- SUSEConnect
-
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
not in the body (see bsc#1185611)
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- Recognize more formats when parsing .curlrc for proxy credentials (bsc#1155027)
- Add rpmlintrc to filter false-positive warning about patch not applied
- Update to 0.3.27
- SUSEConnect now ensures that it writes its configuration when it
encounters errors. This helps in the situation where SUSEConnect
announces itself, but fails during a later step. Without the saved
configuration, a system could have credentials, but be unsure which
registration proxy they're valid for.
- Update to 0.3.26
- Extend the YaST API in order to access to the package search
functionality (jsc#SLE-9109)
- Don't fail de-activation when '-release' package already got removed
- Update to 0.3.25
- Fix cloud_provider detection on AWS large instances (bsc#1160007)
- Update to 0.3.24
- Forbid de-registration for on-demand Public Cloud instances (bsc#1155911)
- 0.3.23
fix .spec file to correctly apply switch_server_cert_location_to_etc.patch to SLE15SP2+ (bsc#1130864)
- Update to 0.3.22
switch_server_cert_location_to_etc.patch: add patch to switch server cert path for SLE15.2+ to /etc (bsc#1130864)
- Update to 0.3.21
Fix error on first activation of packagehub extension (bsc#1124318)
- Update to 0.3.20
- Fix getting the list of installed products when zypper plugins are
present (bsc#1143635)
- Update to 0.3.19
- Fix failing on registered system without arguments (bsc#1144020)
- Update to 0.3.18
- Fix base product service removal during de-registration in public clouds (bsc#1136752)
- Update to 0.3.17
- Don't try to remove a service during migration if a zypper service
plugin already exists (bsc#1128969)
- Replace --no-ri --no-rdoc with --no-document - these options
are obsolete since at least ruby 2.1 - and finally removed in
ruby 2.6
- Only overwrite --bindir on fedora, it will overwrite --buildroot
(which needs to be combined on newer fedoras)
- Update to 0.3.16
- Show non-enabled extensions with a remark about availability
- Update to 0.3.15
- Output information about registration and de-registration progress
- Output proper message when SUSEConnect is called without parameters (bsc#959561)
- Default to https URI when no protocol prefix is provided for --url
- Support transactional-update systems (fate#326482)
- Changed "/openssl"/ recommendation to "/openssl(cli)"/
on SLE 12 SP3+ and SLE 15+ (bsc#1101470).
- Update to 0.3.14
- Fix s390 activation fails due to unavailable 'dmidecode' bsc#1112702
- Update to 0.3.13
- Fix migration targets sorting (bsc#1104183)
- Update to 0.3.12
- Detect if system is in cloud provider (AWS/Google/Azure)
(fate#320935)
- Don't fail when trying to parse an empty body. Fixes bsc#1098220
- Don't install release packages if they are already present
- Fix .spec file for running SUSEConnect on Fedora28
- Weaken dependencies of rmt-client-setup script to Recommends:
(bsc#1094348)
- Enhance error message generation
- Add not supported operation exception to PackageSearch API
- Update to 0.3.11
- Add dependencies needed by the rmt-client-setup script. bsc#1093658
- Prevent the automatic registration of recommended products that
are not mirrored by the registration proxy.
- Update to 0.3.10
- Fix rollback mechanism on SLE15 systems (bsc#1089320)
- Update to 0.3.9
- Enable access to package search via gem
- Don't try to delete directory of nonexistent service files
(bsc#1086420)
- Update to 0.3.8
- Fix list-extensions to show the full SLE 15 tree (bsc#1064264)
- Enable automatic activation of recommended extensions/modules
- Automatically deregister all installed extensions/modules when
deregistering a system
- Repackage gem
- Remove unnecessary .gz files
- Update to 0.3.7
- virt-create-rootfs connects to SMT server without breaking (bsc#914297)
- Update to 0.3.6
- Make target_base_product parameter mandatory.
- Update to 0.3.5
- Add YaST.system_offline_migrations
- Update to version 0.3.4:
- Packaging improvements (bsc#964013)
- Update to version 0.3.3:
- Fix SLE15 build
- Properly refresh zypper services when deactivating a product on SMT (bsc#1047153)
- Update to 0.3.2:
- Fix --namespace parameter persistence (bsc#1044493)
- Update to 0.3.1:
- Fix license auto-agree issue (bsc#1037783)
- Add missing archs to SLE 12 SP3 build target
- Update to 0.3.0:
- Single product deactivation feature (fate#320572)
- Update to 0.2.43:
- RPM spec fix for openSUSE:Factory rpmlint compliance (bsc#1028660)
- Update to 0.2.42:
- Better error message for network request failure (bsc#982630)
- Fix error message for --product with malformed identifier (bsc#1018190)
- Fix some errors and formatting in manpages and help output
- Update to 0.2.41:
- Better error message for --list-extensions on unregistered systems
- Update to 0.2.40:
- Update man page to include the --list-extensions option (bsc#998583)
- Update to 0.2.39:
- Fix for bnc#990475: support for aarch64 hardware info
- Update to 0.2.38:
- Fix for bnc#975484: better error message if SMT is too old
- Update to 0.2.37:
- Add method to YaST class to get Installer-Updates repositories (fate#319716).
- Update to 0.2.36:
- Fix for bnc#973851: More flexible exit codes handling in internal zypper calls
- Update to 0.2.35:
- Fix for bnc#973315: Direct update from <=0.2.27 does not remove /usr/bin symlink
- Update to 0.2.34:
- Fix for bnc#963996: Do not crash on --list-extensions when connected to SMT
- Fix for bnc#968245: Do not let zypper attempt to read products from remote locations
- Update to 0.2.33:
- Re-add SUSEConnect binary to /usr/sbin (bnc#963080)
- Use `--match-exact` when searching for a product (bnc#952804)
- Fix fonts on xterm (bnc#957354)
- Update to version 0.2.32: Remove unneeded link in %post which caused a warning (bnc#946183)
- Update to version 0.2.31 (bnc#946183)
- Drop url-implies-writeconfig.diff; it is included in upstream since commit 2ef5aa
- Correct RPM group
- Include SCCcredentials file as a ghost entry
- Further packaging improvements
- Update to version 0.2.30
- New packaging spec. One `SUSEConnect` package to rule them all (bnc#951671)
- Update manpages to match the latest CLI options
- Update to version 0.2.29
- bnc#954266 Silently ignore malformed lscpu lines instead of failing
- Update to version 0.2.28
- Properly handle empty repository lists from zypper (bnc#951566)
- Update to version 0.2.27
- Do not install recommended dependencies when installing the product release package (bnc#945462)
- Addd --rollback option (fate#319114)
- Update to version 0.2.26
- zypper migration extremly slow with lot of modules and extensions registered (bnc#945462)
- Update to version 0.2.25
- Solves Allow registration without system uid (dmidecode fails on qemu system) (bnc#934582)
- bnc#949424 ensure version of SUSEConnect is bumped in order to be
able to distinct requests from affected YaST version in SCC API
- Update to version 0.2.24
- Bug 943451 - [Migration] failure when "/zypper search"/ returns empty list
- Bug 946488 - Synchronization API call returns "/no implicit conversion of Symbol into Integer"/ error
- Bug 941565 - zypper migration not using --releasever
- Bug 945462 - zypper migration extremly slow with lot of modules and extensions registered
- Update to version 0.2.23
- Improve hwinfo detection on physical s390 systems
- Bug 939293 - [S390] Error: Registration failed. Undefined method 'strip' for nil:NilClass (bnc#939293)
- Update to version 0.2.22
- Migration rollback (fate#319114)
- [Migration rollback] zypper migrate: baseproduct mismatch (bnc#941303)
- Update to version 0.2.21
- Escape parameters of remove and add_repository methods
- Update to version 0.2.20
- Add find_products method to migration abstraction layer fate#319140
- Fix add_service method which also creates the credentials files
- Update to version 0.2.19
- Introduction of migration abstraction layer for migration script
- Clean up and re-factoring of yast abstraction layer
- Update to version 0.2.18
- Improve SUSEConnect error messages
- New --cleanup option (remove old system credentials and all zypper services installed by SUSEConnect)
- New --namespace option (forward SMT staging environment to proxy registration server)
- Update to version 0.2.17
- Added migrations endpoint support for Yast
- Use C locale for all the syscalls (solves output parsing issues in some locales)
- Stripping UUID from SCC API calls if it is not settable
- Moved examples from gist to project
- Update to version 0.2.16
- In case of wrong regcode provide meaningful message back to
the user (Wrong regcode in that case).
- Update to version 0.2.15
- Always write config file when --url parameter used (bnc#900689)
- aaa_base
-
- Add patch git-33-d12420cc66e6d26a9dff6c0e86e00de232151c82.patch
* Avoid semicolon within (t)csh login script on S/390.
(bsc#1179431)
- Add patch git-21-0064ecd132c30a939125acbc5b9a1c7bcd180fa0.patch
* add screen.xterm-256color to DIR_COLORS
- Add patch git-22-f5e90d70d119b6aa12d019947029f9337aec378d.patch
* check for Packages.db and use this instead of Packages
(boo#1171762)
- Add patch git-23-8f1fe28287466235ade9c62fa5995eba9e642660.patch
* Rename path() to _path() to avoid using a general name.
- Add patch git-24-2de52ae391e2963eb1913183a6b0530c7e781b55.patch
* DIR_COLORS add TERM rxvt-unicode-256color (bug#1006973)
- Add patch git-25-287cf7cb851c0636fa46a610015d2d22ad36acea.patch
* sort TERM entries in etc/DIR_COLORS
- Add patch git-26-0c2f2340cc6ebb51f20b36e550adc517a6b2ae42.patch
* DIR_COLORS: merge TERM entries with list from (bug#1006973)
- Add patch git-27-abf7927eebbd4d7f47a362d49ae7856520682c49.patch
* refresh_initrd call modprobe as /sbin/modprobe (bug#1011548)
- Add patch git-28-3351bcc9613ba022503103e7e4ffd01e7bd8e0fd.patch
* etc/profile add some missing ;; in case esac statements
- Add patch git-29-5220a5f6ba250503ccda326e65ca069d245a5ebe.patch
* profile and csh.login: on s390x set TERM to dumb on serial console
for sclp_line0 and ttyS0 console (bug#1153946)
- Add patch git-30-b9dd70f33a124556f16dbbafc89585a82218ad61.patch
* backup-rpmdb: exit if zypp.pid is there and running
(bug#1161239)
- Add patch git-31-52dc403d54f2c926ee5cc892d1a8a830a45d7412.patch
* also add color alias for ip command, jira#sle-9880, bsc#1153943
- Add patch git-32-0ee79834ea9ebf6573a7b903f374c21e53a56c14.patch
* alias.bash check if ip command knows color=auto (jsc#SLE-7679)
- Add patch git-19-1149066a54a372b30b7cbd79cd222e11d96dc984.patch
* Not all XTerm based emulators do have an terminfo entry (boo#1087982)
- Add patch git-20-6452441f2054b4b290c089ce6269889993b95fc1.patch
* Better support of Midnight Commander (bsc#1170527)
- Add patch git-16-ed897a1090cafb678f75dbed8802bd671d3c1921.patch
get_kernel_version: fix for current kernel on s390x (from azouhr)
(bsc#1151023) (bsc#1139939)
- Add patch git-17-fe967bddbd74af9aba435900878397c0c7ea0b0b.patch
added "/-h"//"/--help"/ to "/old"/ command (from Bernhard Lang)
- Add patch git-18-bb11f02d5dd940803c08d25b0cfd3650d9de7d41.patch
change feedback url from http://www.suse.de/feedback to
https://github.com/openSUSE/aaa_base/issues
- Add patch git-15-27e2c6180a45cca63d71ffa5de7b32dec749d2cd.patch
change rp_filter to 2 to follow the current default (bsc#1160735)
- Add patch git-14-12023f2e8aae5b2ac3a895301945566b9f5eb9c3.patch
drop dev.cdrom.autoclose = 0 from sysctl config (bsc#1160970)
- Clear broken ghost entry in patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
which breaks (lib)readline (bsc#1157278)
- Add patch git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
Use official key binding functions in inputrc
that is replace up-history with previous-history, down-history with
next-history and backward-delete-word with backward-kill-word
(bsc#1084934). Add some missed key escape sequences for urxvt-unicode
terminal as well (boo#1007715).
- Add patch git-12-80d14205f913cc67a98c562f988ea700a56c369b.patch
* service: check if there is a second argument before using it
(bsc#1051143)
- Add patch git-11-b20083a930f766939f47dddc66d089c9fee5d38a.patch
* check if variables can be set before modifying them
to avoid warnings on login with a restricted shell
(bsc#1138869)
- Add patch git-08-9875dffab3ddda0c3e8399f935f059246c961f2a.patch
* Add s390x compressed kernel support (bsc#1151023)
- Add git-09-c6cd010dd8b6efddd71c30f00a923d8f2537584c.patch
* Fix LC_NAME and LC_ADDRESS in sh.ssh
- Add patch git-10-43091e644ff54997468a215b891dcaa75173f133.patch
* fix string test to arithmetic test in /etc/profile.d/wsl.sh
- Add patch git-07-82a17f1689e8957635c8ccaae7c9b3bff7f94d49.patch
* add sysctl.d/51-network.conf to tighten network security a bit
see also (boo#1146866) (jira#SLE-9132)
- Add patch git-06-8640f848c6677f1149b9765a8c86135956604007.patch
* Make systemd detection cgroup oblivious (bsc#1140647)
systemd can work in three exclusive cgroup modes: legacy, hybrid and
unified. The mode affects where and what cgroup hierarchies are mounted.
detect running systemd as systemd itself does it
(src/libsystemd/sd-daemon/sd-daemon.c, function sd_booted)
- Add patch git-05-ae2a49183ba0ad9dff6b8c1efd4de076bd34ab0f.patch
* /etc/profile does not work in AppArmor-confined containers
(bsc#1096191)
- Add patch git-04-b66cf03e673e84902ce0330f88f84f4fbdc8c9e9.patch
* Restore old position of ssh/sudo source of profile
for bug bsc#1118364 but hopefully do not reintroduce
bug boo#1088524
- Add patch git-03-00d332a443062395957f422c89eaed9d0979ec00.patch
* update logic for JRE_HOME env variable (bsc#1128246)
- Add patch git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
Let bash.bashrc work even for (m)ksh (boo#1104531)
- Add patch git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
No error at login if java system directory is empty (bsc#1102310)
- Update to version 84.87+git20180409.04c9dae:
* In bash.bashrc move ssh/sudo source of profile to avoid removing
the `is' variable before last use (boo#1088524).
* Avoid the shell code checker stumble over `function' keys word
in ls.bash (git#54).
- Use %license (boo#1082318)
- Update to version 84.87+git20180208.8eeab90:
* Don't call fillup for removed sysconfig.news
* Adjust path for script converting sysctl config
* For ksh use builtin keyword 'function' to make sure that the
keyword 'typeset' really set the variable IFS to be local within
the function _ls.
- Update to version 84.87+git20180205.2d2832f:
* Move /lib/aaa_base/convert_sysctl to /usr/lib/base-scripts/convert_sysctl
to cleanup filesystem.
* Don't create /etc/init.d/{boot.local,after.local,halt.local} in
aaa_base.pre section.
* Remove dead code from pre/post install sections.
- Add /var/adm/backup subdirectories to aaa_base-extras, they are
only needed by this package.
- Update to version 84.87+git20180204.875cba8:
* Move sysconfig.backup into extra subpackage, where all the
scripts using it are, too.
* Create systemd timer for the cron.daily scripts for backup-rpmdb,
backup-sysconfig and check-battery. Move scripts to
/usr/lib/base-scripts.
* Remove suse.de-cron-local. If somebody really still has a
/root/cron.daily.local file, he can move it to /etc/cron.daily.
* Don't modify data in root's home directory
* Don't create userdel.local, this isn't in use since many years
- Update to version 84.87+git20180130.ae1f262:
* Really remove /usr/sbin/Check, obsolete since 8 years
* Remove ChangeSymlinks, 90% are obsolete, the rest is dangerous
* Remove 14 year old outdated documentation and dummy scripts for
Java
- Update to version 84.87+git20180130.36ea161:
* Remove obsolete/outdated manual pages (route.conf.5,init.d.7,
quick_halt.8)
- Cleanup PreReq and move some parts to Requires(post), so that
we can deinstall them if we no longer need them
- Update to version 84.87+git20171201.65000be:
* Revert changes on sysconfig language and make lang.(c)sh
to use sysconfig language as fallback or better use
locale.conf as default. See discussion in bsc#1069971
and FATE#319454 as well
- Update to version 84.87+git20171130.974ac5c:
* Better parsing of sh variable settings in lang.csh
- Update to version 84.87+git20171129.a45b936:
* Remove RC_* variables from language sysconf template
(bsc#1069971 as well as FATE#319454)
- Update to version 84.87+git20171128.945b960:
* lang.(c)sh: catch if ROOT_USES_LANG becomes not set
- Update to version 84.87+git20171128.aa232d3:
* Add wsl specific code to profile.d/wsl.csh
* move wsl specific code from profile into profile.d/wsl.sh
* Remove obsolete "/make package"/
- Update to version 84.87+git20171128.a6752e8:
* lang.(c)sh: handle locale.conf if sysconfig does not
- lang.(c)sh: handle locale.conf if sysconfig does not provide
default locale (bsc#1069971, FATE#319454)
- Update to version 84.87+git20171128.17ae554:
* Check for /proc/version before using it
* Remove legacy code for /proc/iSeries
* Move fillup-templates to /usr/share (boo#1069468)
- Fix installation of fillup-templates.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- use TW versioning, 13.2 is misleading
- Update to version 84.87+git20171120.d36b8b1:
* Fix double sourcing of /etc/bash_completion.d
* create wsl.sh in /etc/profile.d to set umask in WSL
* Add support for /usr/bin/fish (boo#1068840)
* Get mixed use case of service wrapper script straight (bsc#1040613)
- Update to version 13.2+git20170828.8f12a9e:
* profile: don't override PATH in WSL
* Remove passwd, group and shadow files. Remove %ghost entry for
/run/utmp, /var/log/wtmp and /var/log/btmp, systemd is taking
care of them
* Remove run/utmp, too.
- Update to version 13.2+git20170814.cc9e34e:
* Unset id in csh.cshrc instead of profile.csh (bsc#1049577)
* Restore the is variable within /etc/profile
- Update to version 13.2+git20170731.c10ca77:
* Fix csh.cshrc as tcsh does not handle stderr
* Do not set alias cwdcmd for experts (boo#1045889)
* unset unused variables on profile files (bsc#1049577)
* Deprecate DEFAULT_WM in sysconfig.windowmanager
- Fix csh.cshrc as tcsh does not handle stderr messages within {}
well (boo#1044876)
- Fix copy+paste error in /etc/csh.login boo#1043560
- Support changing PS1 even for mksh and user root (bsc#1036895)
- Be aware that on s390/s390x the ttyS0 is misused
- Reset extended screen TERM variables if no terminfo
- Better status line support even for tcsh
- Modernize /etc/ttytype as tset of ncurses use it
- Off application keypad (keyboard transmit) mode
- Missed a meta prefix in new inputrs.keys
- More 8bit key escape control sequences for XTerm
- Do not set INPUTRC as readline does know personal as well as system
inputrc also make /etc/inputrc do set know sequences for both vi
line editing modes as well as for emacs line editing mode.
- Do remove patch aaa_base-13.2+git20170308.c0ecf2e.dif not
only from package but also from spec file
- Update to version 13.2+git20170425.47e703a:
* Add Enlightenment to the list of windowmanagers
* Add a number of audio/video formats to be colorized
* Revert "/Avoid NAT on Bridges. Bridges are L2 devices, really."/
* aaa_base.pre: drop some system users from aaa_base and create them in the respective packages: bin,daemon,news,uucp,games,man
* Remove /var/log/faillog, there no application using this left [bsc#980484]
* Remove users and groups sys, mail, lp, wwwrun, ftp and nobody
- Make lang.csh work again (bsc#1025673)
- Update to version 13.2+git20170306.3deb627:
* aaa_base.pre: drop some system users from aaa_base and create
them in the respective packages: bin,daemon,news,uucp,games,man
- Update to version 13.2+git20160915.106a00d:
* enhance comment for NO_PROXY variable (bsc#990254)
* Fix spelling of SUSE (skipped copyright statements - they need more thoughts)
* fix regression introduced by fix for bnc#971567 (bnc#996442)
- Correct logic error in usage of variable restricted (boo#994111)
- enhance comment for NO_PROXY variable (bsc#990254)
- Update to version 13.2+git20160807.7f4c8c4:
* switch IPv6 privacy extensions (use_tempaddr) back to 1
* history see bsc#678066,bsc#752842,bsc#988023,bsc#990838
- Do not use the = sign for setenv in /etc/profile.d/lang.csh
- Follow the bash manual page that is respect --norc and --noprofile
- Update to version 13.2+git20160609.bf76b13:
* Mark scripts /etc/init.d/{boot.,after-,halt.}local as deprecated
- lang.sh, lang.csh: if GDM_LANG equals system LANG then use system defaults
- Update to version 13.2+git20160530.bd5210c:
+ Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#958295)
+ Remove spurious assignment to unknown variable term from /etc/inputrc
+ chkconfig: return 1 trying to list unknown service (bnc#971567)
+ chckconfig: add --no-systemctl option
+ fix typo in last patch (no-systemctl support for chkconfig)
+ lang.sh, lang.csh: allow GDM to override locale
+ There is no kde4 anymore
+ Removed '/usr/bin/X11' from PATH (boo #982185)
- fix typo in last patch (no-systemctl support for chkconfig)
- chckconfig: add --no-systemctl option
- chkconfig: return 1 trying to list unknown service (bnc#971567)
- Merge pull request #26 from andreas-schwab/master
- Remove spurious assignment to unknown variable term from /etc/inputrc
- Let the ~/.i18n values parsed as well if GDM_LANG is set (boo#567324)
- Update to version 13.2+git20151221.244f2a3:
+ drop old dns6 hack migration from 2002
+ remove more dropped variables
+ make chkconfig -a/-d work (bsc#926539)
+ avoid recursion if systemd call chkconfig back for sysv units
+ fix non-working line breaks
- make _service generate .changes
- Replace UNICODE double dash with simple ASCII single dash (boo#954909)
- Use the `+' for find's -exec option as this also respects white
spaces in files names but is more like xargs. Respect status
of screen sessions.
- suse.de-backup-rc.config: trigger also if only files changed
that have spaces in their name (bnc#915259)
- sysconf_addword: do not insert spaces at start of string (bnc#932456)
- Merge pull request #19 from super7ramp/cleaning-references-to-suseconfig
- drop references to sysconfig/suseconfig
- drop SCANNER_TYPE variable
- Merge pull request #25 from ptesarik/master
- Enable SysRq dump by default
- Revert "/fix /etc/init.d/foo status return code (bnc#931388)"/
- Merge pull request #23 from bmwiedemann/master
- fix /etc/init.d/foo status return code (bnc#931388)
- xdg-environment: reduce list in /opt/* to gnome,kde4,kde3 (bnc#910904)
- add SOCKS5_SERVER and socks_proxy to proxy settings (bnc#928398)
- Simplify version check
- Handle also command lines starting with the env command
as this is used by gnome xsessions (bsc#921172)
- Correct the boolean in /etc/profile.d/lang.sh
- Even if GDM has done language setup the personal ~/.i18n should
be sourced (boo#567324)
- Remove the official patch for fate#314974 as now part of systemd
- Merge pull request #21 from arvidjaar/bnc/907873
- Avoid sourcing /etc/bash_completion.d twice
- Fix spelling of SUSE
- Add the official patch for Fate#314974 (bnc#903009)
- acl
-
- test: Add helper library to fake passwd/group files
- quote: escape literal backslashes (bsc#953659).
- Added patch:
* 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
* 0002-quote-escape-literal-backslashes.patch
- refresh acl-2.2.52-tests.patch to work with perl 5.26
- BuildRequires gettext-tools-mini instead of gettext-tools: as
acl is part of the bootstrap, we want to try to keep the dep
chain as small as possible.
- Remove --with-pic that's just for static libraries.
- Replace %__-type macro indirections.
Replace old $RPM_ by their macro equivalents for consistency.
Make the macro style consistent across the file again.
- reenable full Larg File Support for i586
- Make it possible to disable tests (for Ring0)
- Add BuildRequires: system-user-daemon for the testsuite
- Add BuildRequires for system user bin needed by test suite
- Update to git snapshot dated 21 Sep 2015.
- Added:
* 0001-Install-the-libraries-to-the-appropriate-directory.patch
* 0002-setfacl.1-fix-typo-inclu-de-include.patch
* 0003-test-fix-insufficient-quoting-of.patch
* 0004-Makefile-rename-configure.in-to-configure.ac.patch
* 0005-Bad-markup-in-acl.5-page.patch
* 0006-.gitignore-ignore-and-config.h.in.patch
* 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
* 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
* 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
* 0010-punt-debian-rpm-packaging-logic.patch
* 0011-move-gettext-logic-into-misc.h.patch
* 0012-test-make-running-parallel-out-of-tree-safe.patch
* 0013-modernize-build-system.patch
* 0014-po-regenerate-files-after-move.patch
* 0015-build-drop-aclincludedir-use-pkgincludedir.patch
* 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
* 0017-build-ship-a-pkgconfig-file-for-libacl.patch
* 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
* 0019-read_acl_-comments-seq-switch-to-next_line.patch
* 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
* 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
* 0022-add-__acl_-prefixes-to-internal-symbols.patch
* 0023-cp.test-Check-permissions-of-the-right-file.patch
* 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
* 0025-fix-compilation-with-latest-xattr-git.patch
* 0026-getfacl-Fix-memory-leak.patch
* 0027-Fix-the-display-block-nesting-in-acl.5.patch
* 0028-setfacl-man-page-Minor-wording-improvements.patch
* 0029-getfacl-Fix-minor-resource-leak.patch
* 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
* 0031-walk_tree-mark-internal-variables-as-static.patch
* 0032-ignore-configure.lineno.patch
- Signficant spec file restructuring due to 0013-modernize-build-system.patch
- removed builddefs.in.diff
- Reduce size of filelist by using wildcards;
remove %doc (some locations are always %doc),
remove %attr (files already have proper permissions)
- add acl-2.2.52-tests.patch and enable tests, check section taken
from Fedora package
- remove gpg-offline calls from bootstrap package
- Update to new upstream release 2.2.52
* This release fixes a few build system issues that were found and
merges in a tree walking bug fix.
- Remove acl-fiximplicit.patch (merged upstream),
config-guess-sub-update.diff (no longer applies)
- Sync baselibs.conf with in-.spec obsoletes/provides.
- add gpg checking
- use source url
- Add config-guess-sub-update.diff:
update config.guess/sub to latest state for AArch64
- Use OS byteswapping routines, application already Includes
"/endian.h"/ but then goes ahead defining ad-hoc equivalent
functionality (0001-Use-OS-byteswapping-macros.patch)
- remove useless automake deps
- patch license to follow spdx.org standard
- license update: GPL-2.0+;LGPL-2.1+
SPDX format
- add automake as buildrequire to avoid implicit dependency
- Fix provides/Obsoletes
- Implement shlib package (libacl1)
- Enable libacl-devel on all baselib arches
- upgrade to 2.2.51
- Test fixes
- upgrade to 2.2.50
- OPTIONS in man pages should be a section heading, not a subsection heading
- Fix a typo in the setfacl man page
- setfacl: Clarify that removing a non-existent acl entry is not an error
- Prevent setfacl --restore from SIGSEGV on malformed restore file
- setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
- libacl: fix potential null pointer dereference
- setfacl: fix restore crash on malformed input
- setfacl: print useful error from read_acl_comments
- setfacl: changing owner and when S_ISUID should be set --restore fix
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- readded incorrectly removed libattr-devel requires in -devel
- fixed implicit strchr() usage.
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.2.48
- Document the new flags comments
- Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "/setfacl --restore=file"/.
- Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
- Stop quoting nonprintable characters in the getfacl output
- Avoid unnecessary but destructive chown calls
- Clarify license notice
- amazon-ssm-agent
-
- Update to version 3.0.1209.0 (bsc#1186239, bsc#1186262)
+ For detailed changes see RELEASENOTES.md
+ Drop fix-version.patch replaced by sed expression in spec file
+ Drop remove-unused-import.patch no longer included from upstream
+ Drop fix-config.patch all SUSE distros use systemd
+ Remove amazon-ssm-agent.service included in upstream source, use it
+ Move all binaries into sbin and fix the hard coded config path via sed
- Update to 2.3.1205.0:
* Updated the SSM Agent Snap to core18
* Bug fix for expired in-progress documents being resumed
* Bug fix for update specific files not being deleted after agent update is finished
* Bug fix for cached manifest files not being deleted in the configurepackage plugin
- Update to 2.3.978.0 (2020-04-08) (bsc#1170744)
+ Stop pty on receiving TerminateSession request
+ Add support for Debian arm64 architecture
+ Refactoring session log generation logic
- Update to 2.3.930.0 (2020-03-17)
+ Bug fix for CloudWatch agent version showing twice in Inventory console
+ Bug fix for retrieving minor version for CentOS7
+ Add snap appData collection for inventory in ubuntu 18
+ Add validation for contents of os release files
+ Add retry for fingerprint generation
- Update to 2.3.871.0 (2020-02-20)
+ Various bug fix for SSM Agent
- Update to 2.3.842.0 (2020-01-29)
+ Bug fix for updating document state file prior agent reboot
+ Add support to restart agent after SIGPIPE exit status
- Update to 2.3.814.0 (2020-01-16)
+ Bug fix for metadata service V2
+ Update Golang version 1.12 for travis
+ Optimize session manager retry logic
- Update to 2.3.786.0 (2019-12-19)
+ Add support for Oracle Linux v7.5 and v7.7
+ Bug fix for Inventory data provider to support special characters
+ Bug fix for SSM MDS service name
- Update to 2.3.772.0 (2019-12-13)
+ Upgrade AWS SDK
+ Add logging for fingerprint generation
- Update to 2.3.760.0 (2019-11-15)
+ Session manager supports handling of Task metadata
- Update to 2.3.758.0 (2019-11-11)
+ Add support to update SSM Distributor packages in place
- Update to 2.3.756.0 (2019-11-05)
+ Terminate port forwarding session on receiving TerminateSession flag
+ Bug fix to reload SSM client if region has not been initialize correctly
+ Bug fix for retrieval of user groups on Linux
- Update to 2.3.722.0 (2019-10-11)
+ Bug fix for the delay when registering non-EC2 on-prem instances
+ Bug fix for missing ACL when uploading logs to S3 buckets
+ Upgrade GoLang version from 1.9 to 1.12
- Update to 2.3.714.0 (2019-09-26)
+ For port forwarding session, close server connection when client drops it's connection
+ Bug fix for missing condition of rules from inventory registry
+ Update service domain information fetch logic from EC2 Metadata
- Update to 2.3.707.0 (2019-09-11)
+ Bug fix for characters dropping from session manager shell output
+ Bug fix for session manager freezing caused by non utf8 character
+ Switch the request protocol order for getting S3 Header
+ Keep port forwarding session open until session is terminated
- Update to 2.3.701.0 (2019-08-21)
+ Send platform type information in controlChannel input
- Update to 2.3.687.0 (2019-08-05)
+ Bug fix for runPowershellScript plugin on linux platform
+ Add support for document 2.x version to ssm-cli
- Update to 2.3.680.0 (2019-07-24)
+ Added a new Inventory gatherer AWS:BillingInfo which will gather the billing product ids for LicenseIncluded and Marketplace instance
- Update to 2.3.672.0 (2019-07-09)
+ Add Port plugin for SSH/SCP
+ Add support for Session Manager RunAs functionality on Linux platform
- Update to 2.3.668.0 (2019-07-01)
+ Add Session Manager InteractiveCommands plugin
+ Bug fix for log formatting issue for session manager
- Update to 2.3.662.0 (2019-06-19)
+ Bug fix for Session Manager when handling line endings on Windows platform
+ Bug fix for token validation for aws:downloadContent plugin
+ Check if log group exists before uploading Session Manager logs to CloudWatch
+ Bug fix for broken S3 urls when using custom documents
- Update to 2.3.634.0 (2019-05-28)
+ Disable appconfig to load credential from specific profile path, add EC2 credentials as the default fallback
+ Remove sudoers file creation logic if ssm-user already exists
+ Enable supplementary groups for ssm-user on Linux
- Update to 2.3.612.0 (2019-05-08)
+ Bug fix for UTF-8 encoded issue caused by locale activation on Ubuntu 16.04 instance
+ Refactor ssm-user creation logic
+ Bug fix for reporting IP address with wrong network interface
+ Update configure package document arn pattern
- Update to 2.3.542.0 (2019-04-18)
+ Bug fix for on-premises instance registration in CN region
- Update to 2.3.539.0 (2019-04-04)
+ Add support for further encryption of session data using AWS KMS
+ Bug fix for excessive instance-id fetching by document workers
- Update to 2.3.479.0 (2019-03-06)
+ Bug fix for downloading content failure caused by wrong S3 endpoint
+ Bug fix for reboot failure caused by session manager panic
+ Bug fix for session manager shell output dropping character
+ Bug fix for mgs endpoint configuration consistency
- Update to 2.3.444.0 (2019-02-10)
+ Updates to UpdateInstanceInformation call, Windows initialization
- Add patch to remove unused import
+ remove-unused-import.patch
- Refresh patches for new version
+ fix-version.patch
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
- Update version patch.
- Update to 2.3.415.0 (2019-03-05)
+ Bug fix addressing issues in Distributor package upgrade
- Update to 2.3.372.0 (2019-03-05)
+ Bug fix to allow installation of Distributor packages that do
not have a version name.
+ Bug fix for agent crash with message "/WaitGroup is reused
before previous Wait has returned"/.
- Update to 2.3.344.0 (2019-03-05)
+ Add frequent collector to detect changed inventory types and
upload it to SSM service between two scheduled collections.
+ Change AWS Systems Manager Distributor to reduce calls to
GetDocument by calling DescribeDocument.
+ Add exit code when ssm-cli execution fails.
+ Create ssm-user only after the control channel has been
successfully created.
- Update to 2.3.274.0 (2019-03-05)
+ Enabled AWS Systems Manager Distributor that lets you securely
distribute and install software packages.
+ Add support for the arm64 architecture on Amazon Linux 2,
Ubuntu 16.04/18.04, and RHEL 7.6 to support EC2 A1 instances.
- Update to 2.3.235.0 (2019-03-05)
+ Bug fix for session manager logging on Windows
+ Bug fix for ConfigureCloudWatch plugin
+ Bug fix for update SSM agent occasionally failing due to SSM
agent service stuck in starting state
- Update to 2.3.193.0 (2019-03-05)
+ Bug fix for past sessions occasionally stuck in terminating
state
+ Darwin masquerades as Linux to bypass OS validation on the
backend until official support can be added
- Update to 2.3.169.0 (2019-03-05)
+ Update managed instance role token more frequently
- Update to 2.3.136.0 (2019-03-05)
+ Bug fix for issue that GatherInventory throw out error when
there is no Windows Update in instance
+ Add more filters when getting the Windows event logs at
startup to improve performance
+ Add random jitter before call PutInventory in inventory
datauploader
- Update to 2.3.117.0 (2019-03-05)
+ Bug fix for issues during process termination on instances
where IAM policy does not grant ssmmessages permissions.
- Update to 2.3.101.0 (2019-03-05)
+ Bug fix to prevent defunct processes when creating the local
user ssm-user.
+ Bug fix for sudoersFile permission to avoid "/sudo"/ command
warnings in Session Manager.
+ Disable hibernation on Windows platform if Cloudwatch
configuration is present.
- Update to 2.3.68.0 (2019-03-05)
+ Enables the Session Manager capability that lets you manage
your Amazon EC2 instance through an interactive one-click
browser-based shell or through the AWS CLI.
+ Beginning this agent version, SSM Agent will create a local
user "/ssm-user"/ and either add it to /etc/sudoers (Linux) or
to the Administrators group (Windows) every time the agent
starts. The ssm-user is the default OS user when a Session
Manager session is started, and the password for this user is
reset on every session. You can change the permissions by
moving the ssm-user to a less-privileged group or by changing
the sudoers file. The ssm-user is not removed from the system
when SSM Agent is uninstalled.
- Update to 2.3.13.0 (2019-03-05)
+ Bug fix for the SSM Agent service remaining in "/Starting"/
state on Windows when unable to authenticate to the Systems
Manager service.
- Update to 2.2.916.0 (2019-03-05)
+ Bug fix for missing cloudwatch.exe seen in SSM Agent version
2.2.902.0
- Update to 2.2.902.0 (2019-03-05)
+ Initial support for developer builds on macOS
+ Retry sending Run Command execution results for up to 2 hours
+ More detailed error messages are returned for inventory plugin
failures during State Manager association executions
- Update to 2.2.800.0 (2019-03-05)
+ Bug fix to clean the orchestration directory
+ Streaming AWS Systems Manager Run Command output to CloudWatch
Logs
+ Reducing number of retries for serial port opening
+ Add retry logic to installation verification
- Update to 2.2.619.0 (2019-03-05)
+ Various bug fixes
- Update to 2.2.607.0 (2019-03-05)
+ Various bug fixes
- Update to 2.2.546.0 (2019-03-05)
+ Bug fix to retry sending document results if they couldn't
reach the service
- Update to 2.2.493.0 (2019-03-05)
+ Added support for Ubuntu Snap packaging
+ Bug fix so that aws:downloadContent does not change permissions
of directories
+ Bug fix to Cloudwatch plugin where StartType has duplicated
Enabled value
- Update to 2.2.392.0 (2019-03-05)
+ Added support for agent hibernation so that Agent backs off or
enters hibernation mode if it does not have access to the
service
+ Various bug fixes
- Update to 2.2.355.0 (2019-03-05)
+ Fix S3Download to download from cross regions.
+ Various bug fixes
- Update to 2.2.325.0 2018-03-07 (bsc#1085670)
+ Bug fix to change sourceHashType to be default sha256 on
psmodule.
- Update to 2.2.257.0 2018-02-23
+ Bug fix to address an issue that can prevent the agent from
processing associations after a restart.
- Update to 2.2.160.0 2018-01-15
+ Execute "/pwsh"/ on linux when using runPowershellScript plugin.
- Update to 2.2.93.0 2017-11-14
+ Update to latest AWS SDK.
- Update to 2.2.58.0 2017-10-23
+ Switching to use Birdwatcher distribution service for AWS
packages.
- do not build on s390, only on s390x (no go on s390)
- Update Go version requirement to 1.7.4.
- Add ssm-document-worker binary to agent package.
- Update to 2.2.45.0 2017-10-18 (bsc#1067256)
+ Refresh version patch with new version.
+ Adding versioning support for Parameter Store.
+ Added additional gatherers for inventory, including windows
service gatherer, windows registry gatherer, file metadata
gatherer, windows role gatherer.
+ Added support for aws:downloadContent plugin to download
content from GitHub, S3 and documents from SSM documents.
+ Added support for aws:runDocument plugin to execute SSM
documents.
- Update to 2.2.30.0 2017-10-09
+ Improved speed of initial association application on boot
+ Various aws:configurePackage service integration changes
+ Improved home directory detection in non-x64 linux platforms
to address cases where shared AWS SDK credentials were not
available in on-prem instances
- Update to 2.2.24.0 2017-10-02
+ Added exponential backoff in bucket region check for s3 upload
+ Fixed an issue with orchestration directory cleanup for
RunCommand
- Update to 2.2.16.0 2017-09-25
- Update to 2.1.4.0 2017-09-11
+ Support for command execution out-of-process
- Update to 2.0.952.0 2017-08-28
- Add ssm-cli to package.
- Remove requirement on lsb-release. Agent now parses os-release
by default.
- Use gzip archive from GitHub instead of converting to xz.
- Update to 2.0.922.0 2017-08-14 (bsc#1055766)
+ Added Raspbian support for armv6 to support Raspberry Pi
+ Various bug fixes
- Update to 2.0.913.0 2017-08-07
+ Updated golang/sys dependency to the latest
+ Increased run command document maximum execution timeout to 48 hours
+ Various bug fixes
- Update to 2.0.902.0 2017-07-31
+ Added support for uploading agent logs to CloudWatch for SSM Agent diagnostics
+ Added additional gatherers for inventory
+ Added configuration compliance support for association
+ Various bug fixes
- Update to 2.0.879.0 2017-07-26
+ Add capability to configure custom s3 endpoint for the agent
+ Various bug fixes
- Update to 2.0.847.0 2017-07-03
+ Various bug fixes
- Update to 2.0.842.0 2017-06-26
+ Added rollback support in aws:configurePackage
+ Various bug fixes
- Update to 2.0.834.0 2017-06-23
+ Various bug fixes
- Update to 2.0.805.0 2017-06-07
+ Added support for SLES (SUSE) (64-bit, v12 and above)
+ Various bug fixes
- Update to 2.0.796.0 2017-05-29
+ Linux platform version now based on os-release when available
+ Various bug fixes
- Update to 2.0.790.0 2017-05-31 (bsc#1047581)
- Added support for step-level preconditions
- Added support for rate/interval based schedule expressions for
associations
- Added Summary and PackageID fields to inventory's
aws:application gatherer
- Changed inventory's aws:application gatherer to use
win32_processor: addressWidth to detect OS architecture to
avoid localization based errors
- Fixed CloudWatch issue with large configuration
- Fixed S3 upload when instance and bucket are not in the same
region
- Fixed bug that prevented native language AMIs (Japanese AMI)
from launching Cloudwatch
- Various bug fixes
- Update to 2.0.767.0 2017-05-31
- Returning longer StandardOutput and StandardError from
RunShellScript and RunPowerShellScript which show up in the
results of GetCommandInvocation and the detailed output of
ListCommandInvocation
- Added Document v2.0 support for Run Command, which includes
support for multiple actions of same plugin type
- Various bug fixes
- Update to 2.0.755.0 2017-05-31
- Fixed bugs that prevented CloudWatch from launching and allowed
multiple instances of CloudWatch to launch on Windows
- Various bug fixes
- Update to 2.0.730.0 2017-05-31
- Fixed issues with agent starting before network is ready on
systemd systems.
- Update to 2.0.716.0 2017-05-31
- Pass proxy settings to domain join and CloudWatch
- Added support for installing Docker on Linux
- Removed the upper limit for the maximum number of parallel
executing documents on the agent (previously the max was 10)
- You can configure this number by setting the
“CommandWorkerLimit” attribute in amazon-ssm-agent.json file
- Various bug fixes
- Add package to SLE-12 codestream (bsc#1017899, fate#322303)
- Update to 2.0.672.0 2017-02-17
- Added bucket-owner-full-control ACL to S3 outputs to support
cross-account upload
- Standardized S3 result paths across plugins; commands append
command-id/instance-id/plugin-name/step-id associations append
instance-id/association-id/execution-date/plugin-name/step-id
- step-id is the id field in plugin input if present and
supported, otherwise the step name (in 2.0 schema documents),
otherwise the plugin-name again
- plugin-name and step-id have : characters removed
- FreeBSD patches from external contributor
- Various bug fixes
- Update to 2.0.663.0 2017-01-18
- Added support for aws:softwareInventory plugin to upload
inventory related log messages to S3
- Added support for running Powershell on Linux
- Added support for State Manager that automates the process of
keeping your Amazon EC2 and hybrid infrastructure in a state that
you define You can use State Manager to ensure that your instances
are bootstrapped with specific software at startup, configured
according to your security policy, joined to a Windows domain,
or patched with specific software updates throughout their
lifecycle
- Added support for Systems Manager Inventory that allows you to
specify the type of metadata to collect, the instances from
where the metadata should be collected, and a schedule for
metadata collection
- Added support for installing, uninstalling, and updating AWS
packages published by AWS
- Added support for installing Docker on Windows and running
Docker actions
- Added support for Windows Server 2016
- Added support for Windows Server Nano
- Fixed CloudWatch crash issue
- Fixed Domain Join to support customized OU
- Fixed CloudWatch doesn't work with creating association from
Console
- Fixed SSM Agent not able to start on Windows Server 2003
- Various bug fixes
- Initial package 1.2.290.0 2016-07-20
- apparmor
-
- update to AppArmor 2.13.6
- fix utils hotkey conflicts in some languages
- aa-autodep: load abstractions on start (boo#1178527)
- add usr.lib.dovecot.script-login profile
- minor additions in abstractions/X and the dovecot profile
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.6
for the detailed upstream changelog
- drop upstreamed patch libapparmor-so-number.diff
- update to AppArmor 2.13.5
- add missing permissions to several profiles and abstractions
- bugfixes in parser and tools
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5
for the detailed upstream changelog
- remove upstream(ed) patches
- changes-since-2.13.4.diff
- abstractions-X-xauth-mr582.diff
- sevdb-caps-mr589.diff
- libvirt-leaseshelper.patch
- cap_checkpoint_restore.diff
- add libapparmor-so-number.diff to fix libapparmor so version (!658)
- add CAP_CHECKPOINT_RESTORE to severity.db (MR 656,
cap_checkpoint_restore.diff)
- %service_del_postun_without_restart only works for Tumbleweed,
keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x
- Make use of %service_del_postun_without_restart
And stop using DISABLE_RESTART_ON_UPDATE as this interface is
obsolete.
- libvirt-leaseshelper.patch: add /usr/libexec as a path to the
libvirt leaseshelper script (jsc#SLE-14253)
- sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON
to severity.db (lp#1890547)
- add abstractions-X-xauth-mr582.diff to allow reading the xauth file
from its new sddm location (boo#1174290, boo#1174293)
- add changes-since-2.13.4.diff with upstream changes and fixes
since 2.13.4 up to 5f61bd4c:
- add several abstractions related to xdg-open:
dbus-network-manager-strict, exo-open, gio-open, gvfs-open,
kde-open5, xdg-open
- introduce @{run} variable
- update dnsmasq and winbindd profile
- update mdns, mesa and nameservice abstraction
- some bugfixes in the aa-* tools, including a remote bugfix in the
YaST AppArmor module (boo#1171315)
- drop upstream(ed) patches (now part of changes-since-2.13.4.diff):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-fix-utils-network-test.diff
- make-4.3-network.diff
- abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
- apply usr-etc-abstractions-base-nameservice.diff only for
Tumbleweed, but not for Leap 15.x where it's not needed
- refresh usr-etc-abstractions-base-nameservice.diff
- Add abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch
(bsc#1168306)
- fix build with make 4.3 by backporting some commits from upstream
master (boo#1167953):
- make-4.3-capabilities.diff
- make-4.3-capabilities-vim.diff
- make-4.3-network.diff
- make-4.3-fix-utils-network-test.diff
- update to AppArmor 2.13.4
- several abstraction updates (including boo#1153162)
- disallow writing to fontconfig cache in abstractions/fonts
- some bugfixes in the aa-* tools
- see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.4
for the detailed upstream changelog
- drop upstreamed patches:
- abstractions-ssl-certbot-paths.diff
- apparmor-krb5-conf-d.diff
- libapparmor-python3.8.diff
- usr-etc-abstractions-authentification.diff
- refresh usr-etc-abstractions-base-nameservice.diff
- add usr-etc-abstractions-base-nameservice.diff to adjust
abstractions/base and nameservice for /usr/etc/ (boo#1161756)
- Properly pull in full python3 interpreter
- add libapparmor-python3.8.diff to fix building the libapparmor python
bindings (deb#943657)
- add usr-etc-abstractions-authentification.diff to allow reading
/usr/etc/pam.d/* and some other authentification-related files (boo#1153162)
- add abstractions-ssl-certbot-paths.diff - add certbot paths to
abstractions/ssl_certs and abstractions/ssl_keys
- add apparmor-krb5-conf-d.diff for kerberos client
- update to 2.13.3
- profile updates for dnsmasq, dovecot, identd, syslog-ng
- new "/lsb_release"/ profile (only used when using "/Px -> lsb_release"/)
- fix buggy syntax in tunables/share
- several abstraction updates
- parser: fix "/Px -> foo-bar"/ (the "/-"/ was rejected before)
- several bugfixes in aa-genprof and aa-logprof
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.3
for the detailed upstream changelog
- drop upstream(ed) patches:
- apparmor-nameservice-resolv-conf-link.patch
- profile_filename_cornercase.diff
- dnsmasq-libvirtd.diff
- dnsmasq-revert-alternation.diff
- usrmerge-fixes.diff
- libapparmor-swig-4.diff
- re-number remaining patches
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig
4.0 (boo#1135751)
- Disable LTO (boo#1133091).
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)
- add usrmerge-fixes.diff: fix test failures when /bin/sh is handled by
update-alternatives (boo#1127877)
- add dnsmasq-revert-alternation.diff: revert path alternation in
dnsmasq profile and re-add peer=/usr/sbin/libvirtd rules to avoid
breaking libvirtd (boo#1127073)
- add dnsmasq-libvirtd.diff: allow peer=libvirtd in the dnsmasq profile
to match the newly added libvirtd profile name (boo#1118952#c3)
- Use %license instead of %doc [bsc#1082318]
- add apparmor-lessopen-nfs-workaround.diff: allow network access in
lessopen.sh for reading files on NFS (workaround for boo#1119937 /
lp#1784499)
- add profile_filename_cornercase.diff: drop check that lets aa-logprof
error out in a corner-case (log event for a non-existing profile while
a profile file with the default filename for that non-existing profile
exists) (boo#1120472)
- netconfig: write resolv.conf to /run with link to /etc (fate#325872,
boo#1097370) [patch apparmor-nameservice-resolv-conf-link.patch]
- update to AppArmor 2.13.2
- add profile names to most profiles
- update dnsmasq profile (pid file and logfile path) (boo#1111342)
- add vulkan abstraction
- add letsencrypt certificate path to abstractions/ssl_*
- ignore *.orig and *.rej files when loading profiles
- fix aa-complain etc. to handle named profiles
- several bugfixes and small profile improvements
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.2
for the detailed upstream changelog
- remove upstreamed fix-syntax-error-in-rc.apparmor.functions.patch
- update to 2.13.1
- add qt5 and qt5-compose-cache-write abstractions
- add @{uid} and @{uids} kernel var placeholders
- several profile and abstraction updates
- ignore "/abi"/ rules in parser and tools (instead of erroring out)
- utils: fix overwriting of child profile flags if they differ from
the main profile
- several bugfixes (including boo#1100779)
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13.1
for the detailed upstream changelog
- remove upstream(ed) patches:
- aa-teardown-path.diff
- fix-apparmor-systemd-perms.diff
- logprof-skip-cache-d.diff
- fix-samba-profiles.patch
- make-pyflakes-happy.diff
- dnsmasq-Add-permission-to-open-log-files.patch
- refresh apparmor-samba-include-permissions-for-shares.diff
- add fix-syntax-error-in-rc.apparmor.functions.patch
- update rpmlintrc:
- whitelist .features file which is part of the pre-compiled cache
- comment out filters for the disabled tomcat_apparmor subpackage
- Backport dnsmasq fix:
025c7dc6 - dnsmasq-Add-permission-to-open-log-files.patch
(boo#1111342)
- add make-pyflakes-happy.diff to fix an unused variable (SR 629206)
- add fix-samba-profiles.patch - smbd loads new shared libraries.
