs fixed: bgo#708525, bgo#742849, bgo#744060, bgo#747364,
bgo#749492, bgo#752769, bgo#753745, bgo#754152, bgo#754211,
bgo#754264, bgo#754283, bgo#754284, bgo#754286, bgo#754307.
+ Updated translations.
- Add zsh completion for gsettings from (source gsettings.zsh).
https://github.com/jmatsuzawa/zsh-comp-gsettings (MIT license).
- Update to version 2.45.6:
+ Fix a test failure and a build failure.
- Update to version 2.45.5:
+ GNetworkMonitor now provides information about metered
networks.
+ g_mem_set_vtable has been deprecated; it has not been working
for quite a while. The recommendation is to use valgrind, or
replace malloc itself.
+ Bugs fixed: bgo#656325, bgo#741779, bgo#741822, bgo#742386,
bgo#743018, bgo#750282, bgo#751358, bgo#751592, bgo#751598,
bgo#751610, bgo#751751, bgo#752210, bgo#752656, bgo#752767,
bgo#753278, bgo#753285.
+ Updated translations.
- Update to version 2.45.4:
+ Bugs fixed: bgo#727829, bgo#741901, bgo#746339, bgo#747676,
bgo#748610, bgo#749911, bgo#749912, bgo#750625, bgo#750807,
bgo#751160, bgo#751672, bgo#751731, bgo#751737, bgo#751798,
bgo#752089, bgo#752293.
+ Updated translations.
- Update to version 2.45.3:
+ Improve performance of g_signal_handler_disconnect for signals
with many handlers.
+ GDBus has gained a new call flag to allow interactive
authorization.
+ GSettings:
- New API: g_settings_schema_list_keys.
- Deprecated: g_settings_list_keys.
+ OS X:
- Implement GNotification.
- Bump the OS X requirement to 10.9.
+ Windows:
- Add registry reading API.
- Reimplement GAppInfo using registry information.
+ Bugs fixed: bgo#666831, bgo#728489, bgo#730168, bgo#733325,
bgo#734888, bgo#737009, bgo#738185, bgo#738504, bgo#739122,
bgo#739424, bgo#739616, bgo#740308, bgo#740516, bgo#741788,
bgo#745013, bgo#747146, bgo#747941, bgo#748727, bgo#749693,
bgo#750203, bgo#750322, bgo#750344, bgo#750369, bgo#750386,
bgo#750399, bgo#750573, bgo#750918, bgo#751122, bgo#479730.
+ Updated translations.
- Update to version 2.45.2:
+ Improve error reporting in glib-compile-schemas.
+ Add introspection annotations to GListStore.
+ Bugs fixed: bgo#696749, bgo#723394, bgo#724113, bgo#725981,
bgo#733325, bgo#744895, bgo#747882, bgo#748534, bgo#748612,
bgo#748614, bgo#748834, bgo#749079, bgo#749080, bgo#749180,
bgo#749352, bgo#749353.
+ Updated translations.
- Update to version 2.45.1:
+ The GSettings schema compiler, glib-compile-schemas has been
changed to reject schema xml that has duplicate <summary> or
<description> elements. Such elements typically occur when
translations are merged into the schema, with xml:lang
attributes. This is not the correct way to translate schemas.
Instead keep the translations in the .mo file and set the
gettext-domain attribute on the <schemalist> element.
+ The file monitoring infrastructure has been rewritten, and all
backends have seen major improvements.
+ The inotify backend is reporting events with less delay (no
event will be delayed more than 10ms) and wakeups due to file
monitoring have been significantly reduced. A CHANGES_DONE
event will also be sent when new files appear.
+ The poll implementation is now using the thread default main
context.
+ The fam implmentation is now running in the worker thread.
+ The fen implementation has been removed, since it was
unmaintained.
+ The GSettings schema compiler, glib-compile-schemas, is more
strict about rejecting schemas with xml:lang style merged
translations.
+ Schema translations should be done by specifying the gettext
domain in the xml, and keeping the translations in gettext. To
avoid breaking already-installed schemas, this change is only
taking effect when you use the --strict option.
+ The hardcoded 10-thread limit of GTask's thread pool has been
removed, since it was prone to causing deadlocks. The thread
pool is now allowed to grow dynamically and will shrink back
over time.
+ GSimpleAsyncResult has been deprecated in favor of GTask.
+ The algorithm used by GAppInfo to find default handlers for
mime types has been tweaked to prefer apps that handle the
specific subtype over default handlers for a generic supertype.
+ Bugs fixed: bgo#627285, bgo#631597, bgo#661767, bgo#687223,
bgo#711547, bgo#719966, bgo#726447, bgo#728663, bgo#728669,
bgo#730188, bgo#733325, bgo#738207, bgo#739850, bgo#741791,
bgo#744282, bgo#745255, bgo#745745, bgo#745821, bgo#746749,
bgo#746753, bgo#747209, bgo#747349, bgo#747363, bgo#747472,
bgo#747541, bgo#747772, bgo#748019, bgo#748177.
+ Updated translations.
- Update to version 2.44.1:
+ Don't redefine typedefs to avoid build problems on OpenBSD.
+ Improve the default application algorithm.
+ Bump the number of children a GType can have.
+ Various testsuite improvements.
+ Updated translations.
- Update to version 2.44.0:
+ gsocket: Document FD ownership with g_socket_new_from_fd()
(bgo#730188).
+ Updated translations.
- Update to version 2.43.92:
+ GUnixMountMonitor now properly supports multiple main contexts
+ Many documentation improvements and cleanups. We are now
approaching a point where the documentation is 100% complete
and the xml will build without warnings. This will probably be
enabled by default in the next cycle.
+ New support for HTTP proxies in GIO.
+ New GTask:completed property.
+ Use "/private"/ futexes in order to further improve the
performance of the contended case of GMutex and g_bit_lock().
+ Bugs fixed: bgo#614684, bgo#730352, bgo#733876, bgo#741442,
bgo#742599, bgo#743636, bgo#743661, bgo#744722, bgo#745589,
bgo#745634.
+ Updated translations.
- Update to version 2.43.91:
+ We have now added 'g_autofree' as a libgsystem-style
autocleanup macro that calls g_free() on the content of a local
variable when it leaves scope (working only on GCC and clang).
+ GApplication now has an "/is-busy"/ property, allowing one to
query the effective busy state.
+ There have been various other bugfixes and cleanups.
+ Bugs fixed: bgo#661554, bgo#744263, bgo#744565, bgo#744747,
bgo#744756, bgo#744830, bgo#744876, bgo#745239.
+ Updated translations.
- Update to version 2.43.90:
+ New GSimpleIOStream class to construct a GIOStream from an
arbitrary GInputStream and GOutputStream.
+ GApplication: new API for marking 'busy' state according to the
value of a boolean property on another object.
+ GOptionGroup: add binding support (boxed type, annotation
fixes, etc.)
+ Bugs fixed: bgo#739724, bgo#741024, bgo#741630, bgo#743349,
bgo#743990, bgo#744565.
+ Updated translations.
- Update to version 2.43.4:
+ GType now has type declaration macros G_DECLARE_DERIVABLE_TYPE,
G_DECLARE_FINAL_TYPE and G_DECLARE_INTERFACE, which
significantly reduce the boilerplate needed for GObject types
and interfaces.
+ g_autoptr and g_auto are macros for declaring variables with
automatic cleanup. They only work with gcc and clang.
