- apparmor
-
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
documentation (bsc#1213472)
- autofs
-
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
Fix off-by-one error in recursive map handling. (bsc#1209653)
- autoyast2
-
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.4.45
- Properly install the selected products, do not lose them after
resetting the package manager internally (bsc#1202234)
- 4.4.44
- aws-cli
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Update to version 1.27.89
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.78
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.78/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.71
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.71/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.66
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.66/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.60
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.58
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.58/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.52
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.52/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.41
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.41/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.26
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.26/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.21
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.21/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.8
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.8/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.2
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.27.2/CHANGELOG.rst
- Relax upper version constraint for python-colorama in
BuildRequires and Requires to 0.5.0 (bsc#1204917)
- Update Requires in spec file from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.26.0
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.26.0/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.91
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.91/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.85
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.85/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.76
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.76/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.72
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.72/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.64
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.64/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.60
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.55
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.55/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.45
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.45/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.37
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.37/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.20
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.20/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.2
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.25.2/CHANGELOG.rst
- Update Requires in spec file from setup.py
- bind
-
- Update to release 9.16.42
Security Fixes:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for
named to enter an infinite callback loop and crash due to stack
overflow. This has been fixed. (CVE-2023-2911)
Bug Fixes:
* Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed.
[bsc#1212544, bsc#1212567, jsc#SLE-24600]
- Update to release 9.16.41
Bug Fixes:
* When removing delegations from an opt-out range,
empty-non-terminal NSEC3 records generated by those delegations
were not cleaned up. This has been fixed.
[jsc#SLE-24600]
- Update to release 9.16.40
Bug Fixes:
* Logfiles using timestamp-style suffixes were not always
correctly removed when the number of files exceeded the limit
set by versions. This has been fixed for configurations which
do not explicitly specify a directory path as part of the file
argument in the channel specification.
* Performance of DNSSEC validation in zones with many DNSKEY
records has been improved.
- Update to release 9.16.39
Feature Changes:
* libuv support for receiving multiple UDP messages in a single
recvmmsg() system call has been tweaked several times between
libuv versions 1.35.0 and 1.40.0; the current recommended libuv
version is 1.40.0 or higher. New rules are now in effect for
running with a different version of libuv than the one used at
compilation time. These rules may trigger a fatal error at
startup:
- Building against or running with libuv versions 1.35.0 and
1.36.0 is now a fatal error.
- Running with libuv version higher than 1.34.2 is now a
fatal error when named is built against libuv version
1.34.2 or lower.
- Running with libuv version higher than 1.39.0 is now a
fatal error when named is built against libuv version
1.37.0, 1.38.0, 1.38.1, or 1.39.0.
* This prevents the use of libuv versions that may trigger an
assertion failure when receiving multiple UDP messages in a
single system call.
Bug Fixes:
* named could crash with an assertion failure when adding a new
zone into the configuration file for a name which was already
configured as a member zone for a catalog zone. This has been
fixed.
* When named starts up, it sends a query for the DNSSEC key for
each configured trust anchor to determine whether the key has
changed. In some unusual cases, the query might depend on a
zone for which the server is itself authoritative, and would
have failed if it were sent before the zone was fully loaded.
This has now been fixed by delaying the key queries until all
zones have finished loading.
[jsc#SLE-24600]
- binutils
-
- Add binutils-disable-dt-relr.sh for an compatibility problem
caused by binutils-revert-rela.diff in SLE codestreams.
Needed for update of glibc as that would otherwise pick up
the broken relative relocs support. [bsc#1213282, PED-1435]
- blog
-
- Add patch blog.dif
* Fix big endian cast problems to be able to read commands
and ansers (blogctl) as well as passphrases (blogd)
- ca-certificates-mozilla
-
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
- cloud-init
-
- Update cloud-init-write-routes.patch (bsc#1212879)
+ Add necessary import statement
- Enable flake8 linting, fix up patches
+ cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
+ cloud-init-power-rhel-only.patch
+ cloud-init-write-routes.patch
+ datasourceLocalDisk.patch
- Add cloud-init-power-rhel-only.patch (bsc#1210273)
+ Config module cc_refresh_rmc_and_interface is implemented such that
it will only work on RH distros. Set the module availability accordingly.
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
+ Add hidesensitivedata
+ Add cloud-init-cve-2023-1786-redact-inst-data.patch
+ Do not expose sensitive data gathered from the CSP
- Update to version 23.1
+ Remove patches included upstream:
- cloud-init-btrfs-queue-resize.patch
- cloud-init-micro-is-suse.patch
- cloud-init-suse-afternm.patch
- cloud-init-prefer-nm.patch
- cloud-init-transact-up.patch
+ Forward port
- cloud-init-write-routes.patch
+ Added
- cloud-init-fix-ca-test.patch
+ Support transactional-updates for SUSE based distros (#1997)
[Robert Schweikert]
+ Set ownership for new folders in Write Files Module (#1980)
[Jack] (LP: #1990513)
+ add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
+ lxd: Retry if the server isn't ready (#2025)
+ test: switch pycloudlib source to pypi (#2024)
+ test: Fix integration test deprecation message (#2023)
+ Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
+ sources/azure: refactor imds handler into own module (#1977)
[Chris Patterson]
+ docs: deprecation generation support [1/2] (#2013)
+ add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
+ cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
+ Fix minor schema validation regression and fixup typing (#2017)
+ doc: Reword user data debug section (#2019)
+ Overhaul/rewrite of certificate handling as follows: (#1962)
[dermotbradley] (LP: #1931174)
+ disk_setup: use byte string when purging the partition table (#2012)
[Stefan Prietl]
+ cli: schema also validate vendordata*.
+ ci: sort and add checks for cla signers file [Stefan Prietl]
+ Add "ederst" as contributor (#2010) [Stefan Prietl]
+ readme: add reference to packages dir (#2001)
+ docs: update downstream package list (#2002)
+ docs: add google search verification (#2000) [s-makin]
+ docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
+ Fix OpenStack datasource detection on bare metal (#1923)
[Alexander Birkner] (LP: #1815990)
+ docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
+ schema: fix gpt labels, use type string for GUID (#1995)
+ cc_disk_setup: code cleanup (#1996)
+ netplan: keep custom strict perms when 50-cloud-init.yaml exists
+ cloud-id: better handling of change in datasource files
[d1r3ct0r] (LP: #1998998)
+ tests: Remove restart check from test
+ Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
+ Warn on empty network key (#1990)
+ Fix Vultr cloud_interfaces usage (#1986) [eb3095]
+ cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
+ docs: Clarify networking docs (#1987)
+ lint: remove httpretty (#1985) [sxt1001]
+ cc_set_passwords: Prevent traceback when restarting ssh (#1981)
+ tests: fix lp1912844 (#1978)
+ tests: Skip ansible test on bionic (#1984)
+ Wait for NetworkManager (#1983) [Robert Schweikert]
+ docs: minor polishing (#1979) [s-makin]
+ CI: migrate integration-test to GH actions (#1969)
+ Fix permission of SSH host keys (#1971) [Ron Gebauer]
+ Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
+ doc: fix path in net_convert command (#1975)
+ docs: update net_convert docs (#1974)
+ doc: fix dead link
+ cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
(#1967) [Emanuele Giuseppe Esposito]
+ distros/rhel.py: _read_hostname() missing strip on "hostname" (#1941)
[Mark Mielke]
+ integration tests: add IBM VPC support (SC-1352) (#1915)
+ machine-id: set to uninitialized to trigger regeneration on clones
(LP: #1999680)
+ sources/azure: retry on connection error when fetching metdata (#1968)
[Chris Patterson]
+ Ensure ssh state accurately obtained (#1966)
+ bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
+ doc: fix `config formats` link in cloudsigma.rst (#1960)
+ Fix wrong subp syntax in cc_set_passwords.py (#1961)
+ docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
+ ci: switch unittests to gh actions (#1956)
+ Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
+ sources/azure: minor refactor for metadata source detection logic
(#1936) [Chris Patterson]
+ add "CalvoM" as contributor (#1955) [d1r3ct0r]
+ ci: doc to gh actions (#1951)
+ lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
+ docs: Diataxis overhaul (#1933) [s-makin]
+ vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
+ cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
(LP: #1998526)
+ Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
+ network/netplan: add gateways as on-link when necessary (#1931)
[Louis Sautier] (LP: #2000596)
+ tests: test_lxd assert features.networks.zones when present (#1939)
+ Use btrfs enquque when available (#1926) [Robert Schweikert]
+ sources/azure: drop description for report_failure_to_fabric() (#1934)
[Chris Patterson]
+ cc_disk_setup.py: fix MBR single partition creation (#1932)
[dermotbradley] (LP: #1851438)
+ Fix typo with package_update/package_upgrade (#1927) [eb3095]
+ sources/azure: fix device driver matching for net config (#1914)
[Chris Patterson]
+ BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
+ test: mock dns calls (#1922)
+ pycloudlib: add lunar support for integration tests (#1928)
+ nocloud: add support for dmi variable expansion for seedfrom URL
(LP: #1994980)
+ tools: read-version drop extra call to git describe --long
+ doc: improve cc_write_files doc (#1916)
+ read-version: When insufficient tags, use cloudinit.version.get_version
+ mounts: document weird prefix in schema (#1913)
+ add utility function test cases (#1910) [sxt1001]
+ test: mock file deletion in dhcp tests (#1911)
+ Ensure network ready before cloud-init service runs on RHEL (#1893)
(LP: #1998655)
+ docs: add copy button to code blocks (#1890) [s-makin]
+ netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
+ azure: fix support for systems without az command installed (#1908)
+ Networking Clarification (#1892)
+ Fix the distro.osfamily output problem in the openEuler system. (#1895)
[sxt1001] (LP: #1999042)
+ pycloudlib: bump commit dropping azure api smoke test
+ net: netplan config root read-only as wifi config can contain creds
+ autoinstall: clarify docs for users
+ sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
+ Add back gateway4/6 deprecation to docs (#1898)
+ networkd: Add support for multiple [Route] sections (#1868)
[Nigel Kukard]
+ doc: add qemu tutorial (#1863)
+ lint: fix tip-flake8 and tip-mypy (#1896)
+ Add support for setting uid when creating users on FreeBSD (#1888)
[einsibjarni]
+ Fix exception in BSD networking code-path (#1894) [Mina Galić]
+ Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
+ FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
+ feat: add support aliyun metadata security harden mode (#1865)
[Manasseh Zhou]
+ docs: uprate analyze to performance page [s-makin]
+ test: fix lxd preseed managed network config (#1881)
+ Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
+ Make 3.12 failures not fail the build (#1873)
+ Docs: adding relative links [s-makin]
+ Update read-version
+ Fix setup.py to align with PEP 440 versioning replacing trailing
+ travis: promote 3.11-dev to 3.11 (#1866)
+ test_cloud_sigma: delete useless test (#1828) [sxt1001]
+ Add "nkukard" as contributor (#1864) [Nigel Kukard]
+ tests: ds-id mocks for vmware-rpctool as utility may not exist in env
+ doc: add how to render new module doc (#1855)
+ doc: improve module creation explanation (#1851)
+ Add Support for IPv6 metadata to OpenStack (#1805)
[Marvin Vogt] (LP: #1906849)
+ add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
+ network: Deprecate gateway{4,6} keys in network config v2 (#1794)
(LP: #1992512)
+ VMware: Move Guest Customization transport from OVF to VMware (#1573)
[PengpengSun]
+ doc: home page links added (#1852) [s-makin]
From 22.4.2
+ status: handle ds not defined in status.json (#1876) (LP: #1997559)
From 22.4.1
+ net: skip duplicate mac check for netvsc nic and its VF (#1853)
[Anh Vo] (LP: #1844191)
+ ChangeLog: whitespace cleanup (#1850)
+ changelog: capture 22.3.1-4 releases
- Add cloud-init-transact-up.patch to support transactional-updates
- Add cloud-init-prefer-nm.patch
+ Prefer NetworkManager of sysconfig when available
- Update to version 22.4
+ Remove patches included upstream:
- cloud-init-vmware-test.patch
- cloud-init-sysctl-not-in-bin.patch
+ Forward port:
- cloud-init-write-routes.patch
- cloud-init-break-resolv-symlink.patch
- cloud-init-sysconf-path.patch
- cloud-init-no-tempnet-oci.patch
+ Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
+ Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
+ Add cloud-init-suse-afternm.patch
+ test: fix pro integration test [Alberto Contreras]
+ cc_disk_setup: pass options in correct order to utils (#1829)
[dermotbradley]
+ tests: text_lxd basic_preseed verify_clean_log (#1826)
+ docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
+ tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
[Alberto Contreras]
+ tests: test_lxd assert features.storage.buckets when present (#1827)
+ tests: replace missed ansible install-method with underscore (#1825)
+ tests: replace ansible install-method with underscore
+ ansible: standardize schema keys
+ ci: run json tool on 22.04 rather than 20.04 (#1823)
+ Stop using devices endpoint for LXD network config (#1819)
+ apport: address new curtin log and config locations (#1812)
+ cc_grub: reword docs for clarity (#1818)
+ tests: Fix preseed test (#1820)
+ Auto-format schema (#1810)
+ Ansible Control Module (#1778)
+ Fix last reported event possibly not being sent (#1796) (LP: #1993836)
+ tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
+ udevadm settle should handle non-udev system gracefully (#1806)
[dermotbradley]
+ add mariner support (#1780) [Minghe Ren]
+ Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
+ adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
+ Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
+ Update .github-cla-signers (#1811) [Guillaume Gay]
+ alpine.py: Add Alpine-specific manage_service function and update tests
(#1804) [dermotbradley]
+ test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
+ add NWCS datasource (#1793) [shell-skrimp]
+ Adding myself as CLA signer (#1799) [s-makin]
+ apport: fix some data collection failures due to symlinks (#1797)
[Dan Bungert]
+ read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
+ lxd: add support for lxd preseed config(#1789)
+ Enable hotplug for LXD datasource (#1787)
+ cli: collect logs and apport subiquity support
+ add support for Container-Optimized OS (#1748) [vteratipally]
+ test: temporarily disable failing integration test (#1792)
+ Fix LXD/nocloud detection on lxd vm tests (#1791)
+ util: Implement __str__ and __iter__ for Version (#1790)
+ cc_ua: consume ua json api for enable commands [Alberto Contreras]
+ Add clarity to cc_final_message docs (#1788)
+ cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
+ make Makefile make agnostic (#1786) [Mina Galić]
+ Remove hardcoding and unnecessary overrides in Makefile (#1783)
[Joseph Mingrone]
+ Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
+ Temporarily remove broken test (#1781)
+ Create reference documentation for base config
+ cc_ansible: add support for galaxy install (#1736)
+ distros/manage_services: add support to disable service (#1772)
[Mina Galić] (LP: #1991024)
+ OpenBSD: remove pkg_cmd_environ function (#1773)
[Mina Galić] (LP: 1991567)
+ docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
+ tests: Use LXD metadata to determine NoCloud status (#1776)
+ analyze: use init-local as start of boot record (#1767) [Chris Patterson]
+ docs: use opensuse for distro name in package doc (#1771)
+ doc: clarify packages as dev only (#1769) [Alberto Contreras]
+ Distro manage service: Improve BSD support (#1758)
[Mina Galić] (LP: #1990070)
+ testing: check logs for critical errors (#1765) [Chris Patterson]
+ cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
+ doc: Add configuration explanation (SC-1169)
+ Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
+ style: prefer absolute imports over relative imports [Mina Galić]
+ tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
+ cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
+ apt configure: sources write/append mode (#1738)
[Fabian Lichtenegger-Lukas]
+ networkd: Add test and improve typing. (#1747) [Alberto Contreras]
+ pycloudlib: bump commit for gce cpu architecture support (#1750)
+ commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
+ testing: workaround LXD vendor data (#1740)
+ support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
+ tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
+ cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
[Alberto Contreras]
+ Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
+ testing: focal lxd datasource discovery (#1734)
+ cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
+ docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
+ net: set dhclient lease and pid files (#1715)
+ cli: status machine-readable output --format yaml/json (#1663)
(LP: #1883122)
+ tests: Simplify does_not_raise (#1731) [Alberto Contreras]
+ Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
+ testing: LXD datasource now supported on Focal (#1732)
+ Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
+ sources/azure: ensure instance id is always correct (#1727)
[Chris Patterson]
+ azure: define new attribute for pre-22.3 pickles (#1725)
+ doc: main page Diátaxis rewording (SC-967) (#1701)
+ ubuntu advantage: improved idempotency, enable list is now strict
+ [Fabian Lichtenegger-Lukas]
+ test: bump pycloudlib (#1724) [Alberto Contreras]
+ cloud.cfg.tmpl: make sure "centos" settings are identical to "rhel"
(#1639) [Emanuele Giuseppe Esposito]
+ lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
+ Update docs according to ad8f406a (#1719)
+ testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
+ doc: Fix rtd builds. (#1718) [Alberto Contreras]
+ testing: fully mock noexec calls (#1717) [Alberto Contreras]
+ typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
+ Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
+ config: enable bootstrapping pip in ansible (#1707)
+ Fix cc_chef typing issue (#1716)
+ Refactor instance json files to use Paths (SC-1238) (#1709)
+ tools: read-version check GITHUB_REF and git branch --show-current
(#1677)
+ net: Ensure a tmp with exec permissions for dhcp (#1690)
[Alberto Contreras] (LP: #1962343)
+ testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
+ Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
+ doc: add reporting suggestion to FAQ (SC-1236) (#1698)
From 22.3
+ sources: obj.pkl cache should be written anyime get_data is run (#1669)
+ schema: drop release number from version file (#1664)
+ pycloudlib: bump to quiet azure HTTP info logs (#1668)
+ test: fix wireguard integration tests (#1666)
+ Github is deprecating the 18.04 runner starting 12.1 (#1665)
+ integration tests: Ensure one setup for all tests (#1661)
+ tests: ansible test fixes (#1660)
+ Prevent concurrency issue in test_webhook_hander.py (#1658)
+ Workaround net_setup_link race with udev (#1655) (LP: #1983516)
+ test: drop erroneous lxd assertion, verify command succeeded (#1657)
+ Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
+ sources/azure: handle network unreachable errors for savable PPS (#1642)
[Chris Patterson]
+ Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
+ test: Collect integration test time by default (#1638)
+ test: Drop forced package install hack in lxd integration test (#1649)
+ schema: Resolve user-data if --system given (#1644)
[Alberto Contreras] (LP: #1983306)
+ test: use fake filesystem to avoid file removal (#1647)
[Alberto Contreras]
+ tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
+ config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
+ tests: can run without azure-cli, tests expect inactive ansible (#1643)
+ typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
+ testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
+ ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
+ schema: Enable deprecations in cc_update_etc_hosts (#1631)
[Alberto Contreras]
+ Add Ansible Config Module (#1579)
+ util: Support Idle process state in get_proc_ppid() (#1637)
+ schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
+ schema: Enable deprecations in cc_users_groups (#1627)
[Alberto Contreras]
+ util: Fix error path and parsing in get_proc_ppid()
+ main: avoid downloading full contents cmdline urls (#1606)
[Alberto Contreras] (LP: #1937319)
+ schema: Enable deprecations in cc_scripts_vendor (#1629)
[Alberto Contreras]
+ schema: Enable deprecations in cc_set_passwords (#1630)
[Alberto Contreras]
+ sources/azure: add experimental support for preprovisioned os disks
(#1622) [Chris Patterson]
+ Remove configobj a_to_u calls (#1632) [Stefano Rivera]
+ cc_debug: Drop this module (#1614) [Alberto Contreras]
+ schema: add aggregate descriptions in anyOf/oneOf (#1636)
+ testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
+ testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
+ testing: add support for pycloudlib's pro images (#1604)
[Alberto Contreras]
+ testing: migrate test_cc_set_passwords to pytest (#1615)
[Alberto Contreras]
+ network: add system_info network activator cloud.cfg overrides (#1619)
(LP: #1958377)
+ docs: Align git remotes with uss-tableflip setup (#1624)
[Alberto Contreras]
+ testing: cover active config module checks (#1609) [Alberto Contreras]
+ lxd: lvm avoid thinpool when kernel module absent
+ lxd: enable MTU configuration in cloud-init
+ doc: pin doc8 to last passing version
+ cc_set_passwords fixes (#1590)
+ Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
+ config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
+ config: define activate_by_schema_keys for p-r mods (#1611)
[Alberto Contreras]
+ clean: add param to remove /etc/machine-id for golden image creation
+ config: define `activate_by_schema_keys` for a-f mods (#1608)
[Alberto Contreras]
+ config: define activate_by_schema_keys for s mods (#1612)
[Alberto Contreras]
+ sources/azure: reorganize tests for network config (#1586)
+ [Chris Patterson]
+ config: Define activate_by_schema_keys for g-n mods (#1610)
[Alberto Contreras]
+ meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
+ sources/azure: don't set cfg["password"] for default user pw (#1592)
[Chris Patterson]
+ schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
+ docs: clarify user password purposes (#1593)
+ cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
+ archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
+ cc_ubuntu_autoinstall: support live-installer autoinstall config
+ clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
+ sources/azure: refactor chassis asset tag handling (#1574)
[Chris Patterson]
+ Add "netcho" as contributor (#1591) [Kaloyan Kotlarski]
+ testing: drop impish support (#1596) [Alberto Contreras]
+ black: fix missed formatting issue which landed in main (#1594)
+ bsd: Don't assume that root user is in root group (#1587)
+ docs: Fix comment typo regarding use of packages (#1582)
[Peter Mescalchin]
+ Update govc command in VMWare walkthrough (#1576) [manioo8]
+ Update .github-cla-signers (#1588) [Daniel Mullins]
+ Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
+ sources/azure: increase read-timeout to 60 seconds for wireserver
(#1571) [Chris Patterson]
+ Resource leak cleanup (#1556)
+ testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
+ Fix expire passwords for hashed passwords (#1577)
[Sadegh Hayeri] (LP: #1979065)
+ mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
+ Update chpasswd schema to deprecate password parsing (#1517)
+ tox: Remove entries from default envlist (#1578) (LP: #1980854)
+ tests: add test for parsing static dns for existing devices (#1557)
[Jonas Konrad]
+ testing: port cc_ubuntu_advantage test to pytest (#1559)
[Alberto Contreras]
+ Schema deprecation handling (#1549) [Alberto Contreras]
+ Enable pytest to run in parallel (#1568)
+ sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
+ schema: Force stricter validation (#1547)
+ ubuntu advantage config: http_proxy, https_proxy (#1512)
[Fabian Lichtenegger-Lukas]
+ net: fix interface matching support (#1552) (LP: #1979877)
+ Fuzz testing jsonchema (#1499) [Alberto Contreras]
+ testing: Wait for changed boot-id in test_status.py (#1548)
+ CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
+ Typo fix (#1560) [Jaime Hablutzel]
+ tests: mock dns lookup that causes long timeouts (#1555)
+ tox: add unpinned env for do_format and check_format (#1554)
+ cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
+ Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
+ Update WebHookHandler to run as background thread (SC-456) (#1491)
(LP: #1910552)
+ testing: Don't run custom cloud dir test on Bionic (#1542)
+ bash completion: update schema command (#1543) (LP: #1979547)
+ CI: add non-blocking run against the linters tip versions (#1531)
[Paride Legovini]
+ Change groups within the users schema to support lists and strings
(#1545) [RedKrieg]
+ make it clear which username should go in the contributing doc (#1546)
+ Pin setuptools for Travis (SC-1136) (#1540)
+ Fix LXD datasource crawl when BOOT enabled (#1537)
+ testing: Fix wrong path in dual stack test (#1538)
+ cloud-config: honor cloud_dir setting (#1523)
[Alberto Contreras] (LP: #1976564)
+ Add python3-debconf to pkg-deps.json Build-Depends (#1535)
[Alberto Contreras]
+ redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
(#1536)
+ tests/azure: add test coverage for DisableSshPasswordAuthentication
(#1534) [Chris Patterson]
+ summary: Add david-caro to the cla signers (#1527) [David Caro]
+ Add support for OpenMandriva (https://openmandriva.org/) (#1520)
[Bernhard Rosenkraenzer]
+ tests/azure: refactor ovf creation (#1533) [Chris Patterson]
+ Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
+ tox: integration-tests-jenkins: softfail if only some test failed
(#1528) [Paride Legovini]
+ CI: drop linters from Travis CI (moved to GH Actions) (#1530)
[Paride Legovini]
+ sources/azure: remove unused encoding support for customdata (#1526)
[Chris Patterson]
+ sources/azure: remove unused metadata captured when parsing ovf (#1524)
[Chris Patterson]
+ sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
[Chris Patterson]
+ Remove extra space from ec2 dual stack crawl message (#1521)
+ tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
[Chris Patterson]
+ setup.py: adjust udev/rules default path (#1513)
[Emanuele Giuseppe Esposito]
+ Add python3-deconf dependency (#1506) [Alberto Contreras]
+ Change match macadress param for network v2 config (#1518)
[Henrique Caricatti Capozzi]
+ sources/azure: remove unused userdata property from ovf (#1516)
[Chris Patterson]
+ sources/azure: minor refactoring to network config generation (#1497)
[Chris Patterson]
+ net: Implement link-local ephemeral ipv6
+ Rename function to avoid confusion (#1501)
+ Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
+ datasources: replace networking functions with stdlib and cloudinit.net
+ code
+ Remove xenial references (#1472) [Alberto Contreras]
+ Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
+ improve runcmd docs (#1498)
+ add 3.11-dev to Travis CI (#1493)
+ Only run github actions on pull request (#1496)
+ Fix integration test client creation (#1494) [Alberto Contreras]
+ tox: add link checker environment, fix links (#1480)
+ cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
+ cc_yum_add_repo: Fix repo id canonicalization (#1489)
[Alberto Contreras] (LP: #1975818)
+ Add linitio as contributor in the project (#1488) [Kevin Allioli]
+ net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
(LP: #1975907)
+ test_schema: no relative $ref URLs, replace $ref with local path (#1486)
+ cc_set_hostname: do not write "localhost" when no hostname is given
+ (#1453) [Emanuele Giuseppe Esposito]
+ Update .github-cla-signers (#1478) [rong]
+ schema: write_files defaults, versions $ref full URL and add vscode
(#1479)
+ docs: fix external links, add one more to the list (#1477)
+ doc: Document how to change module frequency (#1481)
+ tests: bump pycloudlib (#1482)
+ tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
+ testing: fix test_status.py (#1475)
+ integration tests: If KEEP_INSTANCE = True, log IP (#1473)
+ Drop mypy excluded files (#1454) [Alberto Contreras]
+ Docs additions (#1470)
+ Add "formatting tests" to Github Actions
+ Remove unused arguments in function signature (#1471)
+ Changelog: correct errant classification of LP issues as GH (#1464)
+ Use Network-Manager and Netplan as default renderers for RHEL and Fedora
(#1465) [Emanuele Giuseppe Esposito]
From 22.2
+ Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
+ Align rhel custom files with upstream (#1431)
[Emanuele Giuseppe Esposito]
+ cc_write_files: Improve schema. (#1460) [Alberto Contreras]
+ cli: Redact files with permission errors in commands (#1440)
+ [Alberto Contreras] (LP: #1953430)
+ Improve cc_set_passwords. (#1456) [Alberto Contreras]
+ testing: make fake cloud-init wait actually wait (#1459)
+ Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
[Maxime Corbin]
+ Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
+ schema: version schema-cloud-config-v1.json (#1424)
+ cc_modules: set default meta frequency value when no config available
(#1457)
+ Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
+ cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
[Alberto Contreras]
+ Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
+ testing: Fix console_log tests (#1437)
+ tests: cc_set_passoword update for systemd, non-systemd distros (#1449)
+ Fix bug in url_helper/dual_stack() logging (#1426)
+ schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
+ testing: Make integration tests kinetic friendly (#1441)
+ Handle error if SSH service no present. (#1422)
[Alberto Contreras] (LP: #1969526)
+ Fix network-manager activator availability and order (#1438)
+ sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
+ upstart: drop vestigial support for upstart (#1421)
+ testing: Ensure NoCloud detected in test (#1439)
+ Update .github-cla-signers kallioli [Kevin Allioli]
+ Consistently strip top-level network key (#1417) (LP: #1906187)
+ testing: Fix LXD VM metadata test (#1430)
+ testing: Add NoCloud setup for NoCloud test (#1425)
+ Update linters and adapt code for compatibility (#1434) [Paride Legovini]
+ run-container: add support for LXD VMs (#1428) [Paride Legovini]
+ integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
+ Fix NoCloud docs (#1423)
+ Docs fixes (#1406)
+ docs: Add docs for module creation (#1415)
+ Remove cheetah from templater (#1416)
+ tests: verify_ordered_items fallback to re.escape if needed (#1420)
+ Misc module cleanup (#1418)
+ docs: Fix doc warnings and enable errors (#1419)
[Alberto Contreras] (LP: #1876341)
+ Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
[Alberto Contreras] (LP: #1874875)
+ Don't fail if IB and Ethernet devices 'collide' (#1411)
+ Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
+ Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
+ Promote cloud-init schema from devel to top level subcommand (#1402)
+ mypy: disable missing imports warning for httpretty (#1412)
[Chris Patterson]
+ users: error when home should not be created AND ssh keys provided
[Jeffrey 'jf' Lim]
+ Allow growpart to resize encrypted partitions (#1316)
+ Fix typo in integration_test.rst (#1405) [Alberto Contreras]
+ cloudinit.net refactor: apply_network_config_names (#1388)
[Alberto Contreras] (LP: #1884602)
+ tests/azure: add fixtures for hardcoded paths (markers and data_dir)
(#1399) [Chris Patterson]
+ testing: Add responses workaround for focal/impish (#1403)
+ cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
+ Fix ds-identify not detecting NoCloud seed in config (#1381)
(LP: #1876375)
+ sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
+ Move notes about refactorization out of CONTRIBUTING.rst (#1389)
+ Shave ~8ms off generator runtime (#1387)
+ Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
+ schema: module example strict testing fix seed_random
+ cc_set_hostname: examples small typo (perserve vs preserve)
[Wouter Schoot]
+ sources/azure: refactor http_with_retries to remove **kwargs (#1392)
[Chris Patterson]
+ declare dependency on ssh-import-id (#1334)
+ drop references to old dependencies and old centos script
+ sources/azure: only wait for primary nic to be attached during restore
(#1378) [Anh Vo]
+ cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
+ Network functions refactor and bugfixes (#1383)
+ schema: add JSON defs for modules cc_users_groups (#1379)
(LP: #1858930)
+ Fix doc typo (#1382) [Alberto Contreras]
+ Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
+ Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
+ Return a namedtuple from subp() (#1376)
+ Mypy stubs and other tox maintenance (SC-920) (#1374)
+ Distro Compatibility Fixes (#1375)
+ Pull in Gentoo patches (#1372)
+ schema: add json defs for modules U-Z (#1360)
(LP: #1858928, #1858929, #1858931, #1858932)
+ util: atomically update sym links to avoid Suppress FileNotFoundError
+ when reading status (#1298) [Adam Collard] (LP: #1962150)
+ schema: add json defs for modules scripts-timezone (SC-801) (#1365)
+ docs: Add first tutorial (SC-900) (#1368)
+ BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
(#1340) [Andrew Lee] (LP: #1473527)
+ add arch hosts template (#1371)
+ ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
(#1370) (LP: #1968085)
+ Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
+ schema: add json defs for modules e-install (SC-651) (#1366)
+ Improve "(no_create_home|system): true" test (#1367) [Jeffrey 'jf' Lim]
+ Expose https_proxy env variable to ssh-import-id cmd (#1333)
[Michael Rommel]
+ sources/azure: remove bind/unbind logic for hot attached nic (#1332)
[Chris Patterson]
+ tox: add types-* packages to check_format env (#1362)
+ tests: python 3.10 is showing up in cloudimages (#1364)
+ testing: add additional mocks to test_net tests (#1356) [yangzz-97]
+ schema: add JSON schema for mcollective, migrator and mounts modules
(#1358)
+ Honor system locale for RHEL (#1355) [Wei Shi]
+ doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
+ ds-identify: also discover LXD by presence from DMI board_name = LXD
(#1311)
+ black: bump pinned version to 22.3.0 to avoid click dependency issues
(#1357)
+ Various doc fixes (#1330)
+ testing: Add missing is_FreeBSD mock to networking test (#1353)
+ Add --no-update to add-apt-repostory call (SC-880) (#1337)
+ schema: add json defs for modules K-L (#1321)
(LP: #1858899, #1858900, #1858901, #1858902)
+ docs: Re-order readthedocs install (#1354)
+ Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
[Jeffrey 'jf' Lim]
+ docs: add jinja2 pin (#1352)
+ Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
+ sources/azure: move get_ip_from_lease_value out of shim (#1324)
[Chris Patterson]
+ Fix cloud-init status --wait when no datasource found (#1349)
(LP: #1966085)
+ schema: add JSON defs for modules resize-salt (SC-654) (#1341)
+ Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
+ Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
+ add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
+ file (#1335) [yangzz-97]
+ Fix sysconfig render when set-name is missing (#1327)
[Andrew Kutz] (LP: #1855945)
+ Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
+ url_helper: add tuple support for readurl timeout (#1328)
[Chris Patterson]
+ Make fs labels match for ds-identify and docs (#1329)
+ Work around bug in LXD VM detection (#1325)
+ Remove redundant generator logs (#1318)
+ tox: set verbose flags for integration tests (#1323) [Chris Patterson]
+ net: introduce find_candidate_nics() (#1313) [Chris Patterson]
+ Revert "Ensure system_cfg read before ds net config on Oracle (#1174)"
(#1326)
+ Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
+ Make VMWare data source test host independent and expand testing (#1308)
[Robert Schweikert]
+ Add json schemas for modules starting with P
+ sources/azure: remove lease file parsing (#1302) [Chris Patterson]
+ remove flaky test from ci (#1322)
+ ci: Switch to python 3.10 in Travis CI (#1320)
+ Better interface handling for Vultr, expect unexpected DHCP servers
(#1297) [eb3095]
+ Remove unused init local artifact (#1315)
+ Doc cleanups (#1317)
+ docs improvements (#1312)
+ add support for jinja do statements, add unit test (#1314)
[Paul Bruno] (LP: #1962759)
+ sources/azure: prevent tight loops for DHCP retries (#1285)
[Chris Patterson]
+ net/dhcp: surface type of DHCP lease failure to caller (#1276)
[Chris Patterson]
+ Stop hardcoding systemctl location (#1278) [Robert Schweikert]
+ Remove python2 syntax from docs (#1310)
+ [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
[Adam Collard]
+ redhat: Depend on "hostname" package (#1288) [Lubomir Rintel]
+ Add native NetworkManager support (#1224) [Lubomir Rintel]
+ Fix link in CLA check to point to contribution guide. (#1299)
[Adam Collard]
+ check for existing symlink while force creating symlink (#1281)
[Shreenidhi Shedi]
+ Do not silently ignore integer uid (#1280) (LP: #1875772)
+ tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
+ Integration test fix ppa (#1296)
+ tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
+ test_ppa_source: accept both http and https URLs (#1292)
[Paride Legovini]
+ Fix apt test on azure
+ add "lkundrak" as contributor [Lubomir Rintel]
+ Holmanb/integration test fix ppa (#1287)
+ Include missing subcommand in manpage (#1279)
+ Clean up artifacts from pytest, packaging, release with make clean
(#1277)
+ sources/azure: ensure retries on IMDS request failure (#1271)
[Chris Patterson]
+ sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
+ integration tests: fix Azure failures (#1269)
From 22.1
+ sources/azure: report ready in local phase (#1265) [Chris Patterson]
+ sources/azure: validate IMDS network configuration metadata (#1257)
[Chris Patterson]
+ docs: Add more details to runcmd docs (#1266)
+ use PEP 589 syntax for TypeDict (#1253)
+ mypy: introduce type checking (#1254) [Chris Patterson]
+ Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
+ tests: when generating crypted password, generate in target env (#1252)
+ sources/azure: address mypy/pyright typing complaints (#1245)
[Chris Patterson]
+ Docs for x-shellscript* userdata (#1260)
+ test_apt_security: azure platform has specific security URL overrides
(#1263)
+ tests: lsblk --json output changes mountpoint key to mountpoinst []
(#1261)
+ mounts: fix mount opts string for ephemeral disk (#1250)
[Chris Patterson]
+ Shell script handlers by freq (#1166) [Chris Lalos]
+ minor improvements to documentation (#1259) [Mark Esler]
+ cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
+ add "eslerm" as contributor (#1258) [Mark Esler]
+ sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
+ bump pycloudlib (#1256)
+ sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
(#1251) [Markus Schade]
+ bump pycloudlib version (#1255)
+ Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
+ sources/azure: drop debug print (#1249) [Chris Patterson]
+ tests: do not check instance.pull_file().ok() (#1246)
+ sources/azure: consolidate ephemeral DHCP configuration (#1229)
[Chris Patterson]
+ cc_salt_minion freebsd fix for rc.conf (#1236)
+ sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
[Chris Patterson]
+ Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
+ testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
+ Integration test changes (#1240)
+ Fix Gentoo Locales (#1205)
+ Add "slingamn" as contributor (#1235) [Shivaram Lingamneni]
+ integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
+ Integration testing docs and refactor (#1231)
+ vultr: Return metadata immediately when found (#1233) [eb3095]
+ spell check docs with spellintian (#1223)
+ docs: include upstream python version info (#1230)
+ Schema a d (#1211)
+ Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
+ fix parallel tox execution (#1214)
+ sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
[Chris Patterson]
+ Do not support setting up archive.canonical.com as a source (#1219)
[Steve Langasek] (LP: #1959343)
+ Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
+ sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
(#1206) [Chris Patterson]
+ update ssh logs to show ssh private key gens pub and simplify code
(#1221) [Steve Weber]
+ Remove mitechie from stale PR github action (#1217)
+ Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
+ Add json parsing of ip addr show (SC-723) (#1210)
+ cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
+ Update .github-cla-signers (#1204) [Chris Lalos]
+ sources/azure: drop unused case in _report_failure() (#1200)
[Chris Patterson]
+ sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
[Chris Patterson]
+ Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
+ sources/azure: unpack ret tuple in crawl_metadata() (#1194)
[Chris Patterson]
+ tests: focal caplog has whitespace indentation for multi-line logs
(#1201)
+ Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
+ integration: test against the Ubuntu daily images (#1198)
[Paride Legovini]
+ cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
+ tox: pass PYCLOUDLIB_* env vars into integration tests when present
(#1196)
+ sources/azure: set ovf_is_accessible when OVF is read successfully
(#1193) [Chris Patterson]
+ Enable OVF environment transport via ISO in example (#1195) [Megian]
+ sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
(#1190) [Chris Patterson]
+ Single JSON schema validation in early boot (#1175)
+ Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
[Megian]
+ testing: support pycloudlib config file (#1189)
+ Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
(LP: #1956788)
+ Test Optimization Proposal (SC-736) (#1188)
+ cli: cloud-id report not-run or disabled state as cloud-id (#1162)
+ Remove distutils usage (#1177) [Shreenidhi Shedi]
+ add .python-version to gitignore (#1186)
+ print error if datasource import fails (#1170)
[Emanuele Giuseppe Esposito]
+ Add new config module to set keyboard layout (#1176)
[maxnet] (LP: #1951593)
+ sources/azure: rename metadata_type -> MetadataType (#1181)
[Chris Patterson]
+ Remove 3.5 and xenial support (SC-711) (#1167)
+ tests: mock LXD datasource detection in ds-identify on LXD containers
(#1178)
+ pylint: silence errors on compat code for old jsonschema (#1172)
[Paride Legovini]
+ testing: Add 3.10 Test Coverage (#1173)
+ Remove unittests from integration test job in travis (#1141)
+ Don't throw exceptions for empty cloud config (#1130)
+ bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
+ sources/azure: do not persist failed_desired_api_version flag (#1159)
[Chris Patterson]
+ Update cc_ubuntu_advantage calls to assume-yes (#1158)
[John Chittum] (LP: #1954842)
+ openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
+ Add .git-blame-ignore-revs (#1161)
+ Adopt Black and isort (SC-700) (#1157)
+ Include dpkg frontend lock in APT_LOCK_FILES (#1153)
+ tests/cmd/query: fix test run as root and add coverage for defaults
(#1156) [Chris Patterson] (LP: #1825027)
+ Schema processing changes (SC-676) (#1144)
+ Add dependency workaround for impish in bddeb (#1148)
+ netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
+ find_devs_with_openbsd: ensure we return the last entry (#1149)
[Gonéri Le Bouder]
+ sources/azure: remove unnecessary hostname bounce (#1143)
[Chris Patterson]
+ find_devs/openbsd: accept ISO on disk (#1132)
[Gonéri Le Bouder]
+ Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
+ add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
+ travis - don't run integration tests if no deb (#1139)
+ factor out function for getting top level directory of cloudinit (#1136)
+ testing: Add deterministic test id (#1138)
+ mock sleep() in azure test (#1137)
+ Add miraclelinux support (#1128) [Haruki TSURUMOTO]
+ docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
+ Add Strict Metaschema Validation (#1101)
+ update dead link (#1133)
+ cloudinit/net: handle two different routes for the same ip (#1124)
[Emanuele Giuseppe Esposito]
+ docs: pin mistune dependency (#1134)
+ Reorganize unit test locations under tests/unittests (#1126)
+ Fix exception when no activator found (#1129) (LP: #1948681)
+ jinja: provide and document jinja-safe key aliases in instance-data
(SC-622) (#1123)
+ testing: Remove date from final_message test (SC-638) (#1127)
+ Move GCE metadata fetch to init-local (SC-502) (#1122)
+ Fix missing metadata routes for vultr (#1125) [eb3095]
+ cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
(#1081) [dermotbradley]
+ sources/azure: remove unused remnants related to agent command (#1119)
[Chris Patterson]
+ github: update PR template's contributing URL (#1120) [Chris Patterson]
+ docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
+ testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
+ Fix Vultr timeout and wait values (#1113) [eb3095]
+ lxd: add preference for LXD cloud-init.* config keys over user keys
(#1108)
+ VMware: source /etc/network/interfaces.d/* on Debian
[chengcheng-chcheng] (LP: #1950136)
+ Add cjp256 as contributor (#1109) [Chris Patterson]
+ integration_tests: Ensure log directory exists before symlinking to it
(#1110)
+ testing: add growpart integration test (#1104)
+ integration_test: Speed up CI run time (#1111)
+ Some miscellaneous integration test fixes (SC-606) (#1103)
+ tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
+ Add convenience symlink to integration test output (#1105)
+ Fix for set-name bug in networkd renderer (#1100)
[Andrew Kutz] (LP: #1949407)
+ Wait for apt lock (#1034) (LP: #1944611)
+ testing: stop chef test from running on openstack (#1102)
+ alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
- cloud-regionsrv-client
-
- Update to version 10.1.2 (bsc#1211282)
+ Properly handle Ipv6 when checking update server responsiveness. If not
available fall back and use IPv4 information
+ Use systemd_ordered to allow use in a container without pulling systemd
into the container as a requirement
- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
+ Clean up the system if baseproduct registraion fails to leave the
system in prestine state
+ Log when the registercloudguest command is invoked with --clean
- containerd
-
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
(bsc#1210298)
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.6.20>
- cronie
-
- Allow to define the logger info and warning priority, fixes
jsc#PED-2551
* run-crons
* sysconfig.cron
- cups
-
- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
"use-after-free in cupsdAcceptClient()"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
bsc#1212230
- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
"Heap buffer overflow in cupsd"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
bsc#1211643
- curl
-
- Security fix: [bsc#1213237, CVE-2023-32001]
* fopen race condition: libcurl can be told to save cookie,
HSTS and/or alt-svc data to files. When doing this, it
called 'stat()' followed by 'fopen()' in a way that made
it vulnerable to a TOCTOU race condition problem.
* Add curl-CVE-2023-32001.patch
- Security fixes:
* [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
fingerprint check.
- Add curl-CVE-2023-28319.patch
* [bsc#1211231, CVE-2023-28320] siglongjmp race condition
- Add curl-CVE-2023-28320.patch
* [bsc#1211232, CVE-2023-28321] IDN wildcard matching
- Add curl-CVE-2023-28321.patch
* [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
- Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
* Rebase curl-secure-getenv.patch
* Remove patches fixed in the update:
- curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
- curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
- curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
- curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
- curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
- curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
- curl-CVE-2022-27774-disabletest-1568.patch
- curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
- curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
- curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
- curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
- curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
- curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
* Bugfixes:
- fix crash in curl_easy_cleanup
- Update to 8.0.0:
* Security fixes:
- TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
- SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
- FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
- GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
- HSTS double-free [bsc#1209213, CVE-2023-27537]
- SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
* Changes:
- build: remove support for curl_off_t < 8 bytes
* Bugfixes:
- aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
- BINDINGS: add Fortran binding
- cf-socket: use port 80 when resolving name for local bind
- cookie: don't load cookies again when flushing
- curl_path: create the new path with dynbuf
- CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
- DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
- ftp: active mode with SSL, add the filter
- hostip: avoid sscanf and extra buffer copies
- http2: fix for http2-prior-knowledge when reusing connections
- http2: fix handling of RST and GOAWAY to recognize partial transfers
- http: don't send 100-continue for short PUT requests
- http: fix unix domain socket use in https connects
- libssh: use dynbuf instead of realloc
- ngtcp2-gnutls.yml: bump to gnutls 3.8.0
- sectransp: make read_cert() use a dynbuf when loading
- telnet: only accept option arguments in ascii
- telnet: parse telnet options without sscanf
- url: fix the SSH connection reuse check
- url: only reuse connections with same GSS delegation
- urlapi: '%' is illegal in host names
- ws: keep the socket non-blocking
* Rebase libcurl-ocloexec.patch
- dbus-1
-
- Sometimes unprivileged users were able to crash dbus-daemon
(CVE-2023-34969, bsc#1212126)
* fix-upstream-CVE-2023-34969.patch
- docker
-
- Update to Docker 23.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
(the uapi headers in SLE-12 are too old).
+ 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
- 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
- Update to Docker 23.0.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 23.0.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
- 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
built without internet access in OBS.
+ cli-0001-docs-include-required-tools-in-source-tree.patch
- dracut
-
- Update to version 055+suse.344.g3d5cd8fb:
* fix(dracut-install): continue parsing if ldd prints "cannot execute binary file" (bsc#1212662)
- Update to version 055+suse.342.g2e6dce8e:
fips=1 and separate /boot break s390x (bsc#1204478):
* fix(fips): move fips-boot script to pre-pivot
* fix(fips): only unmount /boot if it was mounted by the fips module
* feat(fips): add progress messages
* fix(fips): do not blindly remove /boot
* fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
- firewalld
-
- Fix firewalld does not longer understand IPv4 network masks
of type `255.255.255.0`
Added following patch (boo#1212974)
[+ 0004-fix_rich_source_address_with_netmask.patch]
- fonts-config
-
- get the homedir from getpwuid when no $ENV{"HOME"} set
- added patches
fix bsc#1210700
+ fonts-config-homedir-getpwuid.patch
- gawk
-
- format-tree-positional-arg.patch: Validate index into argument list
(CVE-2023-4156, bsc#1214025)
- glibc
-
- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
(bsc#1211828, BZ #30527)
- ulp-prologue-into-asm-functions.patch: Add support for livepatches
in ASM written functions (bsc#1211726)
- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
is unset (bsc#1209229, BZ #30235)
- Exclude static archives from preparation for live patching (bnc#1208721)
- grub2
-
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
* 0001-ieee1275-implement-vec5-for-cas-negotiation.patch
* 0002-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
* 0003-kern-ieee1275-init-Extended-support-in-Vec5.patch
- hwinfo
-
- avoid linking problems with libsamba (bsc#1212756)
- 21.85
- issue-generator
-
- Update to version 1.13
- SELinux: Do not call agetty --reload [bsc#1186178]
- Update to version 1.12
- Update manual page
- Use python3 instead of python 2.x
- Update to version 1.11
- Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
- Ignore /run/issue.d in issue-generator.path, else issue-generator will
be called too fast too often [bsc#1177865]
- Ignore *.bak, *~ and *.rpm* files [bsc#1118862]
- Handle the .path unit in scriptlets as well
- Update to version 1.10
- Display wlan interfaces [bsc#1169070]
- Update to version 1.9
- Fix path for systemd files
- Update to version 1.8
- Handle network interface renames
- kbd
-
- Add 'ara' vc keymap (bsc#1210702)
'ara' is slightly better than 'arabic' as it matches the name of its x11
layout counterpart. Keep 'arabic' for backward compatibility sake.
- kernel-default
-
- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 90a74a8
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
Handle the newly added SBPB feature correctly when run in hypervisor
context and interept an MSR write.
- commit ef9889a
- Update config files.
We want SRSO mitigation on by default
- commit acc813b
- Input: iqs269a - do not poll during ATI (git-fixes).
- commit 5bdf465
- Input: iqs269a - do not poll during suspend or resume
(git-fixes).
- commit 467fdbf
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
(git-fixes).
- commit 0922201
- relayfs: fix out-of-bounds access in relay_file_read
(bsc#1212502 CVE-2023-3268).
- commit 9c2a6e6
- can: af_can: fix NULL pointer dereference in can_rcv_filter
(bsc#1210627 CVE-2023-2166).
- commit e89fee8
- s390: introduce nospec_uses_trampoline() (git-fixes
bsc#1213870).
- commit c2ccf75
- s390/ipl: add missing intersection check to ipl_report handling
(git-fixes bsc#1213871).
- commit 8806556
- Move upstreamed sound patch into sorted sectoin
- commit 8a29738
- blacklist.conf: has non-trivial dependencies
- commit 0c7dbe0
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- commit 66f8c8e
- KVM: s390: pv: fix index value of replaced ASCE (git-fixes
bsc#1213867).
- commit e789a10
- s390/decompressor: specify __decompress() buf len to avoid
overflow (git-fixes bsc#1213863).
- commit 59015c6
- libceph: harden msgr2.1 frame segment length checks
(bsc#1213857).
- ceph: don't let check_caps skip sending responses for revoke
msgs (bsc#1213856).
- commit 9052bbe
- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- commit 222f2a2
- Update config files: set CONFIG_GDS_FORCE_MITIGATION=n
- commit f04be94
- bpf: add missing header file include (bsc#1211738
CVE-2023-0459).
- commit 1ccaaad
- Drop the recent USB gadget fix patches
The recent USB gadget fix patches look dubious and likely leading to
locking problem. Drop them for now until we get the proper backports
Deleted:
patches.suse/usb-gadget-core-remove-unbalanced-mutex_unlock-in-us.patch
patches.suse/usb-gadget-udc-core-Offload-usb_udc_vbus_handler-pro.patch
patches.suse/usb-gadget-udc-core-Prevent-soft_connect_store-race.patch
- commit d9bbe1b
- block: Fix a source code comment in
include/uapi/linux/blkzoned.h (git-fixes).
- commit 8349665
- blacklist.conf: cleanup
- commit fb32f77
- blacklist.conf: cleanup
- commit 4a72f90
- scftorture: Count reschedule IPIs (git-fixes).
- commit e88bc8d
- netfilter: nft_set_pipapo: fix improper element removal
(bsc#1213812 CVE-2023-4004).
- commit 4902a99
- Update
patches.suse/RDMA-mthca-Fix-crash-when-polling-CQ-for-shared-QPs.patch
(git-fixes bsc#1212604).
Added bug reference.
- commit 391a3ba
- igc: Fix Kernel Panic during ndo_tx_timeout callback
(git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove
(git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff
(git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- gve: unify driver name usage (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage
(git-fixes).
- igc: Handle PPS start time programming for past time values
(git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of
ethtool_link_ksettings (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier
(git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- commit a695c8c
- s390/dasd: fix hanging device after quiesce/resume (git-fixes
bsc#1213810).
- commit dfb76f0
- Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)
Deleted:
patches.suse/drm-amd-display-Add-wrapper-to-call-planes-and-strea.patch
patches.suse/drm-amd-display-Use-dc_update_planes_and_stream.patch
Refreshed:
patches.suse/drm-amd-display-fix-the-system-hang-while-disable-PS.patch
- commit b04dd6d
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
(git-fixes).
- Revert "usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init()" (git-fixes).
- Revert "usb: xhci: tegra: Fix error check" (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in
usb_gadget_activate (git-fixes).
- Revert "usb: dwc3: core: Enable AutoRetry feature in the
controller" (git-fixes).
- Revert "xhci: add quirk for host controllers that don't update
endpoint DCS" (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: dwc3: don't reset device side if dwc3 was configured as
host-only (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section
(git-fixes).
- Documentation: devices.txt: reconcile serial/ucc_uart minor
numers (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- staging: ks7010: potential buffer overflow in
ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
(git-fixes).
- Revert "debugfs, coccinelle: check for obsolete
DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes).
- commit 68f52c9
- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit c2f8329
- RDMA/irdma: Report correct WC error (git-fixes)
- commit bbd2277
- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- commit 9cf2e90
- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- commit 88338bc
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- commit cea614e
- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- commit 9675e7a
- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- commit 2321b3b
- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- commit ea2e3ca
- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- commit 0780ef4
- RDMA/irdma: Add missing read barriers (git-fixes)
- commit 495eb3b
- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- commit 67b00ed
- ALSA: usb-audio: Update for native DSD support quirks
(git-fixes).
- commit 43f1612
- ASoC: atmel: Fix the 8K sample parameter in I2SC master
(git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
(git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0
(git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
(git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
(git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events
(git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- commit e160036
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update
(git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative
temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1
disabled (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in
a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- commit 2f04296
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- commit 5a72d04
- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 179babc
- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 2cb8ed9
- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 17c6a41
- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- commit ad8acc9
- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit fe91ad7
- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit f111fdf
- KVM: arm64: Don't read a HW interrupt pending state in user context (git-fixes)
- commit ffcb733
- KVM: Don't null dereference ops->destroy (git-fixes)
- commit 3407958
- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- commit f80bc2c
- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 16a308d
- nvme-pci: fix DMA direction of unmapping integrity data
(git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- commit 3d56665
- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 7bc51ed
- scsi: lpfc: Copyright updates for 14.2.0.14 patches
(bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting
(bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths
(bsc#1213756).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout
error is detected (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling
unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only
for Target Functions (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk
and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN
(bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl
for loop topology (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message
(bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from
driver's trace buffer (bsc#1213756).
- scsi: lpfc: Fix a possible data race in
lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI
and VMID paths (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
(bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member
(bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg
loopback path (bsc#1213756).