Allow winbindd to access new kerberos credential cache location
(boo#1092099)
- exclude the /etc/apparmor.d/cache.d/ directory from aa-logprof parsing
(logprof-skip-cache-d.diff)
- add fix-apparmor-systemd-perms.diff - fix permissions of
/lib/apparmor/apparmor.systemd (boo#1090545)
- create and package precompiled cache (/usr/share/apparmor/cache,
read-only) (boo#1069906, boo#1074429)
- change (writeable) cache directory to /var/cache/apparmor/ - with the
new btrfs layout, the only reason for using /var/lib/apparmor/cache/
(which was "/it's part of the / subvolume"/) is gone, and /var/cache
makes more sense for the cache
- adjust parser.conf (via apparmor-enable-profile-cache.diff) to use both
cache locations
- clear cache also in %post of abstractions package
- update to AppArmor 2.13
- add support for multiple cache directories and cache overlays
(boo#1069906, boo#1074429)
- add support for conditional includes in policy
- remove group restrictions from aa-notify (boo#1058787)
- aa-complain etc.: set flags for profiles represented by a glob
- aa-status: split profile from exec name
- several profile and abstraction updates
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.13
for the detailed upstream changelog
- drop upstreamed patches and files:
- aa-teardown
- apparmor.service
- apparmor.systemd
- 32-bit-no-uid.diff
- disable-cache-on-ro-fs.diff
- dovecot-stats.diff
- parser-write-cache-warn-only.diff
- set-flags-for-profiles-represented-by-glob.patch
- fix-regression-in-set-flags.patch
- drop spec code that handled installing aa-teardown, apparmor.service
and apparmor.systemd (now part of upstream Makefile)
- simplify "/make -C profiles parser-check"/ call (upstream Makefile bug
that required to call "/cd"/ was fixed)
- add aa-teardown-path.diff - install aa-teardown in /usr/sbin/
- move 'exec' symlink to parser package (belongs to aa-exec)
- Set flags for profiles represented by glob (bsc#1086154)
set-flags-for-profiles-represented-by-glob.patch
fix-regression-in-set-flags.patch
- add dovecot-stats.diff:
- add dovecot/stats profile and allow dovecot to run it (boo#1088161)
- allow dovecot/auth to write /run/dovecot/old-stats-user (part of boo#1087753)
- update 32-bit-no-uid.diff with upstream fix
- Change of path of rpm in lessopen.sh (boo#1082956)
- add disable-cache-on-ro-fs.diff - disable write cache if filesystem is
read-only and don't bail out (bsc#1069906, bsc#1074429)
- add parser-write-cache-warn-only.diff to make cache write failures a
warning instead of an error (boo#1069906, boo#1074429)
- reduce dependeny on libnotify-tools (used by aa-notify -p) to "/Suggests"/
to avoid pulling in several Gnome packages on servers (boo#1067477)
- update to AppArmor 2.12
- add support for 'owner' rules in aa-logprof and aa-genprof
- add support for includes with absolute path in aa-logprof etc. (lp#1733700)
- update aa-decode to also decode PROCTITLE (lp#1736841)
- several profile and abstraction updates, including boo#1069470
- see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12
for the detailed upstream changelog
- drop upstreamed patches:
- read_inactive_profile-exactly-once.patch
- utils-fix-sorted-save_profiles-regression.diff
- lessopen profile: change all 'rix' rules to 'mrix'
- add 32-bit-no-uid.diff to fix handling of log events without ouid on
32 bit systems
- update to AppArmor 2.11.95 aka 2.12 beta1
- add JSON interface to aa-logprof and aa-genprof (used by YaST)
- drop old YaST interface code
- update audio, base and nameservice abstractions
- allow @{pid} to match 7-digit pids
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_95
for the detailed upstream changelog
- drop upstreamed patches
- apparmor-yast-cleanup.patch
- apparmor-json-support.patch
- nameservice-libtirpc.diff
- drop obsolete perl modules (YaST no longer needs them)
- drop patches that were only needed by the obsolete perl modules:
- apparmor-utils-string-split
- apparmor-abstractions-no-multiline.diff
- drop profiles-sockets-temporary-fix.patch - obsoleted by a fix in
apparmor_parser
- refresh utils-fix-sorted-save_profiles-regression.diff
- add aa-teardown (new script to unload all profiles)
- make ExecStop in apparmor.service a no-op (workaround for a systemd
restriction, see boo#996520 and boo#853019 for details)
- lessopen profile: allow capability dac_read_search and dac_override,
allow groff to execute several helpers (boo#1065388)
- read_inactive_profile-exactly-once.patch (bsc#1069346)
Perform reading of inactive profiles exactly once.
- update to AppArmor 2.11.1
- add permissions to several profiles and abstractions (including
lp#1650827 and boo#1057900)
- several fixes in the aa-* tools (including lp#1689667, lp#1628286,
lp#1661766 and boo#1062667)
- fix downgrading/converting of 'unix' rules (will be supported in
kernel 4.15) to 'network unix' rules in apparmor_parser (boo#1061195)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11_1 for
upstream changelog
- remove upstream(ed) patches
- upstream-changes-r3616..3628.diff
- upstream-changes-r3629..3648.diff
- parser-tests-dbus-duplicated-conditionals.diff
- apparmor-fix-podsyntax.patch
- sshd-profile-drop-local-include-r3615.diff
- refresh apparmor-yast-cleanup.patch
- add utils-fix-sorted-save_profiles-regression.diff to fix a regression
in displaying the "/changed profiles"/ list in aa-logprof
- add nameservice-libtirpc.diff to fix NIS/YP logins (boo#1062244)
- profiles-sockets-temporary-fix.patch to cater to nameservices with the
new sockets mediation, until unix rules are upstreamed (boo#1061195)
- add apparmor-fix-podsyntax.patch from mailing list to fix
compilation with perl 5.26
- do not require exact X.Y version of "/python3"/
- require also matching python(abi) which is arguably more important
- don't rely on implementation details for reload in %post
- add JSON support. Required for FATE#323380.
(apparmor-yast-cleanup.patch, apparmor-json-support.patch)
- add upstream-changes-r3629..3648.diff:
- preserve unknown profiles when reloading apparmor.service
(CVE-2017-6507, lp#1668892, boo#1029696)
- add aa-remove-unknown utility to unload unknown profiles (lp#1668892)
- update nvidia abstraction for newer nvidia drivers
- don't enforce ordering of dbus rule attributes in utils (lp#1628286)
- add --parser, --base and --Include option to aa-easyprof to allow
non-standard paths (useful for tests) (lp#1521031)
- move initialization code in apparmor.aa to init_aa(). This allows to
run all utils tests even if /etc/apparmor.d/ or /sbin/apparmor_parser
don't exist.
- several improvements in the utils tests
- drop upstreamed python3-drop-re-locale.patch
- no longer delete/skip some of the utils tests (to allow this, add
parser-tests-dbus-duplicated-conditionals.diff)
- add var.mount dependeny to apparmor.service (boo#1016259#c34)
- Cleanup spec file:
- don't use insserv if we afterwards call systemd, this can
have bad side effects
- remove dead code
- remove now obsolete 'distro' checks
- Replace init.d script with new wrapper working with systemd
- add python3-drop-re-locale.patch: remove deprecated re.LOCALE
flag in Python UI as it was dropped from Python 3.6 (lp#1661766)
- add upstream-changes-r3616..3628.diff:
- update abstractions/base, abstractions/apache2-common and dovecot profiles
- merge ask_the_questions() of aa-logprof and aa-mergeprof
- pass LDFLAGS when building parser, libapparmor perl bindings and pam_apparmor
- adjust deleting the cache in profiles %post to the new cache location
- silence errors when deleting the cache (boo#976914)
- split libapparmor into separate spec to get rid of build loop
involving mariadb, systemd, apparmor, libapr and mariadb again
(see the discussion in SR 448871 for details)
- update to AppArmor 2.11.0
- apparmor_parser now supports parallel compiles and loads
- add full support for dbus, ptrace and signal rules and events to the
utils
- full rewrite of the file rule handling in the utils
- lots of improvements and fixes
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_11 for the
detailed changelog
- patches:
- add sshd-profile-drop-local-include-r3615.diff to fix 'make check'
- drop aa-unconfined-fix-netstat-call-2.10r3380.diff, no longer needed
- refresh apparmor-abstractions-no-multiline.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- spec changes:
- aa-unconfined switched to using ss (from iproute2), adjust Recommends:
- move libapparmor to /usr/lib*/
- drop %if %suse_version checks for 12.x
- change several Obsoletes from %version to < 2.9. Those package names
weren't used since years, and 2.9 is still a careful choice
- include apparmor.service independent of %suse_version
- techdoc.pdf is now shipped in upstream tarball to reduce BuildRequires
- drop latex2html, texlive-* and w3m BuildRequires
- techdoc.txt and techdoc.html not included, drop them from the package
- run most of utils/ make check (some tests expect /etc/apparmor.d/ and
/sbin/apparmor_parser to exist, skip them)
- BuildRequires python3-pyflakes (utils tests) and dejagnu (libapparmor tests)
- drop sed'ing python3 into aa-* shebang (upstreamed)
- build binutils
- aa-exec is now written in C and lives in /usr/bin/, move it to the
apparmor_parser package and create a compability symlink in /usr/sbin/
- aa-exec manpage moved to section 1
- aa-enabled is a small new tool to find out if AppArmor is enabled
- package new aa_stack_profile(2) manpage
- change /etc/apparmor.d/cache symlink to /var/lib/apparmor/cache/.
This is part of the root partition (at least with default partitioning)
and should be available earlier than /var/cache/apparmor/
(boo#1015249, boo#980081, bsc#1016259)
- add dependency on var-lib.mount to apparmor.service as safety net
- update to AppArmor 2.10.2 maintenance release
- lots of bugfixes and profile updates (including boo#1000201,
boo#1009964, boo#1014463)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_2 for details
- add aa-unconfined-fix-netstat-call-2.10r3380.diff to fix a regression
in aa-unconfined
- drop upstream(ed) patches:
- changes-since-2.10.1--r3326..3346.diff
- changes-since-2.10.1--r3347..3353.diff
- libapparmor-fix-import-path.diff (upstream fix is slightly different)
- nscd-var-lib.diff
- refresh apparmor-abstractions-no-multiline.diff
- add nscd-var-lib.diff to allow /var/lib/nscd/ in the nscd profile and
abstractions/nameservice (path changed in latest nscd in Tumbleweed)
- add changes-since-2.10.1--r3347..3353.diff with upstream changes and
fixes in the 2.10 branch, including
- allow writing *.qf files (for disk-based buffering) in syslog-ng profile
- add several permissions to the dovecot profiles (deb#835826)
- add a missing path in the traceroute profile
- add changes-since-2.10.1--r3326..3346.diff with upstream changes and
fixes since the 2.10.1 release, including
- allow dac_override in winbindd profile (boo#990006#c5)
- allow mr for /usr/lib*/ldb/*.so in samba abstractions (needed since
Samba 4.4.x, boo#990006)
- abstractions/nameservice: also support ConnMan-managed resolv.conf
- let aa-genprof ask about profiles in extra dir (again)
- fix aa-logprof "/add hat"/ endless loop (lp#1538306)
- honor 'chown' file events in logparser.py
- ignore log file events with a request mask of 'send' or 'receive'
because they are actually network events (lp#1577051, lp#1582374)
- accept hostname with dots when parsing logs (lp#1453300 comments #1 and #2)
- fix python LibAppArmor import failures with swig > 3.0.8 (boo#987607)
(libapparmor-fix-import-path.diff)
- refresh apparmor-abstractions-no-multiline.diff
- drop upstreamed profiles-ping-inet6-r3449.diff
- add %check section - runs libapparmor (including swig bindings),
parser and profiles tests
- add BuildRequires: perl(Locale::gettext) - needed for parser tests
- add profiles-ping-inet6-r3449.diff - latest ping also does IPv6 (boo#980596)
- update to AppArmor 2.10.1 (2.10 branch r3326):
- fix incorrect output of child profile names (apparmor_parser -N) which
caused 'rcapparmor reload' to remove child profiles and hats (lp#1551950)
- fix a crash in aa-logprof / logparser.py for change_hat log events
(lp#1523297) and log events that look like file events, but aren't
(lp#1540562, lp#1525119, lp#1466812)
- write unix rules when saving a profile (lp#1522938, boo#954104#c3)
- several fixes for variable handling in aa-logprof
- map c (create) log events to w instead of a
- add python to the "/no Px rule"/ list in logprof.conf
- let aa-logprof check for duplicate profiles
- let aa-status work without the apparmor.fail python module (boo#971917,
lp#1480492)
- add permissions in several profiles (including boo#948584, boo#948753,
boo#954959, boo#954958, boo#971790, boo#964971, boo#921098, boo#923201 and
boo#921098#c15).
- and many more fixes, see the full changelog at
http://wiki.apparmor.net/index.php/ReleaseNotes_2_10_1
- drop upstream(ed) patches:
- fix-initscript-aa_log_end_msg.diff
- syslog-ng-profile-boo948584.diff
- upstream-profile-updates-r3205-3241.diff
- refresh patches:
- apparmor-abstractions-no-multiline.diff
- apparmor-samba-include-permissions-for-shares.diff
- drop libapparmor autogen.sh call (broke the build) and remove libtool BR
- add syslog-ng-profile-boo948584.diff - add several permissions needed
by latest syslog-ng (boo#948584, boo#948753)
- add upstream-profile-updates-r3205-3241.diff with several profile updates:
- add /usr/share/locale-bundle/** to abstractions/base
- allow dnsmask to use /bin/sh (boo#940749) and /bin/dash
- allow dovecot imap to read /run/dovecot/mounts
- allow avahi-daemon to write to /run/systemd/notify
- allow ntpd to read $PATH directory listings (boo#945592, boo#948752)
- update dhclient profile
- allow skype to read @{PROC}/@{pid}/net/dev (boo#939568)
- and some other small updates
- drop upstreamed apparmor-winbindd-r3213.diff (included in the
upstream-profile-updates patch)
- netstat moved to net-tools-deprecated in Tumbleweed (boo#944904)
- add apparmor-winbindd-r3213.diff - add missing k permissions for
/etc/samba/smbd.tmp/msg/* in winbindd profile (boo#921098 #c15..19)
- add fix-initscript-aa_log_end_msg.diff - fixes ugly initscript
output (boo#862170)
- update to AppArmor 2.10 (trunk r3205)
- profile names can now contain variables
- improved profile compile time in apparmor_parser
- lots of improvements, refactoring and bugfixes in the aa-* tools
- new apis for managing and loading profile caches into the kernel in
libapparmor
- lots of profile updates
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_10 for the
complete changelog with more details
- add new apparmor_private.h and the aa_query_label(2), aa_features(3),
aa_kernel_interface(3), aa_policy_cache(3), aa_splitcon(3) manpages
to libapparmor-devel
- drop apparmor-2.5.1-edirectory-profile patch - it's most probably
no longer needed (see boo#621394 for details)
- drop upstreamed samba-4.2-profiles.diff
- refresh apparmor-samba-include-permissions-for-shares.diff
- systemd-rpm-macros and %systemd_requires were at the wrong place,
move them to the parser package (boo#931792)
- update to AppArmor 2.9.2 (2.9 branch r2911)
- lots of bugfixes in the parser and the aa-* tools (including
boo#918787)
- update dovecot and dnsmasq profiles and several abstractions
(including boo#911001)
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_2 for the
full changelog
- remove upstream(ed) patches apparmor-changes-since-2.9.1.diff and
apparmor-fix-stl-ostream.diff
- replace GPG key with new AppArmor GPG signing key, see
https://launchpad.net/apparmor/+announcement/13404
- make sure %service_del_postun doesn't call systemctl try-restart
(boo#853019, bare systemd edition)
- add samba-4.2-profiles.diff: update samba (winbindd and nmb)
profiles for samba 4.2 (boo#921098, boo#923201)
- only install apparmor.service for openSUSE > 13.2
- Add a native systemd unit which *at the moment* only
wraps/masks the early boot script.
- add apparmor-fix-stl-ostream.diff which fixes odd uses of
std::ostream which are not valid. Fixes build with GCC 5
- allow lessopen.sh to run /usr/bin/unzip-plain (boo#906858)
- add Requires: python3 to python3-apparmor package - readline isn't
part of python3-base (boo#917577)
- add apparmor-changes-since-2.9.1.diff with upstream fixes since the
2.9.1 release
- update logparser.py to support changed syslog format (lp#1399027)
- update usr.sbin.dovecot and usr.lib.dovecot.imap{, -login} profiles
(lp#1296667)
- update the mysqld profile
- fix network rule description in apparmor.d(5) manpage
- drop upstreamed dnsmasq-profile-fixes.patch
- update expired GPG key
- update to AppArmor 2.9.1 (2.9 branch r2831)
- fix log parsing for 3.16 kernels and syslog-style logs (boo#905368)
- several fixes and performance improvements in the aa-* utils
- profile updates for dnsmasq (boo#907870), nscd (boo#904620#c14 and
bnc#908856), useradd, sendmail, man and passwd
- see http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_1
for full release notes
- refresh dnsmasq-profile-fixes.patch
- Fix dnsmasq profile to allow executing bash to run the --dhcp-script
argument. Also fixed /usr/lib -> /usr/{lib,lib64} to get libvirt
leasehealper script to run even on x86_64.
dnsmasq-profile-fixes.patch. boo#911001
- rename lessopen.sh profile file to usr.bin.lessopen.sh to match the
script filename
- add apparmor-lessopen-profile.patch: /usr/bin/lessopen.sh needs
confinement. bnc#906858
- delete cache in apparmor-profiles %post (workaround for
bnc#904620#c8 / lp#1392042)
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- fix bashism in post script
- update to AppArmor 2.9.0 (r2759)
- change aa-mergeprof to the final commandline syntax
- lots of bugfixes in the aa-* tools (bnc#900163, lp#1328707 and several
bugs without a formal bugreport)
- small additions to gnome, freedesktop.org, ubuntu-browsers.d/java
and user-mail abstractions
- fix mod_apparmor to not break basic auth
- update perl modules to support signal, unix and ptrace rules (bnc#900013)
- don't warn about rules not supported by the kernel
- fix logging of "/audit capability"/ (lp#1378091)
- add support for the "/hat"/ keyword in apparmor.vim
- build html version of apparmor.vim manpage again (lp#1366572)
- see also http://wiki.apparmor.net/index.php/ReleaseNotes_2_9_0
- update apparmor-abstractions-no-multiline.diff
- remove upstreamed apparmor-profiles-ntpd-pid-location.diff
- argon2
-
- add baselibs.conf as cryptsetup also has 32bit variants
- Update description.
- Update to version 0.0+git20171227.670229c:
* Added ABI version number
* AVX2/AVX-512F optimizations of BLAMKA
* Set Argon2 version number from the command line
* New bindings
* Minor bug and warning fixes (no security issue)
- use _service file
- ship libargon2.pc (bsc#1034441)
- moved argon2-specs.pdf to doc subpackage
- added packaging of man page
- make sure to call cc with -pthread option (implies -lpthread)
- run test suite
- Initial release
- at
-
- change login shell for at user from /bin/bash to /bin/false as it
shouldn't need a valid login shell [jsc#SLE-17611] [bsc#1181576]
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently
- Version update to at 3.1.20 to match latest upstream:
* Pam and selinux implemented upstream
* various tiny fixes
- Rebase patches:
* at-3.1.13-documentation-dir.patch
* at-3.1.13-massive_batch.patch
* at-3.1.14-joblist.patch
* at-3.1.14-parse-suse-sysconfig.patch
* at-3.1.14-usePOSIXtimers.patch
* at-3.1.14.patch
- Drop no longer needed patches:
* at-3.1.13-formatbugs.patch
* at-3.1.13-pam-session-as-root.patch
* at-3.1.13-pam.patch
* at-3.1.13-queue-nice-level.patch
* at-3.1.14-selinux.patch
- add at-3.1.16-handle_malformed_jobs.patch to prevent creation of
the corrupted files and their looping [bnc#945124]
- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX
by the amount of CPUs when comparing to loadavg (bnc#889174)
* added at-adjust_load_to_cpu_count.patch
- Version bump to 3.1.16 to match latest upstream:
* Fix regression for sec-fix in bash we applied in form of patch
till now - deleting at-3.1.15-sane-envkeys.patch
- Sync/split features to be patch specific, modifying:
* at-3.1.13-pam.patch
* at-3.1.14-parse-suse-sysconfig.patch
* at-3.1.14-selinux.patch
- Cleanup with spec-cleaner
- Remove systemd conditional (we do not work on sle11 anyway)
- atd.service: run After=nss-user-lookup.target not after
systemd-user-sessions.service
- atd.service: run After=time-sync.target
- Replace at-sane-envkeys.diff by at-3.1.15-sane-envkeys.patch,
a simpler fix from upstream [bsc#899160]
- at-spi2-core
-
- Ad at-spi2-core-async-session-register.patch: make bus-launcher
session registration more robust (boo#1154582).
- Update to version 2.34.0:
+ Fix a use after free when freeing an event.
+ Clean up handling of the X11 property specifying the bus
address.
+ Update doap.
- Update to version 2.33.92:
+ Now requires meson 0.50.0.
+ License is now LGPL-2.1+.
+ Meson: only link to libdl when it is necessary.
+ Update installation instructions.
+ Clarify atspi_editable_text_insert_text documentation.
+ Do not warn on no reply from pending get_items call.
+ Eliminate some superfluous runtime warnings.
- Require meson >= 0.50.0.
- Set license to LGPL-2.1-or-later.
- Update to version 2.33.90:
+ Refactor the API for the screen reader to notify listeners
of its status.
+ Add a sender to the AtspiEvent struct.
+ Add missing atspi_application_get_type prototype.
+ Support mutter remote desktop interface for synthesizing
keyboard/mouse events (likely still needs work).
- Update to version 2.33.2:
+ Check WAYLAND_DISPLAY, rather than XDG_SESSION_TYPE, to avoid X
connections. Fixes breakage if X is started with startx and
XDG_SESSION_TYPE is unset.
+ X11: also try mod4 and mod5 to generate keysyms.
+ Add ATSPI_ROLE_CONTENT_DELETION and
ATSPI_ROLE_CONTENT_INSERTION.
+ Check for dbus-daemon in /usr/lib (for Solaris).
- Update to version 2.32.1:
+ Fix meson build for meson 0.50.0 and newer.
- Drop at-spi2-core-meson-build-fix.patch: Fixed upstream.
- Add at-spi2-core-meson-build-fix.patch: fix build for meson
0.50.0 (glgo#GNOME/at-spi2-core!9).
- Update to version 2.32.0:
+ Stable release version bump.
- Update to version 2.31.92:
+ Fix atspi_table_cell_get_(row_column)_headers.
+ Update documentation to indicate that extents are only
meaningful when an object has both STATE_VISIBLE and
STATE_SHOWING.
+ Use a consistent style for the meson options.
+ Fix a compiler warning on BSD.
+ Add ScrollSubstringTo and ScrollSubstringToPoint text
interfaces.
- Enable gtk-docs BuildRequires and update options passed to meson.
- Drop unneeded and unused intltool BuildRequires.
- Update to version 2.31.2:
+ Add ScrollSubstringTo and ScrollSubstringToPoint text
interfaces.
- Update to version 2.31.1:
+ Bus launcher: fix an issue where the error wasn't cleared on
failure.
+ Add support for locking/unlocking modifiers.
+ Update error log text for consistency.
+ Documentation clean-ups.
- Drop upstream fixed patches:
+ at-spi2-core-bus-launch-use__linux__.patch.
+ at-spi2-core-generate-pc.patch.
- Update to version 2.30.1:
+ Fix atspi_table_cell_get_(row|column)_header_cells
(bsc#1127792).
- Add at-spi2-core-bus-launch-use__linux__.patch: bus-launch:
use __linux__ over __linux.
- Add at-spi2-core-generate-pc.patch: meson: Generate a pkg-config
file.
- Disable gtk-doc BuildRequires and pass enable_docs=false to
meson. Temp workaround for buildfail when building docs with
meson 0.48.
- Update to version 2.30.0:
+ No changes, stable bump only.
- Update to version 2.29.1:
+ Add dbus-broker support to bus launcher.
+ Add ScrollTo and ScrollToPoint component interfaces.
+ Do not use deprecated GSettings API.
+ Fix various compiler warnings and documentation annotations.
- Update to version 2.28.0:
+ Support building a static library (bgo#793652).
+ Fix build on FreeBSD (bgo#791608).
- Update to version 2.27.92:
+ Dropped autotools support.
+ Documentation: Remove list association from
ATSPI_ROLE_DESCRIPTION_{TERM,VALUE} (bgo#791021).
+ Fix a potential buffer overflow in at-spi-bus-launcher
(bgo#791124).
+ Make the build reproducible (bgo#791167).
- Drop at-spi2-core-bgo791124-buffer-overflow.patch and
at-spi2-core-bgo791167-reproducible-build.patch: fixed upstream.
- Modernize spec-file by calling spec-cleaner
- Add at-spi2-core-bgo791124-buffer-overflow.patch: fix possible
buffer overflow reading dbus address in at-spi-bus-launcher
(boo#1073027, bgo#791124).
- Add at-spi2-core-bgo791167-reproducible-build.patch: use
@basename@ in templates, rather than @filename@; fixes build
reproducibility and multiarch conflict (bgo#791167).
- Switch to using meson buildsystem:
+ Add meson and gtk-doc BuildRequires.
+ Use meson, meson_build and meson_install macros instead of
autotools macros.
+ Drop update-desktop-files BuildRequires and stop using
suse_update_desktop_file macro, no longer needed.
+ Modernize spec, use spec-cleaner.
- Update to version 2.26.2:
+ dist po/meson.build (bgo#789666).
+ Generate correct sonname when building with meson.
- Update to version 2.26.1:
+ Remove unused dependency on libxkbcommon.
+ Various meson build fixes.
+ Updated translations.
- Update package summaries and old RPM macros.
- Update to version 2.26.0:
+ m4/gettext.m4, m4/iconv.m4, m4/lib-ld.m4, m4/lib-link.m4,
m4/lib-prefix.m4, m4/nls.m4, m4/po.m4 and m4/progtest.m4:
Upgrade to gettext-0.19.8.1.
+ configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.19.8.
- Update to version 2.25.92:
+ configure.ac: make xkb optional, as intended.
+ Optionally read the bus adddress from the ATSPI_BUS_ADDRESS
environment variable (bgo#787126).
- Update to version 2.25.91:
+ Meson build files should now be usable, with the exception of
the dist target.
- Update to version 2.25.90:
+ Fix a couple of introspection issues (bgo#784481).
+ atspi_get_a11_bus: don't leak the DBusConnection.
+ Meson fixes.
- Update to version 2.25.4:
+ Fix gir generation with autotools (bgo#783994).
- Update to version 2.25.3:
+ Fix -Wmisleading-indentation warnings.
+ Fix memory leak of at-spi-bus-launcher.
+ Add error-message, error-for, details, and details-for relation
types.
+ Poll direct dbus connections in the main loop--fixes processes
being marked hung and the hung flag never being removed.
+ Add Meson build system.
+ Various build fixes.
- Add pkgconfig(xkbcommon-x11) BuildRequires: new dependency.
- Update to version 2.25.2:
+ Attempt to fix an occasional crash when an application
disappears (bgo#767074).
+ Add some missing roles to correspond with atk (description
list, description term, description value, and footnote).
- Update to version 2.25.1:
+ No changes.
- Update to version 2.24.1:
+ atspi_table_cell_get_position: Don't crash on error.
- Update to version 2.24.0:
+ No changes.
- Update to version 2.23.92:
+ Table cell API fixes (bgo#779835).
- Update to version 2.23.90:
+ Fix an occasional crash when an application is closed
(bgo#767074).
- Update to version 2.23.4:
+ Don't pull in X headers if x11 is disabled (bgo#773710).
+ at-spi-bus-launcher: session management fixes (bgo#774441).
+ events: add recently added page changed event (bgo#719898).
+ roles: EXTENDED roles are deprecated (bgo#720123).
- Update to version 2.22.0:
+ at-spi-bus-launcher: Fix uninitialized variable.
+ Fix return value error in session_manager_connect (bgo#768881).
+ Updated translations.
- Update to version 2.21.4:
+ Fixed a crash in atspi_accessible_clear_cache.
+ Fixed a crash caused by at-spi2-registryd dying.
+ Fixed some session management issues in at-spi-bus-launcher.
- Drop at-spi2-core-session-management.patch: Fixed upstream.
- Update to version 2.21.2:
+ Allow building without Xtst, Xi with --disable-x11.
+ ref_accessible_desktop: don't unref reply until we're finished
with it.
+ Updated translations.
- Update to version 2.21.1:
+ Fix parsing of at-spi-bus-launcher command line arguments
(bgo#765220).
+ Build clean-ups.
- Update at-spi2-core-session-management.patch: fix uninitialized
variable (bsc#984109).
- Add at-spi2-core-session-management.patch: properly register
at-spi-bus-launcher with gnome-session (bsc#984109).
- Drop at-spi2-core-devel Obsolete: the devel package have not
existed since 2009. At the same time, drop rpmlintrc, since it's
not needed anymore.
- Pkgconfig'ify spec file BuildRequires:
+ Replace/Remove: glib2-devel, gobject-introspection-devel,
xorg-x11-devel.
+ Add: pkgconfig(gio-2.0), pkgconfig(glib-2.0),
pkgconfig(gobject-2.0), pkgconfig(gobject-introspection-1.0),
pkgconfig(x11), pkgconfig(xtst), pkgconfig(xi).
- Update to GNOME 3.20.2 Fate#318572
- Update to version 2.20.2:
+ Fixed an invalid memory access when fetching an accessible.
- Update to GNOME 3.20 Fate#318572
- Drop at-spi2-core-null-event-source.patch: fixed upstream.
- Update to version 2.20.1:
+ registryd: avoid crashing with a NULL keystring (bgo#764688).
+ Plug a memory leak in AtspiEventListener (bgo#764688).
- Update to version 2.20.0:
+ No changes.
- Update to version 2.19.92:
+ Support a stateless configuration by default (bgo#763540).
- Update to version 2.19.91:
+ Don't display warnings when connecting to an app that no longer
exists.
- Update to version 2.19.90:
+ Don't display warning if unable to connect when logged in via
ssh (bgo#761600).
+ at-spi-bus-launcher: register with session manager
(bgo#753931).
- Update to version 2.19.2:
+ Disable xevie by default--it probably doesn't do anything
anyhow.
+ get_index_in_parent: Don't crash if parent is defunct.
+ Don't crash when trying to set an invalid state (bgo#757915).
- Update to version 2.19.1:
+ atspi_hyperlink_get_index_range: don't return random values if
the call fails (bgo#755727).
+ Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.3:
+ get_index_in_parent: Don't crash if the parent is defunct.
- Update to version 2.18.2:
+ Really don't crash if we get a children-changed event with a
non-existent child (bgo#755951).
+ Fixed crash during removal of last application in registryd
(bgo#756513).
- Disable xevie when configuring (boo#952011).
- Update to version 2.18.1:
+ Don't crash if we get a children-changed event with a
non-existent child (bgo#755951).
+ atspi_hyperlink_get_index_range: don't return random values if
the call fails (bgo#755727).
+ Fixed some atspi_text_ functions (bgo#755731).
- Update to version 2.18.0:
+ Updated translations.
- Update to version 2.17.90:
+ Modified the cache API to specify an object's index and child
count rather than its children. This eliminates the need for
the application to enumerate its children, improving
performance in some places with large lists (bgo#650090).
- Update to version 2.17.1:
+ Functions shouldn't try to return values (bgo#749330).
+ Fix atspi_table_cell_get_position.
- Update to version 2.16.0:
+ Fix GTK-Doc comment blocks.
+ Updated translations.
- Update to version 2.15.90:
+ Deprecate atspi_text_get_text_{before,at,after}_offset()
(bgo#697969).
+ Add roles for fractions, roots, subscripts, and superscripts
(bgo#743403).
- Update to version 2.15.4:
+ Add names to every timeout (bgo#710644).
+ Remove accessibility.conf from EXTRA_DIST (bgo#742987).
+ Add ATSPI_STATE_READONLY (bgo#690004).
- Update to version 2.15.3:
+ Replace deprecated "/Rename to"/ gtk-doc tag.
+ Fix atspi_table_cell_get_column_span prototype.
- Update to version 2.15.2:
+ Make the documentation of ATSPI's STATE_ACTIVE consistent with
that of ATK's (bgo#740274).
+ Add ATSPI_ROLE_STATIC and update documentation for
ATSPI_ROLE_TEXT (bgo#740340).
+ gi-annotations: get_relation_set returns a array of
AtspiRelation.
- Update to version 2.15.1:
+ Fix some issues with the accessibility bus configuration
(bgo#722738).
+ Documentation for AtspiTableCell is now built.
- Update to version 2.14.1:
+ Docs: add AtspiTableCell.
- attr
-
- Use %license instead of %doc [bsc#1082318]
- remove man5/attr.5, it is now part of man-pages
http://lwn.net/Articles/643559/
- Reduce size of filelist by using wildcards;
remove %doc (some locations are always %doc),
remove %attr (files already have proper permissions)
- remove gpg-offline from bootstrap packages
- Update to new upstream release 2.4.47
* This release fixes two functional bugs related to tree walking
and the return code from getfattr. Also, a number of build system
problems were fixed.
- Remove config-guess-sub-update.patch (no longer applies),
attr-syscalls.patch (resolved differently upstream),
builddefs.in.diff (replaced by logic in specfile)
- Signature verification
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
- Remove unused autoconf and automake build requires
- Add attr-syscalls.patch:
Define attr syscall numbers for aarch64
- Add config-guess-sub-update.patch:
Update confg.guess/sub for aarch64
- update license to new format
- add autoconf as buildrequire to avoid implicit dependency
- Add libattr-devel-static package
- Enable libattr-devel for all baselib arches
- Implement shlib package (libattr1)
- make shared library executable
- upgrade to 2.4.46
- Fix tests
- upgrade to 2.4.45
- OPTIONS in man pages should be a section heading, not a subsection heading
- getfattr: encode NULs properly with --encoding=text
- setfattr.1: document supported encodings of values
- convert the man pages into html
- attr_parse_attr_conf: eliminate a double free
- attr_parse_attr_conf: eliminate a memory leak
- quote: pull in string.h for strchr prototype
- libattr: fix memory leak in attr_copy_action()
- use %_smp_mflags
- add baselibs.conf as a source
- adjust baselibs.conf for SPARC
- fixed implicit strchr() call
- do not package static libraries
- fix -devel package dependencies
- Version bump to 2.4.44
- Stop quoting nonprintable characters in the getfattr output
- More license updates
- audit
-
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- Fix specfile to require libauparse0 and libaudit1 after splitting
audit-libs (bsc#1172295)
- Update to version 2.6.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
* Make systemd support files use /run rather than /var/run (Christian Hesse)
* Fix minor memory leak in auditd kerberos credentials code
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
* In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Remote zos building is now a configurable option.
It should be disabled in audit (and left enabled in audit-secondary).
- Make use of some %make_install.
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
- Update header in audit-python3.patch
- Update patch guidelines in README-BEFORE-ADDING-PATCHES
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
- Update to version 2.8.1 release (includes 2.8 and 2.7.8 changes)
* many features added to auparse_normalize
* cli option added to auditd and audispd for setting config dir
* in auditd, restore the umask after creating a log file
* option added to auditd for skipping email verification
- Full changelog: http://people.redhat.com/sgrubb/audit/ChangeLog
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7 release
Changelog: https://people.redhat.com/sgrubb/audit/ChangeLog
- Create folder for the m4 file from previous commit to avoid install
failure
- Version update to 2.5 release
- Refresh two patches and README to contain SUSE and not SuSE
* audit-allow-manual-stop.patch
* audit-plugins-path.patch
- Cleanup with spec-cleaner and do not use subshells but rather use
- C parameter of make
- Install m4 file to the devel package
- Do not depend on insserv nor fillup; the package provides
neither sysconfig nor sysvinit files
- Update to version 2.4.4 (bsc#941922, CVE-2015-5186)
- Remove patch 'audit-no_m4_dir.patch'
(added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
No idea what earlier 'automake' build error this was trying to fix but
it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- Require pkgconfig for build
Changelog 2.4.4
- Fix linked list correctness in ausearch/report
- Add more cross compile fixups (Clayton Shotwell)
- Update auparse python bindings
- Update libev to 4.20
- Fix CVE-2015-5186 Audit: log terminal emulator escape sequences handling
Changelog 2.4.3
- Add python3 support for libaudit
- Cleanup automake warnings
- Add AuParser_search_add_timestamp_item_ex to python bindings
- Add AuParser_get_type_name to python bindings
- Correct processing of obj_gid in auditctl (Aleksander Zdyb)
- Make plugin config file parsing more robust for long lines (#1235457)
- Make auditctl status print lost field as unsigned number
- Add interpretation mode for auditctl -s
- Add python3 support to auparse library
- Make --enable-zos-remote a build time configuration option (Clayton Shotwell)
- Updates for cross compiling (Clayton Shotwell)
- Add MAC_CHECK audit event type
- Add libauparse pkgconfig file (Aleksander Zdyb)
Changelog 2.4.2
- Ausearch should parse exe field in SECCOMP events
- Improve output for short mode interpretations in auparse
- Add CRYPTO_IKE_SA and CRYPTO_IPSEC_SA events
- If auditctl is reading rules from a file, send messages to syslog (#1144252)
- Correct lookup of ppc64le when determining machine type
- Increase time buffer for wide character numbers in ausearch/report (#1200314)
- In aureport, add USER_TTY events to tty report
- In audispd, limit reporting of queue full messages (#1203810)
- In auditctl, don't segfault when invalid options passed (#1206516)
- In autrace, remove some older unimplemented syscalls for aarch64 (#1185892)
- In auditctl, correct lookup of aarch64 in arch field (#1186313)
- Update lookup tables for 4.1 kernel
- Update to version 2.4.1
Changelog 2.4.1
- Make python3 support easier
- Add support for ppc64le (Tony Jones)
- Add some translations for a1 of ioctl system calls
- Add command & virtualization reports to aureport
- Update aureport config report for new events
- Add account modification summary report to aureport
- Add GRP_MGMT and GRP_CHAUTHTOK event types
- Correct aureport account change reports
- Add integrity event report to aureport
- Add config change summary report to aureport
- Adjust some syslogging level settings in audispd
- Improve parsing performance in everything
- When ausearch outputs a line, use the previously parsed values (Burn Alting)
- Improve searching and interpreting groups in events
- Fully interpret the proctitle field in auparse
- Correct libaudit and auditctl support for kernel features
- Add support for backlog_time_wait setting via auditctl
- Update syscall tables for the 3.18 kernel
- Ignore DNS failure for email validation in auditd (#1138674)
- Allow rotate as action for space_left and disk_full in auditd.conf
- Correct login summary report of aureport
- Auditctl syscalls can be comma separated list now
- Update rules for new subsystems and capabilities
- Drop patch audit-add-ppc64le-mach-support.patch (already upstream)
- audit-secondary
-
- Do not explicitly provide group(audit) in system-users-audit:
this is automatically handled by rpm/providers.
- Create new "/audit"/ group for read access to logs (bsc#1178154)
* add change-default-log_group.patch
* update audit-secondary.spec
- Enable Aarch64 processor support. (bsc#1179515 bsc#1179806)
- prepare usrmerge (boo#1029961)
- Update to version 2.6.5:
* Fix segfault on shutdown
* Fix hang on startup (#1587995)
* Add sleep to script to dump state so file is ready when needed
* Add auparse_normalizer support for SOFTWARE_UPDATE event
* Mark netlabel events as simple events so that get processed quicker
* When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833)
* Add 30-ospp-v42.rules to meet new Common Criteria requirements
* Update lookup tables for the 4.18 kernel
* In aureport, fix segfault in file report
* Add auparse_normalizer support for labeled networking events
* Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194)
* Event aging is off by a second
* In ausearch/auparse, correct event ordering to process oldest first
* auparse_reset was not clearing everything it should
* Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events
* In ausearch/report, lightly parse selinux portion of USER_AVC events
* In ausearch/report, limit record size when malformed
* In auditd, fix extract_type function for network originating events
* In auditd, calculate right size and location for network originating events
* Treat all network originating events as VER2 so dispatcher doesn't format it
* In audisp-remote do an initial connection attempt (#1625156)
* In auditd, allow expression of space left as a percentage (#1650670)
* On PPC64LE systems, only allow 64 bit rules (#1462178)
* Make some parts of auditd state report optional based on config
* Fix ausearch when checkpointing a single file (Burn Alting)
* Fix scripting in 31-privileged.rules wrt filecap (#1662516)
* In ausearch, do not checkpt if stdin is input source
* In libev, remove __cold__ attribute for functions to allow proper hardening
* Add tests to configure.ac for openldap support
* Make systemd support files use /run rather than /var/run (Christian Hesse)
* Fix minor memory leak in auditd kerberos credentials code
* Fix auditd regression where keep_logs is limited by rotate_logs 2 file test
* In ausearch/report fix --end to use midnight time instead of now (#1671338)
- Fix build errors when using gcc-10 no-common default (bsc#1160384)
New patch: audit-fno-common.patch
- Refresh audit-allow-manual-stop.patch
- Reduce scriptlets' hard dependency on systemd.
- Update to version 2.8.4:
* Generate checkpoint file even when not results are returned
(Burn Alting).
* Fix log file creation when file logging is disabled entirely
(Vlad Glagolev).
* Use SIGCONT to dump auditd internal state (rh#1504251).
* Fix parsing of virtual timestamp fields in ausearch_expression
(rh#1515903).
* Fix parsing of uid & success for ausearch.
* Hide lru symbols in auparse.
* Fix aureport summary time range reporting.
* Allow unlimited retries on startup for remote logging.
* Add queue_depth to remote logging stats and increase default
queue_depth size.
- Update to version 2.8.3:
* Correct msg function name in lru debug code.
* Fix a segfault in auditd when dns resolution isn't available.
* Make a reload legacy service for auditd.
* In auparse python bindings, expose some new types that were
missing.
* In normalizer, pickup subject kind for user_login events.
* Fix interpretation of unknown ioctcmds (rh#1540507).
* Add ANOM_LOGIN_SERVICE, RESP_ORIGIN_BLOCK, &
RESP_ORIGIN_BLOCK_TIMED events.
* In auparse_normalize for USER_LOGIN events, map acct for
subj_kind.
* Fix logging of IPv6 addresses in DAEMON_ACCEPT events
(rh#1534748).
* Do not rotate auditd logs when num_logs < 2 (brozs).
- Use %license instead of %doc [bsc#1082318]
- Change openldap dependency to client only (bsc#1085003)
- Resolve issue with previous change if both Python2 and Python3 are
present, tests were failing as python2 bindings are preferred in this
case.
- reverted -j1 force ppc specific only
- Add patch to fix test run without python2 interpreter:
* audit-python3.patch
- Update to 2.8.2 release:
* Update tables for 4.14 kernel
* Fixup ipv6 server side binding
* AVC report from aureport was missing result column header (#1511606)
* Add SOFTWARE_UPDATE event
* In ausearch/report pickup any path and new-disk fields as a file
* Fix value returned by auditctl --reset-lost (Richard Guy Briggs)
* In auparse, fix expr_create_timestamp_comparison_ex to be numeric field
* Fix building on old systems without linux/fanotify.h
* Fix shell portability issues reported by shellcheck
* Auditd validate_email should not use gethostbyname
- force -j1 for PowerPC make check to avoid build failure
(lookup_test.o: file not recognized: File truncated)
- Add conditions around python plugins to allow us to conditionalize
them in enviroment without python2
- Rename python binding packages to match current python packaging
standards
- Update python build dependencies to resolve future split of
python2/3
- Update to version 2.8.1. See audit.spec (libaudit1) for upstream
changelog
- Remove audit-implicit-writev.patch (fixed upstream across 2
commits)
* 3b30db20ad983274989ce9a522120c3c225436b3
* 07132c22314e9abbe64d1031fd8734243285bb3f
- Cleanup with spec-cleaner
- Add audit-implicit-writev.patch: include sys/uio.h to ensure
readv and writev are declared.
- Rectify RPM groups, diversify descriptions.
- Remove mentions of static libraries because they are not built.
- Update to version 2.7.7. See audit.spec (libaudit1) for upstream
changelog
Since commit 6cf57d27 (2.7.4) audit is now started as an non-forking
service (bsc#1042781).
Add config: audit-stop.rules
Refresh patch: audit-allow-manual-stop.patch
Refresh patch: audit-no-gss.patch
- Version update to 2.5. See audit.spec (libaudit1) for upstream
changelog
- Cleanup with spec-cleaner
- Sort out bit /sbin /usr/sbin/ installation
- Install the rules as documentation
- Remove needless %py_requires from python subpkgs
- Update to version 2.4.4. See audit.spec (libaudit1) for upstream
changelog
- Add python3 bindings for libaudit and libauparse
- Remove patch 'audit-no_m4_dir.patch'
(added Fri Apr 26 11:14:39 UTC 2013 by mmeister@suse.com)
No idea what earlier 'automake' build error this was trying to fix but
it broke the handling of "/--without-libcap-ng"/. Anyways, no build error
occurs now and m4 path is also needed in v2.4.4 to find ax_prog_cc_for_build
- augeas
-
- update to 1.10.1:
General changes/additions
New CLI utility 'augmatch' to print the tree for a file and select
some of its contents
New command 'count' in augtool
New function 'not(bool) -> bool' for path expressions
The path expression 'label[. = "/value"/]' can now be written more
concisely as 'label["/value"/]'
API changes
libfa has now a function fa_json to export an FA as a JSON file, and
fa_state_* functions that make it possible to iterate over the FA's
states and transitions. (Pedro Valero Mejia)
Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
aug_ns_path to get the label (with index), the value, the number of
nodes, and the fully qualified path for nodes stored in a nodeset in
a variable efficiently
Lens changes/additions
Grubenv: new lens to process /boot/grub/grubenv (omgold)
Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
(Tomas Meszaros) (Issue #537)
Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
Properties: accept empty comments with DOS line endings (Issue #161)
Rancid: new lens for RANCiD router databases (Matt Dainty)
Resolv: accept empty comments with DOS line endings (Issue #161)
Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
YAML: process a document that is just a sequence (John Vandenberg)
- drop chrpath dependency, the offending dump binary is no longer shipped
- Use %license (boo#1082318)
- Version update to 1.9.0:
- General changes/additions
* Fix error in handling escaped whitespace at the end of path expressions
(addresses CVE-2017-7555)
* several improvements to the error messages when transforming a tree
back to text fails. They now make it clearer what part of the tree
was problematic, and what the tree should have looked like.
* Fixed the pkg-config file, which should now be usable
* Fix handling of backslash-escaping in strings and regular expressions
in the lens language. We used to handle constructs like "//"/ and
//// incorrectly. (Issue #495)
* do not unescape the default value of a del on create; otherwise we are
double unescaping these strings (Issue #507)
* remove tempfile when saving files because destination is not writable
(Issue #479)
* span information is now updated on save (Issue #467)
* fix lots of warnings generated by gcc 7.1
* Various changes to reduce bashisms in tests and make them run on
FreeBSD (Romain Tartière)
- API changes
* add function aug_ns_attr to allow iterating through a nodeset
quickly. See examples/dump.c for an example of how to use them
instead of aug_get, aug_label etc. and for a way to measure
performance gains.
- Lens changes/additions
* Ceph: new lens for /etc/ceph/ceph.conf
* Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
* Dovecot: also load files from /usr/local/etc (Roy Hubbard)
* Exports: relax the rules for the path at the beginning of a line so
that double-quoted paths are legal, too
* Getcap: new lens to parse generic termcap-style capability databases
* Grub: accept toplevel 'boot' entry (Pino Toscano)
* Httpd: handle empty comments with a continuation line (Issue #423);
handle '>"/"/' in a directive properly (Issue #429); make space between
quoted arguments optional (Issue #435); accept quoted strings as part
of bare arguments (Issue #470)
* Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
* Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
* Oz: New lense for /etc/oz/oz.cnf
* postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
* Properties: accept DOS line endings (Issue #468)
* Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
* Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
allow spaces before the # starting a comment; allow comments inside
config statements like 'module'
* Ssh: accept '=' to separate keyword from arguments
* Sshd: split HostKeyAlgorithms into list of values; recognize quoted
group names with spaces in them (Issue #477)
* Sudoers: recognize "/match_group_by_gid"/ (Luigi Toscano) (Issue #482)
* Syslog: allow spaces before the # starting a comment
* Termcap: new lens to parse termcap capability databases (Matt Dainty)
* Vsftpd: accept seccomp_sandbox (Denys Stroebel)
* Xymon: accept 'group-sorted' directive (Issue #462)
- Version update to 1.8.0:
* See the News file for all the details
- Verified it contains fixes for bsc#933210 bsc#975729 bsc#925225
bsc#1023204 CVE-2014-8119
- Version update to 1.6.0:
* See the NEWS file for the details
- Update to version 1.5.0:
- General changes/additions
* augtool: new --timing option that prints after each operation how long
it took
* augtool: print brief help message when incorrect options are given rather
than dumping all help text
* Path expressions: optimize performance of evaluating certain
expressions
* lots of safety improvements in libfa to avoid using uninitialized
values and the like (Daniel Trebbien)
* tolerate building against OSX' libedit (Issue #256)
- API changes
* aug_match: fix a bug where expressions like /foo/*[2] would match a
hidden node and pretend there was no match at all. We now make sure
we never match a hidden node. Thanks to Xavier Mol for reporting the
problem.
* aug_get: make sure we set *value to NULL, even if the provided path is
invalid (Issue #372)
* aug_rm: fix segfault when deleting a tree and one of its ancestors
(Issue #319)
* aug_save: fix segfault when trying to save an invalid subtree. A
routine that was generating details for the error message overflowed
a buffer it had created (Issue #349)
- Lens changes/additions
* AptConf: support hash comments
* AptSources: support options (Issue #295),
support brackets with spaces in URI (GH #296)
rename test file to test_aptsources.aug
* Chrony: allow signed numbers and indentation, fix stray EOL entry,
disallow comment on EOL, add many missing directives and
options (Miroslav Lichvar, RHBZ#1213281)
add new directives and options that were added in
chrony-2.2 and chrony-2.3 and improve parsing of
access configuration (Miroslav Lichvar, Issue #348)
add new options for chrony-2.4 (Miroslav Lichvar)
* Dhclient: avoid put ambiguity for node without value (Issue #294)
* Group: support NIS map, support an overridden and disabled password,
i.e. `+:*::` (Matt Dainty) (Issue #258)
* Host_Conf: support spaces between list items (Cedric Bosdonnat, Issue #358)
* Httpd: add paths to SLES vhosts
(Jan Doleschal) (Issue #268)
parse backslashes in directive arguments (Issue #307)
parse mismatching case of opening/closing tags
parse multiple ending section tags on one line
parse wordlists in braces in SSLRequire directives
parse directive args starting with double quote (Issue #330)
parse directive args containing quotes
support perl directives (Issue #327)
parse line breaks/continuations in section arguments
parse escaped spaces in directive/section arguments
parse backslashes at the start of directive args (Issue #324)
* Inputrc: support $else (Cedric Bosdonnat, Issue #359)
* Interfaces: add support for source-directory (Issue #306)
* Json: add comments support, refactor,
allow escaped quotes and blackslashes
* Keepalived: fix space/tag alignments and hanging spaces,
add vrrp_mcast_group4 and vrrp_mcast_group6,
add more vrrp_instance flags,
add mcast/unicast_src_ip and unicast_peer,
add missing garp options,
add vrrp_script options,
expand vrrp_sync_group block,
allow notify option
(Joe Topjian) (Issue #266)
* Known_Hosts: refactoring and description fixed
* Logrotate: support dateyesterday option (Chris Reeves) (GH #367, #368)
* MasterPasswd: new lens to parse /etc/master.passwd
(Matt Dainty) (Issue #258)
* Multipath: add various missing keywoards (Olivier Mangold) (Issue #289)
* MySQL: include /etc/my.cnf.d/*.cnf (Issue #353)
* Nginx: improve typechecking of lens,
allow masks in IP keys and IPv6 (Issue #260)
add @server simple nodes (Issue #335)
* Ntp: add support for basic interface syntax
* OpenShift_Quickstarts: Use Json.lns
* OpenVPN: add all options available in OpenVPN 2.3o
(Justin Akers) (Issue #278)
* Puppetfile: name separator is not mandatory
add support for moduledir (Christoph Maser)
* Rabbitmq: remove space in option name,
add support for cluster_partitioning_handling,
add missing simple options (Joe Topjian) (Issue #264)
* Reprepro_Uploaders: add support for distribution field
(Mathieu Alorent) (Issue #277),
add support for groups (Issue #283)
* Rhsm: new lens to parse subscription-manager's /etc/rhsm/rhsm.conf
* Rsyslog: improve property filter parsing,
treat whitespace after commas as optional.
recognize '~' as a valid syslog action (discard)
(Gregory Smith) (Issue #282),
add support for redirecting output to named pipes
(Gerlof Fokkema) (Issue #366)
* Shellvars: allow partial quoting, mixing multiple styles
(Kaarle Ritvanen) (Issue #183);
allow wrapping builtin argument to multiple lines
(Kaarle Ritvanen) (Issue #184);
support ;; on same line with multiple commands
(Kaarle Ritvanen) (Issue #185);
allow line wrapping and improve quoting support
(Kaarle Ritvanen) (Issue #187);
accept [] and [[]] builtins (Issue #188);
allow && and || constructs after condition
(Kaarle Ritvanen) (Issue #265);
add pattern nodes in case entries
(BREAKING CHANGE: case entry values are now in a
@pattern subnode) (Kaarle Ritvanen) (Issue #265)
add eval builtin support;
add alias builtin support;
allow (almost) any command;
allow && and || after commands (Issue #215);
allow wrapping command sequences
(Kaarle Ritvanen) (Issue #333);
allow command-specific environment variable
(Kaarle Ritvanen) (Issue #332);
support subshells (Issue #339)
newlines in start of functions
allow newlines after actions
support comments after function name (Issue #339)
exclude SuSEfirewall2 (Cedric Bosdonnat, Issue #357)
* Simplelines: parse OpenBSD's hostname.if(5)
files (Jasper Lievisse Adriaanse) (Issue #252)
* Smbusers: add support for ; comments
* Spacevars: support flags (Issue #279)
* Ssh: add support for HostKeyAlgorithms, KexAlgorithms
and PubkeyAcceptedKeyTypes (Oliver Mangold) (Issue #290),
add support for GlobalKnownHostsFile (Issue #316)
* Star: New lens to parse /etc/default/star
* Sudoers: support for negated command alias
(Geoff Williams) (Issue #262)
* Syslog: recognize '~' as a valid syslog action (discard)
(Gregory Smith) (Issue #282)
* Tmpfiles: new lens to parse systemd's tempfiles.d configuration
files (Julien Pivotto) (Issue #269)
* Trapperkeeper: new lens for Puppet server configuration files
* Util: add comment_c_style_or_hash lens
add empty_any lens
* Vsftpd: add isolate and isolate_network options
(Florian Chazal) (Issue #334)
* Xml: allow empty document (Issue #255)
* YAML: new lens (subset) (Dimitar Dimitrov) (Issue #338)
- Drop upstreamed patches:
27d8457-inputrc-lens-support-mapping-like.patch
2d12670-inputrc-lens-support-else.patch
49bcfbe-Exclude-network-if-up.d-SuSEfirewall2-in-shellvars-l.patch
7558c12-host_conf-lens-spaces-between-list-items-support.patch
- Fix errors showing up in guestfs tools.