+ GListModel is a new interface that represents a dynamic list of
GObjects.
+ GListStore is a GSequence-based implementation of GListModel.
+ Support thread names on OS X.
+ g_simple_action_set_state_hint: New function to set the state
hint of GSimpleActions.
+ g_win32_check_windows_version: New function to check Windows
version.
+ g_settings_schema_list_children and
g_settings_schema_key_get_name are new functions to complete
the GSettingsSchema API.
+ Bugs fixed: bgo#389585, bgo#729351, bgo#736914, bgo#741807,
bgo#741895, bgo#742456, bgo#743508, bgo#743517, bgo#743521,
bgo#743596, bgo#743640, bgo#743827, bgo#743927, bgo#743936,
bgo#744012, bgo#744190.
- Update to version 2.43.3:
+ Add g_set_object() convenience function.
+ GNetworkMonitor: check if NM is not running and don't crash.
+ Fix some races with g_mkdir_with_parents.
+ Fix some warnings in MSVC.
+ Avoid use of G_STRLOC in G_OBJECT_WARN_INVALID_PSPEC in order
to save on static strings.
+ Fix some content type vs. mime issues.
+ Documentation improvements.
+ Bugs fixed: bgo#719455, bgo#732439, bgo#734946, bgo#741589
bgo#741653, bgo#741654, bgo#741707, bgo#741788, bgo#742548
bgo#742851, bgo#742972, bgo#743014.
+ Updated translations.
- Update to version 2.43.2:
+ New functions: g_strv_contains, g_network_address_new_loopback,
g_socket_send_messages.
+ A new GNetworkMonitor implementation using NetworkManager
provides more detailed connectivity information.
+ Bugs fixed: bgo#11059, bgo#664562, bgo#685880, bgo#712570,
bgo#719646, bgo#728928, bgo#732317, bgo#740814, bgo#740848,
bgo#741016, bgo#741226.
+ Updated translations.
- Update to version 2.43.1:
+ GQueue now accepts NULL as a sibling in g_queue_insert_before()
and g_queue_insert_after().
+ Bugs fixed: bgo#11059, bgo#726037, bgo#727988, bgo#729739,
bgo#733791, bgo#736286, bgo#736620, bgo#737150, bgo#737160,
bgo#738259, bgo#738551, bgo#738633, bgo#740157, bgo#740309,
bgo#740413.
+ Updated translations.
- Update to version 2.43.0:
+ GObject gained a debug option to provide instance counts. To
use it, set GOBJECT_DEBUG=instance-count and call
g_type_get_instance_count().
+ GOption now has a strict POSIX mode in which it stops parsing
arguments as soon as a non-option argument is encountered.
+ Bugs fixed: bgo#354457, bgo#695082, bgo#723160, bgo#729739,
bgo#733338, bgo#736273, bgo#736284, bgo#736914, bgo#737259,
bgo#737338, bgo#737446, bgo#737451, bgo#737741, bgo#737869,
bgo#738374, bgo#738675.
+ Updated translations.
- Update to version 2.42.2:
+ Bugs fixed: bgo#712570, bgo#719455, bgo#727829, bgo#734946,
bgo#741024, bgo#741654, bgo#741788, bgo#741807, bgo#742851,
bgo#743508, bgo#743936.
+ Updated translations.
- Update to version 2.42.1:
+ This release disables deprecation warnings by default.
+ Bugs fixed: bgo#728256, bgo#736806, bgo#737143, bgo#738170,
bgo#738197.
+ Updated translations.
- Update glib2-fate300461-gettext-gkeyfile-suse.patch: Initialize
variable has_gettext.
- glibc
-
- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector
support in memmove ifunc-selector (bsc#1184035, BZ #27511)
- Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition
fix.
- Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the
AVX2 accelerated string routines which cause HTM transaction
aborts. Instead use EVEX or SSE. (bsc#1181403)
- nscd-netgroupcache.patch: nscd: Fix double free in netgroupcache
(CVE-2021-27645, bsc#1182733, BZ #27462)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument
pass (bsc#1180557, BZ #26637)
- aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within
libc.so (bsc#1167939)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
/sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
- power10-support.patch: Add support for POWER10 (jsc#SLE-13520)
- iconv-option-parsing.patch: Rewrite iconv option parsing
(CVE-2016-10228, bsc#1027496, BZ #19519)
- Update to glibc 2.31
- glibc-2.14-crypt.diff, crypt_blowfish-const.patch,
crypt_blowfish-1.2-sha.diff, crypt_blowfish-gensalt.patch,
crypt_blowfish-1.2-hack_around_arm.diff, glibc-nodate.patch,
powerpc-elision-enable-envvar.patch, s390-elision-enable-envvar.patch,
crt-nocompress-debug-sections.patch, resolv-context-leak.patch,
dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch,
math-c++-compat.patch, remove-nss-nis-compat.patch,
eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch,
assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch,
dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch,
nscd-libnsl.patch, malloc-tcache-leak.patch,
falkor-memcpy-memmove.patch, aarch64-cpu-features.patch,
nss-files-large-buffers.patch, sysconf-uio-maxiov.patch,
glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch,
spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch,
tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch,
malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch,
fillin-rpath-empty-tokens.patch, getcwd-absolute.patch,
memalign-overflow.patch, stack-guard-size-accounting.patch,
libgcc-rtld-now.patch, res-send-enomem.patch,
glibc-fix-avx512-mempcpy.patch, i386-memmove-sse2-unaligned.patch,
realpath-ssize-max-overflow.patch, localtime-2039.patch,
math-remove-slow-path.patch, aarch64-hwcap-atomics.patch,
glibc-fix-aarch64-build.diff, absolute-symbols.patch,
x86-haswell-string-flags.patch,
pthread-cond-broadcast-waiters-after-spinning.patch,
mman-map-sync.patch, mman-linux-map-shared-validate.patch,
nptl-setxid-error.patch, pthread-mutex-trylock-barrier.patch,
getaddrinfo-parse-ipv4-address.patch, japanese-era-name-may-2019.patch,
force-elision-race.patch, regex-read-overrun.patch,
regex-parse-reg-exp.patch,
0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch,
0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch,
0003-S390-Unify-31-64bit-memcpy.patch,
0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch,
0005-S390-Remove-s390-specific-implementation-of-bcopy.patch,
0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch,
0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch,
0008-S390-Add-z13-memmove-ifunc-variant.patch,
0009-S390-Add-z13-strstr-ifunc-variant.patch,
0010-S390-Add-z13-memmem-ifunc-variant.patch,
0011-S390-Cleanup-ifunc-resolve.h.patch,
0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch,
0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch,
0014-S390-Add-configure-check-to-detect-support-for-arch1.patch,
0015-S390-Add-arch13-memmove-ifunc-variant.patch,
0016-S390-Add-arch13-strstr-ifunc-variant.patch,
0017-S390-Add-arch13-memmem-ifunc-variant.patch,
prefer-map-32bit-exec.patch, s390-strstr-page-boundary.patch,
ppc-tle-htm-nosc.patch,
posix-Add-internal-symbols-for-posix_spawn-interface.patch,
glibc-2.29-posix-Use-posix_spawn-on-popen.patch,
backtrace-powerpc.patch, pthread-rwlock-pwn.patch,
manual-memory-protection.patch, ldbl-96-rem-pio2l.patch,
dl-sort-maps.patch, dlopen-filter-object.patch,
glob-use-after-free.patch, nptl-setxid-race.patch, nscd-senfile.patch,
ldd-system-interp.patch, abort-no-flush.patch,
fnmatch-collating-elements.patch, nss-files-long-lines-2.patch,
iconv-reset-input-buffer.patch, nscd-prune.patch, syslog-locking.patch:
Removed.