- commit 3d33912
- blacklist.conf: add commit 122deabfe142 ("ubifs: dirty_cow_znode: Fix
memleak in error handling path")
This is reverted in commit 7d01cb27f6ae ("Revert "ubifs:
dirty_cow_znode: Fix memleak in error handling path"")
- commit b666937
- ubifs: Fix memory leak in do_rename (git-fixes).
- commit 9147a2c
- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 3021432
- afs: Fix server->active leak in afs_put_server (git-fixes).
- commit 214e9da
- afs: Fix dynamic root getattr (git-fixes).
- commit edbfecf
- jffs2: GC deadlock reading a page that is used in
jffs2_write_begin() (git-fixes).
- commit d4f2e0b
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
(git-fixes).
- commit 5f487ee
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- commit 359ea76
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- commit 47521cf
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- commit 3127ba1
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
(git-fixes).
- commit 629e159
- ubifs: Free memory for tmpfile name (git-fixes).
- commit b8a1ad9
- ubifs: ubifs_writepage: Mark page dirty after writing inode
failed (git-fixes).
- commit 840e02c
- ubifs: Re-statistic cleaned znode count if commit failed
(git-fixes).
- commit 8fb0e1e
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- commit 8e663ab
- ubifs: Reserve one leb for each journal head while doing budget
(git-fixes).
- commit cbe6386
- ubifs: do_rename: Fix wrong space budget when target inode's
nlink > 1 (git-fixes).
- commit b6963c0
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- commit b3864d7
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- commit 567a5c8
- ubifs: Rectify space budget for ubifs_symlink() if symlink is
encrypted (git-fixes).
- commit 3474d4d
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
(bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
(bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
(bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
(bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
(bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with
DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
(bsc#1213747).
- commit e04dc4d
- ubifs: Fix build errors as symbol undefined (git-fixes).
- commit 003e06c
- series: udpate metadata
Refresh
- patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
- commit 3672423
- ubifs: Fix AA deadlock when setting xattr for encrypted file
(git-fixes).
- commit 905856b
- ubifs: rename_whiteout: correct old_dir size computing
(git-fixes).
- commit 746fc1a
- ubifs: Fix to add refcount once page is set private (git-fixes).
- commit eb16186
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
(git-fixes).
- commit ec064eb
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- commit 44d5601
- ubifs: Rectify space amount budget for mkdir/tmpfile operations
(git-fixes).
- commit 5c3e281
- x86/returnthunk: Allow different return thunks (bsc#1213287, CVE-2023-20569).
- commit 9047ebd
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
work (git-fixes).
- commit f4b451d
- ubifs: Rename whiteout atomically (git-fixes).
- commit eb7797d
- ubifs: Add missing iput if do_tmpfile() failed in rename
whiteout (git-fixes).
- commit 6d376e9
- ubifs: Fix deadlock in concurrent rename whiteout and inode
writeback (git-fixes).
- commit fcb2f4b
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
(git-fixes).
- commit 289d359
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
write buffers (git-fixes).
- commit 90b0b69
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- commit 6a5ab84
- fs: dlm: move sending fin message into state change handling
(git-fixes).
- commit dab00d6
- fs: dlm: don't set stop rx flag after node reset (git-fixes).
- commit 4b30eff
- fs: dlm: start midcomms before scand (git-fixes).
- commit a80feb6
- fs: dlm: add midcomms init/start functions (git-fixes).
- commit 1f391d7
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- commit d7af52c
- fs: dlm: retry accept() until -EAGAIN or error returns
(git-fixes).
- commit 8d74a84
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit 8503974
- fs: dlm: fix race between test_bit() and queue_work()
(git-fixes).
- commit a237b08
- fs: dlm: fix race in lowcomms (git-fixes).
- commit 92fc0f8
- dlm: fix missing lkb refcount handling (git-fixes).
- commit 263b40e
- dlm: fix plock invalid read (git-fixes).
- commit 7bcd1e8
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 38ca134
- afs: Fix vlserver probe RTT handling (git-fixes).
- commit fc1925d
- afs: Fix setting of mtime when creating a file/dir/symlink
(git-fixes).
- commit 6bbf246
- afs: Fix updating of i_size with dv jump from server
(git-fixes).
- commit 6731933
- afs: Fix lost servers_outstanding count (git-fixes).
- commit 29cfb62
- afs: Fix fileserver probe RTT handling (git-fixes).
- commit b1a6d0f
- afs: Use the operation issue time instead of the reply time
for callbacks (git-fixes).
- commit dce7453
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
(git-fixes).
- commit 856031a
- afs: Fix access after dec in put functions (git-fixes).
- commit 7e9acb5
- afs: Use refcount_t rather than atomic_t (git-fixes).
- commit ee87d6d
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- commit e319694
- afs: Adjust ACK interpretation to try and cope with NAT
(git-fixes).
- commit 0170794
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- commit 6b22544
- afs: Fix afs_getattr() to refetch file status if callback
break occurred (git-fixes).
- commit 610ac25
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- commit a4211ac
- fs: hfsplus: remove WARN_ON() from
hfsplus_cat_{read,write}_inode() (git-fixes).
- commit e720f69
- FS: JFS: Check for read-only mounted filesystem in txBegin
(git-fixes).
- commit 74fc884
- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- commit ded2fdb
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
(git-fixes).
- commit d3b12be
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
(git-fixes).
- commit cb7cfeb
- net: mana: Use the correct WQE count for ringing RQ doorbell
(bsc#1212901).
- net: mana: Batch ringing RX queue doorbell on receiving packets
(bsc#1212901).
- commit de409ae
- kernel-binary.spec.in: Remove superfluous %% in Supplements
Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74
- pinctrl: amd: Don't show `Invalid config param` errors
(git-fixes).
- commit 924f82b
- can: gs_usb: gs_can_close(): add missing set of CAN state to
CAN_STATE_STOPPED (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- phy: hisilicon: Fix an out of bounds check in
hisi_inno_phy_probe() (git-fixes).
- regmap: Account for register length in SMBus I/O limits
(git-fixes).
- regmap: Drop initial version of maximum transfer length fixes
(git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31
(git-fixes).
- drm/amd/display: Disable MPC split by default on special asic
(git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe
(git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options
(git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
(git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy
(git-fixes).
- commit a35f25e
- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272
CVE-2023-21400).
- commit 744cfeb
- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are
unsupported (git-fixes).
- commit 34f9d1f
- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled
(CR0.PG==0) (git-fixes).
- commit 6d14c23
- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- commit fe48bf1
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
(git-fixes).
- commit c6619e5
- Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch.
Drop the patch in order to fix bsc#1213705.
- commit 28a2488
- vhost: support PACKED when setting-getting vring_base
(git-fixes).
- commit 0bfd988
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- commit 8b2dc73
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
bsc#1213715).
- commit 6879f59
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- commit 48f331c
- virtio_net: Fix error unwinding of XDP initialization
(git-fixes).
- commit a90e297
- virtio-net: Maintain reverse cleanup order (git-fixes).
- commit ee47906
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- commit a5c9518
- xen/pvcalls-back: fix double frees with
pvcalls_new_active_socket() (git-fixes).
- commit ae3a872
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- commit 05a3279
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind
U100 (git-fixes).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- commit 29a4c8a
- net/sched: cls_fw: Fix improper refcount update leads to
use-after-free (CVE-2023-3776 bsc#1213588).
- commit 057a69b
- block, bfq: Fix division by zero error on zero wsum
(bsc#1213653).
- commit da28d59
- Update
patches.suse/vc_screen-don-t-clobber-return-value-in-vcs_read.patch
(git-fixes bsc#1213167 CVE-2023-3567).
- Update
patches.suse/vc_screen-modify-vcs_size-handling-in-vcs_read.patch
(git-fixes bsc#1213167 CVE-2023-3567).
- Update
patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
(git-fixes bsc#1213167 CVE-2023-3567).
Add references.
- commit 86b316a
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit ad56bc8
- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
(bsc#1207129).
- commit 6298aeb
- Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation
return" (git-fixes).
- NFSv4.1: freeze the session table upon receiving
NFS4ERR_BADSESSION (git-fixes).
- svcrdma: Prevent page release when nothing was received
(git-fixes).
- NFSD: add encoding of op_recall flag for write delegation
(git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd()
(git-fixes).
- NFSD: Remove open coding of string copy (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request
(git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status
(git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
(git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- NFSD: Fix sparse warning (git-fixes).
- commit 8c604d4
- net/sched: cls_u32: Fix reference counter leak leading to
overflow (CVE-2023-3609 bsc#1213586).
- commit e129a1f
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
(CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU
(bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
(bsc#1213585).
- commit 67a1d0b
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- commit cb2f513
- pinctrl: amd: Detect internal GPIO0 debounce handling
(git-fixes).
- commit 2209e7e
- drm/msm/disp/dpu: get timing engine status from intf status
register (git-fixes).
- Refresh
patches.suse/drm-msm-dpu-Remove-duplicate-register-defines-from-I.patch.
- commit 01f0700
- usb: dwc2: platform: Improve error reporting for problems
during .remove() (git-fixes).
- Refresh
patches.suse/usb-dwc2-Fix-some-error-handling-paths.patch.
- commit c99cdac
- drm/atomic: Fix potential use-after-free in nonblocking commits
(git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0
(git-fixes).
- drm/amdgpu: avoid restore process run into dead loop
(git-fixes).
- i2c: xiic: Don't try to handle more interrupt events after error
(git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always
valid in VM (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
(git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
(git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
(git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup
(git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
(git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh "disable"
(git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts()
implementation (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring
on ADM1272 (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec
offload test (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev
rename (git-fixes).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit
DMA mode is used (git-fixes).
- kselftest: vDSO: Fix accumulation of uninitialized ret when
CLOCK_REALTIME is undefined (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
(git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr()
(git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in
xiic_process() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- commit 87a543d
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- commit a2d37c4
- xfs: run callbacks before waking waiters in
xlog_state_shutdown_callbacks (bsc#1211811).
- commit 602a6b0
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component
remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove
(git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
(git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
(git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race
(git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race
(git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- commit 2c27c0a
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops
(git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- commit 61a595d
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
(git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
(git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- commit 61676e6
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- commit b52f8c8
- xfs: async CIL flushes need pending pushes to be made stable
(bsc#1211811).
- commit a7a8e83
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- commit bdc017f
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- commit 41681a2
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- commit df27a10
- xfs: order CIL checkpoint start records (bsc#1211811).
- commit 1723063
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state()
(bsc#1211811).
- commit 7d0f707
- xfs: don't run shutdown callbacks on active iclogs
(bsc#1211811).
- Refresh patches.suse/xfs-pass-a-CIL-context-to-xlog_write.patch.
- commit bbe5b6f
- xfs: separate out log shutdown callback processing
(bsc#1211811).
- commit 8739ead
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- commit e073f75
- xfs: factor out log write ordering from xlog_cil_push_work()
(bsc#1211811).
- commit 9190d3a
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- Delete
patches.suse/xfs-drop-async-cache-flushes-from-CIL-commits.patch.
- commit 32853a9
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- commit 90fa477
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- commit b415a31
- Update
patches.suse/net-tun-fix-bugs-for-oversize-packet-when-napi-frags.patch
(git-fixes CVE-2023-3812 bsc#1213543).
Added CVE reference.
- commit 98bd6ff
- drm/client: Fix memory leak in drm_client_target_cloned
(git-fixes).
- net: phy: prevent stale pointer dereference in phy_init()
(git-fixes).
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- rsi: remove kernel-doc comment marker (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- commit a53eee1
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
(CVE-2023-35001 bsc#1213059).
- netfilter: nf_tables: do not ignore genmask when looking up
chain by id (CVE-2023-31248 bsc#1213061).
- commit 2165cfd
- uaccess: Add speculation barrier to copy_from_user()
(bsc#1211738 CVE-2023-0459).
- commit 444186d
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: don't invalidate if interrupted (bsc#1213523).
- commit 6e0bfdd
- netfilter: nf_tables: incorrect error path handling with
NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
bsc#1213245).
- commit fc1ae7b
- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit aa4b0be
- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit 9f327b6
- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit a0b814b
- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit bc512dd
- xfs: don't deplete the reserve pool when trying to shrink the fs
(git-fixes).
- commit 5a2f80d
- xfs: don't reverse order of items in bulk AIL insertion
(git-fixes).
- commit d6e35fc
- xfs: fix logdev fsmap query result filtering (git-fixes).
- commit c455cfa
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- commit 48d04d0
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit c0bf1f4
- xfs: fix integer overflows in the fsmap rtbitmap and logdev
backends (git-fixes).
- commit 2722715
- xfs: fix interval filtering in multi-step fsmap queries
(git-fixes).
- commit bdbe0c0
- xfs: fix uninitialized variable access (git-fixes).
- commit 00489cf
- xfs: pass explicit mount pointer to rtalloc query functions
(git-fixes).
- commit 8dd0d7d
- xfs: make the record pointer passed to query_range functions
const (git-fixes).
- commit f3907e2
- xfs: make fsmap backend function key parameters const
(git-fixes).
- commit f2d77e2
- xfs: fix off-by-one error when the last rt extent is in use
(git-fixes).
- commit 6038622
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- commit a16070d
- ocfs2: check new file size on fallocate call (git-fixes).
- commit 3af0daa
- ocfs2: fix use-after-free when unmounting read-only filesystem
(git-fixes).
- commit 32172b2
- smb: client: fix missed ses refcounting (git-fixes).
- commit 1464145
- Refresh
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8bebeb
- security: keys: Modify mismatched function name (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
(git-fixes).
- commit 9b8aa64
- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit e269335
- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit 74df26d
- usb: gadget: udc: core: Prevent soft_connect_store() race
(git-fixes).
- commit b1dbc3a
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
(git-fixes).
- commit bc06187
- rpm: Update dependency to match current kmod.
- commit d687dc3
- usb: dwc2: Fix some error handling paths (git-fixes).
- commit b3ae2f4
- blacklist.conf: optimization
- commit 9e3e296
- blacklist.conf: Blacklist redundant patch
- commit 48411ae
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- commit 80dd531
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- commit beb79bd
- Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- commit d0d71ee
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- commit ada238c
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- commit c9bacb3
- spi: bcm63xx: fix max prepend length (git-fixes).
- commit 656db51
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode
flags (git-fixes).
- drm/ttm: Don't leak a resource on swapout move error
(git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24
(git-fixes).
- wifi: rtw89: debug: fix error code in
rtw89_debug_priv_send_h2c_set() (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate()
(git-fixes).
- commit d32565b
- net: mana: Add support for vlan tagging (bsc#1212301).
- commit b4b8120
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU
ld < 2.36 (git-fixes bsc#1213264).
- commit 02c9941
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes
bsc#1213263).
- commit ddf8224
- blacklist.conf: clang warning
- commit e4ffa77
- s390/ap: fix status returned by ap_aqic() (git-fixes
bsc#1213259).
- commit 5299a79
- s390/ap: fix status returned by ap_qact() (git-fixes
bsc#1213258).
- commit 43d22ed
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
(git-fixes bsc#1213252).
- commit c694863
- s390: discard .interp section (git-fixes bsc#1213247).
- commit 227bb94
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- commit 20babff
- cifs: fix session state transition to avoid use-after-free issue
(bsc#1193629).
- commit a0e7e51
- cifs: new dynamic tracepoint to track ses not found errors
(bsc#1193629).
- commit 79e9e86
- cifs: log session id when a matching ses is not found
(bsc#1193629).
- commit 920ccfd
- smb: client: improve DFS mount check (bsc#1193629).
- commit 8dd4bf1
- smb: client: fix shared DFS root mounts with different prefixes
(bsc#1193629).
- commit 4ae5a6b
- smb: client: fix parsing of source mount option (bsc#1193629).
- commit 2375f35
- smb: client: fix broken file attrs with nodfs mounts
(bsc#1193629).
- commit cf3707b
- cifs: print client_guid in DebugData (bsc#1193629).
- commit edd7762
- cifs: fix session state check in smb2_find_smb_ses
(bsc#1193629).
- commit 8dbfb28
- cifs: fix session state check in reconnect to avoid
use-after-free issue (bsc#1193629).
- commit 6191deb
- cifs: do all necessary checks for credits within or before
locking (bsc#1193629).
- commit 5bb05f4
- cifs: prevent use-after-free by freeing the cfile later
(bsc#1193629).
- commit b7bc433
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- commit f671e4f
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- commit d1f13ae
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- commit 01673ee
- smb3: do not reserve too many oplock credits (bsc#1193629).
- commit 73fb9a2
- cifs: print more detail when invalidate_inode_mapping fails
(bsc#1193629).
- commit a875165
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- commit 28577bd
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- commit c6a889a
- cifs: print nosharesock value while dumping mount options
(bsc#1193629).
- commit 4243019
- Refresh
patches.suse/x86-xen-fix-secondary-processor-fpu-initialization.patch.
- commit 011270e
- x86: Fix .brk attribute in linker script (git-fixes).
- commit cacd6a8
- blacklist.conf: Blacklist 23ee27dce30e and dc94bb8f271c
- commit aa7880b
- Update patches.suse/fs-hfsplus-fix-UAF-issue-in-hfsplus_put_super.patch (CVE-2023-2985, bsc#1211867).
- commit b8edf00
- kabi/severities: Add VAS symbols changed due to recent fix
VAS accelerators are directly tied to the architecture, there is no
reason to have out-of-tree production drivers
- commit a0d0af6
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- commit d8a2ca6
- blacklist.conf: Unapplicable ppc fixes
- commit 1d050a8
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
(bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs
(bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before
dereferencing iov (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/interrupt: Don't read MSR from
interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init()
(bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is
complete (bsc#1194869).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses
(bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in
vas_rx_win_attr (bsc#1194869).
- powerpc: define get_cycles macro for arch-override
(bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show()
(bsc#1194869).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with
force_fatal_sig(SIGSEGV) (bsc#1194869).
- signal/powerpc: On swapcontext failure force SIGSEGV
(bsc#1194869).
- commit 42f7ecb
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103
- powerpc/mm/dax: Fix the condition when checking if altmap
vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- commit 19eb287
- blacklist.conf: No 32bit signals on ppc64
- commit f2f83b0
- blacklist.conf: d9e5c3e9e751 powerpc: Export mmu_feature_keys[] as
non-GPL
- commit 5cb5bd5
- blacklist.conf: b74196af372f powerpc/fadump: Fix fadump to work with a
different endian capture kernel
This changes the shared data from LE to BE for our kernel.
- commit 9bc7a26
- NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
- NTB: ntb_transport: fix possible memory leak while
device_register() fails (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
(git-fixes).
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
(git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init()
(git-fixes).
- commit e2532ad
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation
helpers (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data
race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: fireface: make read-only const array for model names
static (git-fixes).
- ALSA: oxfw: make read-only const array models static
(git-fixes).
- commit 588fb29
- Fix documentation of panic_on_warn (git-fixes).
- commit d3bc78b
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast
(git-fixes).
- Revert "drm/amd/display: edp do not add non-edid timings"
(git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast
wake times (git-fixes).
- commit 5cd5af9
- ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
size (bsc#1210584).
- commit d00dadd
- hvcs: Synchronize hotplug remove with port free (bsc#1213134
ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134
ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes
(bsc#1213134 ltc#202861).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- commit bcb2fb0
- fixup ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
- commit da8cf7d
- Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes,
bsc#1210853).
- commit c3e9aec
- blacklist.conf: Blacklist b87c7cdf2bed
- commit 6e43578
- add mainline tags to five pci_hyperv patches
- commit 6e402f4
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is
available (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in
"compatible" conditional schema (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc()
(git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
(git-fixes).
- phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from
PHY_EXYNOS4X12_USB" (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark
(git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact
update (git-fixes).
- docs: networking: Update codeaurora references for rmnet
(git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs
(git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend
(git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds
(git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: atomisp: gmin_platform: fix out_len in
gmin_get_config_dsm_var() (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two
(git-fixes).
- media: i2c: Correct format propagation for st-mipid02
(git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function
pointer (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment
(git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay
(git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical
(git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- commit 50938e1
- udf: Detect system inodes linked into directory hierarchy
(bsc#1213114).
- commit 94969d9
- udf: Preserve link count of system files (bsc#1213113).
- commit 796148e
- udf: Do not update file length for failed writes to inline files
(bsc#1213041).
- commit 7c424ea
- udf: Do not bother merging very long extents (bsc#1213040).
- commit 2bbc059
- udf: Truncate added extents on failed expansion (bsc#1213039).
- commit 570559c
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- commit a788ad0
- udf: Fix extending file within last block (bsc#1213037).
- commit 03c1b38
- udf: Discard preallocation before extending file with a hole
(bsc#1213036).
- commit 1574fab
- udf: Do not bother looking for prealloc extents if i_lenExtents
matches i_size (bsc#1213035).
- commit 55f8d82
- udf: Fix preallocation discarding at indirect extent boundary
(bsc#1213034).
- commit dd71a49
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- commit b7363e8
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- commit 36daa9d
- writeback: fix call of incorrect macro (bsc#1213024).
- commit 3d9859a
- blacklist.conf: Blacklist e730558adffb
- commit dfc29a7
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- commit 663980c
- ext4: fix bug_on in __es_tree_search caused by bad quota inode
(bsc#1213111).
- commit d2402bb
- ext4: fix to check return value of freeze_bdev() in
ext4_shutdown() (bsc#1213021).
- commit 8a5e5cc
- ext4: turn quotas off if mount failed after enabling quotas
(bsc#1213110).
- commit 54ce041
- ext4: Fix reusing stale buffer heads from last failed mounting
(bsc#1213020).
- commit b4e9a35
- ext4: only update i_reserved_data_blocks on successful block
allocation (bsc#1213019).
- commit 05b1124
- blacklist.conf: Blacklist dea9d8f7643f
- commit 5f3f2c9
- blacklist.conf: Blacklist eb1f822c76be and 1b2924393309
- commit dfea016
- ext4: add lockdep annotations for i_data_sem for ea_inode's
(bsc#1213109).
- commit bd7e51d
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- commit 8d79354
- ext4: set lockdep subclass for the ea_inode in
ext4_xattr_inode_cache_find() (bsc#1213107).
- commit 086e29e
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- commit 6f2cbde
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason
(bsc#1213018).
- commit 688805b
- blacklist.conf: Blacklist 2220eaf90992
- commit 646c4d8
- ext4: fix deadlock when converting an inline directory in
nojournal mode (bsc#1213105).
- commit cce4da1
- ext4: improve error recovery code paths in __ext4_remount()
(bsc#1213017).
- commit 29aa4fc
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- commit eb9fd41
- ext4: check iomap type only if ext4_iomap_begin() does not fail
(bsc#1213103).
- commit 0e400a2
- blacklist.conf: Blacklist 4f04351888a8
- commit 3ec5acd
- ext4: fix data races when using cached status extents
(bsc#1213102).
- commit 5ba34cb
- ext4: avoid deadlock in fs reclaim with page writeback
(bsc#1213016).
- commit 1d798af
- blacklist.conf: Blacklist 463808f237cf
- commit 8ab6243
- blacklist.conf: Blacklist 5354b2af3406
- commit af1acbd
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- commit 12832e4
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- commit cf6660d
- ext4: fix use-after-free read in ext4_find_extent for bigalloc +
inline (bsc#1213098).
- commit 4e5840b
- ext4: fix i_disksize exceeding i_size problem in paritally
written case (bsc#1213015).
- commit 4f1e279
- jdb2: Don't refuse invalidation of already invalidated buffers
(bsc#1213014).
- commit 02a11f8
- blacklist.conf: Blacklist 93cdf49f6eca
- commit 3fbd00a
- blacklist.conf: Blacklist 01e4ca294517
- commit d9ac63d
- ext4: zero i_disksize when initializing the bootloader inode
(bsc#1213013).
- commit 659d07a
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- commit e942503
- ext4: move where set the MAY_INLINE_DATA flag is set
(bsc#1213011).
- commit 414128b
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- commit c860105
- jbd2: fix data missing when reusing bh which is ready to be
checkpointed (bsc#1213095).
- commit fba1499
- ext4: update s_journal_inum if it changes after journal replay
(bsc#1213094).
- commit 555a671
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- commit e1a7504
- ext4: refuse to create ea block when umounted (bsc#1213093).
- commit 0a1540e
- blacklist.conf: Blacklist 1e9d62d25281
- commit ec4ee27
- ext4: use ext4_fc_tl_mem in fast-commit replay path
(bsc#1213092).
- commit 52602e2
- ext4: block range must be validated before use in
ext4_mb_clear_bb() (bsc#1213090).
- commit 1a54a0f
- ext4: add strict range checks while freeing blocks
(bsc#1213089).
- commit 48fbaec
- ext4: add ext4_sb_block_valid() refactored out of
ext4_inode_block_valid() (bsc#1213088).
- commit 29b9d07
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
(bsc#1213087).
- commit 8815a41
- blacklist.conf: Blacklist 3bbef91bdd21
- commit aca1605
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- commit 2665c42
- nvme-multipath: support io stats on the mpath device
(bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- commit 3351644
- opp: Fix use-after-free in lazy_opp_tables after probe deferral
(git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
(git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera
GDSCs (git-fixes).
- commit aa116bc
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335
CVE-2023-1829).
- commit 28b65ec
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- commit 073b9b6
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- commit f0ad26b
- extcon: usbc-tusb320: Unregister typec port on driver removal
(git-fixes).
- commit b2eac46
- usb: dwc3: gadget: Propagate core init errors to UDC during
pullup (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in
dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
(git-fixes).
- usb: dwc3: qcom: Release the correct resources in
dwc3_qcom_remove() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event
(git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions
(git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
(git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend
(git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- serial: atmel: don't enable IRQs prematurely (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system
suspend (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
s3c24xx_serial_getclk() when iterating clk (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
s3c24xx_serial_getclk() in case of error (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq()
(git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq()
(git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register
(git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid
warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings
(git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count
(git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in
svc_create_memory_pool() (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory
allocation (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for
FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type
(git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection
(git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access
(git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled
(git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource
(git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
(git-fixes).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case
of error (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ
pending (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a
port is registered (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- commit 5d09f51
- cifs: add a warning when the in-flight count goes negative
(bsc#1193629).
- commit b5356cb
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- commit 4a371a3
- cifs: fix max_credits implementation (bsc#1193629).
- commit 54568db
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- commit f115649
- cifs: print all credit counters in DebugData (bsc#1193629).
- commit cfab0d3
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- commit db74448
- smb: remove obsolete comment (bsc#1193629).
- commit dbdd811
- cifs: address unused variable warning (bsc#1193629).
- commit 2c0db9f
- smb: delete an unnecessary statement (bsc#1193629).
- commit 8263cc2
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- commit f544a57
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603
ltc#202604).
- commit 9cf4e75
- Move upstreamed x86, scsi and arm patches into sorted section
- commit 68279fe
- x86/xen: fix secondary processor fpu initialization
(bsc#1212869).
- commit 8ea47f4
- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- commit 4610493
- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- commit 3193b97
- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- commit 4a80233
- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- commit c5a9ac4
- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- commit 030725c
- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- commit 9e18a28
- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- commit 5d11670
- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- commit 465a1cc
- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- commit a16408a
- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- commit 5b86f20
- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- commit 5fd5166
- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- commit 4d45831
- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- commit 0f82e06
- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- commit fa23528
- hwrng: st - keep clock enabled while hwrng is registered
(git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check
(git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled
(git-fixes).
- commit f87750a
- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c
- PCI: endpoint: Add missing documentation about the MSI/MSI-X
range (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test
(git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device
(git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots
(git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode
(git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers
(git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe
endpoint core (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to
be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe
(git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register
(git-fixes).
- PCI: qcom: Disable write access to read only registers for IP
v2.3.3 (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present
(git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid
use-after-free (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull
mode (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf()
(git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf()
(git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform
profiles (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling
(git-fixes).
- platform/x86: think-lmi: Correct System password interface
(git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI
calls (git-fixes).
- commit 22e7ca3
- Get module prefix from kmod (bsc#1212835).
- commit f6691b0
- smb: move client and server files to common directory fs/smb
(bsc#1193629).
- Update config and supported.conf files due to renaming.
- commit ae50c24
- blacklist.conf: gcc 12 issue
- commit 81cb1b7
- s390/gmap: voluntarily schedule during key setting (git-fixes
bsc#1212892).
- commit 4ccd632
- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
(git-fixes).
- commit 913f7b5
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable
(git-fixes).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use
(git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain
(git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables
(git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support
(git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not
available (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed
rate (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command
parser (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging
freesync video mode (git-fixes).
- drm/amd/display: drop redundant memset() in
get_available_dsc_slices() (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated
memory (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info
change (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting
(git-fixes).
- drm/panel: simple: fix active size for Ampire
AM-480272H3TMQW-T01H (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in
`sun4i_tcon_init_clocks` (git-fixes).
- drm/vram-helper: fix function names in vram helper doc
(git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation
(git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh
(git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf()
(git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs
(git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume
control (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
(git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
boost on EliteBook (git-fixes).
- Input: adxl34x - do not hardcode interrupt trigger type
(git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651
(git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in
mipid_spi_probe() (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf()
(git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf()
(git-fixes).
- clk: si5341: return error if one synth clock registration fails
(git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register()
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in
imx8mp_clocks_probe() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
(git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free
(git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver
(git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- commit 7ae139a
- io_uring: hold uring mutex around poll removal (bsc#1212838
CVE-2023-3389).
- commit e7c3e0b
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 9e8659c
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 3c403c0
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
(git-fixes).
- commit b453224
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
With the module path adjustment applied as source patch only
ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
non-usrmerged.
- commit dd9a820
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
CVE-2023-3090).
- commit 7062cce
- signal/s390: Use force_sigsegv in default_trap_handler
(git-fixes bsc#1212861).
- commit 65a5c57
- blacklist.conf: cleanup commit
- commit 2bf2715
- tracing/timer: Add missing hrtimer modes to
decode_hrtimer_mode() (git-fixes).
- commit ed0442b
- writeback: fix dereferencing NULL mapping->host on
writeback_page_template (git-fixes).
- commit 9837e76
- x86/kprobes: Fix arch_check_optimized_kprobe check within
optimized_kprobe range (git-fixes).
- commit 085878a
- blacklist.conf: gcc warnings for the newer version of the compiler
- commit 1dd8f7f
- btrfs: unset reloc control if transaction commit fails in
prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 8d54367
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- commit cbfecbe
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on
(git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds
(git-fixes).
- commit 52de066
- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- commit 00af074
- IB/isert: Fix incorrect release of isert connection (git-fixes)
- commit e38bdbc
- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- commit 6bacb44
- IB/isert: Fix dead lock in ib_isert (git-fixes)
- commit ffd174a
- RDMA/mlx5: Fix affinity assignment (git-fixes)
- commit 29d122c
- RDMA/mlx5: Don't set tx affinity when lag is in hash mode (git-fixes)
- commit 2b5aac8
- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- commit 8f45747
- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- commit fe78e01
- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- commit 361e585
- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- commit e6d3548
- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- commit 1b7d9cb
- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- commit 7284531
- RDMA/rxe: Fix packet length checks (git-fixes)
- commit ca5d9e2
- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- commit bdd8fdf
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
(git-fixes).
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
(git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
(git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements
(git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in
iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled
(git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not
enabled (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe()
(git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
(git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
(git-fixes).
- wifi: ath9k: avoid referencing uninit memory in
ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset
calculation (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in
mwifiex_ret_802_11_scan() (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase
(git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling
(git-fixes).
- Revert "mtd: rawnand: arasan: Prevent an unsupported
configuration" (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
(git-fixes).
- regulator: helper: Document ramp_delay parameter of
regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: core: Fix more error checking for
debugfs_create_dir() (git-fixes).
- pstore/ram: Add check for kstrdup (git-fixes).
- integrity: Fix possible multiple allocation in
integrity_inode_get() (git-fixes).
- Revert "net: phy: dp83867: perform soft reset and retain
established link" (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
(git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads
(git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360
(git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk
handling (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- media: cec: core: don't set last_initiator if tx in progress
(git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register()
(git-fixes).
- commit b21df60
- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- commit d45f7dc
- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- commit e3cca5c
- RDMA/rxe: Remove the unused variable obj (git-fixes)
- commit 0081865
- can: isotp: isotp_sendmsg(): fix return error fix on TX path
(git-fixes).
- can: kvaser_pciefd: Remove handler for unused
KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register
(git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: make header self contained (git-fixes).
- elf: correct note name comment (git-fixes).
- drm/amd/display: fix the system hang while disable PSR
(git-fixes).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error
(git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
(git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/radeon: fix race condition UAF in
radeon_gem_set_domain_ioctl (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update
(git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: Add minimal pipe split transition state
(git-fixes).
- commit f746d09
- blacklist.conf: add git-fixes for nvme
- commit e4a757c
- x86/build: Avoid relocation information in final vmlinux
(bsc#1187829).
- commit b248c02
- gfs2: Don't deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- commit 2228e4a
- ice: Fix XDP memory leak when NIC is brought up and down
(git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix invalid check for empty list in
ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom()
(git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe()
(git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active
(git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not
sufficient (git-fixes).
- ice: Don't double unplug aux on peer initiated reset
(git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context
(git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB
(git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice, xsk: Diversify return values from xsk_wakeup call paths
(git-fixes).
- commit 6a47979
- thermal/drivers/sun8i: Fix some error handling paths in
sun8i_ths_probe() (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state()
(git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in
ttc_timer_probe (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
(git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function
(git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- commit bc06af3
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6
- Update references in the patch
patches.suse/HID-intel_ish-hid-Add-check-for-ishtp_dma_tx_map.patch
(git-fixes bsc#1212606 CVE-2023-3358).
- commit f3ebbc7
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- commit 26e74c2
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- commit e8ab3ef
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- commit d73721e
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- commit 958e41f
- powerpc/set_memory: Avoid spinlock recursion in
change_page_attr() (bsc#1194869).
- commit c747d4c
- i2c: imx-lpi2c: fix type char overflow issue when calculating
the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe()
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13"
SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
(git-fixes).
- commit 607c980
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
(bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
(bsc#1194869 bsc#1212701).
- commit 98497f8
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from
irq context (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- commit a8d1547
- HID: amd_sfh: Add missing check for dma_alloc_coherent
(bsc#1212605 CVE-2023-3357).
- commit 1aef403
- net/mlx5: fix missing mutex_unlock in
mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- commit f9de2c8
- Refresh
patches.suse/mm-vmalloc-do-not-output-a-spurious-warning-when-huge-vmalloc-fails.patch.
Update mainline status and sort the patch.
- commit 9716927
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- commit 859dd00
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- commit 3f14de3
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
(git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers
(git-fixes).
- nilfs2: fix incomplete buffer cleanup in
nilfs_btnode_abort_change_key() (git-fixes).
- test_firmware: prevent race conditions by a correct
implementation of locking (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
(git-fixes).
- power: supply: Fix logic checking if system is running from
battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race
(git-fixes).
- power: supply: ab8500: Fix external_power_changed race
(git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
(git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
0xC0 (git-fixes).
- regulator: Fix error checking for debugfs_create_dir
(git-fixes).
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool()
(git-fixes).
- commit 571f9b4
- blacklist.conf: added drbd git-fix
drbd in kernel no supported/used
- commit d232113
- s390/dasd: Use correct lock while counting channel queue length
(git-fixes bsc#1212592).
- commit 3416e6e
- blacklist.conf: ("arm64: dts: colibri-imx8x: delete adc1 and dsp")
- commit eb24176
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- commit 9aba35e
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- commit ae23b2f
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- commit 5cee83a
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- commit bfb5d9b
- cgroup: Use cgroup_attach_{lock,unlock}() from
cgroup_attach_task_all() (bsc#1212563).
- commit f39cb40
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- commit 148b744
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- commit 1e10d7b
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- commit ae2a42d
- bpf: Fix UAF in task local storage (bsc#1212564).
- commit 26b737d
- cgroup: fix missing cpus_read_{lock,unlock}() in
cgroup_transfer_tasks() (bsc#1212563).
- commit 2b82ccd
- mm/vmalloc: do not output a spurious warning when huge vmalloc()
fails (bsc#1211410).
- commit ae4e43c
- cgroup: always put cset in cgroup_css_set_put_fork
(bsc#1212561).
- commit ae170c0
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal
(bsc#1211410).
- commit 0352c7c
- Update References tag
patches.suse/usb-gadget-udc-renesas_usb3-Fix-use-after-free-bug-i.patch
(git-fixes bsc#1212513 CVE-2023-35828).
- commit 058d07e
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
(git-fixes).
- commit 7ecdfc8
- x86/mm: Initialize text poking earlier (bsc#1212448).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- Refresh patches.suse/init-remove-check_bugs-leftovers.patch.
- commit fe545d9
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- commit b8943a6
- Refresh patches.suse/init-invoke-arch_cpu_finalize_init-earlier.patch.
Move arch_cpu_finalize_init() to the correct place.
- commit 87f94ba
- binfmt_elf: Take the mmap lock when walking the VMA list
(bsc#1209039 CVE-2023-1249).
- commit bc9a5c4
- ceph: fix use-after-free bug for inodes when flushing capsnaps
(bsc#1212540).
- commit c22ab50
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- commit 985593a
- x86/microcode: Print previous version of microcode after reload
(git-fixes).
- blacklist.conf: remove it
- Refresh
patches.suse/x86-microcode-add-a-parameter-to-microcode_check-to-store-cpu-capabilities.patch.
- Refresh
patches.suse/x86-microcode-adjust-late-loading-result-reporting-message.patch.
Take the blacklisted commit instead of merging it into the second patch.
Refresh the third one to the upstream version.
- commit b0493cf
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
(git-fixes).
- blacklist.conf: remove it
- Refresh
patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
Take the blacklisted commit instead of merging it into the latter patch.
This solves a bug in the latter patch backport as the patch now applies
cleanly and no manual changes are needed.
- commit 7d65f32
- Update References tag
patches.suse/media-rkvdec-fix-use-after-free-bug-in-rkvdec_remove.patch
(git-fixes bsc#1212495 CVE-2023-35829).
- commit 85c0f24
- Move upstreamed thunderbolt patch into sorted section
- commit 375578f
- Update
patches.suse/net-sched-flower-fix-possible-OOB-write-in-fl_set_ge.patch
(CVE-2023-35788 bsc#1212504).
Added CVE reference.
- commit 48e3971
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- commit 9d2272d
- Update References tag
patches.suse/media-saa7134-fix-use-after-free-bug-in-saa7134_fini.patch
(git-fixes bsc#1212494 CVE-2023-35823).
- commit 6056471
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
(git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not
accessible (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
(git-fixes).
- bnxt_en: Don't issue AP reset during ethtool's reset operation
(git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
(git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
(git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit
platforms (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- net/sched: fix initialization order when updating chain 0 head
(git-fixes).
- commit 357e3aa
- staging: octeon: delete my name from TODO contact (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request
(git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when
creating paths (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- commit 07ac6ad
- ALSA: usb-audio: Add quirk flag for HEM devices to enable
native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state
(git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- commit f8fff8d
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode
(git-fixes).
- drm/nouveau: don't detect DSM for non-NVIDIA device (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- commit a872fd6
- Drop a buggy dvb-core fix patch (bsc#1205758)
Also the kabi workaround is dropped, too
- commit 655bd4b
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- commit 072fd20
- x86/fpu: Mark init functions __init (bsc#1212448).
- commit e8f4a8e
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- commit 73b8e7c
- x86/init: Initialize signal frame size late (bsc#1212448).
- commit 95c2ee8
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- commit a0f0e12
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- commit 0ae852a
- init: Remove check_bugs() leftovers (bsc#1212448).
- commit 4db22bb
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit fb20d0a
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit 1d74981
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- commit 54c49f5
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- commit 07346cf
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- commit 98e0ea3
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- commit a8ca534
- blacklist.conf: ("mm: defer kmemleak object creation of module_alloc()")
- commit 98eb467
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- commit cab9765
- blacklist.conf: ("arm64/bpf: Remove 128MB limit for BPF JIT programs")
- commit a3de279
- kernel-docs: Add buildrequires on python3-base when using python3
The python3 binary is provided by python3-base.
- commit c5df526
- blacklist.conf: kABI breakage, removed exported symbol
- commit 470424a
- qed/qede: Fix scheduling while atomic (git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout
(git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix output information incomplete for dumping tx
queue info with debugfs (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync
packet (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
(git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
(git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind
(git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update
(git-fixes).
- net: ena: Set default value for RX interrupt moderation
(git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection
(git-fixes).
- net: ena: Account for the number of processed bytes in XDP
(git-fixes).
- net: ena: Don't register memory info on XDP exchange
(git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR
(git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect
after driver initialization (git-fixes).
- nfp: only report pause frame configuration for physical device
(git-fixes).
- commit 099bed1
- drm/i915/selftests: Add some missing error propagation
(git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
(git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol
(git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge
length (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch
(git-fixes).
- commit 120ec14
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch
failed (git-fixes).
- commit 2be82b5
- blacklist.conf: ("KVM: arm64: nvhe: Fix build with profile optimization")
- commit f894646
- KVM: arm64: Don't hypercall before EL2 init (git-fixes)
- commit d26dd54
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- commit 6837f01
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- commit d156653
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- commit 7097157
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- commit d5dcfa2
- blacklist.conf: build dependency fix
- commit b9cb9eb
- blacklist.conf: specific to Clang
- commit dbb2d18
- blacklist.conf: kABI
- commit c8b8dbc
- blacklist.conf: irrelevant in our kernel configs
- commit 147680e
- blacklist.conf: for compiler we don't use
- commit 5a08370
- tracing: Have event format check not flag %p* on
__get_dynamic_array() (git-fixes, bsc#1212350).
- blacklist.conf: Remove the commit
- commit e1130da
- tracing: Update print fmt check to handle new __get_sockaddr()
macro (git-fixes, bsc#1212350).
- commit 0b13d9e
- blacklist.conf: Drop already backported entry
- commit 21b7697
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema
restriction (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize
ioctl (git-fixes).
- commit 9dcda7c
- vhost_vdpa: support PACKED when setting-getting vring_base
(jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared
(jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
(jsc#SLE-19253).
- net/mlx5e: Don't attach netdev profile while handling internal
error (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device
(jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
(jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context
(jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device
memory (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability
independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE)
CPUs (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget
is 0 (jsc#SLE-19253).
- net/mlx5: E-switch, Don't destroy indirect table in split rule
(jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink
encap mode (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code
(jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query
(jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency
(jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward
to ovs internal port (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code
(jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it
(jsc#SLE-19253).
- vdpa/mlx5: Don't clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure
(jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove
(jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the
tracer (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs
buffers (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error
(jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries
(jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
(jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit
(jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on
MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even
more (jsc#SLE-19253).
- net/mlx5e: Don't support encap rules with gbp option
(jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range
(jsc#SLE-19253).
- net/mlx5: check attr pointer validity before dereferencing it
(jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
(jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del
(jsc#SLE-19253).
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on
by default (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once()
error path (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on
VST (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table
(jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write()
(jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not
issued to FW (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase
(jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance
(jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single
CPU systems (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge
(jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface
(jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ
(jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before
pci_restore_state (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state
(jsc#SLE-19253).
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting
profile (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
(jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state
(jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding
lock_class_key (jsc#SLE-19253).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb
(jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
(jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters
(jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX
(jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX
(jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event
(jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
(jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: Don't use already freed action pointer
(jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers
(jsc#SLE-19253).
- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
device (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe
(jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating
multi-destination FW table (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
(jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
(jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
(jsc#SLE-19253).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk
dev (jsc#SLE-19253).
- commit 5fae4a0
- blacklist.conf: add git-fix that breaks kabi
- commit 2df77d4
- blacklist.conf: cleanup, dead reference won't break anything
- commit ea07443
- blacklist.conf: cleanup, dead reference won't break anything
- commit ba4ce58
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998
git-fixes).
- commit 7e152d5
- blacklist.conf: Add more powerpc unsupported platform paths
- commit c3b3c8e
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- commit 9bba037
- blacklist.conf: cleanup, not a fix
- commit ae23f77
- blacklist.conf: cleanup, not a fix
- commit 0b74b98
- blacklist.conf: build only
- commit 2de0332
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection
at iMX8QM (git-fixes).
- commit c52eada
- blacklist.conf: feature, not a fix
- commit 44f5d9b
- blacklist.conf: optimization, not a fix
- commit 02f5051
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- commit ddb86f8
- tracing/probe: trace_probe_primary_from_call(): checked
list_first_entry (git-fixes).
- commit 150f29b
- tracing/histograms: Allow variables to have some modifiers
(git-fixes).
- commit 70e4f92
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
(git-fixes).
- commit 192a450
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
(git-fixes).
- commit c98a23e
- kprobes: Fix to handle forcibly unoptimized kprobes on
freeing_list (git-fixes).
- commit 86488b1
- kprobes: Fix check for probe enabled in kill_kprobe()
(git-fixes).
- commit 296ebb2
- kprobes: Skip clearing aggrprobe's post_handler in
kprobe-on-ftrace case (git-fixes).
- commit 998483a
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- commit 5a80a04
- kprobes: Prohibit probes in gate area (git-fixes).
- commit b68c831
- kprobes: don't call disarm_kprobe() for disabled kprobes
(git-fixes).
- commit 8dd6622
- kprobes: Forbid probing on trampoline and BPF code areas
(git-fixes).
- commit 3b3e3e9
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- commit a8e7886
- tracing: Introduce helpers to safely handle dynamic-sized
sockaddrs (git-fixes).
- commit eabd7b4
- eeprom: at24: also select REGMAP (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path
(git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
(git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
(git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP
signals (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor
(git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified
sc7180-lite boards (git-fixes).
- commit 031042b
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
error handling (git-fixes).
- commit 5599965
- revert "squashfs: harden sanity check in
squashfs_read_xattr_id_table" (git-fixes).
- commit fd69a9c
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using
CS35L41 (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
(git-fixes).
- commit 74a4806
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor
IDs (git-fixes).
- Refresh
patches.suse/ALSA-hda-Add-NVIDIA-codec-IDs-a3-through-a7-to-patch.patch.
- commit 588740e
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP
platform (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag
(git-fixes).
- test_firmware: fix the memory leak of the allocated firmware
buffer (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
(git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
(git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
(git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- mailbox: mailbox-test: fix a locking issue in
mbox_test_message_write() (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- dmaengine: pl330: rename _start to prevent build error
(git-fixes).
- dmaengine: at_xdmac: fix potential Oops in
at_xdmac_prep_interleaved() (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device
is unplugged (git-fixes).
- drm/msm: Be more shouty if per-process pgtables aren't working
(git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions
(git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect
RCR value (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr
from ID table (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end
of probe (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in
su3000_read_mac_address (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
(git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in
rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in
ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
(git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in
az6027_i2c_xfer() (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter
(git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path
(git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
(git-fixes bsc#1211387).
- drm/ast: Fix ARM compatibility (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
(git-fixes).
- mailbox: mailbox-test: Fix potential double-free in
mbox_test_message_write() (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading
the driver (git-fixes).
- drm/amdgpu: release gpu full access after
"amdgpu_device_ip_late_init" (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the
desc list (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting
(git-fixes).
- commit 0cb0fbe
- Update patch reference for fbcon fix (CVE-2023-3161 bsc#1212154)
- commit dd50606
- Move setting %%build_html to config.sh
- commit dd39da3
- Update patches.suse/arm64-efi-Execute-runtime-services-from-a-dedicated-.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit 15cbf6b
- Update patches.suse/efi-rt-wrapper-Add-missing-include.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit d2f0708
- Update patch reference for memstick fix (CVE-2023-3141 bsc#1212129 bsc#1211449)
- commit 089d7db
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5
- Refresh
patches.suse/0042-block-mq-deadline-Fix-dd_finish_request-for-zoned-devices.patch.
Remove also per_prio from dd_finish_request(). There are no more users
in 5.4. Silences the compiler warning:
block/mq-deadline.c:830:22: error: unused variable ‘per_prio’
- commit ed6b28b
- drm/msm: Set max segment size earlier (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context()
fails (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work
(git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID
(git-fixes).
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect
(git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
(git-fixes).
- can: j1939: avoid possible use-after-free when
j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue
handling in J1939 Socket (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
(git-fixes).
- Input: fix open count when closing inhibited device (git-fixes).
- commit 0d88720
- Move setting %%split_optional to config.sh
- commit 77f3750
- Move setting %%supported_modules_check to config.sh
- commit 5ada69b
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax
loops (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367
ltc#195662).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367
ltc#195662).
- commit 6862b4a
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- commit 5ad6888
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- commit da8b9db
- Also include kernel-docs build requirements for ALP
- commit 114d088
- Move the kernel-binary conflicts out of the spec file.
Thie list of conflicting packages varies per release.
To reduce merge conflicts move the list out of the spec file.
- commit 4d81125
- Avoid unsuported tar parameter on SLE12
- commit f11765a
- Move obsolete KMP list into a separate file.
The list of obsoleted KMPs varies per release, move it out of the spec
file.
- commit 016bc55
- ext4: unconditionally enable the i_version counter
(bsc#1211299).
- commit 9850f2e
- Trim obsolete KMP list.
SLE11 is out of support, we do not need to handle upgrading from SLE11
SP1.
- commit 08819bb
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit 4df8ec9
- Generalize kernel-doc build requirements.
- commit 23b058f
- spi: qup: Request DMA before enabling clocks (git-fixes).
- platform/surface: aggregator: Allow completion work-items to
be executed in parallel (git-fixes).
- commit 9916d6b
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit f5b50ae
- RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes)
- commit a9533db
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit 01fdb10
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- commit edb8dfd
- blacklist: add RTRS rename patches
First patch makes codes less confusing but is only used by
the 2 following ones which break kABI
- commit 9fca67c
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- commit 8cb567c
- Refresh patches.suse/add-suse-supported-flag.patch.
Fix table alignment.
- commit ed5f850
- blacklist.conf: add ntfs3
ntfs3 was introduced in v5.15-rc1, and as such we don't carry it on
SLE15-SP4.
- commit 9ff2c7c
- kernel-binary: Add back kernel-default-base guarded by option
Add configsh option for splitting off kernel-default-base, and for
not signing the kernel on non-efi
- commit 28c22af
- blacklist.conf: Append 'fbdev: Disable sysfb device registration when removing conflicting FBs'
- commit 3f0f464
- blacklist.conf: Append 'fbdev: da8xx-fb: add missing regulator_disable() in fb_probe'
- commit e00fe84
- blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB'
- commit 418d50c
- blacklist.conf: Append 'Revert "fbcon: don't lose the console font across generic->chip driver switch"'
- commit addaa82
- blacklist.conf: Append 'Revert "fbdev: Make fb_release() return -ENODEV if fbdev was unregistered"'
- commit 66c01be
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- commit eb830fc
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472)
Backporting changes:
* replace refcount_read() with atomic_read()
- commit 23a912f
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- commit 3f25e44
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02
- Update "drm/i915/gem: add missing boundary check in vm_access" (bsc#1211263 CVE-2023-28410)
Add bug and CVE number to the References tag.
- commit f799efb
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22
- kabi/severities: ignore kABI in bq27xxx_battery module
Those are local symbols that are used only by child drivers
- commit 8d7e23d
- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b
- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
(git-fixes).
- commit d03fbdf
- power: supply: bq27xxx: expose battery data when CI=1
(git-fixes).
- Refresh
patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c
- KEYS: asymmetric: Copy sig and digest in
public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
(git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
not set (git-fixes).
- commit 31ed077
- ASoC: rt5682: Disable jack detection interrupt during suspend
(git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d
- misc: fastrpc: reject new invocations during device removal
(git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
(git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
(git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "shorted" channels to differential
(git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
(git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
(git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
(git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
(git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
(git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
(git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
(git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
(git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
(git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
(git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
(git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
(git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
(git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
(git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
(git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
(git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
(git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
(git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
(git-fixes).
- net: mdio: mvusb: Fix an error handling path in
mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
(git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc
- net: rpl: fix rpl header size calculation (CVE-2023-2156
bsc#1211131).
- commit c308d83
- thunderbolt: Mask ring interrupt on Intel hardware as well
(bsc#1210165).
- commit 4a76dd6
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
pressure (bsc#1211564).
- commit 8e0fc37
- blacklist: add nvme bogus nsid check
We don't not need these quirks as we don't ship the check.
- commit bbebeaf
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb
- Update patch-mainline metadata for a lockdown patch
- commit ff4a857
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd
- nvme-tcp: fix a possible UAF when failing to allocate an io
queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
(git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
(git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
(git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
(git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
(git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
(git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
(git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
Refresh:
- patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
(git-fixes).
Refresh:
- patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
- patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
(git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
(git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
(git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
Refresh:
- patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
(git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
SSDs (git-fixes).
- commit c657707
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit e3a141d
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba
- blacklist.conf: Exclude an irrelevant patch for us.
We don't have the fp_init.size et al variables so this patch doesn't
apply to our kernel.
- commit 30f92bf
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
CVE-2023-1382).
- commit a68b414
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a
- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
(git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
(git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
VM (git-fixes).
- commit 85569e3
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- commit bf87aed
- scsi: qla2xxx: Replace all non-returning strlcpy() with
strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
(bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
(bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
(bsc#1211960).
- commit 4c4bf74
- lpfc: update metadata
- Refresh
patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e
- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28
- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd
- Fix usrmerge error (boo#1211796)
- commit da84579
- Update CVE reference to
patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
(git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a
- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- commit d8cfc9c
- blacklist.conf: prerequisites way too intrusive
- commit b6394eb
- blacklist.conf: prerequisites too intrusive
- commit 7aaa267
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
(bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
(bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
(bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
hbalock for abort paths (bsc#1211847).
- commit b6545fd
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
SES devices (bsc#1211847).
- commit 31cb016
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605
- lpfc: Enhance congestion statistics collection
(bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling
(bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead
of TRACE_EVENT (bsc#1211852).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based
on nlp_state (bsc#1211852).
- commit 04bc1f2
- lpfc: Account for fabric domain ctlr device loss recovery
(bsc#1211346, bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery
(bsc#1211852).
- lpfc: Fix use-after-free rport memory access in
lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- commit ffe8e83
- usb: dwc3: gadget: Execute gadget stop after halting the
controller (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b
- usb: typec: tcpm: fix multiple times discover svids error
(git-fixes).
- commit a381d7f
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
(git-fixes).
- commit 6b5ad0e
- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962
- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4
- smb3: display debug information better for encryption
(bsc#1193629).
- commit 7f16b38
- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62
- SMB3: drop reference to cfile before sending oplock break
(bsc#1193629).