Add upstreamed patches:
27d8457-inputrc-lens-support-mapping-like.patch
2d12670-inputrc-lens-support-else.patch
49bcfbe-Exclude-network-if-up.d-SuSEfirewall2-in-shellvars-l.patch
7558c12-host_conf-lens-spaces-between-list-items-support.patch
- Version bump to 1.4.0:
* Loads of bugfixes all around the package
* Read up NEWS file for the detailed changes
- Whitespace
- restore keyring and .sig file, as this is checked by the OBS
source service
- Update to version 1.3.0
+ General changes/additions
* Add missing cp entry in manpage (GH issue #78)
* Add seq to vim syntax highlight (Robert Drake)
* Update augtool.1 man page with new commands and --span, RHBZ#1100077
* augtool autocomplete includes command aliases, RHBZ#1100184
* Remove unused "/filename"/ argument from dump-xml command, RHBZ#1100106
* aug_save returns non-zero result when unable to delete files,
RHBZ#1091143
+ Lens changes/additions
* Aliases: permit missing whitespace between colon and recipients
* AptPreferences: Support spaces in origin fields
* Cgconfig: handle additional valid controllers (Andy Grimm)
* Chrony: New lens to parse /etc/chrony.conf (Pat Riehecky)
* CPanel: New lens to parse cpanel.config files
* Desktop: Allow @ in keys (GH issue #92)
* Device_map: Parse all device.map files under /boot (Mike Latimer)
* Dhclient: Add support for option modifiers (Robert Drake,
GH issue #95)
Parse hash statements with dhcp-eval strings
* Dhcpd: stmt_string quoted blocks no longer store quote marks
(incompatible change),
many changes to support more record types (Robert Drake)
* Group: NIS support (KaMichael)
* Grub: handle "/foreground"/ option, RHBZ#1059383 (Miguel Armas)
* Gshadow: New lens (Lorenzo Catucci)
* Httpd: Allow eol comments after section tags
Allow continued lines inside quoted value (GH issue #104)
Allow comparison operators in tags (GH issue #154)
* IPRoute2: handle "//"/ in protocol name, swap ID and name fields
(incompatible change), RHBZ#1063968,
handle hex IDs and hyphens, as present in
rt_dsfield, RHBZ#1063961
* Iptables: parse /etc/sysconfig/iptables.save, RHBZ#1144651
* Kdump: parse new options, permit EOL comments, refactor, RHBZ#1139298
* Keepalived: Add more virtual/real server settings and checks, RHBZ#1064388
* Known_Hosts: New lens for SSH known hosts files
* Krb5: permit braces in values when not in sub-section, RHBZ#1066419
* Ldso: handle "/hwcap"/ lines (GH issue #100)
* Lvm: support negative numbers, parse /etc/lvm/lvm.conf (Pino Toscano)
* Multipath: add support for rr_min_io_rq (Joel Loudermilk)
* NagiosConfig and NagiosObjects: Fix documentation (Simon Sehier)
* NetworkManager: Use the Quote module, support # in values (no eol comments)
* OpenVPN: Add support for fragment, mssfix, and script-security
(Frank Grötzner)
* Pagekite: New lens (Michael Pimmer)
* Pam: Add partial support for arguments enclosed in [] (Vincent Brillault)
* Passwd: Refactor lens (Lorenzo Catucci)
* Redis: Allow empty quoted values (GH issue #115)
* Rmt: New lens to parse /etc/default/rmt, RHBZ#1100549
* Rsyslog: support complex $template lines, property filters and file
actions with templates, RHBZ#1083016
* Services: permit colons in service name, RHBZ#1121263
* Shadow: New lens (Lorenzo Catucci)
* Shellvars: Handle case statements with same-line ';;', RHBZ#1033799
Allow any kind of quoted values in block
conditions (GH issue #118)
Support $(( .. )) arithmetic expansion in variable
assignment, RHBZ#1100550
* Simplevars: Support flags and empty values
* Sshd: Allow all types of entries in Match groups (GH issue #75)
* Sssd: Allow ; for comments
* Squid: Support configuration files for squid 3 (Mykola Nikishov)
* Sudoers: Allow wuoted string in default str/bool params (Nick Piacentine)
* Syslog: Support "/# !"/ style comments (Robert Drake, GH issue #65)
Permit IPv6 loghost addresses, RHBZ#1129388
* Systemd: Allow quoted Environment key=value pairs, RHBZ#1100547
Parse /etc/sysconfig/*.systemd, RHBZ#1083022
Parse semicolons inside entry values, RHBZ#1139498
* Tuned: New lens for /etc/tuned/tuned-main.conf (Pat Riehecky)
* UpdateDB: New lens to parse /etc/updatedb.conf
(incompatible change as this file used to be processed with
Simplevars)
* Xml: Allow backslash in #attribute values (GH issue #145)
Parse CDATA elements (GH issue #80)
* Xymon_Alerting: refactor lens (GH issue #89)
- Remove the sig and the keyring file as there is no gpg verification
anyway
- Remove augeas-device_map-grub2.patch, fixed on upstream release
- Change desc to describe the "/tools"/ not just the library
bnc#885495.
- Enable tests but "/pass"/ them even with 2 failures.
- Add check phase, comment out as 2 test fails now.
- Clean up with spec-cleaner
- Version bump to 1.2.0:
- API changes
* Add aug_cp and the cp and copy commands
* aug_to_xml now includes span information in the XML dump
- General changes/additions
* Fix documentation link in c_api NaturalDocs menu
* Fix NaturalDocs documentation for various lenses
* src/transform.c (filter_matches): wrap fnmatch to ensure that an incl
pattern containing "///"/ matches file paths, RHBZ#1031084
* Correct locations table for transform_save() (Tomas Hoger)
* Corrections for CVE-2012-0786 tests (Tomas Hoger)
* Fix umask handling when creating new files, RHBZ#1034261
- Lens changes/additions
* Access: support DOMAINuser syntax for users and groups, bug #353
* Authorized_Keys: Allow 'ssh-ed25519' as a valid authorized_key
type (Jasper Lievisse Adriaanse)
* Automounter: Handle hostnames with dashes in them, GH issue #27
* Build: Add combinatorics group
* Cyrus_Imapd: Create new entries without space before separator,
RHBZ#1014974 (Dietmar Kling)
* Desktop: Support square brackets in keys
* Dhclient: Add dhclient.conf path for Debian/Ubuntu (Esteve Fernandez)
* Dhcpd: Support conditionals, GH issue #34
Support a wider variety of allow/deny statement, including
booting and bootp (Yanis Guenane)
Support a wider variety of DHCP allow/deny/ignore statements
(Yanis Guenane)
* Dovecot: Various enhancements and bug fixes (Michael Haslgrübler):
add mailbox to block_names, fix for block_args in quotes,
fix for block's brackets upon write,
fixes broken tests for mailbox,
fixes indention,
test case for block_args with "/,
fixes broken indention
Use Quote module
* Exports: Permit colons for IPv6 client addresses, bug #366
* Grub: Support the 'setkey' and 'lock' directives
NFC fix whitespace errors
Handle makeactive menu command, bug #340
Add 'verbose' option, GH issue #73
* Interfaces: Add in support for the source stanza in
/etc/network/interfaces files
Map bond-slaves and bridge-ports to arrays (incompatible
change) (Kaarle Ritvanen)
Add /etc/network/interfaces.d/* support
Allow numeric characters in stanza options (Pascal Lalonde)
* Koji: New lens to parse Koji configs (Pat Riehecky)
* MongoDBServer: Accept quoted values (Tomas Klouda)
* NagiosCfg: Do not try to parse /etc/nagios/nrpe.cfg anymore, GH issue #43
/etc/nagios/nrpe.cfg is parsed by Nrpe (Yanis Guenane)
* Nagiosobjects: Add support for optional spaces and indents
and whole-line comments (Sean Millichamp)
* OpenVPN: Support daemon, client-config-dir, route, and management
directives (Freakin https://github.com/Freakin)
* PHP: allow php-fpm syntax in keys, GH issue #35
* Postfix_Main: Handle stray whitespace at end of multiline lines, bug #348
* Postfix_virtual: allow '+' and '=' in email addresses (Tom Hendrikx)
* Properties: support multiline starting with an empty string, GH issue #19
* Samba: Permit asterisk in key name, bug #354
* Shellvars: Read /etc/firewalld/firewalld.conf, bug #363
Support all types of quoted strings in arrays, bug #357
Exclude /etc/sysconfig/ip*tables.save files
* Shellvars, Sysconfig: map "/bare"/ export and unset lines to seq numbered
nodes to handle multiple variables (incompatible change), RHBZ#1033795
* Shellvars_list: Handle backtick variable assignments, bug #368
Allow end-of-line comments, bug #342
* Simplevars: Add /etc/selinux/semanage.conf
* Slapd: use smart quotes for database entries; rename by/what to by/access;
allow access to be absent as per official docs (incompatible change)
* Sshd: Indent Match entries by 2 spaces by default
Support Ciphers and KexAlgorithms groups, GH issue #69
Let all special keys be case-insensitive
* Sudoers: Permit underscores in group names, bug #370 (Matteo Cerutti)
Allow uppercase characters in user names, bug #376
* Sysconfig: Permit empty comments after comment lines, RHBZ#1043636
* Sysconfig_Route: New lens for RedHat's route configs
* Syslog: Accept UDP(@) and TCP(@@) protocol, bug #364 (Yanis Guenane)
* Xymon_Alerting: New lens for Xymon alerting files (François Maillard)
* Yum: Add yum-cron*.conf files (Pat Riehecky)
Include only *.repo files from yum.repos.d (Andrew N Golovkov)
Permit spaces after equals sign in list options, GH issue #45
Split excludes as lists, bug #275
- device_map lense: Find device.map in any dir beneath /boot (bnc#875086)
augeas-device_map-grub2.patch
- download url changed, also added keyring and .sig ring
- Update to version 1.1.0
- Handle files with special characters in their name, bug #343
- Fix type error in composition ('f; g') of functions, bug #328
- Improve detection of version script; make build work on Illumos with
GBU ld (Igor Pashev)
- augparse: add --trace option to print filenames of all modules being
loaded
- Various lens documentation improvements (Jasper Lievisse Adriaanse)
- Lens changes/additions
- ActiveMQ_*: new lens for ActiveMQ/JBoss A-MQ (Brian Harrington)
- AptCacherNGSecurity: new lens for /etc/apt-cacher-ng/security.conf
(Erik Anderson)
- Automaster: accept spaces between options
- BBHosts: support more flags and downtime feature (Mathieu Alorent)
- Bootconf: new lens for OpenBSD's /etc/boot.conf (Jasper Adriaanse)
- Desktop: Support dos eol
- Dhclient: read /etc/dhclient.conf used in OpenBSD (Jasper Adriaanse)
- Dovecot: New lens for dovecot configurations (Serge Smetana)
- Fai_Diskconfig: Optimize some regexps
- Fonts: exclude all README files (Jasper Adriaanse)
- Inetd: support IPv6 addresses, bug #320
- IniFile: Add lns_loose and lns_loose_multiline definitions
Support smart quotes
Warning: Smart quotes support means users should not add
escaped double quotes themselves. Tests need to be fixed
also.
Use standard Util.comment_generic and Util.empty_generic
Warning: Existing lens tests must be adapted to use standard
comments and empty lines
Allow spaces in entry_multiline* values
Add entry_generic and entry_multiline_generic
Add empty_generic and empty_noindent
Let multiline values begin with a single newline
Support dos eol
Warning: Support for dos eol means existing lenses usually
need to be adapted to exclude r as well as n.
- IPRoute2: Support for iproute2 files (Davide Guerri)
- JaaS: lens for the Java Authentication and Authorization Service
(Simon Vocella)
- JettyRealm: new lens for jetty-realm.properties (Brian Harrington)
- JMXAccess, JMXPassword: new lenses for ActiveMQ's JMX files
(Brian Harrington)
- Krb5: Use standard comments and empty lines
Support dos eol
Improve performance
Accept pkinit_anchors (Andrew Anderson)
- Lightdm: Use standard comments and empty lines
- LVM: New lens for LVM metadata (Gabriel)
- Mdadm_conf: optimize some regexps
- MongoDBServer: new lens (Brian Harrington)
- Monit: also load /etc/monitrc (Jasper Adriaanse)
- MySQL: Use standard comments and empty lines
Support dos eol
- NagiosCfg: handle Icinga and resources.cfg (Jasper Adriaanse)
- Nrpe: accept any config option rather than predefined list (Gonzalo
Servat); optimize some regexps
- Ntpd: new lense for OpenNTPD config (Jasper Adriaanse)
- Odbc: Use standard comments and empty lines
- Openshift_*: new lenses for Openshift support (Brian Harrington)
- Quote: allow multiple spaces in quote_spaces; improve docs
- Passwd: allow period in user names in spec, bug #337; allow overrides
in nisentry
- PHP: Support smart quotes
Use standard comments and empty lines
Load /etc/php*/fpm/pool.d/*.conf (Enrico Stahn)
- Postfix_master: allow [] in words, bug #345
- Resolv: support 'lookup' and 'family' key words, bug #320
(Jasper Adriaanse))
- Rsyslog: support :omusrmsg: list of users in actions
- RX: add CR to RX.space_in
- Samba: Use standard comments and empty lines
Support dos eol
- Schroot: Support smart quotes
- Services: support port ranges (Branan Purvine-Riley)
- Shellvars: optimize some regexps; reinstate /etc/sysconfig/network,
fixes bug #330, RHBZ#904222, RHBZ#920609; parse /etc/rc.conf.local
from OpenBSD
- Sip_Conf: New lens for sip.conf configurations (Rob Tucker)
- Splunk: new lens (Tim Brigham)
- Subversion: Support smart quotes
Use standard comments and empty lines
Use IniFile.entry_multiline_generic
Use IniFile.empty_noindent
Support dos eol
- Sudoers: allow user aliases in specs
- Sysctl: exclude README file
- Systemd: Support smart quotes; allow backslashes in values
- Xinetd: handle missing values in list, bug #307
- Xorg: allow 'Screen' in Device section, bug #344
- Yum: Support dos eol, optimize some regexps
- update to 1.0.0
- drop bnc-729491-recognize-suse-sysconfig-files.patch:
upstream ShellVars lense now uses /etc/sysconfig/* include filter
- drop patches, now upstream: augeas-pkgdeps.diff, augeas-stdio.h.patch
- license update: GPL-3.0+ and LGPL-2.1+
semicolon is ambiguous
- Fix build with missing gets declaration (glibc 2.16)
- Ensure libxml2 is present in .pc file
- update to 0.10.0
- support relative paths by taking them relative to the value of
/augeas/context in all API functions where paths are used
- add aug_to_xml to API: transform tree(s) into XML, exposed as dump-xml in
aug_srun and augtool. Introduces dependency on libxml2
- fix regular expression escaping. Previously, /[/]/ match either a backslash
or a slash. Now it only matches a slash
- path expressions: add function 'int' to convert a node value (string) to an
integer
- path expressions: make sure the regexp produced by empty nodesets from
regexp() and glob() matches nothing, rather than the empty word
- fix --autosave when running single command from command line, BZ 743023
- aug_srun: support 'insert' and 'move' as aliases for 'ins' and 'mv'
- aug_srun: allow escaping of spaces, quotes and brackets with + - aug_init: accept AUG_NO_ERR_CLOSE flag; return augeas handle even when
initialization fails so that caller gets some details about why
initialization failed
- aug_srun: tolerate trailing white space in commands
- much improved, expanded documentation of many lenses
- always interpret lens filter paths as absolute, bug #238
- fix bug in libfa that would incorrectly calculate the difference of a case
sensistive and case insensitive regexp (/[a-zA-Z]+/ - /word/i would match
'worD')
- new builtin 'regexp_match' for .aug files to make testing regexp matching
easier during development
- fix 'span' command, bug #220
- Lens changes/additions
* Access: parse user@host and (group) in users field; field separator need
not be surrounded by spaces
* Aliases: allow spaces before colons
* Aptconf: new lens for /etc/apt/apt.conf
* Aptpreferences: support origin entries
* Backuppchosts: new lens for /etc/backuppc/hosts, bug 233 (Adam Helms)
* Bbhosts: various fixes
* Cgconfig: id allowed too many characters
* Cron: variables aren't set like shellvars, semicolons are allowed in
email addresses; fix parsing of numeric fields, previously upper case
chars were allowed; support ranges in time specs
* Desktop: new lens for .desktop files
* Dhcpd: slashes must be double-quoted; add Red Hat's dhcpd.conf locations
* Exports: allow empty options
* Fai_diskconfig: new lens for FAI disk_config files
* Fstab: allow ',' in file names, BZ 751342
* Host_access: new lens for /etc/hosts.{allow,deny}
* Host_conf: new lens for /etc/host.conf
* Hostname: new lens for /etc/hostname
* Hosts: also load /etc/mailname by default
* Iptables: allow digits in ipt_match keys, bug #224
* Json: fix whitespace handling, removing some cf ambiguities
* Kdump: new lens for /etc/kdump.conf (Roman Rakus)
* Keepalived: support many more flags, fields and blocks
* Krb5: support [pam] section, bug #225
* Logrotate: be more tolerant of whitespace in odd places
* Mdadm_conf: new lens for /etc/mdadm.conf
* Modprobe: Parse commands in install/remove stanzas (this introduces a
backwards incompatibility); Drop support for include as it is not documented
in manpages and no unit tests are shipped.
* Modules: new lens for /etc/modules
* Multipath: add support for seveal options in defaults section, bug #207
* Mysql: includedir statements are not part of sections; support !include;
allow indentation of entries and flags
* Networks: new lens for /etc/networks
* Nrpe: allow '=' in commands, bug #218 (Marc Fournier)
* Php: allow indented entries
* Phpvars: allow double quotes in variable names; accept case insensitive
PHP tags; accept 'include_once'; allow empty lines at EOF; support define()
and bash-style and end-of-line comments
* ostfix_master: allow a lot more chars in words/commands, including commas
* PuppetFileserver: support same-line comments and trailing whitespace,
bug #214
* Reprepo_uploaders: new lens for reprepro's uploaders files
* Resolv: permit end-of-line comments
* Schroot: new lens for /etc/schroot/schroot.conf
* Shellvars: greatly expand shell syntax understood; support
various syntactic constructs like if/then/elif/else, for, while,
until, case, and select; load /etc/blkid.conf by default
* Spacevars: add toplevel lens 'lns' for consistency
* Ssh: new lens for ssh_config (Jiri Suchomel)
* Stunnel: new lens for /etc/stunnel/stunnel.conf (Oliver Beattie)
* Sudoers: support more parameter flags/options, bug #143
* Xendconfsxp: lens for Xen configuration (Tom Limoncelli)
* Xinetd: allow spaces after '{'
- update modprobe lens patch to apply on 0.10.0
- update shellvars lens patch to add some missing files on SUSE
distros mentioned in bnc#729491
- Remove rednudant tags/sections from specfile
- Patch shellvars.aug to recognize SUSE specific files in
sysconfig (bnc#729491)
- move lenses from /usr/share/libaugeas0/augeas
to /usr/share/augeas (bnc#719199)
- move vim lenses syntax files from -lenses to -devel package
- Remove redundant tags/sections from specfile
- Add augeas-devel to baselibs
- update to 0.9.0:
- augtool: keep history in ~/.augeas/history
- add aug_srun API function; this makes it possible to run a sequence of
commands through the API
- aug_mv: report error AUG_EMVDESC on attempts to move a node into one of
its descendants
- path expressions: allow whitespace inside names, making '/files/etc/foo
bar/baz' a legal path, but parse [expr1 or expr2] and [expr1 and expr2]
as the logical and/or of expr1 and expr2
- path expressions: interpret escape sequences in regexps; since '.' does
not match newlines, it has to be possible to write '.|n' to match any
character
- path expressions: allow concatenating strings and regexps; add
comparison operator '!~'; add function 'glob'; allow passing a nodeset
to function 'regexp'
- store the names of the functions available in path expressions under
/augeas/version
- fix several smaller memory leaks
- Lens changes/additions
* Aliases: allow spaces and commas in aliases (Mathieu Arnold)
* Grub: allow "/bootfs"/ Solaris/ZFS extension for dataset name, bug #201
(Dominic Cleal); allow kernel path starting with a BIOS device,
bug #199
* Inifile: allow multiline values
* Php: include files from Zend community edition, bug #210
* Properties: new lens for Java properties files, bug #194 (Craig Dunn)
* Spacevars: autoload two ldap files, bug #202 (John Morrissey)
* Sudoers: support users:groups format in a Runas_Spec line, bug #211;
add CSW paths (Dominic Cleal)
* Util: allow comment_or_eol to match whitespace-only comments,
bug #205 (Dominic Cleal)
* Xorg: accept InputClass section; autoload from /etc/X11/xorg.conf.d,
bug #197
- fate#311042: Update augeas packages for latest puppet support
in SLE-11
- update to 0.8.1
* augtool: respect autosave flag in oneshot mode, bug #193;
fix segfault caused by unmatched bracket in path expression,
bug #186
* eliminate a global variable in the lexer, fixes BZ 690286
* replace an erroneous assert(0) with a proper error message when
none of the alternatives in a union match during saving,
bug #183
* improve AIX support
* Lens changes/additions
* Access: support the format @netgroup@@nisdomain, bug #190
* Fstab: fix parsing of SELinux labels in the fscontext option
* Grub: support 'device' directive for UEFI boot, bug #189; support
'configfile' and 'background'
* Httpd: handle continuation lines; autoload httpd.conf on
Fedora/RHEL, BZ 688149; fix support for single-quoted
strings
* Iptables: support --tcp-flags, bug #157; allow blank and comment
lines anywhere
* Mysql: include /etc/my.cnf used on Fedora/RHEL, BZ 688053
* NagiosCfg: parse setting multiple values on one line
* NagiosObjects: process /etc/nagios3/objects/*.cfg
* Nsswitch: support 'sudoers' as a database, bug #187
* Shellvars: autoload /etc/rc.conf used in FreeBSD
* Sudoers: support '#include' and '#includedir', bug #188
* Yum: exclude /etc/yum/pluginconf.d/versionlock.list
- changes for 0.8.0
* add new 'square' lens combinator
* add new aug_span API function
* augtool: short options for --nostdinc, --noload, and --noautoload
* augtool: read commands from tty after executing file with --interactive
* augtool: add --autosave option
* augtool: add --span option to load nodes' span
* augtool: add span command to get the node's span according to the input
file
* augtool: really be quiet when we shouldn't be echoing
* fix segfault in get.c with L_MAYBE lens; bug #180
* fix segfault when a path expression called regexp() with an invalid
regexp; bug #168
* improved vim syntax file
* replace augtest by test-augtool.sh to obviate the need for Ruby to run
tests
* use sys_wait module from gnulib; bug #164
* Lens changes/additions
* Access: new lens for /etc/security/access.conf
* Crypttab: new lens for /etc/crypttab
* Dhcpd: new lens
* Exports: accept hostnames with dashes; bug #169
* Grub: add various Solaris extensions; support "/map"/ entries,
bug #148
* Httpd: new lens for Apache config
* Inifile: new lens indented_title_label
* Interfaces: allow indentation for "/iface"/ entries; bug #182
* Mysql: change default comment delimiter from ';' to '#'; bug #181
* Nsswitch: accept various add'l databases; bug #171
* PuppetFileserver: new lens for Puppet's fileserver.conf
* REsolv: allow comments starting with ';'; bug #173
* Shellvars: autoload various snmpd config files; bug #170
* Solaris_system: new lens for /etc/system on Solaris
* Util (comment_c_style, empty_generic, empty_c_style): new lenses
* Xml: generic lens to process XML files
* Xorg: make "/position"/ in "/screen"/ optional; allow "/Extensions"/
section; bug #175
- add baselibs.conf
- update to 0.7.4
* augtool: new clearm command to parallel setm
* augtool: add --file option
* Fix SEGV under gcc 4.5, caused by difficulties of the gcc
optimizer handling bitfields (bug #149; rhbz #651992)
* Preserve parse errors under /augeas//error: commit 5ee81630,
released in 0.7.3, introduced a regression that would cause
the loss of parse errors; bug #138
* Avoid losing already parsed nodes under certain circumstances;
bug #144
* Properly record the new mtime of a saved file; previously the
mtime in the tree was reset to 0 when a file was saved, causing
unnecessary file reloads
* fix a SEGV when using L_MAYBE in recursive lens; bug #136
* Incompatible lens changes
* Fstab: parse option values
* Squid: various improvements, see bug #46;
* Xinetd: map service names differently
* Lens changes/additions
* Aptsources: map comments properly, allow indented lines;
bug #151
* Grub: add indomU setting for Debian.
Allow '=' as separator in title; bug #150
* Fstab: also process /etc/mtab
* Inetd: support rpc services
* Iptables: allow underscore in chain names
* Keepalived: new lens for /etc/keepalived/keepalived.conf
* Krb5: allow digits in realm names; bug #139
* Login_defs: new lens for /etc/login.defs
(Erinn Looney-Triggs)
* Mke2fs: new lens for /etc/mke2fs.conf
* Nrpe: new lens for Nagios nrpe (Marc Fournier)
* Nsswitch: new lens for /etc/nsswitch.conf
* Odbc: new lens for /etc/odbc.ini (Marc Fournier)
* Pg_hba: New lens; bug #140 (Aurelien Bompard).
Add system path on Debian; bug #154 (Marc Fournier)
* Postfix_master: parse arguments in double quotes; bug #69
* Resolv: new lens for /etc/resolv.conf
* Shells: new lens for /etc/shells
* Shellvars: parse ulimit builtin
* Sudoers: load file from /usr/local/etc (Mathieu Arnold)
Allow 'visiblepw' parameter flag; bug #143. Read files from
/etc/sudoers.d
* Syslog: new lens for /etc/syslog.conf (Mathieu Arnold)
* Util: exclude dpkg backup files; bug #153 (Marc Fournier)
* Yum: accept continuation lines for gpgkey; bug #132
- added patch for allow_unsupported_modules command in modprobe.d conf files
- added vim files symlinks for lens syntax files
- fixed a few rpmlint warnings (fixed rpm group, no ldconfig run)
* Update to 0.7.3
* ug_load: only reparse files that have actually changed; greatly
speeds up reloading
* record all variables in /augeas/variables, regardless of whether
they were defined with aug_defvar or aug_defnode; make sure
/augeas/variables always exists
* redefine all variables (by reevaluating their corresponding
expressions) after a aug_load. This makes variables 'sticky'
across loads
* fix behavior of aug_defnode to not fail when the expression
evaluates to a nonempty node set
* make gnulib a git submodule so that we record the gnulib commit
off which we are based
* allow 'let rec' with non-recursive RHS
* fix memory corruption when reloading a tree into which a
variable defined by defnode points (BZ 613967)
* plug a few small memory leaks, and some segfaults
* Lens changes/additions
* Device_map: new lens for grub's device.map (Matt Booth)
* Limits: also look for files in /etc/security/limits.d
* Mysql: new lens (Tim Stoop)
* Shellvars: read /etc/sysconfig/suseconfig (Frederik Wagner)
* Sudoers: allow escaped spaces in user/group names (Raphael Pinson)
* Sysconfig: lens for the shell subdialect used in /etc/sysconfig;
lens strips quotes automatically
* 0.7.2 - 2010-06-22
* new API call aug_setm to set/create multiple nodes simultaneously
* record expression used in a defvar underneath /augeas/variables
* Lens changes/additions
* Group: add test for disabled account (Raphael Pinson)
* Grub: handle comments within a boot stanza
* Iptables: also look for /etc/iptables-save (Nicolas Valcarcel)
* Modules_conf: new lens for /etc/modules.conf (Matt Booth)
* Securetty: added handling of emtpy lines/comments (Frederik Wagner)
* Shellvars: added SuSE sysconfig puppet files (Frederik Wagner),
process /etc/environment (seph)
* Shellvars_list: Shellvars-like lens that treats strings of
space-separated words as lists (Frederik Wagner)
* 0.7.1 - 2010-04-21
* fix crash when recursive lens was used in a nonrecursive lens (bug #100)
* context free parser/recursive lenses: handle 'l?' properly (bug #119);
distinguish between successful parse and parse with an error at end of
input; do caller filtering to avoid spurious ambiguous parses with
grammars containing epsilon productions
* aug_get: return -1 when multiple nodes match (bug #121)
* much better error message when iteration stops prematurely during
put/create than the dreaded 'Short iteration'
* src/lens.c (lns_check_rec): fix refcounting mistake on error path (bug #120)
* Lens changes/additions
* Approx: lens and test for the approx proxy server (Tim Stoop)
* Cgconfig: lens and tests for libcgroup config (Ivana Hutarova Varekova)
* Cgrules: new lens and test (Ivana Hutarova Varekova)
* Cobblermodules: lens + tests for cobbler's modules.conf (Shannon Hughes)
* Debctrl: new lens and test (Dominique Dumont)
* Dput: add 'allow_dcut' parameter (bug #105) (Raphael Pinson)
* Dhclient: add rfc code parsing (bug #107) (Raphael Pinson)
* Group: handle disabled passwords
* Grub: support empty kernel parameters, Suse incl.s (Frederik Wagner)
* Inittab: allow ':' in the process field (bug #109)
* Logrotate: tolerate whitespace at the end of a line (bug #101); files
can be separated by newlines (bug #104) (Raphael Pinson)
* Modprobe: Suse includes (Frederik Wagner)
* Nagisocfg: lens and test for /etc/nagios3/nagios.cfg (Tim Stoop)
* Ntp: add 'tinker' directive (bug #103)
* Passwd: parse NIS entries on Solaris
* Securetty: new lens and test for /etc/securetty (Simon Josi)
* Shellvars: handle a bare 'export VAR'; Suse includes (Frederik
Wagner); allow spaces after/before opening/closing parens for array
* Sudoers: allow del_negate even if no negate_node is found (bug #106)
(Raphael Pinson); accept 'secure_path' (BZ 566134) (Stuart
Sears)
* 0.7.0 - 2010-01-14
* Support for context-free lenses via the 'let rec' keyword. The syntax
is experimental, though the feature is here to stay. See
lenses/json.aug for an example of what's possible with that.
* Support for case-insensitive regular expressions. Simply append 'i' to
a regexp literal to make it case-insensitive, e.g. /hello/i will match
all variations of hello, regardless of case.
* Major revamp of augtool. In particular, path expressions don't need to
be quoted anymore. The online help has been greatly improved.
* Check during load/save that each file is only matched by one transform
under /augeas/load. If there are multiple transforms for a file, the
file is skipped.
* New error codes AUG_ENOLENS and AUG_EMXFM
* Do not choke on non-existing lens during save
* Change the metadata for files under /augeas/files slightly: the node
/augeas/files/$PATH/lens now has the name of the lens used to load the
file; the source location of that lens has moved to
/augeas/files/$PATH/lens/info
* New public functions fa_nocase, fa_is_nocase, and fa_expand_nocase in
libfa
* Various smaller bug fixes, performance improvements and improved error
messages
* Lens changes/additions
* Cobblersettings: new lens and test (Bryan Kearney)
* Iptables: allow quoted strings as arguments; handle both negation
syntaxes
* Json: lens and tests for generic Json files
* Lokkit: allow '-' in arguments
* Samba: accept entry keys with ':' (Partha Aji)
* Shellvars: allow arrays that span multiple lines
* Xinetd (name): fix bad '-' in character class
* 0.6.0 - 2009-11-30
* Add error reporting API (aug_error and related calls); use to report
error details in a variety of places
* Path expressions: add regexp matching; add operator '|' to form union
of nodesets (ticket #89)
* Tolerate non-C locales from the environment (ticket #35); it is no
longer necessary to set the locale to C from the outside
* use stpcpy/stpncpy from gnulib (needed for building on Solaris)
* Properly check regexp literals for syntax errors (ticket #93)
* Distribute and install vim syntax files (ticket #97)
* many more bugfixes
* Lens changes/additions
* Apt_preferences: support version pin; filter out empty lines (Matt
Palmer)
* Cron: variables can contain '_' etc. (ticket #94)
* Ethers: new lens for /etc/ethers (Satoru SATOH)
* Fstab: allow '#' in spec (ticket #95)
* Group: allow empty password field (ticket #95)
* Inittab: parse end-of-line comments into a #comment
* Krb5: support kdc section; add v4_name_convert subsection to
libdefaults (ticket #95)
* Lokkit: add mising eol to forward_port; make argument for --trust
more permissive
* Pam: allow '-' before type
* Postfix_access: new lens for /etc/postfix/access (Partha Aji)
* Rx: allow '!' in device_name
* Sudoers: allow certain backslash-quoted characters in a command (Matt
Palmer)
* Wine: new lens to read Windows registry files
* 0.5.3 - 2009-09-14
* Match trees on label + value, not just label; see
tests/modules/pass_strip_quotes.aug for how that enables stripping
quotes
* Do not trip over symlinks to files on a different device during save;
fixes problems with writing to /etc/grub.conf on Fedora/RHEL
* API (defnode): always add the newly created node into the resulting
nodeset
* Add preceding-sibling and following-sibling axes to path expressions
* augtool, augparse: add --version option (bug #88)
* Change file info recorded under /augeas/files/FILE/*: remove lens/id
and move lens/info to lens
* Properly record new files under /augeas/files (bug #78)
* aug_load: clean up variables to avoid dangling references (bug #79)
* Make Augeas work on AIX
* Ignore anything but regular files when globbing
* Add 'clear' function to language for use in unit tests
* typechecker: print example trees in tree format
* libfa: properly support regexps with embedded NUL's
* Lens changes/additions
* Xorg: revamped, fixes various parse failures (Matt Booth)
* Inetd: new lens and test (Matt Palmer)
* Multipath: new lens and test
* Slapd: also read /etc/openldap.slapd.conf (bug #85)
* 0.5.2 - 2009-07-13
* Make Augeas work on Mac OS/X (bug #66) (Anders Bjoerklund)
* reduce symbols exported from libfa with linker script
* add --echo option to augtool
* require Automake 1.11 (Jim Meyering)
* avoid spurious save attempts for freshly read files
* Lens changes/additions
* Inittab: schema change: use 'id' field as name of subtree for a line,
instead of a generated number. Map comments as '#comment' (Matt Palmer)
* Logrotate: make owner/group in create statement optional, allow
filenames to be indented
* Ntp: allow additional options for server etc. (bug #72)
* Shellvars: allow backticks as quote characters (bug #74)
* Yum: also read files in /etc/yum/pluginconf.d (Marc Fournier)
* 0.5.1 - 2009-06-09
* augeas.h: flag AUG_NO_MODL_AUTOLOAD suppresses initial loading
of modules; exposed as --noautoload in augtool
* augtool: don't prompt when input is not from tty (Raphael Pinson)
* augparse: add --notypecheck option
* path expressions: allow things like '/foo and /bar[3]' in predicates
* Lens changes/additions
* Aliases: map comments as #comment (Raphael Pinson)
* Build, Rx, Sep: new utility modules (Raphael Pinson)
* Cron: new lens (Raphael Pinson)
* Dnsmasq: process files in /etc/dnsmasq.d/* (ticket #65)
* Grub: parse kernel and module args into separate nodes; parse
arguments for 'serial', 'terminal', and 'chainloader'; allow
optional argument for 'savedefault'
* Interfaces: make compliant with actual Debian spec (Matt Palmer)
* Iptables: relax regexp for chain names; allow comment lines mixed
in with chains and rules (ticket #51)
* Logrotate: allow '=' as separator (ticket #61); make newline at end
of scriptlet optional
* Modprobe: handle comments at end of line
* Ntp: parse fudge record (Raphael Pinson); parse all directives in
default Fedora ntp.conf; process 'broadcastdelay', 'leapfile',
and enable/disable flags (ticket #62)
* Pbuilder: new lens for Debian's personal builder (Raphael Pinson)
* Php: add default path on Fedora/RHEL (Marc Fournier)
* Squid: handle indented entries (Raphael Pinson)
* Shellvars: map 'export' and 'unset'; map comments as #comment
(Raphael Pinson)
* Sudoers: allow backslashes inside values (ticket #60) (Raphael Pinson)
* Vsftpd: map comments as #comment; handle empty lines; find
vsftpd.conf on Fedora/RHEL
* Xinetd: map comments as #comment (Raphael Pinson)
- enable parallel building
* Update to 0.5.0
* Upstream notes:
Clean up interface for libfa; the interface is now considered stable
* New aug_load API call; allows controlling which files to load by
modifying /augeas/load and then calling aug_load; on startup, the
transforms marked with autoload are reported under /augeas/load
* New flag AUG_NO_LOAD for aug_init to keep it from loading files on
startup; add --noload option to augtool
* New API calls aug_defvar and aug_defnode to define variables for
path expressions; exposed as 'defvar' and 'defnode' in augtool
* New program examples/fadot to draw various finite automata (Francis
Giraldeau)
* Report line number and character offset in the tree when parsing a
file with a lens fails
* Fix error in propagation of dirty flag, which could lead to only
parts of a tree being saved when multiple files were modified
* Flush files to disk before moving them
* Fix a number of memory corruptions in the XPath evaluator
* Several performance improvements in libfa
* Lens changes/additions
* Grub: process embedded comments for update-grub (Raphael Pinson)
* Iptables: new lens for /etc/sysconfig/iptables
* Krb5: new lens for /etc/krb5.conf
* Limits: map dpmain as value of 'domain' node, not as label
(Raphael Pinson)
* Lokkit: new lens for /etc/sysconfig/system-config-firewall
* Modprobe: new lens for /etc/modprobe.d/*
* Sudoers: more finegrained parsing (ticket #48) (Raphael Pinson)
* Update to 0.4.2
* Moved lense tests into separate package 'augeas-lense-tests'
* Added augeas-lenses-license-fix patch
* Upstream notes:
* Do not delete files that had an error upon parsing
* For Fedora/EPEL RPM's, BuildRequire libselinux-devel (bug #26)
* In path expressions, the meaning of '<' and '<=' was reversed
* Always create an entry /files in aug_init
* New builtin 'Sys' module with functions 'getenv' and 'read_file',
the latter reads a the contents of a file into a string
* Lens changes/additions
* Postfix_main: handle continuation lines
* Bbhosts, Hosts, Logrotate, Sudoers: label comment nodes as '#comment'
* Sshd: map comments as '#comment' nodes
* Squid: add all keywords from squid 2.7 and 3 (Francois Deppierraz)
* Logrotate: process unit suffixes for 'size' and 'minsize'
* Update to 0.4.1
* Moved lenses to separate package 'augeas-lenses'.
* Upstream notes:
* Remove files when their entire subtree under /files is deleted
* Various bug fixes and syntax enhancements for path expressions
(see tests/xpath.tests for details)
* Evaluate path expressions with multiple predicates correctly
* Fix incorrect setting of /augeas/events/saved
* Major cleanup of matching during get; drastically improves
performance for very large (on the order of 10k lines) config files
* Small performance improvement in the typechecker
* Reject invalid character sets like [x-u] during typecheck
* Build with compile warnings set to 'maximum' instead of 'error', so
that builds on platforms with broken headers will work out of the box
* Lens changes/additions
* Util.stdexcl now excludes .augsave and .augnew files
* Logrotate: allow 'yearly' schedule, spaces around braces
* Ntp: fix so that it processes ntp.conf on Fedora 10
* Services: lens for /etc/services (Raphael Pinson)
* Xorg: new lens and tests (Raphael Pinson)
- autofs
-
- Update pidfile path to /run from /var/run (bsc#1185155)
- 0003-autofs-5.1.4-fix-fd-leak-in-rpc_do_create_client.patch
Fix filedescriptor leak (bsc#1093436)
- BuildRequire pkgconfig(udisks2) instead of udisks2-devel: let's
be flexible on possible package name changes.
- Package COPYRIGHT as %license instead of %doc.
- 0001-use_hostname_for_mounts-shouldn-t-prevent-selection-.patch
Fix handling of replicated NFS server so that
selection between servers still works sensibly when
use_hostname_for_mounts is in effect.
(bsc#1066720)
- 0002-Fix-monotonic_elapsed.patch
Fix bug introduced with monotonic-time patches which
causes nanoseconds to be ignored and effectively
disables sorting based on response time and/or weight.
(bsc#1066720)
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Add build require for rpcgen (preparation for removing it from
glibc)
- fix ordering of seteuid/setegid in do_spawn (bsc#1062482).
- fix unset tsd group name handling (bsc#1062482).
- fix possible map instance memory leak (bsc#1038198).
- check map instances for staleness on map update (bsc#1038198).
- Added patches:
- autofs-5-1-3-check-map-instances-for-staleness-on-map-update.patch
- autofs-5-1-3-fix-ordering-of-seteuid-setegid-in-do_spawn.patch
- autofs-5-1-3-fix-possible-map-instance-memory-leak.patch
- autofs-5-1-3-fix-unset-tsd-group-name-handling.patch
- Add libnsl-devel as build require in preparation of libnsl
removal from glibc
- Add gpg signature
- Update URL to use www.kernel.org now that ftp is gone.
- update to version 5.1.3:
* limit getgrgid_r() buffer size
* increase worker thread per-thread stack size
* fix offset mount location multiple expansion
* use malloc for expanded map location
* fix invalid reference in remount_active_mount()
* fix work around sss startup delay
* fix possible NULL derefernce
* use autofs_point to store expire timeout where possibe
* add config option to use mount request log id
* factor out set_thread_mount_request_log_id()
* log functions to prefix messages with attempt_id if available
* create thread-local ID for mount attempts
* add the mount requestor's pid to pending_args
* delay submount exit for amd submounts
* fix bogus check in expire_cleanup()
* handle amd cache option all in amd type auto mounts
* handle map_option cache for top level mounts
* capture cache option and its settings during parsing
* add function conf_amd_get_map_options()
* check for conflicting amd section mounts
* include amd mount section mounts in master mounts list
* add function conf_amd_get_mount_paths()
* add function conf_amd_get_map_name()
* add support for amd browsable option
* add ref counting to struct map_source
* fix typos in README.amd-maps
* honor last rw in mount options when doing a bind mount
* set autofs mounts catatonic at exit
* make set_direct_mount_catatonic() more general
* check NFS server availability on local mount fallback
* make lookup_nss_read_master() return nss status
* don't return until after master map retry read
* set sane default master read wait timeout
* dont exit on master map read fail timeout
* fix included master map not found return
* fix quoted key handling in sanitize_path()
* add sss master map wait config option
* work around sss startup delay
* add master read wait option
* wait for master map available at start
* update and add README for old autofs schema
* fix create_client() RPC client handling
* fix _strncmp() usage
* fix argc off by one in mount_autofs.c
* fix cachefs parse message not being logged
* fix typo in MOUNT_FLAG_GHOST comment
* Avoid local variable name shadowing another
* configure: add cache variable for Linux proc filesystem check
* fix count_mounts() function
* fix short memory allocation in lookup_amd_instance()
* Fix fgets(3) size argument (another one)
* Fix typos in error messages
* Remove unused local 2KB buffer
* fix file map changed check
* Change .requestor to .requester for consistency
* Fix a typo in CREDITS
* fix libtirpc detection with -Wl,--as-needed
* Fix size arg of fgets(3)
* Drop redundant n in logerr()
* Fix compiler warning in try_remount()
* build: check for clock_gettime in librt
* fix possible memory leak in nfs mount
* add config option to suppress not found log message
* properly handle errors in lookup_nss_mount
* fix yp map age not updated during map lookup
* fix 'nameing' typo in autofs.conf
* add remote-fs.target systemd dependency
* add autofs(5) note of IPv6 libtirpc requirement
* fix autofs(5) description of supported map sources
* fix modules make clean target
* fix Makefile linking dependencies
* fix handle_mounts() termination condition check
* log pipe read errors
* fix use-after-free in st_queue_handler()
* always set direct mounts catatonic at exit
* improve scalability of direct mount path component
* fix use after free in match_my_name()
* fix memory leak in get_network_proximity()
* fix typo in autofs_sasl_bind()
* fix use after free in open_lookup()
* fix use after free in sun parser parse_init()
* fix memory leak in ldap do_init()
* fix memory leak in nisplus lookup_reinit()
* fix sasl connection concurrancy problem
* fix unbind sasl external mech
* remove unused function elapsed()
* change time() to use monotonic_clock()
* change remaining gettimeofday() to use clock_gettime()
* use monotonic clock for indirect mount condition
* use monotonic clock for direct mount condition
* define pending condition init helper function
* use monotonic clock for alarm thread condition wait
* define monotonic clock helper functions
* Add a mode option for master map entries
* fix error handling of is_mounted()
* fix out of order call in program map lookup
* add configuration option to use fqdn in mounts
* update map_hash_table_size description
* change lookup to use reinit instead of reopen
* implement reinit in multi lookup module
* fix map format check in nss_open_lookup() multi map module
* factor out alloc multi map context
* factor out free multi map context
* add type to struct lookup_mod
* implement reinit in yp lookup module
* implement reinit in sss lookup module
* implement reinit in program lookup module
* implement reinit in nisplus lookup module
* implement reinit in ldap lookup module
* implement reinit in hosts lookup module
* implement reinit in hesiod lookup module
* implement reinit in file lookup module
* implement reinit in dir lookup module
* implement reinit in parse modules
* add reinit entry point to modules
* fix nsswitch handling when opening multi map
* make open_lookup() return nss status
* move check_nss_result() to nsswitchr.c
* fix update_hosts_mounts() return
* fix missing source sss in multi map lookup
* fix direct map expire not set for initial empty map
* fix direct mount stale instance flag reset
* fix error handling on ldap bind fail
* fix config old name lookup
* fix rwlock unlock crash
* fix return handling of do_reconnect() in ldap module
* make find_server() return a status
* make find_dc_server() return a status
* make connect_to_server() return a status
* make do_connect() return a status
* move query dn calculation from do_bind() to do_connect()
* fix return handling in sss lookup module
* fix left mount count return from umount_multi_triggers()
* revert fix libtirpc name clash
* update libtirpc workaround for new soname
* fix fix gcc5 complaints
* Removed patches:
autofs-5.1.1-task-use-after-free.patch
autofs-improve-scalability-of-direct-mount-path-comp.patch
autofs-5.1.1-properly-handle-errors-in-lookup_nss_mount.patch
autofs-5.1.1-fix-yp-map-age-not-updated-during-map-lookup.patch
autofs-5.1.1-leave_auth_destroy.patch
* Updated patches for context:
autofs-5.1.1-dbus-udisks-monitor.patch
- remove rpmlintrc, review was boo#782691
- Fix spurious ELOOP on certain kinds of failures (bsc#968918):
* autofs: fix yp map age not updated in s/_/./g case
* autofs: properly handle errors in lookup_nss_mount
* Added patches:
autofs-5.1.1-properly-handle-errors-in-lookup_nss_mount.patch
autofs-5.1.1-fix-yp-map-age-not-updated-during-map-lookup.patch
- improve scalability of direct mount path component creation (bsc#966573).
* Added autofs-improve-scalability-of-direct-mount-path-comp.patch
* Refreshed autofs-5.1.1-dbus-udisks-monitor.patch
- Use libldap_r instead of libldap for thread safety (bsc#955477).
* Added autofs-use-libldap_r-instead-of-libldap-for-thread-safety.patch
- add patch autofs-5.1.1-leave_auth_destroy.patch (bnc#958410)
do not redefined auth_destroy, the reason for this has long
been fixed in libtirpc (version 0.2.1 is already fine)
- autofs.service: Use KillMode=mixed so "/KillSignal"/ (SIGTERM) is
only sent to the main process and if still does not exit after
"/TimeoutStopSec"/ then "/SendSIGKILL"/ is sent to all remaining
processes of the unit's control group.
This is the desired behaviour for almost all daemons that
execute foreign programs.
- update to version 5.1.1:
* fix compile error in defaults.c
* add serialization to sasl init
* dont allocate dev_ctl_ops too early
* fix incorrect round robin host detection
* fix race accessing qdn in get_query_dn()
* fix leak in cache_push_mapent()
* fix config entry read buffer not checked
* fix FILE pointer check in defaults_read_config()
* fix memory leak in conf_amd_get_log_options()
* fix signed comparison in inet_fill_net()
* fix buffer size checks in get_network_proximity()
* fix leak in get_network_proximity()
* fix buffer size checks in merge_options()
* check amd lex buffer len before copy
* add return check in ldap check_map_indirect()
* check host macro is set before use
* check options length before use in parse_amd.c
* fix some out of order evaluations in parse_amd.c
* fix copy and paste error in dup_defaults_entry()
* fix leak in parse_mount()
* add mutex call return check in defaults.c
* force disable browse mode for amd format maps
* fix hosts map options check in lookup_amd_instance()
* fix memory leak in create_client()
* fix memory leak in get_exports()
* fix memory leak in get_defaults_entry()
* fix out of order clearing of options buffer
* fix reset amd lexer scan buffer
* ignore multiple commas in options strings
* fix typo in flagdir configure option
* clarify multiple mounts description
* gaurd against incorrect umount return
* update man page autofs(8) for systemd
* dont pass sloppy option for other than nfs mounts
* make service want network-online
* fix fix master map type check
* init qdn before use in get_query_dn()
* fix typo in update_hosts_mounts()
* fix hosts map update on reload
* make negative cache update consistent for all lookup modules
* ensure negative cache isn't updated on remount
* dont add wildcard to negative cache
* add a prefix to program map stdvars
* add config option to force use of program map stdvars
* fix incorrect check in parse_mount()
* handle duplicates in multi mounts
* revert special case cifs escapes
* fix map option parsing for 'strictatime'
* fix showmount search in auto.net
* remove obsolete comment in auto.net
* fix macro usage in lookup_program.c
* fix gcc5 complaints
* remove unused offset handling code
* fix mount as you go offset selection
* link daemon with pthread library (Debian patch)
* manpage corrections (Debian patch)
* fix manpages hyphenation (Debian patch).
- ported patches:
* autofs-5.1.0-dbus-udisks-monitor.patch ->
autofs-5.1.1-dbus-udisks-monitor.patch
* autofs-debuginfo-fix.patch -> autofs-5.1.1-debuginfo-fix.patch
* autofs-5.0.9-suse-auto_master_default.patch ->
autofs-5.1.1-suse-auto_master_default.patch
* autofs-5.0.9-task-use-after-free.patch ->
autofs-5.1.1-task-use-after-free.patch
- remove patches that are now upstream:
* autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
* autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch
* autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch
* autofs-5.1.0-gcc5-fixes.patch
- add autofs-5.1.0-gcc5-fixes.patch: Fix build against gcc 5.x
- prevent potential privilege escalation via interpreter load path
for program-based automount maps, add the following patches:
autofs-5.1.0-add-a-prefix-to-program-map-stdvars.patch
autofs-5.1.0-add-config-option-to-force-use-of-program-map-stdvars.patch
(bnc#917977 CVE-2014-8169)
- add autofs-5.1.0-dont-pass-sloppy-option-for-other-than-nfs-mounts.patch
(bsc#911720)
- Fix autofs.service so that multiple options passed through
sysconfig AUTOFS_OPTIONS work correctly (bsc#909472)
- Fix configuration handling now that we have /etc/autofs.conf
and /etc/sysconfig/autofs. Runtime options are now configured in
the former, while settings that affect the daemon start up are
still handled in the latter.