- long-double-alias.patch, glibc-nsswitch-usr.diff, euc-kr-overrun.patch,
riscv-syscall-clobber.patch, nscd-gc-cycle.patch: Added.
- nscd-senfile.patch: Fix concurrent changes on nscd aware files
(bsc#1171878, BZ #23178)
- nscd-prune.patch: nscd: bump GC cycle during cache pruning (bsc#1171878,
BZ #26130)
- syslog-locking.patch: Correct locking and cancellation cleanup in syslog
functions (bsc#1172085, BZ #26100)
- nptl-setxid-race.patch: nptl: wait for pending setxid request also in
detached thread (bsc#1162930, BZ #25942)
- glob-use-after-free.patch: Fix use-after-free in glob when expanding
~user (CVE-2020-1752, bsc#1167631, BZ #25414)
- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter
object to work (bsc#1166106, BZ #16272)
- ldbl-96-rem-pio2l.patch: Avoid ldbl-96 stack corruption from range
reduction of pseudo-zero (CVE-2020-10029, bsc#1165784, BZ #25487)
- pthread-rwlock-pwn.patch: Fix rwlock stall with
PREFER_WRITER_NONRECURSIVE_NP (bsc#1164505, BZ #23861)
- manual-memory-protection.patch: manual: Document mprotect and introduce
section on memory protection (bsc#1163184)
- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
(CVE-2020-1751, bsc#1158996, BZ #25423)
- posix-Add-internal-symbols-for-posix_spawn-interface.patch,
glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on
popen (bsc#1149332, BZ #22834)
- ppc-tle-htm-nosc.patch: powerpc: Fix syscalls during early process
initialization (SLE-8348, BZ #22685)
- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing
a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226)
- prefer-map-32bit-exec.patch: rtld: Check __libc_enable_secure before
honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126, bsc#1157292, BZ
[#25204])
- GNU1815 - Hardware support in toolchain (bsc#1151582)
0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch
0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch
0003-S390-Unify-31-64bit-memcpy.patch
0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch
0005-S390-Remove-s390-specific-implementation-of-bcopy.patch
0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch
0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch
0008-S390-Add-z13-memmove-ifunc-variant.patch
0009-S390-Add-z13-strstr-ifunc-variant.patch
0010-S390-Add-z13-memmem-ifunc-variant.patch
0011-S390-Cleanup-ifunc-resolve.h.patch
0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch
0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch
0014-S390-Add-configure-check-to-detect-support-for-arch1.patch
0015-S390-Add-arch13-memmove-ifunc-variant.patch
0016-S390-Add-arch13-strstr-ifunc-variant.patch
0017-S390-Add-arch13-memmem-ifunc-variant.patch
- regex-parse-reg-exp.patch: ERE '0|()0|1|0' causes regexec undefined
behavior (CVE-2009-5155, bsc#1127223, BZ #18986)
- regex-read-overrun.patch: regex: fix read overrun (CVE-2019-9169,
bsc#1127308, BZ #24114)
- crt-nocompress-debug-sections.patch: Don't compress debug sections in
crt*.o files (bsc#1123710)
- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
(bsc#1117993, BZ #23973)
- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting
to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)
- japanese-era-name-may-2019.patch: ja_JP locale: Add entry for the new
Japanese era (bsc#1100396, BZ #22964)
- pthread-mutex-trylock-barrier.patch: pthread_mutex_trylock does not use
the correct order of instructions while maintaining the robust mutex
list due to missing compiler barriers (bsc#1130045, BZ #24180)
- getaddrinfo-parse-ipv4-address.patch: getaddrinfo: Fully parse IPv4
address strings (CVE-2016-10739, bsc#1122729, BZ #20018)
- mman-map-sync.patch: Add MAP_SYNC from Linux 4.15 (bsc#1126590)
- mman-linux-map-shared-validate.patch: Add MAP_SHARED_VALIDATE from Linux
4.15 (bsc#1126590)
- nptl-setxid-error.patch: nptl: Preserve error in setxid thread broadcast
in coredumps (bsc#1063675, BZ #22153)
- x86-haswell-string-flags.patch: Fix Haswell CPU string flags
(bsc#1114984, BZ #23709)
- pthread-cond-broadcast-waiters-after-spinning.patch: Fix
waiters-after-spinning case (bsc#1114993, BZ #23538)
- absolute-symbols.patch: Don't relocate absolute symbols (bsc#1112570, BZ
[#19818])
- glibc-fix-aarch64-build.diff: Fix build on aarch64 with
binutils newer than 2.30.
- Add glibc-locale-base subpackage containing only C, C.UTF-8 and
en_US.UTF-8 locales (fate#326551)
- aarch64-hwcap-atomics.patch: aarch64: add HWCAP_ATOMICS to
HWCAP_IMPORTANT (fate#325962)
- math-remove-slow-path.patch: Remove slow paths from math routines
(fate#325815, fate#325879, fate#325880, fate#325881, fate#325882)
- localtime-2039.patch: Fix year 2039 bug for localtime with 64-bit time_t
(bsc#1102526, BZ #22639)
- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing
2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
- realpath-ssize-max-overflow.patch: Fix overflow in path length
computation (CVE-2018-11236, bsc#1094161, BZ #22786)
- glibc-fix-avx512-mempcpy.patch: replace with upstream version
- Use %license also for COPYING and COPYING.LIB (bsc#1082318)
- Add glibc-fix-avx512-mempcpy.patch as quick fix for mempcpy
buffer overwrite in memmove-avx512-no-vzeroupper.S for Knights
Landing CPUs (CVE-2018-11237, bnc#1094154, bnc#1092877, BZ #23196)
- Readd nis to netgroup and automount nss config (bsc#1088860)
- res-send-enomem.patch: Fix crash in resolver on memory allocation
failure (bsc#1086690, BZ #23005)
- Use %license (bsc#1082318)
- stack-guard-size-accounting.patch: Fix stack guard size accounting
(bsc#1074208, BZ #22637)
- libgcc-rtld-now.patch: Open libgcc.so with RTLD_NOW during
pthread_cancel (bsc#1074208, BZ #22636)
- Mark source0 as nosource in non-main source rpms
- Add systemtap-headers to BuildRequires.