- commit 714d17f
- SMB3: Close all deferred handles of inode in case of handle
lease break (bsc#1193629).
- commit 31916b9
- cifs: release leases for deferred close handles when freezing
(bsc#1193629).
- commit fba9221
- smb3: fix problem remounting a share after shutdown
(bsc#1193629).
- commit 8678043
- SMB3: force unmount was failing to close deferred close files
(bsc#1193629).
- commit b75c848
- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949
- do not reuse connection if share marked as isolated
(bsc#1193629).
- commit 50ed2cc
- SMB3: Close deferred file handles in case of handle lease break
(bsc#1193629).
- commit 79b4858
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7
- cifs: fix pcchunk length type in smb2_copychunk_range
(bsc#1193629).
- commit 278a0ed
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402
- cifs: update internal module version number for cifs.ko
(bsc#1193629).
- commit 2c9169a
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f
- dm ioctl: fix nested locking in table_clear() to remove deadlock
concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
(bsc#1211807).
- commit cfbffb5
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4
- cgroup: Reorganize css_set_lock and kernfs path processing
(bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
(bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
(bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
duplicated codes (bsc#1203906).
- commit 45f8307
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
(bsc#1211804).
- commit a688822
- blacklist.conf: 03cab65a07e0 ("selftests/futex: fix build for clang")
- commit 19afb99
- locking/rwsem: Add __always_inline annotation to
__down_read_common() and inlined callers (git-fixes).
- commit e0ba102
- rtmutex: Ensure that the top waiter is always woken up
(git-fixes).
- commit 0184302
- futex: Resend potentially swallowed owner death notification
(git-fixes).
- commit c8b2fc6
- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee
- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8
- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39
- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e
- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4
- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7
- blacklist.conf: LLVM test case fix
- commit 8a6e662
- s390/vdso: remove -nostdlib compiler flag (git-fixes
bsc#1211714).
- commit 3aedab5
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444
- Update
patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
(bsc#1208604 CVE-2023-1079).
Added bugzilla and CVE
- commit 1bf4240
- Update
patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
(bsc#1208604 CVE-2023-1079).
Added bugzilla and CVE
- commit a4b9147
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
(git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
(git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
(git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
(git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
(git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
(git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
(git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
(git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
(git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
(git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
(git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
(git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
(git-fixes).
- regmap: cache: Return error in cache sync operations for
REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e
- Input: xpad - add constants for GIP interface numbers
(git-fixes).
- commit ae95fb0
- mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
(git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
(git-fixes).
- Bluetooth: L2CAP: fix "bad unlock balance" in
l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
(git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
(bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
(git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
(git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
(git-fixes).
- HID: wacom: Force pen out of prox if no events have been
received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
(git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
bsc#1211686).
- commit dcbf1cc
- dmaengine: idxd: Only call idxd_enable_system_pasid() if
succeeded in enabling SVA feature (git-fixes).
- commit bdaf824
- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024
- wifi: mt76: mt7921e: improve reliability of dma reset
(git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
(git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
(git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
is read (git-fixes).
- commit 5f45933
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf
- configfs: fix possible memory leak in configfs_create_dir()
(git-fixes).
- debugfs: fix error when writing negative value to atomic_t
debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
(git-fixes).
- commit 1a0085a
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
(git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
Rename {leaf,usbcan}_cmd_error_event to
{leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
(git-fixes).
- commit 686ab31
- can: kvaser_usb_leaf: Fix overread with an invalid command
(git-fixes).
- commit 9e9ebea
- drivers: base: dd: fix memory leak with using debugfs_lookup()
(git-fixes).
- drivers: base: component: fix memory leak with using
debugfs_lookup() (git-fixes).
- commit 537af53
- virtio_net: suppress cpu stall when free_unused_bufs
(git-fixes).
- commit da7bbcd
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c
- virtio_net: bugfix overflow inside xdp_linearize_page()
(git-fixes).
- commit 7b42c19
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
(git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
(git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
dwc3_gadget_resume() (git-fixes).
- commit b5c53da
- virtio-net: Keep stop() to follow mirror sequence of open()
(git-fixes).
- commit 0d2ec00
- virtio-net: execute xdp_do_flush() before napi_complete_done()
(git-fixes).
- commit 1fe332b
- tools/virtio: fix the vringh test for virtio ring changes
(git-fixes).
- commit 7846dae
- vhost/net: Clear the pending messages when the backend is
removed (git-fixes).
- commit ed68aca
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8
- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7
- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
(git-fixes).
- commit 97aa26c
- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa
- blacklist.conf: add 838d6d3461db ("virtio: unexport virtio_finalize_features")
- commit daac2ad
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10
- blacklist.conf: black list non applicable fix
- commit 0b43409
- power: supply: bq24190_charger: using pm_runtime_resume_and_get
instead of pm_runtime_get_sync (git-fixes).
- Refresh
patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8
- net: skip virtio_net_hdr_set_proto if protocol already set
(git-fixes).
- commit 04b2165
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
(bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202
- net: virtio_net_hdr_to_skb: count transport header in UFO
(git-fixes).
- commit 435a431
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5
- usb: dwc3: Fix ep0 handling when getting reset while doing
control transfer (git-fixes).
- commit acaaa13
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
(git-fixes).
- commit 7e9b934
- usb: dwc3: remove a possible unnecessary 'out of memory'
message (git-fixes).
- commit 59239b9
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748
- usb: dwc3: drd: use helper to get role-switch-default-mode
(git-fixes).
- commit ee299c9
- tracing: Fix permissions for the buffer_percent file
(git-fixes).
- commit 0318a81
- ring-buffer: Sync IRQ works before buffer destruction
(git-fixes).
- commit a78e19a
- ring-buffer: Ensure proper resetting of atomic variables in
ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346
- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc
- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b
- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc
- ipv6: sr: fix out-of-bounds read when setting HMAC data
(bsc#1211592).
- commit 5a240f0
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993
- power: supply: bq24190: Fix use after free bug in bq24190_remove
due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
Self-IPI (git-fixes).
- commit 742c6c3
- KVM: x86/vmx: Do not skip segment attributes if unusable bit
is set (git-fixes).
- commit 9eaecda
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
(git-fixes).
- commit 30d94a9
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
support global_ctrl (git-fixes).
- commit aa84341
- KVM: x86: Protect the unused bits in MSR exiting flags
(git-fixes).
- commit 28b2cff
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
(git-fixes).
- commit 4df9796
- KVM: x86: do not set st->preempted when going back to user space
(git-fixes).
- commit 757f49a
- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
failure (git-fixes).
- commit f034027
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
(git-fixes).
- commit 71266ce
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
(bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
(bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
bugs (git-fixes).
- commit 0592eea
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
is advertised (git-fixes).
- commit b3bd831
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
catchup mode (git-fixes).
- commit 61c19ae
- KVM: x86: Report deprecated x87 features in supported CPUID
(git-fixes).
- commit f103d79
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
(git-fixes).
- commit 28c6c36
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
eVMCS (git-fixes).
- commit aa258cd
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
shadow (git-fixes).
- commit 10c2c56
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
(git-fixes).
- commit 7736978
- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309
- blacklist.conf: add 9dba4d24cbb55 ("86/kvm: remove unused ack_notifier
callbacks"
- commit 7c642cd
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
(git-fixes).
- commit 28c590c
- s390/extmem: return correct segment type in __segment_load()
(bsc#1210450 git-fixes).
- commit 0040ffc
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
(bsc#1209856 git-fixes).
- commit 66fb793
- xen/netback: use same error messages for same errors
(git-fixes).
- commit a7eb923
- powerpc/iommu: DMA address offset is incorrectly calculated
with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
(git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
(git-fixes).
- commit b351847
- vc_screen: reload load of struct vc_data pointer in vcs_write()
to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
(git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
(git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
(git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
(git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
(git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
(git-fixes).
- commit 8584d07
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
(git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
(git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
(git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd
- drm/msm/dpu: Remove duplicate register defines from INTF
(git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
(git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
(git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
(git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
(git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
(git-fixes).
- commit 473b547
- Move upstreamed media patches into sorted section
- commit 201322a
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
bsc#1205758).
- commit 93a2fd7
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
(CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9
- can: kvaser_pciefd: Disable interrupts in probe error path
(git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
(git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
(git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
(git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
(git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
(git-fixes).
- selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
(git-fixes).
- commit 41844ce
- Update References
patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
(git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3
- net: sched: sch_qfq: prevent slab-out-of-bounds in
qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
(git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
(git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068
- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a
- cifs: avoid potential races when handling multiple dfs tcons
(bsc#1208758).
- commit 63e23c3
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
(bsc#1208758).
- commit afe04d7
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5
- cifs: fix potential use-after-free bugs in
TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06
- cifs: protect session status check in smb2_reconnect()
(bsc#1208758).
- commit a5777d5
- smb3: move some common open context structs to smbfs_common
(bsc#1193629).
- commit 584d68d
- smb3: make query_on_disk_id open context consistent and move
to common code (bsc#1193629).
- commit c9e01f8
- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882
- SMB3: Add missing locks to protect deferred close file list
(git-fixes).
- commit de29309
- cifs: avoid dup prefix path in dfs_get_automount_devname()
(git-fixes).
- commit ed1670a
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290
- Refresh
patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c
- Refresh
patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
Fix backport.
- commit 6887ae9
- HID: microsoft: Add rumble support to latest xbox controllers
(bsc#1211280).
- commit a92cf6c
- affs: initialize fsdata in affs_truncate() (git-fixes).
- commit 556d7fa
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- commit caf7724
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- commit e87f79f
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
(git-fixes).
- commit 563e8d3
- hfsplus: fix bug causing custom uid and gid being unable to
be assigned with mount (git-fixes).
- commit 610a8fb
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- commit 8b5744b
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- commit feebcc9
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- commit 8740f85
- fs: jfs: fix possible NULL pointer dereference in dbFree()
(git-fixes).
- commit dd91206
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- commit a58e29a
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- commit c7328c2
- jfs: Fix fortify moan in symlink (git-fixes).
- commit 11b192f
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- commit 79e06af
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e
- net: mana: Check if netdev/napi_alloc_frag returns single page
(bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
(bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
(bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
troubleshooting (bsc#1209982).
- commit ac98332
- reiserfs: Add security prefix to xattr name in
reiserfs_security_write() (git-fixes).
- commit 20d1751
- reiserfs: Add missing calls to reiserfs_security_free()
(git-fixes).
- commit 680dc2c
- Squashfs: fix handling and sanity checking of xattr_ids count
(git-fixes).
- commit 3c564fc
- squashfs: harden sanity check in squashfs_read_xattr_id_table
(git-fixes).
- commit 982f949
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
(git-fixes).
- commit 5814c62
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
(git-fixes)
- commit ef4b42f
- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
(v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
(git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
(git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
(git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
(git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
(git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
(git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
(git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
(git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
(git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
(git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
(git-fixes).
- serial: stm32: re-introduce an irq flag condition in
usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
(git-fixes).
- commit d64e14c
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
handler (git-fixes).
- commit 56061d9
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
(git-fixes).
- commit a6ab5bb
- KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0()
(git-fixes).
- commit f475ade
- KVM: SVM: hyper-v: placate modpost section mismatch error
(git-fixes).
- commit 816e1bf
- KVM: SVM: Fix potential overflow in SEV's
send|receive_update_data() (git-fixes).
- commit 16c4f84
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
(git-fixes).
- commit aed233d
- platform/x86: thinkpad_acpi: Fix platform profiles on T490
(git-fixes).
- commit 1c69e0b
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
(git-fixes).
- commit 81f590f
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
(git-fixes).
- commit 77c8954
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
is deliberate (git-fixes).
- commit b84688a
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
reconfigure race (git-fixes).
- commit 5d05f90
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544
- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873
- KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4
check fails (git-fixes).
- commit 8d3f5e6
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a
- x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes).
- commit c9d308d
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
(git-fixes).
- commit 341c774
- ECO for QAT driver update was approved (PED-3955).
Allow kABI changes below drivers/crypto/qat and remove
the corresponding kABI padding patch.
- commit d46b3f1
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb
- x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes).
- commit 309477d
- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
(git-fixes).
- commit b95c292
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
(git-fixes).
- commit 028e88b
- blacklist.conf: Blacklist already integrated patch
- commit f08adc0
- blacklist.conf: Remove alread-integrated patch
- commit 6038830
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
(git-fixes).
- commit 4d26615
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
(git-fixes).
- commit 1c41646
- KVM: x86: Mask off unsupported and unknown bits of
IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
(git-fixes).
- commit 31729ed
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1
- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
(bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
(bsc#1195655 ltc#195733).
- commit 75b352e
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
(git-fixes).
- commit 8e78e7b
- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf
- powerpc/rtas: use memmove for potentially overlapping buffer
copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
(bsc#1065729).
- commit a0f9fd4
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1
- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6
- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650
- Revert "KVM: set owner of cpu and vm file operations" (git-fixes)
- commit 641eec4
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0
- KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes)
- commit 3d5e854
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
Enable workaround and fix kABI breakage.
- commit 65ad1d7
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
(bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7
- net: mana: Move header files to a common location (bsc#1210741
jsc#PED-4022).
- Refresh
patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
(bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
jsc#PED-4022).
- commit 34e74c1
- net: mana: Define data structures for protection domain and
memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
(bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
(bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
jsc#PED-4022).
- commit f92c525
- KVM: nVMX: add missing consistency checks for CR0 and CR4
(bsc#1210294 CVE-2023-30456).
- commit ef9d3af
- blacklist.conf: cleanup of a comment
- commit 84e5a2f
- blacklist.conf: dependencies cannot be met
- commit e3d82fb
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
(bsc#1207553).
- commit f66a3d1
- apparmor: add a kernel label to use on kernel objects
(bsc#1211113).
- commit 51d9c3d
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1
- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c
- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be
- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7
- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0
- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852
- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d
- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713
- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697
- sfc: fix TX channel offset when using legacy interrupts
(git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f
- workqueue: Print backtraces from CPUs with hung CPU bound
workqueues (bsc#1211044).
- commit edb7f74
- workqueue: Warn when a rescuer could not be created
(bsc#1211044).
- commit bbf3c79
- workqueue: Interrupted create_worker() is not a repeated event
(bsc#1211044).
- commit 86794c5
- workqueue: Warn when a new worker could not be created
(bsc#1211044).
- commit eb3a726
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- Refresh patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
(jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
(git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
(git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
(jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
(git-fixes).
- sfc: include vport_id in filter spec hash and equal()
(git-fixes).
- sfc: Change VF mac via PF as first preference if available
(git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
(git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
(jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
(git-fixes).
- sfc: fix considering that all channels have TX queues
(git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
(jsc#SLE-18383).
- commit b8a7c09
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- act_mirred: use the backlog for nested calls to mirred ingress
(CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf
- netfilter: nf_tables: deactivate anonymous set from preparation
phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
(jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
(jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
(jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
(jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
(jsc#SLE-18378).
- i40e: fix flow director packet filter programming
(jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
(jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
(jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
(jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
(jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
(jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
(jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
(jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
(jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
(jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
(jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
(jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
(jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
(jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
(jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
(jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
(jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
(jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
(jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
(jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
(jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
(jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
(jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
(jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
(jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
(jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
(jsc#SLE-18375).
- commit 80d0092
- ACPI: processor: Fix evaluating _PDC method when running as
Xen dom0 (git-fixes).
- commit 9762d65
- xen/netback: don't do grant copy across page boundary
(git-fixes).
- commit f4517dd
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
(git-fixes).
- commit 46b1fec
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
(bsc#1210775).
- commit 2b91689
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
(git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
(git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
(git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8
- Update references to patch
patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
(git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551
- Remove obsolete rpm spec constructs
defattr does not need to be specified anymore
buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
obsoletes correctly (boo#1172073 bsc#1191731).
rpm only supports full length release, no provides
- commit c9b5bc4
- bnxt_en: Do not initialize PTP on older P3/P4 chips
(jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
(jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
(jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
(jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
(jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
(jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
(jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
(jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
(jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
(jsc#SLE-18978).
- commit aee4a77
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce
- watchdog: dw_wdt: Fix the error handling path of
dw_wdt_drv_probe() (git-fixes).
- commit 01087d8
- Update tags in
patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
(bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- commit aa4ba49
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- commit a7e591b
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- commit 24950dd
- Update
patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
(bsc#1211037 CVE-2023-2483).
- commit b748693
- Refresh
patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080
- PM: hibernate: Turn snapshot_test into global variable
(git-fixes).
- Refresh
patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292
- PM: hibernate: Do not get block device exclusively in
test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
(git-fixes).
- commit 5109b71
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
(git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
(git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
(git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0
- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
wmm_idx (git-fixes).
- commit 06c84d1
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
(git-fixes).
- commit 2260701
- blacklist.conf: add nvme git-fixes
- commit e6d21df
- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
(git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
(git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
(git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
(git-fixes).
Refresh:
- patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
- patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
This is a preparation for the next patch
- commit bde7887
- blacklist.conf: Disable already integrated patch
Despite not having it as a separate commit we already have
x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac
- x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e
- blacklist.conf: Blacklist i386 speculation fix
We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434
- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5
- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- commit 2520bfd
- blacklist.conf: add one char git-fixes
- commit 442298b
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
(git-fixes).
- leds: tca6507: Fix error handling of using
fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
(git-fixes).
- commit d6008ec
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- commit 84b434f
- xfs: verify buffer contents when we skip log replay (bsc#1210498
CVE-2023-2124).
- commit c6f30c5
- mm: take a page reference when removing device exclusive entries
(bsc#1211025).
- commit fd0cc4f
- usb: mtu3: fix kernel panic at qmu transfer done irq handler
(git-fixes).
- commit 7fcf832
- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1
- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402
- usb: chipidea: core: fix possible concurrent when switch role
(git-fixes).
- commit d07905a
- Update
patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
(git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7
- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36
- locking/rwbase: Mitigate indefinite writer starvation.
Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
(git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
(git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
prototype (git-fixes).
- commit 4f6ef5f
- power: supply: generic-adc-battery: fix unit scaling
(git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
to reparent (git-fixes).
- clk: add missing of_node_put() in "assigned-clocks" property
parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
(git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
(git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
(git-fixes).
- selftests/kselftest/runner/run_one(): allow running
non-executable files (git-fixes).
- commit fc18250
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
(git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
(git-fixes).
- commit aa8b700
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
CVE-2022-2196).
- commit 2cab1a4
- nvme: send Identify with CNS 06h only to I/O controllers
(bsc#1209693).
- commit fe51de7
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
(bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
(bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
(bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
(bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766
- ACPI: CPPC: Disable FIE if registers in PCC regions
(bsc#1210953).
- cpufreq: CPPC: Fix build error without
CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f
- keys: Fix linking a duplicate key to a keyring's assoc_array
(bsc#1207088).
- commit 52b6749
- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
(git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
(git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
(git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
(git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
_rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
(git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
(git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
(git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
(git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
(git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
(git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
(git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
(git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
(git-fixes).
- commit 30ae662
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
The target code is only for testing and there are no external users.
- commit a8c10fa
- blacklist.conf: add nvme git-fixes
- commit be17720
- Update
patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
(jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
Added CVE reference.
- commit 53f1f7b
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e
- ext4: use ext4_journal_start/stop for fast commit transactions
(bsc#1210793).
Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11
- nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
usage" (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
(git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
(git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
(bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
(bsc#1210816).
- commit 1d55fab
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
(git-fixes).
- Revert "Bluetooth: btsdio: fix use after free bug in
btsdio_remove due to unfinished work" (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
(git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
(git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
(git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
(git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
(git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
(git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
(git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
(git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
(git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
(git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
(git-fixes).
- commit ce41906
- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
(bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
(bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
and lock (git-fixes).
- commit 94a71e8
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
for HP Laptops (git-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
(git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
Refresh:
- patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
(git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
(git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
(git-fixes).
- nvmet: add helpers to set the result field for connect commands
(git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
(git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
(git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
(git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
(git-fixes).
- nvme: use command_id instead of req->tag in
trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
(git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
unsupposed features (git-fixes).
- nvmet: revert "nvmet: make discovery NQN configurable"
(git-fixes).
Refresh:
- patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
(git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
(git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
(git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
(git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
(git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
(git-fixes).
- regulator: core: Consistently set mutex_owner when using
ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
(git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
(git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
(git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
(git-fixes).
- commit 28cddd0
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
(git-fixes).
- commit 0730fed
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
(git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
(git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
(git-fixes).
- commit f201efd
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
(git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
(git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
(git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
(git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
(git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
(git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
(git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
table (git-fixes).
- commit 94ce2fb
- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae
- Update References
patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
(git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
cpuset_cancel_attach() (bsc#1210827).
- commit cd76825
- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7
- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
changed (bsc#1210816).
- commit f20434b
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
(git-fixes).
- selinux: ensure av_permissions.h is built when needed
(git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e
- powerpc/papr_scm: Update the NUMA distance table for the
target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8
- Update tags
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
(bsc#1206649).
- commit 4e476eb
- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b
- writeback, cgroup: fix null-ptr-deref write in
bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd
- mm/filemap: fix page end in filemap_get_read_batch
(bsc#1210768).
- commit 48f3bbb
- ext4: fix another off-by-one fsmap error on 1k block filesystems
(bsc#1210767).
- commit 9bc20af
- ext4: fix RENAME_WHITEOUT handling for inline directories
(bsc#1210766).
- commit 1ad1269
- ext4: fix cgroup writeback accounting with fs-layer encryption
(bsc#1210765).
- commit 480dd33
- ext4: fix incorrect options show of original mount_opt and
extend mount_opt2 (bsc#1210764).
- commit ec7e31c
- ext4: fix possible double unlock when moving a directory
(bsc#1210763).
- commit 88434ef
- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa
- ext4: Fix possible corruption when moving a directory
(bsc#1210763).
- commit 5d35ccf
- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9
- ext4: fix corruption when online resizing a 1K bigalloc fs
(bsc#1206891).
- commit aebc870
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa
- Drivers: vmbus: Check for channel allocation before looking
up relids (git-fixes).
- commit ab07682
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(git-fixes).
- commit 34b9f7a
- iio: light: tsl2772: fix reading proximity-diodes from device
tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
(git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a
- Update
patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
(git-fixes bsc#1210725).
- commit aab0dd8
- e1000e: Disable TSO on i219-LM card to increase speed
(git-fixes).
- clk: sprd: set max_register according to mapping range
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
(git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
(git-fixes).
- power: supply: cros_usbpd: reclassify "default case!" as debug
(git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
(git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
(git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
(git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
(git-fixes).
- commit ba21d6e
- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
initialized (bsc#1155798 (CPU scheduler functional and
performance backports)).
- sched/fair: Move calculate of avg_load to a better location
(bsc#1155798 (CPU scheduler functional and performance
backports)).
- commit 1c631df
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
(git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
(git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154
- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba
- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
(git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
(git-fixes).
- x86/entry: Switch the stack after error_entry() returns
(git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
(git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
(git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
(git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705
- blacklist.conf: add some x86 git-fixes
- commit 67b8a58
- memstick: fix memory leak if card device is never registered
(git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
(git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
(git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
(git-fixes).
- commit e50472a
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
bsc#1209615).
- commit c351e67
- supported.conf: support u_ether and libcomposite
(jsc-PED#3750)
This is necessary for g_ncm
(for maintainance see jsc-PED#3759)
- commit 93dcc25
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955
- supported.conf: declaring usb_f_ncm supported as
requested in (jsc#PED-3750)
Support for the legacy functionality g_ncm is still
under discussion
(see jsc-PED#3200)
For maintainance see (jsc#PED-3759)
- commit 2970881
- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4
- blacklist.conf: fix for a feature which was not backported
- commit 40356f9
- blacklist.conf: needed just for a cleanup
- commit 2ad4085
- x86/speculation: Allow enabling STIBP with legacy IBRS
(bsc#1210506 CVE-2023-1998).
- commit 43f265f
- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463
- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db
- perf/core: Fix the same task check in perf_event_set_output
(git fixes).
- perf: Fix check before add_event_to_groups() in
perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
(git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
(git-fixes).
- commit c25cc8c
- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856
- sched/fair: Sanitize vruntime of entity being migrated
(bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
(bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
(bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f
- mm: page_alloc: skip regions with hugetlbfs pages when
allocating 1G pages (bsc#1210034).
- commit 421448a
- i2c: ocores: generate stop condition after timeout in polling
mode (git-fixes).
- commit 95ee80d
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
(git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
(git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
(git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
(git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
(git-fixes).
- commit 4a758e5
- scsi: iscsi_tcp: Check that sock is valid before
iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
(git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
(git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
(git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
(git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
(git-fixes).
- scsi: core: Fix a procfs host directory removal regression
(git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
(git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
(git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
(git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
(git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
(git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
(git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
(git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
(git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
(git-fixes).
- scsi: libsas: Remove useless dev_list delete in
sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
ipaddress (git-fixes).
- commit fce4b5b
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
shost ipaddress (git-fixes).
- Refresh
patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- Update
patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
(kabi bsc#1210206).
Fix kabi breakage.
- commit cf0ac3f
- Update CVE reference to
patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
(git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11
- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
(git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
overflow (git-fixes).
- Revert "pinctrl: amd: Disable and mask interrupts on resume"
(git-fixes).
- drm/armada: Fix a potential double free in an error handling
path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
(git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
(git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
(git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
(git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
cards (git-fixes).
- commit f9cf523
- scsi: hisi_sas: Set a port invalid only if there are no devices
attached when refreshing port id (git-fixes).
- commit 5cdcc2b
- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8
- Update
patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
(git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
bsc#1203039) (renamed now that it's upstgream)
- Refresh
patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
(bsc#1210158).
- commit 5691022
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
(bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
(bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
enough (bsc#1209927).
- commit b35c5f2
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449
- Update CVE reference to
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
- krb5
-
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
(CVE-2023-36054);
- Added patches:
* 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch
- libX11
-
- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
* Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
- libapparmor
-
- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
documentation (bsc#1213472)
- audit
-
- Enable livepatching on main library on x86_64.
- util-linux
-
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
Add patch to util-linux-systemd and python3-libmount, as it was
previously only included in util-linux.
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- libcap
-
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
(bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
(bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
- c-ares
-
- Update to version 1.19.1
Security:
* CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
(bsc#1211604)
* CVE-2023-31147 Moderate. Insufficient randomness in generation
of DNS query IDs (bsc#1211605)
* CVE-2023-31130. Moderate. Buffer Underwrite in
ares_inet_net_pton() (bsc#1211606)
* CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
during cross compilation (bsc#1211607)
Bug fixes:
* Fix uninitialized memory warning in test
* ares_getaddrinfo() should allow a port of 0
* Fix memory leak in ares_send() on error
* Fix comment style in ares_data.h
* Fix typo in ares_init_options.3
* Sync ax_pthread.m4 with upstream
* Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
- cryptsetup
-
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
* Check for physical memory available also in PBKDF benchmark.
* Try to avoid OOM killer on low-memory systems without swap.
* Use only half of detected free memory on systems without swap.
* Add patches:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
- libfastjson
-
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
large JSON file (bsc#1171479)
add 0001-Fix-CVE-2020-12762.patch
- libfido2
-
- Use openssl 1.1 still on SLES 15 SP4 to avoid pulling unnecessary
openssl-3 dependency. jsc#PED-4521
- Version 1.13.0 (2023-02-20)
* Support for linking against OpenSSL on Windows; gh#668.
* New API calls:
+ fido_assert_empty_allow_list;
+ fido_cred_empty_exclude_list.
* fido2-token: fix issue when listing large blobs.
* Improved support for different fuzzing engines.
- Version 1.12.0 (2022-09-22)
* Support for COSE_ES384.
* Support for hidraw(4) on FreeBSD; gh#597.
* Improved support for FIDO 2.1 authenticators.
* New API calls:
+ es384_pk_free;
+ es384_pk_from_EC_KEY;
+ es384_pk_from_EVP_PKEY;
+ es384_pk_from_ptr;
+ es384_pk_new;
+ es384_pk_to_EVP_PKEY;
+ fido_cbor_info_certs_len;
+ fido_cbor_info_certs_name_ptr;
+ fido_cbor_info_certs_value_ptr;
+ fido_cbor_info_maxrpid_minpinlen;
+ fido_cbor_info_minpinlen;
+ fido_cbor_info_new_pin_required;
+ fido_cbor_info_rk_remaining;
+ fido_cbor_info_uv_attempts;
+ fido_cbor_info_uv_modality.
* Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
* Experimental PCSC support; enable with -DUSE_PCSC.
* Improved OpenSSL 3.0 compatibility.
* Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
* winhello: advertise "uv" instead of "clientPin".
* winhello: support hmac-secret in fido_dev_get_assert().
* New API calls:
+ fido_cbor_info_maxlargeblob.
* Documentation and reliability fixes.
* Separate build and regress targets.
- Version 1.10.0 (2022-01-17)
* hid_osx: handle devices with paths > 511 bytes; gh#462.
* bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
* winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
* winhello: fallback to hid_win.c if webauthn.dll isn’t available.
* New API calls:
- fido_dev_info_set;
- fido_dev_io_handle;
- fido_dev_new_with_info;
- fido_dev_open_with_info.
* Cygwin and NetBSD build fixes.
* Documentation and reliability fixes.
* Support for TPM 2.0 attestation of COSE_ES256 credentials.
- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x
is now supported.
- Version 1.9.0 (2021-10-27)
* Enabled NFC support on Linux.
* Added OpenSSL 3.0 compatibility.
* Removed OpenSSL 1.0 compatibility.
* Support for FIDO 2.1 "minPinLength" extension.
* Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
* Support for TPM 2.0 attestation.
* Support for device timeouts; see fido_dev_set_timeout().
* New API calls:
- es256_pk_from_EVP_PKEY;
- fido_cred_attstmt_len;
- fido_cred_attstmt_ptr;
- fido_cred_pin_minlen;
- fido_cred_set_attstmt;
- fido_cred_set_pin_minlen;
- fido_dev_set_pin_minlen_rpid;
- fido_dev_set_timeout;
- rs256_pk_from_EVP_PKEY.
* Reliability and portability fixes.
* Better handling of HID devices without identification strings; gh#381.
* Fixed detection of Windows’s native webauthn API; gh#382.
- Removed fix-cmake-linking.patch because no longer needed
- Update to version 1.8.0:
* Dropped 'Requires.private' entry from pkg-config file.
* Better support for FIDO 2.1 authenticators.
* Support for Windows's native webauthn API.
* Support for attestation format 'none'.
* New API calls:
- fido_assert_set_clientdata;
- fido_cbor_info_algorithm_cose;
- fido_cbor_info_algorithm_count;
- fido_cbor_info_algorithm_type;
- fido_cbor_info_transports_len;
- fido_cbor_info_transports_ptr;
- fido_cred_set_clientdata;
- fido_cred_set_id;
- fido_credman_set_dev_rk;
- fido_dev_is_winhello.
* fido2-token: new -Sc option to update a resident credential.
* Documentation and reliability fixes.
* HID access serialisation on Linux.
- disable fix-cmake-linking.patch, not needed currently
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
* New API calls
* New fido_init flag to disable fido_dev_open’s U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
* Added fix-cmake-linking.patch to fix linking
- Update to version 1.6.0:
* Fix OpenSSL 1.0 and Cygwin builds.
* hid_linux: fix build on 32-bit systems.
* hid_osx: allow reads from spawned threads.
* Documentation and reliability fixes.
* New API calls:
+ fido_cred_authdata_raw_len;
+ fido_cred_authdata_raw_ptr;
+ fido_cred_sigcount;
+ fido_dev_get_uv_retry_count;
+ fido_dev_supports_credman.
* Hardened Windows build.
* Native FreeBSD and NetBSD support.
* Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
- mozilla-nss
-
- update to NSS 3.90
* bmo#1623338 - ride along: remove a duplicated doc page
* bmo#1623338 - remove a reference to IRC
* bmo#1831983 - clang-format lib/freebl/stubs.c
* bmo#1831983 - Add a constant time select function
* bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
* bmo#1830973 - output early build errors by default
* bmo#1804505 - Update the technical constraints for KamuSM
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
* bmo#1790763 - Enable default UBSan Checks
* bmo#1786018 - Add explicit handling of zero length records
* bmo#1829391 - Tidy up DTLS ACK Error Handling Path
* bmo#1786018 - Refactor zero length record tests
* bmo#1829112 - Fix compiler warning via correct assert
* bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
* bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
* bmo#1784163 - Fix reading raw negative numbers
* bmo#1748237 - Repairing unreachable code in clang built with gyp
* bmo#1783647 - Integrate Vale Curve25519
* bmo#1799468 - Removing unused flags for Hacl*
* bmo#1748237 - Adding a better error message
* bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
* bmo#1782980 - Fall back to the softokn when writing certificate trust
* bmo#1806010 - FIPS-104-3 requires we restart post programmatically
* bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
* bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
* bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
* bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
* bmo#1822076 - fix rst warnings in nss doc
* bmo#1821997 - Fix incorrect pygment style
* bmo#1821292 - Change GYP directive to apply across platforms
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
* bmo#1804505 - Update the technical constraints for KamuSM.
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
* bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
* bmo#1820175 - PR_STATIC_ASSERT is cursed
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1820175 - Fix unreachable code warning in fuzz builds
* bmo#1820175 - Fix various compiler warnings in NSS
* bmo#1820175 - Enable various compiler warnings for clang builds
* bmo#1815136 - set PORT error after sftk_HMACCmp failure
* bmo#1767883 - Need to add policy control to keys lengths for signatures
* bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
* bmo#1804660 - Make high tag number assertion failure an error
* bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
length from 284 to 384
* bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
* bmo#1789436 - Fix build failure on Windows
* bmo#1811337 - migrate Win 2012 tasks to Azure
* bmo#1810702 - fix title length in doc
* bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
* bmo#1570615 - Add presence/absence tests for TLS GREASE
* bmo#1804688 - Correct addition of GREASE value to ALPN xtn
* bmo#1789436 - CH extension permutation
* bmo#1570615 - TLS GREASE (RFC8701)
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
- update to NSS 3.88.1
* bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
* bmo#1815870 - use a different treeherder symbol for each docker
image build task
* bmo#1815868 - pin an older version of the ubuntu:18.04 and
20.04 docker images
* bmo#1810702 - remove nested table in rst doc
* bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
* bmo#1812671 - build failure while implicitly casting SECStatus
to PRUInt32
* bmo#1212915 - Add check for ClientHello SID max length
* bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
* bmo#1790357 - ECH client - Discard resumption TLS < 1.3
Session(IDs|Tickets) if ECH configs are setup
* bmo#1714245 - On HRR skip PSK incompatible with negotiated
ciphersuites hash algorithm
* bmo#1789410 - ECH client: Send ech_required alert on server
negotiating TLS 1.2. Fixed misleading Gtest,
enabled corresponding BoGo test
* bmo#1771100 - Added Bogo ECH rejection test support
* bmo#1771100 - Added ECH 0Rtt support to BoGo shim
* bmo#1747957 - RSA OAEP Wycheproof JSON
* bmo#1747957 - RSA decrypt Wycheproof JSON
* bmo#1747957 - ECDSA Wycheproof JSON
* bmo#1747957 - ECDH Wycheproof JSON
* bmo#1747957 - PKCS#1v1.5 wycheproof json
* bmo#1747957 - Use X25519 wycheproof json
* bmo#1766767 - Move scripts to python3
* bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
* bmo#1805907 - Extending RSA-PSS bltest test coverage
(Adding SHA-256 and SHA-384)
* bmo#1804091 - NSS needs to move off of DSA for integrity checks
* bmo#1805815 - Add initial testing with ACVP vector sets using
acvp-rust
* bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
* bmo#1803226 - NULL password encoding incorrect
* bmo#1804071 - Fix rng stub signature for fuzzing builds
* bmo#1803595 - Updating the compiler parsing for build
* bmo#1749030 - Modification of supported compilers
* bmo#1774654 - tstclnt crashes when accessing gnutls server
without a user cert in the database.
* bmo#1751707 - Add configuration option to enable source-based
coverage sanitizer
* bmo#1751705 - Update ECCKiila generated files.
* bmo#1730353 - Add support for the LoongArch 64-bit architecture
* bmo#1798823 - add checks for zero-length RSA modulus to avoid
memory errors and failed assertions later
* bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
* bmo#1803190 - conscious language removal in NSS
* bmo#1794506 - Set nssckbi version number to 2.60
* bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
CKA_NSS_EMAIL_DISTRUST_AFTER for 3
TrustCor Root Certificates
* bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
* bmo#1797559 - Remove EC-ACC root cert from NSS
* bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
* bmo#1794495 - Remove Network Solutions Certificate Authority
* bmo#1802331 - compress docker image artifact with zstd
* bmo#1799315 - Migrate nss from AWS to GCP
* bmo#1800989 - Enable static builds in the CI
* bmo#1765759 - Removing SAW docker from the NSS build system
* bmo#1783231 - Initialising variables in the rsa blinding code
* bmo#320582 - Implementation of the double-signing of the message
for ECDSA
* bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
- update to NSS 3.84
* bmo#1791699 - Bump minimum NSPR version to 4.35
* bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
* bmo#1788875 - Remove set-but-unused variables from
SEC_PKCS12DecoderValidateBags
* bmo#1563221 - remove older oses that are unused part3/ BeOS
* bmo#1563221 - remove older unix support in NSS part 3 Irix
* bmo#1563221 - remove support for older unix in NSS part 2 DGUX
* bmo#1563221 - remove support for older unix in NSS part 1 OSF
* bmo#1778413 - Set nssckbi version number to 2.58
* bmp#1785297 - Add two SECOM root certificates to NSS
* bmo#1787075 - Add two DigitalSign root certificates to NSS
* bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
* bmo#1771100 - Added bug reference and description to disabled
UnsolicitedServerNameAck bogo ECH test
* bmo#1779361 - Removed skipping of ECH on equality of private and
public server name
* bmo#1779357 - Added comment and bug reference to
ECHRandomHRRExtension bogo test
* bmo#1779370 - Added Bogo shim client HRR test support. Fixed
overwriting of CHInner.random on HRR
* bmo#1779234 - Added check for server only sending ECH extension
with retry configs in EncryptedExtensions and if not
accepting ECH. Changed config setting behavior to
skip configs with unsupported mandatory extensions
instead of failing
* bmo# 1771100 - Added ECH client support to BoGo shim. Changed
CHInner creation to skip TLS 1.2 only extensions to
comply with BoGo
* bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
server accept_confirmation bugs
* bmo#1771100 - Update BoGo tests to recent BoringSSL version
* bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
* bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
* bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
* bmo#1784724 - Initialize local variables in
TlsConnectTestBase::ConnectAndCheckCipherSuite
* bmo#1784191 - Cast the result of GetProcAddress
* bmo#1681099 - pk11wrap: Tighten certificate lookup based on
PKCS #11 URI.
- update to NSS 3.81
* bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
* bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
* bmo#1779285 - Add no_application_protocol alert handler and
test client error code is set
* bmo#1777672 - Gracefully handle null nickname in
CERT_GetCertNicknameWithValidity
* required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
sufficient (boo#1202118)
- update to NSS 3.80
* bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
* bmo#1617956 - Add support for asynchronous client auth hooks.
* bmo#1497537 - nss-policy-check: make unknown keyword check optional.
* bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
by allocating it on initialization. Replaced
redundant code with assert. Debug builds: Added
buffer freeing/allocation for each record.
* bmo#1773022 - Mark 3.79 as an ESR release.
* bmo#1764206 - Bump nssckbi version number for June.
* bmo#1759815 - Remove Hellenic Academic 2011 Root.
* bmo#1770267 - Add E-Tugra Roots.
* bmo#1768970 - Add Certainly Roots.
* bmo#1764392 - Add DigitCert Roots.
* bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
* bmo#1366464 - Compare signature and signatureAlgorithm fields in
legacy certificate verifier.
* bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
* bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
* bmo#1771498 - Uninitialized value in cert_ComputeCertType.
* bmo#1760998 - Avoid data race on primary password change.
* bmo#1769063 - Replace ppc64 dcbzl intrinisic.
* bmo#1771036 - Allow LDFLAGS override in makefile builds.
- freetype2
-
- Added patch:
* CVE-2023-2004.patch
+ fixes bsc#1210419, CVE-2023-2004: Integer overflow
- gcc12
-
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
* includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
* remove gcc12-fifo-jobserver-support.patch which is now
included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
gcc12-riscv-pthread.patch: handle subword size inline atomics
(needed by several openSUSE packages)
- libjansson
-
- Update to 2.14 (boo#1201817):
* New Features:
+ Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
corresponding `nocheck` functions.
+ Add jansson_version_str() and jansson_version_cmp() for runtime
version checking
+ Add json_object_update_new(), json_object_update_existing_new()
and json_object_update_missing_new() functions
+ Add json_object_update_recursive()
+ Add `json_pack()` format specifiers s*, o* and O* for values
that can be omitted if null (#339).
+ Add `json_error_code()` to retrieve numeric error codes
(#365, #380, #381).
+ Enable thread safety for `json_dump()` on all systems.
Enable thread safe `json_decref()` and `json_incref()` for
modern compilers (#389).
+ Add `json_sprintf()` and `json_vsprintf()` (#393).
* Fixes:
+ Handle `sprintf` corner cases.
+ Add infinite loop check in json_deep_copy()
+ Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
+ Update version detection for sphinx-build
+ Fix error message in `json_pack()` for NULL object (#409).
+ Avoid invalid memory read in `json_pack()` (#421).
+ Call va_end after va_copy in `json_vsprintf()` (#427).
+ Improve handling of formats with '?' and '*' in `json_pack()`
(#438).
+ Remove inappropriate `jsonp_free()` which caused
segmentation fault in error handling (#444).
+ Fix incorrect report of success from `json_dump_file()` when
an error is returned by `fclose()` (#359).
+ Make json_equal() const-correct (#344).
+ Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
- openldap2
-
- bsc#1212260 - crash in libldap when non-ldap data responds
* 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
* 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
- liblognorm
-
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
* 2018-11-02: nitfixes: issues deteced by CodeFactor.com
* 2018-11-01: more cleanup of shell scripting
* 2018-10-31: cleanup shell scripting
* 2018-10-26: implement Checkpoint LEA transfer format
* 2018-10-31: fix mising shebangs in test scripts
* 2018-10-30: fix some bash style nits
* 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
* 2018-06-26: string parser: add "lazy" matching mode
* 2018-05-30: Update lognormalizer.c
* 2018-05-30: Update lognormalizer.c to support case fallthrough
* 2018-05-30: Update README
* 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
* 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
* 2018-04-25: fix potential NULL pointer addressing
* 2018-04-07: Add test for nested user types
* 2018-04-07: Fix use after free with nested user types (#235)
* 2018-04-25: build system: fix gcc warning
* 2018-04-25: make "make check" "succeed" on solaris 10
* 2018-04-16: fix build warnings with some newer compilers
* 2018-04-16: remove dead code
* 2018-04-16: fix potential memory leaks during config processing
* 2018-04-16: fix memory leak during config processing
* 2018-04-16: csv encoder: fix format error when processing arrays
* 2018-03-29: Explicitly list supported whitespace characters
* 2018-03-28: "fix" return type of unused dummy function
- replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
* 2018-03-21: Suppress invalid param error for name to fix #270
* 2018-03-19: fix header guard
* 2018-03-06: Correct CLI options in the docs
* 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
* 2017-11-29: codestyle: correct line length to 120
* 2017-11-29: codestyle: set max line length to 120
* 2017-11-25: fix some very bad line length violations
* 2017-11-25: travis: temporarily permit longer line length
* 2017-10-19: make build with gcc7
* 2017-10-05: es_str2cstr leak in string-to v1 parse
- ncurses
-
- Modify patch ncurses-6.1.dif
* Secure writing terminfo entries by setfs[gu]id in s[gu]id
(boo#1210434, CVE-2023-29491)
* Reading is done since 2000/01/17
- nftables
-
- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this
fixes a crash in nftables if layer2 reject rules are processed (e.g.
Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).
- openssl-1_1
-
- Security fix: (bsc#1213853, CVE-2023-3817)
* Fix excessive time spent checking DH q parameter value
(bsc#1213853, CVE-2023-3817). The function DH_check() performs
various checks on DH parameters. After fixing CVE-2023-3446 it
was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A
correct q value, if present, cannot be larger than the modulus
p parameter, thus it is unnecessary to perform these checks if
q is larger than p. If DH_check() is called with such q parameter
value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
computationally intensive checks are skipped.
* Add openssl-1_1-CVE-2023-3817.patch
- Dont pass zero length input to EVP_Cipher because assembler
optimized AES cannot handle zero size. [bsc#1213517]
* Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
- Security fix: [bsc#1213487, CVE-2023-3446]
* Fix DH_check() excessive time with over sized modulus.
* The function DH_check() performs various checks on DH parameters.
One of those checks confirms that the modulus ("p" parameter) is
not too large. Trying to use a very large modulus is slow and
OpenSSL will not normally use a modulus which is over 10,000 bits
in length.
However the DH_check() function checks numerous aspects of the
key or parameters that have been supplied. Some of those checks
use the supplied modulus value even if it has already been found
to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying
a key/parameters with a modulus over this size will simply cause
DH_check() to fail.
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
- Check OCSP RESPONSE in s_client and terminate connection if a
revoked certificate is found. Add OCSP_RESPONSE_check_status()
function to do that check. [bsc#1212623]
* Add openssl-s_client-check-ocsp-status.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
* Reworked the Fix for the Timing Oracle in RSA Decryption
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s.
* Add openssl-CVE-2022-4304.patch
* Removed patches:
- openssl-CVE-2022-4304-1of2.patch
- openssl-CVE-2022-4304-2of2.patch
* Refreshed patches:
- openssl-CVE-2023-0464.patch
- openssl-CVE-2023-0465.patch
- Update further expiring certificates that affect tests [bsc#1201627]
* Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
* Possible DoS translating ASN.1 object identifiers
* Add openssl-CVE-2023-2650.patch
- pcre2
-
- Security fix: [bsc#1213514, CVE-2022-41409]
* Integer overflow vulnerability in pcre2test before 10.41
allows attackers to cause a denial of service or other
unspecified impacts via negative input.
* Add pcre2-CVE-2022-41409.patch
- procps
-
- Add patch bsc1209122-a6c0795d.patch
* Fix for bsc#1209122 to allow `-´ as leading character to ignore
possible errors on systctl entries
- python3
-
- Add 99366-patch.dict-can-decorate-async.patch fixing
gh#python/cpython#98086 (backport from Python 3.10 patch in
gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
CVE-2007-4559 (bsc#1203750) by adding the filter for
tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
- libsigc++2
-
- Add libsigc++2-remove-unnecessary-executable-flag-from-file.patch:
cancel executable permission for file
/usr/share/doc/packages/libsigc-2_0-0/NEWS(bsc#1209094,bsc#1209140).
- libsolv
-
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
[bsc#1195633]
- bump version to 0.7.24
- suseconnect-ng
-
- Update to version 1.1.0~git2.f42b4b2a060e:
* Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
- systemd
-
- Import commit b473c02cc08e093e370034425671cbc001c6748e
02caac7973 units/initrd-parse-etc.service: Conflict with emergency.target
70b3bff9f8 sd-device-monitor: dynamically allocate receive buffer (bsc#1213873)
e2e1fbba2b sd-device: change type of properties nulstr from uint8_t* to char*
c9d3dd5954 udev: set description for device monitor
3f07f44fde test: use sd_device_monitor_set_description()
b304a1e1a2 sd-device-monitor: logs description for device monitor
929d4066c5 sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
340e523048 sd-device-monitor: fix inversed condition
02659c7b67 tree-wide: port various places over to new stat_inode_same() helper
b35a4b042a stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
d25219cbe3 libsystemd: ignore both EINTR and EAGAIN
648a151313 errno-util: introduce ERRNO_IS_TRANSIENT()
- Import commit 155fe1917157bdeecf7e28ef0ea9f62084f27f14
3b8c671f90 detach-md: similar to the DM case, also don't try to detach MD device backing /usr/ (bsc#1211576)
6da5d2d1fc shutdown: don't attempt to detach DM volume backing /usr/ (bsc#1211576)
37178881c1 udev: decrease devlink priority for iso disks (bsc#1213185)
02ede28319 shutdown: get only active md arrays. (bsc#1212434 bsc#1213575 bsc#1211576)
412b8dbb32 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
16f897570a units: remove the restart limit on the modprobe@.service
e4e85b08bd tests: add test case for long unit names
3f84b06f9d core: shorten long unit names that are based on paths and append path hash at the end (bsc#1208194)
- Add 5001-sleep-don-t-init-sys-power-resume-if-resume-option-i.patch (bsc#1186606)
- Make sure to pre-install the groups systemd and udev rely on. This is needed
when the tmpfiles are run at package installation time (i.e. when
file-triggers are disabled).
- Move more packaging fixups in the fixlet script.
- Move the persistent net rule fix in udev fixlet script.
- Rather than having one script per fix, use a single script (or "fixlet") per
(sub) package that contains all the fixups relative to a (sub) package. This
has the advantage to limit the number of scripts but more importantly it will
ease the sharing of the spec file between TW and SLE. We should also be able
to compare the fixlets of two distros even if the spec files have diverged.
Note that all the fixups are run just once now.
- kbd-model-map.legacy:: add 'ara' which should replace 'arabic' in the long
term (bsc#1210702)
- kbd-model-map.legacy: drop some entries no longer needed by YaST
Related to bsc#1194609.
- Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
That way "systemd --user" instances get their own session keyring instead of
the user default session keyring. For some reasons cifscreds refuses to work
with the latter. That's what is expected for every PAM session anyway.
- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
Optimize when hundred workers claim the same symlink with the same priority.
- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
/dev/dvdrw could have no longer been created. Futhermore the rule added by
this patch dealing with /dev/cdrom was redundant with the upstream one
- tiff
-
- security update:
* CVE-2023-0795 [bsc#1208226]
* CVE-2023-0796 [bsc#1208227]
* CVE-2023-0797 [bsc#1208228]
* CVE-2023-0798 [bsc#1208229]
* CVE-2023-0799 [bsc#1208230]
+ tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
* CVE-2023-0800 [bsc#1208231]
* CVE-2023-0801 [bsc#1208232]
* CVE-2023-0802 [bsc#1208233]
* CVE-2023-0803 [bsc#1208234]
* CVE-2023-0804 [bsc#1208236]
+ tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
- xmlsec1
-
- switch to pkgconfig(zlib) to allow alternative providers as well
- update to 1.2.37:
Fixed two regressions from 1.2.36 release
- Update to 1.2.36:
* Retired the XMLSec mailing list "xmlsec@aleksey.com" and the
XMLSec Online Signature Verifier.
- Update to 1.2.35:
* Migration to OpenSSL 3.0 API (based on PR by @snargit). Note
that OpenSSL engines are disabled by default when XMLSec
library is compiled against OpenSSL 3.0. To re-enable OpenSSL
engines, use "--enable-openssl3-engines" configure flag (there
will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now
deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed
all warnings and enabled "-Werror" and "-pedantic" flags on
CI builds.
* Added configure flag to use size_t for xmlSecSize (currently
disabled by default for backward compatibility).
* Moved all CI builds to GitHub actions.
- Add export CFLAGS/CXXFLAGS="-Wno-error=deprecated-declarations"
inbefore configure. We pass --enable-werror to configure, and
that leads to warnings about deprecations failing build. As
deprecations is mainly a consern for upstream, stop failing on
those.
- update to 1.2.34:
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
- update to 1.2.33:
* Fix decrypting session key for two recipients
* Added --privkey-openssl-engine option to enhance openssl engine support
- update to 1.2.32:
+ Remove MD5 for NSS 3.59 and above
+ Fix PKCS12_parse return code handling
+ Fix OpenSSL lookup
+ xmlSecX509DataGetNodeContent(): don't return 0 for non-empty
elements - fix for LibreOffice
- add upstream signing key and validate source signature
- put license text into all subpackages
- treat all compiler warnings as errors
- Relax the crypto policies for the test-suite. This allows the
tests using certificates with small key lengths to pass.
- Update to version 1.2.31:
+ Unload error strings in OpenSSL shutdown.
+ Make userData available when executing preExecCallback
function.
+ Add an option to use secure memset.
- Pass --disable-md5 to configure: The cryptographic strength of
the MD5 algorithm is sufficiently doubtful that its use is
discouraged at this time. It is not listed as an algorithm in
[XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
- Update to 1.2.30:
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/ folder.
- libyajl
-
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
- libyui
-
- NCurses UI: Prevent buffer overflow when drawing very wide labels
(bsc#1211354)
- 4.3.7
- Qt UI: Fixed loading icons from an absolute path (bsc#1210591)
https://github.com/libyui/libyui/pull/94
- 4.3.6
- Backported fix for main window stacking order in YQMainWinDock to avoid
unintentional transparency when QSS-styling YQDialogs
(bsc#1199020, bsc#1191112)
- 4.3.5
- Force messages from .ui file through our translation mechanism
(bsc#1198097)
- 4.3.4
- zlib
-
- Fix deflateBound() before deflateInit(), bsc#1210593
bsc1210593.patch
- Add DFLTCC support for using inflate() with a small window,
fixes bsc#1206513
* bsc1206513.patch
- libzypp
-
- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. So we make
sure all custom headers are trimmed. This also includes headers
returned by URL-Resolver plugins.
- version 17.31.14 (22)
- curl: Trim user agent string (bsc#1212187)
HTTP/2 RFC 9113 forbids fields ending with a space. Violation
results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
(bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
- MediaCurl: Fix endless loop if wrong credentials are stored in
credentials.cat (bsc#1210870)
Since libzypp-17.31.7 wrong credentials stored in credentials.cat
may lead to an endless loop. Rather than asking for the right
credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
(bsc#1208329)
Maximum time in seconds that you allow the connection phase to
the server to take. This only limits the connection phase, it has
no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
(boo#1127591)
Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
[#439])
Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
- shadow
-
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
- man
-
- Use inverted exit status in exec option of find command to
avoid refreshing man database (boo#1155879)
- Minor corrections on %ghost /var/cache/man
- mozilla-nspr
-
- update to version 4.35
* fixes for building with clang
* use the number of online processors for the
PR_GetNumberOfProcessors() API on some platforms
* fix build on mips+musl libc
* Add support for the LoongArch 64-bit architecture
- nfs-utils
-
- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
Inconsistencies in /etc/exports shouldn't be fatal.