- Clean-up sysconfig.autofs, leave only init script options:
$OPTIONS and $USE_MISC_DEVICE.
- Run %fillup also when systemd is enabled. (bsc#906606)
- Use udisks2, udisks development has ceased in favor of udisks2.
- autoyast2
-
- Copy the files to the right location when a <file_location>
is given (bsc#1188357).
- 4.3.86
- Add missing elements to rules.xml schema:
- installed_product and installed_product_version (boo#1176089)
- dialog section (bsc#1188153)
- Do not export the general/storage section when it is empty
(related to bsc#1171356 and bsc#1187916).
- 4.3.85
- Properly register the script to reboot after applying online
updates (bsc#1187962).
- 4.3.84
- Do not crash when the general/storage section is empty
(bsc#1187180).
- 4.3.83
- Import proxy settings during the 1st stage of the installation
(bsc#1185016)
- 4.3.82
- Recommend icewm if graphical installation (bsc#1185095)
- 4.3.81
- Install packages in the PackagesProposal during autoupgrade
(see bsc#1184488).
- 4.3.80
- Consider 'static_text' as a valid value for 'ask/type' elements
(bsc#1185909).
- 4.3.79
- During autoupgrade do not try to register the system if it is
explicitly disabled in the profile (bsc#1176965)
- 4.3.78
- Do not crash while sorting the list of modules to be processed
during the 2nd stage (bsc#1184316).
- Prevent AutoYaST UI from crashing when trying to apply a module
changes (bsc#1184429).
- 4.3.77
- Use 'module' instead of 'listentry' when exporting pre-modules
and post-modules lists (bsc#1184342).
- Show the <ask-list> only once during autoinstallation
(bsc#1184317).
- Add the 'mkfs_options' element to the schema (bsc#1184268).
- Fix crash during using autoyast UI (bsc#1184216)
- 4.3.76
- fix handling of empty signature-handling element in autoyast
profile (bsc#1180968)
- 4.3.75
- Export properly "/ask"/ section "/selection"/ (bsc#1183624)
- 4.3.74
- Move default networking section values to the network repository
in order to reduce the redundancy and to avoid an unexpected
behavior (bsc#1180535).
- 4.3.73
- Autoyast schema: allow semi-automatic_entry alias for module in
semi-automatic entry as it was already documented in autoyast
documentation (bsc#1183512)
- 4.3.72
- Remove the 'haspcmica' element from the schema (related to
bsc#1183352).
- 4.3.71
- Import the security settings after importing the bootloader
configuration (bsc#1183042).
- 4.3.70
- Select patterns during auto installation even when not using the
confirm mode (related to jsc#SMO-20 and bsc#1182543).
- 4.3.69
- Adapted unit test to recent changes in Yast::Report (related to
bsc#1179893).
- 4.3.68
- AutoYaST UI: fixed field Mount Options (fstopt) in the
partitioning section (bsc#1181577).
- 4.3.67
- AutoYaST UI: added drive types CT_NFS and CT_TMPFS to the
partitioning section (part of jsc#SLE-11308).
- 4.3.66
- Upgrade: Checking if a valid base product has been selected for
upgrade and if not asking the user to check the product entry
in the AY configuration file (bsc#1175876).
- 4.3.65
- Add support for Btrfs quotas (jsc#SLE-7742).
- 4.3.64
- Rules download: The result will be stored in the target file when
the download has failed. This file has to be removed (bsc#1178804)
- 4.3.63
- AutoYaST warnings timeout applies to the XML validation error
dialog (bsc#1176973).
- 4.3.62
- Allow setting the 't' (or 'config:type') attribute in the
'backup' and 'upgrade' elements (bsc#1176834 and bsc#1176848).
- 4.3.61
- Do not show a warning the user when a script just did not run
(bsc#1177057).
- 4.3.60
- Fix the progress bar length during autoinstallation
initialization (bsc#1177322).
- Resolve "/zzz_reboot"/ script conflict (bsc#1177036)
- 4.3.59
- Fix 'inst_autosetup' tests (bsc#1177227).
- 4.3.58
- Add validation of 'activate_systemd_default_target' and
'final_restart_services' elements in the 'general/mode' section
(related to bsc#1176595).
- 4.3.57
- Improve validation errors presentation (related to bsc#1176973).
- 4.3.56
- Drop the 'general/mouse' element from the schema. It has been
unsupported since version 3.0.3, FATE#313101 (bsc#1176973).
- 4.3.55
- Fix tests for CWM::ComboBox (related to the CWM changes for
bsc#1136454).
- 4.3.54
- Add the schema for 'backup' and 'upgrade' sections (bsc#1176834).
- 4.3.53
- Set 0o600 permissions to the generated profile when cloning
a system (bsc#1174202).
- Add new action `yast2 autoyast check-profile` (related to
bsc#1175735) which features:
-- XML syntax check
-- XML schema validation
-- try to fetch the profile
-- generate dynamic profile erb or classes/rules
-- optional try to import profile and detect any issues with it
-- optional run of scripts including dynamic profiles in pre-script
-- 4.3.52
- Removing package evaluation via AY schema. Using autoyast(...)
supplements instead (bsc#1146494).
- 4.3.51
- Import general and report sections in case that some pre-script
modified the profile (bsc#1175725)
- 4.3.50
- Fix 'bcache_options' element using the right type (bsc#1176595)
- 4.3.49
- Fix the returned value form the AutoinstPartPlan's Read method
(boo#1176490).
- 4.3.48
- Formally mark that fixes made for SP2 no longer affect SP3
(no code changes bsc#1173793 and bsc#1172026). For the first one
code is not longer in place and for the second new xml parser
does not need workaround for empty strings.
- 4.3.47
- Fix installation using encrypted profile (bsc#1176336)
- improve usability by entering password just once
- use shared UI::PasswordDialog
- 4.3.46
- Using "/:"/ in the autoyast(...) supplements (bsc#1146494).
- 4.3.45
- When 'NetworkManager' is selected in the profile as the network
backend to be used, the 'NetworkManager' package is added to the
list of packages to be installed in case of missing (bsc#1172817)
- 4.3.44
- Recognize installed_product and installed_product_version as
legal elements of rules.xml files (boo#1176089).
- 4.3.43
- Add to erb templates more helpers (bsc#1175735)
- Use <script> elements instead of <listentry> when exporting the
<postpartitioning-scripts> section (related to bsc#1175714).
- Saving log files of postpartitioning-scripts (bsc#1145269)
(schubi@suse.de).
- 4.3.42
- Fix the AutoYaST storage UI (related to bsc#1175680).
- 4.3.41
- Unify profile element paths (bsc#1175680).
- 4.3.40
- bnc#1174133
- do not crash with internal error when the profile contains
corrupted signature_handling option
- 4.3.39
- Add ability to use erb template as dynamic autoyast profile
(bsc#1175735)
- 4.3.38
- Speed up finding the "/autoyast()"/ supplements by filtering
packages directly on the lilbzypp level (bsc#1175317, related to
bsc#1146494)
- 4.3.37
- Reporting an error if an corrupted AY configuration file has been
read (bsc#160975).
- 4.3.36
- bsc#1173624
- Run firewall configuration in first stage
- 4.3.35
- AutoYaST: Added supplements: autoyast(files,general,report,scripts,
partitioning,software) into the spec file in order to install
this packages if the section has been defined in the AY
configuration file (bsc#1146494).
- 4.3.34
- Improve finding the respective package for a section in the XML
installation profile. Find a package with the
"/autoyast(<section_name>)"/ supplements dependency (bsc#1146494).
- 4.3.33
- Do not report profile validation errors multiple times if the
errors are the same already reported and accepted (bsc#1173091)
- 4.3.32
- Adapted doc: Calling of post-partitioning scripts moved from
dropped inst_autoimage to inst_kickoff (bsc#1140711).
- Removed "/image"/ section from "/software"/ section (bsc#1140711).
- 4.3.31
- handle properly exceptions from new XML parser/serializer
(related to bsc#1171412)
- 4.3.30
- Do not crash when the networking section is missing
(bsc#1174118).
- 4.3.29
- Fix fallback for autoyast client name (bsc#1174119)
- 4.3.28
- Do not crash when wait section is not initialized (related to
bsc#1174173)
- 4.3.27
- Moving <files> section handling from second installation stage
to first installation stage. (bsc#1174194)
- 4.3.26
- Export more methods in AutoinstGeneral so it can be queried for
general autoyast settings (bsc#1174173)
- 4.3.25
- Fix 'partition' elements using the right type (bsc#1174071).
- 4.3.24
- Fix exception when autoyast module does not report any package
to install (bsc#1174069)
- 4.3.23
- Move pre-scripts to the autoinit client running them just after
the profile has been processed (bsc#1110413)
- 4.3.22
- Replace old module registry with newer code that is easier to
maintain and better test covered (bsc#1173699)
- 4.3.21
- Make the report section elements optional as AutoYaST proposes
default values when missing (bsc#1173312)
- 4.3.20
- The language, timezone and keyboard sections are applied and
removed during the first stage (bsc#1173624).
- 4.3.19
- Allow the user to ask for a reduced profile using the 'target'
argument in the command line (bsc#1171356).
- 4.3.18
- Cloning does not depend on the SetModified API call(bsc#1172552)
- 4.3.17
- Do not export general section if not requested (bsc#1172552)
- 4.3.16
- Validate the XML files before using them (bsc#1173091)
- Allow disabling the validation by setting
YAST_SKIP_XML_VALIDATION=1
- 4.3.15
- Do not export sections with no content (related to bsc#1172749).
- 4.3.14
- AutoinstGeneral.SetRebootAfterFirstStage is not private
anymore (bsc#1172865).
- 4.3.13
- Do not export Report section when cloning system as it is always
just defaults (bsc#1172749)
- 4.3.12
- Autoyast User Scripts Improvements:
- ensure all artifacts are copied to system (bsc#1145269)
- show warning if script returns non zero value
- show warning if there are two scripts that overwrite each other
- allow any interpreter to be used
- 4.3.11
- Do not crash when the partitioning section is not specified
(bsc#1172718).
- 4.3.10
- Fix 'autoyast' and 'clone_system' command line interfaces
(bsc#1172548):
- autoyast: add a list-modules command to list all known modules.
- autoyast: display the correct client name in the help text.
- autoyast: 'file' and 'module' command are now equivalent.
Both of them support setting 'filename' and 'modname'
arguments.
- clone_system: add a 'filename' option instead of always using
'/root/autoinst.xml'.
- clone_system: move the logic to find the clonable modules
to Y2ModuleConfig.
- 4.3.9
- AutoYaST schema fixes:
- Work around Relax-NG parser error: "/Found anyName attribute
without oneOrMore ancestor"/ (bsc#1172131)
- Rename 'option' to 'fs_option' to fix a duplicate definition
(bsc#1170886)
- 4.3.8
- AutoYaST: Cleanup/improve issue handling (bsc#1171335).
- 4.3.7
- When running an autoinstallation with the Online medium, the
network configuration based on the profile can be written before
the registration takes place (bsc#1171922)
- 4.3.6
- Do not propose insecure signature handling settings when
cloning (bsc#1171343).
- Assign the correct callback when "/accept_unknown_digest"/ is set.
- Do not export storage settings in the general section
unless it is needed (related to bsc#1171356).
- 4.3.5
- The network configuration is applied during the first stage by
default (bsc#1171922)
- 4.3.4
- Revamp the storage client user interface, adapting it to the
storage-ng features.
- Avoid detecting bcache as a volume group (bsc#1136454).
- 4.3.3
- Fix error reporting for invalid profile to respect new API
(bsc#1171412)
- fix profile loading test
- 4.3.2
- fix schema if it include definition multiple times (bsc#1171412)
- 4.3.1
- Do not export storage settings in the general section
unless it is needed (related to bsc#1171356).
- Improve AutoInstClone module test coverage and clean-up unused
code.
- AutoYaST schema improvements (bsc#1170886)
-- Allow optional types for string and map objects
-- Allow type specification without namespace
-- Add type specification with 't' shortcut
- 4.3.0
- ayast_setup: Do not add a 'networking' section to the profile
when it is not defined explicitly as it is not needed anymore
since keeping the configured network is the default option during
autoconfiguration (bsc#1170821)
- 4.2.35
- Service for init scripts: Try to start "/network-online.target"/
before starting the AY init scripts in order to get a working
network (bsc#1164105).
- 4.2.34
- Restore some missing icons (related to bsc#1168123, boo#1109310
and boo#1168281).
- 4.2.33
- Fix desktop files updating some icons and groups (related to
bsc#1168123).
- 4.2.32
- Adapted to changes in yast2-storage-ng (related to bsc#1140040).
- 4.2.31
- Security fix: Removed all "/--gpg-auto-import-keys"/ options from
zypper commands (bsc#1140711) (CVE-2019-18905)
- 4.2.30
- Fixed crash while loading none existing AY file (bsc#1165464).
- 4.2.29
- Service for init scripts: Checking working network with
"/network-online.target"/ before starting the AY init scripts
(bsc#1164105).
- 4.2.28
- Fixed user-visible messages (bsc#1084015)
- 4.2.27
- Fix cloning patterns (regression from 4.2.22)
(bsc#1159269, bsc#1159472)
- 4.2.26
- Fixed conflicting items in rule dialogs (bsc#1123091).
- Semi-automatic with partition: Do not use the common AY partition
workflow (bsc#1134501).
- Do not reset Base-Product while registration. Do not call
registration in the second installation stage again.
(bsc#1143106).
- Fix profile validation for scripts elements (bsc#1156905).
- UI: Report XML parsing errors instead of just crashing
(bsc#1159157).
- 4.2.25
- Allow to run autoupgrade on registered system with almost empty
profile (jsc#SLE-7101)
- 4.2.24
- Improve message when registration missing for autoupgrade with
online medium (jsc#SLE-7101)
- 4.2.23
- Using Y2Packager::Resolvable.any? and Y2Packager::Resolvable.find
in order to decrease the required memory (bsc#1132650, bsc#1140037).
- 4.2.22
- Do not override all storage proposal settings when importing
values from the profile (boo#1156539).
- 4.2.21
- Handle renamed add-ons during auto upgrade (part of jsc#SLE-7101)
- 4.2.20
- report wrong type of param-list instead of crash (bsc#1143260)
- 4.2.19
- Fix autoinstallation on online medium (bsc#1156058)
- 4.2.18
- Update schema to support setting the encryption method through
the 'crypt_method' (related to jsc#SLE-7376).
- 4.2.17
- AutoYaST support for the Full installation medium
(jsc#SLE-7101)
- 4.2.16
- fix auto-adding required packages for autoyast sections (bsc#1153746)
- don't run kdump autoyast config in 2nd stage
- 4.2.15
- bnc#1154855 - During firstboot ayast_setup will not be executed.
- 4.2.14
- Do not crash when using the online medium without the
registration section in the AY XML profile, display an error
message with some hints (bsc#1154988)
- 4.2.13
- AutoYaST support for the OnlineOnly installation medium
(jsc#SLE-7214)
- 4.2.12
- Do not run the registration step again in the installed system
(in the 2nd stage after reboot) (bsc#1153293)
- 4.2.11
- Fix dependency for autoyast2-installation (bsc#1131235)
- 4.2.10
- Move kdump import before software import to allow kdump to
specify packages it needs in first stage (bsc#1149208)
- 4.2.9
- Set X-SuSE-YaST-AutoInstResource in desktop file (bsc#144894).
- 4.2.8
- Add missing 'uuid' element to the partition sections
(boo#1144007).
- 4.2.7
- Fixed downloading of AutoYaST configuration file with "/relurl"/
(bsc#1138117).
- 4.2.6
- Use modern tar syntax
- Require fillup because it's executed in %post
- Fixed an Internal Error when AutoYaST is importing users and
groups configuration (bsc#1140339).
- 4.2.5
- Fixed new desktop file name (bsc#1138144).
- 4.2.4
- Always perform a storage re-probe after executing pre-scripts.
- Related to bsc#1133045
- 4.2.3
- Add multi-device Btrfs related elements to the partitioning
schema (part of jsc#SLE-3877).
- 4.2.2
- Add metainfo (fate#319035)
- Revamp spec
- Replace GenericName with Comment
- 4.2.1
- Uninstall the "/SUSE-Manager-Proxy"/ product when upgrading from
SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215)
- 4.2.0
- Removed check for available devices. When there are no devices,
the proposal issues will be shown (needed for bsc#1130256).
- 4.1.5
- Postpone disabling local repositories if the second stage is
required (bsc#1127818).
- 4.1.4
- Add Bcache related elements to the partitioning schema
(fate#325346).
- 4.1.3
- Avoid to crash when the profile has a not valid sofware section
(bsc#1125959).
- 4.1.2
- Reading IPv6 setting in order to initialize it correctly.
(bsc#1122660)
- 4.1.1
- Fixed conflicting items in rule dialogs (bsc#1123091).
- 4.1.0
- Provide icon with module (boo#1109310)
- 4.0.70
- Function SelectProduct removed in order NOT to select All
available products (bsc#1116332).
- 4.0.69
- Fallback to English when using fbiterm on those languages
which are not properly supported (fate#325746).
- 4.0.68
- Removed unneeded flag network_needed in script section.
(bsc#1094822)
- 4.0.67
- Writing security settings in first AY installation stage.
So other modules (e.g. users) can rely on these settings now.
(bnc#1112769)
- 4.0.66
- Saving y2logs after the installation has been finished.
(fate#325737)
- 4.0.65
- Adapt schema to support the new way of defining a software
RAID (fate#326573).
- 4.0.64
- Added license file to spec.
- AutoInstallRules: Do a cleanup of the profile being merged with
(bsc#1108933).
- 4.0.63
- AutoYaST configuration module: Enable edit action for firewall
module (fate#324662).
- 4.0.62
- AutoInstallRules: Fixed crash while merging profiles.
(bsc#1105711)
- 4.0.61
- AutoInstallRules: increased default maxdepth for not crashing
with a big software package list (bsc#1104655)
- 4.0.60
- Switched license in spec file from SPDX2 to SPDX3 format.
- Installation/Update: Do not call registration if module
yast2-registraion is not available in inst-sys (bsc#1098794).
- 4.0.59
- AY configuration module: Report XML errors while reading an
AY configuration file (bsc#1098794)
- 4.0.58
- Added additional searchkeys to desktop file (fate#321043).
- 4.0.57
- Showing AutoYaST configuration file errors onetime only.
(needed for bnc#1095113)
- 4.0.56
- Partition configuration: Do not ask for saving values if they have
not been changed at all. (bnc#1082556)
- 4.0.55
- Using new libstorage-ng in order to handle "/label"/ tag in URL.
E.G.: autoyast=label://my_home//autoinst.xml (bnc#1094533)
- 4.0.54
- Handle DASD or zFCP devices even when the profile is not in a
remote location (bsc#1089554).
- 4.0.53
- Allow 'subvolumes' and 'subvolumes_prefix' elements to be empty
(bsc#1076337, bsc#1090095 and bsc#1091669).
- Drop 'btrfs_set_default_subvolume_name' element.
- 4.0.52
- Added general API for reporting errors while parsing the AutoYaST
configuration file (part of bnc#1089855).
- 4.0.51
- Display an error and abort the installation when no storage
devices are available for installation (bsc#1091033).
- 4.0.50
- AutoYaST: properly handle empty proposals (bsc#1090390).
- 4.0.49
- Probe storage devices again after initializing DASD or zFCP
devices (bsc#1089326 and bsc#1089554).
- 4.0.48
- Install the module products also in AutoYaST autoupgrade
(related to bsc#1086818 and bsc#1087206)
- 4.0.47
- Honor partitioning settings from product (bsc#1085755).
- 4.0.46
- Fix tests to use correct storage instance (part of fate#318196).
- 4.0.45
- Properly abort when probing devices fails (part of bsc#1083672).
- 4.0.44
- Do not export an <id/> element in the partitioning section
(bsc#1013047)
- Add-On-Products: Handling error popup for wrong settings.
(bnc#1084596)
- 4.0.43
- Permitted the use of 'listentry' element in all the software
AutoYaST schema list entries (bsc#1013047)
- 4.0.42
- Added more entries to be used instead of the listentry tag when
cloning the system (bsc#1013047)
- 4.0.41
- Improved error message if the base product cannot be found.
(follow up of bnc#1084820)
- 4.0.40
- Reuse encrypted devices when required (bsc#1085439).
- 4.0.39
- Fixed cloning of the base product name (bsc#1084259)
- 4.0.38
- Fix in showing/accepting base licenses: Using
inst_product_license module instead of
ProductLicense.AskLicenseAgreement (bnc#1073324)
- 4.0.37
- adapted to new activate callbacks in libstorage-ng (see
bsc#1082542)
- 4.0.36
- Add missing textdomains to create proper potfiles (bsc#1083015)
- 4.0.35
- Manage errors during hardware activation in the same way than
normal installation - asking the user and trying to continue if
the question times out (related to bsc#1079061).
- 4.0.34
- Upgrade: Speedup PKG call (bnc#1074082)
- 4.0.33
- Remove calls to the old yast2-storage layer (bsc#1071978)
- Fix AutoYaST UI to to show partitions properly
- 4.0.32
- fate#319119
- yast2-ca-management is dropped
- 4.0.31
- fate#323373
- Xinetd and yast2-inetd are not supported. Marking respective
autoyast section as obsolete.
- 4.0.30
- fate#323460
- support for disabling edit action per module. Currently used
mainly by the new firewall module
- 4.0.29
- Report packages which cannot be select for installation
(except those packages not included in the AutoYaST profile)
(bnc#1077292)
- 4.0.28
- Speed optimization for the previous fix, the "/clone_system"/
client spent several minutes processing the packages
(related to bsc#1077882)
- 4.0.27
- Avoid using Pkg.ResolvableProperties("/"/, :package, "/"/) calls
which require too much memory (bsc#1077882)
- 4.0.26
- Reporting packages which cannot be selected for installation.
(bnc#1077292)
- 4.0.25
- Selecting evaluated/given product for installation.
fate#323450
- 4.0.24
- Display more details when the package solver fails
- Using ProductFeatures.SetSection instead of
ProductFeatures.SetOverlay in order to set product features.
This is a follow up of bsc#1070726.
- 4.0.23
- adapt to yast2 changes in overlays (related to bsc#1070726)
- 4.0.22
- Upgrade: Adapting to new product handling.
(bnc#1075744)
- 4.0.21
- Fixed merging issues due to bnc#1075182 and bsc#1075334.
- 4.0.20
- Merging products before package evaluation starts.
(bnc#1075182)
- 4.0.19
- Fix initialization to copy the profile to /tmp/profile again
(bsc#1075334)
- 4.0.18
- always upgrade system via equivalent of 'zypper dup', removing
respective control from the profile (bsc#1071708)
- 4.0.17
- AutoYaST: fix btrfs_set_default_subvolume_name handling
(bsc#1073548)
- 4.0.16
- Warn the user if the infrastructure is not available for running
the second stage (bnc#1061754)
- 4.0.15
- Reinitialize the storage manager when the profile is modified
by a pre-script (bsc#1071739)
- 4.0.14
- adapt to new schema of ntp-client (FATE#323432)
- 4.0.13
- Drop using ntpdate and instead use NtpClient module for one time
sync (FATE#323432)
- 4.0.12
- Do not ignore start_multipath setting (bsc#1070343).
- 4.0.11
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468).
- 4.0.10
- Added subvolumes_prefix to schema definition file.
(bsc#1013047)
- Exporting base products in list format. (fate323450)
- 4.0.9
- Bring back handling of device=ask (bsc#1069965)
- Use a 1-based index when showing partitioning issues
- 4.0.8
- Cleanup spec file.
- Code cleanup (removing old libstorage code).
- Adapting rules to storage-ng.
- partition_alignment removed because it is not needed
anymore by storage-ng.
- 4.0.7
- Add storage data to ayast_probe client (bsc#1065668)
- Handle storage proposal exceptions in a proper way
- 4.0.6
- When reporting issues with the partition plan, add in which
section of the profile were they found (related to bsc#1060637).
- 4.0.5
- Do not mangle partitioning information coming from
yast2-storage-ng when cloning a system (related to bsc#1064875).
- 4.0.4
- Add basic support for error handling when creating the
partition plan (fate#318196).
- 4.0.3
- Add missing require of Y2Package::Product class (bsc#1064396)
- fate#323450
- implemented product selection
- 4.0.2
- Removed the remains of Kickstart import (bsc#1061620).
- 4.0.1
- AutoinstConfig: added network_before_proposal flag that will be
enable if the network is configured during the first stage.
(bsc#1054400)
- 4.0.0
- ayast_setup: Restarting autoyast-initscripts.service in order
to run init-scripts too. (bnc#1057597)
- 3.3.9
- Rename "/y2storage_probed"/ to "/probed"/. (bnc#1056656)
- 3.3.8
- fate323450
- export product name when cloning a profile
- 3.3.7
- Handle packages that are missing a PGP signature although
digests are valid (bsc#1054969)
- 3.3.6
- AY runs in installed system: Writing init scripts again
to /var/adm/autoinstall/init.d in order to initilaize init
scripts correctly. This is needed for AY runs which do not
have an first installation stage (e.g. AY run in KIWI,
ayast_setup). (bnc#1052145)
- 3.3.5
- Merged storage-ng branch (fate#318196).
- Note: all changes below with this date belong to the merge.
- 3.3.4
- storage-ng: refac class StorageProposal and create a new guided
proposal by changing settings if it is necessary.
- Use the new storage-ng layer to export the current system to the
corresponding <partitioning> section of the AutoYaST profile
(fate#318196).
- Add basic support for customized partitioning using the new
storage-ng layer. Currently, only plain partitions are supported
(bsc#1044697).
- Allow overriding of product's storage partitioning options
(bsc#1039481)
- storage-ng: commented several Yast.import for the old storage
lib. Affected modules not adapted to storage-ng so far.
- storage-ng: Enable storage-ng proposal for AutoYaST installation.
- storage-ng: fix AutoInstallRules to not use old storage lib.
Tests are commented. Removed dependency from (old) yast2-storage,
even if it breaks some functionality.
- Removed yast2-update as build dependency and added before
version (2.18.3) as install dependency. It is only needed for
file_from_url.
- Classes/rules will be ignored: Due to self-update, the evaluation
of classes/rules will be called twice. So we have to initialize
the stack for each run again. (bnc#1051483)
- 3.3.3
- Saving ask-scripts and corresponding log files
to /var/adm/autoinstall. (bnc#1049473)
- 3.3.2
- Crash while writing settings via the menue "/File/Apply Profile
to this System"/ in AutoYaST configuration module:
As we are switching to "/autoinstallation"/ mode and accessing to
the target system we have to set StorageDevices flag disks_valid
to true. So InitLibstorage can scan valid target disks.
(bnc#1047809)
- 3.3.1
- AutoYaST configuration module; Crash while writing settings to
the system:
As we are switching to "/normal"/ mode and accessing to the target
system we have to set StorageDevices flag disks_valid to true.
So InitLibstorage can scan valid target disks. (bnc#1046738)
- 3.3.0
- Report shrinked partitions if there is not enough space.
(bnc#1039528)
- 3.2.16
- clone system: Checking if snapshots have been enabled.
(bnc#1039268)
- 3.2.15
- Moved configuration management before software selection in
order to select packages which are needed for CM. (FATE#319830)
- 3.2.14
- Fix subvolumes schema definition (bsc#1013047)
- 3.2.13
- bnc#1026027
- removed dependency on insserv
- 3.2.12
- Added configuration-management to first installation step.
(FATE#319830)
- 3.2.11
- Update: Product selection will be done by Packages.SelectProduct
now (bnc#1014861).
- 3.2.10
- Moved services-manager to first installation stage (FATE#321738).
- 3.2.9
- Add an option to disable the self-update feature through the
AutoYaST profile (FATE#319716)
- 3.2.8
- Cloning Software: install_recommended can be set by the
control.xml file (clone_install_recommended_default)
Default is true. (Fate#321764)
- 3.2.7
- Fixed tests to pass with the latest yast2-core and
yast2-ruby-bindings packages (related to the bsc#932331 fix)
- 3.2.6
- Moved post-scripts download from second-stage to first-stage.
(bnc#1014859)
- 3.2.5
- If Btrfs subvolumes are not specified, the default set
is created (bsc#1012328)
- Fix building on s390x (bsc#1011489)
- 3.2.4
- Do not crash when services manager configuration is missing
(related to bsc#887115)
- 3.2.3
- Hiding a module in its .desktop file (Hidden=true) won't prevent
it from being cloned anymore (bsc#1008301)
- Add support to specify resource aliases using the key
X-SuSE-YaST-AutoInstResourceAliases in desktop files (related
to bsc#887115)
- 3.2.2
- Do not check certificate for images which have been created by
the user/customer. Found while testing bnc#1009023.
- 3.2.1
- Add support to enable copy-on-write for Btrfs subvolumes
(FATE#320342)
- Add support to omit the Btrfs default subvolume name
(FATE#317775)
- 3.2.0
- Adding missed desktop file for "/clone_system"/ in order to show
it in the control center and command line calls.
(bnc#985621)
- 3.1.152
- Adding an missing PREP partition for PPC, BUT not for
Power8 system (powerNV). PowerNV do not have PREP partitions
and do not need any because they do not call grub2-install
(bnc#989392).
- 3.1.151
- Fix IP detection in AutoYaST installation rules
in order to find the correct profile when "/ip route"/
mentions "/metric"/ (bnc#997548).
- 3.1.150
- Profile Location: Use Report instead of Popup to not block
AutoYast if not configured to. (bnc#988949)
- 3.1.149
- Fixed: Setting timeout for error popups has not been possible.
(bnc#988949)
- 3.1.148
- Improved logging for broken script descriptions.
Still a part of bnc#986049.
- 3.1.147
- Cloning devices: Devices which are not needed for the
installation will be ignored explicitly in the "/skip_list"/.
(bnc#989392)
- 3.1.146
- Added "/confirm_base_product_license"/ to rnc file.
(bnc#992535)
- 3.1.145
- Reintroduced autoyast=usb as a valid URL to AutoYaST profile
(bsc#987858)
- 3.1.144
- Added missed flag "/install_recommended"/ in software section.
(bnc#990494)
- 3.1.143
- Added new [Stop] button for <ask> dialogs with timeout. The
button shows the current time in seconds till the automatic
timeout (bsc#990114).
- More possible user actions can now stop the execution to prevent
from timeout (bsc#990114).
- 3.1.142
- Check if AutoYaST "/script"/ elements are hashes.
Other entries will be ignored. (bnc#986049)
- 3.1.141
- Exporting NFS root partition correctly. (bnc#986124)
- 3.1.140
- Moved ssh_import AutoYaST schema file to yast2-installation
package.
This is a part of Fate#319624.
- 3.1.139
- Adapt docu to new AutoYaST developer docu.
- 3.1.138
- The entry "/kexec_reboot"/ in the Product description can be set
by the AutoYaST configuration setting (general/forceboot) and should
not be reset by any other Product description file.
Fix: Set it again after reading a new Product description.
(bnc#981434)
- 3.1.137
- While AutoYaST installation the user can change the path of the
AutoYaST configuration file. Fix: This path will be updated in
/etc/install.inf too.
(bnc#963487)
- 3.1.136
- System shutdown: Removed "/autoyast"/ service shutdown.
It does not exist anymore. (bnc#986798)
- 3.1.135
- Speed up installation (bnc#986649)
- 3.1.134
- Consider AutoYaST keep_install_network as set to 'true'
if it's not specified (bsc#984146)
- Restore the keep_install_network default behavior present
in SLE 12 SP1 and openSUSE Leap 42.1
- 3.1.133
- Fixing typo while reporting not supported modules.
(part of bnc#955878)
- 3.1.132
- Rename schema definition regarding SSH keys/configuration
so yast2-schema can find it correctly (fate#319624)
- 3.1.131
- Fix AutoYaST2 schema regarding SSH keys/configuration import
feature (fate#319624)
- Stop generating autodocs (fate#320356)
- 3.1.130
- AutoYaST support for ssh_import module.
Fate#319624
- 3.1.129
- Unsupported sections will be now reported in first installation
stage. Reducing log level to warning.
(Additional patch for bnc#955878)
- 3.1.128
- Resetting package selection of previous runs. This is needed
because it could be that additional repositories are available
meanwhile. (bnc#979691)
- 3.1.127
- Media-based AutoUpgrade case for feature: No Recommends in
* -release RPMs (FATE#320199)
- 3.1.126
- Upgrade: Removed obsolete bootloader stuff.
(bnc#976312)
- 3.1.125
- Removed obsolete bootloader stuff.
(related to FATE#317701)
- 3.1.124
- Updated schema - added optional URL for the installer
self update repository ("/general"/ -> "/self_update_url"/ node)
(FATE#319716)
- 3.1.123
- Remove unused import of dropped BootCommon package.
(related to FATE#317701)
- 3.1.122
- Removed calls of dropped LanUdevAuto module (yast2-network)
(bnc#955217, bnc#956605)
- 3.1.121
- Moved call "/uptime"/ to yast2 package. Cleanup for bnc#956730.
- 3.1.120
- Evaluate the correct domain, network, product and product version
when applying rules (bnc#963137).
- 3.1.119
- Check uptime instead of system time while waiting for systemd
services to be restarted (bsc#956730)
- 3.1.118
- Fixed crash if the general/mode section has not been defined.
(bnc#968080)
- 3.1.117
- As network configuration will be moved to first installation
stage and wickedd should not be restarted in the second stage,
all wickedd and network services will not be restarted at all
by AutoYaST.
(bnc#944349, bnc#955260)
- 3.1.116
- Moved the body of AutoinstallIoInclude#Get to yast2-update
(FATE#316796).
- 3.1.115
- Confirming base product license. This can be defined by the flag
<confirm_base_product_license> in the general/mode section.
Confirming licenses of add-on products can be defined for each
product by the flag <confirm_license> in the add-on product
description.
(Fate#318945)
- 3.1.114
- "/haspcmcia"/ method is removed from the AutoInstallRules API
(bnc#964151)
- LVM: taking care about "/auto"/ option --> switching to "/max"/.
(bnc#962034)
- 3.1.113
- Fixed rules.xml : OR operator is interpreted as AND.
(bnc#961941)
- 3.1.112
- Fix wrong warning message about the 'init' section
not being processed (bsc#962526)
- Installation with "/autoyast=default"/. Fixed nil exception error.
(bnc#959723)
- 3.1.111
- Fixed init scripts which have been defined inside an
AutoYaST configuration file. (bnc#961320)
- 3.1.110
- Fix validation of AutoYaST profiles (bsc#954412)
- 3.1.109
- Downloading init scripts to /mnt during first installation stage.
(bnc#960907,bnc#961320)
- 3.1.108
- Network services can be restarted again, because they do not
depend on YaST2-Second-Stage.service anymore. (bnc#954908)
- 3.1.107
- Added "/cobbler"/ to the obsolete profile section.
Defined in SUSE Manager but will not be used anymore. (bnc#955878)
- 3.1.106
- Do not restart NetworkManager* services while restarting all
services in the second installation stage. (bnc#955260)
- 3.1.105
- Export the already saved software selection when present,
fixes exporting wrong package selection caused by deployment of
the installation images (bsc#956325, bsc#910728)
- Evaluating needed YAST packages which are defined in the
AutoYaST configuration file and selecting these packages for
installation. (bnc#955657)
- 3.1.104
- Updating AutoYaST documentation
- 3.1.103
- Installation workflow: Using ntpdate instead of sntp for time
syncing (bnc#953781)
- 3.1.102
- Add dependency on yast2-pkg-bindings 3.1.31 (or newer)
(bsc#953162)
- 3.1.101
- Ingore restarting of all wickedd* services while finishing the
second installation stage. (bnc#944349)
- 3.1.100
- Cloning system while an installation without AutoYaST: Do not
blame if packages are not available anymore because the
medium has already been unmounted (e.g. USB device)
(bnc#901747)
- 3.1.99
- Using "/backup"/ or "/partitioning_advanced"/ sections in the profile
does not produce an error message anymore (bsc#950294)
- 3.1.98
- Move lib/ directory to autoyast2-installation package
(bsc#949776)
- 3.1.97
- Handle pkgGpgCheck callback introduced in libzypp 14.39.0
(bsc#948608)
- 3.1.96
- Enabled translation of some buttons (bsc#948834)
- 3.1.95
- Writing network settings in first installation stage if the
second installation stage has been disabled ("/second_stage"/)
in the general/mode section but a "/networking"/ section has
also been defined. (bnc#944942)
- 3.1.94
- Fix premature loading of AutoInstall which prevented running
configuration clients during 2nd stage (bsc#944770)
- 3.1.93
- Move users creation to the first stage, so it is not needed
to run the 2nd stage to have a minimal system.
- Do no add AutoYaST packages if the second stage won't be
executed.
- Fixes bnc#892091
- 3.1.92
- Do not restart dbus service after installation. Otherwise some
other services will hang. (bnc#937900)
- 3.1.91
- S390: handling cio_ignore
Entry <general><cio_ignore> in order to set it
(values: true/false). If it is not set cio_ignore is true.
So it is backward compatible. (bnc#941406)
- 3.1.90
- Fixed typo in partitioning section
(bnc#941096)
- 3.1.89
- Writing init scipts to installed system in the first installation
stage now. The init scrpits will be called while starting
the autoyast-initscripts service. So, these scripts will be called
while a system upgrade too. (bnc#940823)
- 3.1.88
- <software><post-packages>: Must not reinstall already installed
packages. (fate#319086)
- 3.1.87
- Fixed a syntax error in the schema definition (bsc#938459)
- 3.1.86
- Syncing hardware time before starting installation via ntp.
This is configurable via the flag
<general><mode><ntp_sync_time_before_installation> with which
the name of the ntp server will be defined. If it is not set
no synchronisation will be done. So it is backward compatible.
(bnc#935066)
- 3.1.85
- Added "/upgrade"/ section to generic list. (bnc#935915)
- 3.1.84
- implemented activation of snapper for btrfs on LVM (bsc#935858)
- 3.1.83
- Enabled snapshots creation after auto-installation/upgrade
(fate#317973)
- 3.1.82
- Regarding some corner cases of bsc#925381.
- - Checking for availability of clients/<module>_auto module before
reporting an error.
- - Checking if a module supports more than one autoyast configuration
section.
- 3.1.81
- Don't try to format PReP partitions (bsc#927748)
- fixed size parameter "/auto"/ for PReP partitions (bsc#928768)
- 3.1.80
- Added new section "/restricts"/ for ntp configuration
(bnc#928987)
- 3.1.79
- Added 'bootloader' and 'report' into list of supported profile
sections (bsc#925381)
- 3.1.78
- Added libxslt into BuildRequires - needed for running test-cases
(bsc#929832)
- 3.1.77
- Reporting unknown and unsupported profile sections (bnc#925381)
- 3.1.76
- Evaluate the correct host IP in order to read the proper
autoyast.xml file (bnc#928303, bnc#908356, bnc#916628)
- 3.1.75
- New autoinst flag in general/mode section:
activate_systemd_default_target.
The default target of systemd will be activated in the second
stage of autoyast installation.
The default is "/true"/ which is a backward compatible value.
(bnc#923992)
- 3.1.74
- Avoid ayast_probe module crashing when called from an installed
system.
(bnc#926241)
- 3.1.73
- New autoinst flag in general/mode section: final_restart_services.
Restarting all services after finishing the installation.
The default is "/true"/ which is a backward compatible value.
(bnc#923992)
- load release notes of extensions also during AutoYaST
(bnc#893586)
- Clone_system in autoyast2-installation should call some modules
(e.g. storage, software) which are defined in autoyast2 package.
So if needed the user has to install autoyast2 package at first.
- Checking if the disk is -partitionable- instead of checking if it
is a real disk. Needed for Multipath disks. (bnc#909349)
- autoyast=file:///<autoinst.xml> : Mount the installation source
in order to copy AutoYaST configuration file into inst_sys.
(bnc#908271)
- Selecting needed yast packages for the second stage correctly.
(bnc#909751)
- 3.1.72
- Setting normal mode while applying single module settings to
system. (bnc#909223)
- 3.1.71
- Removed code which will be already done by service_manager.
(bnc#909745)
- remove X-KDE-Library from desktop file (bnc#899104)
- AutoYaST configuration module: Reset menu bar after calling
single YAST configuration module.
(bnc#872711)
- 3.1.69
- Fixed too small dialog for autoyast profile location.
(bnc#897321)
- 3.1.68
- Fixed UI in partition configuration.
(bnc#901904; bnc#901739)
- 3.1.67
- Fixed "/No base product found"/ error when evaluating
rules/rules.xml file (bnc#900750)
- 3.1.66
- avahi
-
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
HUP event in client_work (boo#1184521 CVE-2021-3468).
https://github.com/lathiat/avahi/pull/330
- Update avahi-daemon-check-dns.sh from Debian. Our previous
version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
when invoking avahi-daemon-check-dns.sh (boo#1180827
CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
- When changing ownership of /var/lib/autoipd, only change
ownership of files owned by avahi, to mitigate against
possible exploits (bsc#1154063).
- Drop avahi-daemon-increase-rlimit.patch: rlimits are no longer
set by default.
- Replace avahi-0.7-python3.patch with avahi-0.7-dbm.patch: use
what is upstream (boo#1110668).
- Add avahi-0.7-encode-strings-as-utf8.patch: encode strings as
UTF-8 (boo#1110668).
- Add avahi-0.7-python3-bookmarks.patch: make bookmarks python 3
compatible (boo#1110668).
- Add CVE-2018-1000845.patch: drop legacy unicast queries from
address not on local link (boo#1120281 CVE-2018-1000845).
- Drop avahi-0.6.31-invalid-packet.patch: fixed upstream.
- Add avahi-daemon-increase-rlimit.patch: increase rlimit as a
conservative way to handle certain crashes referring to upstream
commit 71ace71 (bsc#1085255).
- Drop the qt3 parts
- Add avahi-0.7-python3.patch: Port to python 3 (bsc#1076402).
- Build python bindings against python 3, rather than python 2;
- Python-avahi is now python3-avahi, and python-avahi-gtk is now
python3-avahi-gtk
- Obsolete the python 2 packages
- Replace python_sitelib with python3_sitelib in %files, and add
__pycache__.
- Rename %*soname to %*sover to better reflect its use.
- Modernize spec file by calling spec-cleaner
- Use SPDX3.0 license tags and package COPYING as %license.
- Update to version 0.7:
+ The Avahi 0.7 release brings two new features, binary TXT
records in XML service files and the ability to start the
gobject client in a custom context.
+ New Features:
- Add support for binary values in TXT records in XML service
files by specifying
value-format="/text|binary-hex|binary-base64"/. If not
specified, defaults to the normal value of "/text"/ (thus
backwards compatible).
- avahi-gobject: Allow starting the client in a custom
GMainContext by passing context to ga_client_start_in_context
instead of ga_client_start (avahi-gobject minor version has
been incremented).
+ Notable Changes:
- avahi-daemon: Remove all default rlimits from
avahi-daemon.conf, as two main problems happened with firstly
rlimit-nproc causing avahi to fail when started in a
container without user namespaces and secondly because memory
rlimits were causing avahi to crash in some cases. Leave it
up to the init system to impose any modified limits instead.
It is recommend to ship this change in distribution default
config files.
- avahi-common: Fix watch cleanup issue in watch_free
- avahi-discover (python): Updated for Python3 & GTK3
- avahi-autoipd:
. Clear previously set address before binding a new one.
. Fix dhclient hooks to check for avahi-autoipd before
running.
- build: Move default rundir from /var/run to /run as per
modern system setups.
+ Other Changes:
- build:
. Fix the printed value of "/Building libavahi-client"/ in
./configure.
. autogen.sh improved to work when called from another
directory.
. Fix warnings when compiling against musl libc.
- avahi-compat-libdns_sd: Fix incorrect URL in warnings.
- service-type-database: Add new service Types: _ipps._tcp,
_xpra._tcp.
- avahi-dnsconfd: Update manpage with the correct action script
name.
- avahi-gobject:
. Use the correct shared library name in AvahiCore-0.6.gir
. Fix build failing under some locales.
- avahi-common/dbus-watch-glue.c: remove Unneeded semicolon.
- Update gentoo init scripts for newer openrc version.
+ Updated translations.
- Drop avahi-empty-share-dir.patch, avahi-gir-fixup.patch,
avahi-move-everything-to-run.patch and avahi-outdated-URL.patch:
Fixed upstream.
- Drop systemd_requires macro: on a machine managed by systemd, we
don't have to require it. If the machine/container is not managed
by systemd, we don't want to require it.
- Add pkgconfig(pygobject-3.0) BuildRequires: New dependency.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Do not suppress errors from avahi-autoipd user creation, but do
suppress getent output.
- Replace $RPM_* shell vars by macros.
- Modify user generation (boo#1010384):
+ Use getent to check for existing users/groups, only creating
them if not found.
+ Do not hide output of groupadd/useradd.
+ Do not mask failures: if a user can't be added, we have a
problem.
- Drop %insserv_cleanup scriptlets: it's been a while that avahi
did not install any sysV init scripts anymore.
- Simplify avahi_spec-prepare.sh: OBS is well able to handle macros
in package names by now.
- Drop conditions to only handle systemd services on openSUSE >
12.1; it's been long that we did not ship the sysv scripts
anymore and openSUSE 12.1 is long EOL.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-0.6.32-suppress-resolv-conf-warning.patch: only warn
on missing resolv.conf if the options that use it are enabled.
https://github.com/lathiat/avahi/pull/63
- Update to version 0.6.32:
+ Don't log warnings about invalid packets, commonly triggered by
Windows 10 systems.
+ Fix issue with bad packet size estimation, causing probes to
continuously be sent when hosting large numbers of services.
+ Fix build on Solaris/SmartOS (filio.h issue).
+ Fix build on FreeBSD (PCAP_D_IN issue).
+ Fix debug output with libdaemon >= 0.14.
+ avahi_server_set_browse_domains now correctly uses the provided
list, instead of re-using the list from the configuration file.
+ Set nl_pid to 0, this will automatically assign the value and
prevent conflicts per netlink(7). (Bug #334).
+ Check for netlink pid=0 (kernel) instead of uid=0, which works
correctly with network & user namespaces.
+ Fix reversed IFA_LOCAL and IFA_ADDRESS checks (Avahi#355).
+ Don't fail the build on deprecated GTK/GLIB usage.
+ Gracefully fail if SO_REUSEPORT is not available.
+ Minor Python 3 update for the python ServiceTypeDatabase test
usage of print, should be backwards compatible.
+ avahi-autoipd: Fix incorrect usage of IFLA_RTA instead of
IFA_RTA which could crash on ARM (Closes: gh#lathiat/avahi#42).
- Drop upstream fixed patches:
+ avahi-unicastdomains.patch
+ avahi-gtk_box_new.patch
+ avahi-fix-mkdir.diff
+ avahi-enable-ipv6.patch
+ avahi-reserve-space-for-record-data-when-size-e.patch
- Rebase avahi-0.6.31-invalid-packet.patch.
- Add avahi-0.6.31-systemd-order.patch: start after NM/wicked, to
ensure resolv.conf is present (bsc#982317, gh#lathiat/avahi#59).
- Update to GNOME 3.20.2 (Fate#318572)
- Added License field in spec file.
- Update to GNOME 3.20 Fate#318572
- No longer install sysv services: the systemd services have been
installed for a long time already and are masking the sysv
scripts; those scripts existance only add confusion (boo#959908).
- Temp disable 2 old Conflicts that are breaking staging. These can
back in once there is a new release of avahi.
- Add avahi-0.6.31-invalid-packet.patch: do not spam logs for
invalid packets (boo#947140 bsc#948277).
- Sync up the multiple .spec files.
- Add avahi-outdated-URL.patch: Do not redirect users to
<http://0pointer.de/avahi-compat?s=libdns_sd&e=ntpd>, which no
longer exists, but bring them to the more generic blog entry
http://0pointer.de/blog/projects/avahi-compat.html (boo#914298).
- aws-cli
-
- Update to version 1.19.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.9/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.212
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.212/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.185
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.185/CHANGELOG.rst
- Rename README.md to README.rst in %doc section
- Update Requires in spec file from setup.py
- Update to version 1.18.156
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.156/CHANGELOG.rst
- Drop patches no longer required
+ hide_py_pckgmgmt.patch
- Update Requires in spec file from setup.py
- Update to version 1.18.133
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.133/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.18.117 (bsc#1175147, bsc#1175148, jsc#ECO-2362, jsc#PM-2069)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.117/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Rename README.rst to README.md in %docs section
- Update to version 1.18.98
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.79/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.18.79
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.79/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.18.38 (bsc#1166924, bsc#1168943)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.38/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Fix build on SLE-12
+ Add bash-completion to BuildRequires for suse_version <= 1315
- Update to version 1.18.35
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.35/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.18.27
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.27/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.18.0
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.0/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Install aws bash completetion script into system path
+ Install aws zsh completion script into /etc/zsh_completion.d
+ Update Requires in spec file from setup.py
- make it possible to find the package under the name "/awscli"/
- Add bash command completion capability (boo#1117074)
- Update to version 1.17.9
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.17.9/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.297
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.297/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.281
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.281/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.258
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.258/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Add groff as a dependency (boo# 1152258)
- Update to version 1.16.223 (bsc#1146853)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.223/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.189
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.189/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.182
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.182/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.176
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.176/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Relax version constraints for python-PyYAML and python-rsa
- Run fdupes to hardlink duplicate files
+ Add fdupes to BuildRequires
+ Add %fdupes invocation to %install
- Run recursive find with chmod to remove executable bit for
REST files in example folder to fix rpmlint warning
- Update to version 1.16.103
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.103/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.94
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.94/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.84
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.84/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.61 (bsc#1118021, bsc#1118024)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.61/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Relax version dependency on colorama to <= 0.4.1 (boo#1118099)
- Update to version 1.16.48
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.48/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.16.1 (bsc#1105988, bsc#1092493)
+ Fix CVE-2018-15869
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.16.1/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Replace vendored version of six from botocore with upstream version
+ Update Requires in spec file from setup.py
- Update to version 1.15.76
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.15.76/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Be less strict with the YAML version requirement
- Switch the license file to %license
- Update to version 1.15.63
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.15.63/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Update to version 1.15.40 (boo#1088310)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.15.40/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- Do not have description assume any particular user.
- Update to version 1.11.185 (boo#1066528)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.11.185/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
- Update to version 1.11.151
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.11.151/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
- Remove build capability for SLE 11
- Set up for Python 3 build distro > SLE 12 openSUSE Leap 42.x
- Update to version 1.11.104 (bsc#1044370)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.11.104/CHANGELOG.rst
- Update to 1.11.29 (bsc#1015776)
+ forward port hide_py_pckgmgmt.patch
+ feature:batch: Update batch command to latest version
+ feature:logs: Update logs command to latest version
+ feature:rds: Update rds command to latest version
+ feature:dms: Update dms command to latest version
+ feature:marketplacecommerceanalytics: Update marketplacecommerceanalytics
command to latest version
+ feature:elasticbeanstalk: Update elasticbeanstalk command to latest version
+ feature:sts: Update sts command to latest version
- From 1.11.28
+ feature:cloudfront: Add lambda function associations to cache behaviors.
+ feature:rds: Add cluster create data to DBCluster APIs.
+ bugfix:opsworks: This fixes an issue with opsworks register --local and
python3 on some versions of linux.
+ feature:waf-regional: With this new feature, customers can use AWS WAF
directly on Application Load Balancers in a VPC within available regions
to protect their websites and web services from malicious attacks such
as SQL injection, Cross Site Scripting, bad bots, etc.
- From 1.11.27
+ feature:config: Update config command to latest version
+ feature:sqs: Update sqs command to latest version
+ feature:s3: Update s3 command to latest version
- From 1.11.26
+ feature:sts: Update sts command to latest version
+ feature:config: Update config command to latest version
+ feature:ec2: Update ec2 command to latest version
+ feature:pinpoint: Update pinpoint command to latest version
- From 1.11.25
+ bugfix:opsworks-cm: Rename opsworkscm to opsworks-cm, keeping support
for opsworkscm.