- Add --enable-systemtap to configure arguments. (fate#324969,
bsc#1073636)
- memalign-overflow.patch: Fix integer overflows in internal memalign and
malloc functions (CVE-2018-6485, CVE-2018-6551, bsc#1079036, BZ #22343,
BZ #22774)
- fix-locking-in-_IO_cleanup.patch: Skip locked files during exit
(bsc#1070491, BZ #15142)
- Avoid duplicate source rpm
- getcwd-absolute.patch: make getcwd(3) fail if it cannot obtain an
absolute path (CVE-2018-1000001, bsc#1074293, BZ #22679)
- dl-init-paths-overflow.patch: Count components of the expanded path in
_dl_init_path (CVE-2017-1000408, CVE-2017-1000409, bsc#1071319, BZ
[#22607], BZ #22627)
- fillin-rpath-empty-tokens.patch: Check for empty tokens before dynamic
string token expansion (CVE-2017-16997, bsc#1073231, BZ #22625)
- tst-tlsopt-powerpc.patch: fix tst-tlsopt-powerpc (bcn#1070419)
- powerpc-hwcap-bits.patch: Update HWCAP for powerpc (bnc#1070420)
- malloc-tcache-check-overflow.patch: Fix integer overflow in malloc when
tcache is enabled (CVE-2017-17426, bnc#1071479, BZ #22375)
- Add _multibuild
- glob64-s390.patch: no compat glob64 on s390
- noversion.tar.bz2: remove unused source
- x86-64-dl-platform.patch: Don't set GLRO(dl_platform) to NULL (BZ #22299)
- spawni-assert.patch: Fix improper assert in Linux posix_spawn (BZ
[#22273])
- math-c++-compat.patch: Add more C++ compatibility (BZ #22296)
- malloc-tcache-leak.patch: Fix tcache leak after thread destruction (BZ
[#22111])
- falkor-memcpy-memmove.patch: Optimized implementation of memcpy/memmove
for Qualcomm Falkor
- aarch64-cpu-features.patch: Fix glibc.tune.cpu tunable handling
- nss-files-large-buffers.patch: Avoid large buffers with many host
addresses (BZ #22078)
- sysconf-uio-maxiov.patch: Fix missing definition of UIO_MAXIOV (BZ
[#22321])
- glob-tilde-overflow.patch: Fix buffer overflows with GLOB_TILDE
(CVE-2017-15670, CVE-2017-15671, CVE-2017-15804,
bsc#1064569. bsc#1064580, bsc#1064583, BZ #22320, BZ #22325, BZ #22332)
- dl-runtime-resolve-xsave.patch: Use fxsave/xsave/xsavec in
_dl_runtime_resolve (BZ #21265)
- nscd-libnsl.patch: Remove reference to libnsl from nscd (bsc#1062244)
- Drop glibc-obsolete
- glibc-2.3.90-noversion.diff: remove
- reinitialize-dl_load_write_lock.patch: remove
- nss-compat.patch: Move nss_compat from nis to nss subdir and install it
unconditionally
- nsswitch.conf: switch back to compat for passwd, group, shadow
- assert-pedantic.patch: Suppress pedantic warning caused by statement
expression (BZ #21242, BZ #21972)
- math-c++-compat.patch: Add more C++ compatibility (BZ #22235)
- getaddrinfo-errno.patch: Fix errno and h_errno handling in getaddrinfo
(BZ #21915, BZ #21922)
- resolv-conf-oom.patch: Fix memory handling in OOM situation during
resolv.conf parsing (BZ #22095, BZ #22096)
- dynarray-allocation.patch: Fix initial size of dynarray allocation and
set errno on overflow error
- nearbyint-inexact.patch: Avoid spurious inexact in nearbyint (BZ #22225)
- math-c++-compat.patch: add more C++ compatibility (BZ #22146)
- Remove rpcsvc/yppasswd.* from glibc-devel
- ld-so-hwcap-x86-64.patch: add x86_64 to hwcap (bsc#1056606, BZ #22093)
- eh-frame-zero-terminator.patch: Properly terminate .eh_frame (BZ #22051)
- Disable obsolete libnsl and NIS support
- remove-nss-nis-compat.patch: remove nis and compat from default NSS
configs
- nsswitch.conf: Likewise
- math-c++-compat.patch: Do not use __builtin_types_compatible_p in C++
mode (BZ #21930)
- Add iconvconfig to baselibs.conf (bsc#1051042)
- resolv-context-leak.patch: Fix leaks of resolver contexts
- dl-runtime-resolve-opt-avx512f.patch: Use _dl_runtime_resolve_opt only
with AVX512F (BZ #21871)
- libpthread-compat-wrappers.patch: Don't use IFUNC resolver for longjmp
or system in libpthread (BZ #21041)
- Update to glibc 2.26
* A per-thread cache has been added to malloc
* Unicode 10.0.0 Support
* Improvements to the DNS stub resolver
* New function reallocarray, which resizes an allocated block (like
realloc) to the product of two sizes, with a guaranteed clean failure
upon integer overflow in the multiplication
* New wrappers for the Linux-specific system calls preadv2 and pwritev2
* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
create a new session ID for the spawned process
* errno.h is now safe to use from C-preprocessed assembly language on all
supported operating systems
* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
754-2008) and ISO/IEC TS 18661-3:2015
* The synchronization that pthread_spin_unlock performs has been changed to
now be equivalent to a C11 atomic store with release memory order to the
spin lock's memory location
* The DNS stub resolver no longer performs EDNS fallback
* res_mkquery and res_nmkquery no longer support the IQUERY opcode
* The _res_opcodes variable has been removed from libresolv
* <string.h> no longer includes inline versions of any string functions,
as this kind of optimization is better done by the compiler
* The nonstandard header <xlocale.h> has been removed
* The obsolete header <sys/ultrasound.h> has been removed
* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>
* The obsolete function cfree has been removed
* The stack_t type no longer has the name struct sigaltstack
* The ucontext_t type no longer has the name struct ucontext
* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
synced with the kernel
* Linux kernel 3.2 or later is required at runtime, on all architectures
supported by that kernel
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
to avoid fragmentation-based spoofing attacks (CVE-2017-12132)
* LD_LIBRARY_PATH is now ignored in binaries running in privileged
AT_SECURE mode to guard against local privilege escalation attacks
(CVE-2017-1000366)
* Avoid printing a backtrace from the __stack_chk_fail function since it
is called on a corrupt stack and a backtrace is unreliable on a
corrupt stack (CVE-2010-3192)
* A use-after-free vulnerability in clntudp_call in the Sun RPC system
has been fixed (CVE-2017-12133)
* fate#322258, fate#321513, fate#322453
- fts-symbol-redirect.patch, glibc-resolv-reload.diff, glibc-2.2-sunrpc.diff,
i686-memchr-sse.patch, ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,
sunrpc-use-after-free.patch, test-math-vector-sincos-aliasing.patch,
tunables-bigendian.patch: Removed
- Fix RPM group
- s390-elision-enable-envvar.patch: enable TLE only if
GLIBC_ELISION_ENABLE=yes is defined (fate#322271)
- ld-hwcap-mask-suid.patch: Ignore and remove LD_HWCAP_MASK for AT_SECURE
programs (BZ #21209)
- ld-library-path-suid.patch: Completely ignore LD_LIBRARY_PATH for
AT_SECURE=1 programs (CVE-2017-1000366, bsc#1039357, BZ #21624)
- Remove glibc-cpusetsize.diff, no longer useful
- fts-symbol-redirect.patch: Fix symbol redirect for fts_set (bsc#1041123,
BZ #21289)
- test-math-vector-sincos-aliasing.patch: Fix test-math-vector-sincos.h
aliasing
- add-locales.patch: renamed from glibc-2.3.locales.diff.bz2, drop en_BE
locales (bsc#1039502)
- Remove glibc-testsuite.patch, no longer relevant
- Use multibuild feature
- Remove obsolete check-build.sh
- glibc.rpmlintrc: remove obsolete entries
- Use %tmpfiles_create in nscd postin
- i686-memchr-sse.patch: Fix i686 memchr overflow calculation
(bsc#1031021, BZ #21182)
- sunrpc-use-after-free.patch: Avoid use-after-free read access in
clntudp_call (BZ #21115)
- Build testsuite with gdb and python-pexpect to enable more tests
- tunables-bigendian.patch: Fix getting tunable values on big-endian (BZ
[#21109])
- Update to glibc 2.25
* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
24731-2:2010, is supported to enable declarations of functions from that
TR.
* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
18661-1:2014, is supported to enable declarations of functions and macros
from that TS.
* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
18661-4:2015, is supported to enable declarations of functions and macros
from that TS.
* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated.
* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
<stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
WINT_WIDTH.
* New <math.h> features are added from TS 18661-1:2014:
- Signaling NaN macros: SNANF, SNAN, SNANL.
- Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
- llogb functions: the llogb, llogbf and llogbl functions, and the
FP_LLOGB0 and FP_LLOGBNAN macros.
- Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
fminmagf, fminmagl.
- Comparison macros: iseqsig.
- Classification macros: iscanonical, issubnormal, iszero.
- Total order functions: totalorder, totalorderf, totalorderl,
totalordermag, totalordermagf, totalordermagl.
- Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
- NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
are added to libc.
* Most of glibc can now be built with the stack smashing protector enabled.
* The function explicit_bzero, from OpenBSD, has been added to libc.
* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
to float instead of double.
* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
float_t and double_t types are now defined to long double instead of float
and double.
* The getentropy and getrandom functions, and the <sys/random.h> header file
have been added.
* The buffer size for byte-oriented stdio streams is now limited to 8192
bytes by default.
* The <sys/quota.h> header now includes the <linux/quota.h> header.
* The malloc_get_state and malloc_set_state functions have been removed.
* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
* The "/ip6-bytestring"/ resolver option and the corresponding RES_USEBSTRING
flag from <resolv.h> have been removed.
* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
RES_BLAST defined in the <resolv.h> header file have been deprecated.
* The "/inet6"/ option in /etc/resolv.conf and the RES_USE_INET6 flag for
_res.flags are deprecated.
* DNSSEC-related declarations and definitions have been removed from the
<arpa/nameser.h> header file, and libresolv will no longer attempt to
decode the data part of DNSSEC record types.
* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
<arpa/nameser.h> header file because the distinction between RR types and
meta-RR types is not officially standardized, subject to revision, and
thus not suitable for encoding in a macro.
* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
and rhook members of the res_state type in <resolv.h> have been removed.
* For multi-arch support it is recommended to use a GCC which has
been built with support for GNU indirect functions.
* GDB pretty printers have been added for mutex and condition variable
structures in POSIX Threads.
* Tunables feature added to allow tweaking of the runtime for an application
program.
* A new version of condition variables functions have been implemented in
the NPTL implementation of POSIX Threads to provide stronger ordering
guarantees.
* A new version of pthread_rwlock functions have been implemented to use a more
scalable algorithm primarily through not using a critical section anymore to
make state changes.
* On ARM EABI (32-bit), generating a backtrace for execution contexts which
have been created with makecontext could fail to terminate due to a
missing .cantunwind annotation. (CVE-2016-6323)
* The DNS stub resolver functions would crash due to a NULL pointer
dereference when processing a query with a valid DNS question type which
was used internally in the implementation. (CVE-2015-5180)
- Enable stack protector if part of %optflags
- startcontext-cantunwind.patch: Removed
- cpuid-assertion.patch: Removed
- cpuid-assertion.patch: Don't assert on older Intel CPUs (BZ #20647)
- glibc-2.3.3-nscd-db-path.diff: Move persistent nscd databases to
/var/lib/nscd
- glibc-2.3.90-langpackdir.diff: simplify
- Update to glibc 2.24
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 3.2
* The pap_AN locale has been deleted
* The readdir_r and readdir64_r functions have been deprecated
* The type `union wait' has been removed
* A new NSS action is added to facilitate large distributed system
administration
* The deprecated __malloc_initialize_hook variable has been removed from
the API
* The long unused localedef --old-style option has been removed
* nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added
to libm
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed
(CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the
stack, even after the fix for CVE-2013-4458 has been applied,
potentially resulting in a stack overflow. getaddrinfo now uses a
heap allocation instead (CVE-2016-3706)
* The glob function suffered from a stack-based buffer overflow when it
was called with the GLOB_ALTDIRFUNC flag and encountered a long file
name (CVE-2016-1234)
* The Sun RPC UDP client could exhaust all available stack space when
flooded with crafted ICMP and UDP messages (CVE-2016-4429)
* The IPv6 name server management code in libresolv could result in a
memory leak for each thread which is created, performs a failing
naming lookup, and exits (CVE-2016-5417)
- startcontext-cantunwind.patch: mark __startcontext as .cantunwind
(bsc#974800, BZ #20435)
- Removed patches:
* 0001-Updated-translations-for-2.23.patch
* 0002-Regenerate-libc.pot-for-2.23.patch
* 0003-Regenerated-configure-scripts.patch
* 0004-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch
* 0005-Add-fts64_-to-sysdeps-arm-nacl-libc.abilist.patch
* 0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch
* 0007-NEWS-2.23-Fix-typo-in-bug-19048-text.patch
* 0008-Update-NEWS.patch
* 0009-sln-use-stat64.patch
* 0010-Add-sys-auxv.h-wrapper-to-include-sys.patch
* 0011-mips-terminate-the-FDE-before-the-return-trampoline-.patch
* 0012-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
* 0013-Mention-BZ-19762-in-NEWS.patch
* 0014-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
* 0015-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
* 0016-Fix-resource-leak-in-resolver-bug-19257.patch
* 0017-math-don-t-clobber-old-libm.so-on-install-BZ-19822.patch
* 0018-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
* 0019-S390-Save-and-restore-fprs-vrs-while-resolving-symbo.patch
* 0020-S390-Extend-structs-La_s390_regs-La_s390_retval-with.patch
* 0021-CVE-2016-3075-Stack-overflow-in-_nss_dns_getnetbynam.patch
* 0022-configure-fix-test-usage.patch
* 0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch
* 0024-nss_db-Propagate-ERANGE-error-if-parse_line-fails-BZ.patch
* 0025-getnameinfo-Do-not-preserve-errno.patch
* 0026-getnameinfo-Refactor-and-fix-memory-leak-BZ-19642.patch
* 0027-getnameinfo-Reduce-line-length-and-add-missing-comme.patch
* 0028-getnameinfo-Avoid-calling-strnlen-on-uninitialized-b.patch
* 0029-getnameinfo-Return-EAI_OVERFLOW-in-more-cases-BZ-197.patch
* 0030-hesiod-Remove-RCS-keywords.patch
* 0031-hesiod-Always-use-thread-local-resolver-state-BZ-195.patch
* 0032-hesiod-Avoid-heap-overflow-in-get_txt_records-BZ-200.patch
* 0033-malloc-Remove-NO_THREADS.patch
* 0034-Fix-malloc-threaded-tests-link-on-non-Linux.patch
* 0035-malloc-Run-fork-handler-as-late-as-possible-BZ-19431.patch
* 0036-malloc-Remove-malloc-hooks-from-fork-handler.patch
* 0037-malloc-Add-missing-internal_function-attributes-on-f.patch
* 0038-nss_dns-Fix-assertion-failure-in-_nss_dns_getcanonna.patch
* 0039-nss_dns-Validate-RDATA-length-against-packet-length-.patch
* 0040-resolv-nss_dns-Remove-remaining-syslog-logging-BZ-19.patch
* 0041-nss_dns-Check-address-length-before-creating-addrinf.patch
* 0042-nss_dns-Skip-over-non-PTR-records-in-the-netent-code.patch
* 0043-resolv-Always-set-resplen2-out-parameter-in-send_vc-.patch
* 0044-tst-audit4-tst-audit10-Compile-AVX-AVX-512-code-sepa.patch
* 0045-Fix-tst-audit10-build-when-mavx512f-is-not-supported.patch
* 0046-tst-audit10-Fix-compilation-on-compilers-without-bit.patch
* 0047-strfmon_l-Use-specified-locale-for-number-formatting.patch
* 0048-glob-Simplify-the-interface-for-the-GLOB_ALTDIRFUNC-.patch
* 0049-CVE-2016-1234-glob-Do-not-copy-d_name-field-of-struc.patch
* 0050-ldconfig-Do-not-remove-stale-symbolic-links-with-X-B.patch
* 0051-Report-dlsym-dlvsym-lookup-errors-using-dlerror-BZ-1.patch
* 0052-Fix-tst-dlsym-error-build.patch
* 0053-Remove-trailing-newline-from-date_fmt-in-Serbian-loc.patch
* 0054-Revert-Report-dlsym-dlvsym-lookup-errors-using-dlerr.patch
* 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch
* 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch
* clntudp-call-alloca.patch
* glibc-memset-nontemporal.diff
* nis-initgroups-status.patch
* nscd-gc-crash.patch
* robust-mutex-deadlock.patch
* strncat-avoid-array-bounds-warning.patch
- strncat-avoid-array-bounds-warning.patch: Avoid array-bounds warning for
stncat on i586 (BZ #20260)
- Update glibc.keyring
- Unset MALLOC_CHECK_ during testsuite run
- nsswitch.conf: Add fallback to files for passwd and group to prepare for
libnsl removal.