(bsc#1212594)
- Add 0030-systemd-use-correct-modprobe-d-directory
SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
(bsc#1200710)
- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed
- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
boo#1157881
- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
bsc#1209859
- Allow scope to be set in sysconfig: NFSD_SCOPE
- opensc
-
- Security Fix: [CVE-2023-2977, bsc#1211894]
* opensc: out of bounds read in pkcs15 cardos_have_verifyrc_package()
* Add opensc-CVE-2023-2977.patch
- openssh
-
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
requested to load a PKCS#11 provider that isnt a PKCS#11
provider (bsc#1213504,CVE-2023-38408)
- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
This caused invalid and irrelevant environment assignments (bsc#1207014).
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944
- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
(bsc#1210799, bsc#1201399)
- 0.943
- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
UEFI platforms (bsc#1208003)
- 0.942
- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941
- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
- perl
-
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
new patch: perl-cpan_verify_cert.diff
- python-boto3
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update to 1.26.89
* api-change:``ivschat``: [``botocore``] This release adds a new exception returned when calling
AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return
ConflictException when invalid updates are made in sequence to Logging Configurations.
* api-change:``secretsmanager``: [``botocore``] The type definitions of SecretString and
SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you
pass in empty values.
- from version 1.26.88
* api-change:``codeartifact``: [``botocore``] This release introduces the generic package format, a
mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to
allow for publishing generic packages.
* api-change:``connect``: [``botocore``] This release adds a new API, GetMetricDataV2, which
returns metric data for Amazon Connect.
* api-change:``evidently``: [``botocore``] Updated entity override documentation
* api-change:``networkmanager``: [``botocore``] This update provides example usage for
TransitGatewayRouteTableArn.
* api-change:``quicksight``: [``botocore``] This release has two changes: add state persistence
feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties
for hidden collapsed row dimensions in PivotTableOptions.
* api-change:``redshift-data``: [``botocore``] Added support for Redshift Serverless workgroup-arn
wherever the WorkgroupName parameter is available.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now allows SSM access to
customer's model container by setting the "EnableSSMAccess" parameter for a ProductionVariant in
CreateEndpointConfig API.
* api-change:``servicediscovery``: [``botocore``] Updated all AWS Cloud Map APIs to provide
consistent throttling exception (RequestLimitExceeded)
* api-change:``sesv2``: [``botocore``] This release introduces a new recommendation in Virtual
Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message
Identification (BIMI) DNS records for customer sending identities.
- from version 1.26.87
* api-change:``athena``: [``botocore``] A new field SubstatementType is added to GetQueryExecution
API, so customers have an error free way to detect the query type and interpret the result.
* api-change:``dynamodb``: [``botocore``] Adds deletion protection support to DynamoDB tables.
Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by
default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in
TableDescription. This setting is not replicated for Global Tables.
* api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7g, M7g and R7g instances, powered by
the latest generation AWS Graviton3 processors and deliver up to 25% better performance over
Graviton2-based instances.
* api-change:``lakeformation``: [``botocore``] This release adds two new API support
"GetDataCellsFiler" and "UpdateDataCellsFilter", and also updates the corresponding documentation.
* api-change:``mediapackage-vod``: [``botocore``] This release provides the date and time VOD
resources were created.
* api-change:``mediapackage``: [``botocore``] This release provides the date and time live
resources were created.
* api-change:``route53resolver``: [``botocore``] Add dual-stack and IPv6 support for Route 53
Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
* api-change:``sagemaker``: [``botocore``] There needs to be a user identity to specify the
SageMaker user who perform each action regarding the entity. However, these is a not a unified
concept of user identity across SageMaker service that could be used today.
- from version 1.26.86
* api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor Target Recommendation APIs
and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target
Recommendation calculation.
* api-change:``location``: [``botocore``] Documentation update for the release of 3 additional map
styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open
Data Visualization Dark.
- from version 1.26.85
* api-change:``account``: [``botocore``] AWS Account alternate contact email addresses can now have
a length of 254 characters and contain the character "|".
* api-change:``ivs``: [``botocore``] Updated text description in DeleteChannel, Stream, and
StreamSummary.
- from version 1.26.84
* api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB.
* api-change:``ec2``: [``botocore``] This release adds support for a new boot mode for EC2
instances called 'UEFI Preferred'.
* api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has improved
handling for different input and output color space combinations.
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for Nielsen
watermark timezones.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports role access for these
API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and
UpdateVocabularyFilter.
- from version 1.26.83
* api-change:``iot``: [``botocore``] A recurring maintenance window is an optional configuration
used for rolling out the job document to all devices in the target group observing a predetermined
start time, duration, and frequency that the maintenance window occurs.
* api-change:``migrationhubstrategy``: [``botocore``] This release updates the File Import API to
allow importing servers already discovered by customers with reduced pre-requisites.
* api-change:``organizations``: [``botocore``] This release introduces a new reason code,
ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
* api-change:``pi``: [``botocore``] This release adds a new field PeriodAlignment to allow the
customer specifying the returned timestamp of time periods to be either the start or end time.
* api-change:``pipes``: [``botocore``] This release fixes some input parameter range and patterns.
* api-change:``sagemaker``: [``botocore``] Add a new field "EndpointMetrics" in SageMaker Inference
Recommender "ListInferenceRecommendationsJobSteps" API response.
- from version 1.26.82
* api-change:``codecatalyst``: [``botocore``] Published Dev Environments StopDevEnvironmentSession
API
* api-change:``pricing``: [``botocore``] This release adds 2 new APIs - ListPriceLists which
returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve
your price lists from the generated file from ListPriceLists
* api-change:``s3outposts``: [``botocore``] S3 on Outposts introduces a new API ListOutpostsWithS3,
with this API you can list all your Outposts with S3 capacity.
- from version 1.26.81
* enhancement:Documentation: Splits service documentation into multiple sub-pages for better
organization and faster loading time.
* enhancement:Documentation: [``botocore``] Splits service documentation into multiple sub-pages
for better organization and faster loading time.
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports flywheels to help you
train and manage new model versions for custom models.
* api-change:``ec2``: [``botocore``] This release allows IMDS support to be set to v2-only on an
existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default.
* api-change:``kms``: [``botocore``] AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm
option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature.
AWS KMS will end support for this wrapping algorithm by October 1, 2023.
* api-change:``lightsail``: [``botocore``] This release adds Lightsail for Research feature
support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount.
* api-change:``managedblockchain``: [``botocore``] This release adds support for tagging to the
accessor resource in Amazon Managed Blockchain
* api-change:``omics``: [``botocore``] Minor model changes to accomodate batch imports feature
- from version 1.26.80
* api-change:``devops-guru``: [``botocore``] This release adds the description field on
ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies.
* api-change:``drs``: [``botocore``] New fields were added to reflect availability zone data in
source server and recovery instance description commands responses, as well as source server launch
status.
* api-change:``internetmonitor``: [``botocore``] CloudWatch Internet Monitor is a a new service
within CloudWatch that will help application developers and network engineers continuously monitor
internet performance metrics such as availability and performance between their AWS-hosted
applications and end-users of these applications
* api-change:``lambda``: [``botocore``] This release adds the ability to create ESMs with Document
DB change streams as event source. For more information see
https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for HDR10 to SDR tone mapping, and animated GIF video input sources.
* api-change:``timestream-write``: [``botocore``] This release adds the ability to ingest batched
historical data or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.26.79
* api-change:``connect``: [``botocore``] StartTaskContact API now supports linked task creation
with a new optional RelatedContactId parameter
* api-change:``connectcases``: [``botocore``] This release adds the ability to delete domains
through the DeleteDomain API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``redshift``: [``botocore``] Documentation updates for Redshift API bringing it in
line with IAM best practices.
* api-change:``securityhub``: [``botocore``] New Security Hub APIs and updates to existing APIs
that help you consolidate control findings and enable and disable controls across all supported
standards
* api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- Update BuildRequires and Requires from setup.py
- Update to 1.26.78
* api-change:``appflow``: [``botocore``] This release enables the customers to choose whether to
use Private Link for Metadata and Authorization call when using a private Salesforce connections
* api-change:``ecs``: [``botocore``] This release supports deleting Amazon ECS task definitions
that are in the INACTIVE state.
* api-change:``grafana``: [``botocore``] Doc-only update. Updated information on attached role
policies for customer provided roles
* api-change:``guardduty``: [``botocore``] Updated API and data types descriptions for
CreateFilter, UpdateFilter, and TriggerDetails.
* api-change:``iotwireless``: [``botocore``] In this release, we add additional capabilities for
the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy
ratio of the FUOTA tasks
* api-change:``location``: [``botocore``] This release adds support for using Maps APIs with an API
Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting
API Keys.
* api-change:``macie2``: [``botocore``] This release adds support for a new finding type,
Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
shared with an Amazon CloudFront OAI or OAC.
* api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF v2 web ACL with an AWS App
Runner service.
- from version 1.26.77
* api-change:``chime-sdk-voice``: [``botocore``] This release introduces support for Voice
Connector media metrics in the Amazon Chime SDK Voice namespace
* api-change:``cloudfront``: [``botocore``] CloudFront now supports block lists in origin request
policies so that you can forward all headers, cookies, or query string from viewer requests to the
origin *except* for those specified in the block list.
* api-change:``datasync``: [``botocore``] AWS DataSync has relaxed the minimum length constraint of
AccessKey for Object Storage locations to 1.
* api-change:``opensearch``: [``botocore``] This release lets customers configure Off-peak window
and software update related properties for a new/existing domain. It enhances the capabilities of
StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
allows Auto-tune to make use of Off-peak window.
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports CloudWatch Custom Metrics
* api-change:``ssm``: [``botocore``] Document only update for Feb 2023
- from version 1.26.76
* api-change:``quicksight``: [``botocore``] S3 data sources now accept a custom IAM role.
* api-change:``resiliencehub``: [``botocore``] In this release we improved resilience hub
application creation and maintenance by introducing new resource and app component crud APIs,
improving visibility and maintenance of application input sources and added support for additional
information attributes to be provided by customers.
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``tnb``: [``botocore``] This is the initial SDK release for AWS Telco Network Builder
(TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage
telecom networks.
- from version 1.26.75
* bugfix:SSO: [``botocore``] Fixes aws/aws-cli`#7496
<https://github.com/aws/aws-cli/issues/7496>`__ by using the correct profile name rather than the
one set in the session.
* api-change:``auditmanager``: [``botocore``] This release introduces a
ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation.
* api-change:``connect``: [``botocore``] Reasons for failed diff has been approved by SDK Reviewer
- from version 1.26.74
* api-change:``apprunner``: [``botocore``] This release supports removing MaxSize limit for
AutoScalingConfiguration.
* api-change:``glue``: [``botocore``] Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.26.73
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``grafana``: [``botocore``] With this release Amazon Managed Grafana now supports
inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
* api-change:``ivs``: [``botocore``] Doc-only update. Updated text description in DeleteChannel,
Stream, and StreamSummary.
* api-change:``wafv2``: [``botocore``] Added a notice for account takeover prevention (ATP). The
interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region
US East (N. Virginia), without returning an error. ATP response inspection is only available in web
ACLs that protect CloudFront distributions.
- from version 1.26.72
* api-change:``cloudtrail``: [``botocore``] This release adds an
InsufficientEncryptionPolicyException type to the StartImport endpoint
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``frauddetector``: [``botocore``] This release introduces Lists feature which allows
customers to reference a set of values in Fraud Detector's rules. With Lists, customers can
dynamically manage these attributes in real time. Lists can be created/deleted and its contents can
be modified using the Fraud Detector API.
* api-change:``glue``: [``botocore``] Fix DirectJDBCSource not showing up in CLI code gen
* api-change:``privatenetworks``: [``botocore``] This release introduces a new
StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite.
* api-change:``rds``: [``botocore``] Database Activity Stream support for RDS for SQL Server.
* api-change:``wafv2``: [``botocore``] For protected CloudFront distributions, you can now use the
AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login
attempts from clients that have recently submitted too many failed login attempts.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.71
* api-change:``appconfig``: [``botocore``] AWS AppConfig now offers the option to set a version
label on hosted configuration versions. Version labels allow you to identify specific hosted
configuration versions based on an alternate versioning scheme that you define.
* api-change:``datasync``: [``botocore``] With this launch, we are giving customers the ability to
use older SMB protocol versions, enabling them to use DataSync to copy data to and from their
legacy storage arrays.
* api-change:``ec2``: [``botocore``] With this release customers can turn host maintenance on or
off when allocating or modifying a supported dedicated host. Host maintenance is turned on by
default for supported hosts.
- from version 1.26.70
* api-change:``account``: [``botocore``] This release of the Account Management API enables
customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account.
For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
* api-change:``appconfigdata``: [``botocore``] AWS AppConfig now offers the option to set a version
label on hosted configuration versions. If a labeled hosted configuration version is deployed, its
version label is available in the GetLatestConfiguration response.
* api-change:``snowball``: [``botocore``] Adds support for EKS Anywhere on Snowball. AWS Snow
Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.26.69
* api-change:``autoscaling``: [``botocore``] You can now either terminate/replace, ignore, or wait
for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back
changes from a failed instance refresh.
* api-change:``connect``: [``botocore``] This update provides the Wisdom session ARN for contacts
enabled for Wisdom in the chat channel.
* api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for an
imported snapshot until it reaches the completed state.
* api-change:``polly``: [``botocore``] Amazon Polly adds two new neural Japanese voices - Kazuha,
Tomoko
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for selecting
algorithms in CreateAutoMLJob API.
* api-change:``sns``: [``botocore``] This release adds support for SNS X-Ray active tracing as well
as other updates.
- from version 1.26.68
* api-change:``chime-sdk-meetings``: [``botocore``] Documentation updates for Chime Meetings SDK
* api-change:``emr-containers``: [``botocore``] EMR on EKS allows configuring retry policies for
job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be
restarted automatically if it fails or is deleted. The job's status can be seen in the
DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events.
* api-change:``evidently``: [``botocore``] Updated entity overrides parameter to accept up to 2500
overrides or a total of 40KB.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for
creating environments with a network fabric type of NONE
* api-change:``workdocs``: [``botocore``] Doc only update for the WorkDocs APIs.
* api-change:``workspaces``: [``botocore``] Removed Windows Server 2016 BYOL and made changes based
on IAM campaign.
- from version 1.26.67
* api-change:``backup``: [``botocore``] This release added one attribute (resource name) in the
output model of our 9 existing APIs in AWS backup so that customers will see the resource name at
the output. No input required from Customers.
* api-change:``cloudfront``: [``botocore``] CloudFront Origin Access Control extends support to AWS
Elemental MediaStore origins.
* api-change:``glue``: [``botocore``] DirectJDBCSource + Glue 4.0 streaming options
* api-change:``lakeformation``: [``botocore``] This release removes the LFTagpolicyResource
expression limits.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.66
* api-change:``transfer``: [``botocore``] Updated the documentation for the ImportCertificate API
call, and added examples.
- from version 1.26.65
* api-change:``compute-optimizer``: [``botocore``] AWS Compute optimizer can now infer if Kafka is
running on an instance.
* api-change:``customer-profiles``: [``botocore``] This release deprecates the PartyType and Gender
enum data types from the Profile model and replaces them with new PartyTypeString and GenderString
attributes, which accept any string of length up to 255.
* api-change:``frauddetector``: [``botocore``] My AWS Service (Amazon Fraud Detector) - This
release introduces Cold Start Model Training which optimizes training for small datasets and adds
intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or
Transaction Fraud Insights models with minimal historical-data.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added improved
scene change detection capabilities and a bandwidth reduction filter, along with video quality
enhancements, to the AVC encoder.
* api-change:``outposts``: [``botocore``] Adds OrderType to Order structure. Adds PreviousOrderId
and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
length of pagination token.
- from version 1.26.64
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.9
* api-change:``proton``: [``botocore``] Add new GetResourcesSummary API
* api-change:``redshift``: [``botocore``] Corrects descriptions of the parameters for the API
operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.26.63
* api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK)
encryption of configuration data, along with AWS Secrets Manager as a new configuration data
source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now
supported.
* api-change:``connect``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``keyspaces``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``quicksight``: [``botocore``] QuickSight support for Radar Chart and Dashboard
Publish Options
* api-change:``redshift``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``sso-admin``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.62
* bugfix:``s3``: [``botocore``] boto3 no longer overwrites user supplied `Content-Encoding` with
`aws-chunked` when user also supplies `ChecksumAlgorithm`.
* api-change:``devops-guru``: [``botocore``] This release adds filter support ListAnomalyForInsight
API.
* api-change:``forecast``: [``botocore``] This release will enable customer select INCREMENTAL as
ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required
attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly
has added support for program updates, and the ability to clip the end of VOD sources in programs.
* api-change:``sns``: [``botocore``] Additional attributes added for set-topic-attributes.
- from version 1.26.61
* api-change:``accessanalyzer``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``appsync``: [``botocore``] This release introduces the feature to support EventBridge
as AppSync data source.
* api-change:``cloudtrail-data``: [``botocore``] Add CloudTrail Data Service to enable users to
ingest activity events from non-AWS sources into CloudTrail Lake.
* api-change:``cloudtrail``: [``botocore``] Add new "Channel" APIs to enable users to manage
channels used for CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to
manage the resource-based permissions policy attached to a channel.
* api-change:``codeartifact``: [``botocore``] This release introduces a new DeletePackage API,
which enables deletion of a package and all of its versions from a repository.
* api-change:``connectparticipant``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
regions in SDK.
* api-change:``ec2``: [``botocore``] This launch allows customers to associate up to 8 IP addresses
to their NAT Gateways to increase the limit on concurrent connections to a single destination by
eight times from 55K to 440K.
* api-change:``groundstation``: [``botocore``] DigIF Expansion changes to the Customer APIs.
* api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Cloudwatch Logs action
batch mode.
* api-change:``kinesis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option for a VPC
endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3.
You can now use remote reindex to copy indices from one VPC domain to another without a reverse
proxy.
* api-change:``outposts``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``polly``: [``botocore``] Amazon Polly adds two new neural American English voices -
Ruth, Stephen
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
more completion criteria for Hyperparameter Optimization.
* api-change:``securityhub``: [``botocore``] New fields have been added to the AWS Security Finding
Format. Compliance.SecurityControlId is a unique identifier for a security control across
standards. Compliance.AssociatedStandards contains all enabled standards in which a security
control is enabled.
* api-change:``support``: [``botocore``] This fixes incorrect endpoint construction when a customer
is explicitly setting a region.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.60
* api-change:``clouddirectory``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``cloudformation``: [``botocore``] This feature provides a method of obtaining which
regions a stackset has stack instances deployed in.
* api-change:``discovery``: [``botocore``] Update ImportName validation to 255 from the current
length of 100
* api-change:``dlm``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: [``botocore``] We add Prefix Lists as a new route destination option for
LocalGatewayRoutes. This will allow customers to create routes to Prefix Lists. Prefix List routes
will allow customers to group individual CIDR routes with the same target into a single route.
* api-change:``imagebuilder``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``kafka``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``mediaconvert``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
* api-change:``swf``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.59
* api-change:``application-autoscaling``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
regions in SDK.
* api-change:``appstream``: [``botocore``] Fixing the issue where Appstream waiters hang for
fleet_started and fleet_stopped.
* api-change:``elasticbeanstalk``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions
in SDK.
* api-change:``fis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``glacier``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrass``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrassv2``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) in SDK.
* api-change:``mediatailor``: [``botocore``] This release introduces the As Run logging type, along
with API and documentation updates.
* api-change:``outposts``: [``botocore``] Adding support for payment term in GetOrder, CreateOrder
responses.
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] This release supports running SageMaker Training jobs
with container images that are in a private Docker registry.
* api-change:``serverlessrepo``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
SDK.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.58
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``iotfleetwise``: [``botocore``] Add model validation to BatchCreateVehicle and
BatchUpdateVehicle operations that invalidate requests with an empty vehicles list.
* api-change:``s3``: [``botocore``] Allow FIPS to be used with path-style URLs.
- from version 1.26.57
* api-change:``cloudformation``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``ec2``: [``botocore``] This release adds new functionality that allows customers to
provision IPv6 CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing
customers to utilize IPAM Resource Discovery APIs.
* api-change:``m2``: [``botocore``] Add returnCode, batchJobIdentifier in GetBatchJobExecution
response, for user to view the batch job execution result & unique identifier from engine. Also
removed unused headers from REST APIs
* api-change:``polly``: [``botocore``] Add 5 new neural voices - Sergio (es-ES), Andres (es-MX),
Remi (fr-FR), Adriano (it-IT) and Thiago (pt-BR).
* api-change:``redshift-serverless``: [``botocore``] Added query monitoring rules as possible
parameters for create and update workgroup operations.
* api-change:``s3control``: [``botocore``] Add additional endpoint tests for S3 Control. Fix
missing endpoint parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix,
those operations may have resulted in an invalid endpoint being resolved.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now decouples from Model
Registry and could accept Model Name to invoke inference recommendations job; Inference Recommender
now provides CPU/Memory Utilization metrics data in recommendation output.
* api-change:``sts``: [``botocore``] Doc only change to update wording in a key topic
- from version 1.26.56
* api-change:``databrew``: [``botocore``] Enabled FIPS us-gov-west-1 endpoints in SDK.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Melbourne)
Region (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs
in that region.
* api-change:``ssm-sap``: [``botocore``] This release provides updates to documentation and support
for listing operations performed by AWS Systems Manager for SAP.
- from version 1.26.55
* api-change:``lambda``: [``botocore``] Release Lambda RuntimeManagementConfig, enabling customers
to better manage runtime updates to their Lambda functions. This release adds two new APIs,
GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
Create/Get/Update function APIs.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now supports P4de instance
types.
- from version 1.26.54
* api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd
Generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of
3.5 GHz.
* api-change:``ivs``: [``botocore``] API and Doc update. Update to arns field in BatchGetStreamKey.
Also updates to operations and structures.
* api-change:``quicksight``: [``botocore``] This release adds support for data bars in QuickSight
table and increases pivot table field well limit.
- from version 1.26.53
* api-change:``appflow``: [``botocore``] Adding support for Salesforce Pardot connector in Amazon
AppFlow.
* api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
* api-change:``connect``: [``botocore``] Amazon Connect Chat introduces Persistent Chat, allowing
customers to resume previous conversations with context and transcripts carried over from previous
chats, eliminating the need to repeat themselves and allowing agents to provide personalized
service with access to entire conversation history.
* api-change:``connectparticipant``: [``botocore``] This release updates Amazon Connect
Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
* api-change:``ec2``: [``botocore``] Adds SSM Parameter Resource Aliasing support to EC2 Launch
Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs.
CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag,
ResolveAlias, to return the resolved parameter value.
* api-change:``glue``: [``botocore``] Release Glue Studio Hudi Data Lake Format for SDK/CLI
* api-change:``groundstation``: [``botocore``] Add configurable prepass and postpass times for
DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
through ReserveContact
* api-change:``logs``: [``botocore``] Bug fix - Removed the regex pattern validation from
CoralModel to avoid potential security issue.
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for SCTE 35
preRollMilliSeconds.
* api-change:``opensearch``: [``botocore``] This release adds the enhanced dry run option, that
checks for validation errors that might occur when deploying configuration changes and provides a
summary of these errors, if any. The feature will also indicate whether a blue/green deployment
will be required to apply a change.
* api-change:``panorama``: [``botocore``] Added AllowMajorVersionUpdate option to OTAJobConfig to
make appliance software major version updates opt-in.
* api-change:``sagemaker``: [``botocore``] HyperParameterTuningJobs now allow passing environment
variables into the corresponding TrainingJobs
- Update BuildRequires and Requires from setup.py
- Update to 1.26.52
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``ivschat``: [``botocore``] Updates the range for a Chat Room's
maximumMessageRatePerSecond field.
* api-change:``wafv2``: [``botocore``] Improved the visibility of the guidance for updating AWS WAF
resources, such as web ACLs and rule groups.
- from version 1.26.51
* api-change:``billingconductor``: [``botocore``] This release adds support for SKU Scope for
pricing plans.
* api-change:``cloud9``: [``botocore``] Added minimum value to AutomaticStopTimeMinutes parameter.
* api-change:``imagebuilder``: [``botocore``] Add support for AWS Marketplace product IDs as input
during CreateImageRecipe for the parent-image parameter. Add support for listing third-party
components.
* api-change:``network-firewall``: [``botocore``] Network Firewall now allows creation of dual
stack endpoints, enabling inspection of IPv6 traffic.
- from version 1.26.50
* api-change:``connect``: [``botocore``] This release updates the responses of
UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName and DeleteContactFlow
API with empty responses.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``outposts``: [``botocore``] This release adds POWER_30_KVA as an option for
PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure in the CreateSite
request.
* api-change:``resource-groups``: [``botocore``] AWS Resource Groups customers can now turn on
Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your
groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as
events that you can respond to using rules you create.
- from version 1.26.49
* api-change:``cleanrooms``: [``botocore``] Initial release of AWS Clean Rooms
* api-change:``lambda``: [``botocore``] Add support for MaximumConcurrency parameter for SQS event
source. Customers can now limit the maximum concurrent invocations for their SQS Event Source
Mapping.
* api-change:``logs``: [``botocore``] Bug fix: logGroupName is now not a required field in
GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams APIs as logGroupIdentifier
can be provided instead
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for compact DASH manifest generation, audio normalization using TruePeak measurements, and the
ability to clip the sample range in the color corrector.
* api-change:``secretsmanager``: [``botocore``] Update documentation for new ListSecrets and
DescribeSecret parameters
- from version 1.26.48
* api-change:``kendra``: [``botocore``] This release adds support to new document types - RTF, XML,
XSLT, MS_EXCEL, CSV, JSON, MD
- from version 1.26.47
* api-change:``location``: [``botocore``] This release adds support for two new route travel
models, Bicycle and Motorcycle which can be used with Grab data source.
* api-change:``rds``: [``botocore``] This release adds support for configuring allocated storage on
the CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot, and
RestoreDBInstanceToPointInTime APIs.
- from version 1.26.46
* api-change:``ecr-public``: [``botocore``] This release for Amazon ECR Public makes several change
to bring the SDK into sync with the API.
* api-change:``kendra-ranking``: [``botocore``] Introducing Amazon Kendra Intelligent Ranking, a
new set of Kendra APIs that leverages Kendra semantic ranking capabilities to improve the quality
of search results from other search services (i.e. OpenSearch, ElasticSearch, Solr).
* api-change:``network-firewall``: [``botocore``] Network Firewall now supports the Suricata rule
action reject, in addition to the actions pass, drop, and alert.
* api-change:``ram``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``workspaces-web``: [``botocore``] This release adds support for a new portal
authentication type: AWS IAM Identity Center (successor to AWS Single Sign-On).
- from version 1.26.45
* api-change:``acm-pca``: [``botocore``] Added revocation parameter validation: bucket names must
match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions on the use of special
characters in URIs.
* api-change:``auditmanager``: [``botocore``] This release introduces a new data retention option
in your Audit Manager settings. You can now use the DeregistrationPolicy parameter to specify if
you want to delete your data when you deregister Audit Manager.
- from version 1.26.44
* api-change:``amplifybackend``: [``botocore``] Updated GetBackendAPIModels response to include
ModelIntrospectionSchema json string
* api-change:``apprunner``: [``botocore``] This release adds support of securely referencing
secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding
them as environment secrets in your App Runner service.
* api-change:``connect``: [``botocore``] Documentation update for a new Initiation Method value in
DescribeContact API
* api-change:``emr-serverless``: [``botocore``] Adds support for customized images. You can now
provide runtime images when creating or updating EMR Serverless Applications.
* api-change:``lightsail``: [``botocore``] Documentation updates for Amazon Lightsail.
* api-change:``mwaa``: [``botocore``] MWAA supports Apache Airflow version 2.4.3.
* api-change:``rds``: [``botocore``] This release adds support for specifying which certificate
authority (CA) to use for a DB instance's server certificate during DB instance creation, as well
as other CA enhancements.
- from version 1.26.43
* api-change:``application-autoscaling``: [``botocore``] Customers can now use the existing
DescribeScalingActivities API to also see the detailed and machine-readable reasons for Application
Auto Scaling not scaling their resources and, if needed, take the necessary corrective actions.
* api-change:``logs``: [``botocore``] Update to remove sequenceToken as a required field in
PutLogEvents calls.
* api-change:``ssm``: [``botocore``] Adding support for QuickSetup Document Type in Systems Manager
- Update BuildRequires and Requires from setup.py
- update to 1.26.42:
* api-change:``securitylake``: [``botocore``] Allow CreateSubscriber API
to take string input that allows setting more descriptive
SubscriberDescription field. Make souceTypes field required in model
level for UpdateSubscriberRequest as it is required for every API call
on the backend. Allow ListSubscribers take any String as nextToken
param.
- Update to version 1.26.41
* api-change:``cloudfront``: [``botocore``] Extend response headers policy to support removing
headers from viewer responses
* api-change:``iotfleetwise``: [``botocore``] Update documentation - correct the epoch constant
value of default value for expiryTime field in CreateCampaign request.
- from version 1.26.40
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``secretsmanager``: [``botocore``] Added owning service filter, include planned
deletion flag, and next rotation date response parameter in ListSecrets.
* api-change:``wisdom``: [``botocore``] This release extends Wisdom CreateContent and
StartContentUpload APIs to support PDF and MicrosoftWord docx document uploading.
- from version 1.26.39
* api-change:``elasticache``: [``botocore``] This release allows you to modify the encryption in
transit setting, for existing Redis clusters. You can now change the TLS configuration of your
Redis clusters without the need to re-build or re-provision the clusters or impact application
availability.
* api-change:``network-firewall``: [``botocore``] AWS Network Firewall now provides status messages
for firewalls to help you troubleshoot when your endpoint fails.
* api-change:``rds``: [``botocore``] This release adds support for Custom Engine Version (CEV) on
RDS Custom SQL Server.
* api-change:``route53-recovery-control-config``: [``botocore``] Added support for Python
paginators in the route53-recovery-control-config List* APIs.
- from version 1.26.38
* api-change:``memorydb``: [``botocore``] This release adds support for MemoryDB Reserved nodes
which provides a significant discount compared to on-demand node pricing. Reserved nodes are not
physical nodes, but rather a billing discount applied to the use of on-demand nodes in your account.
* api-change:``transfer``: [``botocore``] Add additional operations to throw ThrottlingExceptions
- from version 1.26.37
* api-change:``connect``: [``botocore``] Support for Routing Profile filter, SortCriteria, and
grouping by Routing Profiles for GetCurrentMetricData API. Support for RoutingProfiles,
UserHierarchyGroups, and Agents as filters, NextStatus and AgentStatusName for GetCurrentUserData.
Adds ApproximateTotalCount to both APIs.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat introduces the Message
Receipts feature. This feature allows agents and customers to receive message delivered and read
receipts after they send a chat message.
* api-change:``detective``: [``botocore``] This release adds a missed AccessDeniedException type to
several endpoints.
* api-change:``fsx``: [``botocore``] Fix a bug where a recent release might break certain existing
SDKs.
* api-change:``inspector2``: [``botocore``] Amazon Inspector adds support for scanning NodeJS 18.x
and Go 1.x AWS Lambda function runtimes.
- from version 1.26.36
* api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
analyze and generate optimization recommendations for ecs services running on Fargate.
* api-change:``connect``: [``botocore``] Amazon Connect Chat introduces the Idle
Participant/Autodisconnect feature, which allows users to set timeouts relating to the activity of
chat participants, using the new UpdateParticipantRoleConfig API.
* api-change:``iotdeviceadvisor``: [``botocore``] This release adds the following new features: 1)
Documentation updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT
Device Advisor APIs. 3) Added new service feature: ability to provide the test endpoint when
customer executing the StartSuiteRun API.
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
real-time streaming, as well as media ingestion to the cloud.
* api-change:``rds``: [``botocore``] Add support for managing master user password in AWS Secrets
Manager for the DBInstance and DBCluster.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.26.35
* api-change:``connect``: [``botocore``] Amazon Connect Chat now allows for JSON (application/json)
message types to be sent as part of the initial message in the StartChatContact API.
* api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat now allows for JSON
(application/json) message types to be sent in the SendMessage API.
* api-change:``license-manager-linux-subscriptions``: [``botocore``] AWS License Manager now offers
cross-region, cross-account tracking of commercial Linux subscriptions on AWS. This includes
subscriptions purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or
brought to AWS via Red Hat Cloud Access Program.
* api-change:``macie2``: [``botocore``] This release adds support for analyzing Amazon S3 objects
that use the S3 Glacier Instant Retrieval (Glacier_IR) storage class.
* api-change:``sagemaker``: [``botocore``] This release enables adding RStudio Workbench support to
an existing Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
parameters for existing domains
* api-change:``scheduler``: [``botocore``] Updated the ListSchedules and ListScheduleGroups APIs to
allow the NamePrefix field to start with a number. Updated the validation for executionRole field
to support any role name.
* api-change:``ssm``: [``botocore``] Doc-only updates for December 2022.
* api-change:``support``: [``botocore``] Documentation updates for the AWS Support API
* api-change:``transfer``: [``botocore``] This release adds support for Decrypt as a workflow step
type.
- from version 1.26.34
* api-change:``batch``: [``botocore``] Adds isCancelled and isTerminated to DescribeJobs response.
* api-change:``ec2``: [``botocore``] Adds support for pagination in the EC2 DescribeImages API.
* api-change:``lookoutequipment``: [``botocore``] This release adds support for listing inference
schedulers by status.
* api-change:``medialive``: [``botocore``] This release adds support for two new features to AWS
Elemental MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now
now support the ability to decode Dolby E audio when it comes in on an input.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports configuring session
storage volumes and persistence, as well as backup and restore sessions through launch profiles.
* api-change:``resource-explorer-2``: [``botocore``] Documentation updates for AWS Resource
Explorer.
* api-change:``route53domains``: [``botocore``] Use Route 53 domain APIs to change owner,
create/delete DS record, modify IPS tag, resend authorization. New:
AssociateDelegationSignerToDomain, DisassociateDelegationSignerFromDomain, PushDomain,
ResendOperationAuthorization. Updated: UpdateDomainContact, ListOperations,
CheckDomainTransferability.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for new
objective metrics in CreateAutoMLJob API.
* api-change:``transcribe``: [``botocore``] Enable our batch transcription jobs for Swedish and
Vietnamese.
- from version 1.26.33
* api-change:``athena``: [``botocore``] Add missed InvalidRequestException in
GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
* api-change:``ecs``: [``botocore``] This release adds support for alarm-based rollbacks in ECS, a
new feature that allows customers to add automated safeguards for Amazon ECS service rolling
updates.
* api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
real-time streaming, as well as media ingestion to the cloud.
* api-change:``kinesisvideo``: [``botocore``] Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``rds``: [``botocore``] Add support for --enable-customer-owned-ip to RDS
create-db-instance-read-replica API for RDS on Outposts.
* api-change:``sagemaker``: [``botocore``] AWS Sagemaker - Sagemaker Images now supports Aliases as
secondary identifiers for ImageVersions. SageMaker Images now supports additional metadata for
ImageVersions for better images management.
- from version 1.26.32
* enhancement:s3: s3.transfer methods accept path-like objects as input
* api-change:``appflow``: [``botocore``] This release updates the ListConnectorEntities API action
so that it returns paginated responses that customers can retrieve with next tokens.
* api-change:``cloudfront``: [``botocore``] Updated documentation for CloudFront
* api-change:``datasync``: [``botocore``] AWS DataSync now supports the use of tags with task
executions. With this new feature, you can apply tags each time you execute a task, giving you
greater control and management over your task executions.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``guardduty``: [``botocore``] This release provides the valid characters for the
Description and Name field.
* api-change:``iotfleetwise``: [``botocore``] Updated error handling for empty resource names in
"UpdateSignalCatalog" and "GetModelManifest" operations.
* api-change:``sagemaker``: [``botocore``] AWS sagemaker - Features: This release adds support for
random seed, it's an integer value used to initialize a pseudo-random number generator. Setting a
random seed will allow the hyperparameter tuning search strategies to produce more consistent
configurations for the same tuning job.
- from version 1.26.31
* api-change:``backup-gateway``: [``botocore``] This release adds support for VMware vSphere tags,
enabling customer to protect VMware virtual machines using tag-based policies for AWS tags mapped
from vSphere tags. This release also adds support for customer-accessible gateway-hypervisor
interaction log and upload bandwidth rate limit schedule.
* api-change:``connect``: [``botocore``] Added support for "English - New Zealand" and "English -
South African" to be used with Amazon Connect Custom Vocabulary APIs.
* api-change:``ecs``: [``botocore``] This release adds support for container port ranges in ECS, a
new capability that allows customers to provide container port ranges to simplify use cases where
multiple ports are in use in a container. This release updates TaskDefinition mutation APIs and the
Task description APIs.
* api-change:``eks``: [``botocore``] Add support for Windows managed nodes groups.
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with native
DeltaLake tables, allowing Crawlers to classify Delta Lake format tables and catalog them for query
engines to query against.
* api-change:``kinesis``: [``botocore``] Added StreamARN parameter for Kinesis Data Streams APIs.
Added a new opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when
accessing Kinesis Data Streams.
* api-change:``location``: [``botocore``] This release adds support for a new style,
"VectorOpenDataStandardLight" which can be used with the new data source, "Open Data Maps
(Preview)".
* api-change:``m2``: [``botocore``] Adds an optional create-only `KmsKeyId` property to Environment
and Application resources.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now allows customers to
load tests their models on various instance types using private VPC.
* api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and
AwsWafv2RuleGroup.
* api-change:``translate``: [``botocore``] Raised the input byte size limit of the Text field in
the TranslateText API to 10000 bytes.
- from version 1.26.30
* api-change:``ce``: [``botocore``] This release supports percentage-based thresholds on Cost
Anomaly Detection alert subscriptions.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``networkmanager``: [``botocore``] Appliance Mode support for AWS Cloud WAN.
* api-change:``redshift-data``: [``botocore``] This release adds a new --client-token field to
ExecuteStatement and BatchExecuteStatement operations. Customers can now run queries with the
additional client token parameter to ensures idempotency.
* api-change:``sagemaker-metrics``: [``botocore``] Update SageMaker Metrics documentation.
- from version 1.26.29
* api-change:``cloudtrail``: [``botocore``] Merging mainline branch for service model into mainline
release branch. There are no new APIs.
* api-change:``rds``: [``botocore``] This deployment adds ClientPasswordAuthType field to the Auth
structure of the DBProxy.
- from version 1.26.28
* bugfix:Endpoint provider: [``botocore``] Updates ARN parsing ``resourceId`` delimiters
* api-change:``customer-profiles``: [``botocore``] This release allows custom strings in PartyType
and Gender through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString
and GenderString.
* api-change:``ec2``: [``botocore``] This release updates DescribeFpgaImages to show supported
instance types of AFIs in its response.
* api-change:``kinesisvideo``: [``botocore``] This release adds support for public preview of
Kinesis Video Stream at Edge enabling customers to provide configuration for the Kinesis Video
Stream EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras
and stream videos to the cloud on configured schedule.
* api-change:``lookoutvision``: [``botocore``] This documentation update adds kms:GenerateDataKey
as a required permission to StartModelPackagingJob.
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for Lambda
alias service endpoints. Lambda alias ARNs can now be passed into CreateService.
* api-change:``rds``: [``botocore``] Update the RDS API model to support copying option groups
during the CopyDBSnapshot operation
* api-change:``rekognition``: [``botocore``] Adds support for "aliases" and "categories", inclusion
and exclusion filters for labels and label categories, and aggregating labels by video segment
timestamps for Stored Video Label Detection APIs.
* api-change:``sagemaker-metrics``: [``botocore``] This release introduces support SageMaker
Metrics APIs.
* api-change:``wafv2``: [``botocore``] Documents the naming requirement for logging destinations
that you use with web ACLs.
- from version 1.26.27
* api-change:``iotfleetwise``: [``botocore``] Deprecated assignedValue property for actuators and
attributes. Added a message to invalid nodes and invalid decoder manifest exceptions.
* api-change:``logs``: [``botocore``] Doc-only update for CloudWatch Logs, for Tagging Permissions
clarifications
* api-change:``medialive``: [``botocore``] Link devices now support buffer size (latency)
configuration. A higher latency value means a longer delay in transmitting from the device to
MediaLive, but improved resiliency. A lower latency value means a shorter delay, but less
resiliency.
* api-change:``mediapackage-vod``: [``botocore``] This release provides the approximate number of
assets in a packaging group.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.26
* enhancement:Endpoint Provider Standard Library: [``botocore``] Correct spelling of 'library' in
``StandardLibrary`` class
* api-change:``autoscaling``: [``botocore``] Adds support for metric math for target tracking
scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also
adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new
health check type to the CreateAutoScalingGroup API.
* api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1) New
APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support
user friendly names for component types (ComponentTypeName) and properties (DisplayName).
* api-change:``migrationhubstrategy``: [``botocore``] This release adds known application
filtering, server selection for assessments, support for potential recommendations, and indications
for configuration and assessment status. For more information, see the AWS Migration Hub
documentation at https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.26.25
* api-change:``ce``: [``botocore``] This release adds the LinkedAccountName field to the
GetAnomalies API response under RootCause
* api-change:``cloudfront``: [``botocore``] Introducing UpdateDistributionWithStagingConfig that
can be used to promote the staging configuration to the production.
* api-change:``eks``: [``botocore``] Adds support for EKS add-ons configurationValues fields and
DescribeAddonConfiguration function
* api-change:``kms``: [``botocore``] Updated examples and exceptions for External Key Store (XKS).
- from version 1.26.24
* api-change:``billingconductor``: [``botocore``] This release adds the Tiering Pricing Rule
feature.
* api-change:``connect``: [``botocore``] This release provides APIs that enable you to
programmatically manage rules for Contact Lens conversational analytics and third party
applications. For more information, see
https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
* api-change:``dynamodb``: [``botocore``] Endpoint Ruleset update: Use http instead of https for
the "local" region.
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``rds``: [``botocore``] This release adds the BlueGreenDeploymentNotFoundFault to the
AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] For online + offline Feature
Groups, added ability to target PutRecord and DeleteRecord actions to only online store, or only
offline store. If target store parameter is not specified, actions will apply to both stores.
- from version 1.26.23
* api-change:``ce``: [``botocore``] This release introduces two new APIs that offer a 1-click
experience to refresh Savings Plans recommendations. The two APIs are
StartSavingsPlansPurchaseRecommendationGeneration and
ListSavingsPlansPurchaseRecommendationGeneration.
* api-change:``ec2``: [``botocore``] Documentation updates for EC2.
* api-change:``ivschat``: [``botocore``] Adds PendingVerification error type to messaging APIs to
block the resource usage for accounts identified as being fraudulent.
* api-change:``rds``: [``botocore``] This release adds the InvalidDBInstanceStateFault to the
RestoreDBClusterFromSnapshot operation.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports creating custom language
models in the following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.26.22
* api-change:``appsync``: [``botocore``] Fixes the URI for the evaluatecode endpoint to include the
/v1 prefix (ie. "/v1/dataplane-evaluatecode").
* api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports Fortigate Cloud Native
Firewall as a Service as a third-party policy type.
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags
in DASH and CMAF outputs.
* api-change:``medialive``: [``botocore``] Updates to Event Signaling and Management (ESAM) API and
documentation.
* api-change:``polly``: [``botocore``] Add language code for Finnish (fi-FI)
* api-change:``proton``: [``botocore``] CreateEnvironmentAccountConnection RoleArn input is now
optional
* api-change:``redshift-serverless``: [``botocore``] Add Table Level Restore operations for Amazon
Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging
support to Snapshots and Recovery Points in Amazon Redshift Serverless.
* api-change:``sns``: [``botocore``] This release adds the message payload-filtering feature to the
SNS Subscribe, SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.21
* api-change:``codecatalyst``: [``botocore``] This release adds operations that support customers
using the AWS Toolkits and Amazon CodeCatalyst, a unified software development service that helps
developers develop, deploy, and maintain applications in the cloud. For more information, see the
documentation.
* api-change:``comprehend``: [``botocore``] Comprehend now supports semi-structured documents (such
as PDF files or image files) as inputs for custom analysis using the synchronous APIs
(ClassifyDocument and DetectEntities).
* api-change:``gamelift``: [``botocore``] GameLift introduces a new feature, GameLift Anywhere.
GameLift Anywhere allows you to integrate your own compute resources with GameLift. You can also
use GameLift Anywhere to iteratively test your game servers without uploading the build to GameLift
for every iteration.
* api-change:``pipes``: [``botocore``] AWS introduces new Amazon EventBridge Pipes which allow you
to connect sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any
code, with filtering, batching, input transformation, and an optional Enrichment stage (Lambda,
StepFunctions, ApiGateway, ApiDestinations)
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
- from version 1.26.20
* api-change:``accessanalyzer``: [``botocore``] This release adds support for S3 cross account
access points. IAM Access Analyzer will now produce public or cross account findings when it
detects bucket delegation to external account access points.
* api-change:``athena``: [``botocore``] This release includes support for using Apache Spark in
Amazon Athena.
* api-change:``dataexchange``: [``botocore``] This release enables data providers to license direct
access to data in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data
Exchange. Subscribers get read-only access to the data and can use it in downstream AWS services,
like Amazon Athena, without creating or managing copies.
* api-change:``docdb-elastic``: [``botocore``] Launched Amazon DocumentDB Elastic Clusters. You can
now use the SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
* api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which
helps you evaluate and monitor the quality of your data and includes the API for creating,
deleting, or updating data quality rulesets, runs and evaluations.
* api-change:``s3control``: [``botocore``] Amazon S3 now supports cross-account access points. S3
bucket owners can now allow trusted AWS accounts to create access points associated with their
bucket.
* api-change:``sagemaker-geospatial``: [``botocore``] This release provides Amazon SageMaker
geospatial APIs to build, train, deploy and visualize geospatial models.
* api-change:``sagemaker``: [``botocore``] Added Models as part of the Search API. Added Model
shadow deployments in realtime inference, and shadow testing in managed inference. Added support
for shared spaces, geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on
user profiles and domains, Model sharing in Jumpstart.
- from version 1.26.19
* api-change:``ec2``: [``botocore``] This release adds support for AWS Verified Access and the
Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon
Scalable processors.
* api-change:``firehose``: [``botocore``] Allow support for the Serverless offering for Amazon
OpenSearch Service as a Kinesis Data Firehose delivery destination.
* api-change:``kms``: [``botocore``] AWS KMS introduces the External Key Store (XKS), a new feature
for customers who want to protect their data with encryption keys stored in an external key
management system under their control.
* api-change:``omics``: [``botocore``] Amazon Omics is a new, purpose-built service that can be
used by healthcare and life science organizations to store, query, and analyze omics data. The
insights from that data can be used to accelerate scientific discoveries and improve healthcare.
* api-change:``opensearchserverless``: [``botocore``] Publish SDK for Amazon OpenSearch Serverless
* api-change:``securitylake``: [``botocore``] Amazon Security Lake automatically centralizes
security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in
your account. Security Lake makes it easier to analyze security data, so you can improve the
protection of your workloads, applications, and data
* api-change:``simspaceweaver``: [``botocore``] AWS SimSpace Weaver is a new service that helps
customers build spatial simulations at new levels of scale - resulting in virtual worlds with
millions of dynamic entities. See the AWS SimSpace Weaver developer guide for more details on how
to get started. https://docs.aws.amazon.com/simspaceweaver
- from version 1.26.18
* api-change:``arc-zonal-shift``: [``botocore``] Amazon Route 53 Application Recovery Controller
Zonal Shift is a new service that makes it easy to shift traffic away from an Availability Zone in
a Region. See the developer guide for more information:
https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
* api-change:``compute-optimizer``: [``botocore``] Adds support for a new recommendation preference
that makes it possible for customers to optimize their EC2 recommendations by utilizing an external
metrics ingestion service to provide metrics.
* api-change:``config``: [``botocore``] With this release, you can use AWS Config to evaluate your
resources for compliance with Config rules before they are created or updated. Using Config rules
in proactive mode enables you to test and build compliant resource templates or check resource
configurations at the time they are provisioned.
* api-change:``ec2``: [``botocore``] Introduces ENA Express, which uses AWS SRD and dynamic routing
to increase throughput and minimize latency, adds support for trust relationships between
Reachability Analyzer and AWS Organizations to enable cross-account analysis, and adds support for
Infrastructure Performance metric subscriptions.
* api-change:``eks``: [``botocore``] Adds support for additional EKS add-ons metadata and filtering
fields
* api-change:``fsx``: [``botocore``] This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP
file systems and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP,
this also adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route
table updates.
* api-change:``glue``: [``botocore``] This release allows the creation of Custom Visual Transforms
(Dynamic Transforms) to be created via AWS Glue CLI/SDK.
* api-change:``inspector2``: [``botocore``] This release adds support for Inspector to scan AWS
Lambda.
* api-change:``lambda``: [``botocore``] Adds support for Lambda SnapStart, which helps improve the
startup performance of functions. Customers can now manage SnapStart based functions via
CreateFunction and UpdateFunctionConfiguration APIs
* api-change:``license-manager-user-subscriptions``: [``botocore``] AWS now offers fully-compliant,
Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
launch instances on-demand without any long-term licensing commitments.
* api-change:``macie2``: [``botocore``] Added support for configuring Macie to continually sample
objects from S3 buckets and inspect them for sensitive data. Results appear in statistics,
findings, and other data that Macie provides.
* api-change:``quicksight``: [``botocore``] This release adds new Describe APIs and updates Create
and Update APIs to support the data model for Dashboards, Analyses, and Templates.
* api-change:``s3control``: [``botocore``] Added two new APIs to support Amazon S3 Multi-Region
Access Point failover controls: GetMultiRegionAccessPointRoutes and
SubmitMultiRegionAccessPointRoutes. The failover control APIs are supported in the following
Regions: us-east-1, us-west-2, eu-west-1, ap-southeast-2, and ap-northeast-1.
* api-change:``securityhub``: [``botocore``] Adding StandardsManagedBy field to DescribeStandards
API response
- from version 1.26.17
* bugfix:dynamodb: Fixes duplicate serialization issue in DynamoDB BatchWriter
* api-change:``backup``: [``botocore``] AWS Backup introduces support for legal hold and
application stack backups. AWS Backup Audit Manager introduces support for cross-Region,
cross-account reports.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``drs``: [``botocore``] Non breaking changes to existing APIs, and additional APIs
added to support in-AWS failing back using AWS Elastic Disaster Recovery.
* api-change:``ecs``: [``botocore``] This release adds support for ECS Service Connect, a new
capability that simplifies writing and operating resilient distributed applications. This release
updates the TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also
adds a new ListServicesByNamespace API.
* api-change:``efs``: [``botocore``] Update efs client to latest version
* api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 properties to AWS IoT
HTTP Publish API.
* api-change:``iot``: [``botocore``] Job scheduling enables the scheduled rollout of a Job with
start and end times and a customizable end behavior when end time is reached. This is available for
continuous and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish
Action.
* api-change:``iotwireless``: [``botocore``] This release includes a new feature for customers to
calculate the position of their devices by adding three new APIs: UpdateResourcePosition,
GetResourcePosition, and GetPositionEstimate.
* api-change:``kendra``: [``botocore``] Amazon Kendra now supports preview of table information
from HTML tables in the search results. The most relevant cells with their corresponding rows,
columns are displayed as a preview in the search result. The most relevant table cell or cells are
also highlighted in table preview.
* api-change:``logs``: [``botocore``] Updates to support CloudWatch Logs data protection and
CloudWatch cross-account observability
* api-change:``mgn``: [``botocore``] This release adds support for Application and Wave management.
We also now support custom post-launch actions.
* api-change:``oam``: [``botocore``] Amazon CloudWatch Observability Access Manager is a new
service that allows configuration of the CloudWatch cross-account observability feature.
* api-change:``organizations``: [``botocore``] This release introduces delegated administrator for
AWS Organizations, a new feature to help you delegate the management of your Organizations
policies, enabling you to govern your AWS organization in a decentralized way. You can now allow
member accounts to manage Organizations policies.
* api-change:``rds``: [``botocore``] This release enables new Aurora and RDS feature called
Blue/Green Deployments that makes updates to databases safer, simpler and faster.
* api-change:``textract``: [``botocore``] This release adds support for classifying and splitting
lending documents by type, and extracting information by using the Analyze Lending APIs. This
release also includes support for summarized information of the processed lending document package,
in addition to per document results.
* api-change:``transcribe``: [``botocore``] This release adds support for 'inputType' for post-call
and real-time (streaming) Call Analytics within Amazon Transcribe.
- from version 1.26.16
* api-change:``grafana``: [``botocore``] This release includes support for configuring a Grafana
workspace to connect to a datasource within a VPC as well as new APIs for configuring Grafana
settings.
* api-change:``rbin``: [``botocore``] This release adds support for Rule Lock for Recycle Bin,
which allows you to lock retention rules so that they can no longer be modified or deleted.
- from version 1.26.15
* bugfix:Endpoints: [``botocore``] Resolve endpoint with default partition when no region is set
* bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 object lambda
* api-change:``appflow``: [``botocore``] Adding support for Amazon AppFlow to transfer the data to
Amazon Redshift databases through Amazon Redshift Data API service. This feature will support the
Redshift destination connector on both public and private accessible Amazon Redshift Clusters and
Amazon Redshift Serverless.
* api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.15 in Kinesis Data
Analytics.
- from version 1.26.14
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Hyderabad)
Region (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in
that region.
- from version 1.26.13
* api-change:``appflow``: [``botocore``] AppFlow provides a new API called
UpdateConnectorRegistration to update a custom connector that customers have previously registered.
With this API, customers no longer need to unregister and then register a connector to make an
update.
* api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
Manager: Evidence finder. You can now use evidence finder to quickly query your evidence, and add
the matching evidence results to an assessment report.
* api-change:``chime-sdk-voice``: [``botocore``] Amazon Chime Voice Connector, Voice Connector
Group and PSTN Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
* api-change:``cloudfront``: [``botocore``] CloudFront API support for staging distributions and
associated traffic management policies.
* api-change:``connect``: [``botocore``] Added AllowedAccessControlTags and TagRestrictedResource
for Tag Based Access Control on Amazon Connect Webpage
* api-change:``dynamodb``: [``botocore``] Updated minor fixes for DynamoDB documentation.
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``ec2``: [``botocore``] This release adds support for copying an Amazon Machine
Image's tags when copying an AMI.
* api-change:``glue``: [``botocore``] AWSGlue Crawler - Adding support for Table and Column level
Comments with database level datatypes for JDBC based crawler.