- From 1.11.24
+ feature:pinpoint: Update pinpoint command to latest version
+ feature:lambda: Update lambda command to latest version
+ feature:directconnect: Update directconnect command to latest version
+ feature:alias: Add ability to alias commands in the CLI
+ feature:xray: Update xray command to latest version
+ feature:s3: Display transfer speed for s3 commands
+ feature:ssm: Update ssm command to latest version
+ feature:apigateway: Update apigateway command to latest version
+ feature:elasticbeanstalk: Update elasticbeanstalk command to latest version
+ feature:codebuild: Update codebuild command to latest version
+ feature:opsworkscm: Update opsworkscm command to latest version
+ feature:shield: Update shield command to latest version
+ feature:stepfunctions: Update stepfunctions command to latest version
+ feature:appstream: Update appstream command to latest version
+ feature:health: Update health command to latest version
+ feature:ec2: Update ec2 command to latest version
- From 1.11.23
+ feature:polly: Update polly command to latest version
+ feature:snowball: Update snowball command to latest version
+ feature:rekognition: Update rekognition command to latest version
+ feature:lightsail: Update lightsail command to latest version
+ feature:--generate-cli-skeleton output: Add support for generating
sample output for command
- From 1.11.22
+ feature:s3: Update s3 command to latest version
- From 1.11.21
+ feature:s3: Update s3 command to latest version
+ feature:glacier: Update glacier command to latest version
+ feature:cloudformation: Update cloudformation command to latest version
+ feature:route53: Update route53 command to latest version
- From 1.11.20
+ feature:ecs: Update ecs command to latest version
+ feature:cloudtrail: Update cloudtrail command to latest version
- From 1.11.19
+ feature:cloudformation deploy: Add command to simplify deployments
of cloudformation stack changes.
+ feature:emr: Update emr command to latest version
+ feature:lambda: Update lambda command to latest version
+ feature:elastictranscoder: Update elastictranscoder command to latest
version
+ feature:cloudformation package: Add command to package source code for
cloudfromation template.
+ feature:gamelift: Update gamelift command to latest version
+ feature:application-autoscaling: Update application-autoscaling
command to latest version
- From 1.11.18
+ bugfix:Powershell: Properly set return code on Powershell.
+ feature:cloudwatch: Update cloudwatch command to latest version
+ feature:sqs: Update sqs command to latest version
+ feature:apigateway: Update apigateway command to latest version
+ feature:meteringmarketplace: Update meteringmarketplace command to
latest version
- From 1.11.17
+ feature:route53: Update route53 command to latest version
+ feature:servicecatalog: Update servicecatalog command to latest version
- From 1.11.16
+ feature:kinesis: Update kinesis command to latest version
+ feature:ds: Update ds command to latest version
+ feature:elasticache: Update elasticache command to latest version
- From 1.11.15
+ feature:cognito-idp: Update cognito-idp command to latest version
- From 1.11.14
+ feature:cloudformation: Update cloudformation command to latest version
+ feature:logs: Update logs command to latest version
- From 1.11.13
+ feature:directconnect: Update directconnect command to latest version
- From 1.11.12
+ feature:ses: Update ses command to latest version
- From 1.11.11
+ bugfix:cloudtrail: Use STS instead of IAM in CreateSubscription
+ feature:cloudformation: Update cloudformation command to latest version
- From 1.11.10
+ feature:autoscaling: Update autoscaling command to latest version
+ feature:elbv2: Update elbv2 command to latest version
- From 1.11.9
+ feature:ecs: Update ecs command to latest version
+ feature:sms: Update sms command to latest version
- From 1.11.8
+ feature:waf: Update waf command to latest version
+ feature:s3: Port mv to s3transfer.
+ feature:budgets: Update budgets command to latest version
- From 1.11.7
+ feature:cloudfront: Update cloudfront command to latest version
+ feature:iot: Update iot command to latest version
+ feature:config: Update config command to latest version
+ feature:kinesisanalytics: Update kinesisanalytics command to latest version
+ feature:rds: Update rds command to latest version
- From 1.11.6
+ feature:route53: Update route53 command to latest version
+ feature:--region: Add support for us-east-2
- From 1.11.5
+ bugfix:s3 sync --delete: Fix regression where --delete would not delete
local files
- From 1.11.4
+ feature:elasticbeanstalk: Update elasticbeanstalk command to latest version
+ feature:gamelift: Update gamelift command to latest version
+ feature:s3: Integrate sync command with s3transfer
+ feature:acm: Update acm command to latest version
+ feature:s3: Output progress even when discovering new files to transfer
- From 1.11.3
+ bugfix:Pagination: Fix validation error when providing --no-paginate
with normalized paging argument.
+ feature:apigateway: Update apigateway command to latest version
+ feature:cloudfront: Update cloudfront command to latest version
+ feature:gamelift: Update gamelift command to latest version
+ feature:rds: Update rds command to latest version
+ feature:codedeploy: Update codedeploy command to latest version
+ feature:sns: Update sns command to latest version
+ feature:kms: Update kms command to latest version
+ feature:elasticache: Update elasticache command to latest version
+ feature:ecr: Update ecr command to latest version
- From 1.11.2
+ feature:s3: Update s3 command to latest version
+ feature:waf: Update waf command to latest version
+ feature:devicefarm: Update devicefarm command to latest version
+ feature:kms: Update kms command to latest version
+ feature:opsworks: Update opsworks command to latest version
+ bugfix:s3: Refactor rb into its own command. In addition, validate that
no key is supplied regardless of whether or not the force argument is
supplied.
+ bugfix:route53domains: Rename --end to --end-time to fix a bug relating
to argparse prefix expansion. Alias --start to --start-time to maintain
a consistent interface while keeping the old parameter.
+ feature:cognito-idp: Update cognito-idp command to latest version
- From 1.11.1
+ bugfix:s3: Fix regression when downloading empty files.
- From 1.11.0
+ feature:snowball: Update snowball command to latest version
+ feature:s3: Update s3 command to latest version
+ feature:ec2: Update ec2 command to latest version
+ feature:s3: Port cp and rm to s3transfer. Improve progress for those
commands, showing byte progress.
- Upstream version jump from 1.10.67 to 1.11.0
- update to 1.10.67
* more than 500 changes, have a look at
https://github.com/aws/aws-cli/compare/1.10.38...1.10.67
- Update to version 1.10.38 (bsc#985858)
+ forward port hide_py_pckgmgmt.patch
+ feature:acm: Update acm command to latest version
+ feature:ses: Update ses command to latest version
+ feature:rds: Update rds command to latest version
+ feature:cloudtrail: Update cloudtrail command to latest version
- From 1.10.37
+ feature:s3: Update s3 command to latest version
- From 1.10.36
+ feature:dynamodbstreams: Update dynamodbstreams command to latest version
+ feature:machinelearning: Update machinelearning command to latest version
+ feature:iot: Update iot command to latest version
+ bugfix:Pagination: Fix regression with --no-paginate introduced in
[#1958] (fixes #1993)
- From 1.10.35
+ feature:ec2: Update ec2 command to latest version
+ feature:application-autoscaling: Update application-autoscaling
command to latest version
- From 1.10.34
+ feature:elasticache: Update elasticache command to latest version
- From 1.10.33
+ feature:rds: Update rds command to latest version
+ feature:ec2: Update ec2 command to latest version
+ bugfix:help: Write help content to stdout if less is not installed.
Fixes #1957
- From 1.10.32
+ feature:firehose: Update firehose command to latest version
+ bugfix:Table: Fix rendering of tables with double-width characters.
+ feature:ec2: Update ec2 command to latest version
+ feature:ecs: Update ecs command to latest version
- From 1.10.31
+ feature:application-autoscaling: Adds support for Application Auto Scaling.
Application Auto Scaling is a general purpose Auto Scaling service for
supported elastic AWS resources. With Application Auto Scaling, you can
automatically scale your AWS resources, with an experience similar to
that of Auto Scaling.
- From 1.10.29
+ feature:dynamodb: Update dynamodb command to latest version
+ bugfix:Shorthand: Remove back-compat shorthand features from new services.
+ bugfix:Paginator: Print a better error when pagination params are
supplied along with no-paginate.
+ bugfix:ec2: Sets MaxResults to default value of 1000.
+ feature:workspaces: Update workspaces command to latest version
+ feature:discovery: Update discovery command to latest version
- From 1.10.28
+ feature:ec2: Update ec2 command to latest version
+ feature:ssm: Update ssm command to latest version
+ feature:discovery: Update discovery command to latest version
+ feature:cloudformation: Update cloudformation command to latest version
- From 1.10.27
+ feature:storagegateway: Update storagegateway command to latest version
+ feature:directconnect: Update directconnect command to latest version
+ feature:emr: Update emr command to latest version
+ feature:sqs: Update sqs command to latest version
+ feature:iam: Update iam command to latest version
- From 1.10.26
+ feature:kms: Update kms command to latest version
+ feature:sts: Update sts command to latest version
+ feature:apigateway: Update apigateway command to latest version
+ feature:ecs: Update ecs command to latest version
+ feature:s3: Update s3 command to latest version
+ feature:cloudtrail: Update cloudtrail command to latest version
- From 1.10.25
+ feature:inspector: Update inspector command to latest version
+ feature:codepipeline: Update codepipeline command to latest version
+ bugfix:Configure: Fix issue causing prompts not to display on mintty.
Fixes #1925
+ feature:elasticbeanstalk: Update elasticbeanstalk command to latest version
- From 1.10.24
+ feature:route53domains: Update route53domains command to latest version
+ feature:opsworks: Update opsworks command to latest version
- From 1.10.23
+ feature:ecr: Update ecr command to latest version
+ feature:acm: Update acm command to latest version
+ feature:ec2: Update ec2 command to latest version
+ feature:sts: Update sts command to latest version
+ feature:cognito-idp: Update cognito-idp command to latest version
- From 1.10.22
+ feature:emr: Add support for smart targeted resize feature
+ feature:iot: Add SQL RulesEngine version support
+ feature:acm: Add tagging support for ACM
- From 1.10.21
+ feature:aws ec2: Add support for two new EBS volume types
+ feature:aws cognito-idp: Add support for new service, aws cognito-idp
+ feature:aws kinesis: Update aws kinesis command to latest version
+ feature:aws elasticbeanstalk: Add support for automatic platform
version upgrades with managed updates
+ feature:aws devicefarm: Update aws devicefarm command to latest version
+ feature:aws s3: Add support for Amazon S3 Transfer Acceleration
+ feature:aws firehose: Update firehose command to latest version
- From 1.10.20
+ feature:iot: Add commands for managing CA certificates.
+ bugfix:ec2 wait: Fix issues with waiting on incorrect error code.
+ bugfix:s3: Fix issue where multipart uploads were not being properly
aborted after Cntrl-C. (issue 1905)
- Update to version 1.10.19 (bsc#974993)
+ forward port hide_py_pckgmgmt.patch
+ feature:lambda: Added support for setting the function runtime as
nodejs4.3, as well as updating function configuration to set the runtime.
+ feature:ds: Added support for Directory Service Conditional Forwarder APIs.
+ feature:elasticbeanstalk: Adds support for three additional elements in
AWS Elasticbeanstalk's DescribeInstancesHealthResponse: Deployment,
AvailabilityZone, and InstanceType. Additionally adds support for
increased EnvironmentName length from 23 to 40.
+ bugfix:Paginator: Allow non-specified input tokens in old starting token
format.
- From 1.10.18
+ feature:apigateway: Added support for API Import
+ feature:route53: Added support for metric-based health checks and
regional health checks.
+ feature:sts: Added support for GetCallerIdentity, which returns details
about the credentials used to make the API call. The details include name
and account, as well as the type of entity making the call, such as an
IAM user vs. federated user.
+ feature:s3api: Added support for VersionId in PutObjectAcl (issue 856)
+ bugfix:s3api: Add validation to enforce S3 metadata only contains ASCII.
(issue 861)
+ bugfix:Exceptions: Consistently parse errors with no body (issue 859)
+ bugfix:Config: Handle case where S3 config key is not a dict (issue 858)
- From 1.10.17
+ feature:acm: Update command to latest version
+ feature:cloudformation: Update command to latest version
+ feature:codedeploy: Update command to latest version
+ feature:dms: Update command to latest version
+ feature:elasticache: Update command to latest version
+ feature:elasticbeanstalk: Update command to latest version
+ feature:redshift: Update command to latest version
+ feature:waf: Update command to latest version
+ bugfix:Pagintor: Fix regression when providing a starting token for a
paginated command (botocore issue 849)
+ bugfix:Response Parsing: Handle case when generic HTML error response
is received (botocore issue 850)
+ bugfix:Request serialization: Handle case when non str values are
provided for header values when using signature version 4
(botocore issue 852)
+ bugfix:Retry: Retry HTTP responses with status code 502
(botocore issue 853)
+ bugfix:ec2 run-instances: Fix issue when providing
- -secondary-private-ip-address-count argument (issue 1874)
- From 1.10.16
+ feature:elasticache: Update command to latest version
+ feature:rds: Update command to latest version
+ feature:storagegateway: Update command to latest version
- from 1.10.15
+ feature:aws devicefarm: Add support to pay a flat monthly fee for
unlimited testing of your Android and iOS apps with AWS Device Farm
device slots
+ feature:aws rds: Add support for customizing the order in which Aurora
Replicas are promoted to primary instance during a failover
- From 1.10.14
+ feature:meteringmarketplace: The AWS Marketplace Metering Service
enables sellers to price their products along new pricing dimensions.
After a integrating their product with the AWS Marketplace Metering
Service, that product will emit an hourly record capturing the usage of
any single pricing dimension. Buyers can easily subscribe to software
priced by this new dimension on the AWS Marketplace website and only
pay for what they use.
+ feature:s3api: Added support for delete marker and abort multipart
upload lifecycle configuration.
+ feature:iot: Added support for Amazon Elasticsearch Service and
Amazon Cloudwatch actions for the AWS IoT rules engine.
+ feature:cloudhsm: Added support for tagging resources.
- From 1.10.13
+ feature:DMS: Added support for AWS Database Migration Service
+ feature:SES: Added support for white-labeling
+ feature:CodeDeploy: Added support for BatchGetDeploymentGroups
+ feature:endpoints: Updated endpoints to latest version
+ bugfix:groff: Fix groff command which was causing issues on some systems
+ bugfix:shorthand: Allow # in keys in the shorthand parser
- From 1.10.12
+ feature:gamelift: Update command to latest version
+ feature:iam: Update command to latest version
+ feature:redshift: Update command to latest version
- From 1.10.11
+ feature:acm: Update acm command to latest version
+ feature:codecommit: Update codecommit model to latest version
+ feature:config: Update config command to latest version
+ feature:devicefarm: Update devicefarm command to latest version
+ feature:directconnect: Update directconnect command to latest version
+ feature:events: Update events command to latest version
+ bugfix:aws s3 cp: Add error checking when attempting recursive copies
or syncs with streaming output (issue 1771)
- From 1.10.10
+ feature:aws ec2: Add support for VPC peering with security groups.
+ feature:aws ds: Add support for SNS event notifications.
+ bugfix:aws s3 rb: Fix issue where bucket is still attempted to be
removed when the preceding delete requests failed. (issue 1827)
+ bugfix:aws storagegateway: Fix issue in aliasing required args.
(issue 1790)
- From 1.10.9
+ bugfix:aws s3: Avoid MD5 checksumming if unavailable. (issue 1812)
+ feature:aws dynamodb: Add support for describing limits.
+ feature:aws apigateway: Add support for testing invoke authorizers
and flushing stage authorizers cache.
+ feature:aws cloudsearchdomain: Add support for new stat fields.
- From 1.10.8
+ bugfix:aws s3: Disable use of MD5 when SHA256 checksum is already
calculated for the body (botocore issue 804)
+ bugfix:FIPS: Handle case where MD5 cipher is not available on FIPS
compliant systems (botocore issue 807)
+ feature:aws cloudformation: Update AWS CloudFormation command to the
latest version
+ feature:aws logs: Update Amazon CloudWatch Logs command to the latest
version
+ feature:aws ses: Update Amazon SES to the latest version
+ feature:aws autoscaling: Update Auto Scaling to the latest version
- From 1.10.7
+ bug:aws configure set: Fix issue when adding entries to an empty
profile section (issue 1806)
+ feature:aws route53: Add suport for SNI health checks
- From 1.10.6
+ feature:aws storagegateway: Added support for user-supplied barcodes.
+ feature:aws codedeploy: Added support for setting up triggers for a
deployment group.
+ bugfix:aws emr: Fix missing dns name issue with private clusters.
(issue 1749)
+ bugfix:aws emr: Fix issue where impala args were not joined with commas.
(issue 1802)
- From 1.10.5
+ feature:aws rds: Added support for Cross-account Encrypted (KMS) snapshot
sharing.
+ feature:aws emr: Added support for adding EBS storage to EMR instances.
+ bugfix:pagination: Fixed a bug that was causing non-string service
tokens to fail on serialization
- From 1.10.4
+ feature:aws lambda: Add support for accessing resources in your VPC.
+ feature:aws apigateway: Add support for custom request authorizers.
- From 1.10.3
+ feature:aws cloudfront: Add support for new ACMCertificateARN parameter
+ feature:aws marketplacecommerceanalytics generate-data-set: Add support
for --customer-defined-values parameter
- From 1.10.2
+ feature:aws gamelift: Add support for AWS GameLift
+ bugfix:Assume Role: Fix issue where temporary credentials from assuming
a role were not being properly cached (issue 1684)
- From 1.10.1
+ feature:aws waf: Add support for blocking, allowing, or monitoring
(count) requests based on the content in HTTP request bodies.
+ bugfix:aws ssm: Remove constraint on Amazon EC2 instance id's.
(issue 1729)
- From 1.10.0
+ feature:aws acm: adds support for AWS Certificate Manager
+ feature:aws cloudfront: adds support for AWS Certificate Manager
certificates
+ feature:aws cloudfront create-distribution: Adds support for
- -origin-domain-name and --default-root-object
+ feature:aws cloudfront update-distribution: Adds support for
- -default-root-object
+ feature:aws iot: adds support for topic rules
+ feature:aws cloudformation: adds suport for ContinueUpdateRollback
- From 1.9.21
+ feature:aws sts: now returns RegionDisabledException instead of
AccessDenied when a user sends an API request to an STS regional
endpoint that is not activated for that AWS account. This enables
customers to more easily decide how to respond, such as by trying to
call a different region instead of simply failing the call.
+ feature:aws opsworks: adds support for new enums.
+ feature:aws devicefarm: adds support running Appium tests written in
Python against your native, hybrid and browser-based apps on AWS Device
Farm.
- From 1.9.20
+ bugfix:aws cloudfront: Fix regression in waiters.
- From 1.9.19
+ feature:aws events: Initial support for Amazon CloudWatch Events.
CloudWatch Events allows you to track changes to your AWS resources
with less overhead and greater efficiency.
+ feature:aws ec2: Adds support for purchasing reserved capacity for
specific blocks of time on a one-time of recurring basis.
+ feature:aws cloudfront: Adds support for HTTPS-only connections, and
control of edge-to-origin request headers.
+ bugfix:aws s3: Gracefully handle encoding errors when printing S3
keys (issue 1719)
- From 1.9.18
+ feature:aws ec2: Enables support for DNS resolution of public hostnames
to private IP addresses when queried over ClassicLink. Additionally, you
can now access private hosted zones associated with your VPC from a
linked EC2-Classic instance. ClassicLink DNS support makes it easier
for EC2-Classic instances to communicate with VPC resources using public
DNS hostnames.
+ feature:aws ec2: Add support for the new 63-bit EC2 Instance and
Reservation IDs.
- From 1.9.17
+ bugfix:aws ssm: Documentation update.
- From 1.9.16
+ feature:aws ec2: Add new EC2 instance type: t2.nano
+ feature:aws datapipeline list-runs: Add support for output format
- From 1.9.15
+ feature:aws ecr: Add aws ecr commands
+ feature:aws emr: Update aws emr create-cluster to accept Amazon EC2
security group
+ feature:aws ecs: Update ecs command to include a new deployment option
- From 1.9.14
+ feature:aws rds: Adds Enhanced Monitoring support so that you can
monitor operating system metrics for your RDS DB instances
+ feature:aws configservice: Support for IAM resource types
+ feature:aws cloudtrail: Adds isMultiRegion to some of the commands
+ feature:aws cloudfront: Adds support for gzip
+ feature:aws ec2: Adds new commands for VPC Managed NAT
- From 1.9.13
+ feature:aws ec2 copy-image: Adds two optional parameters to support
launching EC2 instances with EBS encrypted boot volumes.
+ bugfix:aws: Fix regression when using AWS_DATA_PATH environment
variable (issue 736)
- Update to version 1.9.12 (bsc#958686)
+ feature:aws configure add-model: Added command for updating commands
in the CLI and clients in boto3. (issue 1664)
+ feature:aws cloudfront create-invalidation: Add a new --paths option.
(issue 1662)
+ feature:aws cloudfront sign: Add a new command to create a signed url.
(issue 1668)
+ feature:aws autoscaling: Added support for protecting instances from
scale-in events.
+ feature:aws rds: Added support for Aurora encryption at rest.
- From version 1.9.11
+ feature:aws rds: Added support for specifying port number.
+ feature:aws ds: Added support for Microsoft ActiveDirctory.
+ feature:aws route53: Added support for TrafficFlow, a new management
and modeling layer for Route53.
+ feature:Timeouts: Added additonal options for configuring socket timeouts.
- From version 1.9.10
+ feature:aws config: Added support for dedicated hosts.
+ feature:aws s3: Added support for custom metadata in cp, mv, and sync.
- From version 1.9.9
+ feature:aws s3api: Added support for the aws-exec-read canned ACL on
objects.
+ feature:aws elasticbeanstalk: Added support for composable web applications.
+ feature:aws ec2: Added support for EC2 dedicated hosts.
+ feature:aws ecs: Added support for task stopped reasons and task start
and stop times.
- From version 1.9.8
+ feature:Read Timeouts: Add --cli-read-timeout to specify the number of
seconds until a read times out.
+ bugfix:aws s3: Fix regression when downloading a restored Glacier object
(issue 1650 <https://github.com/aws/aws-cli/pull/1650>__)
+ bugfix:aws s3: Fix issue when encountering "/out of disk space"/ errors as
well as permissions errors when downloading large files (issue 1645,
issue 1442)
+ bugfix:aws opsworks register: Support --no-verify-ssl argument for the
aws opsworks register command (issue 1632)
+ feature:s3: Add support for Server-Side Encryption with KMS and
Server-Side Encryption with Customer-Provided Keys. (issue 1623)
- From version 1.9.7
+ feature:aws rds: Cross account snapshot sharing and Modify DB Instance
Visibility features
+ bugfix:memory management: Resolve a potential memory leak when creating
lots of clients on Python 2.6 and Linux 2.6
+ bugfix:presign url: Now generate_presigned_url() works correctly with
different expiry time
- From version 1.9.6
+ bugfix:shorthand: Allow . as a valid key character. (issue 1628)
+ feature:aws apigateway: Support for stage variables to configure
the different deployment stages
- From version 1.9.5
+ bugfix:aws help: Gracefully handle Ctrl-C interrupts. (issue 1619)
+ bugfix:aws datapipeline create-default-roles: Fix issue with error
handling. (issue 1618)
+ bugfix:aws s3: Skip glacier objects when downloading from S3. (issue 1581)
+ feature:aws s3api: Auto-populate --copy-source-sse-customer-key-md5
(botocore issue 709)
- From version 1.9.4
+ feature:aws datapipeline create-default-roles: Creates default IAM
roles for creating EMR clusters. (issue 1616)
+ feature:aws devicefarm: Add commands for updating and deleting projects,
device pools, uploads, and runs.
- From version 1.9.3
+ feature:aws iam: Add support for resource-level policy simulation
- From version 1.9.2
+ bugfix:aws s3: Fix some local path validation issues (issue 1575)
+ bugfix:aws storagegateway: Fix --tape-ar-ns, --volume-ar-ns, and
- -vtl-device-ar-ns to --tape-arns, --volume-arns, and --vtl-device-arns,
respectively. The old arguments are still supported for backwards
compatibility, but are no longer documented. (issue 1599)
+ bugfix:aws configservice subscribe: Fix an issue when creating a new
S3 bucket (issue 1593)
+ bugfix:aws apigateway put-integration: Fix issue with --uri and
- -integration-http-method parameters (issue 1605)
- From version 1.9.1
+ feature:aws ssm: Add support for Amazon EC2 Run Command
+ feature:aws apigateway: Add support for Amazon API Gateway
- From version 1.9.0
+ feature:aws iam: Add policy simulator support
+ feature:aws autoscaling: Add support for launch configurations
that include encrypted Amazon Elastic Block Store (EBS) volumes
+ feature:configure: Add support for ca_bundle config variable
+ feature:Assume Role: Add role_session_name config variable to control
the RoleSessionName when assuming roles (issue 1389)
+ bug:Argument Parsing: Handle case when empty list parameter was
specified with no value (issue 838)
- From version 1.8.13
+ feature:aws deploy: Compress zip files when using aws deploy push
(issue 1534 <https://github.com/aws/aws-cli/pull/1534>--)
+ bugfix:Shorthand Parser: Fix issue when display error message for
multiline shorthand syntax values (issue 1543)
+ bugfix:aws route53: Automatically retry Throttling and
PriorRequestNotComplete errors (botocore issue 682)
+ feature:aws s3/s3api: Add support for changing the bucket addressing
style (botocore issue 673)
+ bugfix:aws s3api: Add missing --server-side-encryption option to
upload-part command
+ feature:aws kms: Add ability to delete customer master keys (CMKs)
- Update to version 1.8.12 (bsc#949877)
+ feature:aws iot: Add support for AWS IoT
+ feature:aws iot-data: Add support for AWS IoT Data Plane
+ feature:aws lambda: Add support for aliasing and function versioning
+ feature:aws ecs: Update commands
+ feature:aws marketplacecommerceanalytics: Add support for AWS
Marketplace Commerce Analytics
+ feature:aws firehose: Add support for Amazon Kinesis Firehose
+ feature:aws inspector: Add support for Amazon Inspector
+ feature:aws kinesis: Add support for updating stream retention periods
+ feature:aws configservice: Add support for config rules
+ feature:aws waf: Add support for AWS WAF
+ feature:aws ec2: Add support for spot blocks
+ feature:aws cloudfront: Add support for adding Web ACLs to CloudFront
distributions
+ feature:aws es: Adds support for the new Amazon Elasticsearch
+ feature:aws cloudtrail: Adds support for log file integrity validation,
log encryption with AWS KMS-Managed Keys (SSE-KMS), and trail tagging.
+ feature:aws rds create-db-instance: --db-instance-class has a new value
as db.t2.large
+ feature:aws workspaces: Adds support for volume encryption in Amazon
WorkSpaces.
+ feature:aws ses: Adds 17 new operations for accepting incoming emails.
+ feature:aws cloudformation describe-account-limits: This is a new API.
+ feature:aws ec2 modify-spot-fleet-request: This is a new API.
+ bugfix:aws elasticbeanstalk: Documentation update.
+ feature:aws cognito-sync: Update API to latest version
+ feature:aws cognito-identity: Update API to latest version
+ bugfix:Assume Role Provider: Fix issue where profile does not exist
errors were not being propogated back to the user (issue 1515)
+ bugfix:Shorthand Syntax: Fix parser regression when a key name has an
underscore character (issue 1510)
+ feature:aws s3: Add support for STANDARD_IA storage class to the aws s3
commands (issue 1511)
+ feature:aws logs: Add support for create-export-task, cancel-export-task,
and describe-export-tasks.
+ bugfix:Output: Only omit printing response to stdout if the response is
an empty dictionary (issue 1496)
+ feature:aws s3/s3api: Update Amazon S3 commands to the latest version
+ feature:aws ec2 request-spot-fleet: Add new Diversified bidding strategy
parameter
+ feature:aws ec2 describe-snapshots: Add new dataEncryptionKeyId and
StateMessage parameters
+ feature:aws efs describe-mount-targets: Add new optional MountTargetId
parameter
+ feature:aws route53: Add calculated health checks and latency health checks
+ bugfix:StreamingBody: File-like object for HTTP response can now be
properly closed
+ feature:aws iam: Add two new APIs that enable programmatic access to
the IAM policy simulator
+ feature:aws importexport: Documentation update
+ bugfix:aws machinelearning: Remove a constraint
+ feature:aws kinesis get-records: Add a timestamp field to all Records
+ bugfix:aws cloudfront: Add paginators and waiters
+ feature:aws storagegateway: Add support for resource tagging.
+ feature:aws ec2 request-spot-fleet: Add support for new request config
parameters
+ bugfix:Shorthand Parser: Fix regression where '-' character was not
accepted as a key name in a shorthand value (issue 1470)
+ bugfix:Shorthand Parser: Fix regression where spaces in unquoted
values were not being accepted (issue 1471)
+ feature:aws configservice: Add support for listing discovered resources
+ bugfix:aws emr create-default-roles: Fix the issue where the command
would fail to honor an existing AWS_CA_BUNDLE environment setting and
end up with "/SSLError: object has no attribute"/ (issue 1468)
+ feature:Shorthand Syntax: Add support for nested hashes when using
shorthand syntax (issue 1444)
+ feature:aws codepipeline: Add support for specification of an encryption
key to use with the artifact bucket, when creating and updating a pipeline
+ feature:aws s3: Add support for event notification filters
+ bugfix:aws iam create-virtual-mfa-device: Fix issue when an error
response is received from the create-virtual-mfa-device command (issue 1447)
+ feature:aws elasticbeanstalk: Add support for enhanced health reporting
in aws elasticbeanstalk commands
+ feature:Shared Credentials File: Add support for changing the shared
credentials file from the default location of ~/.aws/credentials
by setting the AWS_SHARED_CREDENTIALS_FILE environment variable
(botocore issue 623)
+ feature:Waiters: Add aws iam wait instance-profile-exists and aws
iam wait user-exists commands (botocore issue)
+ feature:aws swf: Add support for Added support for invoking AWS
Lambda tasks from an Amazon SWF workflow.
+ feature:aws devicefarm: Add support for testing iOS applications
with AWS Device Farm.
- update to version 1.7.42 (fate#318337)
- feature:``aws opsworks``: Add support for managing Amazon ECS
- feature:``aws rds``: Add support for Amazon Aurora
- feature:``aws s3api``: Add support for more types of event notifications.
- feature:``aws s3api``: Add support for GET/HEAD storage class response
- feature:``aws logs``: Add destination API support.
- feature:``aws glacier``: Add support for Vault Lock.
- feature:``aws emr``: Add support for release-based clusters.
- feature:``aws ecs``: Update API
- update to version 1.7.31 (bnc#905354)
- Follow up to previous update to address API compatibility issues
with botocore
- Improved lambda support
- Add support for uploading code using Amazon S3
- Preview services are now documented
and will also show up in the list of available services
+ From 1.7.30
- Add support for ``aws efs``
- Add paginators and waiters for ``aws ecs``
- update to version 1.7.29 (bnc#905354)
+ Follow up to previous update to address compatibility with latest
amazon-ecs-agent
+ From 1.7.28
- feature:aws ec2: Add support for Spot Fleet.
- feature:aws opsworks: Add support for custom AutoScaling.
- feature:aws elasticbeanstalk: Update model to latest version.
+ From 1.7.27
- feature:aws ds: Add support for AWS Directory Service.
- feature:aws ec2: Add support for VPC endpoints for Amazon S3.
- feature:aws ec2: Add support for EIP Migration.
- feature:aws logs: Add support for filtering log events.
+ From 1.7.26
- feature:aws glacier: Add support for vault policies.
- bugfix:aws iam create-open-id-connect-provider: Fix issue where the
- -url parameter would try to retrieve the contents from the url instead
of use the url as its value. (issue 1317)
- bugfix:aws workspaces: Fix issue where throttling errors were not
being retried (botocore issue 529)
+ From 1.7.25
- feature:aws dynamodb query: Add support for KeyConditonExpression.
+ From 1.7.24
- feature:aws help topics: Add support for listing available help topics.
- feature:aws help config-vars: Add help topic for configuration variables.
- feature:aws help return-codes: Add help topic for return codes.
- feature:aws help s3-config: Add help topic for configuration of s3
commands.
- bugfix:aws lambda create-function/update-function-code: Improve
error message when invalid --zip-file values are provided (issue 1296)
- feature:aws ec2: Add support for new VM Import APIs, including
import-image. The new APIs provide support for importing multi-volume
VMs to Amazon EC2 and other enhancements.
- feature:aws iam: Update AWS IAM command to latest version
+ From 1.7.23
- feature:aws cognito-sync: Add support for Amazon Cognito Events.
- bugfix:Parsing: Treat empty XML nodes in a response as an empty
string instead of None if the underlying structure member is a string.
This fixes the broken password-data-available Amazon EC2 waiter. Note:
this changes the output of the CLI and may affect filtering with the
- -query parameter. (issue 1252, botocore issue 506)
+ From 1.7.22
- bugfix:aws ecs: Minor documentation fixes.
+ From 1.7.21
- feature:aws workspaces: Add support for Amazon WorkSpaces.
- feature:aws machinelearning: Add support for Amazon Machine Learning.
- feature:aws s3api: Add support for specifying Lambda bucket
notifications without needing to specify an invocation role.
- feature:aws lambda: Update to latest api.
- feature:aws ecs: Add support for Amazon ECS Service scheduler.
+ From 1.7.20
- feature:aws datapipeline: Add support for deactivating pipelines.
- feature:aws elasticbeanstalk: Add support for cancelling in-progress
environment updates or application version deployment.
+ From 1.7.19
- feature:aws codedeploy: Add register, deregister, install, and
uninstall commands and update to the latest AWS CodeDeploy API.
- feature:aws rds: Add support for describe-certificates.
- feature:aws elastictranscoder: Add support for PlayReady DRM.
- feature:aws ec2: Add support for D2 instances.
+ From 1.7.18
- bugfix:Pagination: Fix issue where disabling pagination did not work
when shadowing arguments. Affects commands such as aws route53
list-resource-record-sets.
- feature:aws elastictranscoder: Add support for job timing and
input/output metadata
- feature:aws iam: Add NamedPolicy to GetAccountAuthorization details
- feature:aws opsworks: Allow for BlockDeviceMapping on EC2 instances
launched through OpsWorks
+ From 1.7.17
- feature:aws emr: Adds support for Amazon S3 client-side encryption
in Amazon EMR and setting configuration values for several variables
in the create-cluster and ssh commands. Also, the create-default-roles
command will now auto-populate the Service Role and Instance Profile
variables in the configuration file with the default roles after they
are created.
+ From 1.7.16
- feature:aws ec2 wait image-available: Add support for polling until
an EC2 image is available (issue 1105)
- feature:aws ec2 wait: Add support for additional EC2 waiters including
instance-status-ok, password-data-available,
spot-instance-request-fulfilled, and system-status-ok
- feature:aws s3api: Add support for Amazon S3 cross region replication
- feature:aws s3api: Add support for Amazon S3 requester pays (issue 797)
- bugfix:Tab Completion: Fix issue where tab completion could not handle
an LC_CTYPE of UTF-8 (issue 1233)
- bugfix:aws s3api put-bucket-notification: Fix issue where an empty
notification configuration could not be specified (botocore issue 495)
- bugfix:aws cloudfront: Fix issue when calling cloudfront commands
(issue 1234)
- bugfix:aws ec2 copy-snapshot: Fix issue with the aws ec2 copy-snapshot
command not correctly generating the presigned url argument
(botocore issue 498)
+ From 1.7.15
- feature:aws elastictranscoder: Add support for Applied Color
SpaceConversion.
- bugfix:aws --profile: Fix issue where explicitly specifying profile
did not override credential environment variables. (botocore issue 486)
- bugfix:aws datapipeline list-runs: Fix issue with --schedule-interval
parameter. (issue 1225)
- bugfix:aws configservice subscribe: Fix issue where users could not
subscribe to a s3 bucket that they had no HeadBucket permissions to.
(issue 1223)
- bugfix:aws cloudtrail create-subscription: Fix issue where command
would try to fetch the contents at a url using the contents of the
custom policy as the url. (issue 1216)
+ From 1.7.14
- feature:aws logs: Update aws logs command to the latest model.
- feature:aws ec2: Add paginators for the describe-snapshots sub-command.
- feature:aws cloudtrail: Add support for the new lookup-events
sub-command.
- bugfix:aws configure set: Fix issue when setting nested configuration
values
- feature:aws s3: Add support for --metadata-directive that allows
metadata to be copied or replaced for single part copies. (issue 1188)
+ From 1.7.13
- feature:aws cloudsearch: Update aws cloudsearch command to the latest
model
- feature:aws cognito-sync: Update aws cognito-sync command to allow
customers to receive near-realtime updates as their data changes as
well as exporting historical data. Customers configure an Amazon
Kinesis stream to receive the data which can then be processed and
exported to other data stores such as Amazon Redshift.
- bugfix:aws opsworks: Fix issue with platform detection on linux
systems with python3.3 and higher (issue 1199)
- feature:Help Paging: Support paging through more when running help
commands on windows (issue 1195)
- bugfix:aws s3: Fix issue where read timeouts were not retried.
(issue 1191)
- feature:aws cloudtrail: Add support for regionalized policy templates
for the create-subscription and update-subscription commands.
(issue 1167)
- bugfix:parsing: Fix issue where if there is a square bracket inside
one of the values of a list, the end character would get removed.
(issue 1183)
+ From 1.7.12
- feature:aws datapipeline: Add support for tagging.
- feature:aws route53: Add support for listing hosted zones by name
and getting the hosted zone count.
- bugfix:aws s3 sync: Remove --recursive parameter. The sync command is
always a recursive operation meaning the inclusion or exclusion of
- -recursive had no effect on the sync command. (issue 1171)
- bugfix:aws s3: Fix issue where --endpoint-url was being ignored
(issue 1142)
+ From 1.7.11
- bugfix:aws sts: Allow calling assume-role-with-saml without credentials.
- bugfix:aws sts: Allow users to make regionalized STS calls by
specifying the STS endpoint with --endpoint-url and the region with
- -region. (botocore issue 464)
+ From 1.7.10
- bugfix:aws sts: Fix regression where if a region was not activated
for STS it would raise an error if call was made to that region.
+ From 1.7.9
- feature:aws cloudfront: Update to latest API
- feature:aws sts: Add support for STS regionalized calls
- feature:aws ssm: Add support for Amazon Simple Systems Management
Service (SSM)
+ From 1.7.8
- bugfix:aws s3: Fix auth errors when uploading large files to the
eu-central-1 and cn-north-1 regions (botocore issue 462)
+ From 1.7.7
- bugfix:aws ec2 revoke-security-group-ingress: Fix parsing of a
- -port value of ICMP echo request (issue 1075)
- feature:aws iam: Add support for managed policies
- feature:aws elasticache: Add support for tagging
- feature:aws route53domains: Add support for tagging of domains
+ From 1.7.6
- feature:aws dynamodb: Add support for index scan
- bugfix:aws s3: Fix issue where literal value for --website-redirect
was not being used. (issue 1137)
- bugfix:aws sqs purge-queue: Fix issue with the processing of the
- -queue-url parameter (issue 1126)
- feature:aws s3: Add support for config variable for changing S3 runtime
values (issue 1122)
- bugfix:Proxies: Fix issue with SSL certificate validation when using
proxies and python 2.7.9 (botocore issue 451)
+ From 1.7.5
- bugfix:aws datapipeline list-runs: Fix issue where --status values
where not being serialized correctly (issue 1110)
- bugfix:Output Formatting: Handle broken pipe errors when piping the
output to another program (issue 1113)
- bugfix:HTTP Proxy: Fix issue where aws s3/s3api commands would hang
when using an HTTP proxy (issue 1116)
- feature:aws elasticache wait: Add waiters for the aws elasticache
wait (botocore issue 443)
- bugfix:Locale Settings: Fix issue when Mac OS X has an LC_CTYPE value
of UTF-8 (issue 945)
+ From 1.7.4
- feature:aws dynamodb: Add support for online indexing.
- feature:aws importexport get-shipping-label: Add support for
get-shipping-label.
- feature:aws s3 ls: Add --human-readable and --summarize options
(issue 1103)
- bugfix:aws kinesis put-records: Fix issue with base64 encoding for
blob types (botocore issue 413)
+ From 1.7.3
- feature:aws emr: Add support for security groups.
- feature:aws cognitio-identity: Enhance authentication flow by beingi
able to save associations of IAM roles with identity pools.
+ From 1.7.2
- feature:aws autoscaling: Add ClassicLink support.
- bugfix:aws s3: Fix issue where mtime was set before file was finished
downloading. (issue 1102)
- Update to version 1.7.1 (bnc#905354)
+ bugfix:``aws s3 cp``: Fix issue with parts of a file being
downloaded more than once when streaming to stdout
(`issue 1087 <https://github.com/aws/aws-cli/pull/1087>`__)
+ bugfix:``--no-sign-request``: Fix issue where requests were still trying to
be signed even though user used the ``--no-sign-request`` flag.
(`botocore issue 433 <https://github.com/boto/botocore/pull/433>`__)
+ bugfix:``aws cloudsearchdomain search``: Fix invalid signatures when
using the ``aws cloudsearchdomain search`` command
(`issue 976 <https://github.com/aws/aws-cli/issues/976>`__)
+ feature:``aws cloudhsm``: Add support for AWS CloudHSM.
+ feature:``aws ecs``: Add support for ``aws ecs``, the Amazon EC2
Container Service (ECS)
+ feature:``aws rds``: Add Encryption at Rest and CloudHSM Support.
+ feature:``aws ec2``: Add Classic Link support
+ feature:``aws cloudsearch``: Update ``aws cloudsearch`` command
to latest version
+ bugfix:``aws cloudfront wait``: Fix issue where wait commands did not
stop waiting when a success state was reached.
(`botocore issue 426 <https://github.com/boto/botocore/pull/426>`_)
+ bugfix:``aws ec2 run-instances``: Allow binary files to be passed to
``--user-data``
(`botocore issue 416 <https://github.com/boto/botocore/pull/416>`_)
+ bugfix:``aws cloudsearchdomain suggest``: Add ``--suggest-query``
option to fix the argument being shadowed by the top level
``--query`` option.
(`issue 1068 <https://github.com/aws/aws-cli/pull/1068>`__)
+ bugfix:``aws emr``: Fix issue with endpoints for ``eu-central-1`` and
``cn-north-1``
(`botocore issue 423 <https://github.com/boto/botocore/pull/423>`__)
+ bugfix:``aws s3``: Fix issue where empty XML nodes are now parsed
as an empty string ``"/"/`` instead of ``null``, which allows for
round tripping ``aws s3 get/put-bucket-lifecycle``
(`issue 1076 <https://github.com/aws/aws-cli/issues/1076>`__)
+ bugfix:AssumeRole: Fix issue with cache filenames when assuming a role
on Windows
(`issue 1063 <https://github.com/aws/aws-cli/issues/1063>`__)
+ bugfix:``aws s3 ls``: Fix issue when listing Amazon S3 objects containing
non-ascii characters in eu-central-1
(`issue 1046 <https://github.com/aws/aws-cli/issues/1046>`__)
+ feature:``aws storagegateway``: Update the ``aws storagegateway`` command
to the latest version
+ feature:``aws emr``: Update the ``aws emr`` command to the latest
version
+ bugfix:``aws emr create-cluster``: Fix script runnner jar to the current
region location when ``--enable-debugging`` is specified in the
``aws emr create-cluster`` command
+ bugfix:``aws datapipeline get-pipeline-definition``: Rename operation
parameter ``--version`` to ``--pipeline-version`` to avoid shadowing
a built in parameter
(`issue 1058 <https://github.com/aws/aws-cli/pull/1058>`__)
+ bugfix:pip installation: Fix issue where pip installations would cause
an error due to the system's python configuration
(`issue 1051 <https://github.com/aws/aws-cli/issues/1051>`__)
+ feature:``aws elastictranscoder``: Update the ``aws elastictranscoder``
command to the latest version
+ bugfix:Non-ascii chars: Fix issue where escape sequences were being printed
instead of the non-ascii chars
(`issue 1048 <https://github.com/aws/aws-cli/issues/1048>`__)
+ bugfix:``aws iam create-virtual-mfa-device``: Fix issue with ``--outfile``
not supporting relative paths
(`issue 1002 <https://github.com/aws/aws-cli/pull/1002>`__)
+ feature:``aws sqs``: Add support for Amazon Simple Queue Service purge queue
which allows users to delete the messages in their queue.
+ feature:``aws opsworks``: Add AWS OpsWorks support for registering and
assigning existing Amazon EC2 instances and on-premises servers.
+ feature:``aws opsworks register``: Registers an EC2 instance or machine with
AWS OpsWorks. Registering a machine using this command will install the
AWS OpsWorks agent on the target machine and register it with an existing
OpsWorks stack.
+ bugfix:``aws s3``: Fix issue with expired signatures when retrying
failed requests
(`botocore issue 399 <https://github.com/boto/botocore/pull/399>`__)
+ bugfix:``aws cloudformation get-template``: Fix error message when
template does not exist
(`issue 1044 <https://github.com/aws/aws-cli/issues/1044>`__)
+ feature:``aws kinesis put-records``: Add support for PutRecord operation. It
writes multiple data records from a producer into an Amazon Kinesis
stream in a single call
+ feature:``aws iam get-account-authorization-details``: Add support for
GetAccountAuthorizationDetails operation. It retrieves information about
all IAM users, groups, and roles in your account, including their
relationships to one another and their attached policies.
+ feature:``aws route53 update-hosted-zone-comment``: Add support for updating
the comment of a hosted zone.
+ bugfix:Timestamp Arguments: Fix issue where certain timestamps were not
being accepted as valid input
(`botocore issue 389 <https://github.com/boto/botocore/pull/389>`__)
+ bugfix:``aws s3``: Skip files whose names cannot be properly decoded
(`issue 1038 <https://github.com/aws/aws-cli/pull/1038>`__)
+ bugfix:``aws kinesis put-record``: Fix issue where ``--data`` argument
was not being base64 encoded
(`issue 1033 <https://github.com/aws/aws-cli/issues/1033>`__)
+ bugfix:``aws cloudwatch put-metric-data``: Fix issue where the
values for ``--statistic-values`` were not being parsed properly
(`issue 1036 <https://github.com/aws/aws-cli/issues/1036>`__)
+ feature:``aws datapipeline``: Add support for using AWS Data Pipeline
templates to create pipelines and bind values to parameters in the pipeline
+ feature:``aws elastictranscoder``: Add support for encryption of files in
Amazon S3
+ bugfix:``aws s3``: Fix issue where requests were not being
resigned correctly when using Signature Version 4
(`botocore issue 388 <https://github.com/boto/botocore/pull/388>`__)
+ bugfix:``aws s3``: Fix issue where KMS encrypted objects could not be
downloaded
(`issue 1026 <https://github.com/aws/aws-cli/pull/1026>`__)
+ bugfix:``aws s3``: Fix issue where datetime's were not being
parsed properly when a profile was specified
(`issue 1020 <https://github.com/aws/aws-cli/issues/1020>`__)
+ bugfix:Assume Role Credential Provider: Fix issue with parsing
expiry time from assume role credential provider
(`botocore issue 387 <https://github.com/boto/botocore/pull/387>`__)
+ feature:``aws redshift``: Add support for integration with KMS
+ bugfix:``aws cloudtrail create-subscription``: Set a bucket config
location constraint on buckets created outside of us-east-1.
(`issue 1013 <https://github.com/aws/aws-cli/pull/1013>`__)
+ bugfix:``aws deploy push``: Fix s3 multipart uploads
+ bugfix:``aws s3 ls``: Fix return codes for non existing objects
(`issue 1008 <https://github.com/aws/aws-cli/pull/1008>`__)
+ bugfix:Retrying Signed Requests: Fix issue where requests using
Signature Version 4 signed with temporary credentials were not
being retried properly, resulting in auth errors
(`botocore issue 379 <https://github.com/boto/botocore/pull/379>`__)
+ bugfix:``aws s3api get-bucket-location``: Fix issue where getting the
bucket location for a bucket in eu-central-1 required specifying
``--region eu-central-1``
(`botocore issue 380 <https://github.com/boto/botocore/pull/380>`__)
+ bugfix:Timestamp Input: Fix regression where timestamps without any timezone
information were not being handled properly
(`issue 982 <https://github.com/aws/aws-cli/issues/982>`__)
+ bugfix:Signature Version 4: You can enable Signature Version 4 for Amazon S3
commands by running ``aws configure set default.s3.signature_version s3v4``
(`issue 1006 <https://github.com/aws/aws-cli/issues/1006>`__,
`botocore issue 382 <https://github.com/boto/botocore/pull/382>`__)
+ bugfix:``aws emr``: Fix issue where ``--ssh``, ``--get``, ``--put``
would not work when the cluster was in a waiting state
(`issue 1007 <https://github.com/aws/aws-cli/issues/1007>`__)
+ feature:Binary File Input: Add support for reading file contents as binary
by prepending the filename with ``fileb://``
(`issue 1010 <https://github.com/aws/aws-cli/pull/1010>`__)
+ bugfix:Streaming Output File: Fix issue when streaming a response to a file
and an error response is returned
(`issue 1012 <https://github.com/aws/aws-cli/pull/1012>`__)
+ bugfix:Binary Output: Fix regression where binary output was no longer
being base64 encoded
(`issue 1001 <https://github.com/aws/aws-cli/pull/1001>`__,
`issue 970 <https://github.com/aws/aws-cli/pull/970>`__)
+ feature:``aws lambda``: Add support for Amazon Lambda
+ feature:``aws s3``: Add support for S3 notifications
+ bugfix:``aws configservice get-status``: Fix connecting to endpoint without
using ssl.
(`issue 998 <https://github.com/aws/aws-cli/pull/998>`__)
+ bugfix:``aws deploy push``: Fix some python compatibility issues
(`issue 1000 <https://github.com/aws/aws-cli/pull/1000>`__)
+ feature:``aws deploy``: Adds support for AWS CodeDeploy
+ feature:``aws configservice``: Adds support for AWS Config
+ feature:``aws kms``: Adds support AWS Key Management Service
+ feature:``aws s3api``: Adds support for S3 server-side encryption using
KMS
+ feature:``aws ec2``: Adds support for EBS encryption using KMS
+ feature:``aws cloudtrail``: Adds support for CloudWatch Logs delivery
+ feature:``aws cloudformation``: Adds support for template summary.
+ feature:AssumeRole Credential Provider: Add support for assuming a role
by configuring a ``role_arn`` and a ``source_profile`` in the AWS
config file
(`issue 991 <https://github.com/aws/aws-cli/pull/991>`__,
`issue 990 <https://github.com/aws/aws-cli/pull/990>`__)
+ feature:Waiters: Add a ``wait`` subcommand that allows for a command
to block until an AWS resource reaches a given state
(`issue 992 <https://github.com/aws/aws-cli/pull/992>`__,
`issue 985 <https://github.com/aws/aws-cli/pull/985>`__)
+ bugfix:``aws s3``: Fix issue where request was not properly signed
on retried requests for ``aws s3``
(`issue 986 <https://github.com/aws/aws-cli/issues/986>`__,
`botocore issue 375 <https://github.com/boto/botocore/pull/375>`__)
+ bugfix:``aws s3``: Fix issue where ``--exclude`` and ``--include`` were
not being properly applied when a s3 prefix was provided.
(`issue 993 <https://github.com/aws/aws-cli/pull/993>`__)
+ feature:``aws cloudfront``: Adds support for wildcard cookie names and
options caching.
+ feature:``aws route53``: Add further support for private dns and sigv4.
+ feature:``aws cognito-sync``: Add support for push sync.
+ bugfix:Pagination: Only display ``--page-size`` when an operation can be
paginated
(`issue 956 <https://github.com/aws/aws-cli/pull/956>`__)
+ feature:``--generate-cli-skeleton``: Generates a JSON skeleton to fill out
and be used as input to ``--cli-input-json``.
(`issue 963 <https://github.com/aws/aws-cli/pull/963>`_)
+ feature:``--cli-input-json``: Runs an operation using a global JSON file
that supplies all of the operation's arguments. This JSON file can
be generated by ``--generate-cli-skeleton``.
(`issue 963 <https://github.com/aws/aws-cli/pull/963>`_)
+ feature:``aws s3/s3api``: Show hint about using the correct region when
the corresponding error occurs
(`issue 968 <https://github.com/aws/aws-cli/pull/968>`__)
- Update to version 1.5.3 (bnc#902598)
+ feature:aws ec2 describe-volumes: Add support for optional pagination.
+ feature:aws route53domains: Add support for auto-renew domains.