- nis-initgroups-status.patch: Return proper status from
_nss_nis_initgroups_dyn (bsc#984269, BZ #20262)
- robust-mutex-deadlock.patch: Fix generic __lll_robust_timedlock_wait to
check for timeout (bsc#985170, BZ #20263)
- nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ
[#19755])
- clntudp-call-alloca.patch: do not use alloca in clntudp_call
(CVE-2016-4429, bsc#980854, BZ #20112)
- Import patches from 2.23 branch
0001-Updated-translations-for-2.23.patch
0002-Regenerate-libc.pot-for-2.23.patch
0003-Regenerated-configure-scripts.patch
0004-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch
0005-Add-fts64_-to-sysdeps-arm-nacl-libc.abilist.patch
0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch
0007-NEWS-2.23-Fix-typo-in-bug-19048-text.patch
0008-Update-NEWS.patch
0009-sln-use-stat64.patch
0010-Add-sys-auxv.h-wrapper-to-include-sys.patch
0011-mips-terminate-the-FDE-before-the-return-trampoline-.patch
0012-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch
0013-Mention-BZ-19762-in-NEWS.patch
0014-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch
0015-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch
0016-Fix-resource-leak-in-resolver-bug-19257.patch
0017-math-don-t-clobber-old-libm.so-on-install-BZ-19822.patch
0018-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch
0019-S390-Save-and-restore-fprs-vrs-while-resolving-symbo.patch
0020-S390-Extend-structs-La_s390_regs-La_s390_retval-with.patch
0021-CVE-2016-3075-Stack-overflow-in-_nss_dns_getnetbynam.patch
0022-configure-fix-test-usage.patch
0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch
0024-nss_db-Propagate-ERANGE-error-if-parse_line-fails-BZ.patch
0025-getnameinfo-Do-not-preserve-errno.patch
0026-getnameinfo-Refactor-and-fix-memory-leak-BZ-19642.patch
0027-getnameinfo-Reduce-line-length-and-add-missing-comme.patch
0028-getnameinfo-Avoid-calling-strnlen-on-uninitialized-b.patch
0029-getnameinfo-Return-EAI_OVERFLOW-in-more-cases-BZ-197.patch
0030-hesiod-Remove-RCS-keywords.patch
0031-hesiod-Always-use-thread-local-resolver-state-BZ-195.patch
0032-hesiod-Avoid-heap-overflow-in-get_txt_records-BZ-200.patch
0033-malloc-Remove-NO_THREADS.patch
0034-Fix-malloc-threaded-tests-link-on-non-Linux.patch
0035-malloc-Run-fork-handler-as-late-as-possible-BZ-19431.patch
0036-malloc-Remove-malloc-hooks-from-fork-handler.patch
0037-malloc-Add-missing-internal_function-attributes-on-f.patch
0038-nss_dns-Fix-assertion-failure-in-_nss_dns_getcanonna.patch
0039-nss_dns-Validate-RDATA-length-against-packet-length-.patch
0040-resolv-nss_dns-Remove-remaining-syslog-logging-BZ-19.patch
0041-nss_dns-Check-address-length-before-creating-addrinf.patch
0042-nss_dns-Skip-over-non-PTR-records-in-the-netent-code.patch
0043-resolv-Always-set-resplen2-out-parameter-in-send_vc-.patch
0044-tst-audit4-tst-audit10-Compile-AVX-AVX-512-code-sepa.patch
0045-Fix-tst-audit10-build-when-mavx512f-is-not-supported.patch
0046-tst-audit10-Fix-compilation-on-compilers-without-bit.patch
0047-strfmon_l-Use-specified-locale-for-number-formatting.patch
0048-glob-Simplify-the-interface-for-the-GLOB_ALTDIRFUNC-.patch
0049-CVE-2016-1234-glob-Do-not-copy-d_name-field-of-struc.patch
0050-ldconfig-Do-not-remove-stale-symbolic-links-with-X-B.patch
0051-Report-dlsym-dlvsym-lookup-errors-using-dlerror-BZ-1.patch
0052-Fix-tst-dlsym-error-build.patch
0053-Remove-trailing-newline-from-date_fmt-in-Serbian-loc.patch
0054-Revert-Report-dlsym-dlvsym-lookup-errors-using-dlerr.patch
0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch
0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch
- CVE-2016-3075 CVE-2016-1234 CVE-2016-3706 bsc#973164 bsc#969727
- resolv-mem-leak.patch: renamed to
0016-Fix-resource-leak-in-resolver-bug-19257.patch
- no-long-double.patch: renamed to
0006-Don-t-use-long-double-math-functions-if-NO_LONG_DOUB.patch
- glibc-gcc6.patch: renamed to
0023-Suppress-GCC-6-warning-about-ambiguous-else-with-Wpa.patch
- glibc-c-utf8-locale.patch: fix bad standard in LC_IDENTIFICATION categories
- glibc-2.3.locales.diff.bz2: likewise
- glibc-gcc6.patch: Suppress GCC 6 warning about ambiguous 'else' with
- Wparentheses
- Add compatibility symlinks for LSB 3.0 (fate#318933)
- powerpc-elision-enable-envvar.patch: enable TLE only if
GLIBC_ELISION_ENABLE=yes is defined (bsc#967594, fate#318236)
- ldd-system-interp.patch: Restore warning about execution permission, it
is still needed for noexec mounts (bsc#915985)
- Add C.UTF-8 locale (see https://sourceware.org/glibc/wiki/Proposals/C.UTF-8)
and rh#902094 . Added with glibc-c-utf8-locale.patch.