* api-change:``iot-roborunner``: [``botocore``] AWS IoT RoboRunner is a new service that makes it
easy to build applications that help multi-vendor robots work together seamlessly. See the IoT
RoboRunner developer guide for more details on getting started.
https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
* api-change:``quicksight``: [``botocore``] This release adds the following: 1) Asset management
for centralized assets governance 2) QuickSight Q now supports public embedding 3) New Termination
protection flag to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role
5) QuickSight supports connectivity to Databricks
* api-change:``sagemaker``: [``botocore``] Added DisableProfiler flag as a new field in
ProfilerConfig
* api-change:``servicecatalog``: [``botocore``] This release 1. adds support for Principal Name
Sharing with Service Catalog portfolio sharing. 2. Introduces repo sourced products which are
created and managed with existing SC APIs. These products are synced to external repos and auto
create new product versions based on changes in the repo.
* api-change:``ssm-sap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``transfer``: [``botocore``] Adds a NONE encryption algorithm type to AS2 connectors,
providing support for skipping encryption of the AS2 message body when a HTTPS URL is also
specified.
- from version 1.26.12
* api-change:``amplify``: [``botocore``] Adds a new value (WEB_COMPUTE) to the Platform enum that
allows customers to create Amplify Apps with Server-Side Rendering support.
* api-change:``appflow``: [``botocore``] AppFlow simplifies the preparation and cataloging of SaaS
data into the AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics
and ML services. AppFlow now also supports data field partitioning and file size optimization to
improve query performance and reduce cost.
* api-change:``appsync``: [``botocore``] This release introduces the APPSYNC_JS runtime, and adds
support for JavaScript in AppSync functions and AppSync pipeline resolvers.
* api-change:``dms``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) on DMS
Replication Instances
* api-change:``ec2``: [``botocore``] This release adds a new optional parameter "privateIpAddress"
for the CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4
address instead of having it be auto-assigned.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``emr-serverless``: [``botocore``] Adds support for AWS Graviton2 based applications.
You can now select CPU architecture when creating new applications or updating existing ones.
* api-change:``ivschat``: [``botocore``] Adds LoggingConfiguration APIs for IVS Chat - a feature
that allows customers to store and record sent messages in a chat room to S3 buckets, CloudWatch
logs, or Kinesis firehose.
* api-change:``lambda``: [``botocore``] Add Node 18 (nodejs18.x) support to AWS Lambda.
* api-change:``personalize``: [``botocore``] This release provides support for creation and use of
metric attributions in AWS Personalize
* api-change:``polly``: [``botocore``] Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports custom events. To use custom
events, create an app monitor or update an app monitor with CustomEvent Status as ENABLED.
* api-change:``s3control``: [``botocore``] Added 34 new S3 Storage Lens metrics to support
additional customer use cases.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
* api-change:``securityhub``: [``botocore``] Added SourceLayerArn and SourceLayerHash field for
security findings. Updated AwsLambdaFunction Resource detail
* api-change:``servicecatalog-appregistry``: [``botocore``] This release adds support for tagged
resource associations, which allows you to associate a group of resources with a defined resource
tag key and value to the application.
* api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
* api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
information from documents using the Signatures feature within Analyze Document API
* api-change:``workspaces``: [``botocore``] The release introduces CreateStandbyWorkspaces, an API
that allows you to create standby WorkSpaces associated with a primary WorkSpace in another Region.
DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
CreateWorkspaceBundle now return more bundle details.
- from version 1.26.11
* api-change:``batch``: [``botocore``] Documentation updates related to Batch on EKS
* api-change:``billingconductor``: [``botocore``] This release adds a new feature BillingEntity
pricing rule.
* api-change:``cloudformation``: [``botocore``] Added UnsupportedTarget HandlerErrorCode for use
with CFN Resource Hooks
* api-change:``comprehendmedical``: [``botocore``] This release supports new set of entities and
traits. It also adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
* api-change:``connect``: [``botocore``] This release adds a new MonitorContact API for initiating
monitoring of ongoing Voice and Chat contacts.
* api-change:``eks``: [``botocore``] Adds support for customer-provided placement groups for
Kubernetes control plane instances when creating local EKS clusters on Outposts
* api-change:``elasticache``: [``botocore``] for Redis now supports AWS Identity and Access
Management authentication access to Redis clusters starting with redis-engine version 7.0
* api-change:``iottwinmaker``: [``botocore``] This release adds the following: 1) ExecuteQuery API
allows users to query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to
configure and manage their pricing mode 3) Support for property groups and tabular property values
in existing AWS IoT TwinMaker APIs.
* api-change:``personalize-events``: [``botocore``] This release provides support for creation and
use of metric attributions in AWS Personalize
* api-change:``proton``: [``botocore``] Add support for sorting and filtering in
ListServiceInstances
* api-change:``rds``: [``botocore``] This release adds support for container databases (CDBs) to
Amazon RDS Custom for Oracle. A CDB contains one PDB at creation. You can add more PDBs using
Oracle SQL. You can also customize your database installation by setting the Oracle base, Oracle
home, and the OS user name and group.
* api-change:``ssm-incidents``: [``botocore``] Add support for PagerDuty integrations on
ResponsePlan, IncidentRecord, and RelatedItem APIs
* api-change:``ssm``: [``botocore``] This release adds support for cross account access in
CreateOpsItem, UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for
SSM resources: PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
* api-change:``transfer``: [``botocore``] Allow additional operations to throw ThrottlingException
* api-change:``xray``: [``botocore``] This release adds new APIs - PutResourcePolicy,
DeleteResourcePolicy, ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.26.10
* bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 on outpost
* enhancement:sso: [``botocore``] Add support for loading sso-session profiles from the aws config
* api-change:``connect``: [``botocore``] This release updates the APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
specified Amazon Connect instance.
* api-change:``greengrassv2``: [``botocore``] Adds new parent target ARN paramater to
CreateDeployment, GetDeployment, and ListDeployments APIs for the new subdeployments feature.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Spain) Region
(eu-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``ssmsap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``workspaces``: [``botocore``] This release introduces
ModifyCertificateBasedAuthProperties, a new API that allows control of certificate-based auth
properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now
additionally return certificate-based auth properties in its responses.
- from version 1.26.9
* api-change:``customer-profiles``: [``botocore``] This release enhances the SearchProfiles API by
providing functionality to search for profiles using multiple keys and logical operators.
* api-change:``lakeformation``: [``botocore``] This release adds a new parameter "Parameters" in
the DataLakeSettings.
* api-change:``managedblockchain``: [``botocore``] Updating the API docs data type:
NetworkEthereumAttributes, and the operations DeleteNode, and CreateNode to also include the
supported Goerli network.
* api-change:``proton``: [``botocore``] Add support for CodeBuild Provisioning
* api-change:``rds``: [``botocore``] This release adds support for restoring an RDS Multi-AZ DB
cluster snapshot to a Single-AZ deployment or a Multi-AZ DB instance deployment.
* api-change:``workdocs``: [``botocore``] Added 2 new document related operations,
DeleteDocumentVersion and RestoreDocumentVersions.
* api-change:``xray``: [``botocore``] This release enhances GetServiceGraph API to support new type
of edge to represent links between SQS and Lambda in event-driven applications.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.8
* api-change:``glue``: [``botocore``] Added links related to enabling job bookmarks.
* api-change:``iot``: [``botocore``] This release add new api listRelatedResourcesForAuditFinding
and new member type IssuerCertificates for Iot device device defender Audit.
* api-change:``license-manager``: [``botocore``] AWS License Manager now supports onboarded
Management Accounts or Delegated Admins to view granted licenses aggregated from all accounts in
the organization.
* api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support tagging and
tag-based authorization: TagResource, UntagResource, and ListTagsForResource. Added optional
parameters to the StartChangeSet API to support tagging a resource while making a request to create
it.
* api-change:``rekognition``: [``botocore``] Adding support for ImageProperties feature to detect
dominant colors and image brightness, sharpness, and contrast, inclusion and exclusion filters for
labels and label categories, new fields to the API response, "aliases" and "categories"
* api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub
* api-change:``ssm-incidents``: [``botocore``] RelatedItems now have an ID field which can be used
for referencing them else where. Introducing event references in TimelineEvent API and increasing
maximum length of "eventData" to 12K characters.
- from version 1.26.7
* api-change:``autoscaling``: [``botocore``] This release adds a new price capacity optimized
allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances
via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare
capacity availability and Spot Instance price.
* api-change:``ec2``: [``botocore``] This release adds a new price capacity optimized allocation
strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto
Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity
availability and Spot Instance price.
* api-change:``ecs``: [``botocore``] This release adds support for task scale-in protection with
updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
service managed task from being terminated by scale-in events and getTaskProtection API to get the
scale-in protection status of a task.
* api-change:``es``: [``botocore``] Amazon OpenSearch Service now offers managed VPC endpoints to
connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This
feature allows you to privately access OpenSearch Service domain without using public IPs or
requiring traffic to traverse the Internet.
* api-change:``resource-explorer-2``: [``botocore``] Text only updates to some Resource Explorer
descriptions.
* api-change:``scheduler``: [``botocore``] AWS introduces the new Amazon EventBridge Scheduler.
EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks
from one central, managed service.
- from version 1.26.6
* api-change:``connect``: [``botocore``] This release adds new fields SignInUrl, UserArn, and
UserId to GetFederationToken response payload.
* api-change:``connectcases``: [``botocore``] This release adds the ability to disable templates
through the UpdateTemplate API. Disabling templates prevents customers from creating cases using
the template. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: [``botocore``] Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are
purpose built for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge
High Memory instances are purpose-built to run large in-memory databases.
* api-change:``groundstation``: [``botocore``] This release adds the preview of customer-provided
ephemeris support for AWS Ground Station, allowing space vehicle owners to provide their own
position and trajectory information for a satellite.
* api-change:``mediapackage-vod``: [``botocore``] This release adds "IncludeIframeOnlyStream" for
Dash endpoints.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.5
* api-change:``acm``: [``botocore``] Support added for requesting elliptic curve certificate key
algorithm types P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
* api-change:``billingconductor``: [``botocore``] This release adds the Recurring Custom Line Item
feature along with a new API ListCustomLineItemVersions.
* api-change:``ec2``: [``botocore``] This release enables sharing of EC2 Placement Groups across
accounts and within AWS Organizations using Resource Access Manager
* api-change:``fms``: [``botocore``] AWS Firewall Manager now supports importing existing AWS
Network Firewall firewalls into Firewall Manager policies.
* api-change:``lightsail``: [``botocore``] This release adds support for Amazon Lightsail to
automate the delegation of domains registered through Amazon Route 53 to Lightsail DNS management
and to automate record creation for DNS validation of Lightsail SSL/TLS certificates.
* api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service now offers managed VPC
endpoints to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private
Cloud (VPC). This feature allows you to privately access OpenSearch Service domain without using
public IPs or requiring traffic to traverse the Internet.
* api-change:``polly``: [``botocore``] Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO),
Laura (nl-NL) and Suvi (fi-FI). They are available as neural voices only.
* api-change:``resource-explorer-2``: [``botocore``] This is the initial SDK release for AWS
Resource Explorer. AWS Resource Explorer lets your users search for and discover your AWS resources
across the AWS Regions in your account.
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Zurich) Region
(eu-central-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.4
* api-change:``athena``: [``botocore``] Adds support for using Query Result Reuse
* api-change:``autoscaling``: [``botocore``] This release adds support for two new attributes for
attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``cloudtrail``: [``botocore``] This release includes support for configuring a
delegated administrator to manage an AWS Organizations organization CloudTrail trails and event
data stores, and AWS Key Management Service encryption of CloudTrail Lake event data stores.
* api-change:``ec2``: [``botocore``] This release adds support for two new attributes for
attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``elasticache``: [``botocore``] Added support for IPv6 and dual stack for Memcached
and Redis clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual
stack networking support.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
for setting the SDR reference white point for HDR conversions and conversion of HDR10 to
DolbyVision without mastering metadata.
* api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
to multi account multi region Systems Manager Automation
* api-change:``wafv2``: [``botocore``] The geo match statement now adds labels for country and
region. You can match requests at the region level by combining a geo match statement with label
match statements.
* api-change:``wellarchitected``: [``botocore``] This release adds support for integrations with
AWS Trusted Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up
your workload reviews.
* api-change:``workspaces``: [``botocore``] This release adds protocols attribute to workspaces
properties data type. This enables customers to migrate workspaces from PC over IP (PCoIP) to
WorkSpaces Streaming Protocol (WSP) using create and modify workspaces public APIs.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.3
* api-change:``ec2``: [``botocore``] This release adds API support for the recipient of an AMI
account share to remove shared AMI launch permissions.
* api-change:``emr-containers``: [``botocore``] Adding support for Job templates. Job templates
allow you to create and store templates to configure Spark applications parameters. This helps you
ensure consistent settings across applications by reusing and enforcing configuration overrides in
data pipelines.
* api-change:``logs``: [``botocore``] Doc-only update for bug fixes and support of export to
buckets encrypted with SSE-KMS
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.2
* api-change:``memorydb``: [``botocore``] Adding support for r6gd instances for MemoryDB Redis with
data tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted,
the least recently used data is automatically tiered to solid state drives for cost-effective
capacity scaling with minimal performance impact.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
ml.trn1 instance types.
* api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.1
* api-change:``iotsitewise``: [``botocore``] This release adds the ListAssetModelProperties and
ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
using these two new APIs.
* api-change:``s3control``: [``botocore``] S3 on Outposts launches support for Lifecycle
configuration for Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they
are stored cost effectively. You can manage objects using size-based rules and specify how many
noncurrent versions bucket will retain.
* api-change:``sagemaker``: [``botocore``] This release updates Framework model regex for
ModelPackage to support new Framework version xgboost, sklearn.
* api-change:``ssm-incidents``: [``botocore``] Adds support for tagging replication-set on creation.
- from version 1.26.0
* feature:Endpoints: [``botocore``] Migrate all services to use new AWS Endpoint Resolution
framework
* Enhancement:Endpoints: [``botocore``] Discontinued use of `sslCommonName` hosts as detailed in
1.27.0 (see `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
* api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
configuring Storage Throughput on RDS database instances.
* api-change:``textract``: [``botocore``] Add ocr results in AnalyzeIDResponse as blocks
- from version 1.25.5
* api-change:``apprunner``: [``botocore``] This release adds support for private App Runner
services. Services may now be configured to be made private and only accessible from a VPC. The
changes include a new VpcIngressConnection resource and several new and modified APIs.
* api-change:``connect``: [``botocore``] Amazon connect now support a new API DismissUserContact to
dismiss or remove terminated contacts in Agent CCP
* api-change:``ec2``: [``botocore``] Elastic IP transfer is a new Amazon VPC feature that allows
you to transfer your Elastic IP addresses from one AWS Account to another.
* api-change:``iot``: [``botocore``] This release adds the Amazon Location action to IoT Rules
Engine.
* api-change:``logs``: [``botocore``] SDK release to support tagging for destinations and log
groups with TagResource. Also supports tag on create with PutDestination.
* api-change:``sesv2``: [``botocore``] This release includes support for interacting with the
Virtual Deliverability Manager, allowing you to opt in/out of the feature and to retrieve
recommendations and metric data.
* api-change:``textract``: [``botocore``] This release introduces additional support for 30+
normalized fields such as vendor address and currency. It also includes OCR output in the response
and accuracy improvements for the already supported fields in previous version
- from version 1.25.4
* api-change:``apprunner``: [``botocore``] AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1
runtimes.
* api-change:``appstream``: [``botocore``] This release includes CertificateBasedAuthProperties in
CreateDirectoryConfig and UpdateDirectoryConfig.
* api-change:``cloud9``: [``botocore``] Update to the documentation section of the Cloud9 API
Reference guide.
* api-change:``cloudformation``: [``botocore``] This release adds more fields to improves
visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances,
DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations,
DescribeStackSetOperation.
* api-change:``gamesparks``: [``botocore``] Add LATEST as a possible GameSDK Version on snapshot
* api-change:``mediatailor``: [``botocore``] This release introduces support for SCTE-35
segmentation descriptor messages which can be sent within time signal messages.
- from version 1.25.3
* api-change:``ec2``: [``botocore``] Feature supports the replacement of instance root volume using
an updated AMI without requiring customers to stop their instance.
* api-change:``fms``: [``botocore``] Add support NetworkFirewall Managed Rule Group Override flag
in GetViolationDetails API
* api-change:``glue``: [``botocore``] Added support for custom datatypes when using custom csv
classifier.
* api-change:``redshift``: [``botocore``] This release clarifies use for the ElasticIp parameter of
the CreateCluster and RestoreFromClusterSnapshot APIs.
* api-change:``sagemaker``: [``botocore``] This change allows customers to provide a custom
entrypoint script for the docker container to be run while executing training jobs, and provide
custom arguments to the entrypoint script.
* api-change:``wafv2``: [``botocore``] This release adds the following: Challenge rule action, to
silently verify client browsers; rule group rule action override to any valid rule action, not just
Count; token sharing between protected applications for challenge/CAPTCHA token; targeted rules
option for Bot Control managed rule group.
- from version 1.25.2
* api-change:``iam``: [``botocore``] Doc only update that corrects instances of CLI not using an
entity.
* api-change:``kafka``: [``botocore``] This release adds support for Tiered Storage. UpdateStorage
allows you to control the Storage Mode for supported storage tiers.
* api-change:``neptune``: [``botocore``] Added a new cluster-level attribute to set the capacity
range for Neptune Serverless instances.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying Grid Search strategy for tuning jobs, which evaluates all hyperparameter combinations
exhaustively based on the categorical hyperparameters provided.
- from version 1.25.1
* api-change:``accessanalyzer``: [``botocore``] This release adds support for six new resource
types in IAM Access Analyzer to help you easily identify public and cross-account access to your
AWS resources. Updated service API, documentation, and paginators.
* api-change:``location``: [``botocore``] Added new map styles with satellite imagery for map
resources using HERE as a data provider.
* api-change:``mediatailor``: [``botocore``] This release is a documentation update
* api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
exporting DB cluster data to Amazon S3.
* api-change:``workspaces``: [``botocore``] This release adds new enums for supporting Workspaces
Core features, including creating Manual running mode workspaces, importing regular Workspaces Core
images and importing g4dn Workspaces Core images.
- Update BuildRequires and Requires from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.25.0
* feature:Endpoints: [``botocore``] Implemented new endpoint ruleset system to dynamically derive
endpoints and settings for services
* api-change:``acm-pca``: [``botocore``] AWS Private Certificate Authority (AWS Private CA) now
offers usage modes which are combination of features to address specific use cases.
* api-change:``batch``: [``botocore``] This release adds support for AWS Batch on Amazon EKS.
* api-change:``datasync``: [``botocore``] Added support for self-signed certificates when using
object storage locations; added BytesCompressed to the TaskExecution response.
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now supports a new API
ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
inference recommendation job.
- from version 1.24.96
* api-change:``cognito-idp``: [``botocore``] This release adds a new "DeletionProtection" field to
the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE
value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
* api-change:``sagemaker``: [``botocore``] CreateInferenceRecommenderjob API now supports passing
endpoint details directly, that will help customers to identify the max invocation and max latency
they can achieve for their model and the associated endpoint along with getting recommendations on
other instances.
- from version 1.24.95
* api-change:``devops-guru``: [``botocore``] This release adds information about the resources
DevOps Guru is analyzing.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports AddEndpoints and
RemoveEndpoints operations for standard endpoint groups.
* api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
regional optimization for AWS Resilience Hub applications. It also includes a few documentation
updates to improve clarity.
* api-change:``rum``: [``botocore``] CloudWatch RUM now supports Extended CloudWatch Metrics with
Additional Dimensions
- from version 1.24.94
* api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime Messaging SDK
* api-change:``cloudtrail``: [``botocore``] This release includes support for exporting CloudTrail
Lake query results to an Amazon S3 bucket.
* api-change:``config``: [``botocore``] This release adds resourceType enums for AppConfig,
AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
* api-change:``connect``: [``botocore``] This release adds API support for managing phone numbers
that can be used across multiple AWS regions through telephony traffic distribution.
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``managedblockchain``: [``botocore``] Adding new Accessor APIs for Amazon Managed
Blockchain
* api-change:``s3``: [``botocore``] Updates internal logic for constructing API endpoints. We have
added rule-based endpoints and internal model parameters.
* api-change:``s3control``: [``botocore``] Updates internal logic for constructing API endpoints.
We have added rule-based endpoints and internal model parameters.
* api-change:``support-app``: [``botocore``] This release adds the
RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an
AWS account that is part of an organization.
* api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now supports user access logging for
recording session start, stop, and URL navigation.
- from version 1.24.93
* api-change:``frauddetector``: [``botocore``] Documentation Updates for Amazon Fraud Detector
* api-change:``sagemaker``: [``botocore``] This change allows customers to enable data capturing
while running a batch transform job, and configure monitoring schedule to monitoring the captured
data.
* api-change:``servicediscovery``: [``botocore``] Updated the ListNamespaces API to support the
NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.
* api-change:``sesv2``: [``botocore``] This release allows subscribers to enable Dedicated IPs
(managed) to send email via a fully managed dedicated IP experience. It also adds identities'
VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs
counts in the response of ListImportJobs API.
- from version 1.24.92
* api-change:``greengrass``: [``botocore``] This change allows customers to specify
FunctionRuntimeOverride in FunctionDefinitionVersion. This configuration can be used if the runtime
on the device is different from the AWS Lambda runtime specified for that function.
* api-change:``sagemaker``: [``botocore``] This release adds support for C7g, C6g, C6gd, C6gn, M6g,
M6gd, R6g, and R6gn Graviton instance types in Amazon SageMaker Inference.
- Update BuildRequires and Requires from setup.py
- Remove version constraint for python-pytest in BuildRequires
- Update to version 1.24.91
* api-change:``mediaconvert``: [``botocore``] MediaConvert now supports specifying the minimum
percentage of the HRD buffer available at the end of each encoded video segment.
- from version 1.24.90
* api-change:``amplifyuibuilder``: [``botocore``] We are releasing the ability for fields to be
configured as arrays.
* api-change:``appflow``: [``botocore``] With this update, you can choose which Salesforce API is
used by Amazon AppFlow to transfer data to or from your Salesforce account. You can choose the
Salesforce REST API or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API
automatically.
* api-change:``connect``: [``botocore``] This release adds support for a secondary email and a
mobile number for Amazon Connect instance users.
* api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
Managed Microsoft AD set up.
* api-change:``ecs``: [``botocore``] Documentation update to address tickets.
* api-change:``guardduty``: [``botocore``] Add UnprocessedDataSources to CreateDetectorResponse
which specifies the data sources that couldn't be enabled during the CreateDetector request. In
addition, update documentations.
* api-change:``iam``: [``botocore``] Documentation updates for the AWS Identity and Access
Management API Reference.
* api-change:``iotfleetwise``: [``botocore``] Documentation update for AWS IoT FleetWise
* api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports forwarding SCTE-35
messages through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages
from an inactive source.
* api-change:``mediapackage-vod``: [``botocore``] This release adds SPEKE v2 support for
MediaPackage VOD. Speke v2 is an upgrade to the existing SPEKE API to support multiple encryption
keys, based on an encryption contract selected by the customer.
* api-change:``panorama``: [``botocore``] Pause and resume camera stream processing with
SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
application state information in DescribeApplicationInstance response.
* api-change:``rds-data``: [``botocore``] Doc update to reflect no support for schema parameter on
BatchExecuteStatement API
* api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support Tasks
* api-change:``ssm``: [``botocore``] Support of AmazonLinux2022 by Patch Manager
* api-change:``transfer``: [``botocore``] This release adds an option for customers to configure
workflows that are triggered when files are only partially received from a client due to premature
session disconnect.
* api-change:``translate``: [``botocore``] This release enables customers to specify multiple
target languages in asynchronous batch translation requests.
* api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
a trigger event list for classifying and grouping recommendations.
- from version 1.24.89
* api-change:``codeguru-reviewer``: [``botocore``] Documentation update to replace broken link.
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``greengrassv2``: [``botocore``] This release adds error status details for
deployments and components that failed on a device and adds features to improve visibility into
component installation.
* api-change:``quicksight``: [``botocore``] Amazon QuickSight now supports SecretsManager Secret
ARN in place of CredentialPair for DataSource creation and update. This release also has some minor
documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.24.88
* api-change:``resiliencehub``: [``botocore``] Documentation change for AWS Resilience Hub.
Doc-only update to fix Documentation layout
- from version 1.24.87
* api-change:``glue``: [``botocore``] This SDK release adds support to sync glue jobs with source
control provider. Additionally, a new parameter called SourceControlDetails will be added to Job
model.
* api-change:``network-firewall``: [``botocore``] StreamExceptionPolicy configures how AWS Network
Firewall processes traffic when a network connection breaks midstream
* api-change:``outposts``: [``botocore``] This release adds the Asset state information to the
ListAssets response. The ListAssets request supports filtering on Asset state.
- from version 1.24.86
* api-change:``connect``: [``botocore``] Updated the CreateIntegrationAssociation API to support
the CASES_DOMAIN IntegrationType.
* api-change:``connectcases``: [``botocore``] This release adds APIs for Amazon Connect Cases.
Cases allows your agents to quickly track and manage customer issues that require multiple
interactions, follow-up tasks, and teams in your contact center. For more information, see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: [``botocore``] Added EnableNetworkAddressUsageMetrics flag for
ModifyVpcAttribute, DescribeVpcAttribute APIs.
* api-change:``ecs``: [``botocore``] Documentation updates to address various Amazon ECS tickets.
* api-change:``s3control``: [``botocore``] S3 Object Lambda adds support to allow customers to
intercept HeadObject and ListObjects requests and introduce their own compute. These requests were
previously proxied to S3.
* api-change:``workmail``: [``botocore``] This release adds support for impersonation roles in
Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.85
* api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer policy validation
introduces new checks for role trust policies. As customers author a policy, IAM Access Analyzer
policy validation evaluates the policy for any issues to make it easier for customers to author
secure policies.
* api-change:``ec2``: [``botocore``] Adding an imdsSupport attribute to EC2 AMIs
* api-change:``snowball``: [``botocore``] Adds support for V3_5C. This is a refreshed AWS Snowball
Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.24.84
* api-change:``codedeploy``: [``botocore``] This release allows you to override the alarm
configurations when creating a deployment.
* api-change:``devops-guru``: [``botocore``] This release adds filter feature on
AddNotificationChannel API, enable customer to configure the SNS notification messages by Severity
or MessageTypes
* api-change:``dlm``: [``botocore``] This release adds support for archival of single-volume
snapshots created by Amazon Data Lifecycle Manager policies
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: [``botocore``] A new parameter called ExplainerConfig is added to
CreateEndpointConfig API to enable SageMaker Clarify online explainability feature.
* api-change:``sso-oidc``: [``botocore``] Documentation updates for the IAM Identity Center OIDC
CLI Reference.
- from version 1.24.83
* api-change:``acm``: [``botocore``] This update returns additional certificate details such as
certificate SANs and allows sorting in the ListCertificates API.
* api-change:``ec2``: [``botocore``] u-3tb1 instances are powered by Intel Xeon Platinum 8176M
(Skylake) processors and are purpose-built to run large in-memory databases.
* api-change:``emr-serverless``: [``botocore``] This release adds API support to debug Amazon EMR
Serverless jobs in real-time with live application UIs
* api-change:``fsx``: [``botocore``] This release adds support for Amazon File Cache.
* api-change:``migrationhuborchestrator``: [``botocore``] Introducing AWS MigrationHubOrchestrator.
This is the first public release of AWS MigrationHubOrchestrator.
* api-change:``polly``: [``botocore``] Added support for the new Cantonese voice - Hiujin. Hiujin
is available as a Neural voice only.
* api-change:``proton``: [``botocore``] This release adds an option to delete pipeline provisioning
repositories using the UpdateAccountSettings API
* api-change:``sagemaker``: [``botocore``] SageMaker Training Managed Warm Pools let you retain
provisioned infrastructure to reduce latency for repetitive training workloads.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``translate``: [``botocore``] This release enables customers to access control rights
on Translate resources like Parallel Data and Custom Terminology using Tag Based Authorization.
* api-change:``workspaces``: [``botocore``] This release includes diagnostic log uploading feature.
If it is enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces
automatically for troubleshooting. You can use modifyClientProperty api to enable/disable this
feature.
- from version 1.24.82
* api-change:``ce``: [``botocore``] This release is to support retroactive Cost Categories. The new
field will enable you to retroactively apply new and existing cost category rules to previous
months.
* api-change:``kendra``: [``botocore``] My AWS Service (placeholder) - Amazon Kendra now provides a
data source connector for DropBox. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
* api-change:``location``: [``botocore``] This release adds place IDs, which are unique identifiers
of places, along with a new GetPlace operation, which can be used with place IDs to find a place
again later. UnitNumber and UnitType are also added as new properties of places.
- from version 1.24.81
* api-change:``cur``: [``botocore``] This release adds two new support
regions(me-central-1/eu-south-2) for OSG.
* api-change:``iotfleetwise``: [``botocore``] General availability (GA) for AWS IoT Fleetwise. It
adds AWS IoT Fleetwise to AWS SDK. For more information, see
https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
* api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
to Systems Manager capabilities like Automation, Run Command, State Manager, and Maintenance
Windows.
- from version 1.24.80
* api-change:``apprunner``: [``botocore``] AWS App Runner adds a Node.js 16 runtime.
* api-change:``ec2``: [``botocore``] Letting external AWS customers provide ImageId as a Launch
Template override in FleetLaunchTemplateOverridesRequest
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lightsail``: [``botocore``] This release adds Instance Metadata Service (IMDS)
support for Lightsail instances.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for on-demand Amazon
Elastic Compute Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU
instance types for their creative projects.
* api-change:``ssm``: [``botocore``] This release adds new SSM document types
ConformancePackTemplate and CloudFormation
* api-change:``wafv2``: [``botocore``] Add the default specification for ResourceType in
ListResourcesForWebACL.
- from version 1.24.79
* api-change:``backup-gateway``: [``botocore``] Changes include: new GetVirtualMachineApi to fetch
a single user's VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and
improving GetGatewayApi to now also return the gateway's MaintenanceStartTime.
* api-change:``devicefarm``: [``botocore``] This release adds the support for VPC-ENI based
connectivity for private devices on AWS Device Farm.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``glue``: [``botocore``] Added support for S3 Event Notifications for Catalog Target
Crawlers.
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
- from version 1.24.78
* api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports synchronous mode for
targeted sentiment API operations.
* api-change:``s3control``: [``botocore``] S3 on Outposts launches support for object versioning
for Outposts buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of
every object stored in your buckets. You can recover from both unintended user actions and
application failures.
* api-change:``sagemaker``: [``botocore``] SageMaker now allows customization on Canvas Application
settings, including enabling/disabling time-series forecasting and specifying an Amazon Forecast
execution role at both the Domain and UserProfile levels.
- from version 1.24.77
* api-change:``ec2``: [``botocore``] This release adds support for blocked paths to Amazon VPC
Reachability Analyzer.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.76
* api-change:``cloudtrail``: [``botocore``] This release includes support for importing existing
trails into CloudTrail Lake.
* api-change:``ec2``: [``botocore``] This release adds CapacityAllocations field to
DescribeCapacityReservations
* api-change:``mediaconnect``: [``botocore``] This change allows the customer to use the SRT Caller
protocol as part of their flows
* api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Proxy with SQL Server
compatibility.
- from version 1.24.75
* api-change:``codestar-notifications``: [``botocore``] This release adds tag based access control
for the UntagResource API.
* api-change:``ecs``: [``botocore``] This release supports new task definition sizes.
- from version 1.24.74
* api-change:``dynamodb``: [``botocore``] Increased DynamoDB transaction limit from 25 to 100.
* api-change:``ec2``: [``botocore``] This feature allows customers to create tags for
vpc-endpoint-connections and vpc-endpoint-service-permissions.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to
stop underperforming hyperparameter configurations early.
- from version 1.24.73
* api-change:``amplifyuibuilder``: [``botocore``] Amplify Studio UIBuilder is introducing forms
functionality. Forms can be configured from Data Store models, JSON, or from scratch. These forms
can then be generated in your project and used like any other React components.
* api-change:``ec2``: [``botocore``] This update introduces API operations to manage and create
local gateway route tables, CoIP pools, and VIF group associations.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.72
* api-change:``customer-profiles``: [``botocore``] Added isUnstructured in response for Customer
Profiles Integration APIs
* api-change:``drs``: [``botocore``] Fixed the data type of lagDuration that is returned in
Describe Source Server API
* api-change:``ec2``: [``botocore``] Two new features for local gateway route tables: support for
static routes targeting Elastic Network Interfaces and direct VPC routing.
* api-change:``evidently``: [``botocore``] This release adds support for the client-side evaluation
- powered by AWS AppConfig feature.
* api-change:``kendra``: [``botocore``] This release enables our customer to choose the option of
Sharepoint 2019 for the on-premise Sharepoint connector.
* api-change:``transfer``: [``botocore``] This release introduces the ability to have multiple
server host keys for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.24.71
* api-change:``eks``: [``botocore``] Adding support for local Amazon EKS clusters on Outposts
- from version 1.24.70
* api-change:``cloudtrail``: [``botocore``] This release adds CloudTrail getChannel and
listChannels APIs to allow customer to view the ServiceLinkedChannel configurations.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``pi``: [``botocore``] Increases the maximum values of two RDS Performance Insights
APIs. The maximum value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is
now 25 for the following APIs: DescribeDimensionKeys, GetResourceMetrics,
ListAvailableResourceDimensions, and ListAvailableResourceMetrics.
* api-change:``redshift``: [``botocore``] This release updates documentation for AQUA features and
other description updates.
- from version 1.24.69
* api-change:``ec2``: [``botocore``] This release adds support to send VPC Flow Logs to
kinesis-data-firehose as new destination type
* api-change:``emr-containers``: [``botocore``] EMR on EKS now allows running Spark SQL using the
newly introduced Spark SQL Job Driver in the Start Job Run API
* api-change:``lookoutmetrics``: [``botocore``] Release dimension value filtering feature to allow
customers to define dimension filters for including only a subset of their dataset to be used by
LookoutMetrics.
* api-change:``medialive``: [``botocore``] This change exposes API settings which allow Dolby Atmos
and Dolby Vision to be used when running a channel using Elemental Media Live
* api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Middle East (UAE) Region
(me-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``sagemaker``: [``botocore``] This release adds Mode to AutoMLJobConfig.
* api-change:``ssm``: [``botocore``] This release adds support for Systems Manager State Manager
Association tagging.
- from version 1.24.68
* api-change:``dataexchange``: [``botocore``] Documentation updates for AWS Data Exchange.
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``eks``: [``botocore``] Adds support for EKS Addons ResolveConflicts "preserve" flag.
Also adds new update failed status for EKS Addons.
* api-change:``fsx``: [``botocore``] Documentation update for Amazon FSx.
* api-change:``inspector2``: [``botocore``] This release adds new fields like fixAvailable,
fixedInVersion and remediation to the finding model. The requirement to have vulnerablePackages in
the finding model has also been removed. The documentation has been updated to reflect these
changes.
* api-change:``iotsitewise``: [``botocore``] Allow specifying units in Asset Properties
* api-change:``sagemaker``: [``botocore``] SageMaker Hosting now allows customization on ML
instance storage volume size, model data download timeout and inference container startup ping
health check timeout for each ProductionVariant in CreateEndpointConfig API.
* api-change:``sns``: [``botocore``] Amazon SNS introduces the Data Protection Policy APIs, which
enable customers to attach a data protection policy to an SNS topic. This allows topic owners to
enable the new message data protection feature to audit and block sensitive data that is exchanged
through their topics.
- from version 1.24.67
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
* api-change:``sagemaker``: [``botocore``] This release adds HyperParameterTuningJob type in Search
API.
- from version 1.24.66
* api-change:``cognito-idp``: [``botocore``] This release adds a new "AuthSessionValidity" field to
the UserPoolClient in Cognito. Application admins can configure this value for their users'
authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
field will also apply to the SMS MFA authentication flow.
* api-change:``connect``: [``botocore``] This release adds search APIs for Routing Profiles and
Queues, which can be used to search for those resources within a Connect Instance.
* api-change:``mediapackage``: [``botocore``] Added support for AES_CTR encryption to CMAF origin
endpoints
* api-change:``sagemaker``: [``botocore``] This release enables administrators to attribute user
activity and API calls from Studio notebooks, Data Wrangler and Canvas to specific users even when
users share the same execution IAM role. ExecutionRoleIdentityConfig at Sagemaker domain level
enables this feature.
- from version 1.24.65
* api-change:``codeguru-reviewer``: [``botocore``] Documentation updates to fix formatting issues
in CLI and SDK documentation.
* api-change:``controltower``: [``botocore``] This release contains the first SDK for AWS Control
Tower. It introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
ListEnabledControls.
* api-change:``route53``: [``botocore``] Documentation updates for Amazon Route 53.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.64
* api-change:``cloudfront``: [``botocore``] Update API documentation for CloudFront origin access
control (OAC)
* api-change:``identitystore``: [``botocore``] Expand IdentityStore API to support Create, Read,
Update, Delete and Get operations for User, Group and GroupMembership resources.
* api-change:``iotthingsgraph``: [``botocore``] This release deprecates all APIs of the ThingsGraph
service
* api-change:``ivs``: [``botocore``] IVS Merge Fragmented Streams. This release adds support for
recordingReconnectWindow field in IVS recordingConfigurations. For more information see
https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
* api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
* api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts Inference
Recommender fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes,
SupportedInstanceTypes, directly in our CreateInferenceRecommendationsJob API through
ContainerConfig
- from version 1.24.63
* enhancement:Endpoints: [``botocore``] Deprecate SSL common name
* api-change:``greengrassv2``: [``botocore``] Adds topologyFilter to ListInstalledComponentsRequest
which allows filtration of components by ROOT or ALL (including root and dependency components).
Adds lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a
component changed state on a device.
* api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
Reference.
* api-change:``lookoutequipment``: [``botocore``] This release adds new apis for providing labels.
* api-change:``macie2``: [``botocore``] This release of the Amazon Macie API adds support for using
allow lists to define specific text and text patterns to ignore when inspecting data sources for
sensitive data.
* api-change:``sso-admin``: [``botocore``] Documentation updates for the AWS IAM Identity Center
CLI Reference.
* api-change:``sso``: [``botocore``] Documentation updates for the AWS IAM Identity Center Portal
CLI Reference.
- from version 1.24.62
* api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx for NetApp ONTAP.
* api-change:``voice-id``: [``botocore``] Amazon Connect Voice ID now detects voice spoofing. When
a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech,
Voice ID will return a risk score and outcome to indicate the how likely it is that the voice is
spoofed.
- from version 1.24.61
* api-change:``mediapackage``: [``botocore``] This release adds Ads AdTriggers and
AdsOnDeliveryRestrictions to describe calls for CMAF endpoints on MediaPackage.
* api-change:``rds``: [``botocore``] Removes support for RDS Custom from DBInstanceClass in
ModifyDBInstance
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.60
* enhancement:Identity: [``botocore``] TokenProvider added for bearer auth support
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``gamelift``: [``botocore``] This release adds support for eight EC2 local zones as
fleet locations; Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los
Angeles, and Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
* api-change:``iotwireless``: [``botocore``] This release includes a new feature for the customers
to enable the LoRa gateways to send out beacons for Class B devices and an option to select one or
more gateways for Class C devices when sending the LoRaWAN downlink messages.
* api-change:``ivschat``: [``botocore``] Documentation change for IVS Chat API Reference. Doc-only
update to add a paragraph on ARNs to the Welcome section.
* api-change:``panorama``: [``botocore``] Support sorting and filtering in ListDevices API, and add
more fields to device listings and single device detail
* api-change:``sso-oidc``: [``botocore``] Updated required request parameters on IAM Identity
Center's OIDC CreateToken action.
- from version 1.24.59
* api-change:``cloudfront``: [``botocore``] Adds support for CloudFront origin access control
(OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those
with SSE-KMS, and more.
* api-change:``config``: [``botocore``] AWS Config now supports ConformancePackTemplate documents
in SSM Docs for the deployment and update of conformance packs.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``ivs``: [``botocore``] Documentation Change for IVS API Reference - Doc-only update
to type field description for CreateChannel and UpdateChannel actions and for Channel data type.
Also added Amazon Resource Names (ARNs) paragraph to Welcome section.
* api-change:``quicksight``: [``botocore``] Added a new optional property DashboardVisual under
ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
QuickSight dashboards.
* api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.24.58
* api-change:``rds``: [``botocore``] RDS for Oracle supports Oracle Data Guard switchover and read
replica backups.
* api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
IAM Identity Center (successor to AWS Single Sign-On)
- from version 1.24.57
* api-change:``docdb``: [``botocore``] Update document for volume clone
* api-change:``ec2``: [``botocore``] R6a instances are powered by 3rd generation AMD EPYC (Milan)
processors delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are
powered by 3rd generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo
frequency of 3.5 GHz.
* api-change:``forecast``: [``botocore``] releasing What-If Analysis APIs and update ARN regex
pattern to be more strict in accordance with security recommendation
* api-change:``forecastquery``: [``botocore``] releasing What-If Analysis APIs
* api-change:``iotsitewise``: [``botocore``] Enable non-unique asset names under different
hierarchies
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
resources for AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added
FixAvailable, FixedInVersion and Remediation to Vulnerability.
* api-change:``support-app``: [``botocore``] This is the initial SDK release for the AWS Support
App in Slack.
- from version 1.24.56
* api-change:``connect``: [``botocore``] This release adds SearchSecurityProfiles API which can be
used to search for Security Profile resources within a Connect Instance.
* api-change:``ivschat``: [``botocore``] Documentation Change for IVS Chat API Reference - Doc-only
update to change text/description for tags field.
* api-change:``kendra``: [``botocore``] This release adds support for a new authentication type -
Personal Access Token (PAT) for confluence server.
* api-change:``lookoutmetrics``: [``botocore``] This release is to make GetDataQualityMetrics API
publicly available.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.55
* api-change:``chime-sdk-media-pipelines``: [``botocore``] The Amazon Chime SDK now supports live
streaming of real-time video from the Amazon Chime SDK sessions to streaming platforms such as
Amazon IVS and Amazon Elemental MediaLive. We have also added support for concatenation to create a
single media capture file.
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``cognito-idp``: [``botocore``] This change is being made simply to fix the public
documentation based on the models. We have included the PasswordChange and ResendCode events, along
with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are
never returned by our APIs.
* api-change:``dynamodb``: [``botocore``] This release adds support for importing data from S3 into
a new DynamoDB table
* api-change:``ec2``: [``botocore``] This release adds support for VPN log options , a new feature
allowing S2S VPN connections to send IKE activity logs to CloudWatch Logs
* api-change:``networkmanager``: [``botocore``] Add TransitGatewayPeeringAttachmentId property to
TransitGatewayPeering Model
- from version 1.24.54
* api-change:``appmesh``: [``botocore``] AWS App Mesh release to support Multiple Listener and
Access Log Format feature
* api-change:``connectcampaigns``: [``botocore``] Updated exceptions for Amazon Connect Outbound
Campaign api's.
* api-change:``kendra``: [``botocore``] This release adds Zendesk connector (which allows you to
specify Zendesk SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server
(which allows you to specify the proxy configuration if proxy is required to connect to your
Sharepoint/Confluence Server as data source).
* api-change:``lakeformation``: [``botocore``] This release adds a new API support
"AssumeDecoratedRoleWithSAML" and also release updates the corresponding documentation.
* api-change:``lambda``: [``botocore``] Added support for customization of Consumer Group ID for
MSK and Kafka Event Source Mappings.
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``rds``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) for RDS
Aurora database clusters.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
- from version 1.24.53
* api-change:``rekognition``: [``botocore``] This release adds APIs which support copying an Amazon
Rekognition Custom Labels model and managing project policies across AWS account.
* api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- from version 1.24.52
* enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.14.0
* api-change:``cloudfront``: [``botocore``] Adds Http 3 support to distributions
* api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
AWS IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
* api-change:``wisdom``: [``botocore``] This release introduces a new API PutFeedback that allows
submitting feedback to Wisdom on content relevance.
- from version 1.24.51
* api-change:``amp``: [``botocore``] This release adds log APIs that allow customers to manage
logging for their Amazon Managed Service for Prometheus workspaces.
* api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports channels
with up to one million participants with elastic channels.
* api-change:``ivs``: [``botocore``] Updates various list api MaxResults ranges
* api-change:``personalize-runtime``: [``botocore``] This release provides support for promotions
in AWS Personalize runtime.
* api-change:``rds``: [``botocore``] Adds support for RDS Custom to DBInstanceClass in
ModifyDBInstance
- from version 1.24.50
* api-change:``backupstorage``: [``botocore``] This is the first public release of AWS Backup
Storage. We are exposing some previously-internal APIs for use by external services. These APIs are
not meant to be used directly by customers.
* api-change:``glue``: [``botocore``] Add support for Python 3.9 AWS Glue Python Shell jobs
* api-change:``privatenetworks``: [``botocore``] This is the initial SDK release for AWS Private
5G. AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own
private mobile network at your on-premises location.
- from version 1.24.49
* api-change:``dlm``: [``botocore``] This release adds support for excluding specific data
(non-boot) volumes from multi-volume snapshot sets created by snapshot lifecycle policies
* api-change:``ec2``: [``botocore``] This release adds support for excluding specific data
(non-root) volumes from multi-volume snapshot sets created from instances.
- from version 1.24.48
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``location``: [``botocore``] Amazon Location Service now allows circular geofences in
BatchPutGeofence, PutGeofence, and GetGeofence APIs.
* api-change:``sagemaker-a2i-runtime``: [``botocore``] Fix bug with parsing ISO-8601 CreationTime
in Java SDK in DescribeHumanLoop
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
specifying multiple alternate EC2 instance types to make tuning jobs more robust when the preferred
instance type is not available due to insufficient capacity.
- from version 1.24.47
* api-change:``glue``: [``botocore``] Add an option to run non-urgent or non-time sensitive Glue
Jobs on spare capacity
* api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
AWS IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``iotwireless``: [``botocore``] AWS IoT Wireless release support for sidewalk data
reliability.
* api-change:``pinpoint``: [``botocore``] Adds support for Advance Quiet Time in Journeys. Adds
RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
* api-change:``quicksight``: [``botocore``] A series of documentation updates to the QuickSight API
reference.
* api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
IAM Identity Center (successor to AWS Single Sign-On)
* api-change:``sso-oidc``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
* api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
Identity Center (successor to AWS Single Sign-On)
- from version 1.24.46
* enhancement:Lambda: [``botocore``] Add support for Trace ID in Lambda environments
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Tags on Amazon Chime SDK
WebRTC sessions
* api-change:``config``: [``botocore``] Add resourceType enums for Athena, GlobalAccelerator,
Detective and EC2 types
* api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
* api-change:``iot``: [``botocore``] The release is to support attach a provisioning template to
CACert for JITP function, Customer now doesn't have to hardcode a roleArn and templateBody during
register a CACert to enable JITP.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.45
* api-change:``cognito-idp``: [``botocore``] Add a new exception type, ForbiddenException, that is
returned when request is not allowed
* api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF web ACL with an Amazon
Cognito user pool.
- from version 1.24.44
* api-change:``license-manager-user-subscriptions``: [``botocore``] This release supports user
based subscription for Microsoft Visual Studio Professional and Enterprise on EC2.
* api-change:``personalize``: [``botocore``] This release adds support for incremental bulk
ingestion for the Personalize CreateDatasetImportJob API.
- from version 1.24.43
* api-change:``config``: [``botocore``] Documentation update for PutConfigRule and
PutOrganizationConfigRule
* api-change:``workspaces``: [``botocore``] This release introduces ModifySamlProperties, a new API
that allows control of SAML properties associated with a WorkSpaces directory. The
DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.
- from version 1.24.42
* bugfix:TraceId: [``botocore``] Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.24.41
* bugfix:Config: [``botocore``] Obey _X_AMZN_TRACE_ID environment variable instead of
_X_AMZ_TRACE_ID
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx
* api-change:``shield``: [``botocore``] AWS Shield Advanced now supports filtering for
ListProtections and ListProtectionGroups.
- from version 1.24.40
* api-change:``ec2``: [``botocore``] Documentation updates for VM Import/Export.
* api-change:``es``: [``botocore``] This release adds support for gp3 EBS (Elastic Block Store)
storage.
* api-change:``lookoutvision``: [``botocore``] This release introduces support for image
segmentation models and updates CPU accelerator options for models hosted on edge devices.
* api-change:``opensearch``: [``botocore``] This release adds support for gp3 EBS (Elastic Block
Store) storage.
- from version 1.24.39
* api-change:``auditmanager``: [``botocore``] This release adds an exceeded quota exception to
several APIs. We added a ServiceQuotaExceededException for the following operations:
CreateAssessment, CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
* api-change:``chime``: [``botocore``] Chime VoiceConnector will now support ValidateE911Address
which will allow customers to prevalidate their addresses included in their SIP invites for
emergency calling
* api-change:``config``: [``botocore``] This release adds ListConformancePackComplianceScores API
to support the new compliance score feature, which provides a percentage of the number of compliant
rule-resource combinations in a conformance pack compared to the number of total possible
rule-resource combinations in the conformance pack.
* api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports dual-stack
accelerators, enabling support for IPv4 and IPv6 traffic.
* api-change:``marketplace-catalog``: [``botocore``] The SDK for the StartChangeSet API will now
automatically set and use an idempotency token in the ClientRequestToken request parameter if the
customer does not provide it.
* api-change:``polly``: [``botocore``] Amazon Polly adds new English and Hindi voice - Kajal. Kajal
is available as Neural voice only.
* api-change:``ssm``: [``botocore``] Adding doc updates for OpsCenter support in Service Setting
actions.
* api-change:``workspaces``: [``botocore``] Added CreateWorkspaceImage API to create a new
WorkSpace image from an existing WorkSpace.
- from version 1.24.38
* api-change:``appsync``: [``botocore``] Adds support for a new API to evaluate mapping templates
with mock data, allowing you to remotely unit test your AppSync resolvers and functions.
* api-change:``detective``: [``botocore``] Added the ability to get data source package information
for the behavior graph. Graph administrators can now start (or stop) optional datasources on the
behavior graph.
* api-change:``guardduty``: [``botocore``] Amazon GuardDuty introduces a new Malware Protection
feature that triggers malware scan on selected EC2 instance resources, after the service detects a
potentially malicious activity.
* api-change:``lookoutvision``: [``botocore``] This release introduces support for the automatic
scaling of inference units used by Amazon Lookout for Vision models.
* api-change:``macie2``: [``botocore``] This release adds support for retrieving (revealing) sample
occurrences of sensitive data that Amazon Macie detects and reports in findings.
* api-change:``rds``: [``botocore``] Adds support for using RDS Proxies with RDS for MariaDB
databases.
* api-change:``rekognition``: [``botocore``] This release introduces support for the automatic
scaling of inference units used by Amazon Rekognition Custom Labels models.
* api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
* api-change:``transfer``: [``botocore``] AWS Transfer Family now supports Applicability Statement
2 (AS2), a network protocol used for the secure and reliable transfer of critical
Business-to-Business (B2B) data over the public internet using HTTP/HTTPS as the transport
mechanism.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.37
* api-change:``autoscaling``: [``botocore``] Documentation update for Amazon EC2 Auto Scaling.
- from version 1.24.36
* api-change:``account``: [``botocore``] This release enables customers to manage the primary
contact information for their AWS accounts. For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
* api-change:``ec2``: [``botocore``] Added support for EC2 M1 Mac instances. For more information,
please visit aws.amazon.com/mac.
* api-change:``iotdeviceadvisor``: [``botocore``] Added new service feature (Early access only) -
Long Duration Test, where customers can test the IoT device to observe how it behaves when the
device is in operation for longer period.
* api-change:``medialive``: [``botocore``] Link devices now support remote rebooting. Link devices
now support maintenance windows. Maintenance windows allow a Link device to install software
updates without stopping the MediaLive channel. The channel will experience a brief loss of input
from the device while updates are installed.
* api-change:``rds``: [``botocore``] This release adds the "ModifyActivityStream" API with support
for audit policy state locking and unlocking.
* api-change:``transcribe``: [``botocore``] Remove unsupported language codes for
StartTranscriptionJob and update VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.24.35
* api-change:``athena``: [``botocore``] This feature allows customers to retrieve runtime
statistics for completed queries
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
* api-change:``docdb``: [``botocore``] Enable copy-on-write restore type
* api-change:``ec2-instance-connect``: [``botocore``] This release includes a new exception type
"EC2InstanceUnavailableException" for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
* api-change:``frauddetector``: [``botocore``] The release introduces Account Takeover Insights
(ATI) model. The ATI model detects fraud relating to account takeover. This release also adds
support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to
Model Version APIs.
* api-change:``iotsitewise``: [``botocore``] Added asynchronous API to ingest bulk historical and
current data into IoT SiteWise.
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides Oauth2 support for SharePoint
Online. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
* api-change:``network-firewall``: [``botocore``] Network Firewall now supports referencing dynamic
IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
* api-change:``rds``: [``botocore``] Adds support for creating an RDS Proxy for an RDS for MariaDB
database.
- from version 1.24.34
* api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
Authority (PCA) documentation updates
* api-change:``iot``: [``botocore``] GA release the ability to enable/disable IoT Fleet Indexing
for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
This includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.24.33
* api-change:``devops-guru``: [``botocore``] Added new APIs for log anomaly detection feature.
* api-change:``glue``: [``botocore``] Documentation updates for AWS Glue Job Timeout and Autoscaling
* api-change:``sagemaker-edge``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight
model deployment feature to deploy machine learning models on requested devices.
* api-change:``sagemaker``: [``botocore``] Fixed an issue with cross account QueryLineage
* api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
850 to 2000 characters.
- from version 1.24.32
* api-change:``discovery``: [``botocore``] Add AWS Agentless Collector details to the
GetDiscoverySummary API response
* api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
* api-change:``elasticache``: [``botocore``] Adding AutoMinorVersionUpgrade in the
DescribeReplicationGroups API
* api-change:``kms``: [``botocore``] Added support for the SM2 KeySpec in China Partition Regions
* api-change:``mediapackage``: [``botocore``] This release adds "IncludeIframeOnlyStream" for Dash
endpoints and increases the number of supported video and audio encryption presets for Speke v2
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight model
deployment feature to deploy machine learning models on requested devices.