+ feature:aws cognito-identity: Add for Open-ID Connect.
+ feature:aws sts: Add support for Open-ID Connect
+ feature:aws iam: Add support for Open-ID Connect
+ bugfix:aws s3 sync: Fix issue when uploading with
- -exact-timestamps (issue 964)
+ bugfix:Retry: Fix issue where certain error codes were not being
retried (botocore issue 361)
+ bugfix:aws emr ssh: Fix issue when using waiter interface to wait on
the cluster state (issue 954)
+ feature:aws cloudsearch: Add support for advance Japanese language
processing.
+ feature:aws rds: Add support for gp2 which provides faster access than
disk-based storage.
+ bugfix:aws s3 mv: Delete multi-part objects when transferring objects
across regions using --source-region (issue 938)
+ bugfix:aws emr ssh: Fix issue with waiter configuration not being
found (issue 937)
+ feature:aws dynamodb: Update aws dynamodb command to support storing
and retrieving documents with full support for document models. New
data types are fully compatible with the JSON standard and allow you
to nest document elements within one another.
+ bugfix:aws configure: Fix bug where aws configure was not properly
writing out to the shared credentials file
+ bugfix:S3 Response Parsing: Fix regression for parsing S3 responses
containing a status code of 200 with an error response body (botocore
issue 342)
+ bugfix:Shorthand Error Message: Ensure the error message for shorthand
parsing always contains the CLI argument name (issue 935)
+ bugfix:Response Parsing: Fix response parsing so that leading and
trailing spaces are preserved
+ feature:Shared Credentials File: The aws configure and aws configure set
command now write out all credential variables to the shared
credentials file ~/.aws/credentials (issue 847)
+ bugfix:aws s3: Write warnings and errors to standard error as opposed to
standard output. (issue 919)
+ feature:aws s3: Add --only-show-errors option that displays errors and
warnings but suppresses all other output.
+ feature:aws s3 cp: Added ability to upload local file streams from
standard input to s3 and download s3 objects as local file streams to
standard output. (issue 903)
+ feature:aws emr create-cluster: Add support for --emrfs.
+ feature:aws iam: Update aws iam command to latest version.
+ feature:aws cognito-sync: Update aws cognito-sync command to latest
version.
+ feature:aws opsworks: Update aws opsworks command to latest version.
+ feature:aws elasticbeanstalk: Add support for bundling logs.
+ feature:aws kinesis: Add suport for tagging.
+ feature:Page Size: Add a --page-size option, that controls page size
when perfoming an operation that uses pagination. (issue 889)
+ bugfix:aws s3: Added support for ignoring and warning about files that
do not exist, user does not have read permissions, or are special
files (i.e. sockets, FIFOs, character special devices, and block
special devices) (issue 881)
+ feature:Parameter Shorthand: Added support for structure(list-scalar,
scalar) parameter shorthand. (issue 882)
+ bugfix:aws s3: Fix bug when unknown options were passed to aws s3
commands (issue 886)
+ bugfix:Endpoint URL: Provide a better error message when an invalid
- -endpoint-url is provided (issue 899)
+ bugfix:aws s3: Fix issue when keys do not get properly url decoded when
syncing from a bucket that requires pagination to a bucket that
requires less pagination (issue 909)
+ feature:aws cloudsearchdomain: Added sigv4 support.
+ bugfix:Credentials: Raise an error if an incomplete profile is found
(issue 690)
+ feature:Signing Requests: Add a --no-sign-request option that, when
specified, will not sign any requests.
+ bugfix:aws s3: Added -source-region argument to allow transfer between
non DNS compatible buckets that were located in different regions.
(issue 872)
+ feature:aws elb: Add support for AWS Elastic Load Balancing tagging
+ feature: aws emr: Move emr out of preview mode.
+ bugfix: aws s3api: Fix serialization of several s3 api commands.
(issue botocore 193)
+ bugfix: aws s3 sync: Fix issue for unnecessarily resyncing files on
windows machines. (issue 843)
+ bugfix: aws s3 sync: Fix issue where keys were being decoded twice when
syncing between buckets. (issue 862)
+ bugfix:aws ec2 describe-network-interface-attribute: Fix issue where
the model for the aws ec2 describe-network-interface-attribute was
incorrect (issue 558)
+ bugfix:aws s3: Add option to not follow symlinks via
- -[no]-follow-symlinks. Note that the default behavior of following
symlinks is left unchanged. (issue 854, issue 453, issue 781)
+ bugfix:aws route53 change-tags-for-resource: Fix serialization issue
for aws route53 change-tags-for-resource (botocore issue 328)
+ bugfix:aws ec2 describe-network-interface-attribute: Update parameters
to add the --attribute argument (botocore issue 327)
+ feature:aws autoscaling: Update command to the latest version
+ feature:aws elasticache: Update command to the latest version
+ feature:aws route53: Update command to the latest version
+ feature:aws route53domains: Add support for Amazon Route53 Domains
+ feature:aws elasticloadbalancing: Update to the latest service model.
+ bugfix:aws swf poll-for-decision-task: Fix issue where the default
paginated response is missing output response keys (issue botocore 324)
+ bugfix:Connections: Fix issue where connections were hanging when
network issues occurred issue botocore 325)
+ bugfix:aws s3/s3api: Fix issue where Deprecations were being written
to stderr in Python 3.4.1 issue botocore 319)
+ feature:aws support: Update aws support command to the latest version
+ feature:aws iam: Update aws iam command to the latest version
+ feature:aws emr: Add --hive-site option to aws emr create-cluster and
aws emr install-application commands
+ feature:aws s3 sync: Add an --exact-timestamps option to the aws s3
sync command (issue 824)
+ bugfix:aws ec2 copy-snapshot: Fix bug when spaces in the description
caused the copy request to fail (issue botocore 321)
+ feature:aws cwlogs: Add support for Amazon CloudWatch Logs
+ feature:aws cognito-sync: Add support for Amazon Cognito Service
+ feature:aws cognito-identity: Add support for Amazon Cognito Identity
Service
+ feature:aws route53: Update aws route53 command to the latest version
+ feature:aws ec2: Update aws ec2 command to the latest version
+ bugfix:aws s3/s3api: Fix issue where --endpoint-url wasn't being used
for aws s3/s3api commands (issue 549)
+ bugfix:aws s3 mv: Fix bug where using the aws s3 mv command to move a
large file onto itself results in the file being deleted (issue 831)
+ bugfix:aws s3: Fix issue where parts in a multipart upload are stil being
uploaded when a part has failed (issue 834)
+ bugfix:Windows: Fix issue where python.exe is on a path that contains
spaces (issue 825)
+ feature:aws opsworks: Update the aws opsworks command to the latest version
+ bugfix:Shorthand JSON: Fix bug where shorthand lists with a single
item (e.g. --arg Param=[item]) were not parsed correctly. (issue 830)
+ bugfix:Text output: Fix bug when rendering only scalars that are
numbers in text output (issue 829)
+ bugfix:aws cloudsearchdomain: Fix bug where --endpoint-url is required
even for help subcommands (issue 828)
+ feature:aws cloudsearchdomain: Add support for the Amazon CloudSearch
Domain command.
+ feature:aws cloudfront: Update the Amazon CloudFront command to the
latest version
+ feature:aws ses: Add support for delivery notifications
+ bugfix:Region Config: Fix issue for cn-north-1 region (issue botocore 314)
+ bugfix:Amazon EC2 Credential File: Fix regression for parsing EC2
credential file (issue botocore 315)
+ bugfix:Signature Version 2: Fix timestamp format when calculating
signature version 2 signatures (issue botocore 308)
+ feature:aws configure: Add support for setting nested attributes
(issue 817)
+ bugfix:aws s3: Fix issue when uploading large files to newly created
buckets in a non-standard region (issue 634)
+ feature:aws dynamodb: Add support for a local region for dynamodb
(aws dynamodb --region local ...) (issue 608)
+ feature:aws elasticbeanstalk: Update aws elasticbeanstalk model to the
latest version
+ feature:Documentation Examples: Add more documentatoin examples for
many AWS CLI commands
+ feature:aws emr: Update model to the latest version
+ feature:aws elastictranscoder: Update model to the latest version
+ feature:aws s3api: Add support for server-side encryption with a
customer-supplied encryption key.
+ feature:aws sns: Support for message attributes.
+ feature:aws redshift: Support for renaming clusters.
+ bugfix:aws s3: Fix bug related to retrying requests when 500 status
codes are received (issue botocore 302)
+ bugfix:aws s3: Fix when when using S3 in the cn-north-1 region
(issue botocore 301)
+ bugfix:aws kinesis: Fix pagination bug when using the get-records
operation (issue botocore 304)
+ bugfix:Python 3.4.1: Add support for python 3.4.1 (issue 800)
+ feature:aws emr: Update preview commands for Amazon Elastic MapReduce
+ bugfix:aws s3: Add filename to error message when we're unable to stat
local filename (issue 795)
+ bugfix:aws s3api get-bucket-policy: Fix response parsing for the aws
s3api get-bucket-policy command (issue 678)
+ bugfix:Shared Credentials: Fix bug when specifying profiles that don't
exist in the CLI config file (issue botocore 294)
+ bugfix:aws s3: Handle Amazon S3 error responses that have a 200 OK
status code (issue botocore 298)
+ feature:aws sts: Update the aws sts command to the latest version
+ feature:aws cloudsearch: Update the aws cloudsearch command to the
latest version
+ feature:Shorthand: Add support for surrounding list parameters with []
chars in shorthand syntax (issue 788)
+ feature:Shared credential file: Add support for the ~/.aws/credentials file
+ feature:aws ec2: Add support for Amazon EBS encryption
+ bugfix:aws s3: Fix issue when --delete and --exclude filters are used
together (issue 778)
+ feature:aws route53: Update aws route53 to the latest model
+ bugfix:aws emr: Fix issue with aws emr retry logic not being applied
correctly (botocore issue 285)
+ feature:aws cloudtrail: Add support for eu-west-1, ap-southeast-2
+ bugfix:aws ec2: Fix issue when specifying user data from a file
containing non-ascii characters (issue 765)
+ bugfix:aws cloudtrail: Fix a bug with python3 when creating a
subscription (issue 773)
+ bugfix:Shorthand: Fix issue where certain shorthand parameters were
not parsing to the correct types (issue 776)
+ bugfix:aws cloudformation: Fix issue with parameter casing for the
NotificationARNs parameter (botocore issue 283)
+ feature:aws cloudformation: Add support for updated API
+ feature:aws sqs: Add support for message attributes
+ bugfix:aws s3api: Fix issue when setting metadata on an S3 object
(issue 356)
+ feature:aws autoscaling: Add support for launching Dedicated Instances
in Amazon Virtual Private Cloud
+ feature:aws elasticache: Add support to backup and restore for Redis
clusters
+ feature:aws dynamodb: Update aws dynamodb command to the latest API
+ bugfix:Output Format: Fix issue with encoding errors when using text
and table output and redirecting to a pipe or file (issue 742)
+ bugfix:aws s3: Fix issue with sync re-uploading certain files (issue 749)
+ bugfix:Text Output: Fix issue with inconsistent text output based on
order (issue 751)
+ bugfix:aws datapipeline: Fix issue for aggregating keys into a list
when calling aws datapipeline get-pipeline-definition (issue 750)
+ bugfix:aws s3: Fix issue when running out of disk space during aws s3
transfers (issue 739)
+ feature:aws s3 sync: Add --size-only param to the aws s3 sync command
(issue 472, issue 719)
+ bugfix:aws cloudtrail: Fix issue when using create-subscription
command (issue botocore 268)
+ feature:aws cloudsearch: Amazon CloudSearch has moved out of preview
(issue 730)
+ bugfix:aws s3 website: Fix issue where --error-document was being
ignored in certain cases (issue 714)
+ feature:aws opsworks: Update aws opsworks model to the latest version
+ bugfix:Pagination: Fix issue with --max-items with aws route53, aws iam,
and aws ses (issue 729)
+ bugfix:aws s3: Fix issue with fips-us-gov-west-1 endpoint (issue
botocore 265)
+ bugfix:Table Output: Fix issue when displaying unicode characters in
table output (issue 721)
+ bugfix:aws s3: Fix regression when syncing files with whitespace
(issue 706, issue 718)
+ bugfix:aws ec2: Fix issue with EC2 model resulting in responses not
being parsed.
+ feature:aws ec2: Add support for Amazon VPC peering
+ feature:aws redshift: Add support for the latest Amazon Redshift API
+ feature:aws cloudsearch: Add support for the latest Amazon CloudSearch API
+ bugfix:aws cloudformation: Documentation updates
+ bugfix:Argument Parsing: Fix issue when list arguments were not being
decoded to unicode properly (issue 711)
+ bugfix:Output: Fix issue when invalid output type was provided in a
config file or environment variable (issue 600)
+ bugfix:aws datapipeline: Fix issue when serializing pipeline definitions
containing list elements (issue 705)
+ bugfix:aws s3: Fix issue when recursively removing keys containing
control characters (issue 675)
+ bugfix:aws s3: Honor --no-verify-ssl in high level aws s3 commands
(issue 696)
+ bugfix:Parameters: Fix issue parsing with CLI parameters of type long
(issue 693)
+ bugfix:Pagination: Fix issue where --max-items in pagination was always
assumed to be an integer (issue 689)
+ feature:aws elb: Add support for AccessLog
+ bugfix:Bundled Installer: Allow creation of bundled installer with pip
1.5 (issue 691)
+ bugfix:aws s3: Fix issue when copying objects using aws s3 cp with key
names containing + characters (issue #614)
+ bugfix:ec2 create-snapshot: Remove Tags key from output response
(issue 247)
+ bugfix:aws s3: aws s3 commands should not be requiring regions (issue 681)
+ bugfix:CLI Arguments: Fix issue where unicode command line arguments
were not being handled correctly (issue 679)
+ bugfix:aws s3: Fix issue where S3 downloads would hang in certain cases
and could not be interrupted (issue 650, issue 657)
+ bugfix:aws s3: Support missing canned ACLs when using the --acl
parameter (issue 663)
+ bugfix:aws rds describe-engine-default-parameters: Fix pagination issue
when calling aws rds describe-engine-default-parameters (issue 607)
+ bugfix:aws cloudtrail: Merge existing SNS topic policy with the
existing AWS CloudTrail policy instead of overwriting the default
topic policy
+ bugfix:aws s3: Fix issue where streams were not being rewound when
encountering 307 redirects with multipart uploads (issue 544)
+ bugfix:aws elb: Fix issue with documentation errors in aws elb help
(issue 622)
+ bugfix:JSON Parameters: Add a more clear error message when parsing
invalid JSON parameters (issue 639)
+ bugfix:aws s3api: Properly handle null inputs (issue 637)
+ bugfix:Argument Parsing: Handle files containing JSON with leading
and trailing spaces (issue 640)
- bash
-
- Add patch bash-4.4-jobctrl.patch to allow process group asignment
even for modern kernels (bsc#1057452, bsc#1188287)
- Add patch bsc1183064.patch
* Fix bug bsc#1183064: Segfault from reading a history file not
starting with # with HISTTIMEFORMAT set and history_multiline_entries
nonzero and with the history cleared and read on the same input line.
- Move /bin/bash to /usr/bin/bash and provide old location as
symbolic link of new location (jsc#SLE-15652)
- Remove minimal sh build option as not used
- Rework patch readline-7.0-screen.patch again for bug boo#1143055
* Map all "/screen(-xxx)?.yyy(-zzz)?"/ to "/screen"/ as well as
map "/konsole(-xxx)?"/ and "/gnome(-xxx)?"/ to "/xterm"/
- Add patch bash-4.4-bgpoverflow.patch which is a backport from bash
5.0 to perform better with large numbers of sub processes (bsc#1133773)
- Rework patch readline-7.0-screen.patch
- Add bash-memmove.patch to make bash.html build reproducible (boo#1100488)
- Add patch readline-7.0-screen.patch to be able to parse settings
in inputrc for all screen TERM variables starting with "/screen."/
to fix boo#1095661
- In patch bash-4.4.dif avoid setgroups(2) but use initgroups(3) (boo#1095670)
- Add patch 20, 21, 22 and 23 to bash-4.4-patches.tar.bz2
* 20: In circumstances involving long-running scripts that create
and reap many processes, it is possible for the hash table bash
uses to store exit statuses from asynchronous processes to
develop loops. This patch fixes the loop causes and adds code
to detect any future loops.
* 21: A SIGINT received inside a SIGINT trap handler can possibly
cause the shell to loop.
* 22: There are cases where a failing readline command (e.g.,
delete-char at the end of a line) can cause a multi-character
key sequence to `back up' and attempt to re-read some of the
characters in the sequence.
* 23: When sourcing a file from an interactive shell, setting the
SIGINT handler to the default and typing ^C will cause the
shell to exit.
- remove bash-4.4-wait-sigint-handler.patch (upstreamed)
- Add patch bash-4.4-wait-sigint-handler.patch to fix bug bsc#1086247
that is repeating self inserting trap due external command in the
trap.
- Create readline-devel-static package to re-enable static libraries
again (boo#1082913)
- Use %license (boo#1082318)
- Add patch 19 to bash-4.4-patches.tar.bz2
* With certain values for PS1, especially those that wrap onto
three or more lines, readline will miscalculate the number of
invisible characters, leading to crashes and core dumps.
- Add patches 13-18 to bash-4.4-patches.tar.bz2
* 13: If a here-document contains a command substitution, the
command substitution can get access to the file descriptor used
to write the here-document.
* 14: Under some circumstances, functions that return via the
`return' builtin do not clean up memory they allocated to keep
track of FIFOs.
* 15: Process substitution can leak internal quoting to the
parser in the invoked subshell.
* 16: Bash can perform trap processing while reading command
substitution output instead of waiting until the command
completes.
* 17: There is a memory leak when `read -e' is used to read a
line using readline.
* 18: Under certain circumstances (e.g., reading from /dev/zero),
read(2) will not return -1 even when interrupted by a signal.
The read builtin needs to check for signals in this case.
- partial cleanup with spec-cleaner
- Modify patch bash-4.3-pathtemp.patch to avoid crash at full
file system (boo#1076909)
- Enable multibyte characters by default
- Modify patch bash-4.4.dif to let bashline.h install as well as
this header file is included by general.h due to the same patch
(boo#1060069)
- Make build reproducible in spite of profile based optimizations (boo#1040589)
- Allow to disable do_profiling in builds (related to boo#1040589)
- Simplify patch readline-5.2-conf.patch
- Do not throw info and manual pages away
- Remove bash-4.0-async-bnc523667.dif as this one is fixed (and
was disabled and nobody had reported trouble)
- Add upstream patch readline70-002 which replace old one
There is a race condition in add_history() that can be triggered by a fatal
signal arriving between the time the history length is updated and the time
the history list update is completed. A later attempt to reference an
invalid history entry can cause a crash.
- Add upstream patch readline70-003
Readline-7.0 uses pselect(2) to allow readline to handle signals that do not
interrupt read(2), such as SIGALRM, before reading another character. The
signal mask used in the pselect call did not take into account signals the
calling application blocked before calling readline().
- Add upstream patch bash44-006
Out-of-range negative offsets to popd can cause the shell to crash
attempting to free an invalid memory block.
- Remove patch popd-offset-overflow.patch to use bash44-006
- Add upstream patch bash44-007
When performing filename completion, bash dequotes the directory
name being completed, which can result in match failures and
potential unwanted expansion.
- Duplicate bash44-007 as readline70-002 as it seems to be missed
- Add upstream patch bash44-008
Under certain circumstances, bash will evaluate arithmetic
expressions as part of reading an expression token even when
evaluation is suppressed. This happens while evaluating a
conditional expression and skipping over the failed branch of the
expression.
- Add upstream patch bash44-009
There is a race condition in add_history() that can be triggered
by a fatal signal arriving between the time the history length
is updated and the time the history list update is completed.
A later attempt to reference an invalid history entry can cause
a crash.
- Add upstream patch bash44-010
Depending on compiler optimizations and behavior, the `read'
builtin may not save partial input when a timeout occurs.
- Add upstream patch bash44-011
Subshells begun to run command and process substitutions may
attempt to set the terminal's process group to an incorrect
value if they receive a fatal signal. This depends on the
behavior of the process that starts the shell.
- Add upstream patch bash44-012
When -N is used, the input is not supposed to be split using
$IFS, but leading and trailing IFS whitespace was still removed.
- Remove -L option on screen call dues API change, now we depend
on environment variables only.
- Enable -fprofile-correction to cover misleading profile created due
to terminating_signal which does not return.
- Add upstream patch popd-offset-overflow.patch to fix boo#1010845
CVE-2016-9401: bash: popd controlled free (Segmentation fault)
Remark: this is a simple Segmentation fault, no security risk
- Add upstream patch bash44-001
Bash-4.4 changed the way the history list is initially allocated to reduce
the number of reallocations and copies. Users who set HISTSIZE to a very
large number to essentially unlimit the size of the history list will get
memory allocation errors
- Add upstream patch bash44-002
Bash-4.4 warns when discarding NUL bytes in command substitution output
instead of silently dropping them. This patch changes the warnings from
one per NUL byte encountered to one warning per command substitution.
- Drop no-null-warning.patch as bash44-002 is official replacement
- Add upstream patch bash44-003
Specially-crafted input, in this case an incomplete pathname expansion
bracket expression containing an invalid collating symbol, can cause the
shell to crash.
- Add upstream patch bash44-004
There is a race condition that can result in bash referencing freed memory
when freeing data associated with the last process substitution.
- Add upstream patch bash44-005
Under certain circumstances, a simple command is optimized to eliminate a
fork, resulting in an EXIT trap not being executed. (boo#1008459)
- Add upstream patch readline70-001
Readline-7.0 changed the way the history list is initially allocated to reduce
the number of reallocations and copies. Users who set the readline
history-size variable to a very large number to essentially unlimit the size
of the history list will get memory allocation errors
- no-null-warning.patch: Don't warn about null bytes in command
substitution
- Avoid confusing library path
- Update bash 4.4 final
* Latest bug fixes since 4.4 rc2
- Update readline 7.0 final
* Latest bug fixes since 7.0 rc2
* New application-callable function: rl_pending_signal(): returns the signal
number of any signal readline has caught but not yet handled.
* New application-settable variable: rl_persistent_signal_handlers: if set
to a non-zero value, readline will enable the readline-6.2 signal handler
behavior in callback mode: handlers are installed when
rl_callback_handler_install is called and removed removed when a complete
line has been read.
- Drop patch bash-4.3-async-bnc971410.dif as this one is part of 4.4
- Drop patch bash-3.2-longjmp.dif as now long time be fixed
- Drop patch bash-4.3-headers.dif as loadables now simply work
- Drop readline-6.1-wrap.patch as this seems to be fixed
- Disable patch bash-4.0-async-bnc523667.dif for now as it seems to be fixed
in an other way
- Update bash 4.4 rc2 -- Bugfixes
- Update readline 7.0 rc2 -- Bugfixes
- Make clear that the files /etc/profile as well as /etc/bash.bashrc
may source other files as well even if the bash does not.
Therefore modify patch bash-4.1-bash.bashrc.dif (bsc#959755)
- Update bash 4.4 beta 2
* Value conversions (arithmetic expansions, case modification, etc.) now
happen when assigning elements of an array using compound assignment.
* There is a new option settable in config-top.h that makes multiple
directory arguments to `cd' a fatal error.
* Bash now uses mktemp() when creating internal temporary files; it produces
a warning at build time on many Linux systems.
- Update to readline library 7.0 beta 2 (not enabled as not standalone)
* The default binding for ^W in vi mode now uses word boundaries specified
by Posix (vi-unix-word-rubout is bindable command name).
* rl_clear_visible_line: new application-callable function; clears all
screen lines occupied by the current visible readline line.
* rl_tty_set_echoing: application-callable function that controls whether
or not readline thinks it is echoing terminal output.
* Handle >| and strings of digits preceding and following redirection
specifications as single tokens when tokenizing the line for history
expansion.
* Fixed a bug with displaying completions when the prefix display length
is greater than the length of the completions to be displayed.
* The :p history modifier now applies to the entire line, so any expansion
specifying :p causes the line to be printed instead of expanded.
- Update bash 4.4 release candidate 1
* There is now a settable configuration #define that will cause the shell
to exit if the shell is running setuid without the -p option and setuid
to the real uid fails.
* Command and process substitutions now turn off the `-v' option when
executing, as other shells seem to do.
* The default value for the `checkhash' shell option may now be set at
compile time with a #define.
* The `mapfile' builtin now has a -d option to use an arbitrary character
as the record delimiter, and a -t option to strip the delimiter as
supplied with -d.
* The maximum number of nested recursive calls to `eval' is now settable in
config-top.h; the default is no limit.
* The `-p' option to declare and similar builtins will display attributes for
named variables even when those variables have not been assigned values
(which are technically unset).
* The maximum number of nested recursive calls to `source' is now settable
in config-top.h; the default is no limit.
* All builtin commands recognize the `--help' option and print a usage
summary.
* Bash does not allow function names containing `/' and `=' to be exported.
* The `ulimit' builtin has new -k (kqueues) and -P (pseudoterminals) options.
* The shell now allows `time ; othercommand' to time null commands.
* There is a new `--enable-function-import' configuration option to allow
importing shell functions from the environment; import is enabled by
default.
* `printf -v var "/"/' will now set `var' to the empty string, as if `var="/"/'
had been executed.
* GLOBIGNORE, the pattern substitution word expansion, and programmable
completion match filtering now honor the value of the `nocasematch' option.
* There is a new ${parameter@spec} family of operators to transform the
value of `parameter'.
* Bash no longer attempts to perform compound assignment if a variable on the
rhs of an assignment statement argument to `declare' has the form of a
compound assignment (e.g., w='(word)' ; declare foo=$w); compound
assignments are accepted if the variable was already declared as an array,
but with a warning.
* The declare builtin no longer displays array variables using the compound
assignment syntax with quotes; that will generate warnings when re-used as
input, and isn't necessary.
* Executing the rhs of && and || will no longer cause the shell to fork if
it's not necessary.
* The `local' builtin takes a new argument: `-', which will cause it to save
and the single-letter shell options and restore their previous values at
function return.
* `complete' and `compgen' have a new `-o nosort' option, which forces
readline to not sort the completion matches.
* Bash now allows waiting for the most recent process substitution, since it
appears as $!.
* The `unset' builtin now unsets a scalar variable if it is subscripted with
a `0', analogous to the ${var[0]} expansion.
* `set -i' is no longer valid, as in other shells.
* BASH_SUBSHELL is now updated for process substitution and group commands
in pipelines, and is available with the same value when running any exit
trap.
* Bash now checks $INSIDE_EMACS as well as $EMACS when deciding whether or
not bash is being run in a GNU Emacs shell window.
* Bash now treats SIGINT received when running a non-builtin command in a
loop the way it has traditionally treated running a builtin command:
running any trap handler and breaking out of the loop.
* New variable: EXECIGNORE; a colon-separate list of patterns that will
cause matching filenames to be ignored when searching for commands.
* Aliases whose value ends in a shell metacharacter now expand in a way to
allow them to be `pasted' to the next token, which can potentially change
the meaning of a command (e.g., turning `&' into `&&').
* `make install' now installs the example loadable builtins and a set of
bash headers to use when developing new loadable builtins.
* `enable -f' now attempts to call functions named BUILTIN_builtin_load when
loading BUILTIN, and BUILTIN_builtin_unload when deleting it. This allows
loadable builtins to run initialization and cleanup code.
* There is a new BASH_LOADABLES_PATH variable containing a list of directories
where the `enable -f' command looks for shared objects containing loadable
builtins.
* The `complete_fullquote' option to `shopt' changes filename completion to
quote all shell metacharacters in filenames and directory names.
* The `kill' builtin now has a `-L' option, equivalent to `-l', for
compatibility with Linux standalone versions of kill.
* BASH_COMPAT and FUNCNEST can be inherited and set from the shell's initial
environment.
* inherit_errexit: a new `shopt' option that, when set, causes command
substitutions to inherit the -e option. By default, those subshells disable
- e. It's enabled as part of turning on posix mode.
* New prompt string: PS0. Expanded and displayed by interactive shells after
reading a complete command but before executing it.
* Interactive shells now behave as if SIGTSTP/SIGTTIN/SIGTTOU are set to SIG_DFL
when the shell is started, so they are set to SIG_DFL in child processes.
* Posix-mode shells now allow double quotes to quote the history expansion
character.
* OLDPWD can be inherited from the environment if it names a directory.
* Shells running as root no longer inherit PS4 from the environment, closing a
security hole involving PS4 expansion performing command substitution.
* If executing an implicit `cd' when the `autocd' option is set, bash will now
invoke a function named `cd' if one exists before executing the `cd' builtin.
- Update to readline library 7.0 release candidate 1
* The history truncation code now uses the same error recovery mechansim as
the history writing code, and restores the old version of the history file
on error. The error recovery mechanism handles symlinked history files.
* There is a new bindable variable, `enable-bracketed-paste', which enables
support for a terminal's bracketed paste mode.
* The editing mode indicators can now be strings and are user-settable
(new `emacs-mode-string', `vi-cmd-mode-string' and `vi-ins-mode-string'
variables). Mode strings can contain invisible character sequences.
Setting mode strings to null strings restores the defaults.
* Prompt expansion adds the mode string to the last line of a multi-line
prompt (one with embedded newlines).
* There is a new bindable variable, `colored-completion-prefix', which, if
set, causes the common prefix of a set of possible completions to be
displayed in color.
* There is a new bindable command `vi-yank-pop', a vi-mode version of emacs-
mode yank-pop.
* The redisplay code underwent several efficiency improvements for multibyte
locales.
* The insert-char function attempts to batch-insert all pending typeahead
that maps to self-insert, as long as it is coming from the terminal.
* rl_callback_sigcleanup: a new application function that can clean up and
unset any state set by readline's callback mode. Intended to be used
after a signal.
* If an incremental search string has its last character removed with DEL, the
resulting empty search string no longer matches the previous line.
* If readline reads a history file that begins with `#' (or the value of
the history comment character) and has enabled history timestamps, the history
entries are assumed to be delimited by timestamps. This allows multi-line
history entries.
* Readline now throws an error if it parses a key binding without a terminating
`:' or whitespace.
- Remove patches which are upstream solved
bash-3.2-longjmp.dif
bash-4.3-headers.dif
readline-6.1-wrap.patch
- Rename patches
bash-4.3.dif become bash-4.4.dif
readline-6.3.dif become readline-7.0.dif
- Refresh other patches as well
- Define the USE_MKTEMP and USE_MKSTEMP cpp macros as the
implementation is already there.
- Add patch bash-4.3-pathtemp.patch to allow root to clear the
file systems. Otherwise the completion does not work if /tmp
if full (ENOSPC for here documents)
- Remove --hash-size options as there is no any change in the final
binary nor library anymore
- Add upstream patch bash43-039
Using the output of `declare -p' when run in a function can result in variables
that are invisible to `declare -p'. This problem occurs when an assignment
builtin such as `declare' receives a quoted compound array assignment as one of
its arguments.
- Add upstream patch bash43-040
There is a memory leak that occurs when bash expands an array reference on
the rhs of an assignment statement.
- Add upstream patch bash43-041
There are several out-of-bounds read errors that occur when completing command
lines where assignment statements appear before the command name. The first
two appear only when programmable completion is enabled; the last one only
happens when listing possible completions.
- Add upstream patch bash43-042
There is a problem when parsing command substitutions containing `case'
commands within pipelines that causes the parser to not correctly identify
the end of the command substitution.
- add bash-4.3-perl522.patch to fix texi2html for perl 5.22
(defined(@array) has been deprecated since at least 2012)
- Add upstream patch bash43-034
If neither the -f nor -v options is supplied to unset, and a name argument is
found to be a function and unset, subsequent name arguments are not treated as
variables before attempting to unset a function by that name.
- Add upstream patch bash43-035
A locale with a long name can trigger a buffer overflow and core dump. This
applies on systems that do not have locale_charset in libc, are not using
GNU libiconv, and are not using the libintl that ships with bash in lib/intl.
- Add upstream patch bash43-036
When evaluating and setting integer variables, and the assignment fails to
create a variable (for example, when performing an operation on an array
variable with an invalid subscript), bash attempts to dereference a null
pointer, causing a segmentation violation.
- Add upstream patch bash43-037
If an associative array uses `@' or `*' as a subscript, `declare -p' produces
output that cannot be reused as input.
- Add upstream patch bash43-038
There are a number of instances where `time' is not recognized as a reserved
word when the shell grammar says it should be.
- move info deletion to %preun sections
- bash-4.3-loadables.dif: One more warning fixed, in
examples/loadables/logname.c.
- bash-4.3-loadables.dif: Reverted one warning fix, which was
introducing another warning and possibly a bug.
- bash-4.3-loadables.dif: Split changes to shell.h to a separate
patch "/bash-4.3-include-unistd.dif"/, as the loadables build just
fine without these changes.
- bash-4.3-loadables.dif: Drop all header file inclusion fixups,
upstream fixed the problem differently 5 years ago.
- Do not restart all signal handlers for bash 4.3 as this breaks
trap handler in subshells waotiug for a process
- Remove -DMUST_UNBLOCK_CHLD(=1) as this breaks waitchild(2) on linux
- Add upstream patch bash43-031
The new nameref assignment functionality introduced in bash-4.3 did not perform
enough validation on the variable value and would create variables with
invalid names.
- Add upstream patch bash43-032
When bash is running in Posix mode, it allows signals -- including SIGCHLD --
to interrupt the `wait' builtin, as Posix requires. However, the interrupt
causes bash to not run a SIGCHLD trap for all exited children. This patch
fixes the issue and restores the documented behavior in Posix mode.
- Add upstream patch bash43-033
Bash does not clean up the terminal state in all cases where bash or
readline modifies it and bash is subsequently terminated by a fatal signal.
This happens when the `read' builtin modifies the terminal settings, both
when readline is active and when it is not. It occurs most often when a script
installs a trap that exits on a signal without re-sending the signal to itself.
- Fix the sed command that fixes up the patch headers. It was
printing a duplicate header line, which suprisingly did not
confuse patch, but could in the future.
- Fix all patches that had the duplicate header line issue.
- Use tail command to follow run-tests instead of a simpe cat command
- Really remove obsolete patches
- Skip autoconf on OS 10.2 or older
- Avoid fdupes on SLES-10
- Bump bash version to 4.3
- Allow building on targets from SL 10.1 to current since it's free
- bc
-
- fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc
- deleted patches
- bc-1.06-dc_ibase.patch (upstreamed)
- Use %license instead of %doc [bsc#1082318]
- Cleanup %doc section
- added patches
Correct return value after 'q' [bsc#1129038]
+ bc-dc-correct-return-value.patch
- Update to version 1.07.1:
* Fixed ibase extension causing problems for read()
* Fixed parallel make problem.
* Fixed dc "/Q"/ comanmd bug.
- Changes for version 1.07:
* Added void functions.
* fixes bug in load_code introduced by mathlib string storage in 1.06.
* fix to get long options working.
* signal code clean-up.
* fixed a bug in the AVL tree routines.
* fixed math library to work properly when called with ibase not 10.
* fixed a symbol table bug when using more than 32 names.
* removed a double free.
* Added base 17 to 36 for ibase.
* Fixed some memory leaks.
* Various small tweaks and doc bug fixes.
- Drop no longer needed patches:
* bc-1.06.95-memleak.patch
* bc-1.06.95-matlib.patch
* bc-1.06.95-sigintmasking.patch
- Refresh bc-1.06-dc_ibase.patch
- Add gpg signature
- Update url
- Correct info files scriplets and dependencies
- Clean up with spec-cleaner
- Add ncurses-devel as it is inherited from readline
- Explicitely pass without-libedit if we decide to switch for
it at some point
- Add BuildRequires on makeinfo to fix Factory build
- update to upstream alpha 1.06.95 (2006-09-05), in use in other
major distros for quite a long time (Debian, Fedora, Ubuntu, ...)
- add patches from Fedora
- automake dependency removed
- add automake as buildrequire to avoid implicit dependency
- Fix last change.
- Fix detection of empty opt_expression in the parser.
- bind
-
- Since BIND 9.9, it has been easier to use tsig-keygen and
ddns-confgen to generare TSIG keys. In 9.13, TSIG support was
removed from dnssec-keygen, so now it is just for DNSKEY (and KEY
for obscure cases). tsig-keygen is now used to generate DDNS keys.
[bsc#1187921, vendor-files.tar.bz2]
- * A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
[CVE-2021-25214, bind-CVE-2021-25214.patch]
* An assertion check can fail while answering queries
for DNAME records that require the DNAME to be processed to resolve
itself
[CVE-2021-25215, bind-CVE-2021-25215.patch]
* A second vulnerability in BIND's GSSAPI security
policy negotiation can be targeted by a buffer overflow attack
This does not affect this package as the affected code is
disabled.
[CVE-2021-25216]
[bsc#1185345]
- pass PIE compiler and linker flags via environment variables to make
/usr/bin/delv in bind-tools also position independent (bsc#1183453).
- drop pie_compile.diff: no longer needed, this patch is difficult to
maintain, the environment variable approach is less error prone.
[bsc#1183453, bind.spec, pie_compile.diff]
- /var/run is deprecated, replaced by /run
[bsc#1185073, bind-replace-varrun-with-run.patch,
bind-chrootenv.conf, vendor-files.tar.bz2]
- Removed baselibs.conf as SLE does not distribute 32 bit libraries.
[baselibs.conf]
- Added special make instruction for the "/Administrator Reference
Manual"/ which is built using python3-Sphinx
[bsc#1177983, bind.spec]
- Removed "/Before=nss-lookup.target"/ from named.service as that
leads to a systemd ordering cycle
[bsc#1177491, bsc#1178626, bsc#1177991, vendor-files.tar.bz2]
- Add /usr/lib64/named to the files and directories in
bind-chrootenv.conf. This directory contains plugins loaded
after the chroot().
- Replaced named's dependency on time-sync with a dependency on time-set
in named.service. The former leads to a dependency-loop.
- Removed "/dnssec-enable"/ from named.conf as it has been obsoleted.
Added a comment for reference which should be removed
in the future.
- Added a comment to the "/dnssec-validation"/ in named.conf
with a reference to forwarders which do not return signed responses.
- Replaced an INSIST macro which calls abort with a test and a
diagnostic output.
[bsc#1177913,bsc#1178078,bsc#1177790,bsc#1177603,bsc#1175894,
bsc#1177915,
bind-Print-diagnostics-on-dns_name_issubdomain-failure-in.patch,
bind-chrootenv.conf,vendor-files.tar.bz2]
- Removed "/-r /dev/urandom"/ from all invocations of rndc-confgen
(init/named system/lwresd.init system/named.init in vendor-files)
as this option is deprecated and causes rndc-confgen to fail.
[bsc#1173311, bsc#1176674, bsc#1170713, vendor-files.tar.bz2]
- /usr/bin/genDDNSkey: Removing the use of the -r option in the call
of /usr/sbin/dnssec-keygen as BIND now uses the random number
functions provided by the crypto library (i.e., OpenSSL or a
PKCS#11 provider) as a source of randomness rather than /dev/random.
Therefore the -r command line option no longer has any effect on
dnssec-keygen. Leaving the option in genDDNSkey as to not break
compatibility. Patch provided by Stefan Eisenwiener.
[bsc#1171313, vendor-files.tar.bz2]
- Put libns into a separate subpackage to avoid file conflicts
in the libisc subpackage due to different sonums (bsc#1176092).
- Require /sbin/start_daemon: both init scripts, the one used in
systemd context as well as legacy sysv, make use of start_daemon.
- Upgrade to version 9.16.6
Fixes five vilnerabilities:
5481. [security] "/update-policy"/ rules of type "/subdomain"/ were
incorrectly treated as "/zonesub"/ rules, which allowed
keys used in "/subdomain"/ rules to update names outside
of the specified subdomains. The problem was fixed by
making sure "/subdomain"/ rules are again processed as
described in the ARM. (CVE-2020-8624) [GL #2055]
5480. [security] When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code
determining the number of bits in the PKCS#11 RSA public
key with a specially crafted packet. (CVE-2020-8623)
[GL #2037]
5479. [security] named could crash in certain query resolution scenarios
where QNAME minimization and forwarding were both
enabled. (CVE-2020-8621) [GL #1997]
5478. [security] It was possible to trigger an assertion failure by
sending a specially crafted large TCP DNS message.
(CVE-2020-8620) [GL #1996]
5476. [security] It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
(CVE-2020-8622) [GL #2028]
For the less severe bugs fixed, see the CHANGES file.
[bsc#1175443, CVE-2020-8624, CVE-2020-8623, CVE-2020-8621,
CVE-2020-8620, CVE-2020-8622]
- Added "//etc/bind.keys"/ to NAMED_CONF_INCLUDE_FILES in
/etc/sysconfig/named to suppress warning message re
missing file.
[vendor-files.tar.bz2, bsc#1173983]
- Upgrade to version bind-9.16.5
* The "/primary"/ and "/secondary"/ keywords, when used
as parameters for "/check-names"/, were not
processed correctly and were being ignored.
* 'rndc dnstap -roll <value>' did not limit the number of
saved files to <value>.
* Add 'rndc dnssec -status' command.
* Addressed a couple of situations where named could crash
For the full list, see the CHANGES file in the source RPM.
- Changed /var/lib/named to owner root:named and perms rwxrwxr-t
so that named, being a/the only member of the "/named"/ group
has full r/w access yet cannot change directories owned by root
in the case of a compromized named.
[bsc#1173307, bind-chrootenv.conf]
- Upgrade to version bind-9.16.4
Fixing two security problems:
* It was possible to trigger an INSIST when determining
whether a record would fit into a TCP message buffer.
(CVE-2020-8618)
* It was possible to trigger an INSIST in
lib/dns/rbtdb.c:new_reference() with a particular zone
content and query patterns. (CVE-2020-8619)
Also the following functional changes:
* Reject DS records at the zone apex when loading
master files. Log but otherwise ignore attempts to
add DS records at the zone apex via UPDATE.
* The default value of "/max-stale-ttl"/ has been changed
from 1 week to 12 hours.
* Zone timers are now exported via statistics channel.
Thanks to Paul Frieden, Verizon Media.
Added support for idn2 to spec file (Thanks to Holger Bruenjes
<holgerbruenjes@gmx.net>).
More internal changes see the CHANGES file in the source RPM
This update obsoletes Makefile.in.diff
[bsc#1172958, CVE-2020-8618, CVE-2020-8619, Makefile.in.diff
bind.spec]
- Upgrade to version bind-9.16.3
Fixing two security problems:
* Further limit the number of queries that can be triggered from
a request. Root and TLD servers are no longer exempt
from max-recursion-queries. Fetches for missing name server
address records are limited to 4 for any domain. (CVE-2020-8616)
* Replaying a TSIG BADTIME response as a request could trigger an
assertion failure. (CVE-2020-8617)
Also
* Add engine support to OpenSSL EdDSA implementation.
* Add engine support to OpenSSL ECDSA implementation.
* Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.
* Warn about AXFR streams with inconsistent message IDs.
* Make ISC rwlock implementation the default again.
For more see CHANGS file in source RPM.
[CVE-2020-8616, CVE-2020-8617, bsc#1171740, bind-9.16.3.tar.xz]
- bind needs an accurate clock, so wait for the time-sync.target
to be reached before starting bind.
[bsc#1170667, bsc#1170713, vendor-files.tar.bz2]
- Use sysusers.d to create named user
- Have only one package creating the user
- coreutils are not used in %post, remove Requires.
- Use systemd_ordering instead of hard requiring systemd
- Upgrade to version 9.16.1
* UDP network ports used for listening can no longer simultaneously
be used for sending traffic.
* The system-provided POSIX Threads read-write lock implementation
is now used by default instead of the native BIND 9 implementation.
* Fixed re-signing issues with inline zones which resulted in records
being re-signed late or not at all.
[bind-9.16.1.tar.xz]
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
Major upgrade, see
https://downloads.isc.org/isc/bind9/9.16.0/RELEASE-NOTES-bind-9.16.0.html
and
CHANGES file in the source tree.
Major functional change:
* What was set with --with-tuning=large option in older BIND9
versions is now a default, and a --with-tuning=small option was
added for small (e.g. OpenWRT) systems.
* A new "/dnssec-policy"/ option has been added to named.conf to
implement a key and signing policy (KASP) for zones.
* The command (and manpage) bind9-config have been dropped as the
BIND 9 libraries are now purely internal.
No patches became obsolete through the upgrade.
[bind-9.16.0.tar.xz]
- Upgrade to bind-9.14.9
bug fixes and feature improvements
- Upgrade to version 9.14.8:
* Set a limit on the number of concurrently served pipelined TCP
queries.
* Some other bug fixing, see CHANGES file.
[CVE-2019-6477, bsc#1157051]
- Upgrade to version 9.14.7
* removed dnsperf, idn, nslint, perftcpdns, query-loc-0.4.0,
queryperf, sdb, zkt from contrib as they are not supported
any more
* Added support for the GeoIP2 API from MaxMind
* See CHANGES file in the source RPM.
* obsoletes bind-CVE-2018-5745.patch (bsc#1126068)
* obsoletes bind-CVE-2019-6465.patch (bsc#1126069)
* obsoletes bind-CVE-2018-5743.patch (bsc#1133185)
* obsoletes bind-CVE-2019-6471.patch (bsc#1138687)
[bsc#1111722, bsc#1156205, bsc#1126068, bsc#1126069, bsc#1133185,
bsc#1138687, CVE-2019-6476, CVE-2019-6475,
CVE-2019-6471, CVE-2018-5743, CVE-2019-6467, CVE-2019-6465,
CVE-2018-5745, CVE-2018-5744, CVE-2018-5740, CVE-2018-5738,
CVE-2018-5737, CVE-2018-5736, CVE-2017-3145, CVE-2017-3136,
configure.in.diff, bind-99-libidn.patch, perl-path.diff,
bind-sdb-ldap.patch, bind-CVE-2017-3145.patch,
bug-4697-Restore-workaro]und-for-Microsoft-Windows-T.patch,
bind-fix-fips.patch, bind-CVE-2018-5745.patch,
bind-CVE-2019-6465.patch, bind-CVE-2018-5743.patch,
bind-CVE-2019-6471.patch, CVE-2016-6170, bsc#1018700,
bsc#1018701, bsc#1018702, bsc#1033466, bsc#1033467, bsc#1033468,
bsc#1040039, bsc#1047184, bsc#1104129, bsc#906079, bsc#918330,
bsc#936476, bsc#937028, bsc#939567, bsc#977657, bsc#983505,
bsc#987866, bsc#989528, fate#320694, fate#324357, bnc#1127583,
bnc#1127583, bnc#1109160]
- removal of SuSEfirewall2 service from Factory, since SuSEfirewall2 has been
replaced by firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch
- Don't rely on /etc/insserv.conf anymore for proper dependencies
against nss-lookup.target in named.service and lwresd.service
(bsc#1118367 bsc#1118368)
- Update named.root. One of the root servers IP has changed.
- Install the LICENSE file.
- Add bind.conf and bind-chrootenv.conf to install the default
files in /var/lib/named and create chroot environment on systems
using transactional-updates [bsc#1100369] [FATE#325524].
- Cleanup pre/post install: remove all old code which was needed to
update to SLES8.
- Fix a patch error in dnszone-schema file (bsc#901577)
- Add SPF records in dnszone-schema file (bsc#901577)
- Fix the hostname in ldapdump to be valid (bsc#965748)
- Patch file - bind-ldapdump-use-valid-host.patch
- Add bug-4697-Restore-workaround-for-Microsoft-Windows-T.patch
Fixes dynamic DNS updates against samba and Microsoft DNS servers
(bsc#1094236).
- Move chroot related files from bind to bind-chrootenv
(bsc#1093338)
- Remove rndc.key generation from bind.spec file because bind
should create it on first boot (bsc#1092283)
- Add misisng rndc.key check and generation code is lwresd.init
script
- build with --enable-filter-aaaa to make it possible to use
config option "/filter-aaaa-on-v4 yes"/. Useful to workaround
broken websites like netflix which block traffic from certain
IPv6 tunnel providers. (bsc#1069633)
- Add /dev/urandom to chroot env
- Implement systemd init scripts for bind and lwresd (fate#323155)
- Apply bind-CVE-2017-3145.patch to fix CVE-2017-3145 (bsc#1076118)
- Use getent when adding user/group
- update changelog to mention removed options
- license changed to MPL-2.0 according to legal.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Add back init scripts, systemd units aren't ready yet
- Add python3-bind subpackage to allow python bind interactions
- Sync configure options with RH package and remove unused ones
* Enable python3
* Enable gssapi
* Enable dnssec scripts
* Remove no longer recognized --enable-rrl
- Drop idnkit from the build, the bind uses libidn since 2007 to run
all the resolutions in dig/etc. bsc#1030306
- Add patch to make sure we build against system idn:
* bind-99-libidn.patch
- Refresh patch:
* pie_compile.diff
- Remove patches that are unused due to above:
* idnkit-powerpc-ltconfig.patch
* runidn.diff
- drop bind-openssl11.patch (merged upstream)
- Remove systemd conditionals as we are not building on sle11 anyway
- Force the systemd to be base for the initscript deployment
- Bump up version of most of the libraries
- Rename the subpackages to match the version updates
- Add macros for easier handling of the library package names
- Drop more unneeded patches
* dns_dynamic_db.patch (upstream)
- Update to 9.11.2 release:
* Many changes compared to 9.10 see the README file for in-depth listing
* For detailed changes with issues see CHANGES file
* Fixes for CVE-2017-3141 CVE-2017-3140 CVE-2017-3138 CVE-2017-3137
CVE-3136 CVE-2016-9778
* OpenSSL 1.1 support
- Remove support for some old distributions and cleanup the spec file
to require only what is really needed
- Switch to systemd (bsc#1053808)
- Remove german from the postinst messages
- Remove patches merged upstream:
* bind-CVE-2017-3135.patch
* bind-CVE-2017-3142-and-3143.patch
- Refresh named.root with another update
- Use python3 by default (fate#323526)
- bind-openssl11.patch: add a patch for enabling
openssl 1.1 support (builds for 1.0 and 1.1 openssl).
(bsc#1042635)
- Enable JSON statistics
- named.root: refreshed from internic to 2017060102 (bsc#1048729)
- Run systemctl daemon-reload even when this is not build with
systemd support: if installing bind on a systemd service and not
reloading systemd daemon, then the service 'named' is not known
right after package installation, causing confusion.
- Added bind-CVE-2017-3142-and-3143.patch to fix a security issue
where an attacker with the ability to send and receive messages
to an authoritative DNS server was able to circumvent TSIG
authentication of AXFR requests. A server that relies solely on
TSIG keys for protection with no other ACL protection could be
manipulated into (1) providing an AXFR of a zone to an
unauthorized recipient and (2) accepting bogus Notify packets.
[bsc#1046554, CVE-2017-3142, bsc#1046555, CVE-2017-3143]
- Fix named init script to dynamically find the location of the
openssl engines (boo#1040027).
- Add with_systemd define with default off, since we still use init
scripts and no systemd units.
- Don't require and call insserv if we use systemd
- Fix assertion failure or a NULL pointer read for configurations using both DNS64 and RPZ
* CVE-2017-3135, bsc#1024130
* bind-CVE-2017-3135.patch
- Update to latest release in the 9.10.X series
* Security fixes in 9.10.4
* Duplicate EDNS COOKIE options in a response could trigger an assertion failure.
CVE-2016-2088. [RT #41809]
* The resolver could abort with an assertion failure due to improper DNAME handling
when parsing fetch reply messages. CVE-2016-1286. [RT #41753]
* Malformed control messages can trigger assertions in named and rndc.
CVE-2016-1285. [RT #41666]
* Certain errors that could be encountered when printing out or logging an OPT record containing
a CLIENT-SUBNET option could be mishandled, resulting in an assertion failure. CVE-2015-8705. [RT #41397]
* Specific APL data could trigger an INSIST. CVE-2015-8704. [RT #41396]
* Incorrect reference counting could result in an INSIST failure if a socket error occurred while performing
a lookup. CVE-2015-8461. [RT#40945]
* Insufficient testing when parsing a message allowed records with an incorrect class to be be accepted,
triggering a REQUIRE failure when those records were subsequently cached. CVE-2015-8000. [RT #40987]
* For Features and other fixes in 9.10.4 see https://kb.isc.org/article/AA-01380/0/BIND-9.10.4-Release-Notes.html
* Description of patch changes
* BIND 9.10.4-P5 addresses the security issues described in CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444. [bsc#1018699]
* BIND 9.10.4-P4 addresses the security issue described in CVE-2016-8864.