- Add glibc-disable-gettext-for-c-utf8.patch to disable gettext for
C.UTF-8 same as C locale.
- Move %install_info_delete to %preun
- crypt_blowfish-1.3.tar.gz.sign: Remove, the sign key is no longer
acceptable
- no-long-double.patch: Don't use long double functions if NO_LONG_DOUBLE
- Update to glibc 2.23 release.
* Unicode 8.0.0 Support
* sched_setaffinity, pthread_setaffinity_np no longer attempt to guess
the kernel-internal CPU set size
* The fts.h header can now be used with -D_FILE_OFFSET_BITS=64
* getaddrinfo now detects certain invalid responses on an internal
netlink socket
* A defect in the malloc implementation, present since glibc 2.15 (2012)
or glibc 2.10 via --enable-experimental-malloc (2009), could result in
the unnecessary serialization of memory allocation requests across
threads
* The obsolete header <regexp.h> has been removed
* The obsolete functions bdflush, create_module, get_kernel_syms,
query_module and uselib are no longer available to newly linked
binaries
* Optimized string, wcsmbs and memory functions for IBM z13.
* Newly linked programs that define a variable called signgam will no
longer have it set by the lgamma, lgammaf and lgammal functions
- Removed patches:
* dont-remove-nodelete-flag.patch
* openat64-readd-o-largefile.patch
* mntent-blank-line.patch
* opendir-o-directory-check.patch
* strcoll-remove-strdiff-opt.patch
* ld-pointer-guard.patch
* tls-dtor-list-mangling.patch
* powerpc-lock-elision-race.patch
* prelink-elf-rtype-class.patch
* vector-finite-math-aliases.patch
* powerpc-elision-adapt-param.patch
* catopen-unbound-alloca.patch
* strftime-range-check.patch
* hcreate-overflow-check.patch
* errorcheck-mutex-no-elision.patch
* refactor-nan-parsing.patch
* send-dg-buffer-overflow.patch
* isinf-cxx11-conflict.patch
* ibm93x-redundant-shift-si.patch
* iconv-reset-input-buffer.patch
* tzset-tzname.patch
* static-dlopen.patch
- isinf-cxx11-conflict.patch: Fix isinf/isnan declaration conflict with
C++11 (bsc#963700, BZ #19439)
- tls-dtor-list-mangling.patch: Harden tls_dtor_list with pointer mangling
(BZ #19018)
- prelink-elf-rtype-class.patch: Keep only ELF_RTYPE_CLASS_{PLT|COPY} bits
for prelink (BZ #19178)
- vector-finite-math-aliases.patch: Better workaround for aliases of
* _finite symbols in vector math library (BZ# 19058)
- powerpc-elision-adapt-param.patch: powerpc: Fix usage of elision
transient failure adapt param (BZ #19174)
- catopen-unbound-alloca.patch: Fix unbound alloca in catopen
(CVE-2015-8779, bsc#962739, BZ #17905)
- strftime-range-check.patch: Add range check on time fields
(CVE-2015-8776, bsc#962736, BZ #18985)
- hcreate-overflow-check.patch: Handle overflow in hcreate (CVE-2015-8778,
bsc#962737, BZ #18240)
- errorcheck-mutex-no-elision.patch: Don't do lock elision on an error
checking mutex (bsc#956716, BZ #17514)
- refactor-nan-parsing.patch: Refactor strtod parsing of NaN payloads
(CVE-2014-9761, bsc#962738, BZ #16962)
- send-dg-buffer-overflow.patch: Fix getaddrinfo stack-based buffer
overflow (CVE-2015-7547, bsc#961721, BZ #18665)
- powerpc-lock-elision-race.patch: renamed from
0001-powerpc-Fix-a-race-condition-when-eliding-a-lock-20150730.patch
- Add audit-devel and libcap-devel to BuildRequires, for use by nscd
- reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock
on fork (bsc#958315, BZ #19282)
- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257)
- tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set
DST rules only (BZ #19253)
- glibc-2.3.90-noversion.diff: use stat64
- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777,
bsc#950944, BZ #18928)
- strcoll-remove-strdiff-opt.patch: Remove incorrect STRDIFF-based
optimization (BZ #18589)
- iconv-reset-input-buffer.patch: Fix iconv buffer handling with IGNORE
error handler (BZ #18830)
- new patch [BZ #18743] PowerPC: Fix a race condition when eliding a lock
0001-powerpc-Fix-a-race-condition-when-eliding-a-lock-20150730.patch
- nss-files-long-lines-2.patch: Properly reread entry after failure in
nss_files getent function (bsc#945779, BZ #18991)
- fnmatch-collating-elements.patch: Fix fnmatch handling of collating
elements (BZ #17396, BZ #16976)
- opendir-o-directory-check.patch: Fix opendir inverted o_directory_works
test
- static-dlopen.patch: Static dlopen default library search path fix
(bsc#937853)
- mntent-blank-line.patch: Fix memory corruption w/blank lines
- dont-remove-nodelete-flag.patch: Don't remove DF_1_NODELETE flag from
all loaded objects on failed dlopen
- openat64-readd-o-largefile.patch: Readd O_LARGEFILE flag for openat64
- Update to glibc 2.22 release.
* Cache information can be queried via sysconf() function on s390
* A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. (CVE-2015-1781)
* The time zone file parser has been made more robust against crafted time
zone files
* A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors
for LD and GD on x86 and x86-64, has been implemented.
* Character encoding and ctype tables were updated to Unicode 7.0.0
* Added vector math library named libmvec
* A new fmemopen implementation has been added with the goal of POSIX
compliance.
* The header <regexp.h> is deprecated, and will be removed in a future
release.
* bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211
bsc#940195 bsc#940332 bsc#944494 bsc#968787
- Patches from upstream removed
* htm-tabort.patch
* o-tmpfile.patch
* memcpy-chk-non-SSE2.patch
* pthread-mutexattr-gettype-kind.patch
* powerpc-software-sqrt.patch
* static-tls-dtv-limit.patch
* threaded-trim-threshold.patch
* resolv-nameserver-handling.patch
* nss-separate-state-getXXent.patch
* aarch64-sigstksz.patch
* heap-top-corruption.patch
* pthread-join-deadlock.patch
- pthread-join-deadlock.patch: Use IE model for static variables in
libc.so, libpthread.so and rtld (bsc#930015, BZ #18457)
- glibc-nodate.patch: fix verification of timestamp
- also filter out -fstack-protector-strong
- getaddrinfo-ipv6-sanity.diff: Remove. It breaks services that start
before IPv6 is up (bsc#931399)
- glibc-2.3.locales.diff.bz2: Remove sh_YU locales, fix currency for en_BE.
- Add /usr/include/gnu/lib-names-.*.h to baselibs
- pthread-join-deadlock.patch: Don't require rtld lock to store static TLS
offset in the DTV (bsc#930015, BZ #18457)
- heap-top-corruption.patch: Do not corrupt the top of a threaded heap if
top chunk is MINSIZE (BZ #18502)
- threaded-trim-threshold.patch: Fix regression in threaded application
malloc performance (bsc#915955, BZ #17195)
- aarch64-sigstksz.patch: Increase MINSIGSTKSZ and SIGSTKSZ (BZ #16850)
- powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ
[#17967])
- nss-separate-state-getXXent.patch: Separate internal state between
getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007)
- static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS
limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621,
BZ #17628)
- resolv-nameserver-handling.patch: Replace with simpler version with more
compatibility
- memcpy-chk-non-SSE2.patch: Fix __memcpy_chk on non-SSE2 CPUs
(bsc#920084)
- resolv-nameserver-handling.patch: Rewrite handling of nameserver
configuration in resolver
- htm-tabort.patch: Fix TABORT encoding for little endian
- Update to glibc 2.21 release.