* api-change:``sso-admin``: [``botocore``] AWS SSO now supports attaching customer managed policies
and a permissions boundary to your permission sets. This release adds new API operations to manage
and view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.24.31
* api-change:``datasync``: [``botocore``] Documentation updates for AWS DataSync regarding
configuring Amazon FSx for ONTAP location security groups and SMB user permissions.
* api-change:``drs``: [``botocore``] Changed existing APIs to allow choosing a dynamic volume type
for replicating volumes, to reduce costs for customers.
* api-change:``evidently``: [``botocore``] This release adds support for the new segmentation
feature.
* api-change:``wafv2``: [``botocore``] This SDK release provide customers ability to add
sensitivity level for WAF SQLI Match Statements.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.30
* api-change:``athena``: [``botocore``] This release updates data types that contain either
QueryExecutionId, NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and
contain only non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
* api-change:``codeartifact``: [``botocore``] This release introduces Package Origin Controls, a
mechanism used to counteract Dependency Confusion attacks. Adds two new APIs,
PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage,
DescribePackageVersion and ListPackageVersion APIs in support of the feature.
* api-change:``config``: [``botocore``] Update ResourceType enum with values for Route53Resolver,
Batch, DMS, Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
* api-change:``ec2``: [``botocore``] This release adds flow logs for Transit Gateway to allow
customers to gain deeper visibility and insights into network traffic through their Transit
Gateways.
* api-change:``fms``: [``botocore``] Adds support for strict ordering in stateful rule groups in
Network Firewall policies.
* api-change:``glue``: [``botocore``] This release adds an additional worker type for Glue
Streaming jobs.
* api-change:``inspector2``: [``botocore``] This release adds support for Inspector V2 scan
configurations through the get and update configuration APIs. Currently this allows configuring ECR
automated re-scan duration to lifetime or 180 days or 30 days.
* api-change:``kendra``: [``botocore``] This release adds AccessControlConfigurations which allow
you to redefine your document level access control without the need for content re-indexing.
* api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for IAM-based access to
AWS resources for Nimble Studio components and custom studio components. Studio Component scripts
use these roles on Nimble Studio workstation to mount filesystems, access S3 buckets, or other
configured resources in the Studio's AWS account
* api-change:``outposts``: [``botocore``] This release adds the ShipmentInformation and
AssetInformationList fields to the GetOrder API response.
* api-change:``sagemaker``: [``botocore``] This release adds support for G5, P4d, and C6i instance
types in Amazon SageMaker Inference and increases the number of hyperparameters that can be
searched from 20 to 30 in Amazon SageMaker Automatic Model Tuning
- from version 1.24.29
* api-change:``appconfig``: [``botocore``] Adding Create, Get, Update, Delete, and List APIs for
new two new resources: Extensions and ExtensionAssociations.
- from version 1.24.28
* api-change:``networkmanager``: [``botocore``] This release adds general availability API support
for AWS Cloud WAN.
- from version 1.24.27
* api-change:``ec2``: [``botocore``] Build, manage, and monitor a unified global network that
connects resources running across your cloud and on-premises environments using the AWS Cloud WAN
APIs.
* api-change:``redshift-serverless``: [``botocore``] Removed prerelease language for GA launch.
* api-change:``redshift``: [``botocore``] This release adds a new --snapshot-arn field for
describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.24.26
* api-change:``backup``: [``botocore``] This release adds support for authentication using IAM user
identity instead of passed IAM role, identified by excluding the IamRoleArn field in the
StartRestoreJob API. This feature applies to only resource clients with a destructive restore
nature (e.g. SAP HANA).
- from version 1.24.25
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for AppKeys and TenantIds in
Amazon Chime SDK WebRTC sessions
* api-change:``dms``: [``botocore``] New api to migrate event subscriptions to event bridge rules
* api-change:``iot``: [``botocore``] This release adds support to register a CA certificate without
having to provide a verification certificate. This also allows multiple AWS accounts to register
the same CA in the same region.
* api-change:``iotwireless``: [``botocore``] Adds 5 APIs: PutPositionConfiguration,
GetPositionConfiguration, ListPositionConfigurations, UpdatePosition, GetPosition for the new
Positioning Service feature which enables customers to configure solvers to calculate position of
LoRaWAN devices, or specify position of LoRaWAN devices & gateways.
* api-change:``sagemaker``: [``botocore``] Heterogeneous clusters: the ability to launch training
jobs with multiple instance types. This enables running component of the training job on the
instance type that is most suitable for it. e.g. doing data processing and augmentation on CPU
instances and neural network training on GPU instances
- from version 1.24.24
* api-change:``cloudformation``: [``botocore``] My AWS Service (placeholder) - Add a new feature
Account-level Targeting for StackSet operation
* api-change:``synthetics``: [``botocore``] This release introduces Group feature, which enables
users to group cross-region canaries.
- from version 1.24.23
* api-change:``config``: [``botocore``] Updating documentation service limits
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``quicksight``: [``botocore``] This release allows customers to programmatically
create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases
allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.
* api-change:``rds``: [``botocore``] Adds waiters support for DBCluster.
* api-change:``rolesanywhere``: [``botocore``] IAM Roles Anywhere allows your workloads such as
servers, containers, and applications to obtain temporary AWS credentials and use the same IAM
roles and policies that you have configured for your AWS workloads to access AWS resources.
* api-change:``ssm-incidents``: [``botocore``] Adds support for tagging incident-record on creation
by providing incident tags in the template within a response-plan.
- from version 1.24.22
* api-change:``dms``: [``botocore``] Added new features for AWS DMS version 3.4.7 that includes new
endpoint settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
* api-change:``rds``: [``botocore``] Adds support for additional retention periods to Performance
Insights.
- from version 1.24.21
* api-change:``athena``: [``botocore``] This feature introduces the API support for Athena's
parameterized query and BatchGetPreparedStatement API.
* api-change:``customer-profiles``: [``botocore``] This release adds the optional
MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
the profile auto-merging step of the Identity Resolution process.
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``glue``: [``botocore``] This release adds tag as an input of CreateDatabase
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
alfresco
* api-change:``mwaa``: [``botocore``] Documentation updates for Amazon Managed Workflows for Apache
Airflow.
* api-change:``pricing``: [``botocore``] Documentation update for GetProducts Response.
* api-change:``wellarchitected``: [``botocore``] Added support for UpdateGlobalSettings API. Added
status filter to ListWorkloadShares and ListLensShares.
* api-change:``workmail``: [``botocore``] This release adds support for managing user availability
configurations in Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.20
* api-change:``appstream``: [``botocore``] Includes support for StreamingExperienceSettings in
CreateStack and UpdateStack APIs
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``medialive``: [``botocore``] This release adds support for automatic renewal of
MediaLive reservations at the end of each reservation term. Automatic renewal is optional. This
release also adds support for labelling accessibility-focused audio and caption tracks in HLS
outputs.
* api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``sagemaker``: [``botocore``] This release adds: UpdateFeatureGroup,
UpdateFeatureMetadata, DescribeFeatureMetadata APIs; FeatureMetadata type in Search API;
LastModifiedTime, LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
* api-change:``translate``: [``botocore``] Added ListLanguages API which can be used to list the
languages supported by Translate.
- from version 1.24.19
* api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for NetApp ONTAP
locations.
* api-change:``ec2``: [``botocore``] This release adds a new spread placement group to EC2
Placement Groups: host level spread, which spread instances between physical hosts, available to
Outpost customers only. CreatePlacementGroup and DescribePlacementGroups APIs were updated with a
new parameter: SpreadLevel to support this feature.
* api-change:``finspace-data``: [``botocore``] Release new API GetExternalDataViewAccessDetails
* api-change:``polly``: [``botocore``] Add 4 new neural voices - Pedro (es-US), Liam (fr-CA),
Daniel (de-DE) and Arthur (en-GB).
- from version 1.24.18
* api-change:``iot``: [``botocore``] This release ease the restriction for the input of tag value
to align with AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.24.17
* api-change:``glue``: [``botocore``] This release enables the new ListCrawls API for viewing the
AWS Glue Crawler run history.
* api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
- from version 1.24.16
* api-change:``lookoutequipment``: [``botocore``] This release adds visualizations to the scheduled
inference results. Users will be able to see interference results, including diagnostic results
from their running inference schedulers.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has released support
for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
* api-change:``mgn``: [``botocore``] New and modified APIs for the Post-Migration Framework
* api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds the new API
UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API
will now allow users to create route in ACTIVE/INACTIVE state.
* api-change:``sagemaker``: [``botocore``] SageMaker Ground Truth now supports Virtual Private
Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.24.15
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``pricing``: [``botocore``] This release introduces 1 update to the GetProducts API.
The serviceCode attribute is now required when you use the GetProductsRequest.
* api-change:``transfer``: [``botocore``] Until today, the service supported only RSA host keys and
user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519
host keys and user keys, enabling customers to support a broader set of clients by choosing RSA,
ECDSA, and ED25519 host and user keys.
- from version 1.24.14
* api-change:``ec2``: [``botocore``] This release adds support for Private IP VPNs, a new feature
allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over
Direct Connect as transport.
* api-change:``ecs``: [``botocore``] Amazon ECS UpdateService now supports the following
parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
* api-change:``wellarchitected``: [``botocore``] Adds support for lens tagging, Adds support for
multiple helpful-resource urls and multiple improvement-plan urls.
- from version 1.24.13
* api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
Managed Microsoft AD settings
* api-change:``kafka``: [``botocore``] Documentation updates to use Az Id during cluster creation.
* api-change:``outposts``: [``botocore``] This release adds the AssetLocation structure to the
ListAssets response. AssetLocation includes the RackElevation for an Asset.
- from version 1.24.12
* api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
specified Amazon Connect instance.
* api-change:``connectcampaigns``: [``botocore``] Added Amazon Connect high volume outbound
communications SDK.
* api-change:``dynamodb``: [``botocore``] Doc only update for DynamoDB service
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
- from version 1.24.11
* api-change:``redshift-data``: [``botocore``] This release adds a new --workgroup-name field to
operations that connect to an endpoint. Customers can now execute queries against their serverless
workgroups.
* api-change:``redshiftserverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``securityhub``: [``botocore``] Added Threats field for security findings. Added new
resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2
TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and
WAF Rules
- from version 1.24.10
* api-change:``finspace-data``: [``botocore``] This release adds a new set of APIs,
GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup,
ListPermissionGroupsByUser, ListUsersByPermissionGroup.
* api-change:``guardduty``: [``botocore``] Adds finding fields available from GuardDuty Console.
Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts
and Replace them with Administrator Accounts.
* api-change:``servicecatalog-appregistry``: [``botocore``] This release adds a new API
ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
'Name' attribute.
* api-change:``workspaces``: [``botocore``] Added new field "reason" to
OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API
will now return a reason giving more context on the failure.
- from version 1.24.9
* api-change:``budgets``: [``botocore``] Add a budgets ThrottlingException. Update the CostFilters
value pattern.
* api-change:``lookoutmetrics``: [``botocore``] Adding filters to Alert and adding new UpdateAlert
API.
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.24.8
* api-change:``outposts``: [``botocore``] This release adds API operations AWS uses to install
Outpost servers.
- from version 1.24.7
* api-change:``frauddetector``: [``botocore``] Documentation updates for Amazon Fraud Detector
(AWSHawksNest)
- from version 1.24.6
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for live transcription in AWS
GovCloud (US) Regions.
- from version 1.24.5
* api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor APIs and exposes
functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor
instances, and to collect and analyze information about the local data infrastructure.
* api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
(IAM).
* api-change:``m2``: [``botocore``] AWS Mainframe Modernization service is a managed mainframe
service and set of tools for planning, migrating, modernizing, and running mainframe workloads on
AWS
* api-change:``neptune``: [``botocore``] This release adds support for Neptune to be configured as
a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in
other regions.
* api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
clusters. The new operations let you interact with Redshift Serverless resources, such as create
snapshots, list VPC endpoints, delete resource policies, and more.
* api-change:``redshift``: [``botocore``] Adds new API GetClusterCredentialsWithIAM to return
temporary credentials.
- from version 1.24.4
* api-change:``auditmanager``: [``botocore``] This release introduces 2 updates to the Audit
Manager API. The roleType and roleArn attributes are now required when you use the CreateAssessment
or UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
operation.
* api-change:``ce``: [``botocore``] Added two new APIs to support cost allocation tags operations:
ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.24.3
* api-change:``chime-sdk-messaging``: [``botocore``] This release adds support for searching
channels by members via the SearchChannels API, removes required restrictions for Name and Mode in
UpdateChannel API and enhances CreateChannel API by exposing member and moderator list as well as
channel id as optional parameters.
* api-change:``connect``: [``botocore``] This release adds a new API, GetCurrentUserData, which
returns real-time details about users' current activity.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.2
* api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
* api-change:``voice-id``: [``botocore``] Added a new attribute ServerSideEncryptionUpdateDetails
to Domain and DomainSummary.
* api-change:``proton``: [``botocore``] Add new "Components" API to enable users to Create, Delete
and Update AWS Proton components.
* api-change:``connect``: [``botocore``] This release adds the following features: 1) New APIs to
manage (create, list, update) task template resources, 2) Updates to startTaskContact API to
support task templates, and 3) new TransferContact API to programmatically transfer in-progress
tasks via a contact flow.
* api-change:``application-insights``: [``botocore``] Provide Account Level onboarding support
through CFN/CLI
* api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
GitHub. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.24.1
* api-change:``backup-gateway``: [``botocore``] Adds GetGateway and UpdateGatewaySoftwareNow API
and adds hypervisor name to UpdateHypervisor API
* api-change:``forecast``: [``botocore``] Added Format field to Import and Export APIs in Amazon
Forecast. Added TimeSeriesSelector to Create Forecast API.
* api-change:``chime-sdk-meetings``: [``botocore``] Adds support for centrally controlling each
participant's ability to send and receive audio, video and screen share within a WebRTC session.
Attendee capabilities can be specified when the attendee is created and updated during the session
with the new BatchUpdateAttendeeCapabilitiesExcept API.
* api-change:``route53``: [``botocore``] Add new APIs to support Route 53 IP Based Routing
- from version 1.24.0
* api-change:``iotsitewise``: [``botocore``] This release adds the following new optional field to
the IoT SiteWise asset resource: assetDescription.
* api-change:``lookoutmetrics``: [``botocore``] Adding backtest mode to detectors using the
Cloudwatch data source.
* api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports automatic language
identification for multi-lingual audio in batch mode.
* feature:Python: Dropped support for Python 3.6
* feature:Python: [``botocore``] Dropped support for Python 3.6
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports IP Address propagation for
all unauthenticated APIs (e.g. SignUp, ForgotPassword).
* api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to accommodate using
multiple AWS accounts with AWS Elastic Disaster Recovery.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now support Jupyter
Lab 3.
- from version 1.23.10
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now allows
configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5
instance types.
* api-change:``appflow``: [``botocore``] Adding the following features/changes: Parquet output that
preserves typing from the source connector, Failed executions threshold before deactivation for
scheduled flows, increasing max size of access and refresh token from 2048 to 4096
* api-change:``datasync``: [``botocore``] AWS DataSync now supports TLS encryption in transit, file
system policies and access points for EFS locations.
* api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
Serverless, a serverless runtime environment that simplifies running analytics applications using
the latest open source frameworks such as Apache Spark and Apache Hive.
- from version 1.23.9
* api-change:``lightsail``: [``botocore``] Amazon Lightsail now supports the ability to configure a
Lightsail Container Service to pull images from Amazon ECR private repositories in your account.
* api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
Serverless, a serverless runtime environment that simplifies running analytics applications using
the latest open source frameworks such as Apache Spark and Apache Hive.
* api-change:``ec2``: [``botocore``] C7g instances, powered by the latest generation AWS Graviton3
processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.
* api-change:``forecast``: [``botocore``] Introduced a new field in Auto Predictor as Time
Alignment Boundary. It helps in aligning the timestamps generated during Forecast exports
- from version 1.23.8
* api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
* api-change:``fsx``: [``botocore``] This release adds root squash support to FSx for Lustre to
restrict root level access from clients by mapping root users to a less-privileged user/group with
limited permissions.
* api-change:``lookoutmetrics``: [``botocore``] Adding AthenaSourceConfig for MetricSet APIs to
support Athena as a data source.
* api-change:``voice-id``: [``botocore``] VoiceID will now automatically expire Speakers if they
haven't been accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker
APIs now return a "LastAccessedAt" time for Speakers, and the EvaluateSession API returns
"SPEAKER_EXPIRED" Auth Decision for EXPIRED Speakers.
* api-change:``cloudformation``: [``botocore``] Add a new parameter statusReason to
DescribeStackSetOperation output for additional details
* api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
* api-change:``apprunner``: [``botocore``] Documentation-only update added for CodeConfiguration.
* api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for manually
selecting features from the input dataset using the CreateAutoMLJob API.
- from version 1.23.7
* api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
* api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports requiring attribute
verification (ex. email and phone number) before update.
* api-change:``networkmanager``: [``botocore``] This release adds Multi Account API support for a
TGW Global Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network
Manager service and dependency CloudFormation StackSets service.
* api-change:``ivschat``: [``botocore``] Doc-only update. For MessageReviewHandler structure, added
timeout period in the description of the fallbackResult field
* api-change:``ec2``: [``botocore``] Stop Protection feature enables customers to protect their
instances from accidental stop actions.
- from version 1.23.6
* api-change:``elasticache``: [``botocore``] Added support for encryption in transit for Memcached
clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using
Memcached version 1.6.12 or later.
* api-change:``forecast``: [``botocore``] New APIs for Monitor that help you understand how your
predictors perform over time.
* api-change:``personalize``: [``botocore``] Adding modelMetrics as part of DescribeRecommender API
response for Personalize.
- from version 1.23.5
* api-change:``comprehend``: [``botocore``] Comprehend releases 14 new entity types for
DetectPiiEntities and ContainsPiiEntities APIs.
* api-change:``logs``: [``botocore``] Doc-only update to publish the new valid values for log
retention
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Remove version constraint on python-pytest in BuildRequires
- Revert changes to Requires that introduced new incompatible syntax
- Update to 1.29.89
* api-change:``ivschat``: This release adds a new exception returned when calling AWS IVS chat
UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when
invalid updates are made in sequence to Logging Configurations.
* api-change:``secretsmanager``: The type definitions of SecretString and SecretBinary now have a
minimum length of 1 in the model to match the exception thrown when you pass in empty values.
- from version 1.29.88
* api-change:``codeartifact``: This release introduces the generic package format, a mechanism for
storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for
publishing generic packages.
* api-change:``connect``: This release adds a new API, GetMetricDataV2, which returns metric data
for Amazon Connect.
* api-change:``evidently``: Updated entity override documentation
* api-change:``networkmanager``: This update provides example usage for TransitGatewayRouteTableArn.
* api-change:``quicksight``: This release has two changes: add state persistence feature for
embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden
collapsed row dimensions in PivotTableOptions.
* api-change:``redshift-data``: Added support for Redshift Serverless workgroup-arn wherever the
WorkgroupName parameter is available.
* api-change:``sagemaker``: Amazon SageMaker Inference now allows SSM access to customer's model
container by setting the "EnableSSMAccess" parameter for a ProductionVariant in
CreateEndpointConfig API.
* api-change:``servicediscovery``: Updated all AWS Cloud Map APIs to provide consistent throttling
exception (RequestLimitExceeded)
* api-change:``sesv2``: This release introduces a new recommendation in Virtual Deliverability
Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification
(BIMI) DNS records for customer sending identities.
- from version 1.29.87
* api-change:``athena``: A new field SubstatementType is added to GetQueryExecution API, so
customers have an error free way to detect the query type and interpret the result.
* api-change:``dynamodb``: Adds deletion protection support to DynamoDB tables. Tables with
deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be
enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting
is not replicated for Global Tables.
* api-change:``ec2``: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest
generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based
instances.
* api-change:``lakeformation``: This release adds two new API support "GetDataCellsFiler" and
"UpdateDataCellsFilter", and also updates the corresponding documentation.
* api-change:``mediapackage-vod``: This release provides the date and time VOD resources were
created.
* api-change:``mediapackage``: This release provides the date and time live resources were created.
* api-change:``route53resolver``: Add dual-stack and IPv6 support for Route 53 Resolver
Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
* api-change:``sagemaker``: There needs to be a user identity to specify the SageMaker user who
perform each action regarding the entity. However, these is a not a unified concept of user
identity across SageMaker service that could be used today.
- from version 1.29.86
* api-change:``dms``: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes
functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation
calculation.
* api-change:``location``: Documentation update for the release of 3 additional map styles for use
with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data
Visualization Dark.
- from version 1.29.85
* api-change:``account``: AWS Account alternate contact email addresses can now have a length of
254 characters and contain the character "|".
* api-change:``ivs``: Updated text description in DeleteChannel, Stream, and StreamSummary.
- from version 1.29.84
* api-change:``dynamodb``: Documentation updates for DynamoDB.
* api-change:``ec2``: This release adds support for a new boot mode for EC2 instances called 'UEFI
Preferred'.
* api-change:``macie2``: Documentation updates for Amazon Macie
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has improved handling for
different input and output color space combinations.
* api-change:``medialive``: AWS Elemental MediaLive adds support for Nielsen watermark timezones.
* api-change:``transcribe``: Amazon Transcribe now supports role access for these API operations:
CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter.
- from version 1.29.83
* api-change:``iot``: A recurring maintenance window is an optional configuration used for rolling
out the job document to all devices in the target group observing a predetermined start time,
duration, and frequency that the maintenance window occurs.
* api-change:``migrationhubstrategy``: This release updates the File Import API to allow importing
servers already discovered by customers with reduced pre-requisites.
* api-change:``organizations``: This release introduces a new reason code,
ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
* api-change:``pi``: This release adds a new field PeriodAlignment to allow the customer specifying
the returned timestamp of time periods to be either the start or end time.
* api-change:``pipes``: This release fixes some input parameter range and patterns.
* api-change:``sagemaker``: Add a new field "EndpointMetrics" in SageMaker Inference Recommender
"ListInferenceRecommendationsJobSteps" API response.
- from version 1.29.82
* api-change:``codecatalyst``: Published Dev Environments StopDevEnvironmentSession API
* api-change:``pricing``: This release adds 2 new APIs - ListPriceLists which returns a list of
applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists
from the generated file from ListPriceLists
* api-change:``s3outposts``: S3 on Outposts introduces a new API ListOutpostsWithS3, with this API
you can list all your Outposts with S3 capacity.
- from version 1.29.81
* enhancement:Documentation: Splits service documentation into multiple sub-pages for better
organization and faster loading time.
* api-change:``comprehend``: Amazon Comprehend now supports flywheels to help you train and manage
new model versions for custom models.
* api-change:``ec2``: This release allows IMDS support to be set to v2-only on an existing AMI, so
that all future instances launched from that AMI will use IMDSv2 by default.
* api-change:``kms``: AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the
GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will
end support for this wrapping algorithm by October 1, 2023.
* api-change:``lightsail``: This release adds Lightsail for Research feature support, such as GUI
session access, cost estimates, stop instance on idle, and disk auto mount.
* api-change:``managedblockchain``: This release adds support for tagging to the accessor resource
in Amazon Managed Blockchain
* api-change:``omics``: Minor model changes to accomodate batch imports feature
- from version 1.29.80
* api-change:``devops-guru``: This release adds the description field on ListAnomaliesForInsight
and DescribeAnomaly API responses for proactive anomalies.
* api-change:``drs``: New fields were added to reflect availability zone data in source server and
recovery instance description commands responses, as well as source server launch status.
* api-change:``internetmonitor``: CloudWatch Internet Monitor is a a new service within CloudWatch
that will help application developers and network engineers continuously monitor internet
performance metrics such as availability and performance between their AWS-hosted applications and
end-users of these applications
* api-change:``lambda``: This release adds the ability to create ESMs with Document DB change
streams as event source. For more information see
https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for HDR10 to
SDR tone mapping, and animated GIF video input sources.
* api-change:``timestream-write``: This release adds the ability to ingest batched historical data
or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.29.79
* api-change:``connect``: StartTaskContact API now supports linked task creation with a new
optional RelatedContactId parameter
* api-change:``connectcases``: This release adds the ability to delete domains through the
DeleteDomain API. For more information see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``redshift``: Documentation updates for Redshift API bringing it in line with IAM best
practices.
* api-change:``securityhub``: New Security Hub APIs and updates to existing APIs that help you
consolidate control findings and enable and disable controls across all supported standards
* api-change:``servicecatalog``: Documentation updates for Service Catalog
- Update to 1.29.78
* api-change:``appflow``: This release enables the customers to choose whether to use Private Link
for Metadata and Authorization call when using a private Salesforce connections
* api-change:``ecs``: This release supports deleting Amazon ECS task definitions that are in the
INACTIVE state.
* api-change:``grafana``: Doc-only update. Updated information on attached role policies for
customer provided roles
* api-change:``guardduty``: Updated API and data types descriptions for CreateFilter, UpdateFilter,
and TriggerDetails.
* api-change:``iotwireless``: In this release, we add additional capabilities for the FUOTA which
allows user to configure the fragment size, the sending interval and the redundancy ratio of the
FUOTA tasks
* api-change:``location``: This release adds support for using Maps APIs with an API Key in
addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys.
* api-change:``macie2``: This release adds support for a new finding type,
Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
shared with an Amazon CloudFront OAI or OAC.
* api-change:``wafv2``: You can now associate an AWS WAF v2 web ACL with an AWS App Runner service.
- from version 1.29.77
* api-change:``chime-sdk-voice``: This release introduces support for Voice Connector media metrics
in the Amazon Chime SDK Voice namespace
* api-change:``cloudfront``: CloudFront now supports block lists in origin request policies so that
you can forward all headers, cookies, or query string from viewer requests to the origin *except*
for those specified in the block list.
* api-change:``datasync``: AWS DataSync has relaxed the minimum length constraint of AccessKey for
Object Storage locations to 1.
* api-change:``opensearch``: This release lets customers configure Off-peak window and software
update related properties for a new/existing domain. It enhances the capabilities of
StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
allows Auto-tune to make use of Off-peak window.
* api-change:``rum``: CloudWatch RUM now supports CloudWatch Custom Metrics
* api-change:``ssm``: Document only update for Feb 2023
- from version 1.29.76
* api-change:``quicksight``: S3 data sources now accept a custom IAM role.
* api-change:``resiliencehub``: In this release we improved resilience hub application creation and
maintenance by introducing new resource and app component crud APIs, improving visibility and
maintenance of application input sources and added support for additional information attributes to
be provided by customers.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``tnb``: This is the initial SDK release for AWS Telco Network Builder (TNB). AWS
Telco Network Builder is a network automation service that helps you deploy and manage telecom
networks.
- from version 1.29.75
* bugfix:SSO: Fixes aws/aws-cli`#7496 <https://github.com/aws/aws-cli/issues/7496>`__ by using the
correct profile name rather than the one set in the session.
* api-change:``auditmanager``: This release introduces a ServiceQuotaExceededException to the
UpdateAssessmentFrameworkShare API operation.
* api-change:``connect``: Reasons for failed diff has been approved by SDK Reviewer
- from version 1.29.74
* api-change:``apprunner``: This release supports removing MaxSize limit for
AutoScalingConfiguration.
* api-change:``glue``: Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.29.73
* api-change:``emr``: Update emr client to latest version
* api-change:``grafana``: With this release Amazon Managed Grafana now supports inbound Network
Access Control that helps you to restrict user access to your Grafana workspaces
* api-change:``ivs``: Doc-only update. Updated text description in DeleteChannel, Stream, and
StreamSummary.
* api-change:``wafv2``: Added a notice for account takeover prevention (ATP). The interface
incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East
(N. Virginia), without returning an error. ATP response inspection is only available in web ACLs
that protect CloudFront distributions.
- from version 1.29.72
* api-change:``cloudtrail``: This release adds an InsufficientEncryptionPolicyException type to the
StartImport endpoint
* api-change:``efs``: Update efs client to latest version
* api-change:``frauddetector``: This release introduces Lists feature which allows customers to
reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage
these attributes in real time. Lists can be created/deleted and its contents can be modified using
the Fraud Detector API.
* api-change:``glue``: Fix DirectJDBCSource not showing up in CLI code gen
* api-change:``privatenetworks``: This release introduces a new StartNetworkResourceUpdate API,
which enables return/replacement of hardware from a NetworkSite.
* api-change:``rds``: Database Activity Stream support for RDS for SQL Server.
* api-change:``wafv2``: For protected CloudFront distributions, you can now use the AWS WAF Fraud
Control account takeover prevention (ATP) managed rule group to block new login attempts from
clients that have recently submitted too many failed login attempts.
- Update to 1.29.71
* api-change:``appconfig``: AWS AppConfig now offers the option to set a version label on hosted
configuration versions. Version labels allow you to identify specific hosted configuration versions
based on an alternate versioning scheme that you define.
* api-change:``datasync``: With this launch, we are giving customers the ability to use older SMB
protocol versions, enabling them to use DataSync to copy data to and from their legacy storage
arrays.
* api-change:``ec2``: With this release customers can turn host maintenance on or off when
allocating or modifying a supported dedicated host. Host maintenance is turned on by default for
supported hosts.
- from version 1.29.70
* api-change:``account``: This release of the Account Management API enables customers to view and
manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information,
see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
* api-change:``appconfigdata``: AWS AppConfig now offers the option to set a version label on
hosted configuration versions. If a labeled hosted configuration version is deployed, its version
label is available in the GetLatestConfiguration response.
* api-change:``snowball``: Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can
now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.29.69
* api-change:``autoscaling``: You can now either terminate/replace, ignore, or wait for EC2 Auto
Scaling instances on standby or protected from scale in. Also, you can also roll back changes from
a failed instance refresh.
* api-change:``connect``: This update provides the Wisdom session ARN for contacts enabled for
Wisdom in the chat channel.
* api-change:``ec2``: Adds support for waiters that automatically poll for an imported snapshot
until it reaches the completed state.
* api-change:``polly``: Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for selecting algorithms in
CreateAutoMLJob API.
* api-change:``sns``: This release adds support for SNS X-Ray active tracing as well as other
updates.
- from version 1.29.68
* api-change:``chime-sdk-meetings``: Documentation updates for Chime Meetings SDK
* api-change:``emr-containers``: EMR on EKS allows configuring retry policies for job runs through
the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically
if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs
and monitored using CloudWatch events.
* api-change:``evidently``: Updated entity overrides parameter to accept up to 2500 overrides or a
total of 40KB.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``lightsail``: Documentation updates for Lightsail
* api-change:``migration-hub-refactor-spaces``: This release adds support for creating environments
with a network fabric type of NONE
* api-change:``workdocs``: Doc only update for the WorkDocs APIs.
* api-change:``workspaces``: Removed Windows Server 2016 BYOL and made changes based on IAM
campaign.
- from version 1.29.67
* api-change:``backup``: This release added one attribute (resource name) in the output model of
our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No
input required from Customers.
* api-change:``cloudfront``: CloudFront Origin Access Control extends support to AWS Elemental
MediaStore origins.
* api-change:``glue``: DirectJDBCSource + Glue 4.0 streaming options
* api-change:``lakeformation``: This release removes the LFTagpolicyResource expression limits.
- Update to 1.29.66
* api-change:``transfer``: Updated the documentation for the ImportCertificate API call, and added
examples.
- from version 1.29.65
* api-change:``compute-optimizer``: AWS Compute optimizer can now infer if Kafka is running on an
instance.
* api-change:``customer-profiles``: This release deprecates the PartyType and Gender enum data
types from the Profile model and replaces them with new PartyTypeString and GenderString
attributes, which accept any string of length up to 255.
* api-change:``frauddetector``: My AWS Service (Amazon Fraud Detector) - This release introduces
Cold Start Model Training which optimizes training for small datasets and adds intelligent methods
for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights
models with minimal historical-data.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added improved scene change
detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to
the AVC encoder.
* api-change:``outposts``: Adds OrderType to Order structure. Adds PreviousOrderId and
PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
length of pagination token.
- from version 1.29.64
* enhancement:AWSCRT: Upgrade awscrt version to 0.16.9
* api-change:``proton``: Add new GetResourcesSummary API
* api-change:``redshift``: Corrects descriptions of the parameters for the API operations
RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.29.63
* api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption of
configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects
using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported.
* api-change:``connect``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``keyspaces``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``quicksight``: QuickSight support for Radar Chart and Dashboard Publish Options
* api-change:``redshift``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``sso-admin``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.62
* bugfix:``s3``: boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked`
when user also supplies `ChecksumAlgorithm`.
* api-change:``devops-guru``: This release adds filter support ListAnomalyForInsight API.
* api-change:``forecast``: This release will enable customer select INCREMENTAL as ImportModel in
Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following
https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added
support for program updates, and the ability to clip the end of VOD sources in programs.
* api-change:``sns``: Additional attributes added for set-topic-attributes.
- from version 1.29.61
* api-change:``accessanalyzer``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``appsync``: This release introduces the feature to support EventBridge as AppSync
data source.
* api-change:``cloudtrail-data``: Add CloudTrail Data Service to enable users to ingest activity
events from non-AWS sources into CloudTrail Lake.
* api-change:``cloudtrail``: Add new "Channel" APIs to enable users to manage channels used for
CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to manage the
resource-based permissions policy attached to a channel.
* api-change:``codeartifact``: This release introduces a new DeletePackage API, which enables
deletion of a package and all of its versions from a repository.
* api-change:``connectparticipant``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: This launch allows customers to associate up to 8 IP addresses to their NAT
Gateways to increase the limit on concurrent connections to a single destination by eight times
from 55K to 440K.
* api-change:``groundstation``: DigIF Expansion changes to the Customer APIs.
* api-change:``iot``: Added support for IoT Rules Engine Cloudwatch Logs action batch mode.
* api-change:``kinesis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``opensearch``: Amazon OpenSearch Service adds the option for a VPC endpoint
connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can
now use remote reindex to copy indices from one VPC domain to another without a reverse proxy.
* api-change:``outposts``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``polly``: Amazon Polly adds two new neural American English voices - Ruth, Stephen
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports more completion
criteria for Hyperparameter Optimization.
* api-change:``securityhub``: New fields have been added to the AWS Security Finding Format.
Compliance.SecurityControlId is a unique identifier for a security control across standards.
Compliance.AssociatedStandards contains all enabled standards in which a security control is
enabled.
* api-change:``support``: This fixes incorrect endpoint construction when a customer is explicitly
setting a region.
- Update to 1.29.60
* api-change:``clouddirectory``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``cloudformation``: This feature provides a method of obtaining which regions a
stackset has stack instances deployed in.
* api-change:``discovery``: Update ImportName validation to 255 from the current length of 100
* api-change:``dlm``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``ec2``: We add Prefix Lists as a new route destination option for LocalGatewayRoutes.
This will allow customers to create routes to Prefix Lists. Prefix List routes will allow customers
to group individual CIDR routes with the same target into a single route.
* api-change:``imagebuilder``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``kafka``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``mediaconvert``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``swf``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.59
* api-change:``application-autoscaling``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``appstream``: Fixing the issue where Appstream waiters hang for fleet_started and
fleet_stopped.
* api-change:``elasticbeanstalk``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``fis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``glacier``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrass``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
* api-change:``greengrassv2``: Enabled FIPS endpoints for GovCloud (US) in SDK.
* api-change:``mediatailor``: This release introduces the As Run logging type, along with API and
documentation updates.
* api-change:``outposts``: Adding support for payment term in GetOrder, CreateOrder responses.
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: This release supports running SageMaker Training jobs with container
images that are in a private Docker registry.
* api-change:``serverlessrepo``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- Update to 1.29.58
* api-change:``events``: Update events client to latest version
* api-change:``iotfleetwise``: Add model validation to BatchCreateVehicle and BatchUpdateVehicle
operations that invalidate requests with an empty vehicles list.
* api-change:``s3``: Allow FIPS to be used with path-style URLs.
- from version 1.29.57
* api-change:``cloudformation``: Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``ec2``: This release adds new functionality that allows customers to provision IPv6
CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing customers to utilize
IPAM Resource Discovery APIs.
* api-change:``m2``: Add returnCode, batchJobIdentifier in GetBatchJobExecution response, for user
to view the batch job execution result & unique identifier from engine. Also removed unused headers
from REST APIs
* api-change:``polly``: Add 5 new neural voices - Sergio (es-ES), Andres (es-MX), Remi (fr-FR),
Adriano (it-IT) and Thiago (pt-BR).
* api-change:``redshift-serverless``: Added query monitoring rules as possible parameters for
create and update workgroup operations.
* api-change:``s3control``: Add additional endpoint tests for S3 Control. Fix missing endpoint
parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix, those operations may
have resulted in an invalid endpoint being resolved.
* api-change:``sagemaker``: SageMaker Inference Recommender now decouples from Model Registry and
could accept Model Name to invoke inference recommendations job; Inference Recommender now provides
CPU/Memory Utilization metrics data in recommendation output.
* api-change:``sts``: Doc only change to update wording in a key topic
- from version 1.29.56
* api-change:``databrew``: Enabled FIPS us-gov-west-1 endpoints in SDK.
* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Melbourne) Region
(ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
* api-change:``ssm-sap``: This release provides updates to documentation and support for listing
operations performed by AWS Systems Manager for SAP.
- from version 1.29.55
* api-change:``lambda``: Release Lambda RuntimeManagementConfig, enabling customers to better
manage runtime updates to their Lambda functions. This release adds two new APIs,
GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
Create/Get/Update function APIs.
* api-change:``sagemaker``: Amazon SageMaker Inference now supports P4de instance types.
- from version 1.29.54
* api-change:``ec2``: C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd Generation
Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz.
* api-change:``ivs``: API and Doc update. Update to arns field in BatchGetStreamKey. Also updates
to operations and structures.
* api-change:``quicksight``: This release adds support for data bars in QuickSight table and
increases pivot table field well limit.
- from version 1.29.53
* api-change:``appflow``: Adding support for Salesforce Pardot connector in Amazon AppFlow.
* api-change:``codeartifact``: Documentation updates for CodeArtifact
* api-change:``connect``: Amazon Connect Chat introduces Persistent Chat, allowing customers to
resume previous conversations with context and transcripts carried over from previous chats,
eliminating the need to repeat themselves and allowing agents to provide personalized service with
access to entire conversation history.
* api-change:``connectparticipant``: This release updates Amazon Connect Participant's
GetTranscript api to provide transcripts of past chats on a persistent chat session.
* api-change:``ec2``: Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch
Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion
and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the
resolved parameter value.
* api-change:``glue``: Release Glue Studio Hudi Data Lake Format for SDK/CLI
* api-change:``groundstation``: Add configurable prepass and postpass times for
DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
through ReserveContact
* api-change:``logs``: Bug fix - Removed the regex pattern validation from CoralModel to avoid
potential security issue.
* api-change:``medialive``: AWS Elemental MediaLive adds support for SCTE 35 preRollMilliSeconds.
* api-change:``opensearch``: This release adds the enhanced dry run option, that checks for
validation errors that might occur when deploying configuration changes and provides a summary of
these errors, if any. The feature will also indicate whether a blue/green deployment will be
required to apply a change.
* api-change:``panorama``: Added AllowMajorVersionUpdate option to OTAJobConfig to make appliance
software major version updates opt-in.
* api-change:``sagemaker``: HyperParameterTuningJobs now allow passing environment variables into
the corresponding TrainingJobs
- Update to 1.29.52
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``efs``: Update efs client to latest version
* api-change:``ivschat``: Updates the range for a Chat Room's maximumMessageRatePerSecond field.
* api-change:``wafv2``: Improved the visibility of the guidance for updating AWS WAF resources,
such as web ACLs and rule groups.
- from version 1.29.51
* api-change:``billingconductor``: This release adds support for SKU Scope for pricing plans.
* api-change:``cloud9``: Added minimum value to AutomaticStopTimeMinutes parameter.
* api-change:``imagebuilder``: Add support for AWS Marketplace product IDs as input during
CreateImageRecipe for the parent-image parameter. Add support for listing third-party components.
* api-change:``network-firewall``: Network Firewall now allows creation of dual stack endpoints,
enabling inspection of IPv6 traffic.
- update to 1.29.50:
* api-change:``connect``: This release updates the responses of
UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName
and DeleteContactFlow API with empty responses.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``outposts``: This release adds POWER_30_KVA as an option for
PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure
in the CreateSite request.
* api-change:``resource-groups``: AWS Resource Groups customers can now turn
on Group Lifecycle Events in their AWS account. When you turn this on,
Resource Groups monitors your groups for changes to group state or
membership. Those changes are sent to Amazon EventBridge as events that you
can respond to using rules you create.
* api-change:``cleanrooms``: Initial release of AWS Clean Rooms
* api-change:``lambda``: Add support for MaximumConcurrency parameter for SQS
event source. Customers can now limit the maximum concurrent invocations
for their SQS Event Source Mapping.
* api-change:``logs``: Bug fix: logGroupName is now not a required field in
GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams
APIs as logGroupIdentifier can be provided instead
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added
support for compact DASH manifest generation, audio normalization using
TruePeak measurements, and the ability to clip the sample range in the
color corrector.
* api-change:``secretsmanager``: Update documentation for new ListSecrets and DescribeSecret parameters
* api-change:``kendra``: This release adds support to new document types -
RTF, XML, XSLT, MS_EXCEL, CSV, JSON, MD
* api-change:``location``: This release adds support for two new route travel
models, Bicycle and Motorcycle which can be used with Grab data source.
* api-change:``rds``: This release adds support for configuring allocated
storage on the CreateDBInstanceReadReplica,
RestoreDBInstanceFromDBSnapshot, and RestoreDBInstanceToPointInTime APIs.
* api-change:``ecr-public``: This release for Amazon ECR Public makes several
change to bring the SDK into sync with the API.
* api-change:``kendra-ranking``: Introducing Amazon Kendra Intelligent
Ranking, a new set of Kendra APIs that leverages Kendra semantic ranking
capabilities to improve the quality of search results from other search
services (i.e. OpenSearch, ElasticSearch, Solr).
* api-change:``network-firewall``: Network Firewall now supports the Suricata
rule action reject, in addition to the actions pass, drop, and alert.
* api-change:``ram``: Enabled FIPS aws-us-gov endpoints in SDK.
* api-change:``workspaces-web``: This release adds support for a new portal
authentication type: AWS IAM Identity Center (successor to AWS Single
Sign-On).
- correct requires
- update to 1.29.45:
* api-change:``acm-pca``: Added revocation parameter validation: bucket names
must match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions
on the use of special characters in URIs.
* api-change:``auditmanager``: This release introduces a new data retention
option in your Audit Manager settings. You can now use the
DeregistrationPolicy parameter to specify if you want to delete your data
when you deregister Audit Manager.
* api-change:``amplifybackend``: Updated GetBackendAPIModels response to
include ModelIntrospectionSchema json string
* api-change:``apprunner``: This release adds support of securely referencing
secrets and configuration data that are stored in Secrets Manager and SSM
Parameter Store by adding them as environment secrets in your App Runner
service.
* api-change:``connect``: Documentation update for a new Initiation Method
value in DescribeContact API
* api-change:``emr-serverless``: Adds support for customized images. You can
now provide runtime images when creating or updating EMR Serverless
Applications.
* api-change:``lightsail``: Documentation updates for Amazon Lightsail.
* api-change:``mwaa``: MWAA supports Apache Airflow version 2.4.3.
* api-change:``rds``: This release adds support for specifying which
certificate authority (CA) to use for a DB instance's server certificate
during DB instance creation, as well as other CA enhancements.
* api-change:``application-autoscaling``: Customers can now use the existing
DescribeScalingActivities API to also see the detailed and machine-readable
reasons for Application Auto Scaling not scaling their resources and, if
needed, take the necessary corrective actions.
* api-change:``logs``: Update to remove sequenceToken as a required field in
PutLogEvents calls.
* api-change:``ssm``: Adding support for QuickSetup Document Type in Systems
Manager
* api-change:``securitylake``: Allow CreateSubscriber API to take string input
that allows setting more descriptive SubscriberDescription field. Make
souceTypes field required in model level for UpdateSubscriberRequest as it is
required for every API call on the backend. Allow ListSubscribers take any
String as nextToken param.
- Update to 1.29.41
* api-change:``cloudfront``: Extend response headers policy to support removing headers from viewer
responses
* api-change:``iotfleetwise``: Update documentation - correct the epoch constant value of default
value for expiryTime field in CreateCampaign request.
- from version 1.29.40
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``emr``: Update emr client to latest version
* api-change:``secretsmanager``: Added owning service filter, include planned deletion flag, and
next rotation date response parameter in ListSecrets.
* api-change:``wisdom``: This release extends Wisdom CreateContent and StartContentUpload APIs to
support PDF and MicrosoftWord docx document uploading.
- from version 1.29.39
* api-change:``elasticache``: This release allows you to modify the encryption in transit setting,
for existing Redis clusters. You can now change the TLS configuration of your Redis clusters
without the need to re-build or re-provision the clusters or impact application availability.
* api-change:``network-firewall``: AWS Network Firewall now provides status messages for firewalls
to help you troubleshoot when your endpoint fails.
* api-change:``rds``: This release adds support for Custom Engine Version (CEV) on RDS Custom SQL
Server.
* api-change:``route53-recovery-control-config``: Added support for Python paginators in the
route53-recovery-control-config List* APIs.
- from version 1.29.38
* api-change:``memorydb``: This release adds support for MemoryDB Reserved nodes which provides a
significant discount compared to on-demand node pricing. Reserved nodes are not physical nodes, but
rather a billing discount applied to the use of on-demand nodes in your account.
* api-change:``transfer``: Add additional operations to throw ThrottlingExceptions
- from version 1.29.37
* api-change:``connect``: Support for Routing Profile filter, SortCriteria, and grouping by Routing
Profiles for GetCurrentMetricData API. Support for RoutingProfiles, UserHierarchyGroups, and Agents
as filters, NextStatus and AgentStatusName for GetCurrentUserData. Adds ApproximateTotalCount to
both APIs.
* api-change:``connectparticipant``: Amazon Connect Chat introduces the Message Receipts feature.
This feature allows agents and customers to receive message delivered and read receipts after they
send a chat message.
* api-change:``detective``: This release adds a missed AccessDeniedException type to several
endpoints.
* api-change:``fsx``: Fix a bug where a recent release might break certain existing SDKs.
* api-change:``inspector2``: Amazon Inspector adds support for scanning NodeJS 18.x and Go 1.x AWS
Lambda function runtimes.
- from version 1.29.36
* api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
generate optimization recommendations for ecs services running on Fargate.
* api-change:``connect``: Amazon Connect Chat introduces the Idle Participant/Autodisconnect
feature, which allows users to set timeouts relating to the activity of chat participants, using
the new UpdateParticipantRoleConfig API.
* api-change:``iotdeviceadvisor``: This release adds the following new features: 1) Documentation
updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT Device Advisor
APIs. 3) Added new service feature: ability to provide the test endpoint when customer executing
the StartSuiteRun API.
* api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``rds``: Add support for managing master user password in AWS Secrets Manager for the
DBInstance and DBCluster.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.29.35
* api-change:``connect``: Amazon Connect Chat now allows for JSON (application/json) message types
to be sent as part of the initial message in the StartChatContact API.
* api-change:``connectparticipant``: Amazon Connect Chat now allows for JSON (application/json)
message types to be sent in the SendMessage API.
* api-change:``license-manager-linux-subscriptions``: AWS License Manager now offers cross-region,
cross-account tracking of commercial Linux subscriptions on AWS. This includes subscriptions
purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or brought to AWS via
Red Hat Cloud Access Program.
* api-change:``macie2``: This release adds support for analyzing Amazon S3 objects that use the S3
Glacier Instant Retrieval (Glacier_IR) storage class.
* api-change:``sagemaker``: This release enables adding RStudio Workbench support to an existing
Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
parameters for existing domains
* api-change:``scheduler``: Updated the ListSchedules and ListScheduleGroups APIs to allow the
NamePrefix field to start with a number. Updated the validation for executionRole field to support
any role name.
* api-change:``ssm``: Doc-only updates for December 2022.
* api-change:``support``: Documentation updates for the AWS Support API
* api-change:``transfer``: This release adds support for Decrypt as a workflow step type.
- from version 1.29.34
* api-change:``batch``: Adds isCancelled and isTerminated to DescribeJobs response.
* api-change:``ec2``: Adds support for pagination in the EC2 DescribeImages API.
* api-change:``lookoutequipment``: This release adds support for listing inference schedulers by
status.
* api-change:``medialive``: This release adds support for two new features to AWS Elemental
MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now now
support the ability to decode Dolby E audio when it comes in on an input.
* api-change:``nimble``: Amazon Nimble Studio now supports configuring session storage volumes and
persistence, as well as backup and restore sessions through launch profiles.
* api-change:``resource-explorer-2``: Documentation updates for AWS Resource Explorer.
* api-change:``route53domains``: Use Route 53 domain APIs to change owner, create/delete DS record,
modify IPS tag, resend authorization. New: AssociateDelegationSignerToDomain,
DisassociateDelegationSignerFromDomain, PushDomain, ResendOperationAuthorization. Updated:
UpdateDomainContact, ListOperations, CheckDomainTransferability.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for new objective metrics in
CreateAutoMLJob API.
* api-change:``transcribe``: Enable our batch transcription jobs for Swedish and Vietnamese.
- from version 1.29.33
* api-change:``athena``: Add missed InvalidRequestException in
GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
* api-change:``ecs``: This release adds support for alarm-based rollbacks in ECS, a new feature
that allows customers to add automated safeguards for Amazon ECS service rolling updates.
* api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
as well as media ingestion to the cloud.
* api-change:``kinesisvideo``: Amazon Kinesis Video Streams offers capabilities to stream video and
audio in real-time via WebRTC to the cloud for storage, playback, and analytical processing.
Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming, as well as
media ingestion to the cloud.
* api-change:``rds``: Add support for --enable-customer-owned-ip to RDS
create-db-instance-read-replica API for RDS on Outposts.
* api-change:``sagemaker``: AWS Sagemaker - Sagemaker Images now supports Aliases as secondary
identifiers for ImageVersions. SageMaker Images now supports additional metadata for ImageVersions
for better images management.
- from version 1.29.32
* api-change:``appflow``: This release updates the ListConnectorEntities API action so that it
returns paginated responses that customers can retrieve with next tokens.
* api-change:``cloudfront``: Updated documentation for CloudFront
* api-change:``datasync``: AWS DataSync now supports the use of tags with task executions. With
this new feature, you can apply tags each time you execute a task, giving you greater control and
management over your task executions.
* api-change:``efs``: Update efs client to latest version
* api-change:``guardduty``: This release provides the valid characters for the Description and Name
field.
* api-change:``iotfleetwise``: Updated error handling for empty resource names in
"UpdateSignalCatalog" and "GetModelManifest" operations.
* api-change:``sagemaker``: AWS sagemaker - Features: This release adds support for random seed,
it's an integer value used to initialize a pseudo-random number generator. Setting a random seed
will allow the hyperparameter tuning search strategies to produce more consistent configurations
for the same tuning job.
- from version 1.29.31
* api-change:``backup-gateway``: This release adds support for VMware vSphere tags, enabling
customer to protect VMware virtual machines using tag-based policies for AWS tags mapped from
vSphere tags. This release also adds support for customer-accessible gateway-hypervisor interaction
log and upload bandwidth rate limit schedule.
* api-change:``connect``: Added support for "English - New Zealand" and "English - South African"
to be used with Amazon Connect Custom Vocabulary APIs.
* api-change:``ecs``: This release adds support for container port ranges in ECS, a new capability
that allows customers to provide container port ranges to simplify use cases where multiple ports
are in use in a container. This release updates TaskDefinition mutation APIs and the Task
description APIs.
* api-change:``eks``: Add support for Windows managed nodes groups.
* api-change:``glue``: This release adds support for AWS Glue Crawler with native DeltaLake tables,
allowing Crawlers to classify Delta Lake format tables and catalog them for query engines to query
against.
* api-change:``kinesis``: Added StreamARN parameter for Kinesis Data Streams APIs. Added a new
opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when accessing
Kinesis Data Streams.
* api-change:``location``: This release adds support for a new style, "VectorOpenDataStandardLight"
which can be used with the new data source, "Open Data Maps (Preview)".
* api-change:``m2``: Adds an optional create-only `KmsKeyId` property to Environment and
Application resources.
* api-change:``sagemaker``: SageMaker Inference Recommender now allows customers to load tests
their models on various instance types using private VPC.
* api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
* api-change:``translate``: Raised the input byte size limit of the Text field in the TranslateText
API to 10000 bytes.
- from version 1.29.30
* api-change:``ce``: This release supports percentage-based thresholds on Cost Anomaly Detection
alert subscriptions.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``networkmanager``: Appliance Mode support for AWS Cloud WAN.
* api-change:``redshift-data``: This release adds a new --client-token field to ExecuteStatement
and BatchExecuteStatement operations. Customers can now run queries with the additional client
token parameter to ensures idempotency.
* api-change:``sagemaker-metrics``: Update SageMaker Metrics documentation.
- from version 1.29.29
* api-change:``cloudtrail``: Merging mainline branch for service model into mainline release
branch. There are no new APIs.
* api-change:``rds``: This deployment adds ClientPasswordAuthType field to the Auth structure of
the DBProxy.
- from version 1.29.28
* bugfix:Endpoint provider: Updates ARN parsing ``resourceId`` delimiters
* api-change:``customer-profiles``: This release allows custom strings in PartyType and Gender
through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString and
GenderString.
* api-change:``ec2``: This release updates DescribeFpgaImages to show supported instance types of
AFIs in its response.
* api-change:``kinesisvideo``: This release adds support for public preview of Kinesis Video Stream
at Edge enabling customers to provide configuration for the Kinesis Video Stream EdgeAgent running
on an on-premise IoT device. Customers can now locally record from cameras and stream videos to the
cloud on configured schedule.
* api-change:``lookoutvision``: This documentation update adds kms:GenerateDataKey as a required
permission to StartModelPackagingJob.
* api-change:``migration-hub-refactor-spaces``: This release adds support for Lambda alias service
endpoints. Lambda alias ARNs can now be passed into CreateService.
* api-change:``rds``: Update the RDS API model to support copying option groups during the
CopyDBSnapshot operation
* api-change:``rekognition``: Adds support for "aliases" and "categories", inclusion and exclusion
filters for labels and label categories, and aggregating labels by video segment timestamps for
Stored Video Label Detection APIs.