* BIND 9.10.4-P3 addresses the security issue described in CVE-2016-2776 and addresses an interoperability issue with ECS clients.
* BIND 9.10.4-P2 addresses the security issue described in CVE-2016-2775.
* BIND 9.10.4-P1 addresses Windows installation issues, the %z modifier is not supported under Windows and
a race condition in the rbt/rbtdb implementation resulting in named exiting due to assertion failures being detected.
* Following patches removed, fixed upstream
* cve-2016-2776.patch
* cve-2016-8864.patch
- Apply cve-2016-8864.patch to fix CVE-2016-8864 (bsc#1007829).
- Apply cve-2016-2776.patch to fix CVE-2016-2776 (bsc#1000362).
- Remove the start/stop dependency of named and lwresd on remote-fs
to break a service dependency cycle (bsc#947483, bsc#963971).
- Make /var/lib/named owned by the named user (bsc#908850,
bsc#875691).
- Call systemd service macros with the full service name.
- remove BuildRequire libcap. That is only a legacy library, not
actually used for building. libcap-devel pulls in the right one.
- Security update 9.10.3-P4:
* CVE-2016-1285, bsc#970072: assert failure on input parsing can
cause premature exit.
* CVE-2016-1286, bsc#970073: An error when parsing signature
records for DNAME can lead to named exiting due to an assertion
failure.
* CVE-2016-2088, bsc#970074: a deliberately misconstructed packet
containing multiple cookie options to cause named to terminate
with an assertion failure.
- drop a changing timestamp making build reproducible
- Build with --with-randomdev=/dev/urandom otherwise
libisc will use /dev/random to gather entropy and that might
block, short read etc..
- Security update 9.10.3-P3:
* Specific APL data could trigger an INSIST (CVE-2015-8704,
bsc#962189).
* Certain errors that could be encountered when printing out or
logging an OPT record containing a CLIENT-SUBNET option could
be mishandled, resulting in an assertion failure
(CVE-2015-8705, bsc#962190).
* Authoritative servers that were marked as bogus (e.g.
blackholed in configuration or with invalid addresses) were
being queried anyway.
- Update to version 9.10.3-P2 to fix a remote denial of service by
misparsing incoming responses (CVE-2015-8000, bsc#958861).
- Avoid double %setup, it confuses some versions of quilt.
- Summary/description update
- Update to version 9.10.2-P4
* An incorrect boundary boundary check in the OPENPGPKEY
rdatatype could trigger an assertion failure.
(CVE-2015-5986) [RT #40286] (bsc#944107)
* A buffer accounting error could trigger an
assertion failure when parsing certain malformed
DNSSEC keys. (CVE-2015-5722) [RT #40212] (bsc#944066)
- Update to version 9.10.2-P3
Security Fixes
* A specially crafted query could trigger an assertion failure in message.c.
This flaw was discovered by Jonathan Foote, and is disclosed in
CVE-2015-5477. [RT #39795]
* On servers configured to perform DNSSEC validation, an assertion failure
could be triggered on answers from a specially configured server.
This flaw was discovered by Breno Silveira Soares, and is disclosed
in CVE-2015-4620. [RT #39795]
Bug Fixes
* Asynchronous zone loads were not handled correctly when the zone load was
already in progress; this could trigger a crash in zt.c. [RT #37573]
* Several bugs have been fixed in the RPZ implementation:
+ Policy zones that did not specifically require recursion could be treated
as if they did; consequently, setting qname-wait-recurse no; was
sometimes ineffective. This has been corrected. In most configurations,
behavioral changes due to this fix will not be noticeable. [RT #39229]
+ The server could crash if policy zones were updated (e.g. via
rndc reload or an incoming zone transfer) while RPZ processing
was still ongoing for an active query. [RT #39415]
+ On servers with one or more policy zones configured as slaves, if a
policy zone updated during regular operation (rather than at startup)
using a full zone reload, such as via AXFR, a bug could allow the RPZ
summary data to fall out of sync, potentially leading to an assertion
failure in rpz.c when further incremental updates were made to the zone,
such as via IXFR. [RT #39567]
+ The server could match a shorter prefix than what was
available in CLIENT-IP policy triggers, and so, an unexpected
action could be taken. This has been corrected. [RT #39481]
+ The server could crash if a reload of an RPZ zone was initiated while
another reload of the same zone was already in progress. [RT #39649]
- Update to version 9.10.2-P2
- An uninitialized value in validator.c could result in an assertion failure.
(CVE-2015-4620) [RT #39795]
- Update to version 9.10.2-P1
- Include client-ip rules when logging the number of RPZ rules of each type.
[RT #39670]
- Addressed further problems with reloading RPZ zones. [RT #39649]
- Addressed a regression introduced in change #4121. [RT #39611]
- The server could match a shorter prefix than what was available in
CLIENT-IP policy triggers, and so, an unexpected action could be taken.
This has been corrected. [RT #39481]
- On servers with one or more policy zones configured as slaves, if a policy
zone updated during regular operation (rather than at startup) using a full
zone reload, such as via AXFR, a bug could allow the RPZ summary data to
fall out of sync, potentially leading to an assertion failure in rpz.c when
further incremental updates were made to the zone, such as via IXFR.
[RT #39567]
- A bug in RPZ could cause the server to crash if policy zones were updated
while recursion was pending for RPZ processing of an active query.
[RT #39415]
- Fix a bug in RPZ that could cause some policy zones that did not
specifically require recursion to be treated as if they did; consequently,
setting qname-wait-recurse no; was sometimes ineffective. [RT #39229]
- Asynchronous zone loads were not handled correctly when the zone load was
already in progress; this could trigger a crash in zt.c. [RT #37573]
- Fix an out-of-bounds read in RPZ code. If the read succeeded, it doesn't
result in a bug during operation. If the read failed, named could segfault.
[RT #38559]
- Fix inappropriate use of /var/lib/named for locating dynamic-DB plugins.
Dynamic-DB plugins are now loaded from %{_libexecdir}/bind, consistent with
openSUSE packaging guideline.
- Install additional header files which are helpful to the development of
dynamic-DB plugins.
- Depend on systemd macros and sysvinit on post-12.3 only.
- Create empty lwresd.conf at build time.
- Reduce file list pre-13.1.
- Update to version 9.10.2
- Handle timeout in legacy system test. [RT #38573]
- dns_rdata_freestruct could be called on a uninitialised structure when
handling a error. [RT #38568]
- Addressed valgrind warnings. [RT #38549]
- UDP dispatches could use the wrong pseudorandom
number generator context. [RT #38578]
- Fixed several small bugs in automatic trust anchor management, including a
memory leak and a possible loss of key state information. [RT #38458]
- 'dnssec-dsfromkey -T 0' failed to add ttl field. [RT #38565]
- Revoking a managed trust anchor and supplying an untrusted replacement
could cause named to crash with an assertion failure.
(CVE-2015-1349) [RT #38344]
- Fix a leak of query fetchlock. [RT #38454]
- Fix a leak of pthread_mutexattr_t. [RT #38454]
- RPZ could send spurious SERVFAILs in response
to duplicate queries. [RT #38510]
- CDS and CDNSKEY had the wrong attributes. [RT #38491]
- adb hash table was not being grown. [RT #38470]
- Update bind.keyring
- Update baselibs.conf due to updates to libdns160 and libisc148
- Enable export libraries to support plugin development.
Install DNSSEC root key.
Expose new interface for developing dynamic zone database.
+ dns_dynamic_db.patch
- PowerPC can build shared libraries for sure.
idnkit-powerpc-ltconfig.patch
- Explicitly BuildRequire systemd-rpm-macros since it is used
for lwresd %post etc. Then drop pre-12.x material.
Remove configure.in.diff2.
- Corrections to baselibs.conf
- Update to version 9.10.1-P1
- A flaw in delegation handling could be exploited to put named into an
infinite loop. This has been addressed by placing limits on the number of
levels of recursion named will allow (default 7), and the number of
iterative queries that it will send (default 50) before terminating a
recursive query (CVE-2014-8500); (bnc#908994).
The recursion depth limit is configured via the "/max-recursion-depth"/
option, and the query limit via the "/max-recursion-queries"/ option.
[RT #37580]
- When geoip-directory was reconfigured during named run-time, the
previously loaded GeoIP data could remain, potentially causing wrong ACLs
to be used or wrong results to be served based on geolocation
(CVE-2014-8680). [RT #37720]; (bnc#908995).
- Lookups in GeoIP databases that were not loaded could cause an assertion
failure (CVE-2014-8680). [RT #37679]; (bnc#908995).
- The caching of GeoIP lookups did not always handle address families
correctly, potentially resulting in an assertion failure (CVE-2014-8680).
[RT #37672]; (bnc#908995).
- Convert some hard PreReq to leaner Requires(pre).
- Typographical and orthographic fixes to description texts.
- Fix bashisms in the createNamedConfInclude script.
- Post scripts: remove '-e' option of 'echo' that may be unsupported
in some POSIX-compliant shells.
- Add openssl engines to the lwresd chroot.
- Add /etc/lwresd.conf with attribute ghost to the list of files.
- Add /run/lwresd to the list of files of the lwresd package.
- Shift /run/named from the chroot sub to the main bind package.
- Drop /proc from the chroot as multi CPU systems work fine even without it.
- Add a versioned dependency when obsoleting packages.
- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).
- Fix gssapi_krb configure time header detection.
- Update root zone (dated Nov 5, 2014).
- Update to version 9.10.1
- This release addresses the security flaws described in CVE-2014-3214 and
CVE-2014-3859.
- Update to version 9.10.0
- DNS Response-rate limiting (DNS RRL), which blunts the impact of
reflection and amplification attacks, is always compiled in and no longer
requires a compile-time option to enable it.
- An experimental "/Source Identity Token"/ (SIT) EDNS option is now available.
- A new zone file format, "/map"/, stores zone data in a
format that can be mapped directly into memory, allowing
significantly faster zone loading.
- "/delv"/ (domain entity lookup and validation) is a new tool with dig-like
semantics for looking up DNS data and performing internal DNSSEC
validation.
- Improved EDNS(0) processing for better resolver performance
and reliability over slow or lossy connections.
- Substantial improvement in response-policy zone (RPZ) performance. Up to
32 response-policy zones can be configured with minimal performance loss.
- To improve recursive resolver performance, cache records which are still
being requested by clients can now be automatically refreshed from the
authoritative server before they expire, reducing or eliminating the time
window in which no answer is available in the cache.
- New "/rpz-client-ip"/ triggers and drop policies allowing
response policies based on the IP address of the client.
- ACLs can now be specified based on geographic location using the MaxMind
GeoIP databases. Use "/configure --with-geoip"/ to enable.
- Zone data can now be shared between views, allowing multiple views to serve
the same zones authoritatively without storing multiple copies in memory.
- New XML schema (version 3) for the statistics channel includes many new
statistics and uses a flattened XML tree for faster parsing. The older
schema is now deprecated.
- A new stylesheet, based on the Google Charts API, displays XML statistics
in charts and graphs on javascript-enabled browsers.
- The statistics channel can now provide data in JSON format as well as XML.
- New stats counters track TCP and UDP queries received
per zone, and EDNS options received in total.
- The internal and export versions of the BIND libraries (libisc, libdns,
etc) have been unified so that external library clients can use the same
libraries as BIND itself.
- A new compile-time option, "/configure --enable-native-pkcs11"/, allows BIND
9 cryptography functions to use the PKCS#11 API natively, so that BIND can
drive a cryptographic hardware service module (HSM) directly instead of
using a modified OpenSSL as an intermediary.
- The new "/max-zone-ttl"/ option enforces maximum TTLs for zones. This can
simplify the process of rolling DNSSEC keys by guaranteeing that cached
signatures will have expired within the specified amount of time.
- "/dig +subnet"/ sends an EDNS CLIENT-SUBNET option when querying.
- "/dig +expire"/ sends an EDNS EXPIRE option when querying.
- New "/dnssec-coverage"/ tool to check DNSSEC key coverage for a zone and
report if a lapse in signing coverage has been inadvertently scheduled.
- Signing algorithm flexibility and other improvements
for the "/rndc"/ control channel.
- "/named-checkzone"/ and "/named-compilezone"/ can now read
journal files, allowing them to process dynamic zones.
- Multiple DLZ databases can now be configured. Individual zones can be
configured to be served from a specific DLZ database. DLZ databases now
serve zones of type "/master"/ and "/redirect"/.
- "/rndc zonestatus"/ reports information about a specified zone.
- "/named"/ now listens on IPv6 as well as IPv4 interfaces by default.
- "/named"/ now preserves the capitalization of names
when responding to queries.
- new "/dnssec-importkey"/ command allows the use of offline
DNSSEC keys with automatic DNSKEY management.
- New "/named-rrchecker"/ tool to verify the syntactic
correctness of individual resource records.
- When re-signing a zone, the new "/dnssec-signzone -Q"/ option drops
signatures from keys that are still published but are no longer active.
- "/named-checkconf -px"/ will print the contents of configuration files with
the shared secrets obscured, making it easier to share configuration (e.g.
when submitting a bug report) without revealing private information.
- "/rndc scan"/ causes named to re-scan network interfaces for
changes in local addresses.
- On operating systems with support for routing sockets, network interfaces
are re-scanned automatically whenever they change.
- "/tsig-keygen"/ is now available as an alternate command
name to use for "/ddns-confgen"/.
- Update to version 9.9.6
New Features
- Support for CAA record types, as described in RFC 6844 "/DNS
Certification Authority Authorization (CAA) Resource Record"/,
was added. [RT#36625] [RT #36737]
- Disallow "/request-ixfr"/ from being specified in zone statements where it
is not valid (it is only valid for slave and redirect zones) [RT #36608]
- Support for CDS and CDNSKEY resource record types was added. For
details see the proposed Informational Internet-Draft "/Automating
DNSSEC Delegation Trust Maintenance"/ at
http://tools.ietf.org/html/draft-ietf-dnsop-delegation-trust-maintainance-14.
[RT #36333]
- Added version printing options to various BIND utilities. [RT #26057]
[RT #10686]
- Added a "/no-case-compress"/ ACL, which causes named to use case-insensitive
compression (disabling change #3645) for specified clients. (This is useful
when dealing with broken client implementations that use case-sensitive
name comparisons, rejecting responses that fail to match the capitalization
of the query that was sent.) [RT #35300]
Feature Changes
- Adds RPZ SOA to the additional section of responses to clearly
indicate the use of RPZ in a manner that is intended to avoid
causing issues for downstream resolvers and forwarders [RT #36507]
- rndc now gives distinct error messages when an unqualified zone
name matches multiple views vs. matching no views [RT #36691]
- Improves the accuracy of dig's reported round trip times. [RT #36611]
- When an SPF record exists in a zone but no equivalent TXT record
does, a warning will be issued. The warning for the reverse
condition is no longer issued. See the check-spf option in the
documentation for details. [RT #36210]
- "/named"/ will now log explicitly when using rndc.key to configure
command channel. [RT #35316]
- The default setting for the -U option (setting the number of UDP
listeners per interface) has been adjusted to improve performance.
[RT #35417]
- Aging of smoothed round-trip time measurements is now limited
to no more than once per second, to improve accuracy in selecting
the best name server. [RT #32909]
- DNSSEC keys that have been marked active but have no publication
date are no longer presumed to be publishable. [RT #35063]
Bug Fixes
- The Makefile in bin/python was changed to work around a bmake
bug in FreeBSD 10 and NetBSD 6. [RT #36993] (**)
- Corrected bugs in the handling of wildcard records by the DNSSEC
validator: invalid wildcard expansions could be treated as valid
if signed, and valid wildcard expansions in NSEC3 opt-out ranges
had the AD bit set incorrectly in responses. [RT #37093] [RT #37072]
- When resigning, dnssec-signzone was removing all signatures from
delegation nodes. It now retains DS and (if applicable) NSEC
signatures. [RT #36946]
- The AD flag was being set inappopriately on RPZ responses. [RT #36833]
- Updates the URI record type to current draft standard,
draft-faltstrom-uri-08, and allows the value field to be zero
length [RT #36642] [RT #36737]
- RRSIG sets that were not loaded in a single transaction at start
up were not being correctly added to re-signing heaps. [RT #36302]
- Setting '-t aaaa' in .digrc had unintended side-effects. [RT #36452]
- A race condition could cause a crash in isc_event_free during
shutdown. [RT #36720]
- Addresses a race condition issue in dispatch. [RT #36731]
- acl elements could be miscounted, causing a crash while loading
a config [RT #36675]
- Corrects a deadlock between view.c and adb.c. [RT #36341]
- liblwres wasn't properly handling link-local addresses in
nameserver clauses in resolv.conf. [RT #36039]
- Buffers in isc_print_vsnprintf were not properly initialized
leading to potential overflows when printing out quad values.
[RT #36505]
- Don't call qsort() with a null pointer, and disable the GCC 4.9
"/delete null pointer check"/ optimizer option. This fixes problems
when using GNU GCC 4.9.0 where its compiler code optimizations
may cause crashes in BIND. For more information, see the operational
advisory at https://kb.isc.org/article/AA-01167/. [RT #35968]
- Fixed a bug that could cause repeated resigning of records in
dynamically signed zones. [RT #35273]
- Fixed a bug that could cause an assertion failure after forwarding
was disabled. [RT #35979]
- Fixed a bug that caused SERVFAILs when using RPZ on a system
configured as a forwarder. [RT #36060]
- Worked around a limitation in Solaris's /dev/poll implementation
that could cause named to fail to start when configured to use
more sockets than the system could accomodate. [RT #35878]
- Remove merged rpz2+rl-9.9.5.patch and obsoleted rpz2+rl-9.9.5.patch
- Removed pid-path.diff patch as /run/{named,lwresd}/ are used by default.
- Update baselibs.conf (added libirs and library interface version updates).
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- binutils
-
- Add binutils-fix-relax.diff to fix linking relaxation problems
with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
* Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
certain DWARF variable descriptions.
* Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
PR26711
* The above includes fixes for dwo files produced by modern dwp,
fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
"/.nop"/. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
* Add xBPF target
* Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
testcases.
- Add binutils-2.35-branch.diff.gz: it includes fix for
nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
error message occuring without inputs and as-needed (affects
nvme-cli build).
- Update to binutils 2.35:
* The asseembler can now produce DWARF-5 format line number tables.
* Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
* Readelf will now display "/[...]"/ when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
[bsc#1163744]
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
by backport for PR25355.
- Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
bnc#1153768 aka CVE-2019-17451 aka PR25070
bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to "/no"/.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
- -dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
- -syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
- -disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
- Includes fixes for these CVEs:
bnc#1126826 aka CVE-2019-9077 aka PR1126826
bnc#1126829 aka CVE-2019-9075 aka PR1126829
bnc#1126831 aka CVE-2019-9074 aka PR24235
bnc#1140126 aka CVE-2019-12972 aka PR23405
bnc#1143609 aka CVE-2019-14444 aka PR24829
bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
binutils-pr24486.patch, riscv-abi-check.patch,
rx-gas-padding-pr24464.patch.
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
cross-avr-size.patch patch.
- Add binutils-fix-ld-segv.diff to fix a segfault in ld
when building some versions of pacemaker. [bsc#1154025,
bsc#1154016]
- Add avr, epiphany and rx to target_list so that the common
binutils can handle all objects we can create with crosses.
[bsc#1152590]
- Update to current 2.32 branch @7b468db3 adding
binutils-2.32-branch.diff.gz [jsc#ECO-368].
- Includes fixes for these CVEs:
bsc#1109412 aka CVE-2018-17358 aka PR23686
bsc#1109413 aka CVE-2018-17359 aka PR23686
bsc#1109414 aka CVE-2018-17360 aka PR23685
bsc#1111996 aka CVE-2018-18309 aka PR23770
bsc#1112534 aka CVE-2018-18484 aka GCC PR87636
bsc#1112535 aka CVE-2018-18483 aka PR23767
bsc#1113247 aka CVE-2018-18607 aka PR23805
bsc#1113252 aka CVE-2018-18606 aka PR23806
bsc#1113255 aka CVE-2018-18605 aka PR23804
bsc#1116827 aka CVE-2018-17985 aka GCC PR87335
bsc#1118830 aka CVE-2018-19932 aka PR23932
bsc#1118831 aka CVE-2018-19931 aka PR23942
bsc#1120640 aka CVE-2018-1000876 aka PR23994
bsc#1121034 aka CVE-2018-20651 aka PR24041
bsc#1121035 aka CVE-2018-20623 aka PR24049
bsc#1121056 aka CVE-2018-20671 aka PR24005
bsc#1142772 aka CVE-2019-1010180 aka PR23657
- Refresh s390-biarch.diff and
binutils-revert-plt32-in-branches.diff .
- For the SLE12 package this also removes patches
binutils-z13-1.diff, binutils-z13-2.diff,
binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- enable xtensa architecture (Tensilica lc6 and related)
- Fix SUSE typo in README package name
- Use -ffat-lto-objects in order to provide assembly for static libs
(boo#1141913).
Fake entry for SLE12 package variant only:
- Add support for new z13 instructions. [fate#327074, jsc#SLE-6206,
bsc#1137271]
Adds patches binutils-z13-1.diff, binutils-z13-2.diff,
binutils-z13-3.diff, binutils-z13-4.diff and binutils-z13-5.diff .
- Add binutils-pr24486.patch: fix for PR24486 (boo#1133131 boo#1133232).
- Add rx-gas-padding-pr24464.patch: fix for PR24464.
- riscv-abi-check.patch: Don't check ABI flags if no code section
- Add binutils.keyring and verify signature.
- Add disk and RAM (for ppc, ppc64 and ppc64le) constraint with _constraints.
- Update to binutils 2.32:
* The binutils now support for the C-SKY processor series.
* The x86 assembler now supports a -mvexwig=[0|1] option to control
encoding of VEX.W-ignored (WIG) VEX instructions.
It also has a new -mx86-used-note=[yes|no] option to generate (or
not) x86 GNU property notes.
* The MIPS assembler now supports the Loongson EXTensions R2 (EXT2),
the Loongson EXTensions (EXT) instructions, the Loongson Content
Address Memory (CAM) ASE and the Loongson MultiMedia extensions
Instructions (MMI) ASE.
* The addr2line, c++filt, nm and objdump tools now have a default
limit on the maximum amount of recursion that is allowed whilst
demangling strings. This limit can be disabled if necessary.
* Objdump's --disassemble option can now take a parameter,
specifying the starting symbol for disassembly. Disassembly will
continue from this symbol up to the next symbol or the end of the
function.
* The BFD linker will now report property change in linker map file
when merging GNU properties.
* The BFD linker's -t option now doesn't report members within
archives, unless -t is given twice. This makes it more useful
when generating a list of files that should be packaged for a
linker bug report.
* The GOLD linker has improved warning messages for relocations that
refer to discarded sections.
- Remove binutils-2.31-branch.diff.gz, fix-pr23919-1.diff,
fix-pr23919-2.diff, fix-pr23919-3.diff,
gold-depend-on-opcodes.diff and s390-relro.diff.
- Refresh binutils-skip-rpaths.patch, s390-biarch.diff, cross-avr-size.patch
and binutils-revert-plt32-in-branches.diff.
- Add s390-relro.diff to improve relro support on s390
[fate#326356]
- Fix the fix for PR23919 [bsc#1118644]:
rename handle-ELF-compressed-header-alignment-correctly-by-.patch
to fix-pr23919-1.diff and add fix-pr23919-2.diff
and fix-pr23919-3.diff .
- Add handle-ELF-compressed-header-alignment-correctly-by-.patch:
PR23919.
- Update to binutils-2_31-branch @e51abf7e3, minor bugfixes in
the support for the X86_ISA_1_* notes. Adds
patch binutils-2.31-branch.diff.gz .
- Add binutils-revert-plt32-in-branches.diff on anything older
than Tumbleweed to not break old tools not expecting
PLT32 instead of PC32 relocs on x86_64.
- Includes fixes for these CVEs:
* from 2.30:
bnc#1065643 aka CVE-2017-15996 aka PR22361
bnc#1065689 aka CVE-2017-15939 aka PR22205
bnc#1065693 aka CVE-2017-15938 aka PR22209
bnc#1068640 aka CVE-2017-16826 aka PR22376
bnc#1068643 aka CVE-2017-16832 aka PR22373
bnc#1068887 aka CVE-2017-16831 aka PR22385
bnc#1068888 aka CVE-2017-16830 aka PR22384
bnc#1068950 aka CVE-2017-16829 aka PR22307
bnc#1069176 aka CVE-2017-16828 aka PR22386
bnc#1069202 aka CVE-2017-16827 aka PR22306
* from 2.31:
bnc#1077745 aka CVE-2018-6323 aka PR22746
bnc#1079103 aka CVE-2018-6543 aka PR22769
bnc#1079741 aka CVE-2018-6759 aka PR22794
bnc#1080556 aka CVE-2018-6872 aka PR22788
bnc#1081527 aka CVE-2018-7208 aka PR22741
bnc#1083528 aka CVE-2018-7570 aka PR22881
bnc#1083532 aka CVE-2018-7569 aka PR22895
bnc#1086608 aka CVE-2018-8945 aka PR22809
bnc#1086784 aka CVE-2018-7643 aka PR22905
bnc#1086786 aka CVE-2018-7642 aka PR22887
bnc#1086788 aka CVE-2018-7568 aka PR22894
bnc#1090997 aka CVE-2018-10373 aka PR23065
bnc#1091015 aka CVE-2018-10372 aka PR23064
bnc#1091365 aka CVE-2018-10535 aka PR23113
bnc#1091368 aka CVE-2018-10534 aka PR23110
- Removes binutils-fix-pr21964.diff as it's included in 2.31.
Rebase testsuite.diff and aarch64-common-pagesize.patch .
- Disable -z separate-code everywhere but in Tumbleweed.
- Update to binutils 2.31
* The AArch64 port now supports showing disassembly notes which are emitted
when inconsistencies are found with the instruction that may result in the
instruction being invalid. These can be turned on with the option -M notes
to objdump.
* The AArch64 port now emits warnings when a combination of an instruction and
a named register could be invalid.
* Added O modifier to ar to display member offsets inside an archive
* The ADR and ADRL pseudo-instructions supported by the ARM assembler
now only set the bottom bit of the address of thumb function symbols
if the -mthumb-interwork command line option is active.
* Add --generate-missing-build-notes=[yes|no] option to create (or not) GNU
Build Attribute notes if none are present in the input sources. Add a
- -enable-generate-build-notes=[yes|no] configure time option to set the
default behaviour. Set the default if the configure option is not used
to "/no"/.
* Remove -mold-gcc command-line option for x86 targets.
* Add -O[2|s] command-line options to x86 assembler to enable alternate
shorter instruction encoding.
* Add support for .nops directive. It is currently supported only for
x86 targets.
* Speed up direct linking with DLLs for Cygwin and Mingw targets.
* Add a configure option --enable-separate-code to decide whether
- z separate-code should be enabled in ELF linker by default. Default
to yes for Linux/x86 targets. Note that -z separate-code can increase
disk and memory size.
* Includes riscv-relax-size.patch, riscv-relax-relocatable.patch,
riscv-relax-versioned-hidden.patch and riscv-wrap-relax.patch
- Refresh enable-targets-gold.diff.
- Adjust cross-avr-omit_section_dynsym.patch.
- Remove binutils-2.30-branch.diff.
- riscv-relax-versioned-hidden.patch: RISC-V: Fix symbol address problem
with versioned symbols (PR ld/22756)
- Restore riscv64-elf cross prefix via symlinks
- Fix pacemaker libqb problem with section start/stop
symbols, aka PR21964. [bnc#1075418]
Adds binutils-fix-pr21964.diff .
(this is a change from SLE12, that was already included in 2.31
binutils tree, mentioned for completeness to not loose tracking)
- riscv-relax-relocatable.patch: RISC-V: Don't enable relaxation in
relocatable link
- Update binutils-2.30-branch.diff: 2.30 branch @7c78c26eefbb8
* Includes more complete fix for PR20882.
* Includes fix for PR22836. [boo#1085784]
* Includes fix for PR22983.
- riscv-relax-size.patch: Fix symbol size bug when relaxation deletes bytes
- Add binutils-pr22868.diff to fix testsuite fails in LLVM.
- Update to binutils 2.30
* Add --debug-dump=links option to readelf and --dwarf=links option to objdump
which displays the contents of any .gnu_debuglink or .gnu_debugaltlink
sections.
Add a --debug-dump=follow-links option to readelf and a --dwarf=follow-links
option to objdump which causes indirect links into separate debug info files
to be followed when dumping other DWARF sections.
* Add support for loaction views in DWARF debug line information.
* Add -z separate-code to generate separate code PT_LOAD segment.
* Add "/-z undefs"/ command line option as the inverse of the "/-z defs"/ option.
* Add -z globalaudit command line option to force audit libraries to be run
for every dynamic object loaded by an executable - provided that the loader
supports this functionality.
* Tighten linker script grammar around file name specifiers to prevent the use
of SORT_BY_ALIGNMENT and SORT_BY_INIT_PRIORITY on filenames. These would
previously be accepted but had no effect.
* The EXCLUDE_FILE directive can now be placed within any SORT_* directive
within input section lists.
- binutils-2.30-branch.diff: 2.30 branch @4cd0043413
- riscv-wrap-relax.patch: Fix linker relaxation with --wrap
- Remove use-hashtype-both-by-default.diff, use
- -enable-default-hash-style=both instead
- Remove binutils-2.29-branch.diff, s390x-8fe09d7.diff
- Use riscv64-suse-linux as target for cross-riscv64-binutils
- Drop bc BuildRequires: no longer needed.
- Add riscv64 to %target_list
- Add arm-none-eabi symlinks (bsc#1074741)
- Add s390x-8fe09d7.diff to fix typo in ELF notes.
- Update binutils-2.29-branch.diff to @a45d8fd5ffbf888 fixing PR 22220.
- Update to 2.29.1 release, accumulating bugfixes.
- Update binutils-2.29-branch.diff to @a38a1d80 and to be
relative to the 2.29.1 release fixing following PRs/bnc/CVE:
22058 [bnc#1057149, CVE-2017-14130]
21813 [bnc#1052503, CVE-2017-12456, bnc#1052507, CVE-2017-12454,
bnc#1052509, CVE-2017-12453, bnc#1052511, CVE-2017-12452,
bnc#1052514, CVE-2017-12450, bnc#1052503, CVE-2017-12456,
bnc#1052507, CVE-2017-12454, bnc#1052509, CVE-2017-12453,
bnc#1052511, CVE-2017-12452, bnc#1052514, CVE-2017-12450]
22148 [bnc#1060599, CVE-2017-14745]
22163 [bnc#1061241, CVE-2017-14974]
21933 [bnc#1053347, CVE-2017-12799]
21787 [bnc#1052518, CVE-2017-12448]
22018 [bnc#1056312, CVE-2017-13757]
22170 [bnc#1060621, CVE-2017-14729]
22047 [bnc#1057144, CVE-2017-14129]
22059 [bnc#1057139, CVE-2017-14128]
21990 [bnc#1058480, CVE-2017-14333]
22113 [bnc#1059050, CVE-2017-14529]
as well as these PRs:
22061, 21786, 21916, 21994, 22064, 21995, 21909, 21441, 22060,
22067, 22032, 21820, 22048, 22199, 21781, 21824, 21861, 22150.
- Update to 2.29 (@5d25156), upstream fix for PR21884, as
well as PRs 18808 18841 21840 21988 21910 21962 21964.
- Last fixes for PR21884 weren't complete, adjust
binutils-2.29-branch.diff some more for this.
- Update to 2.29 branch (@de44148c), fixing PR21884, a segfault
in ld while building memtest86+ .
Changes binutils-2.29-branch.diff.
- Update to 2.29 branch, fixing PR21847, affecting the ppc64le
ABI in corner cases since 2.29 release.
Adds binutils-2.29-branch.diff.
- Remove binutils-2.29-gold-mips.patch, obsolete by the update.
- Add binutils-2.29-gold-mips.patch to fix build on SLE-11.
- Update to binutils 2.29. [fate#321454, fate#321494, fate#323293]
- Fixes these security-related PRs/bnc/CVEs:
18750 [bsc#1030296, CVE-2014-9939]
20891 [bsc#1030585, CVE-2017-7225]
20892 [bsc#1030588, CVE-2017-7224]
20898 [bsc#1030589, CVE-2017-7223]
20905 [bsc#1030584, CVE-2017-7226]
20908 [bsc#1031644, CVE-2017-7299]
20909 [bsc#1031656, CVE-2017-7300]
20921 [bsc#1031595, CVE-2017-7302]
20922 [bsc#1031593, CVE-2017-7303]
20924 [bsc#1031638, CVE-2017-7301]
20931 [bsc#1031590, CVE-2017-7304]
21409 [bsc#1037052, CVE-2017-8392]
21412 [bsc#1037057, CVE-2017-8393]
21414 [bsc#1037061, CVE-2017-8394]
21432 [bsc#1037066, CVE-2017-8396]
21440 [bsc#1037273, CVE-2017-8421]
21580 [bsc#1044891, CVE-2017-9746]
21581 [bsc#1044897, CVE-2017-9747]
21582 [bsc#1044901, CVE-2017-9748]
21587 [bsc#1044909, CVE-2017-9750]
21594 [bsc#1044925, CVE-2017-9755]
21595 [bsc#1044927, CVE-2017-9756]
- Feature changes:
* The MIPS port now supports microMIPS eXtended Physical Addressing (XPA)
instructions for assembly and disassembly.
* The MIPS port now supports the microMIPS Release 5 ISA for assembly and
disassembly.
* The MIPS port now supports the Imagination interAptiv MR2 processor,
which implements the MIPS32r3 ISA, the MIPS16e2 ASE as well as a couple
of implementation-specific regular MIPS and MIPS16e2 ASE instructions.
* The SPARC port now supports the SPARC M8 processor, which implements the
Oracle SPARC Architecture 2017.
* The MIPS port now supports the MIPS16e2 ASE for assembly and disassembly.
* Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
* Add support for the wasm32 ELF conversion of the WebAssembly file format.
* Add --inlines option to objdump, which extends the --line-numbers option
so that inlined functions will display their nesting information.
* Add --merge-notes options to objcopy to reduce the size of notes in
a binary file by merging and deleting redundant notes.
* Add support for locating separate debug info files using the build-id
method, where the separate file has a name based upon the build-id of
the original file.
GAS
* Add support for ELF SHF_GNU_MBIND.
* Add support for the WebAssembly file format and wasm32 ELF conversion.
* PowerPC gas now checks that the correct register class is used in
instructions. For instance, "/addi %f4,%cr3,%r31"/ warns three times
that the registers are invalid.
* Add support for the Texas Instruments PRU processor.
* Support for the ARMv8-R architecture and Cortex-R52 processor has been
added to the ARM port.
GNU ld
* Support for -z shstk in the x86 ELF linker to generate
GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program properties.
* Add support for GNU_PROPERTY_X86_FEATURE_1_SHSTK in ELF GNU program
properties in the x86 ELF linker.
* Add support for GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
properties in the x86 ELF linker.
* Support for -z ibtplt in the x86 ELF linker to generate IBT-enabled
PLT.
* Support for -z ibt in the x86 ELF linker to generate IBT-enabled
PLT as well as GNU_PROPERTY_X86_FEATURE_1_IBT in ELF GNU program
properties.
* Add support for ELF SHF_GNU_MBIND and PT_GNU_MBIND_XXX.
* Add support for ELF GNU program properties.
* Add support for the Texas Instruments PRU processor.
* When configuring for arc*-*-linux* targets the default linker emulation will
change if --with-cpu=nps400 is used at configure time.
* Improve assignment of LMAs to orphan sections in some edge cases where a
mixture of both AT>LMA_REGION and AT(LMA) are used.
* Orphan sections placed after an empty section that has an AT(LMA) will now
take an load memory address starting from LMA.
* Section groups can now be resolved (the group deleted and the group members
placed like normal sections) at partial link time either using the new
linker option --force-group-allocation or by placing FORCE_GROUP_ALLOCATION
into the linker script.
- Includes binutils-bso21193.diff, binutils-bso21333.diff and
fix-security-bugs.diff.
- Remove ld-dtags.diff, instead configure with --enable-new-dtags.
- Refresh binutils-build-as-needed.diff.
- Remove binutils-2.28-branch.diff.
- Add riscv64 target, tested with gcc7 and downstream newlib 2.4.0
* Prepare riscv32 target (gh#riscv/riscv-newlib#8)
- Update binutils-2.28-branch.diff.
- Make compressed debug section handling explicit, disable for
old products and enable for gas on all architectures otherwise.
- Add binutils-bso21333.diff. [boo#1029995]
- Remove empty rpath component removal optimization from
binutils-skip-rpaths.patch to workaround CMake rpath handling.
[boo#1025282]
- Add fix-security-bugs.diff to fix bnc#1029907, bnc#1029908,
bnc#1029909 and more. Upstream bugs fixed:
PR 21135 [bsc#1030298, CVE-2017-7209],
PR 21137 [bsc#1029909, CVE-2017-6965],
PR 21139 [bsc#1029908, CVE-2017-6966],
PR 21156 [bsc#1029907, CVE-2017-6969],
PR 21157 [bsc#1030297, CVE-2017-7210],
PR 21147, PR 21148, PR 21149, PR 21150, PR 21151, PR 21155,
PR 21158, PR 21159
- Update to binutils 2.28.
* Add support for locating separate debug info files using the build-id
method, where the separate file has a name based upon the build-id of
the original file.
* This version of binutils fixes a problem with PowerPC VLE 16A and 16D
relocations which were functionally swapped, for example,
R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D
performed like R_PPC_VLE_HA16A. This could have been fixed by
renumbering relocations, which would keep object files created by an
older version of gas compatible with a newer ld. However, that would
require an ABI update, affecting other assemblers and linkers that
create and process the relocations correctly. It is recommended that
all VLE object files be recompiled, but ld can modify the relocations
if --vle-reloc-fixup is passed to ld. If the new ld command line
option is not used, ld will ld warn on finding relocations inconsistent
with the instructions being relocated.
* The nm program has a new command line option (--with-version-strings)
which will display a symbol's version information, if any, after the
symbol's name.
* The ARC port of objdump now accepts a -M option to specify the extra
instruction class(es) that should be disassembled.
* The --remove-section option for objcopy and strip now accepts section
patterns starting with an exclamation point to indicate a non-matching
section. A non-matching section is removed from the set of sections
matched by an earlier --remove-section pattern.
* The --only-section option for objcopy now accepts section patterns
starting with an exclamation point to indicate a non-matching section.
A non-matching section is removed from the set of sections matched by
an earlier --only-section pattern.
* New --remove-relocations=SECTIONPATTERN option for objcopy and strip.
This option can be used to remove sections containing relocations.
The SECTIONPATTERN is the section to which the relocations apply, not
the relocation section itself.
GAS
* Add support for the RISC-V architecture.
* Add support for the ARM Cortex-M23 and Cortex-M33 processors.
GNU ld
* The EXCLUDE_FILE linker script construct can now be applied outside of the
section list in order for the exclusions to apply over all input sections
in the list.
* Add support for the RISC-V architecture.
* The command line option --no-eh-frame-hdr can now be used in ELF based
linkers to disable the automatic generation of .eh_frame_hdr sections.
* Add --in-implib=<infile> to the ARM linker to enable specifying a set of
Secure Gateway veneers that must exist in the output import library
specified by --out-implib=<outfile> and the address they must have.
As such, --in-implib is only supported in combination with --cmse-implib.
* Extended the --out-implib=<file> option, previously restricted to x86 PE
targets, to any ELF based target. This allows the generation of an import
library for an ELF executable, which can then be used by another application
to link against the executable.
GOLD
* Add -z bndplt option (x86-64 only) to support Intel MPX.
* Add --orphan-handling option.
* Add --stub-group-multi option (PowerPC only).
* Add --target1-rel, --target1-abs, --target2 options (Arm only).
* Add -z stack-size option.
* Add --be8 option (Arm only).
* Add HIDDEN support in linker scripts.
* Add SORT_BY_INIT_PRIORITY support in linker scripts.
- Add binutils-2.28-branch.diff.
- Remove binutils-2.27-branch.diff
- Remove binutils-2.27-fix-section-order.diff,
refine_.cfi_sections_check_to_only_consider_compact_eh_frame.patch
and aarch64-alignment-frags.patch now upstream.
- Configure with --with-system-zlib
- Add binutils-bso21193.diff to fix section alignment on
.gnu_debuglink. [bso#21193]
- Add s390x to gold_archs.
- Fix alignment frags for aarch64 (boo#1003846)
aarch64-alignment-frags.patch
- Call ldconfig for libbfd
- Add refine_.cfi_sections_check_to_only_consider_compact_eh_frame.patch
from upstream to fix an assembler problem with clang on ARM.
Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=20648
- Update binutils-2.27-branch.diff to include recent fixes from the branch.
- Add binutils-2.27-fix-section-order.diff to restore monotonically
increasing section offsets.
- Remove qemu workaround from spec file, since qemu 2.5.0rc0 the
length of the argument list is no longer limited to 128 kByte.
- Update to binutils 2.27.
* Add a configure option, --enable-64-bit-archive, to force use of a
64-bit format when creating an archive symbol index.
* Add --elf-stt-common= option to objcopy for ELF targets to control
whether to convert common symbols to the STT_COMMON type.
GAS:
* Default to --enable-compressed-debug-sections=gas for Linux/x86 targets.
* Add --no-pad-sections to stop the assembler from padding the end of output
sections up to their alignment boundary.
* Support for the ARMv8-M architecture has been added to the ARM port.
Support for the ARMv8-M Security and DSP Extensions has also been added
to the ARM port.
* ARC backend accepts .extInstruction, .extCondCode, .extAuxRegister, and
.extCoreRegister pseudo-ops that allow an user to define custom
instructions, conditional codes, auxiliary and core registers.
* Add a configure option --enable-elf-stt-common to decide whether ELF
assembler should generate common symbols with the STT_COMMON type by
default. Default to no.
* New command line option --elf-stt-common= for ELF targets to control
whether to generate common symbols with the STT_COMMON type.
* Add ability to set section flags and types via numeric values for ELF
based targets.
* Add a configure option --enable-x86-relax-relocations to decide whether
x86 assembler should generate relax relocations by default. Default to
yes, except for x86 Solaris targets older than Solaris 12.
* New command line option -mrelax-relocations= for x86 target to control
whether to generate relax relocations.
* New command line option -mfence-as-lock-add=yes for x86 target to encode
lfence, mfence and sfence as "/lock addl $0x0, (%[re]sp)"/.
* Add assembly-time relaxation option for ARC cpus.
* Add --with-cpu=TYPE configure option for ARC gas. This allows the default
cpu type to be adjusted at configure time.
GOLD:
* Add a configure option --enable-relro to decide whether -z relro should
be enabled by default. Default to yes.
* Add support for s390, MIPS, AArch64, and TILE-Gx architectures.
* Add support for STT_GNU_IFUNC symbols.
* Add support for incremental linking (--incremental).
GNU ld:
* Add a configure option --enable-relro to decide whether -z relro should
be enabled in ELF linker by default. Default to yes for all Linux
targets except FRV, HPPA, IA64 and MIPS.
* Support for -z noreloc-overflow in the x86-64 ELF linker to disable
relocation overflow check.
* Add -z common/-z nocommon options for ELF targets to control whether to
convert common symbols to the STT_COMMON type during a relocatable link.
* Support for -z nodynamic-undefined-weak in the x86 ELF linker, which
avoids dynamic relocations against undefined weak symbols in executable.
* The NOCROSSREFSTO command was added to the linker script language.
* Add --no-apply-dynamic-relocs to the AArch64 linker to do not apply
link-time values for dynamic relocations.
- Add binutils-2.27-branch.diff with fixes on the branch sofar.
- Remove gold-relocate-tls.patch, included in binutils 2.27.
- Update to binutils 2.26.1.
- Remove binutils-2.26-branch.diff.
- Update binutils-2.26-branch.diff, updates to branch head.
(swo#19807) (bnc#970239)
- Disable -mrelax-relocations by default on old products.
- Update binutils-2.26-branch.diff, updates to branch head.
(swo#19739) (swo#19775)
- Add binutils-2.26-branch.diff, updates to branch head.
* Adds -mrelax-relocations on x86
* Fixes bso#19698
- Refresh cross-avr-nesc-as.patch
- Update to binutils 2.26
* Add --fix-stm32l4xx-629360 to the ARM linker to enable a link-time
workaround for a bug in the bus matrix / memory controller for some of
the STM32 Cortex-M4 based products (STM32L4xx)
* Add a configure option --enable-compressed-debug-sections={all,ld} to
decide whether DWARF debug sections should be compressed by default.
* Add support for the ARC EM/HS, and ARC600/700 architectures.
* Experimental support for linker garbage collection (--gc-sections)
has been enabled for COFF and PE based targets.
* New command line option for ELF targets to compress DWARF debug
sections, --compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi].
* New command line option, --orphan-handling=[place|warn|error|discard], to
adjust how orphan sections are handled. The default is 'place' which gives
the current behaviour, 'warn' and 'error' issue a warning or error
respectively when orphan sections are found, and 'discard' will discard all
orphan sections.
* Add support for LLVM plugin.
* Add --print-memory-usage option to report memory blocks usage.
* Add --require-defined option, it's like --undefined except the new symbol
must be defined by the end of the link.
* Add a configure option --enable-compressed-debug-sections={all,gas} to
decide whether DWARF debug sections should be compressed by default.
* Add support for the ARC EM/HS, and ARC600/700 architectures. Remove
assembler support for Argonaut RISC architectures.
* Add option to objcopy to insert new symbols into a file:
- -add-symbol <name>=[<section>:]<value>[,<flags>]
* Add support for the ARC EM/HS, and ARC600/700 architectures.
* Extend objcopy --compress-debug-sections option to support
- -compress-debug-sections=[none|zlib|zlib-gnu|zlib-gabi] for ELF
targets.
* Add --update-section option to objcopy.
* Add --output-separator option to strings.
- Includes z13 support, remove 0001-S-390-Add-support-for-IBM-z13.patch,
0002-S-390-Add-check-for-length-field-operand.patch,
0003-S-390-Add-more-IBM-z13-instructions.patch,
0004-S-390-Fixes-for-z13-instructions.patch and
0005-S-390-z13-use-GNU-attribute-to-indicate-vector-ABI.patch
- Includes fixes in binutils-fix--dynamic-list.patch,
binutils-fix-gold-aarch64.diff, gold-arm64-abi-pagesize.patch
and s390-troo-insn-type.patch
- Refresh s390-pic-dso.diff and binutils-build-as-needed.diff
- gold-relocate-tls.patch: Fix internal error when applying TLSDESC
relocations with no TLS segment
- s390-troo-insn-type.patch: fix wrong insn type for troo insn
- aarch64-common-pagesize.patch: change default common-page-size to 64K on
aarch64
- gold-arm64-abi-pagesize.patch: fix ABI pagesize for aarch64 in gold
- Disable use-hashtype-both-by-default.diff for
the mips target, it's incompatible with it. [bnc #938658]
- Add cross-rx-binutils package for Renesas RX
- Work around qemu bug
- Update to 2.25 branch at 2f5b97b4f (changes
binutils-2.25-branch.diff.gz) fixes PR 18481, gas/18541.
- Add patches for s390 z13 support (backports from
to-be 2.26):
0001-S-390-Add-support-for-IBM-z13.patch
0002-S-390-Add-check-for-length-field-operand.patch
0003-S-390-Add-more-IBM-z13-instructions.patch
0004-S-390-Fixes-for-z13-instructions.patch
0005-S-390-z13-use-GNU-attribute-to-indicate-vector-ABI.patch .
- Fix %TARGET vs. $TARGET_OS inconsistencies by turning $TARGET_OS
into %TARGET_OS for reuse in install and file sections.
This fixes the assumption that $TARGET_OS will match %{TARGET}*.
- enable gold for aarch64
- Move sed call from %prep to %build to not disturb quilt.
- Add binutils-2.25-branch.diff.gz:
Update to 2.25 branch at 8fe8994c, fixing many bugs:
PR ld/15228, binutils/17512, 17165, binutils/17531, ld/17615, 17666,
ld/17709, gas/17753, 17755, 17817, ld/17827, 17842, binutils/17926,
17954, 18010, ld/18167, ld/18222, ld/18270.
- Remove eh-frame-hdr-on-shared-lib-bfd.patch: Included already.
- Remove gold-opd-visibility.patch: Included already.
- move info deinstall to preun section
- Added binutils-fix--dynamic-list.patch:
Fixes https://sourceware.org/bugzilla/show_bug.cgi?id=13577 and
https://sourceware.org/bugzilla/show_bug.cgi?id=16992
- gold-opd-visibility.patch: Set default visibility on discarded .opd
symbols
- eh-frame-hdr-on-shared-lib-bfd.patch: Don't create .eh_frame_hdr on
shared lib bfd, fixes building libgcj on ppc64
- Update to binutils 2.25 release.
* Add --data option to strings to only print strings in loadable, initialized
data sections. Change the default behaviour to be --all, but add a new
configure time option of --disable-default-strings-all to restore the old
default behaviour.
* Add --include-all-whitespace to strings.
* Add --dump-section option to objcopy.
* Add support for the Andes NDS32.
* PE binaries now once again contain real timestamps by default. To disable
the inclusion of a timestamp in a PE binary, use the --no-insert-timestamp
command line option.
* Replace support for openrisc and or32 with support for or1k.
* Add support for the --build-id command line option to COFF based targets.
* x86/x86_64 pe-coff now supports the --build-id option.
* Add support for the AVR Tiny microcontrollers.
* Enhanced the ARM port to accept the assembler output from the CodeComposer
Studio tool. Support is enabled via the new command line option -mccs.
- Update to 2.25 branch head.
* Pulls PIE fixes.
- Minor fix on the usage of update-alternatives
https://en.opensuse.org/openSUSE:Packaging_Multiple_Version_guidelines
- Update to current 2.25 pre-release branch, at 127a4644.
- binutils-fix-gold-aarch64.diff: fixing build temporarily broken
on brach.
- Remove obsolete patches: binutils-2.24-branch.diff.gz,
pie-m68k.patch, binutils-2.24-auto-plugin.diff, ld-testsuite.patch,
binutils-2.24-bso16746.diff .
- Enable Adapteva Epiphany target
- blktrace
-
- btt: make device/devno use PATH_MAX to avoid overflow
(CVE-2018-10689 bsc#1091942).
- Added btt-make-device-devno-use-path_max-to-avoid-overflow.patch
- Update to version 1.1.0+git.20170126:
* blktrace: Add support for sparse CPU numbers
* blktrace: Reorganize creation of output file name
* blktrace: Create empty output files for non-existent cpus
- Update to version 1.1.0+git.20160823:
* Use maximum over all traces for queue depth
* Process notify events outside of given interval
* iowatcher: Use queue events if issue not available
* btt: Replace overlapping IO
* Zero sectors are strange
* Don't prepend blktrace destination dir if we didn't run blktrace
* Separate prefix in legend with space
* Fixup graph name in help text
* blktrace: remove -k from manpage synopsis
* iowatcher: link with -lrt
- Update to version 1.1.0+git.20160425:
* Refer to sda instead of hda in man pages
* btreplay: Fix typo in scaling up the dynamic cpu set size.
* include sys/types.h for dev_t definition
* Fix warnings on newer gcc
* Add the "/-a discard"/ filter option to the blktrace.8 man page
* blktrace: Use number of online CPUs
* btreplay: fix memory corruption caused by CPU_ZERO_S
* btreplay: fix sched_{set|get}affinity
* btreplay: make Ctrl-C work
* btreplay: remove timestamps
- Add _service for automatic git syncing
+ exclude .git when generating tarball
+ enable automatic changelog updating
- Update to 1.1.0:
- merge iowatcher
- Update to 1.0.5 version:
* Fix compiler warnings
* avoid string overflows
- Some improvements like using macro instead of RPM variables
- Add some missed fonts
- Make it build with latest TeXLive 2012 with new package layout
- Update to v1.0.3 (bnc#720300 and others).
- Updated documentation
- Fixed multiple output errors
- Added FLUSH/FUA support
- Misc bug fixes
- disable parallel build again
- Remove redundant tags/sections from specfile
- Use %_smp_mflags for parallel build
- Fix build with no-add-needed (missing -pthread)
- Fix memory leak (bnc #546035)
- Fix memory leak in btrecord (bnc #523444).
- Fix typo in btt (bnc #511264).