* A new semaphore algorithm has been implemented in generic C code for all
machines
* Added support for TSX lock elision of pthread mutexes on powerpc32,
powerpc64 and powerpc64le
* Optimized strcpy, stpcpy, strchrnul and strrchr implementations for
AArch64
* i386 memcpy functions optimized with SSE2 unaligned load/store
* New locales: tu_IN, bh_IN, raj_IN, ce_RU
* The obsolete sigvec function has been removed
* CVE-2015-1472 CVE-2015-1473 CVE-2012-3406 CVE-2014-9402
CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222
- Patches from upstream removed
* ifunc-x86-slow-sse4.patch
* pthread-mutex-trylock-elision.patch
- o-tmpfile.patch: Fix value of O_TMPFILE for architectures with
non-default O_DIRECTORY (BZ #17912)
- Update to crypt_blowfish 1.3.
* Add support for the $2b$ prefix.
- ifunc-x86-slow-sse4.patch: Fix misdetected Slow_SSE4_2 cpu feature bit
(BZ #17501)
- gmp
-
- adjusted to be the same license as in factory (bsc#1180603)
- correct license statement (library itself is no GPL-3.0)
- Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- Run spec-cleaner on the spec
- Use %license (boo#1082318)
- Explicitly BuildRequire m4
- Update to GMP 6.1.2 release.
* Mini-GMP: Fixed a division bug, which on a machine with 64-bit
unsigned long affects approximately 1 out of 2^32 divisors.
* Mini-GMP: Fix mpz_set_str crash on inputs with a large number of
leading zeros. Also stricter input validation, rejecting inputs
with no digits.
* Handle more systems which require PIC code in static libraries (e.g.,
"/hardened"/ Gentoo and Debian 9).
* Configuration for arm (-32 and -64) has been rewritten, fixing poor
code selection for many CPUs.
* Mini-GMP: Updated to the latest development version, including
new functions mpn_com and mpn_neg.
- Add gmp-6.1.2-conftest.patch to fix configure test.
- Use macro for configure (as bsc#870358) is already fixed
- Use xz compressed archives
- Update info pages dependencies
- gmp 6.1.1:
* Work around faulty cpuid on some recent Intel chips (this
allows GMP to run on Skylake Pentiums).
- Update to GMP 6.1.0 release.
* New C++ functions gcd and lcm for mpz_class
* New public mpn functions mpn_divexact_1, mpn_zero_p, and mpn_cnd_swap
* New public mpq_cmp_z function, to efficiently compare rationals with
integers
* Support for more 32-bit arm processors
* Support for AVX-less modern x86 CPUs
* Speedups and bugfixes
- Includes gmp-6.0.0-ppc64-gcd.diff, now removed
- Update gmp keyring
- Remove old ppc related conditionals
- Cleanup spec file with spec-cleaner
- Refresh sources
- Add gpg signature
- Correct version number so that it matches actuall version
- Make gmp-noexec.diff compatible with arm
- Use correct version number
- Fix tarball directory name to unbreak build
- gnutls
-
- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579)
- Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218)
- Security fix: [bsc#1183456, CVE-2021-20232]
* A use after free issue in client_send_params
in lib/ext/pre_shared_key.c may lead to memory
corruption and other potential consequences.
- Add gnutls-CVE-2021-20232.patch
- Security fix: [bsc#1183457, CVE-2021-20231]
* A use after free issue in client sending key_share extension
may lead to memory corruption and other consequences.
- Add gnutls-CVE-2021-20231.patch
- Avoid spurious audit messages about incompatible signature algorithms
(bsc#1172695)
* add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch
- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
* add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- FIPS: Add TLS KDF selftest (bsc#1176671)
* add gnutls-FIPS-TLS_KDF_selftest.patch
- Fix heap buffer overflow in handshake with no_renegotiation alert sent
* CVE-2020-24659 (bsc#1176181)
- add gnutls-CVE-2020-24659.patch
- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086)
- add patches
* 0001-Add-Full-Public-Key-Check-for-DH.patch
* 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch
* 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch
* 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch
* 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch
* 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch
* 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch
* 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch
* 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch
* 0001-dh-check-validity-of-Z-before-export.patch
* 0002-ecdh-check-validity-of-P-before-export.patch
* 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch
* 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch
* 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch
- drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch
- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction)
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
* add patches:
+ gnutls-CVE-2020-13777.patch
- Fixed handling of certificate chain with cross-signed intermediate
CA certificates (#1008). (bsc#1172461)
* add patches:
+ 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch
+ 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
+ 0003-x509-trigger-fallback-verification-path-when-cert-is.patch
+ 0004-tests-add-test-case-for-certificate-chain-supersedin.patch
- Add RSA 4096 key generation support in FIPS mode (bsc#1171422)
* add gnutls-3.6.7-fips-rsa-4096.patch
- Don't check for /etc/system-fips which we don't have (bsc#1169992)
* add gnutls-fips_mode_enabled.patch
- Backport AES XTS support (bsc#1168835)
* add 0001-Vendor-in-XTS-functionality-from-Nettle.patch
* add gnutls-fips_XTS_key_check.patch
- Fix zero random value in DTLS client hello
(CVE-2020-11501, bsc#1168345)
* add gnutls-CVE-2020-11501.patch
- Split off FIPS checksums into a separate libgnutls30-hmac
subpackage (bsc#1152692)
* update baselibs.conf
- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue
* No longer truncate output IV if input is shorter than block size.
* Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch
- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test
* Added Diffie Hellman public key verification test.
* gnutls-3.6.7-fips_DH_ECDH_key_tests.patch
- Install checksums for binary integrity verification which are
required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
- Explicitly require libnettle 3.4.1 (bsc#1134856)
* The RSA decryption code was rewritten in GnuTLS 3.6.5 in order
to fix CVE-2018-16868, the new implementation makes use of a new
rsa_sec_decrypt() function introduced in libnettle 3.4.1
* libnettle was recently updated to the 3.4.1 version but we need
to add explicit dependency on it to prevent missing symbol errors
with the older versions
- Restored autoreconf in build.
- Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch
since the version requirements of required libraries are once again
automatically determined.
- Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a
better patch name for handling the '--with-guile-site-dir=' problem in
3.6.7.
- Update gnutls to 3.6.7
* * libgnutls, gnutls tools: Every gnutls_free() will automatically set
the free'd pointer to NULL. This prevents possible use-after-free and
double free issues. Use-after-free will be turned into NULL dereference.
The counter-measure does not extend to applications using gnutls_free().
* * libgnutls: Fixed a memory corruption (double free) vulnerability in the
certificate verification API. Reported by Tavis Ormandy; addressed with
the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829)
* * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836)
* * libgnutls: enforce key usage limitations on certificates more actively.
Previously we would enforce it for TLS1.2 protocol, now we enforce it
even when TLS1.3 is negotiated, or on client certificates as well. When
an inappropriate for TLS1.3 certificate is seen on the credentials structure
GnuTLS will disable TLS1.3 support for that session (#69