* api-change:``sagemaker-metrics``: This release introduces support SageMaker Metrics APIs.
* api-change:``wafv2``: Documents the naming requirement for logging destinations that you use with
web ACLs.
- from version 1.29.27
* api-change:``iotfleetwise``: Deprecated assignedValue property for actuators and attributes.
Added a message to invalid nodes and invalid decoder manifest exceptions.
* api-change:``logs``: Doc-only update for CloudWatch Logs, for Tagging Permissions clarifications
* api-change:``medialive``: Link devices now support buffer size (latency) configuration. A higher
latency value means a longer delay in transmitting from the device to MediaLive, but improved
resiliency. A lower latency value means a shorter delay, but less resiliency.
* api-change:``mediapackage-vod``: This release provides the approximate number of assets in a
packaging group.
- Update to 1.29.26
* enhancement:Endpoint Provider Standard Library: Correct spelling of 'library' in
``StandardLibrary`` class
* api-change:``autoscaling``: Adds support for metric math for target tracking scaling policies,
saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for
VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to
the CreateAutoScalingGroup API.
* api-change:``iottwinmaker``: This release adds the following new features: 1) New APIs for
managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user
friendly names for component types (ComponentTypeName) and properties (DisplayName).
* api-change:``migrationhubstrategy``: This release adds known application filtering, server
selection for assessments, support for potential recommendations, and indications for configuration
and assessment status. For more information, see the AWS Migration Hub documentation at
https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.29.25
* api-change:``ce``: This release adds the LinkedAccountName field to the GetAnomalies API response
under RootCause
* api-change:``cloudfront``: Introducing UpdateDistributionWithStagingConfig that can be used to
promote the staging configuration to the production.
* api-change:``eks``: Adds support for EKS add-ons configurationValues fields and
DescribeAddonConfiguration function
* api-change:``kms``: Updated examples and exceptions for External Key Store (XKS).
- from version 1.29.24
* api-change:``billingconductor``: This release adds the Tiering Pricing Rule feature.
* api-change:``connect``: This release provides APIs that enable you to programmatically manage
rules for Contact Lens conversational analytics and third party applications. For more information,
see https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
* api-change:``dynamodb``: Endpoint Ruleset update: Use http instead of https for the "local"
region.
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``rds``: This release adds the BlueGreenDeploymentNotFoundFault to the
AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
* api-change:``sagemaker-featurestore-runtime``: For online + offline Feature Groups, added ability
to target PutRecord and DeleteRecord actions to only online store, or only offline store. If target
store parameter is not specified, actions will apply to both stores.
- from version 1.29.23
* api-change:``ce``: This release introduces two new APIs that offer a 1-click experience to
refresh Savings Plans recommendations. The two APIs are
StartSavingsPlansPurchaseRecommendationGeneration and
ListSavingsPlansPurchaseRecommendationGeneration.
* api-change:``ec2``: Documentation updates for EC2.
* api-change:``ivschat``: Adds PendingVerification error type to messaging APIs to block the
resource usage for accounts identified as being fraudulent.
* api-change:``rds``: This release adds the InvalidDBInstanceStateFault to the
RestoreDBClusterFromSnapshot operation.
* api-change:``transcribe``: Amazon Transcribe now supports creating custom language models in the
following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.29.22
* api-change:``appsync``: Fixes the URI for the evaluatecode endpoint to include the /v1 prefix
(ie. "/v1/dataplane-evaluatecode").
* api-change:``ecs``: Documentation updates for Amazon ECS
* api-change:``fms``: AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a
Service as a third-party policy type.
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for
configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in
DASH and CMAF outputs.
* api-change:``medialive``: Updates to Event Signaling and Management (ESAM) API and documentation.
* api-change:``polly``: Add language code for Finnish (fi-FI)
* api-change:``proton``: CreateEnvironmentAccountConnection RoleArn input is now optional
* api-change:``redshift-serverless``: Add Table Level Restore operations for Amazon Redshift
Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to
Snapshots and Recovery Points in Amazon Redshift Serverless.
* api-change:``sns``: This release adds the message payload-filtering feature to the SNS Subscribe,
SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update to 1.29.21
* api-change:``codecatalyst``: This release adds operations that support customers using the AWS
Toolkits and Amazon CodeCatalyst, a unified software development service that helps developers
develop, deploy, and maintain applications in the cloud. For more information, see the
documentation.
* api-change:``comprehend``: Comprehend now supports semi-structured documents (such as PDF files
or image files) as inputs for custom analysis using the synchronous APIs (ClassifyDocument and
DetectEntities).
* api-change:``gamelift``: GameLift introduces a new feature, GameLift Anywhere. GameLift Anywhere
allows you to integrate your own compute resources with GameLift. You can also use GameLift
Anywhere to iteratively test your game servers without uploading the build to GameLift for every
iteration.
* api-change:``pipes``: AWS introduces new Amazon EventBridge Pipes which allow you to connect
sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any code, with
filtering, batching, input transformation, and an optional Enrichment stage (Lambda, StepFunctions,
ApiGateway, ApiDestinations)
* api-change:``stepfunctions``: Update stepfunctions client to latest version
- from version 1.29.20
* api-change:``accessanalyzer``: This release adds support for S3 cross account access points. IAM
Access Analyzer will now produce public or cross account findings when it detects bucket delegation
to external account access points.
* api-change:``athena``: This release includes support for using Apache Spark in Amazon Athena.
* api-change:``dataexchange``: This release enables data providers to license direct access to data
in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data Exchange. Subscribers
get read-only access to the data and can use it in downstream AWS services, like Amazon Athena,
without creating or managing copies.
* api-change:``docdb-elastic``: Launched Amazon DocumentDB Elastic Clusters. You can now use the
SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
* api-change:``glue``: This release adds support for AWS Glue Data Quality, which helps you
evaluate and monitor the quality of your data and includes the API for creating, deleting, or
updating data quality rulesets, runs and evaluations.
* api-change:``s3control``: Amazon S3 now supports cross-account access points. S3 bucket owners
can now allow trusted AWS accounts to create access points associated with their bucket.
* api-change:``sagemaker-geospatial``: This release provides Amazon SageMaker geospatial APIs to
build, train, deploy and visualize geospatial models.
* api-change:``sagemaker``: Added Models as part of the Search API. Added Model shadow deployments
in realtime inference, and shadow testing in managed inference. Added support for shared spaces,
geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on user profiles and
domains, Model sharing in Jumpstart.
- from version 1.29.19
* api-change:``ec2``: This release adds support for AWS Verified Access and the Hpc6id Amazon EC2
compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
* api-change:``firehose``: Allow support for the Serverless offering for Amazon OpenSearch Service
as a Kinesis Data Firehose delivery destination.
* api-change:``kms``: AWS KMS introduces the External Key Store (XKS), a new feature for customers
who want to protect their data with encryption keys stored in an external key management system
under their control.
* api-change:``omics``: Amazon Omics is a new, purpose-built service that can be used by healthcare
and life science organizations to store, query, and analyze omics data. The insights from that data
can be used to accelerate scientific discoveries and improve healthcare.
* api-change:``opensearchserverless``: Publish SDK for Amazon OpenSearch Serverless
* api-change:``securitylake``: Amazon Security Lake automatically centralizes security data from
cloud, on-premises, and custom sources into a purpose-built data lake stored in your account.
Security Lake makes it easier to analyze security data, so you can improve the protection of your
workloads, applications, and data
* api-change:``simspaceweaver``: AWS SimSpace Weaver is a new service that helps customers build
spatial simulations at new levels of scale - resulting in virtual worlds with millions of dynamic
entities. See the AWS SimSpace Weaver developer guide for more details on how to get started.
https://docs.aws.amazon.com/simspaceweaver
- from version 1.29.18
* api-change:``arc-zonal-shift``: Amazon Route 53 Application Recovery Controller Zonal Shift is a
new service that makes it easy to shift traffic away from an Availability Zone in a Region. See the
developer guide for more information:
https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
* api-change:``compute-optimizer``: Adds support for a new recommendation preference that makes it
possible for customers to optimize their EC2 recommendations by utilizing an external metrics
ingestion service to provide metrics.
* api-change:``config``: With this release, you can use AWS Config to evaluate your resources for
compliance with Config rules before they are created or updated. Using Config rules in proactive
mode enables you to test and build compliant resource templates or check resource configurations at
the time they are provisioned.
* api-change:``ec2``: Introduces ENA Express, which uses AWS SRD and dynamic routing to increase
throughput and minimize latency, adds support for trust relationships between Reachability Analyzer
and AWS Organizations to enable cross-account analysis, and adds support for Infrastructure
Performance metric subscriptions.
* api-change:``eks``: Adds support for additional EKS add-ons metadata and filtering fields
* api-change:``fsx``: This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP file systems
and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP, this also
adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route table
updates.
* api-change:``glue``: This release allows the creation of Custom Visual Transforms (Dynamic
Transforms) to be created via AWS Glue CLI/SDK.
* api-change:``inspector2``: This release adds support for Inspector to scan AWS Lambda.
* api-change:``lambda``: Adds support for Lambda SnapStart, which helps improve the startup
performance of functions. Customers can now manage SnapStart based functions via CreateFunction and
UpdateFunctionConfiguration APIs
* api-change:``license-manager-user-subscriptions``: AWS now offers fully-compliant,
Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
launch instances on-demand without any long-term licensing commitments.
* api-change:``macie2``: Added support for configuring Macie to continually sample objects from S3
buckets and inspect them for sensitive data. Results appear in statistics, findings, and other data
that Macie provides.
* api-change:``quicksight``: This release adds new Describe APIs and updates Create and Update APIs
to support the data model for Dashboards, Analyses, and Templates.
* api-change:``s3control``: Added two new APIs to support Amazon S3 Multi-Region Access Point
failover controls: GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. The
failover control APIs are supported in the following Regions: us-east-1, us-west-2, eu-west-1,
ap-southeast-2, and ap-northeast-1.
* api-change:``securityhub``: Adding StandardsManagedBy field to DescribeStandards API response
- from version 1.29.17
* api-change:``backup``: AWS Backup introduces support for legal hold and application stack
backups. AWS Backup Audit Manager introduces support for cross-Region, cross-account reports.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``drs``: Non breaking changes to existing APIs, and additional APIs added to support
in-AWS failing back using AWS Elastic Disaster Recovery.
* api-change:``ecs``: This release adds support for ECS Service Connect, a new capability that
simplifies writing and operating resilient distributed applications. This release updates the
TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also adds a new
ListServicesByNamespace API.
* api-change:``efs``: Update efs client to latest version
* api-change:``iot-data``: This release adds support for MQTT5 properties to AWS IoT HTTP Publish
API.
* api-change:``iot``: Job scheduling enables the scheduled rollout of a Job with start and end
times and a customizable end behavior when end time is reached. This is available for continuous
and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish Action.
* api-change:``iotwireless``: This release includes a new feature for customers to calculate the
position of their devices by adding three new APIs: UpdateResourcePosition, GetResourcePosition,
and GetPositionEstimate.
* api-change:``kendra``: Amazon Kendra now supports preview of table information from HTML tables
in the search results. The most relevant cells with their corresponding rows, columns are displayed
as a preview in the search result. The most relevant table cell or cells are also highlighted in
table preview.
* api-change:``logs``: Updates to support CloudWatch Logs data protection and CloudWatch
cross-account observability
* api-change:``mgn``: This release adds support for Application and Wave management. We also now
support custom post-launch actions.
* api-change:``oam``: Amazon CloudWatch Observability Access Manager is a new service that allows
configuration of the CloudWatch cross-account observability feature.
* api-change:``organizations``: This release introduces delegated administrator for AWS
Organizations, a new feature to help you delegate the management of your Organizations policies,
enabling you to govern your AWS organization in a decentralized way. You can now allow member
accounts to manage Organizations policies.
* api-change:``rds``: This release enables new Aurora and RDS feature called Blue/Green Deployments
that makes updates to databases safer, simpler and faster.
* api-change:``textract``: This release adds support for classifying and splitting lending
documents by type, and extracting information by using the Analyze Lending APIs. This release also
includes support for summarized information of the processed lending document package, in addition
to per document results.
* api-change:``transcribe``: This release adds support for 'inputType' for post-call and real-time
(streaming) Call Analytics within Amazon Transcribe.
- from version 1.29.16
* api-change:``grafana``: This release includes support for configuring a Grafana workspace to
connect to a datasource within a VPC as well as new APIs for configuring Grafana settings.
* api-change:``rbin``: This release adds support for Rule Lock for Recycle Bin, which allows you to
lock retention rules so that they can no longer be modified or deleted.
- from version 1.29.15
* bugfix:Endpoints: Resolve endpoint with default partition when no region is set
* bugfix:s3: fixes missing x-amz-content-sha256 header for s3 object lambda
* api-change:``appflow``: Adding support for Amazon AppFlow to transfer the data to Amazon Redshift
databases through Amazon Redshift Data API service. This feature will support the Redshift
destination connector on both public and private accessible Amazon Redshift Clusters and Amazon
Redshift Serverless.
* api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.15 in Kinesis Data Analytics.
- from version 1.29.14
* api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Hyderabad) Region
(ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
region.
- from version 1.29.13
* api-change:``appflow``: AppFlow provides a new API called UpdateConnectorRegistration to update a
custom connector that customers have previously registered. With this API, customers no longer need
to unregister and then register a connector to make an update.
* api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Evidence
finder. You can now use evidence finder to quickly query your evidence, and add the matching
evidence results to an assessment report.
* api-change:``chime-sdk-voice``: Amazon Chime Voice Connector, Voice Connector Group and PSTN
Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
* api-change:``cloudfront``: CloudFront API support for staging distributions and associated
traffic management policies.
* api-change:``connect``: Added AllowedAccessControlTags and TagRestrictedResource for Tag Based
Access Control on Amazon Connect Webpage
* api-change:``dynamodb``: Updated minor fixes for DynamoDB documentation.
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``ec2``: This release adds support for copying an Amazon Machine Image's tags when
copying an AMI.
* api-change:``glue``: AWSGlue Crawler - Adding support for Table and Column level Comments with
database level datatypes for JDBC based crawler.
* api-change:``iot-roborunner``: AWS IoT RoboRunner is a new service that makes it easy to build
applications that help multi-vendor robots work together seamlessly. See the IoT RoboRunner
developer guide for more details on getting started.
https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
* api-change:``quicksight``: This release adds the following: 1) Asset management for centralized
assets governance 2) QuickSight Q now supports public embedding 3) New Termination protection flag
to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role 5) QuickSight
supports connectivity to Databricks
* api-change:``sagemaker``: Added DisableProfiler flag as a new field in ProfilerConfig
* api-change:``servicecatalog``: This release 1. adds support for Principal Name Sharing with
Service Catalog portfolio sharing. 2. Introduces repo sourced products which are created and
managed with existing SC APIs. These products are synced to external repos and auto create new
product versions based on changes in the repo.
* api-change:``ssm-sap``: AWS Systems Manager for SAP provides simplified operations and management
of SAP applications such as SAP HANA. With this release, SAP customers and partners can automate
and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``transfer``: Adds a NONE encryption algorithm type to AS2 connectors, providing
support for skipping encryption of the AS2 message body when a HTTPS URL is also specified.
- from version 1.29.12
* api-change:``amplify``: Adds a new value (WEB_COMPUTE) to the Platform enum that allows customers
to create Amplify Apps with Server-Side Rendering support.
* api-change:``appflow``: AppFlow simplifies the preparation and cataloging of SaaS data into the
AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics and ML
services. AppFlow now also supports data field partitioning and file size optimization to improve
query performance and reduce cost.
* api-change:``appsync``: This release introduces the APPSYNC_JS runtime, and adds support for
JavaScript in AppSync functions and AppSync pipeline resolvers.
* api-change:``dms``: Adds support for Internet Protocol Version 6 (IPv6) on DMS Replication
Instances
* api-change:``ec2``: This release adds a new optional parameter "privateIpAddress" for the
CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4 address
instead of having it be auto-assigned.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``emr-serverless``: Adds support for AWS Graviton2 based applications. You can now
select CPU architecture when creating new applications or updating existing ones.
* api-change:``ivschat``: Adds LoggingConfiguration APIs for IVS Chat - a feature that allows
customers to store and record sent messages in a chat room to S3 buckets, CloudWatch logs, or
Kinesis firehose.
* api-change:``lambda``: Add Node 18 (nodejs18.x) support to AWS Lambda.
* api-change:``personalize``: This release provides support for creation and use of metric
attributions in AWS Personalize
* api-change:``polly``: Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
* api-change:``rum``: CloudWatch RUM now supports custom events. To use custom events, create an
app monitor or update an app monitor with CustomEvent Status as ENABLED.
* api-change:``s3control``: Added 34 new S3 Storage Lens metrics to support additional customer use
cases.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager.
* api-change:``securityhub``: Added SourceLayerArn and SourceLayerHash field for security findings.
Updated AwsLambdaFunction Resource detail
* api-change:``servicecatalog-appregistry``: This release adds support for tagged resource
associations, which allows you to associate a group of resources with a defined resource tag key
and value to the application.
* api-change:``sts``: Documentation updates for AWS Security Token Service.
* api-change:``textract``: This release adds support for specifying and extracting information from
documents using the Signatures feature within Analyze Document API
* api-change:``workspaces``: The release introduces CreateStandbyWorkspaces, an API that allows you
to create standby WorkSpaces associated with a primary WorkSpace in another Region.
DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
CreateWorkspaceBundle now return more bundle details.
- from version 1.29.11
* api-change:``batch``: Documentation updates related to Batch on EKS
* api-change:``billingconductor``: This release adds a new feature BillingEntity pricing rule.
* api-change:``cloudformation``: Added UnsupportedTarget HandlerErrorCode for use with CFN Resource
Hooks
* api-change:``comprehendmedical``: This release supports new set of entities and traits. It also
adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
* api-change:``connect``: This release adds a new MonitorContact API for initiating monitoring of
ongoing Voice and Chat contacts.
* api-change:``eks``: Adds support for customer-provided placement groups for Kubernetes control
plane instances when creating local EKS clusters on Outposts
* api-change:``elasticache``: for Redis now supports AWS Identity and Access Management
authentication access to Redis clusters starting with redis-engine version 7.0
* api-change:``iottwinmaker``: This release adds the following: 1) ExecuteQuery API allows users to
query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to configure and
manage their pricing mode 3) Support for property groups and tabular property values in existing
AWS IoT TwinMaker APIs.
* api-change:``personalize-events``: This release provides support for creation and use of metric
attributions in AWS Personalize
* api-change:``proton``: Add support for sorting and filtering in ListServiceInstances
* api-change:``rds``: This release adds support for container databases (CDBs) to Amazon RDS Custom
for Oracle. A CDB contains one PDB at creation. You can add more PDBs using Oracle SQL. You can
also customize your database installation by setting the Oracle base, Oracle home, and the OS user
name and group.
* api-change:``ssm-incidents``: Add support for PagerDuty integrations on ResponsePlan,
IncidentRecord, and RelatedItem APIs
* api-change:``ssm``: This release adds support for cross account access in CreateOpsItem,
UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for SSM resources:
PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
* api-change:``transfer``: Allow additional operations to throw ThrottlingException
* api-change:``xray``: This release adds new APIs - PutResourcePolicy, DeleteResourcePolicy,
ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.29.10
* bugfix:s3: fixes missing x-amz-content-sha256 header for s3 on outpost
* enhancement:sso: Add support for loading sso-session profiles from the aws config
* api-change:``connect``: This release updates the APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
specified Amazon Connect instance.
* api-change:``greengrassv2``: Adds new parent target ARN paramater to CreateDeployment,
GetDeployment, and ListDeployments APIs for the new subdeployments feature.
* api-change:``route53``: Amazon Route 53 now supports the Europe (Spain) Region (eu-south-2) for
latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
* api-change:``workspaces``: This release introduces ModifyCertificateBasedAuthProperties, a new
API that allows control of certificate-based auth properties associated with a WorkSpaces
directory. The DescribeWorkspaceDirectories API will now additionally return certificate-based auth
properties in its responses.
- from version 1.29.9
* api-change:``customer-profiles``: This release enhances the SearchProfiles API by providing
functionality to search for profiles using multiple keys and logical operators.
* api-change:``lakeformation``: This release adds a new parameter "Parameters" in the
DataLakeSettings.
* api-change:``managedblockchain``: Updating the API docs data type: NetworkEthereumAttributes, and
the operations DeleteNode, and CreateNode to also include the supported Goerli network.
* api-change:``proton``: Add support for CodeBuild Provisioning
* api-change:``rds``: This release adds support for restoring an RDS Multi-AZ DB cluster snapshot
to a Single-AZ deployment or a Multi-AZ DB instance deployment.
* api-change:``workdocs``: Added 2 new document related operations, DeleteDocumentVersion and
RestoreDocumentVersions.
* api-change:``xray``: This release enhances GetServiceGraph API to support new type of edge to
represent links between SQS and Lambda in event-driven applications.
- Update to 1.29.8
* api-change:``glue``: Added links related to enabling job bookmarks.
* api-change:``iot``: This release add new api listRelatedResourcesForAuditFinding and new member
type IssuerCertificates for Iot device device defender Audit.
* api-change:``license-manager``: AWS License Manager now supports onboarded Management Accounts or
Delegated Admins to view granted licenses aggregated from all accounts in the organization.
* api-change:``marketplace-catalog``: Added three new APIs to support tagging and tag-based
authorization: TagResource, UntagResource, and ListTagsForResource. Added optional parameters to
the StartChangeSet API to support tagging a resource while making a request to create it.
* api-change:``rekognition``: Adding support for ImageProperties feature to detect dominant colors
and image brightness, sharpness, and contrast, inclusion and exclusion filters for labels and label
categories, new fields to the API response, "aliases" and "categories"
* api-change:``securityhub``: Documentation updates for Security Hub
* api-change:``ssm-incidents``: RelatedItems now have an ID field which can be used for referencing
them else where. Introducing event references in TimelineEvent API and increasing maximum length of
"eventData" to 12K characters.
- from version 1.29.7
* api-change:``autoscaling``: This release adds a new price capacity optimized allocation strategy
for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling,
EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability
and Spot Instance price.
* api-change:``ec2``: This release adds a new price capacity optimized allocation strategy for Spot
Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2
Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and
Spot Instance price.
* api-change:``ecs``: This release adds support for task scale-in protection with
updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
service managed task from being terminated by scale-in events and getTaskProtection API to get the
scale-in protection status of a task.
* api-change:``es``: Amazon OpenSearch Service now offers managed VPC endpoints to connect to your
Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature allows
you to privately access OpenSearch Service domain without using public IPs or requiring traffic to
traverse the Internet.
* api-change:``resource-explorer-2``: Text only updates to some Resource Explorer descriptions.
* api-change:``scheduler``: AWS introduces the new Amazon EventBridge Scheduler. EventBridge
Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one
central, managed service.
- from version 1.29.6
* api-change:``connect``: This release adds new fields SignInUrl, UserArn, and UserId to
GetFederationToken response payload.
* api-change:``connectcases``: This release adds the ability to disable templates through the
UpdateTemplate API. Disabling templates prevents customers from creating cases using the template.
For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are purpose built
for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge High Memory
instances are purpose-built to run large in-memory databases.
* api-change:``groundstation``: This release adds the preview of customer-provided ephemeris
support for AWS Ground Station, allowing space vehicle owners to provide their own position and
trajectory information for a satellite.
* api-change:``mediapackage-vod``: This release adds "IncludeIframeOnlyStream" for Dash endpoints.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.5
* api-change:``acm``: Support added for requesting elliptic curve certificate key algorithm types
P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
* api-change:``billingconductor``: This release adds the Recurring Custom Line Item feature along
with a new API ListCustomLineItemVersions.
* api-change:``ec2``: This release enables sharing of EC2 Placement Groups across accounts and
within AWS Organizations using Resource Access Manager
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
* api-change:``fms``: AWS Firewall Manager now supports importing existing AWS Network Firewall
firewalls into Firewall Manager policies.
* api-change:``lightsail``: This release adds support for Amazon Lightsail to automate the
delegation of domains registered through Amazon Route 53 to Lightsail DNS management and to
automate record creation for DNS validation of Lightsail SSL/TLS certificates.
* api-change:``opensearch``: Amazon OpenSearch Service now offers managed VPC endpoints to connect
to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature
allows you to privately access OpenSearch Service domain without using public IPs or requiring
traffic to traverse the Internet.
* api-change:``polly``: Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO), Laura (nl-NL) and
Suvi (fi-FI). They are available as neural voices only.
* api-change:``resource-explorer-2``: This is the initial SDK release for AWS Resource Explorer.
AWS Resource Explorer lets your users search for and discover your AWS resources across the AWS
Regions in your account.
* api-change:``route53``: Amazon Route 53 now supports the Europe (Zurich) Region (eu-central-2)
for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- from version 1.29.4
* api-change:``athena``: Adds support for using Query Result Reuse
* api-change:``autoscaling``: This release adds support for two new attributes for attribute-based
instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``cloudtrail``: This release includes support for configuring a delegated
administrator to manage an AWS Organizations organization CloudTrail trails and event data stores,
and AWS Key Management Service encryption of CloudTrail Lake event data stores.
* api-change:``ec2``: This release adds support for two new attributes for attribute-based instance
type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
* api-change:``elasticache``: Added support for IPv6 and dual stack for Memcached and Redis
clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual stack
networking support.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for setting the
SDR reference white point for HDR conversions and conversion of HDR10 to DolbyVision without
mastering metadata.
* api-change:``ssm``: This release includes support for applying a CloudWatch alarm to multi
account multi region Systems Manager Automation
* api-change:``wafv2``: The geo match statement now adds labels for country and region. You can
match requests at the region level by combining a geo match statement with label match statements.
* api-change:``wellarchitected``: This release adds support for integrations with AWS Trusted
Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up your
workload reviews.
* api-change:``workspaces``: This release adds protocols attribute to workspaces properties data
type. This enables customers to migrate workspaces from PC over IP (PCoIP) to WorkSpaces Streaming
Protocol (WSP) using create and modify workspaces public APIs.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.3
* api-change:``ec2``: This release adds API support for the recipient of an AMI account share to
remove shared AMI launch permissions.
* api-change:``emr-containers``: Adding support for Job templates. Job templates allow you to
create and store templates to configure Spark applications parameters. This helps you ensure
consistent settings across applications by reusing and enforcing configuration overrides in data
pipelines.
* api-change:``logs``: Doc-only update for bug fixes and support of export to buckets encrypted
with SSE-KMS
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- Add psuffix on the name to have the multibuild flavor packages identify themselves by a different name
- Update to 1.29.2
* api-change:``memorydb``: Adding support for r6gd instances for MemoryDB Redis with data tiering.
In a cluster with data tiering enabled, when available memory capacity is exhausted, the least
recently used data is automatically tiered to solid state drives for cost-effective capacity
scaling with minimal performance impact.
* api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.trn1 instance
types.
* api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.1
* api-change:``iotsitewise``: This release adds the ListAssetModelProperties and
ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
using these two new APIs.
* api-change:``s3control``: S3 on Outposts launches support for Lifecycle configuration for
Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they are stored cost
effectively. You can manage objects using size-based rules and specify how many noncurrent versions
bucket will retain.
* api-change:``sagemaker``: This release updates Framework model regex for ModelPackage to support
new Framework version xgboost, sklearn.
* api-change:``ssm-incidents``: Adds support for tagging replication-set on creation.
- from version 1.29.0
* feature:Endpoints: Migrate all services to use new AWS Endpoint Resolution framework
* Enhancement:Endpoints: Discontinued use of `sslCommonName` hosts as detailed in 1.27.0 (see
`#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
* api-change:``rds``: Relational Database Service - This release adds support for configuring
Storage Throughput on RDS database instances.
* api-change:``textract``: Add ocr results in AnalyzeIDResponse as blocks
- from version 1.28.5
* api-change:``apprunner``: This release adds support for private App Runner services. Services may
now be configured to be made private and only accessible from a VPC. The changes include a new
VpcIngressConnection resource and several new and modified APIs.
* api-change:``connect``: Amazon connect now support a new API DismissUserContact to dismiss or
remove terminated contacts in Agent CCP
* api-change:``ec2``: Elastic IP transfer is a new Amazon VPC feature that allows you to transfer
your Elastic IP addresses from one AWS Account to another.
* api-change:``iot``: This release adds the Amazon Location action to IoT Rules Engine.
* api-change:``logs``: SDK release to support tagging for destinations and log groups with
TagResource. Also supports tag on create with PutDestination.
* api-change:``sesv2``: This release includes support for interacting with the Virtual
Deliverability Manager, allowing you to opt in/out of the feature and to retrieve recommendations
and metric data.
* api-change:``textract``: This release introduces additional support for 30+ normalized fields
such as vendor address and currency. It also includes OCR output in the response and accuracy
improvements for the already supported fields in previous version
- from version 1.28.4
* api-change:``apprunner``: AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
* api-change:``appstream``: This release includes CertificateBasedAuthProperties in
CreateDirectoryConfig and UpdateDirectoryConfig.
* api-change:``cloud9``: Update to the documentation section of the Cloud9 API Reference guide.
* api-change:``cloudformation``: This release adds more fields to improves visibility of AWS
CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance,
ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
* api-change:``gamesparks``: Add LATEST as a possible GameSDK Version on snapshot
* api-change:``mediatailor``: This release introduces support for SCTE-35 segmentation descriptor
messages which can be sent within time signal messages.
- from version 1.28.3
* api-change:``ec2``: Feature supports the replacement of instance root volume using an updated AMI
without requiring customers to stop their instance.
* api-change:``fms``: Add support NetworkFirewall Managed Rule Group Override flag in
GetViolationDetails API
* api-change:``glue``: Added support for custom datatypes when using custom csv classifier.
* api-change:``redshift``: This release clarifies use for the ElasticIp parameter of the
CreateCluster and RestoreFromClusterSnapshot APIs.
* api-change:``sagemaker``: This change allows customers to provide a custom entrypoint script for
the docker container to be run while executing training jobs, and provide custom arguments to the
entrypoint script.
* api-change:``wafv2``: This release adds the following: Challenge rule action, to silently verify
client browsers; rule group rule action override to any valid rule action, not just Count; token
sharing between protected applications for challenge/CAPTCHA token; targeted rules option for Bot
Control managed rule group.
- from version 1.28.2
* api-change:``iam``: Doc only update that corrects instances of CLI not using an entity.
* api-change:``kafka``: This release adds support for Tiered Storage. UpdateStorage allows you to
control the Storage Mode for supported storage tiers.
* api-change:``neptune``: Added a new cluster-level attribute to set the capacity range for Neptune
Serverless instances.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying Grid
Search strategy for tuning jobs, which evaluates all hyperparameter combinations exhaustively based
on the categorical hyperparameters provided.
- from version 1.28.1
* api-change:``accessanalyzer``: This release adds support for six new resource types in IAM Access
Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated
service API, documentation, and paginators.
* api-change:``location``: Added new map styles with satellite imagery for map resources using HERE
as a data provider.
* api-change:``mediatailor``: This release is a documentation update
* api-change:``rds``: Relational Database Service - This release adds support for exporting DB
cluster data to Amazon S3.
* api-change:``workspaces``: This release adds new enums for supporting Workspaces Core features,
including creating Manual running mode workspaces, importing regular Workspaces Core images and
importing g4dn Workspaces Core images.
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 1.28.0
* feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and
settings for services
* api-change:``acm-pca``: AWS Private Certificate Authority (AWS Private CA) now offers usage modes
which are combination of features to address specific use cases.
* api-change:``batch``: This release adds support for AWS Batch on Amazon EKS.
* api-change:``datasync``: Added support for self-signed certificates when using object storage
locations; added BytesCompressed to the TaskExecution response.
* api-change:``sagemaker``: SageMaker Inference Recommender now supports a new API
ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
inference recommendation job.
- from version 1.27.96
* api-change:``cognito-idp``: This release adds a new "DeletionProtection" field to the UserPool in
Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting
this field to ACTIVE will prevent a user pool from accidental deletion.
* api-change:``sagemaker``: CreateInferenceRecommenderjob API now supports passing endpoint details
directly, that will help customers to identify the max invocation and max latency they can achieve
for their model and the associated endpoint along with getting recommendations on other instances.
- from version 1.27.95
* api-change:``devops-guru``: This release adds information about the resources DevOps Guru is
analyzing.
* api-change:``globalaccelerator``: Global Accelerator now supports AddEndpoints and
RemoveEndpoints operations for standard endpoint groups.
* api-change:``resiliencehub``: In this release, we are introducing support for regional
optimization for AWS Resilience Hub applications. It also includes a few documentation updates to
improve clarity.
* api-change:``rum``: CloudWatch RUM now supports Extended CloudWatch Metrics with Additional
Dimensions
- from version 1.27.94
* api-change:``chime-sdk-messaging``: Documentation updates for Chime Messaging SDK
* api-change:``cloudtrail``: This release includes support for exporting CloudTrail Lake query
results to an Amazon S3 bucket.
* api-change:``config``: This release adds resourceType enums for AppConfig, AppSync, DataSync,
EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
* api-change:``connect``: This release adds API support for managing phone numbers that can be used
across multiple AWS regions through telephony traffic distribution.
* api-change:``events``: Update events client to latest version
* api-change:``managedblockchain``: Adding new Accessor APIs for Amazon Managed Blockchain
* api-change:``s3``: Updates internal logic for constructing API endpoints. We have added
rule-based endpoints and internal model parameters.
* api-change:``s3control``: Updates internal logic for constructing API endpoints. We have added
rule-based endpoints and internal model parameters.
* api-change:``support-app``: This release adds the RegisterSlackWorkspaceForOrganization API. You
can use the API to register a Slack workspace for an AWS account that is part of an organization.
* api-change:``workspaces-web``: WorkSpaces Web now supports user access logging for recording
session start, stop, and URL navigation.
- from version 1.27.93
* api-change:``frauddetector``: Documentation Updates for Amazon Fraud Detector
* api-change:``sagemaker``: This change allows customers to enable data capturing while running a
batch transform job, and configure monitoring schedule to monitoring the captured data.
* api-change:``servicediscovery``: Updated the ListNamespaces API to support the NAME and HTTP_NAME
filters, and the BEGINS_WITH filter condition.
* api-change:``sesv2``: This release allows subscribers to enable Dedicated IPs (managed) to send
email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in
the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the
response of ListImportJobs API.
- from version 1.27.92
* api-change:``greengrass``: This change allows customers to specify FunctionRuntimeOverride in
FunctionDefinitionVersion. This configuration can be used if the runtime on the device is different
from the AWS Lambda runtime specified for that function.
* api-change:``sagemaker``: This release adds support for C7g, C6g, C6gd, C6gn, M6g, M6gd, R6g, and
R6gn Graviton instance types in Amazon SageMaker Inference.
- Remove version constraint for python-pytest in BuildRequires
- Update to 1.27.91
* api-change:``mediaconvert``: MediaConvert now supports specifying the minimum percentage of the
HRD buffer available at the end of each encoded video segment.
- from version 1.27.90
* api-change:``amplifyuibuilder``: We are releasing the ability for fields to be configured as
arrays.
* api-change:``appflow``: With this update, you can choose which Salesforce API is used by Amazon
AppFlow to transfer data to or from your Salesforce account. You can choose the Salesforce REST API
or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API automatically.
* api-change:``connect``: This release adds support for a secondary email and a mobile number for
Amazon Connect instance users.
* api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
set up.
* api-change:``ecs``: Documentation update to address tickets.
* api-change:``guardduty``: Add UnprocessedDataSources to CreateDetectorResponse which specifies
the data sources that couldn't be enabled during the CreateDetector request. In addition, update
documentations.
* api-change:``iam``: Documentation updates for the AWS Identity and Access Management API
Reference.
* api-change:``iotfleetwise``: Documentation update for AWS IoT FleetWise
* api-change:``medialive``: AWS Elemental MediaLive now supports forwarding SCTE-35 messages
through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages from an
inactive source.
* api-change:``mediapackage-vod``: This release adds SPEKE v2 support for MediaPackage VOD. Speke
v2 is an upgrade to the existing SPEKE API to support multiple encryption keys, based on an
encryption contract selected by the customer.
* api-change:``panorama``: Pause and resume camera stream processing with
SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
application state information in DescribeApplicationInstance response.
* api-change:``rds-data``: Doc update to reflect no support for schema parameter on
BatchExecuteStatement API
* api-change:``ssm-incidents``: Update RelatedItem enum to support Tasks
* api-change:``ssm``: Support of AmazonLinux2022 by Patch Manager
* api-change:``transfer``: This release adds an option for customers to configure workflows that
are triggered when files are only partially received from a client due to premature session
disconnect.
* api-change:``translate``: This release enables customers to specify multiple target languages in
asynchronous batch translation requests.
* api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
list for classifying and grouping recommendations.
- from version 1.27.89
* api-change:``codeguru-reviewer``: Documentation update to replace broken link.
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``greengrassv2``: This release adds error status details for deployments and
components that failed on a device and adds features to improve visibility into component
installation.
* api-change:``quicksight``: Amazon QuickSight now supports SecretsManager Secret ARN in place of
CredentialPair for DataSource creation and update. This release also has some minor documentation
updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.27.88
* api-change:``resiliencehub``: Documentation change for AWS Resilience Hub. Doc-only update to fix
Documentation layout
- from version 1.27.87
* api-change:``glue``: This SDK release adds support to sync glue jobs with source control
provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
* api-change:``network-firewall``: StreamExceptionPolicy configures how AWS Network Firewall
processes traffic when a network connection breaks midstream
* api-change:``outposts``: This release adds the Asset state information to the ListAssets
response. The ListAssets request supports filtering on Asset state.
- from version 1.27.86
* api-change:``connect``: Updated the CreateIntegrationAssociation API to support the CASES_DOMAIN
IntegrationType.
* api-change:``connectcases``: This release adds APIs for Amazon Connect Cases. Cases allows your
agents to quickly track and manage customer issues that require multiple interactions, follow-up
tasks, and teams in your contact center. For more information, see
https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
* api-change:``ec2``: Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute,
DescribeVpcAttribute APIs.
* api-change:``ecs``: Documentation updates to address various Amazon ECS tickets.
* api-change:``s3control``: S3 Object Lambda adds support to allow customers to intercept
HeadObject and ListObjects requests and introduce their own compute. These requests were previously
proxied to S3.
* api-change:``workmail``: This release adds support for impersonation roles in Amazon WorkMail.
- drop remove-six.patch, rejected by upstream and breaks
all dependent projects of botocore
- Add remove-six.patch, which eliminates need for the six dependency.
- Update to 1.27.85
* api-change:``accessanalyzer``: AWS IAM Access Analyzer policy validation introduces new checks
for role trust policies. As customers author a policy, IAM Access Analyzer policy validation
evaluates the policy for any issues to make it easier for customers to author secure policies.
* api-change:``ec2``: Adding an imdsSupport attribute to EC2 AMIs
* api-change:``snowball``: Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute
Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.27.84
* api-change:``codedeploy``: This release allows you to override the alarm configurations when
creating a deployment.
* api-change:``devops-guru``: This release adds filter feature on AddNotificationChannel API,
enable customer to configure the SNS notification messages by Severity or MessageTypes
* api-change:``dlm``: This release adds support for archival of single-volume snapshots created by
Amazon Data Lifecycle Manager policies
* api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
* api-change:``sagemaker``: A new parameter called ExplainerConfig is added to CreateEndpointConfig
API to enable SageMaker Clarify online explainability feature.
* api-change:``sso-oidc``: Documentation updates for the IAM Identity Center OIDC CLI Reference.
- from version 1.27.83
* api-change:``acm``: This update returns additional certificate details such as certificate SANs
and allows sorting in the ListCertificates API.
* api-change:``ec2``: u-3tb1 instances are powered by Intel Xeon Platinum 8176M (Skylake)
processors and are purpose-built to run large in-memory databases.
* api-change:``emr-serverless``: This release adds API support to debug Amazon EMR Serverless jobs
in real-time with live application UIs
* api-change:``fsx``: This release adds support for Amazon File Cache.
* api-change:``migrationhuborchestrator``: Introducing AWS MigrationHubOrchestrator. This is the
first public release of AWS MigrationHubOrchestrator.
* api-change:``polly``: Added support for the new Cantonese voice - Hiujin. Hiujin is available as
a Neural voice only.
* api-change:``proton``: This release adds an option to delete pipeline provisioning repositories
using the UpdateAccountSettings API
* api-change:``sagemaker``: SageMaker Training Managed Warm Pools let you retain provisioned
infrastructure to reduce latency for repetitive training workloads.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``translate``: This release enables customers to access control rights on Translate
resources like Parallel Data and Custom Terminology using Tag Based Authorization.
* api-change:``workspaces``: This release includes diagnostic log uploading feature. If it is
enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces automatically
for troubleshooting. You can use modifyClientProperty api to enable/disable this feature.
- from version 1.27.82
* api-change:``ce``: This release is to support retroactive Cost Categories. The new field will
enable you to retroactively apply new and existing cost category rules to previous months.
* api-change:``kendra``: My AWS Service (placeholder) - Amazon Kendra now provides a data source
connector for DropBox. For more information, see
https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
* api-change:``location``: This release adds place IDs, which are unique identifiers of places,
along with a new GetPlace operation, which can be used with place IDs to find a place again later.
UnitNumber and UnitType are also added as new properties of places.
- from version 1.27.81
* api-change:``cur``: This release adds two new support regions(me-central-1/eu-south-2) for OSG.
* api-change:``iotfleetwise``: General availability (GA) for AWS IoT Fleetwise. It adds AWS IoT
Fleetwise to AWS SDK. For more information, see
https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
* api-change:``ssm``: This release includes support for applying a CloudWatch alarm to Systems
Manager capabilities like Automation, Run Command, State Manager, and Maintenance Windows.
- from version 1.27.80
* api-change:``apprunner``: AWS App Runner adds a Node.js 16 runtime.
* api-change:``ec2``: Letting external AWS customers provide ImageId as a Launch Template override
in FleetLaunchTemplateOverridesRequest
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lightsail``: This release adds Instance Metadata Service (IMDS) support for
Lightsail instances.
* api-change:``nimble``: Amazon Nimble Studio adds support for on-demand Amazon Elastic Compute
Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU instance types for
their creative projects.
* api-change:``ssm``: This release adds new SSM document types ConformancePackTemplate and
CloudFormation
* api-change:``wafv2``: Add the default specification for ResourceType in ListResourcesForWebACL.
- from version 1.27.79
* api-change:``backup-gateway``: Changes include: new GetVirtualMachineApi to fetch a single user's
VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and improving
GetGatewayApi to now also return the gateway's MaintenanceStartTime.
* api-change:``devicefarm``: This release adds the support for VPC-ENI based connectivity for
private devices on AWS Device Farm.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``glue``: Added support for S3 Event Notifications for Catalog Target Crawlers.
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
- from version 1.27.78
* api-change:``comprehend``: Amazon Comprehend now supports synchronous mode for targeted sentiment
API operations.
* api-change:``s3control``: S3 on Outposts launches support for object versioning for Outposts
buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of every object
stored in your buckets. You can recover from both unintended user actions and application failures.
* api-change:``sagemaker``: SageMaker now allows customization on Canvas Application settings,
including enabling/disabling time-series forecasting and specifying an Amazon Forecast execution
role at both the Domain and UserProfile levels.
- from version 1.27.77
* api-change:``ec2``: This release adds support for blocked paths to Amazon VPC Reachability
Analyzer.
- Update to 1.27.76
* api-change:``cloudtrail``: This release includes support for importing existing trails into
CloudTrail Lake.
* api-change:``ec2``: This release adds CapacityAllocations field to DescribeCapacityReservations
* api-change:``mediaconnect``: This change allows the customer to use the SRT Caller protocol as
part of their flows
* api-change:``rds``: This release adds support for Amazon RDS Proxy with SQL Server compatibility.
- from version 1.27.75
* api-change:``codestar-notifications``: This release adds tag based access control for the
UntagResource API.
* api-change:``ecs``: This release supports new task definition sizes.
- from version 1.27.74
* api-change:``dynamodb``: Increased DynamoDB transaction limit from 25 to 100.
* api-change:``ec2``: This feature allows customers to create tags for vpc-endpoint-connections and
vpc-endpoint-service-permissions.
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop
underperforming hyperparameter configurations early.
- from version 1.27.73
* api-change:``amplifyuibuilder``: Amplify Studio UIBuilder is introducing forms functionality.
Forms can be configured from Data Store models, JSON, or from scratch. These forms can then be
generated in your project and used like any other React components.
* api-change:``ec2``: This update introduces API operations to manage and create local gateway
route tables, CoIP pools, and VIF group associations.
- Update to 1.27.72
* api-change:``customer-profiles``: Added isUnstructured in response for Customer Profiles
Integration APIs
* api-change:``drs``: Fixed the data type of lagDuration that is returned in Describe Source Server
API
* api-change:``ec2``: Two new features for local gateway route tables: support for static routes
targeting Elastic Network Interfaces and direct VPC routing.
* api-change:``evidently``: This release adds support for the client-side evaluation - powered by
AWS AppConfig feature.
* api-change:``kendra``: This release enables our customer to choose the option of Sharepoint 2019
for the on-premise Sharepoint connector.
* api-change:``transfer``: This release introduces the ability to have multiple server host keys
for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.27.71
* api-change:``eks``: Adding support for local Amazon EKS clusters on Outposts
- from version 1.27.70
* api-change:``cloudtrail``: This release adds CloudTrail getChannel and listChannels APIs to allow
customer to view the ServiceLinkedChannel configurations.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``pi``: Increases the maximum values of two RDS Performance Insights APIs. The maximum
value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is now 25 for the
following APIs: DescribeDimensionKeys, GetResourceMetrics, ListAvailableResourceDimensions, and
ListAvailableResourceMetrics.
* api-change:``redshift``: This release updates documentation for AQUA features and other
description updates.
- from version 1.27.69
* api-change:``ec2``: This release adds support to send VPC Flow Logs to kinesis-data-firehose as
new destination type
* api-change:``emr-containers``: EMR on EKS now allows running Spark SQL using the newly introduced
Spark SQL Job Driver in the Start Job Run API
* api-change:``lookoutmetrics``: Release dimension value filtering feature to allow customers to
define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
* api-change:``medialive``: This change exposes API settings which allow Dolby Atmos and Dolby
Vision to be used when running a channel using Elemental Media Live
* api-change:``route53``: Amazon Route 53 now supports the Middle East (UAE) Region (me-central-1)
for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
* api-change:``sagemaker``: This release adds Mode to AutoMLJobConfig.
* api-change:``ssm``: This release adds support for Systems Manager State Manager Association
tagging.
- from version 1.27.68
* api-change:``dataexchange``: Documentation updates for AWS Data Exchange.
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``eks``: Adds support for EKS Addons ResolveConflicts "preserve" flag. Also adds new
update failed status for EKS Addons.
* api-change:``fsx``: Documentation update for Amazon FSx.
* api-change:``inspector2``: This release adds new fields like fixAvailable, fixedInVersion and
remediation to the finding model. The requirement to have vulnerablePackages in the finding model
has also been removed. The documentation has been updated to reflect these changes.
* api-change:``iotsitewise``: Allow specifying units in Asset Properties
* api-change:``sagemaker``: SageMaker Hosting now allows customization on ML instance storage
volume size, model data download timeout and inference container startup ping health check timeout
for each ProductionVariant in CreateEndpointConfig API.
* api-change:``sns``: Amazon SNS introduces the Data Protection Policy APIs, which enable customers
to attach a data protection policy to an SNS topic. This allows topic owners to enable the new
message data protection feature to audit and block sensitive data that is exchanged through their
topics.
- from version 1.27.67
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
* api-change:``sagemaker``: This release adds HyperParameterTuningJob type in Search API.
- from version 1.27.66
* api-change:``cognito-idp``: This release adds a new "AuthSessionValidity" field to the
UserPoolClient in Cognito. Application admins can configure this value for their users'
authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
field will also apply to the SMS MFA authentication flow.
* api-change:``connect``: This release adds search APIs for Routing Profiles and Queues, which can
be used to search for those resources within a Connect Instance.
* api-change:``mediapackage``: Added support for AES_CTR encryption to CMAF origin endpoints
* api-change:``sagemaker``: This release enables administrators to attribute user activity and API
calls from Studio notebooks, Data Wrangler and Canvas to specific users even when users share the
same execution IAM role. ExecutionRoleIdentityConfig at Sagemaker domain level enables this
feature.
- from version 1.27.65
* api-change:``codeguru-reviewer``: Documentation updates to fix formatting issues in CLI and SDK
documentation.
* api-change:``controltower``: This release contains the first SDK for AWS Control Tower. It
introduces a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
ListEnabledControls.
* api-change:``route53``: Documentation updates for Amazon Route 53.
- Update to 1.27.64
* api-change:``cloudfront``: Update API documentation for CloudFront origin access control (OAC)
* api-change:``identitystore``: Expand IdentityStore API to support Create, Read, Update, Delete
and Get operations for User, Group and GroupMembership resources.
* api-change:``iotthingsgraph``: This release deprecates all APIs of the ThingsGraph service
* api-change:``ivs``: IVS Merge Fragmented Streams. This release adds support for
recordingReconnectWindow field in IVS recordingConfigurations. For more information see
https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
* api-change:``rds-data``: Documentation updates for RDS Data API
* api-change:``sagemaker``: SageMaker Inference Recommender now accepts Inference Recommender
fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes, SupportedInstanceTypes,
directly in our CreateInferenceRecommendationsJob API through ContainerConfig
- from version 1.27.63
* enhancement:Endpoints: Deprecate SSL common name
* api-change:``greengrassv2``: Adds topologyFilter to ListInstalledComponentsRequest which allows
filtration of components by ROOT or ALL (including root and dependency components). Adds
lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a component
changed state on a device.
* api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
* api-change:``lookoutequipment``: This release adds new apis for providing labels.
* api-change:``macie2``: This release of the Amazon Macie API adds support for using allow lists to
define specific text and text patterns to ignore when inspecting data sources for sensitive data.
* api-change:``sso-admin``: Documentation updates for the AWS IAM Identity Center CLI Reference.
* api-change:``sso``: Documentation updates for the AWS IAM Identity Center Portal CLI Reference.
- from version 1.27.62
* api-change:``fsx``: Documentation updates for Amazon FSx for NetApp ONTAP.
* api-change:``voice-id``: Amazon Connect Voice ID now detects voice spoofing. When a prospective
fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID will
return a risk score and outcome to indicate the how likely it is that the voice is spoofed.
- from version 1.27.61
* api-change:``mediapackage``: This release adds Ads AdTriggers and AdsOnDeliveryRestrictions to
describe calls for CMAF endpoints on MediaPackage.
* api-change:``rds``: Removes support for RDS Custom from DBInstanceClass in ModifyDBInstance
- Update to 1.27.60
* enhancement:Identity: TokenProvider added for bearer auth support
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``gamelift``: This release adds support for eight EC2 local zones as fleet locations;
Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los Angeles, and
Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
* api-change:``iotwireless``: This release includes a new feature for the customers to enable the
LoRa gateways to send out beacons for Class B devices and an option to select one or more gateways
for Class C devices when sending the LoRaWAN downlink messages.
* api-change:``ivschat``: Documentation change for IVS Chat API Reference. Doc-only update to add a
paragraph on ARNs to the Welcome section.
* api-change:``panorama``: Support sorting and filtering in ListDevices API, and add more fields to
device listings and single device detail
* api-change:``sso-oidc``: Updated required request parameters on IAM Identity Center's OIDC
CreateToken action.
- from version 1.27.59
* api-change:``cloudfront``: Adds support for CloudFront origin access control (OAC), making it
possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and
more.
* api-change:``config``: AWS Config now supports ConformancePackTemplate documents in SSM Docs for
the deployment and update of conformance packs.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``ivs``: Documentation Change for IVS API Reference - Doc-only update to type field
description for CreateChannel and UpdateChannel actions and for Channel data type. Also added
Amazon Resource Names (ARNs) paragraph to Welcome section.
* api-change:``quicksight``: Added a new optional property DashboardVisual under
ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
QuickSight dashboards.
* api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.27.58
* api-change:``rds``: RDS for Oracle supports Oracle Data Guard switchover and read replica backups.
* api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
- from version 1.27.57
* api-change:``docdb``: Update document for volume clone
* api-change:``ec2``: R6a instances are powered by 3rd generation AMD EPYC (Milan) processors
delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are powered by 3rd
generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz.
* api-change:``forecast``: releasing What-If Analysis APIs and update ARN regex pattern to be more
strict in accordance with security recommendation
* api-change:``forecastquery``: releasing What-If Analysis APIs
* api-change:``iotsitewise``: Enable non-unique asset names under different hierarchies
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added FixAvailable,
FixedInVersion and Remediation to Vulnerability.
* api-change:``support-app``: This is the initial SDK release for the AWS Support App in Slack.
- from version 1.27.56
* api-change:``connect``: This release adds SearchSecurityProfiles API which can be used to search
for Security Profile resources within a Connect Instance.
* api-change:``ivschat``: Documentation Change for IVS Chat API Reference - Doc-only update to
change text/description for tags field.
* api-change:``kendra``: This release adds support for a new authentication type - Personal Access
Token (PAT) for confluence server.
* api-change:``lookoutmetrics``: This release is to make GetDataQualityMetrics API publicly
available.
- Update to 1.27.55
* api-change:``chime-sdk-media-pipelines``: The Amazon Chime SDK now supports live streaming of
real-time video from the Amazon Chime SDK sessions to streaming platforms such as Amazon IVS and
Amazon Elemental MediaLive. We have also added support for concatenation to create a single media
capture file.
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``cognito-idp``: This change is being made simply to fix the public documentation
based on the models. We have included the PasswordChange and ResendCode events, along with the
Pass, Fail and InProgress status. We have removed the Success and Failure status which are never
returned by our APIs.
* api-change:``dynamodb``: This release adds support for importing data from S3 into a new DynamoDB
table
* api-change:``ec2``: This release adds support for VPN log options , a new feature allowing S2S
VPN connections to send IKE activity logs to CloudWatch Logs
* api-change:``networkmanager``: Add TransitGatewayPeeringAttachmentId property to
TransitGatewayPeering Model
- from version 1.27.54
* api-change:``appmesh``: AWS App Mesh release to support Multiple Listener and Access Log Format
feature
* api-change:``connectcampaigns``: Updated exceptions for Amazon Connect Outbound Campaign api's.
* api-change:``kendra``: This release adds Zendesk connector (which allows you to specify Zendesk
SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server (which allows you
to specify the proxy configuration if proxy is required to connect to your Sharepoint/Confluence
Server as data source).
* api-change:``lakeformation``: This release adds a new API support "AssumeDecoratedRoleWithSAML"
and also release updates the corresponding documentation.
* api-change:``lambda``: Added support for customization of Consumer Group ID for MSK and Kafka
Event Source Mappings.
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``rds``: Adds support for Internet Protocol Version 6 (IPv6) for RDS Aurora database
clusters.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager.
- from version 1.27.53
* api-change:``rekognition``: This release adds APIs which support copying an Amazon Rekognition
Custom Labels model and managing project policies across AWS account.
* api-change:``servicecatalog``: Documentation updates for Service Catalog
- from version 1.27.52
* enhancement:AWSCRT: Upgrade awscrt version to 0.14.0
* api-change:``cloudfront``: Adds Http 3 support to distributions
* api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
(successor to AWS Single Sign-On)
* api-change:``wisdom``: This release introduces a new API PutFeedback that allows submitting
feedback to Wisdom on content relevance.
- from version 1.27.51
* api-change:``amp``: This release adds log APIs that allow customers to manage logging for their
Amazon Managed Service for Prometheus workspaces.
* api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports channels with up to one
million participants with elastic channels.
* api-change:``ivs``: Updates various list api MaxResults ranges
* api-change:``personalize-runtime``: This release provides support for promotions in AWS
Personalize runtime.
* api-change:``rds``: Adds support for RDS Custom to DBInstanceClass in ModifyDBInstance
- from version 1.27.50
* api-change:``backupstorage``: This is the first public release of AWS Backup Storage. We are
exposing some previously-internal APIs for use by external services. These APIs are not meant to be
used directly by customers.
* api-change:``glue``: Add support for Python 3.9 AWS Glue Python Shell jobs
* api-change:``privatenetworks``: This is the initial SDK release for AWS Private 5G. AWS Private
5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile
network at your on-premises location.
- from version 1.27.49
* api-change:``dlm``: This release adds support for excluding specific data (non-boot) volumes from
multi-volume snapshot sets created by snapshot lifecycle policies
* api-change:``ec2``: This release adds support for excluding specific data (non-root) volumes from
multi-volume snapshot sets created from instances.
- from version 1.27.48
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``location``: Amazon Location Service now allows circular geofences in
BatchPutGeofence, PutGeofence, and GetGeofence APIs.
* api-change:``sagemaker-a2i-runtime``: Fix bug with parsing ISO-8601 CreationTime in Java SDK in
DescribeHumanLoop
* api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
multiple alternate EC2 instance types to make tuning jobs more robust when the preferred instance
type is not available due to insufficient capacity.
- from version 1.27.47
* api-change:``glue``: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare
capacity
* api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``iotwireless``: AWS IoT Wireless release support for sidewalk data reliability.
* api-change:``pinpoint``: Adds support for Advance Quiet Time in Journeys. Adds
RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
* api-change:``quicksight``: A series of documentation updates to the QuickSight API reference.
* api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso-oidc``: Documentation updates to reflect service rename - AWS IAM Identity
Center (successor to AWS Single Sign-On)
* api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
(successor to AWS Single Sign-On)
- from version 1.27.46
* enhancement:Lambda: Add support for Trace ID in Lambda environments
* api-change:``chime-sdk-meetings``: Adds support for Tags on Amazon Chime SDK WebRTC sessions
* api-change:``config``: Add resourceType enums for Athena, GlobalAccelerator, Detective and EC2
types
* api-change:``dms``: Documentation updates for Database Migration Service (DMS).
* api-change:``iot``: The release is to support attach a provisioning template to CACert for JITP
function, Customer now doesn't have to hardcode a roleArn and templateBody during register a
CACert to enable JITP.
- Update to 1.27.45
* api-change:``cognito-idp``: Add a new exception type, ForbiddenException, that is returned when
request is not allowed
* api-change:``wafv2``: You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.
- from version 1.27.44
* api-change:``license-manager-user-subscriptions``: This release supports user based subscription
for Microsoft Visual Studio Professional and Enterprise on EC2.
* api-change:``personalize``: This release adds support for incremental bulk ingestion for the
Personalize CreateDatasetImportJob API.
- from version 1.27.43
* api-change:``config``: Documentation update for PutConfigRule and PutOrganizationConfigRule
* api-change:``workspaces``: This release introduces ModifySamlProperties, a new API that allows
control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories
API will now additionally return SAML properties in its responses.
- from version 1.27.42
* bugfix:TraceId: Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.27.41
* bugfix:Config: Obey _X_AMZN_TRACE_ID environment variable instead of _X_AMZ_TRACE_ID
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``fsx``: Documentation updates for Amazon FSx
* api-change:``shield``: AWS Shield Advanced now supports filtering for ListProtections and
ListProtectionGroups.
- from version 1.27.40
* api-change:``ec2``: Documentation updates for VM Import/Export.
* api-change:``es``: This release adds support for gp3 EBS (Elastic Block Store) storage.
* api-change:``lookoutvision``: This release introduces support for image segmentation models and
updates CPU accelerator options for models hosted on edge devices.
* api-change:``opensearch``: This release adds support for gp3 EBS (Elastic Block Store) storage.
- from version 1.27.39
* api-change:``auditmanager``: This release adds an exceeded quota exception to several APIs. We
added a ServiceQuotaExceededException for the following operations: CreateAssessment,
CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
* api-change:``chime``: Chime VoiceConnector will now support ValidateE911Address which will allow
customers to prevalidate their addresses included in their SIP invites for emergency calling
* api-change:``config``: This release adds ListConformancePackComplianceScores API to support the
new compliance score feature, which provides a percentage of the number of compliant rule-resource
combinations in a conformance pack compared to the number of total possible rule-resource
combinations in the conformance pack.
* api-change:``globalaccelerator``: Global Accelerator now supports dual-stack accelerators,
enabling support for IPv4 and IPv6 traffic.
* api-change:``marketplace-catalog``: The SDK for the StartChangeSet API will now automatically set
and use an idempotency token in the ClientRequestToken request parameter if the customer does not
provide it.
* api-change:``polly``: Amazon Polly adds new English and Hindi voice - Kajal. Kajal is available
as Neural voice only.
* api-change:``ssm``: Adding doc updates for OpsCenter support in Service Setting actions.
* api-change:``workspaces``: Added CreateWorkspaceImage API to create a new WorkSpace image from an
existing WorkSpace.
- from version 1.27.38
* api-change:``appsync``: Adds support for a new API to evaluate mapping templates with mock data,
allowing you to remotely unit test your AppSync resolvers and functions.
* api-change:``detective``: Added the ability to get data source package information for the
behavior graph. Graph administrators can now start (or stop) optional datasources on the behavior
graph.
* api-change:``guardduty``: Amazon GuardDuty introduces a new Malware Protection feature that
triggers malware scan on selected EC2 instance resources, after the service detects a potentially
malicious activity.
* api-change:``lookoutvision``: This release introduces support for the automatic scaling of
inference units used by Amazon Lookout for Vision models.
* api-change:``macie2``: This release adds support for retrieving (revealing) sample occurrences of
sensitive data that Amazon Macie detects and reports in findings.
* api-change:``rds``: Adds support for using RDS Proxies with RDS for MariaDB databases.
* api-change:``rekognition``: This release introduces support for the automatic scaling of
inference units used by Amazon Rekognition Custom Labels models.
* api-change:``securityhub``: Documentation updates for AWS Security Hub
* api-change:``transfer``: AWS Transfer Family now supports Applicability Statement 2 (AS2), a
network protocol used for the secure and reliable transfer of critical Business-to-Business (B2B)
data over the public internet using HTTP/HTTPS as the transport mechanism.
- Update to 1.27.37
* api-change:``autoscaling``: Documentation update for Amazon EC2 Auto Scaling.
- from version 1.27.36
* api-change:``account``: This release enables customers to manage the primary contact information
for their AWS accounts. For more information, see
https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
* api-change:``ec2``: Added support for EC2 M1 Mac instances. For more information, please visit
aws.amazon.com/mac.
* api-change:``iotdeviceadvisor``: Added new service feature (Early access only) - Long Duration
Test, where customers can test the IoT device to observe how it behaves when the device is in
operation for longer period.
* api-change:``medialive``: Link devices now support remote rebooting. Link devices now support
maintenance windows. Maintenance windows allow a Link device to install software updates without
stopping the MediaLive channel. The channel will experience a brief loss of input from the device
while updates are installed.
* api-change:``rds``: This release adds the "ModifyActivityStream" API with support for audit
policy state locking and unlocking.
* api-change:``transcribe``: Remove unsupported language codes for StartTranscriptionJob and update
VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.27.35
* api-change:``athena``: This feature allows customers to retrieve runtime statistics for completed
queries
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``dms``: Documentation updates for Database Migration Service (DMS).
* api-change:``docdb``: Enable copy-on-write restore type
* api-change:``ec2-instance-connect``: This release includes a new exception type
"EC2InstanceUnavailableException" for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
* api-change:``frauddetector``: The release introduces Account Takeover Insights (ATI) model. The
ATI model detects fraud relating to account takeover. This release also adds support for new
variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs.
* api-change:``iotsitewise``: Added asynchronous API to ingest bulk historical and current data
into IoT SiteWise.
* api-change:``kendra``: Amazon Kendra now provides Oauth2 support for SharePoint Online. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
* api-change:``network-firewall``: Network Firewall now supports referencing dynamic IP sets from
stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
* api-change:``rds``: Adds support for creating an RDS Proxy for an RDS for MariaDB database.
- from version 1.27.34
* api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (PCA)
documentation updates
* api-change:``iot``: GA release the ability to enable/disable IoT Fleet Indexing for Device
Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs. This
includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.27.33
* api-change:``devops-guru``: Added new APIs for log anomaly detection feature.
* api-change:``glue``: Documentation updates for AWS Glue Job Timeout and Autoscaling
* api-change:``sagemaker-edge``: Amazon SageMaker Edge Manager provides lightweight model
deployment feature to deploy machine learning models on requested devices.
* api-change:``sagemaker``: Fixed an issue with cross account QueryLineage
* api-change:``workspaces``: Increased the character limit of the login message from 850 to 2000
characters.
- from version 1.27.32
* api-change:``discovery``: Add AWS Agentless Collector details to the GetDiscoverySummary API
response
* api-change:``ec2``: Documentation updates for Amazon EC2.
* api-change:``elasticache``: Adding AutoMinorVersionUpgrade in the DescribeReplicationGroups API
* api-change:``kms``: Added support for the SM2 KeySpec in China Partition Regions
* api-change:``mediapackage``: This release adds "IncludeIframeOnlyStream" for Dash endpoints and
increases the number of supported video and audio encryption presets for Speke v2
* api-change:``sagemaker``: Amazon SageMaker Edge Manager provides lightweight model deployment
feature to deploy machine learning models on requested devices.
* api-change:``sso-admin``: AWS SSO now supports attaching customer managed policies and a
permissions boundary to your permission sets. This release adds new API operations to manage and
view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.27.31
* api-change:``datasync``: Documentation updates for AWS DataSync regarding configuring Amazon FSx
for ONTAP location security groups and SMB user permissions.
* api-change:``drs``: Changed existing APIs to allow choosing a dynamic volume type for replicating
volumes, to reduce costs for customers.
* api-change:``evidently``: This release adds support for the new segmentation feature.
* api-change:``wafv2``: This SDK release provide customers ability to add sensitivity level for WAF
SQLI Match Statements.
- Update to 1.27.30
* api-change:``athena``: This release updates data types that contain either QueryExecutionId,
NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and contain only
non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
* api-change:``codeartifact``: This release introduces Package Origin Controls, a mechanism used to
counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and
DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in
support of the feature.
* api-change:``config``: Update ResourceType enum with values for Route53Resolver, Batch, DMS,
Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
* api-change:``ec2``: This release adds flow logs for Transit Gateway to allow customers to gain
deeper visibility and insights into network traffic through their Transit Gateways.
* api-change:``fms``: Adds support for strict ordering in stateful rule groups in Network Firewall
policies.
* api-change:``glue``: This release adds an additional worker type for Glue Streaming jobs.
* api-change:``inspector2``: This release adds support for Inspector V2 scan configurations through
the get and update configuration APIs. Currently this allows configuring ECR automated re-scan
duration to lifetime or 180 days or 30 days.
* api-change:``kendra``: This release adds AccessControlConfigurations which allow you to redefine
your document level access control without the need for content re-indexing.
* api-change:``nimble``: Amazon Nimble Studio adds support for IAM-based access to AWS resources
for Nimble Studio components and custom studio components. Studio Component scripts use these roles
on Nimble Studio workstation to mount filesystems, access S3 buckets, or other configured resources
in the Studio's AWS account
* api-change:``outposts``: This release adds the ShipmentInformation and AssetInformationList
fields to the GetOrder API response.
* api-change:``sagemaker``: This release adds support for G5, P4d, and C6i instance types in Amazon
SageMaker Inference and increases the number of hyperparameters that can be searched from 20 to 30
in Amazon SageMaker Automatic Model Tuning
- from version 1.27.29
* api-change:``appconfig``: Adding Create, Get, Update, Delete, and List APIs for new two new
resources: Extensions and ExtensionAssociations.
- from version 1.27.28
* api-change:``networkmanager``: This release adds general availability API support for AWS Cloud
WAN.
- from version 1.27.27
* api-change:``ec2``: Build, manage, and monitor a unified global network that connects resources
running across your cloud and on-premises environments using the AWS Cloud WAN APIs.
* api-change:``redshift-serverless``: Removed prerelease language for GA launch.
* api-change:``redshift``: This release adds a new --snapshot-arn field for
describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.27.26
* api-change:``backup``: This release adds support for authentication using IAM user identity
instead of passed IAM role, identified by excluding the IamRoleArn field in the StartRestoreJob
API. This feature applies to only resource clients with a destructive restore nature (e.g. SAP
HANA).
- from version 1.27.25
* api-change:``chime-sdk-meetings``: Adds support for AppKeys and TenantIds in Amazon Chime SDK
WebRTC sessions
* api-change:``dms``: New api to migrate event subscriptions to event bridge rules
* api-change:``iot``: This release adds support to register a CA certificate without having to
provide a verification certificate. This also allows multiple AWS accounts to register the same CA
in the same region.
* api-change:``iotwireless``: Adds 5 APIs: PutPositionConfiguration, GetPositionConfiguration,
ListPositionConfigurations, UpdatePosition, GetPosition for the new Positioning Service feature
which enables customers to configure solvers to calculate position of LoRaWAN devices, or specify
position of LoRaWAN devices & gateways.
* api-change:``sagemaker``: Heterogeneous clusters: the ability to launch training jobs with
multiple instance types. This enables running component of the training job on the instance type
that is most suitable for it. e.g. doing data processing and augmentation on CPU instances and
neural network training on GPU instances
- from version 1.27.24
* api-change:``cloudformation``: My AWS Service (placeholder) - Add a new feature Account-level
Targeting for StackSet operation
* api-change:``synthetics``: This release introduces Group feature, which enables users to group
cross-region canaries.
- from version 1.27.23
* api-change:``config``: Updating documentation service limits
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``quicksight``: This release allows customers to programmatically create QuickSight
accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for
embedding QuickSight dashboards at runtime through the embedding APIs.
* api-change:``rds``: Adds waiters support for DBCluster.
* api-change:``rolesanywhere``: IAM Roles Anywhere allows your workloads such as servers,
containers, and applications to obtain temporary AWS credentials and use the same IAM roles and
policies that you have configured for your AWS workloads to access AWS resources.
* api-change:``ssm-incidents``: Adds support for tagging incident-record on creation by providing
incident tags in the template within a response-plan.
- from version 1.27.22
* api-change:``dms``: Added new features for AWS DMS version 3.4.7 that includes new endpoint
settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
* api-change:``rds``: Adds support for additional retention periods to Performance Insights.
- from version 1.27.21
* api-change:``athena``: This feature introduces the API support for Athena's parameterized query
and BatchGetPreparedStatement API.
* api-change:``customer-profiles``: This release adds the optional
MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
the profile auto-merging step of the Identity Resolution process.
* api-change:``emr``: Update emr client to latest version
* api-change:``glue``: This release adds tag as an input of CreateDatabase
* api-change:``kendra``: Amazon Kendra now provides a data source connector for alfresco
* api-change:``mwaa``: Documentation updates for Amazon Managed Workflows for Apache Airflow.
* api-change:``pricing``: Documentation update for GetProducts Response.
* api-change:``wellarchitected``: Added support for UpdateGlobalSettings API. Added status filter
to ListWorkloadShares and ListLensShares.
* api-change:``workmail``: This release adds support for managing user availability configurations
in Amazon WorkMail.
- Update to 1.27.20
* api-change:``appstream``: Includes support for StreamingExperienceSettings in CreateStack and
UpdateStack APIs
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``medialive``: This release adds support for automatic renewal of MediaLive
reservations at the end of each reservation term. Automatic renewal is optional. This release also
adds support for labelling accessibility-focused audio and caption tracks in HLS outputs.
* api-change:``redshift-serverless``: Add new API operations for Amazon Redshift Serverless, a new
way of using Amazon Redshift without needing to manually manage provisioned clusters. The new
operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC
endpoints, delete resource policies, and more.
* api-change:``sagemaker``: This release adds: UpdateFeatureGroup, UpdateFeatureMetadata,
DescribeFeatureMetadata APIs; FeatureMetadata type in Search API; LastModifiedTime,
LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
* api-change:``translate``: Added ListLanguages API which can be used to list the languages
supported by Translate.
- from version 1.27.19
* api-change:``datasync``: AWS DataSync now supports Amazon FSx for NetApp ONTAP locations.
* api-change:``ec2``: This release adds a new spread placement group to EC2 Placement Groups: host
level spread, which spread instances between physical hosts, available to Outpost customers only.
CreatePlacementGroup and DescribePlacementGroups APIs were updated with a new parameter:
SpreadLevel to support this feature.
* api-change:``finspace-data``: Release new API GetExternalDataViewAccessDetails
* api-change:``polly``: Add 4 new neural voices - Pedro (es-US), Liam (fr-CA), Daniel (de-DE) and
Arthur (en-GB).
- from version 1.27.18
* api-change:``iot``: This release ease the restriction for the input of tag value to align with
AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.27.17
* api-change:``glue``: This release enables the new ListCrawls API for viewing the AWS Glue Crawler
run history.
* api-change:``rds-data``: Documentation updates for RDS Data API
- from version 1.27.16
* api-change:``lookoutequipment``: This release adds visualizations to the scheduled inference
results. Users will be able to see interference results, including diagnostic results from their
running inference schedulers.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has released support for automatic
DolbyVision metadata generation when converting HDR10 to DolbyVision.
* api-change:``mgn``: New and modified APIs for the Post-Migration Framework
* api-change:``migration-hub-refactor-spaces``: This release adds the new API UpdateRoute that
allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow
users to create route in ACTIVE/INACTIVE state.
* api-change:``sagemaker``: SageMaker Ground Truth now supports Virtual Private Cloud. Customers
can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.27.15
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``pricing``: This release introduces 1 update to the GetProducts API. The serviceCode
attribute is now required when you use the GetProductsRequest.
* api-change:``transfer``: Until today, the service supported only RSA host keys and user keys. Now
with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user
keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519
host and user keys.
- from version 1.27.14
* api-change:``ec2``: This release adds support for Private IP VPNs, a new feature allowing S2S VPN
connections to use private ip addresses as the tunnel outside ip address over Direct Connect as
transport.
* api-change:``ecs``: Amazon ECS UpdateService now supports the following parameters:
PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
* api-change:``wellarchitected``: Adds support for lens tagging, Adds support for multiple
helpful-resource urls and multiple improvement-plan urls.
- from version 1.27.13
* api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
settings
* api-change:``kafka``: Documentation updates to use Az Id during cluster creation.
* api-change:``outposts``: This release adds the AssetLocation structure to the ListAssets
response. AssetLocation includes the RackElevation for an Asset.
- from version 1.27.12
* api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
specified Amazon Connect instance.
* api-change:``connectcampaigns``: Added Amazon Connect high volume outbound communications SDK.
* api-change:``dynamodb``: Doc only update for DynamoDB service
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
- from version 1.27.11
* api-change:``redshift-data``: This release adds a new --workgroup-name field to operations that
connect to an endpoint. Customers can now execute queries against their serverless workgroups.
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``securityhub``: Added Threats field for security findings. Added new resource details
for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS
AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules
- from version 1.27.10
* api-change:``finspace-data``: This release adds a new set of APIs, GetPermissionGroup,
DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser,
ListUsersByPermissionGroup.
* api-change:``guardduty``: Adds finding fields available from GuardDuty Console. Adds FreeTrial
related operations. Deprecates the use of various APIs related to Master Accounts and Replace them
with Administrator Accounts.
* api-change:``servicecatalog-appregistry``: This release adds a new API
ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
'Name' attribute.
* api-change:``workspaces``: Added new field "reason" to OperationNotSupportedException. Receiving
this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context
on the failure.
- from version 1.27.9
* api-change:``budgets``: Add a budgets ThrottlingException. Update the CostFilters value pattern.
* api-change:``lookoutmetrics``: Adding filters to Alert and adding new UpdateAlert API.
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.27.8
* api-change:``outposts``: This release adds API operations AWS uses to install Outpost servers.
- from version 1.27.7
* api-change:``frauddetector``: Documentation updates for Amazon Fraud Detector (AWSHawksNest)
- from version 1.27.6
* api-change:``chime-sdk-meetings``: Adds support for live transcription in AWS GovCloud (US)
Regions.
- from version 1.27.5
* api-change:``dms``: This release adds DMS Fleet Advisor APIs and exposes functionality for DMS
Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect
and analyze information about the local data infrastructure.
* api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
* api-change:``m2``: AWS Mainframe Modernization service is a managed mainframe service and set of
tools for planning, migrating, modernizing, and running mainframe workloads on AWS
* api-change:``neptune``: This release adds support for Neptune to be configured as a global
database, with a primary DB cluster in one region, and up to five secondary DB clusters in other
regions.
* api-change:``redshift``: Adds new API GetClusterCredentialsWithIAM to return temporary
credentials.
- from version 1.27.4
* api-change:``auditmanager``: This release introduces 2 updates to the Audit Manager API. The
roleType and roleArn attributes are now required when you use the CreateAssessment or
UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
operation.
* api-change:``ce``: Added two new APIs to support cost allocation tags operations:
ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.27.3
* api-change:``chime-sdk-messaging``: This release adds support for searching channels by members
via the SearchChannels API, removes required restrictions for Name and Mode in UpdateChannel API
and enhances CreateChannel API by exposing member and moderator list as well as channel id as
optional parameters.
* api-change:``connect``: This release adds a new API, GetCurrentUserData, which returns real-time
details about users' current activity.
- Update to 1.27.2
* api-change:``codeartifact``: Documentation updates for CodeArtifact
* api-change:``voice-id``: Added a new attribute ServerSideEncryptionUpdateDetails to Domain and
DomainSummary.
* api-change:``proton``: Add new "Components" API to enable users to Create, Delete and Update AWS
Proton components.
* api-change:``connect``: This release adds the following features: 1) New APIs to manage (create,
list, update) task template resources, 2) Updates to startTaskContact API to support task
templates, and 3) new TransferContact API to programmatically transfer in-progress tasks via a
contact flow.
* api-change:``application-insights``: Provide Account Level onboarding support through CFN/CLI
* api-change:``kendra``: Amazon Kendra now provides a data source connector for GitHub. For more
information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.27.1
* api-change:``backup-gateway``: Adds GetGateway and UpdateGatewaySoftwareNow API and adds
hypervisor name to UpdateHypervisor API
* api-change:``forecast``: Added Format field to Import and Export APIs in Amazon Forecast. Added
TimeSeriesSelector to Create Forecast API.
* api-change:``chime-sdk-meetings``: Adds support for centrally controlling each participant's
ability to send and receive audio, video and screen share within a WebRTC session. Attendee
capabilities can be specified when the attendee is created and updated during the session with the
new BatchUpdateAttendeeCapabilitiesExcept API.
* api-change:``route53``: Add new APIs to support Route 53 IP Based Routing
- from version 1.27.0
* api-change:``iotsitewise``: This release adds the following new optional field to the IoT
SiteWise asset resource: assetDescription.
* api-change:``lookoutmetrics``: Adding backtest mode to detectors using the Cloudwatch data source.
* api-change:``transcribe``: Amazon Transcribe now supports automatic language identification for
multi-lingual audio in batch mode.
* feature:Python: Dropped support for Python 3.6
* api-change:``cognito-idp``: Amazon Cognito now supports IP Address propagation for all
unauthenticated APIs (e.g. SignUp, ForgotPassword).
* api-change:``drs``: Changed existing APIs and added new APIs to accommodate using multiple AWS
accounts with AWS Elastic Disaster Recovery.
* api-change:``sagemaker``: Amazon SageMaker Notebook Instances now support Jupyter Lab 3.
- from version 1.26.10
* api-change:``sagemaker``: Amazon SageMaker Notebook Instances now allows configuration of
Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.
* api-change:``appflow``: Adding the following features/changes: Parquet output that preserves
typing from the source connector, Failed executions threshold before deactivation for scheduled
flows, increasing max size of access and refresh token from 2048 to 4096
* api-change:``datasync``: AWS DataSync now supports TLS encryption in transit, file system
policies and access points for EFS locations.
* api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
runtime environment that simplifies running analytics applications using the latest open source
frameworks such as Apache Spark and Apache Hive.
- from version 1.26.9
* api-change:``lightsail``: Amazon Lightsail now supports the ability to configure a Lightsail
Container Service to pull images from Amazon ECR private repositories in your account.
* api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
runtime environment that simplifies running analytics applications using the latest open source
frameworks such as Apache Spark and Apache Hive.
* api-change:``ec2``: C7g instances, powered by the latest generation AWS Graviton3 processors,
provide the best price performance in Amazon EC2 for compute-intensive workloads.
* api-change:``forecast``: Introduced a new field in Auto Predictor as Time Alignment Boundary. It
helps in aligning the timestamps generated during Forecast exports
- from version 1.26.8
* api-change:``secretsmanager``: Documentation updates for Secrets Manager
* api-change:``fsx``: This release adds root squash support to FSx for Lustre to restrict root
level access from clients by mapping root users to a less-privileged user/group with limited
permissions.
* api-change:``lookoutmetrics``: Adding AthenaSourceConfig for MetricSet APIs to support Athena as
a data source.
* api-change:``voice-id``: VoiceID will now automatically expire Speakers if they haven't been
accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker APIs now
return a "LastAccessedAt" time for Speakers, and the EvaluateSession API returns "SPEAKER_EXPIRED"
Auth Decision for EXPIRED Speakers.
* api-change:``cloudformation``: Add a new parameter statusReason to DescribeStackSetOperation
output for additional details
* api-change:``apigateway``: Documentation updates for Amazon API Gateway
* api-change:``apprunner``: Documentation-only update added for CodeConfiguration.
* api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for manually selecting features
from the input dataset using the CreateAutoMLJob API.
- from version 1.26.7
* api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
constrain Automatic-ABR rendition selection when generating ABR package ladders.
* api-change:``cognito-idp``: Amazon Cognito now supports requiring attribute verification (ex.
email and phone number) before update.
* api-change:``networkmanager``: This release adds Multi Account API support for a TGW Global
Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network Manager service
and dependency CloudFormation StackSets service.
* api-change:``ivschat``: Doc-only update. For MessageReviewHandler structure, added timeout period
in the description of the fallbackResult field
* api-change:``ec2``: Stop Protection feature enables customers to protect their instances from
accidental stop actions.
- from version 1.26.6
* api-change:``elasticache``: Added support for encryption in transit for Memcached clusters.
Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached
version 1.6.12 or later.
* api-change:``forecast``: New APIs for Monitor that help you understand how your predictors
perform over time.
* api-change:``personalize``: Adding modelMetrics as part of DescribeRecommender API response for
Personalize.
- from version 1.26.5
* api-change:``comprehend``: Comprehend releases 14 new entity types for DetectPiiEntities and
ContainsPiiEntities APIs.
* api-change:``logs``: Doc-only update to publish the new valid values for log retention
- python-configobj
-
- Add CVE-2023-26112.patch (bsc#1210070)
- python-packaging
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
+ fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
* Add a pp3-none-any tag (gh#pypa/packaging#311)
* Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
(gh#pypa/packaging#481), (gh#pypa/packaging#486)
* Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
* Update documentation entry for 21.1.
* Update pin to pyparsing to exclude 3.0.0.
* PEP 656: musllinux support
* Drop support for Python 2.7, Python 3.4 and Python 3.5.
* Replace distutils usage with sysconfig
* Add support for zip files in ``parse_sdist_filename``
* Use cached ``_hash`` attribute to short-circuit tag equality comparisons
* Specify the default value for the ``specifier`` argument to ``SpecifierSet``
* Proper keyword-only "warn" argument in packaging.tags
* Correctly remove prerelease suffixes from ~= check
* Fix type hints for ``Version.post`` and ``Version.dev``
* Use typing alias ``UnparsedVersion``
* Improve type inference for ``packaging.specifiers.filter()``
* Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
* Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
* Do not insert an underscore in wheel tags when the interpreter version number
is more than 2 digits (:issue:`372`)
* Fix flit configuration, to include LICENSE files (:issue:`357`)
* Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
* Add some missing type hints to `packaging.requirements` (issue:`350`)
* Officially support Python 3.9 (:issue:`343`)
* Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
* Handle ``OSError`` on non-dynamic executables when attempting to resolve
the glibc version string.
- update to 20.4:
* Canonicalize version before comparing specifiers. (:issue:`282`)
* Change type hint for ``canonicalize_name`` to return
``packaging.utils.NormalizedName``.
This enables the use of static typing tools (like mypy) to detect mixing of
normalized and un-normalized names.
- python-pyasn1
-
- To avoid users of this package having to recompile bytecode
files, change the mtime of any __init__.py. (bsc#1207805)
- python-requests
-
- Add CVE-2023-32681.patch to fix unintended leak of
Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
Upstream commit: gh#psf/requests@74ea7cf7a6a2
- python-s3transfer
-
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 0.6.0
* feature:Python: Dropped support for Python 3.6
- from version 0.5.2
* enhancement:``s3``: Added support for flexible checksums
when uploading or downloading objects.
- from version 0.5.1
* enhancement:Python: Officially add Python 3.10 support
- Drop unused python-mock dependency from BuildRequires
- Refresh patches for new version
+ no-bundled-packages.patch
- salt
-
- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
* 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
* tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
* fix-some-issues-detected-in-salt-support-cli-module-.patch
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Added:
* make-master_tops-compatible-with-salt-3000-and-older.patch
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Added:
* define-__virtualname__-for-transactional_update-modu.patch
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
* avoid-conflicts-with-dependencies-versions-bsc-12116.patch
- Update to Salt release version 3006.0 (jsc#PED-4360)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Added:
* 3005.1-implement-zypper-removeptf-573.patch
* control-the-collection-of-lvm-grains-via-config.patch
* fix-version-detection-and-avoid-building-and-testing.patch
* make-sure-the-file-client-is-destroyed-upon-used.patch
* skip-package-names-without-colon-bsc-1208691-578.patch
* use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
- Modified:
* activate-all-beacons-sources-config-pillar-grains.patch
* add-custom-suse-capabilities-as-grains.patch
* add-environment-variable-to-know-if-yum-is-invoked-f.patch
* add-migrated-state-and-gpg-key-management-functions-.patch
* add-publish_batch-to-clearfuncs-exposed-methods.patch
* add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
* add-sleep-on-exception-handling-on-minion-connection.patch
* add-standalone-configuration-file-for-enabling-packa.patch
* add-support-for-gpgautoimport-539.patch
* allow-vendor-change-option-with-zypper.patch
* async-batch-implementation.patch
* avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
* bsc-1176024-fix-file-directory-user-and-group-owners.patch
* change-the-delimeters-to-prevent-possible-tracebacks.patch
* debian-info_installed-compatibility-50453.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
* don-t-use-shell-sbin-nologin-in-requisites.patch
* drop-serial-from-event.unpack-in-cli.batch_async.patch
* early-feature-support-config.patch
* enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
* enhance-openscap-module-add-xccdf_eval-call-386.patch
* fix-bsc-1065792.patch
* fix-for-suse-expanded-support-detection.patch
* fix-issue-2068-test.patch
* fix-missing-minion-returns-in-batch-mode-360.patch
* fix-ownership-of-salt-thin-directory-when-using-the-.patch
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* fix-the-regression-for-yumnotify-plugin-456.patch
* fix-traceback.print_exc-calls-for-test_pip_state-432.patch
* fixes-for-python-3.10-502.patch
* include-aliases-in-the-fqdns-grains.patch
* info_installed-works-without-status-attr-now.patch
* let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
* make-aptpkg.list_repos-compatible-on-enabled-disable.patch
* make-setup.py-script-to-not-require-setuptools-9.1.patch
* pass-the-context-to-pillar-ext-modules.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
* prevent-shell-injection-via-pre_flight_script_args-4.patch
* read-repo-info-without-using-interpolation-bsc-11356.patch
* restore-default-behaviour-of-pkg-list-return.patch
* return-the-expected-powerpc-os-arch-bsc-1117995.patch
* revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
* run-salt-api-as-user-salt-bsc-1064520.patch
* run-salt-master-as-dedicated-salt-user.patch
* save-log-to-logfile-with-docker.build.patch
* switch-firewalld-state-to-use-change_interface.patch
* temporary-fix-extend-the-whitelist-of-allowed-comman.patch
* update-target-fix-for-salt-ssh-to-process-targets-li.patch
* use-adler32-algorithm-to-compute-string-checksums.patch
* use-salt-bundle-in-dockermod.patch
* x509-fixes-111.patch
* zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
* 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
* 3003.3-postgresql-json-support-in-pillar-423.patch
* add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
* add-missing-ansible-module-functions-to-whitelist-in.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
* adds-explicit-type-cast-for-port.patch
* align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
* backport-syndic-auth-fixes.patch
* batch.py-avoid-exception-when-minion-does-not-respon.patch
* check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
* clarify-pkg.installed-pkg_verify-documentation.patch
* detect-module.run-syntax.patch
* do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
* enhance-logging-when-inotify-beacon-is-missing-pyino.patch
* fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
* fix-crash-when-calling-manage.not_alive-runners.patch
* fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
* fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
* fix-for-cve-2022-22967-bsc-1200566.patch
* fix-inspector-module-export-function-bsc-1097531-481.patch
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
* fix-issues-with-salt-ssh-s-extra-filerefs.patch
* fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
* fix-multiple-security-issues-bsc-1197417.patch
* fix-salt-call-event.send-call-with-grains-and-pillar.patch
* fix-salt.states.file.managed-for-follow_symlinks-tru.patch
* fix-state.apply-in-test-mode-with-file-state-module-.patch
* fix-test_ipc-unit-tests.patch
* fix-the-regression-in-schedule-module-releasded-in-3.patch
* fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
* fixes-56144-to-enable-hotadd-profile-support.patch
* fopen-workaround-bad-buffering-for-binary-mode-563.patch
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
* ignore-extend-declarations-from-excluded-sls-files.patch
* ignore-non-utf8-characters-while-reading-files-with-.patch
* implementation-of-held-unheld-functions-for-state-pk.patch
* implementation-of-suse_ip-execution-module-bsc-10999.patch
* improvements-on-ansiblegate-module-354.patch
* include-stdout-in-error-message-for-zypperpkg-559.patch
* make-pass-renderer-configurable-other-fixes-532.patch
* make-sure-saltcacheloader-use-correct-fileclient-519.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
* normalize-package-names-once-with-pkg.installed-remo.patch
* notify-beacon-for-debian-ubuntu-systems-347.patch
* refactor-and-improvements-for-transactional-updates-.patch
* retry-if-rpm-lock-is-temporarily-unavailable-547.patch
* set-default-target-for-pip-from-venv_pip_target-envi.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
* state.orchestrate_single-does-not-pass-pillar-none-4.patch
* support-transactional-systems-microos.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
- release-notes-sles
-
- 15.4.20230522 (tracked in bsc#933411)
- Updated certifications info (jsc#DOCTEAM-996)
- 15.4.20230511 (tracked in bsc#933411)
- Added note about secure boot shim update (bsc#1211271)
- 15.4.20230510 (tracked in bsc#933411)
- Added note about systemd-journal-remote removal (jsc#1210589)
- Added note about Podman 4.3.1 (jsc#PED-1805)
- Added note about Python changes (jsc#PED-3799)
- rsyslog
-
-patches replaced by upgrade (see details in upgrade logs below)
0001-fixing-the-deleteStateOnFileDelete-option.patch
0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
CVE-2022-24903.patch
- Upgrade to rsyslog 8.2306.0 (jsc#PED-4883)
* 2023-06-09: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped
* 2023-06-08: Add new global config option "libcapng.default"
* 2023-06-08: imjournal: Add FileCreateMode module parameter
* 2023-04-17: core bugfix: potential segfault on busy systems
* 2023-05-11: GNUTls Driver: Fix memory leaks in gtlsInitCred
* 2023-05-24: CI: update base ubuntu image for github actions
* 2023-05-16: OMHIREDIS::ADDED:: New support for 'stream' mode
* 2023-05-17: OMHIREDIS::ADDED:: new tests for existing functionalities
* 2023-04-25: OMHIREDIS::FIXED:: Correctly suspend module in case of failure
* 2023-05-17: OMHIREDIS::FIXED:: Synchronously try to authenticate
* 2023-04-25: IMHIREDIS::ADDED:: New support for 'stream' mode
* 2023-04-25: REDIS::ADDED:: Implement tests for imhiredis module
* 2023-04-12: IMHIREDIS::CLEAN:: various improvements and fixes
[#]## CHANGED
- [IMHIREDIS] factorize code for different modes
- [IMHIREDIS] Clean and improve logging lines
- [IMHIREDIS] Poll extinction state less frequently for main thread (less aggresive)
- [IMHIREDIS] Set 'key' action parameter to REQUIRED
- [IMHIREDIS] Use known message length instead of calculating it when
enqueuing message
[#]## ADDED
- [IMHIREDIS] Missing redis replies' types in enumeration
[#]## FIXED
- [IMHIREDIS] Correctly initialize instance object, especially for redisNodesList
- [IMHIREDIS] Correctly print input mode's value in logs when set incorrectly
* 2023-05-17: tests: mmexternal-SegFault-empty-jroot-vg.sh: fix typo
* 2023-03-21: modify testbench test to detect wrong imptcp truncation
* 2023-03-21: imptcp bugfix: spam log on oversize message
* 2023-03-23: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown
* 2023-03-13: Remove halted LGTM badges on README
* 2023-02-16: Do not preserve capabilities when changing credentials
* 2023-01-23: CI/QA: do compile test both with NDEBUG set/unset
* 2023-01-23: Fixed wrong type conversion in cstrLen() for debug mode as well
* 2023-01-18: core/template: implement negative position.to
* 2023-01-18: CI: fix github CodeQL settings
* 2023-01-17: Remove CAP_DAC_OVERRIDE if privileges dropped
* 2023-01-17: Adjust the capability set
* 2023-01-13: substring function: enhancement and hardening
* 2023-01-11: omfile: add action parameters "rotation.*"
* 2023-01-11: CI: use newer version of zookeeper
* 2023-01-09: ffaup fix : memory corruption with concurrent workers
* 2023-01-02: openssl: fix undefined reference to CRYPTO_set_id_callback
* 2022-12-30: testbench: add test for invalid json template generation
* 2022-12-30: core bugfix: template system may generate invalid json
* 2022-12-28: Fixed wrong type conversion in cstrLen()
* 2022-12-08: Add CodeQL workflow for GitHub code scanning
- Upgrade to rsyslog 8.2212.0
* 2022-12-05: testbench: make python http server based tests more reliable
* 2022-12-05: omprog bugfix: invalid status handling at called program startup
* 2022-11-29: testbench bugfix: wrong message injection object of instance 1
* 2022-11-21: rsyslog.conf man page bugfix: description of selectors
* 2022-11-18: imtcp bugfix: legacy config directives did no longer work
- replaces 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
* 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
* 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
* 2022-11-02: imjournal: add second fallback to _COMM
* 2022-10-25: core bugfix: local hostname invalid if no global() config object given
* 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
- Upgrade to rsyslog 8.2208.0
* 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed.
* 2022-08-09: imjournal bugfix: segmentation fault in close journal
* 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint"
* 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated
* 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays.
* 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened.
* 2022-08-04: openssl: add support to split tls commands by semicolon
* 2022-08-04: openssl subsystem bugfix: build issue on Solaris
* 2022-08-04: openssl: add more details to error messages
* 2022-08-04: omclickhouse: capture additional exceptions
* 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection.
* 2022-07-21: imptcp: slight tuning
* 2022-07-20: template procesing/json: performance optimization
* 2022-07-19: core bugfix: memory leak when free action worker data table
* 2022-07-13: omfile: support for zstd compression
* 2022-07-07: stream cleanup: move error message to debug log, only
* 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors
* 2022-06-28: build error fix: libbson requires out-of-date language constructs
* 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x
- Upgrade to rsyslog 8.2206.0
* 2022-05-25: omelastisearch: allow omitting _type field
* 2022-05-18: tcpsrv/imtcp: slight performance improvements
* 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic
* 2022-05-11: omelasticsearch: several support option for ElasticSearch 8
- config params searchIndex and documentType can be empty
- support for Data Stream API
- new config param esVersion.major
* 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions
* 2022-05-05: net bugfix: potential buffer overrun
- replaces CVE-2022-24903.patch
Advisory:
https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
* 2022-05-05: imptcp: set OS worker thread name
* 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized
* 2022-04-22: mmdblookup fix: wrong copy of buffer
* 2022-04-22: mmdblookup: several enhancements
- support arrays in MMDB entry
- support escaped quotes '"' in MMDB entry
- support '<' characters in MMDB entry, when in a field
- support '}' characters in MMDB entry, when in a field
- Upgrade to rsyslog 8.2204.0
* 2022-04-18: gnutls bugfix: possibility of infinite loop
* 2022-04-17: core/bugfix: errorfile could grow over max configures size
* 2022-04-17: omkafka bugfix: potential misadressing
* 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields)
* 2022-04-04: imfile: potential processing delay
* 2022-04-04: bugfix: cosmetic data races
* 2022-04-01: add property options to support ISO week/year number
* 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off
* 2022-03-31: testbench: add more tests for rscript comparison operations
* 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker
* 2022-03-20: refactor: Move the parser directive to the main config
* 2022-03-16: refactor: ake the main message queue part of the config
* regression bugfix: rsyslog may segfault during startup
* regression fix: script string comparison did not work correctly
- Upgrade to rsyslog 8.2202.0
* 2022-02-11: Make action counter part of the config
* 2022-02-09: imfile: Remove inotify watch descriptor on inode change detected
- replaces 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
* 2022-02-03: omelasticsearch: Fix indexSuccess impstats counter in bulkmode
* 2022-01-28: rscript: literal numbers were not compared correctly
* 2022-01-17: ompgsql: PGsslInUse not supported on old distros
* 2021-12-31: ompgsql: allow connection params via connection string
* 2022-01-17: CI: remove fedora 33 based testing
* 2022-01-14: Terminate all tcpsrv threads properly
* 2022-01-04: Move timezone specific variables to rsconf
* 2022-01-13: Fixes #4395 by correctly checking for EPIPE.
* 2022-01-12: Move rsyslog global parameters to rsconf_t struct
* 2022-01-12: cleanup: remove unused variable
* 2022-01-07: CI: cleanup journal test environment
* 2022-01-06: CI: remove unnecessary dependency
* 2022-01-05: Update omlibdbi.c
* 2022-01-05: omhttp: Fix memory leak in lokirest batchmode
* 2021-12-15: Clarify meaning of loadConf and RunConf
- Upgrade to rsyslog 8.2112.0
* 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor
* 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime
* 2021-11-22: new contribtion: URL parser module function using libfa
* 2021-11-18: mmanon: relax IPv6 detection - improve anonymization
* 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named
* 2021-11-10: omsnmp: update module to current IP best practices
* 2021-10-27: ommysql: fix threading bug
* 2021-10-25: testbench: false positive when impstats was not built
* 2021-10-25: imtcp: add support for permittedPeers setting at input() level
* 2021-10-25: testbench: add test for legacy permittedPeer statement
- replaces 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
- Upgrade to rsyslog 8.2110.0:
* 2021-10-13: PrivDropToUser: fix abortOnIDResolutionFail handling #2
* 2021-10-12: PrivDropToUser: fix abortOnIDResolutionFail handling
* 2021-09-17: rscript fix: ruleset called async when ruleset had queue.type="direct"
* 2021-10-07: tcpsrv: fix compilation without exceptions
* 2021-09-29: build issue: handle undefined MAXPATHLEN, PATH_MAX
* 2021-10-06: Fix typo in error message.
* 2021-09-21: mmkubernetes bugfix: no connection retry to kubernetes APP
* 2021-09-13: use correct api for es 6 and later
* 2021-09-20: openssl: Correct gnutlsPriorityString (custom ciphers) behaviour
* 2021-09-20: ksi bugfix: locking bug fixed in rsksiCtxOpenFile
* 2021-09-13: Fix ElasticSearch Test broken by ES incompatibility
* 2020-11-21: imhttp updates - query parameter ingestion & basic auth support
* 2021-09-08: openssl: extended output information on connection failure
* 2021-09-02: queue: Add NULL check in qDeqLinkedList
- replaces 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
* 2021-09-06: core bugfix: use of property $wday terminates string
* 2021-09-02: gnutls: Propagate PrioritizeSAN when accepting a new connection
* 2021-08-24: ratelimit: fix rate limiting for already parsed messages
* 2021-08-23: config: implement script-equavalent for $PrivDrop* statements
- Upgrade to rsyslog 8.2108.0:
* 2021-08-16: openssl tls: Improved error message output on tls failures.
* 2021-07-01: imfile add `ignoreolderthanoption`
* 2021-08-10: imklog: fix invalid memory adressing, could cause abort
* 2021-08-09: omelasticsearch: fix incorrect mutex error handling regression
* 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0
* 2021-08-08: imudp: add socket type (IPv4 vs. 6) to input name
* 2021-07-13: fixing the deleteStateOnFileDelete option
- replaces 0001-fixing-the-deleteStateOnFileDelete-option.patch
* 2021-07-07: CI: add test for imtcp not correctly starting up and a Solaris fix
* 2021-08-05: omfwd: add capability for action-specific TLS certificate settings
* 2021-07-01: imtcp: permit to use different certificate files per input/action
* 2021-08-04: debug support: add indication of "being HUPed" to debug log
* 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set
* 2021-07-22: Close file descriptor when freshStartTail is turned on
* 2021-07-22: [omelasticsearch] Improve errorFile mutex handling
* 2021-07-08: openssl network driver bugfix: small memory leak
* 2021-07-07: tcpsrv bugfix: abort if no listener could be started
* 2021-07-01: tcp subsystem: fix cosmetic memory leak on shutdown
* 2021-07-01: fix typo in error message
* 2021-06-30: OMMONGODB :: Fixes
* 2021-06-29: mmkubernetes fix for apiserver error handling
* 2021-06-21: omkafka updates
* 2021-06-22: percentile module to track percentile metrics via impstats
* 2021-06-17: CI: disable Travis CI for the time being
* 2021-04-15: omhttp: Fix dynrestpath param in batch mode
* 2021-06-14: add predefined template RSYSLOG_SyslogRFC5424Format
* 2021-06-10: bugfix: _sender_stats reports integer counter as string
- fix removal of imfile state files (bsc#1213212)
* add 0001-fixing-the-deleteStateOnFileDelete-option.patch
- runc
-
- Update to runc v1.1.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
- Update to runc v1.1.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
- samba
-
- secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).
- CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).
- scap-security-guide
-
- updated to 0.1.69 (jsc#ECO-3319)
- Introduce a JSON build manifest (#10761)
- Introduce a script to compare ComplianceAsCode versions (#10768)
- Introduce CCN profiles for RHEL9 (#10860)
- Map rules to components (#10609)
- products/anolis23: supports Anolis OS 23 (#10548)
- Render components to HTML (#10709)
- Store rendered control files (#10656)
- Test and use rules to components mapping (#10693)
- Use distributed product properties (#10554)
- 0001-Revert-fix-aide-remediations-add-crontabs.patch: removed, upstream
- 0001-Revert-fix-aide-remediations-add-crontabs.patch:
revert patch that breaks the SLE hardening (bsc#1213691)
- updated to 0.1.68 (jsc#ECO-3319)
- Bump OL8 STIG version to V1R6
- Introduce a Product class, make the project work with it
- Introduce Fedora and Firefox CaC profiles for common workstation users
- OL7 DISA STIG v2r11 update
- Publish rendered policy artifacts
- Update ANSSI BP-028 to version 2.0
- updated to 0.1.67 (jsc#ECO-3319)
- Add utils/controlrefcheck.py
- RHEL 9 STIG Update Q1 2023
- Include warning for NetworkManager keyfiles in RHEL9
- OL7 stig v2r10 update
- Bump version of OL8 STIG to V1R5
- various enhancements to SLE profiles
- scap-security-guide-UnicodeEncodeError-character-fix.patch: fixed upstream
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.8 (bsc#1213951)
+ Capture CSP billing adapter config and log (issue#13)
+ Accept upper case Amazon string in DMI table (issue#12)
- Update to version 1.0.7 (bsc#1209026)
+ Include information about the cached registration data
+ Collect the data that is sent to the update infrastructure during
registration
- supportutils
-
- Changes to supportconfig version 3.1.11-46.3
+ Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
+ Added check to _sanitize_file
+ Using variable for replement text in _sanitize_file
- systemd-rpm-macros
-
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
a chroot (bsc#1211272)
- util-linux-systemd
-
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
Add patch to util-linux-systemd and python3-libmount, as it was
previously only included in util-linux.
- Add upstream patch fix-lib-internal-cache-size.patch
bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- vim
-
- Updated to version 9.0 with patch level 1572, fixes the following security problems
* Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
* Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
* Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572
- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
* Add: reorder-exit-raw-mode.patch
* Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
* Revert the creation standalone xxd packages
- Updated to version 9.0 with patch level 1443, fixes the following security problems
* Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
* Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
* Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- wicked
-
- ifconfig: fix arp notify loop (boo#1212806) and burst sending
[+ 0001-fix_arp_notify_loop_and_burst_sending.patch]
- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (boo#1206674)
- update to version 0.6.72
- client: add `wicked firmware extensions|interfaces|enable|disable`
command to improve `ibft`,`nbft`,`redfish` firmware extension and
interface handling.
- client: improve error handling in netif firmware discovery
extension execution and extension definition overrides in
the wicked-config.
- nanny: fix use-after-free in debug mode (bsc#1206447)
- spec: replace transitional `%usrmerged` macro with regular
version check (boo#1206798)
- client: improve to show `no-carrier` in ifstatus output
- linux: cleanup inclusions and update uapi header to 6.0
- ethtool: link mode nwords cleanup and new advertise mode names
- update to version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
- spec: Add /etc/sysconfig/network to file list, no longer in the
default list of a cleaned up filesystem package on tumbleweed
(https://github.com/openSUSE/wicked/pull/939).
- xen
-
- Update to Xen 4.16.5 bug fix release (bsc#1027519)
xen-4.16.5-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
Sampling (XSA-435)
- Dropped patches contained in new tarball
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
64bea1b2-x86-AMD-Zenbleed.patch
- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
A bit is an index in bitmap, while bits is the allocated size
of the bitmap.
- Add more debug to libxc-sr-track-migration-time.patch
This is supposed to help with doing the math in case xl restore
fails with ERANGE as reported in bug#1209311
- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
(XSA-433)
64bea1b2-x86-AMD-Zenbleed.patch
- Upstream bug fixes (bsc#1027519)
645dec48-AMD-IOMMU-assert-boolean-enum.patch
646b782b-PCI-pci_get_pdev-respect-segment.patch
647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
648863fc-AMD-IOMMU-Invalidate-All-check.patch
- bsc#1209237 - xen-syms doesn't contain debug-info
643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
- Update to Xen 4.16.4 bug fix release (bsc#1027519)
xen-4.16.4-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
63a03e28-x86-high-freq-TSC-overflow.patch
63c05478-VMX-calculate-model-specific-LBRs-once.patch
63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
libxl.fix-guest-kexec-skip-cpuid-policy.patch
- Upstream bug fixes (bsc#1027519)
63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
641041e8-VT-d-constrain-IGD-check.patch
6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
64199e0c-x86-shadow-account-for-log-dirty-mode.patch
64199e0d-x86-HVM-bound-number-of-pca-regions.patch
64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
xsa427.patch
xsa428-1.patch
xsa428-2.patch
xsa429.patch
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
libxl.fix-guest-kexec-skip-cpuid-policy.patch
- yast2-installation
-
- Don't always enable sshd and open the ssh port (bsc#1211764)
- 4.4.59
- yast2-network
-
- Fix typo when writing the wireless channel (bsc#1212976)
- 4.4.59
- bsc#1211431
- Do not crash installation when storing vlan configuration into
NetworkManager
- 4.4.58
- Do not write the EAP auth attribute when writing a wireless
wicked configuration using the EAP mode as TLS (bsc#1211026)
- 4.4.57
- yast2-pkg-bindings
-
- Pkg.TargetInitializeOptions() - added a new option for
rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.4.6
- yast2-storage-ng
-
- Ensure adding storage support software packages for MicroOS
which uses its custom partitions_proposal client, not the
standard inst_disk_proposal client (bsc#1212452)
https://github.com/yast/yast-storage-ng/pull/1346
- 4.4.45
- Honor encryption settings if they are set into ProductFeatures
by the Common Critera role (jsc#PED-4166, jsc#PED-4474).
- 4.4.44
- Prevent setting the volume label for a mounted btrfs or swap
(bsc#1211337)
- 4.4.43
- yast2-transfer
-
- Fixed TFTP download, truncate the target file to avoid garbage
at the end of the file when saving to an already existing file
(bsc#1208754)
- 4.4.2
- yast2-users
-
- Allow to edit the NIS master server databases instead of the
local ones, relying on the --prefix argument added to several
commands in the "shadow" package (bsc#1206627).
- 4.4.15
- Write the users when using AutoYaST on an installed system
(bsc#1211753).
- 4.4.14
- zypper
-
- targetos: Add an error note if XPath:/product/register/target
is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60