- Update to version 1.0.1:
* blkrawverify: warn and return error if no traces are found
* blkiomon manpage and usage reference invalid "/msg-queue-name"/ option
* fix up btrace options & manpage
* more manpage fixups
* fix max-pkts option inconsistencies
* Converted to using the correct remap entries
* blkiomon: fix unaligned accesses on ia64
* fix off-by-one issues in blkiomon.h
* fix include statement in stats.h
* handle race to mkdir at startup
* Fixed plug/unplug logic in btt
* Working on fixing % time q plugged
* fix trivial typo in manpage
* Add NOTIFY to activity mask
* Blktrace failed to lock reader threads on the cpu used by the
corresponding writer. This resulted in stale data being consumed when
blktrace accidently read at a position that was being written to at the
same time. This issue surfaced as "/bad trace magic"/ warnings emitted by
blktrace tools.
* Generate matplotlib plots for btt generated data
* Update Jenkins hash to lookup3() variant
* Fixed EAGAIN handling in blktrace.c
* O_NOATIME isn't always present
* btt: Added no remap option
* btt general cleanup plus valgrind clean
* btt: Missed fopen conversion to my_fopen
* Code review updates
* Reworked blktrace master/thread interface
* Cleaned up devs that have no data
* Moved starting of tracing after tracers are going
* btt: fixed open in setup_ifile
* Synchronized trace gathering
* Invoke gethostbyname once, handle errors better
* Added accept as a system call needing resource increases
* Rewrote blktrace to have a single thread per CPU
* Fix btt to handle large numbers of output files
* Increased limits to allow for large system runs
* A couple of min-counters weren't initialised correctly (thrput_r,
thrput_w). We have got a perfectly working init function for this
purpose. Removing partially duplicated code.
* The git commit 11914a53d2ec2974a565311af327b8983d8c820d added
__BLK_TA_ABORT to blktrace_api.h. A corresponding addition to the blktrace
tools repository has been missing, breaking the API. Blkparse complained:
"/Bad fs action 40010011"/
* Added no messages option to blkparse.c
* gcc 4.3.2 has started to warn about:
* Added -P to create a data file w/ Q, D and C per line
* Fixed 'M' displays on per-io output and added in I/O separator
* Fixed segfault in aqd.c : need to check for NULL (not requested)
* Added in -z to provide running waiting-for-issue latencies
* Moved btrecord/btreplay to version 1.0.0
- Build with docs by default.
- blog
-
- Fix package split done for shared library packaging guideline (bsc#1184479).
- Update to version 2.20
* Silent some gcc warnings, also avoid common variable (boo#1160385)
* Include <sys/sysmacros.h> for makedev
* sort input files (boo#1041090)
* libconsole: never return empty list from getconsoles()
* libconsole: Really allow to use /dev/console as a fallback in showconsole
* libconsole: Add console into the list only when successfully allocated
* libconsole: Correctly ignore early consoles
- Remove obsolate patch blog-Remove-unused-header.patch
- Add blog-Remove-unused-header.patch: Fix build with new glibc
(gh#bitstreamout/showconsole#3).
- Implement shared library packaging guideline.
- Update to version 2.19 which integrates the patches now removed:
* sysmacros.patch
* libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
* libconsole-never-return-empty-list-from-getconsoles.patch
* showconsole-2.18.tar.gz
* libconsole-Add-console-into-the-list-only-when-succe.patch
* libconsole-Correctly-ignore-early-consoles.patch
as well as the changes
* Correct wants directory for systemd-ask-password-blog.service
* Sort input files for reproducible builds
- sysmacros.patch: Include <sys/sysmacros.h> for makedev
- Use %license instead of %doc [bsc#1082318]
- hardening of the console list generation (bsc#1071568):
* libconsole-never-return-empty-list-from-getconsoles.patch
* libconsole-Really-allow-to-use-dev-console-as-a-fall.patch
* libconsole-Add-console-into-the-list-only-when-succe.patch
* libconsole-Correctly-ignore-early-consoles.patch
- Change description of blog-plymouth in same manner as used by
the release notes
- Add coreutils as required by post scriptlet (boo#1036436)
- Use github source from tagged version
- Use https://github.com/bitstreamout/showconsole as URL
- Install binaries with read permissions (bnc#990837)
- Do not use privata glibc API (boo#967437) but implement
missing shared memory mkstemp()
- Remove patch remove-bad-symbol-use.patch
- remove-bad-symbol-use.patch: Remove bad use of internal glibc interface
(bnc#967437)
- Make clear that blog is split off from sysvinit-tools
- Avoid to be tagged with GLIBC_PRIVATE
- Use libblogger.so with version, that is major and minor
- Bug fix version: Handle chached password request gracefully
- add blog-rpmlintrc. The all-manual handling of systemd services
is required according to Werner.
- Let libblogger become a shared library
- Clean up service uits for close and umount
- First initial package after splitting apart from sysvinit
* Now blogd can replace plymouth(9) even from initrd
* Also blogd is able to handle password requests from
from systemd API
* The blogd daemon writes out console messages even on reboot
or halt up to the file systems become unavailable.
* No locking of the console devices, no frame buffer switching.
- boost:base
-
- libreoffice_compat_backports.patch: add a backport of
Boost.Optional::has_value() for LibreOffice
- Use %license instead of %doc [bsc#1082318]
- Multibuild requires versioned Name: tag and doesn't seem to do
this automatically. (bnc#1076640)
- Update to version 1.66.0
+ Beast: new portable HTTP, WebSocket and network operations
using Boost.Asio. Header-only library.
+ Callable Traits: new library and successor to
Boost.FunctionTypes. Header-only library.
+ Mp11: new metaprogramming library
+ Asio:
* implemented interface changes to reflect the Networking TS
(N4656)
* functions and classes that have been superseded by
Networking TS functionality have been deprecated.
* added support for customized handler tracking
* removed previously deprecated functions
+ Atomic: improved compatibility with GCC 7. 128-bit operations
on x86_64 no longer require linking with compiled library.
+ DateTime: Fixed an integral overflow that could cause incorrect
results when adding or subtracting many years from a date.
+ Format: New format specifiers added and volatile arguments
can not be safely used with operator%
+ Fusion:
* fix compile error with std::array
* remove circular preprocessor include
+ PolyCollection: backported to GCC 4.8 and 4.9 with some
limitations
+ Uuid: added RTF-4122 namespaces in boost::uuids::ns
+ for complete changelog, see
http://www.boost.org/users/history/version_1_66_0.html
- refreshed patches: boost-rpmoptflags-only.patch
- re-enable Python 2 by default. It's still conditional, but
remains enabled by default. This can be disabled in project
config.
- build Python 2 conditionally
- Use multibuild setup - build no-dependency libraries in the
base package and build the rest of the compiled libraries in
the main variant. This should speed up bootstrapping.
- boost-devel not built by default anymore.
- libboost_headers-devel now provides boost-devel for legacy
dependencies. If you need compiled boost libraries depend on
the current compiled devel subpackage.
- run %fdupes only on the header files and documentation
- drop build dependencies on gcc-fortran, chrpath.
- Setup MPI environment prior to building boost.
- Switch to OpenMPI2 as OpenMPI1 is becoming deprecated.
- New upstream version 1.65.1
+ config, fiber - Return a continuation from functions executed
by resume_with.
+ stacktrace - Change preprocessor file extensions to work with
the installation system.
- Changes in version 1.65.0
+ stacktrace - new library providing call sequence in human
readable format.
+ polycollection - new library providing fast containers of
polymorphic objects, from Joaquín M López Muñoz.
+ For full list of changes, see
http://www.boost.org/users/history/version_1_65_1.html
- 1d862615.patch: upstreamed and removed
- gcc_path.patch: obsolete, tr1 module is removed
- mpi_upstream.patch: upstreamed and removed
- boost-1.57.0-python-abi_letters.patch: refreshed
- python_library_name.patch: refreshed and reverted upstream
changes to mpi/build/Jamfile as we are building python2 and
python3 versions of MPI separately.
- baselibs.conf
+ add libboost_stracktrace
+ update to version 1.65.1
- 1d862615.patch: Fix regression caused by refactoring of
serialization code (bnc#1038083)
- make python-numpy optional build dependency
- fix building of mpi python3 plugin
- New upstream version 1.64.0
+ process - new library providing cross platform methods to
- create child processes
- setup stream for child processes
- sync and async communication streams with children
- sync and async wait
- process termination
+ geometry library had some breaking changes,
- ublas_transformer is renamed to matrix_transformer
- explicit modifier is added to constructors of rtree
index::dynamic_* parameters
- strategy::area::huiller replaced by strategy::area::spherical
+ context library updates
- deprecated API:execution-context
- fixed bad assembly for fcontext on ppc64/sysv/elf
+ Updated libraries: any, atomic, config, container, context,
conversion, core, coroutine2, fiber, hash, interprocess,
intrusive, lexicalcast, math, multi-index containers,
multiprecision, predef, program options, regex, smart pointers,
test ,typeindex, typetraits, unordered, variant
+ for details, see
http://www.boost.org/users/history/version_1_64_0.html
- Build PyNumpy module
+ add build requires on python-numpy
- test_lowcase.patch: upstreamed
- refreshed patches: boost-strict_aliasing.patch, gcc_path.patch,
python_mpi.patch
- mpi_upstream.patch: pending upstream fixes to OpenMPI build
- python_library_name.patch: we are building python versions in
different stagings so drop library renames.
- python_numpy_retfunc.patch: rpmlint fixes
- update python macros
- baselibs.conf: (re)add python 2.7 and 3.x libraries
- Fix dependency typos.
- test_lowcase.patch: downcase Boost::Test usage of uppercase
variables. VERSION was clashing with GNU Autotools define
resulting in compilation errors of various packages.
- recombine headers from various devel subpackages under the
libboost_headers-devel package. Not all usage of headers that
have compiled parts pull in their associated compiled symbols.
- general cleanup of the spec file from old, commented stuffs
- remove non-existent dependency in the boost mpi python package
- update to version 1.63.0
* updated libraries: atomic, container, context, fiber,
fusion, geometry, hash, interprocess, intrusive, lexical cast,
log, metaparse, move, optional, phoenix, python, test,
typeindex, units, unordered
* see http://www.boost.org/users/history/version_1_63_0.html
for complete list of changes
- refresh patches
* boost-1.55.0-python-test-PyImport_AppendInittab.patch
* boost-strict_aliasing.patch, and enable -fno-strict-aliasing
for python module
- baselibs.conf:
* add libboost_locale
* rename python to include new soname
- remove python-2059618.patch, not needed
- make build condition --without buil_mpi work
- allow building without python3 bindings, for SLE11SP4
- remove versioned build dependency on libicu-devel, apparently
not needed.
- split out the boost-devel package into individudal compiled
libraries and their -devel subpackages and libboost_headers-devel
package for header-only libraries.
- remove all the -mt.so symlinks, probably not needed anymore.
- ship MPI python bindings for both Python 2.7 and 3.x
* add python_mpi.patch to allow proper compiled library loading
- dynamic_linking.patch: first attempt to remove static library
generation during build process.
- Revert upstream change that set default python version and
ignored user configuration.
python-2059618.patch (boo#1006584)
- Rectify groups and description
- package boost-jam
- add missing ldconfig for libboost_type_erasure
- fix EOL encoding for documentation files
- update to version 1.62.0
* new library: fiber: framework for userland-threads/fibers
* new library: QVM: library for working with quaternions,
vectors and matrices of static size
* see http://www.boost.org/users/history/version_1_62_0.html
for complete changelog
- remove boost-fix_include_config.patch - upstreamed
- gcc_path.patch - fix GCC search paths (bnc#996917)
Boost assumes /usr/include/c++/x.y.z/ existence for GCC 4.x
onward while our version of GCC only has /usr/include/c++/x.y
for 4.x GCC and /usr/include/c++/x/ for 5.x onward.
- migrate to using %bcond_ instead of hardcoding macros
for different Boost features
- better way to limit max number of compilation units than
by reading /proc/meminfo and guesstimating.
- Fix boo#994378, boo#994381, boo#994382 boo#994383:
Fix build issues when optional_fwd.hpp is used before
including boost/config.hpp
- Add boost-fix_include_config.patch from
gh#boostorg/optional#19
- build it from "/boost.spec"/, but create versioned "/boost-1_61-devel"/
packages
- build quickbook also in versioned package
- update to version 1.61.0
Details on http://www.boost.org/users/history/version_1_61_0.html
Obsolete patches:
* boost-1.59-test-fenv.patch
* boost-deprecated-type_traits.patch
- rename package to boost-1_60 to allow multiple versions
- Fix build on systems with GCC4
- Added libboost_python3 to the dependency macro.
* boost-devel will now correctly requires libboost_python3.
- Add boost-deprecated-type_traits.patch to fix deprecated
type_traits usage in boost/graph/adjacency_matrix.hpp header.
- Add the following patches from Fedora to fix underlinking in
boost::python code
* boost-1.57.0-python-abi_letters.patch
* boost-1.57.0-python-libpython_dep.patch
* boost-1.55.0-python-test-PyImport_AppendInittab.patch
- Updated to version 1.60.0
* New library: VMD.
* Updated libraries: Atomic, Chrono, Container, Context, Core,
Filesystem, Flyweight, Fusion, Interprocess, Intrusive, Lexical
Cast, Locale, log, Move, Multi-index Containers, odeint,
Optional, Predef, Test, Thread, UUID
* See http://www.boost.org/users/history/version_1_60_0.html for
complete changelog.
- Modified patch:
* boost-disable-pch-on-aarch64.patch
- rediff to a new context
- Removed patch:
* boost-1.59-python-make_setter.patch
- integrated upstream
- Add libboost_type_erasure subpackage
- Add support to Boost:Python3 (boo#951902)
* New library: python3
- Add boost-visibility.patch to make members of basic_xml_grammar<char>
visible (boo#958150).
- Fix redefinition of _docdir.
- coroutine2 depends on context, disable it if context is not built
- Updated to version 1.59.0:
* New libraries: Convert, Coroutine2
* Updated Libraries: Container, Context, Coroutine, Fusion,
Geometry, Interprocess, Intrusive, Lexical Cast, Log, Move,
Multi-index Containers, Predef, Program Options, Property Tree,
Boost.Test v3, TypeIndex, Variant
* See http://www.boost.org/users/history/version_1_59_0.html for
complete changelog.
- context now builds on aarch64
- Import two patches from Fedora: boost-1.59-python-make_setter.patch,
boost-1.59-test-fenv.patch
- Drop 0001-Fix-exec_file-for-Python-3-3.4.patch,
0002-Fix-a-regression-with-non-constexpr-types.patch,
boost-uuid-comparison.patch, boost-unrecognized-option.patch.
Fixed upstream.
- Remove unneeded dependency on xorg-x11-devel
- boost-unrecognized-option.patch: remove unrecognized option -m32
- update to 1.58.0:
boost docs remain at 1.56 since upstream hasn't updated yet
* New Libraries: Endian, Sort.
* Updated Libraries: Asio, Chrono, Container, Context, Conversion,
DateTime, Flyweight, Function, Functional/Factory, Fusion, Geometry,
Hash, Interprocess, Intrusive, Lexical Cast, Log, Math, Move,
Multi-index Containers, Multiprecision, Optional, Phoenix,
Predef, Random, Thread, TypeErasure, TypeIndex, Units,
Unordered, Variant.
See http://www.boost.org/users/history/version_1_58_0.html
- add 0001-Fix-exec_file-for-Python-3-3.4.patch ,
0002-Fix-a-regression-with-non-constexpr-types.patch: Fixes regressions
in 1.58
- drop bjam-alignment.patch, boost-gcc5.patch: Already fixed upstream
differently
- add boost-rpmoptflags-only.patch: Build only with optflags
- add boost-aarch64-flags.patch: Avoid using -m64
- add boost-uuid-comparison.patch: Fix regression in UUID operator<
- add boost-disable-pch-on-aarch64.patch: Disable pch on math library
to avoid compiler segfault
- Add quickbook subpackage
- Use $RPM_OPT_FLAGS for building, force use of the GCC toolset.
Be more verbose and fail building with the first error.
- Add boost-gcc5.patch to use -std=c++11 when building the coroutines
module which fixes build with GCC 5.
- Revert the python3 building: it resulted in BOTH libboost_python
libraries to be using python 3 instructions, resulting in
failures of all Py2 related packages.
- bzip2
-
- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
selectors as the file format allows. This relaxes the previous
fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
files that use (too) many selectors again. It fixes a bzip2 and
lbzip2 incompatibility caused by previous patch [bsc#1139083]
[CVE-2019-12900]
- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
write in decompress.c when there are many nSelectors used in a
loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
free vulnerability that was reported in bzip2recover [bsc#985657]
[CVE-2016-3189]
- Update autotools patchset:
D bzip2-1.0.6-autoconfiscated.patch
A bzip2-1.0.6.2-autoconfiscated.patch
- Use %license (boo#1082318)
- Fix build on Fedora and Mageia
- Update bzip2-1.0.6-autoconfiscated.patch:
* Bump version to 1.0.6.
* Fix script symlinks on platforms with EXEEXT.
- Drop implicit pie building
- Try profiled build
- Move autoreconf to build section
- cleanup with spec-cleaner
- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
that always returns 0 as an exit code when grepping multiple
archives [bsc#970260]
- Remove bzip2-faster.patch, it causes a crash with libarchive and
valgrind points out uninitialized memory. See
https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
- Avoid noarch sub package in SLE_11
- Cleanup a bit.
- Remove the profiling stuff as it should not be used nowdays.
At least even factory builds without it.
- Provide libbz2.so.1.0 as other distros do, so we can run tiny
things like steam.
- Respect cflags again, borked by previous commit.
- build with PIE
- fix basisms in bzgrep and bznew
- add patches:
* bzip2-1.0.6-fix-bashisms.patch
- c-ares
-
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
- Version update to git snapshot 1.17.1+20200724:
* fixes missing input validation on hostnames returned by DNS
servers (bsc#1188881, CVE-2021-3672)
* If ares_getaddrinfo() was terminated by an ares_destroy(),
it would cause crash
* Crash in sortaddrinfo() if the list size equals 0 due to
an unexpected DNS response
* Expand number of escaped characters in DNS replies as
per RFC1035 5.1 to prevent spoofing
* Use unbuffered /dev/urandom for random data to prevent early startup
performance issues
- missing_header.patch: upstreamed
- add BR for pkg-config to get the provides in the devel package
- ares_dns.h, missing_header.patch: re-add missing header in last release
- Version update to 1.17.0
Security:
* avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing
* Avoid theoretical buffer overflow in RC4 loop comparison
* Empty hquery->name could lead to invalid memory access
* ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in (bsc#1178882, CVE-2020-8277)
Changes:
* Update help information for adig, acountry, and ahost
* Test Suite now uses dynamic system-assigned ports rather than hardcoded
ports to prevent failures in containers
* Detect remote DNS server does not support EDNS using rules from RFC 6891
* Source tree has been reorganized to use a more modern layout
* Allow parsing of CAA Resource Record
Bug fixes:
* readaddrinfo bad sizeof()
* Test cases should honor HAVE_WRITEV flag, not depend on WIN32
* FQDN with trailing period should be queried first
* ares_getaddrinfo() was returning members of the struct as garbage values if
unset, and was not honoring ai_socktype and ai_protocol hints.
* ares_gethostbyname() with AF_UNSPEC and an ip address would fail
* Properly document ares_set_local_ip4() uses host byte order
For details, see https://c-ares.haxx.se/changelog.html
- add missing upstream sources, to be removed for next release
- remove unnecessary BuildRequires
- fix building on SLE12 systems
- simplify conditions bit to make it tad more readable
- Implement multibuild specfile to split out tests into its own
flavor; this way we can build and run tests, which require
static lib, as well as avoid packaging the latter without issues
with the installed cmake file..
- Version update to 1.16.1
Security:
* Prevent possible use-after-free and double-free in ares_getaddrinfo() if
ares_destroy() is called prior to ares_getaddrinfo() completing.
Reported by Jann Horn at Google Project Zero.
Changes:
* Allow TXT records on CHAOS qclass. Used for retriving things like
version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3]
Bug fixes:
* Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1]
* Silence false cast-align compiler warnings due to valid casts of struct
sockaddr to struct sockaddr_in and struct sockaddr_in6.
* MacOS should use libresolv for retrieving DNS servers, like iOS
* CMake build system should populate the INCLUDE_DIRECTORIES property of
installed targets [2]
* Correct macros in use for the ares_getaddrinfo.3 man page
- Changes in version 1.16.0
Changes:
* Introduction of ares_getaddrinfo() API which provides similar output
(including proper sorting as per RFC 6724) to the system native API, but
utilizes different data structures in order to provide additional
information such as TTLs and all aliases. Please reference the respective
man pages for usage details.
* Parse SOA records from ns_t_any response
* CMake: Provide c-ares version in package export file
* CMake: Add CPACK functionality for DEB and RPM
* CMake: Generate PDB files during build
* CMake: Support manpage installation
Bug fixes:
* Fix bad expectation in IPv6 localhost test.
* AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to
prevent complaints about CPPFLAGS in CFLAGS.
* Fix .onion handling
* Command line usage was out of date for adig and ahost.
* Typos in manpages
* If ares_getenv is defined, it must return a value on all platforms
* If /etc/resolv.conf has invalid lookup values, use the defaults.
* Tests: Separate live tests from SetServers* tests as only live tests
should require internet access.
* ares_gethostbyname() should return ENODATA if no valid A or AAAA record
is found, but a CNAME was found.
* CMake: Rework library function checking to prevent unintended linking
with system libraries that aren't needed.
* Due to use of inet_addr() it was not possible to return 255.255.255.255
from ares_gethostbyname().
* CMake: Fix building of tests on Windows
- Drop regression.patch which have been fixed upstream
- Refresh disable-live-tests.patch
- Remove static lib since its required when doing tests and we dont want it
included in package
- Run spec-cleaner
- Upgrade to latest snapshot from 2020-01-17
- disable-live-tests.patch: refreshed
- regression.patch: fix a regression in DNS results that contain
both A and AAAA answers.
- Add netcfg as the build requirement and runtime requirement.
ares_getaddrinfo function uses the getservbyport_r function which
requires the /etc/services file to function properly. That config
file is provided by the netcfg package. Unit tests rely on it
too, hence it has to be a build dependency as well.
- Switch to cmake-based build.
Some packages need the cmake build files.
- Fix version number of the snapshot to not be downgrade:
bsc#1156601
- Update to upstream snapshot 20191108
* getaddrinfo - avoid infinite loop in case of NXDOMAIN
* ares_getenv - return NULL in all cases
* implement ares_getaddrinfo
- onion-crash.patch: removed, upstreamed.
- removed upstream patches that are part of the snapshot:
0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
0007-getaddrinfo-enhancements-257.patch
0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
0010-Disable-failing-test.patch
- disable-live-tests.patch - updated
- Add upstream patches with the ares_getaddrinfo function:
* 0001-Add-initial-implementation-for-ares_getaddrinfo-112.patch
* 0002-Remaining-queries-counter-fix-additional-unit-tests-.patch
* 0003-Bugfix-for-ares_getaddrinfo-and-additional-unit-test.patch
* 0004-Add-ares__sortaddrinfo-to-support-getaddrinfo-sorted.patch
* 0005-getaddrinfo-avoid-infinite-loop-in-case-of-NXDOMAIN-.patch
* 0006-getaddrinfo-callback-must-be-called-on-bad-domain-24.patch
* 0007-getaddrinfo-enhancements-257.patch
* 0008-Add-missing-limits.h-include-from-ares_getaddrinfo.c.patch
* 0009-Increase-portability-of-ares-test-mock-ai.cc-235.patch
- Add a patch which disables test failing on OBS (but passing in
local environment):
* 0010-Disable-failing-test.patch
- Version update to 1.15.0:
* Add ares_init_options() configurability for path to resolv.conf file
* Ability to exclude building of tools (adig, ahost, acountry) in CMake
* Report ARES_ENOTFOUND for .onion domain names as per RFC7686
(bsc#1125306)
* Apply the IPv6 server blacklist to all nameserver sources
* Prevent changing name servers while queries are outstanding
* ares_set_servers_csv() on failure should not leave channel in a
bad state
- enable unit tests
- disable-live-tests.patch: disable tests to live servers
- onion-crash.patch: backport fix for a crash affecting .onion TLD
- Remove ineffective --with-pic.
- Version update to 1.14.0:
* Fix patch for CVE-2017-1000381 to not be overly aggressive
* gethostbyaddr should fail with ECANCELLED not ENOTFOUND when ares_cancel is called
* ares_gethostbyname.3: fix callback status values
* docs: Document WSAStartup requirement
* Fix a typo in init_by_resolv_conf
- Rename everything to c-ares
- Version update to 1.13.0:
* Fixes bsc#1044946 CVE-2017-1000381
* Bunch of bugfixes
- Drop cares-1.9.1-ocloexec.patch as it broke again and it is
not really worth all the fwdporting
- Drop check phase there is only return 0
- Version update to 1.12.0:
* Fixes bsc#1007728 CVE-2016-5180
* api: add ARES_OPT_NOROTATE optmask value
* Collection of bugfixes
- update to 1.11.0:
* Allow multiple -s options to the ahost command
* api: Expose the ares_library_initialized() function
* api: Add ares_set_sortlist(3) entrypoint
* api: Add entrypoints to allow use of per-server ports
* api: introduce `ares_parse_txt_reply_ext`
* api: Add ares_set_socket_configure_callback()
* Add -t u option to ahost
* collection of bug fixes
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- ca-certificates
-
- openssl is no longer required but coreutils and findutils are
(boo#1183680). Keep openssl(cli) at runtime for now nevertheless as this
package might be the only one pulling it in.
- backport bash rewrite from Factory to make sure to trigger in
transactional mode (boo#1179884)
- Changed "/openssl"/ requirement to "/openssl(cli)"/
* (bsc#1101470)
- Use %license instead of %doc [bsc#1082318]
- Revert last change since we fixed systemd-preset-branding and
this requires is no longer needed.
- Re-add systemd requires, else package will be installed to early
and services never enabled [bsc#1071776].
- Don't require systemd, since we could be used in environments
like container images, where we don't have systemd. If systemd
is installed the systemd units will be used, else they are not
needed.
- Update to version 2+git20170807.10b2785:
* Check TRANSACTIONAL_UPDATE is set (boo#1045942)
* Add systemd units
- Run update-ca-certificate by systemd unit when the content of
one of the paths changes. Needed for read-only root and/or
transactional updates.
- Update to version 2+git20151110.c15593c:
+ set proper umask (boo#948724)
- require p11-kit-tools >= 0.23.1
- Update to version 2+git20150324.e3ee392:
+ p11-kit 0.23.1 supports pem-directory-hash now
- use service file to generate tarball
- fix bashism in postun script
- ca-certificates-mozilla
-
- Updated to 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
- EE Certification Centre Root CA
- Taiwan GRCA
- Added CAs:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
- AddTrust External CA Root
- AddTrust Class 1 CA Root
- LuxTrust Global Root 2
- Staat der Nederlanden Root CA - G2
- Symantec Class 1 Public Primary Certification Authority - G4
- Symantec Class 2 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
- certSIGN Root CA G2
- e-Szigno Root CA 2017
- Microsoft ECC Root Certificate Authority 2017
- Microsoft RSA Root Certificate Authority 2017
- also run update-ca-certificates in %posttrans
- update to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160)
- removed:
- Certplus Class 2 Primary CA
- Deutsche Telekom Root CA 2
- CN=Swisscom Root CA 2
- UTN-USERFirst-Client Authentication and Email
- added:
- Entrust Root Certification Authority - G4
- make sure p11-kit with patches is installed on SLE (boo#1154871)
- export correct p11kit trust attributes so Firefox detects built in
certificates (boo#1154871). Courtesy of Fedora.
- update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169)
- Removed CAs:
- Certinomis - Root CA
- includes added root CAs from the 2.32 version:
- emSign ECC Root CA - C3 (email and server auth)
- emSign ECC Root CA - G3 (email and server auth)
- emSign Root CA - C1 (email and server auth)
- emSign Root CA - G1 (email and server auth)
- Hongkong Post Root CA 3 (server auth)
- updated to 2.30 state of the Mozilla NSS Certificate store. (bsc#1121446)
- Removed CAs:
- AC Raiz Certicamara S.A.
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
- Visa eCommerce Root
- Added Root CAs:
- Certigna Root CA (email and server auth)
- GTS Root R1 (server auth)
- GTS Root R2 (server auth)
- GTS Root R3 (server auth)
- GTS Root R4 (server auth)
- OISTE WISeKey Global Root GC CA (email and server auth)
- UCA Extended Validation Root (server auth)
- UCA Global G2 Root (email and server auth)
- updated to 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780)
- removed server auth
- Certplus Root CA G1
- Certplus Root CA G2
- OpenTrust Root CA G1
- OpenTrust Root CA G2
- OpenTrust Root CA G3
- remove CA
- ComSign CA
- added new CA
- GlobalSign
- Updated to 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415)
- Removed CAs:
* S-TRUST_Universal_Root_CA:2.16.96.86.197.75.35.64.91.100.212.237.37.218.217.214.30.30.crt
* TC_TrustCenter_Class_3_CA_II:2.14.74.71.0.1.0.2.229.160.93.214.63.0.81.191.crt
* TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5:2.7.0.142.23.254.36.32.129.crt
- Use %license instead of %doc [bsc#1082318]
- Updated to 2.22 state of the Mozilla NSS Certificate store (bsc#1071152,
bsc#1071390, bsc#1010996)
- Removed CAs:
* ACEDICOM Root
* AddTrust Public CA Root
* AddTrust Qualified CA Root
* ApplicationCA - Japanese Government
* CA Disig Root R1
* CA WoSign ECC Root
* Certification Authority of WoSign G2
* Certinomis - Autorité Racine
* China Internet Network Information Center EV Certificates Root
* CNNIC ROOT
* Comodo Secure Certificate Services
* Comodo Trusted Certificate Services
* ComSign Secured CA
* DST ACES CA X6
* GeoTrust Global CA 2
* StartCom Certification Authority
* StartCom Certification Authority
* StartCom Certification Authority G2
* Swisscom Root CA 1
* TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
* TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
* UTN USERFirst Hardware Root CA
* UTN USERFirst Object Root CA
* VeriSign Class 3 Secure Server CA - G2
* WellsSecure Public Root Certificate Authority
* Certification Authority of WoSign
* WoSign China
- Added CAs:
* D-TRUST Root CA 3 2013
* GDCA TrustAUTH R5 ROOT
* SSL.com EV Root Certification Authority ECC
* SSL.com EV Root Certification Authority RSA R2
* SSL.com Root Certification Authority ECC
* SSL.com Root Certification Authority RSA
* TrustCor RootCert CA-1
* TrustCor RootCert CA-2
* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
- convert processing script to Python 3
- ensure a stable conversion of UTF8 hex-encoded certificate names
- ensure a stable ordering of trust/distrust bits in headers
- updated to 2.11 state of the Mozilla NSS Certificate store.
- removed CAs:
- Buypass_Class_2_CA_1:2.1.1.crt
serverAuth
- EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı:2.8.76.175.115.66.28.142.116.2.crt
codeSigning emailProtection serverAuth
- Equifax_Secure_CA:2.4.53.222.244.207.crt
emailProtection
- Equifax_Secure_eBusiness_CA_1:2.1.4.crt
emailProtection
- Equifax_Secure_Global_eBusiness_CA:2.1.1.crt
emailProtection
- IGC_A:2.5.57.17.69.16.148.crt
codeSigning emailProtection serverAuth
- Juur-SK:2.4.59.142.75.252.crt
codeSigning serverAuth
- Root_CA_Generalitat_Valenciana:2.4.59.69.229.104.crt
codeSigning emailProtection serverAuth
- RSA_Security_2048_v3:2.16.10.1.1.1.0.0.2.124.0.0.0.10.0.0.0.2.crt
codeSigning emailProtection serverAuth
- Sonera_Class_1_Root_CA:2.1.36.crt
emailProtection
- S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN:2.16.55.25.24.230.83.84.124.26.181.184.203.89.90.219.53.183.crt
emailProtection
- Verisign_Class_1_Public_Primary_Certification_Authority:2.16.63.105.30.129.156.240.154.74.243.115.255.185.72.162.228.221.crt
emailProtection
- Verisign_Class_2_Public_Primary_Certification_Authority_-_G2:2.17.0.185.47.96.204.136.159.161.122.70.9.184.91.112.108.138.175.crt
emailProtection
- Verisign_Class_3_Public_Primary_Certification_Authority:2.16.112.186.228.29.16.217.41.52.182.56.202.123.3.204.186.191.crt
emailProtection
- added CAs:
+ AC_RAIZ_FNMT-RCM:2.15.93.147.141.48.103.54.200.6.29.26.199.84.132.105.7.crt
serverAuth
+ Amazon_Root_CA_1:2.19.6.108.159.207.153.191.140.10.57.226.240.120.138.67.230.150.54.91.202.crt
emailProtection serverAuth
+ Amazon_Root_CA_2:2.19.6.108.159.210.150.53.134.159.10.15.229.134.120.248.91.38.187.138.55.crt
emailProtection serverAuth
+ Amazon_Root_CA_3:2.19.6.108.159.213.116.151.54.102.63.59.11.154.217.232.158.118.3.242.74.crt
emailProtection serverAuth
+ Amazon_Root_CA_4:2.19.6.108.159.215.193.187.16.76.41.67.229.113.123.123.44.200.26.193.14.crt
emailProtection serverAuth
+ Certplus_Root_CA_G1:2.18.17.32.85.131.228.45.62.84.86.133.45.131.55.183.44.220.70.17.crt
emailProtection serverAuth
+ Certplus_Root_CA_G2:2.18.17.32.217.145.206.174.163.232.197.231.255.233.2.175.207.115.188.85.crt
emailProtection serverAuth
+ Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015:2.1.0.crt
emailProtection serverAuth
+ Hellenic_Academic_and_Research_Institutions_RootCA_2015:2.1.0.crt
emailProtection serverAuth
+ ISRG_Root_X1:2.17.0.130.16.207.176.210.64.227.89.68.99.224.187.99.130.139.0.crt (bsc#1010996)
serverAuth
+ LuxTrust_Global_Root_2:2.20.10.126.166.223.75.68.158.218.106.36.133.158.230.184.21.211.22.127.187.177.crt
serverAuth
+ OpenTrust_Root_CA_G1:2.18.17.32.179.144.85.57.125.127.54.109.100.194.167.159.107.99.142.103.crt
emailProtection serverAuth
+ OpenTrust_Root_CA_G2:2.18.17.32.161.105.27.191.189.185.189.82.150.143.35.232.72.191.38.17.crt
emailProtection serverAuth
+ OpenTrust_Root_CA_G3:2.18.17.32.230.248.76.252.36.176.190.5.64.172.218.131.27.52.96.63.crt
emailProtection serverAuth
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G4:2.16.33.110.51.165.203.211.136.164.111.41.7.180.39.60.196.216.crt
emailProtection
+ Symantec_Class_1_Public_Primary_Certification_Authority_-_G6:2.16.36.50.117.242.29.47.210.9.51.247.180.106.202.208.243.152.crt
emailProtection
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G4:2.16.52.23.101.18.64.59.183.86.128.45.128.203.121.85.166.30.crt
emailProtection
+ Symantec_Class_2_Public_Primary_Certification_Authority_-_G6:2.16.100.130.158.252.55.30.116.93.252.151.255.151.200.177.255.65.crt
emailProtection
- diff-from-upstream-2.7.patch: removed as we should be able to do
intermediate root chains now with openssl 1.0.2 and also gnutls 3.5
is able to do so.
- diff-from-upstream-2.7.patch: restore some important legacy
CAs, otherwise Pidgin fails to talk to Google Talk for instance.
- Updated to 2.7 (bsc#973042).
- diff-from-upstream-2.2.patch: removed as openssl 1.0.2 can do
immediate root CAs.
- Removed server trust from:
AC Raíz Certicámara S.A.
ComSign Secured CA
NetLock Uzleti (Class B) Tanusitvanykiado
NetLock Business (Class B) Root
NetLock Expressz (Class C) Tanusitvanykiado
TC TrustCenter Class 3 CA II
TURKTRUST Certificate Services Provider Root 1
TURKTRUST Certificate Services Provider Root 2
Equifax Secure Global eBusiness CA-1
Verisign Class 4 Public Primary Certification Authority G3
- enable server trust
Actalis Authentication Root CA
- Deleted CAs:
A Trust nQual 03
Buypass Class 3 CA 1
CA Disig
Digital Signature Trust Co Global CA 1
Digital Signature Trust Co Global CA 3
E Guven Kok Elektronik Sertifika Hizmet Saglayicisi
NetLock Expressz (Class C) Tanusitvanykiado
NetLock Kozjegyzoi (Class A) Tanusitvanykiado
NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado
NetLock Uzleti (Class B) Tanusitvanykiado
SG TRUST SERVICES RACINE
Staat der Nederlanden Root CA
TC TrustCenter Class 2 CA II
TC TrustCenter Universal CA I
TDC Internet Root CA
UTN DATACorp SGC Root CA
Verisign Class 1 Public Primary Certification Authority - G2
Verisign Class 3 Public Primary Certification Authority
Verisign Class 3 Public Primary Certification Authority - G2
- New added CAs:
CA WoSign ECC Root
Certification Authority of WoSign
Certification Authority of WoSign G2
Certinomis - Root CA
Certum Trusted Network CA 2
CFCA EV ROOT
COMODO RSA Certification Authority
DigiCert Assured ID Root G2
DigiCert Assured ID Root G3
DigiCert Global Root G2
DigiCert Global Root G3
DigiCert Trusted Root G4
Entrust Root Certification Authority - EC1
Entrust Root Certification Authority - G2
GlobalSign
GlobalSign
IdenTrust Commercial Root CA 1
IdenTrust Public Sector Root CA 1
OISTE WISeKey Global Root GB CA
QuoVadis Root CA 1 G3
QuoVadis Root CA 2 G3
QuoVadis Root CA 3 G3
Staat der Nederlanden EV Root CA
Staat der Nederlanden Root CA - G3
S-TRUST Universal Root CA
SZAFIR ROOT CA2
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
USERTrust ECC Certification Authority
USERTrust RSA Certification Authority
沃通根证书
- diff-from-upstream-2.2.patch:
Temporary reenable some root ca trusts, as openssl/gnutls
have trouble using intermediates as root CA.
- GTE CyberTrust Global Root
- Thawte Server CA
- Thawte Premium Server CA
- ValiCert Class 1 VA
- ValiCert Class 2 VA
- RSA Root Certificate 1
- Entrust.net Secure Server CA
- America Online Root Certification Authority 1
- America Online Root Certification Authority 2
- Updated to 2.2 (bnc#888534)
- The following CAs were removed:
+ America_Online_Root_Certification_Authority_1
+ America_Online_Root_Certification_Authority_2
+ GTE_CyberTrust_Global_Root
+ Thawte_Premium_Server_CA
+ Thawte_Server_CA
- The following CAs were added:
+ COMODO_RSA_Certification_Authority
codeSigning emailProtection serverAuth
+ GlobalSign_ECC_Root_CA_-_R4
codeSigning emailProtection serverAuth
+ GlobalSign_ECC_Root_CA_-_R5
codeSigning emailProtection serverAuth
+ USERTrust_ECC_Certification_Authority
codeSigning emailProtection serverAuth
+ USERTrust_RSA_Certification_Authority
codeSigning emailProtection serverAuth
+ VeriSign-C3SSA-G2-temporary-intermediate-after-1024bit-removal
- The following CAs were changed:
+ Equifax_Secure_eBusiness_CA_1
remote code signing and https trust, leave email trust
+ Verisign_Class_3_Public_Primary_Certification_Authority_-_G2
only trust emailProtection
- catatonit
-
- Update to catatonit v0.1.5, which fixes two bugs where catatonit would hang
endlessly when pid1 died in very specific ways. bsc#1176155
- Update to catatonit v0.1.4, which includes support for "/-g"/.
- Update to catatonit v0.1.3, which includes a fix for docker compatiblity so
that dockerd doesn't give spurrious warnings.
- Fix build to correctly build a static binary (which will allow it to work in
all containers). This was caused by forgetting to include
'glibc-devel-static'. I've added a check to ensure it doesn't happen by
accident again.
- Add catatonit-rpmlintrc to include filters for "/static binary"/ warnings,
since this is intentional.
- Update package descriptions.
- Update to catatonit v0.1.2 and update links to point to openSUSE repo.
- Update to catatonit v0.1.1, which includes a fix for the libtool requirement.
This lets us build on much older distributions.
- Initial import of catatonit v0.1.0.
- chrony
-
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
but needed for calculating refids from IPv6 addresses as part of
the NTP protocol (rfc5905). As this is a non-cryptographic use of
MD5 we can use our own implementation without violating FIPS
rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
Fix build with glibc-2.31
- bsc#1184400, chrony-pidfile.patch:
Use /run instead of /var/run for PIDFile in chronyd.service.
- Integrate three upstream patches to fix an infinite loop in
chronyc (bsc#1171806).
* chrony-select-timeout.patch
* chrony-gettimeofday.patch
* chrony-urandom.patch
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272 and bsc#1161119.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix
"/make check"/ builds made after 2019-12-20. Existing installations
do not need to be updated as the bug only affects the test, but
not chrony itself.
- Fix ordering and dependencies of chronyd.service, so that it is
started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Make sure to generate correct sysconfig file (boo#1117147)
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
Modifed default chrony.conf to add "/include /etc/chrony.d/*"/
- Use %license instead of %doc [bsc#1082318]
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
- Enable pps support
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Cleanup spec file:
* Drop pre systemd support
* Run spec-cleaner
- Modified the spec file to comment out the pool statement
in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
- refresh patches to apply cleanly again
- chrony-config.patch
- chrony-fix-open.patch
- Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
- Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
- chrony-config.patch
- chrony-service-helper.patch
- chrony-fix-open.patch
- Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
- Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
- update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
- Removed features
- Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
- add IP_PKTINFO socket option
- accept environment variables in make
- fix building with FORTIFY_SOURCE
- fix compiler warning
- support multiple SHM refclocks
- fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
update
- drop patches:
- chrony-include-termios.patch
- make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
info packages
- no longer use make install-docs: it only installed 0 byte html
files.
- Provide ntp-daemon (bsc#973981)
- chrony-fix-open.patch: make sure _open and _close are initialized
in open()/close() override, as libfreebl3 also calls from the
the ELF constructor. FATE#319508
- enable mozilla-nss
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
build
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
x86_64
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
the patch is not particularly version-dependent.
- Added clknetsim for "/make check"/ processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
and running "/make check"/.
- Changed Buildrequires and Requires to specify the minimum level of
libseccomp needed to build on s390x and ppc64le.
- Removed "/-Recommends: timedatex"/ since I couldn't find any instance
of it anywhere in the build service.
- Modified the description to use some of the information from the
chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "/make check"/
will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "/interruption code
0x2003B in chronyd"/ errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
point to the actual location of the service command, not the symlink
in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun.
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
- update to 2.3
- Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X,
FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on
NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
is disabled
- Resolve names in separate process when seccomp filter is
enabled
- Replace old records in client log when memory limit is
reached
- Don't reveal local time and synchronisation state in client
packets
- Don't keep client sockets open for longer than necessary
- Ignore poll in KoD RATE packets as ntpd doesn't always set it
correctly
- Warn when using keys shorter than 80 bits
- Add keygen command to generate random keys easily
- Add serverstats command to report NTP and command packet
statistics
- Bug fixes
- Fix clock correction after making step on Mac OS X
- Fix building on Solaris
- refreshed patches to apply cleanly again:
chrony-2.2_logrotate.patch
chrony-config.patch
chrony-service-helper.patch
- update to 2.2.1
Restrict authentication of NTP server/peer to specified key
(CVE-2016-1567)
- silence groupadd/useradd call and drop the shell from the user.
- update to 2.2
see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
- cifs-utils
-
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
* add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
container; (bsc#1183239); CVE-2021-20208.
- CVE-2020-14342: Shell command injection vulnerability in mount.cifs;
(bsc#1174477); (bso#14442); CVE-2020-14342.
* add 0013-CVE-2020-14342-mount.cifs-fix-shell-command-injectio.patch
- Fix invalid free in mount.cifs; (bsc#1152930).
* add 0012-mount.cifs-Fix-invalid-free.patch
- Fix double-free in mount.cifs; (bsc#1149164).
* add 0011-fix-doublefree.patch
- Update to cifs-utils 6.9; (bsc#1132087); (bsc#1136031).
* adds fixes for Azure
* new smbinfo utility
* remove cifs-utils-6.8.tar.bz2
* remove cifs-utils-6.8.tar.bz2.asc
* add cifs-utils-6.9.tar.bz2
* add cifs-utils-6.9.tar.bz2.asc
* add 0001-smbinfo-Improve-help-usage-and-add-h-option.patch
* add 0002-smbinfo-Add-bash-completion-support-for-smbinfo.patch
* add 0003-getcifsacl-Add-support-to-accept-more-paths.patch
* add 0004-getcifsacl-Fix-usage-message-to-include-multiple-fil.patch
* add 0005-smbinfo-add-GETCOMPRESSION-support.patch
* add 0006-getcifsacl-Add-support-for-R-recursive-option.patch
* add 0007-smbinfo-add-bash-completion-support-for-getcompressi.patch
* add 0008-mount.cifs.c-fix-memory-leaks-in-main-func.patch
* add 0009-Zero-fill-the-allocated-memory-for-new-struct-cifs_n.patch
* add 0010-Zero-fill-the-allocated-memory-for-a-new-ACE.patch
- Remove backports that are already in 6.9; (fate#325270); (bsc#1130528);
* remove 0001-docs-cleanup-rst-formating.patch
* remove 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
* remove 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
* remove 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
* remove 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
* remove 0006-cifs-utils-support-rst2man-3.patch
* remove 0007-checkopts-report-duplicated-options-in-man-page.patch
* remove 0008-mount.cifs.rst-more-cleanups.patch
* remove 0009-mount.cifs.rst-document-vers-3-mount-option.patch
* remove 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
* remove allow-dns-resolver-key-to-expire.patch
* remove suse-document-new-vers-default-SMB2.1.patch
- Remove dependency workaround regarding python2/python3
- Fix dependency failure on SLE15 regarding python2/python3.
- Allow cached DNS entry to expire; (fate#325270).
* add allow-dns-resolver-key-to-expire.patch
- Document new SMB2.1+ defaults; (bsc#1130528).
* be more verbose on mount errors, especially with EHOSTDOWN which
is often returned on SMB version issues.
* add suse-document-new-vers-default-SMB2.1.patch
- Fix python dependency stalemate by requiring python3 version of
samba-libs.
- Update to cifs-utils 6.8.
+ document more mount options
+ man pages now generated from RST files
+ add python-docutils build dependency
+ update keyring to check tarball signature
+ remove 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ remove 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Add typo corrections, better doc and configure fixes from upstream
+ add 0001-docs-cleanup-rst-formating.patch
+ add 0002-mount.cifs.rst-document-new-no-handlecache-mount-opt.patch
+ add 0003-manpage-update-mount.cifs-manpage-with-info-about-rd.patch
+ add 0004-checkopts-add-python-script-to-cross-check-mount-opt.patch
+ add 0005-mount.cifs.rst-document-missing-options-correct-wron.patch
+ add 0006-cifs-utils-support-rst2man-3.patch
+ add 0007-checkopts-report-duplicated-options-in-man-page.patch
+ add 0008-mount.cifs.rst-more-cleanups.patch
+ add 0009-mount.cifs.rst-document-vers-3-mount-option.patch
+ add 0010-mount.cifs.rst-document-vers-3.02-mount-option.patch
- Cleanup spec file
* assume SUSE vendor and SLE >= 11
- Update BuildIgnore to break build cycle samba-client <-> cifs-utils
- update to 6.7:
* mount.cifs cleanups
- includes 6.6:
* cleanup/overhaul of cifs.upcall krb5 credcache handling
- partial cleanup with spec-cleaner
- Document SMB3+ and new seal option; (fate#322075).
+ add patch 0001-manpage-correct-typos-and-spelling-mistakes.patch
+ add patch 0002-mount.cifs-document-SMBv3.1.1-and-new-seal-option.patch
- Get rid of init script on everything based off SLE12+ (bsc#1025471).
- Use https urls.
- Don't ignore libldb, libtalloc, libtevent, and samba-client-libs at build
time; (bsc#966174).
- Update to cifs-utils 6.5.
+ mount.cifs: ignore x- mount options
+ minor build fixes; obsoletes include_paths.h_for__PATH_MOUNTED.patch
+ minor manpage fix
- Ignore samba-client-libs at build-time on post-22 Fedora systems.
- Add include_paths.h_for__PATH_MOUNTED.patch
- Use rccifs -> service symlink for proper status (bnc#908023).
- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.
- Add README.cifstab.migration to document the cifstab removal; (bnc#902947).
- Fix broken rccifs symbolic link.
- Remove dead code associated with cifstab file which is no longer used.
- cloud-init
-
- Add cloud-init-log-file-mode.patch (bsc#1183939)
+ Change log file creation mode to 640
- Add cloud-init-no-pwd-in-log.patch (bsc#1184758)
+ Do not write the generated password to the log file
- Add cloud-init-purge-cache-py-ver-change.patch
- Add cloud-init-bonding-opts.patch (bsc#1184085)
+ Write proper bonding option configuration for SLE/openSUSE
- Fix application and inclusion of
use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Add use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
- Do not including sudoers.d directory twice
- Update cloud-init-write-routes.patch (bsc#1180176)
+ Follow up to previous changes. Fix order of operations
error to make gateway comparison between subnet configuration and
route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
- Python 3.4 compatibility in setup.py
- Disable some test for mock version compatibility
- Add wget as a requirement (bsc#1178029)
+ wget is used in the CloudStack data source
- Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151)
+ Properly set the password for the default user in all circumstances
- Patch the full package version into the cloud-init version file
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Fix missing default route when dual stack network setup is used. Once
a default route was configured for Ipv6 or IPv4 the default route
configuration for the othre protocol was skipped.
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Avoid exception if no gateway information is present and warning
is triggered for existing routing.
- Update to version 20.2 (bsc#1174443, bsc#1174444)
+ Remove patches included upstream:
- 0001-Make-tests-work-with-Python-3.8-139.patch
- cloud-init-ostack-metadat-dencode.patch
- cloud-init-use-different-random-src.diff
- cloud-init-long-pass.patch
- cloud-init-mix-static-dhcp.patch
+ Remove patches build switched to Python 3 for all distributions
(jsc#PM-2335)
- cloud-init-python2-sigpipe.patch
- cloud-init-template-py2.patch
+ Add
- cloud-init-after-kvp.diff
- cloud-init-recognize-hpc.patch
+ doc/format: reference make-mime.py instead of an inline script (#334)
+ Add docs about creating parent folders (#330) [Adrian Wilkins]
+ DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470)
+ schema: ignore spurious pylint error (#332)
+ schema: add json schema for write_files module (#152)
+ BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder]
+ nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder]
+ cloudinit: drop dependencies on unittest2 and contextlib2 (#322)
+ distros: handle a potential mirror filtering error case (#328)
+ log: remove unnecessary import fallback logic (#327)
+ .travis.yml: don't run integration test on ubuntu/* branches (#321)
+ More unit test documentation (#314)
+ conftest: introduce disable_subp_usage autouse fixture (#304)
+ YAML align indent sizes for docs readability (#323) [Tak Nishigori]
+ network_state: add missing space to log message (#325)
+ tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910)
+ test_mounts: expand happy path test for both happy paths (#319)
+ cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836)
+ swap file "/size"/ being used before checked if str (#315) [Eduardo Otubo]
+ HACKING.rst: add pytest version gotchas section (#311)
+ docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers]
+ readme: OpenBSD is now supported (#309) [Gonéri Le Bouder]
+ net: ignore 'renderer' key in netplan config (#306) (LP: #1870421)
+ Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370)
+ openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder]
+ tools/.github-cla-signers: add beezly as CLA signer (#301)
+ util: remove unnecessary lru_cache import fallback (#299)
+ HACKING.rst: reorganise/update CLA signature info (#297)
+ distros: drop leading/trailing hyphens from mirror URL labels (#296)
+ HACKING.rst: add note about variable annotations (#295)
+ CiTestCase: stop using and remove sys_exit helper (#283)
+ distros: replace invalid characters in mirror URLs with hyphens (#291)
(LP: #1868232)
+ rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy]
+ Fix cloud-init ignoring some misdeclared mimetypes in user-data.
[Kurt Garloff]
+ net: ubuntu focal prioritize netplan over eni even if both present
(#267) (LP: #1867029)
+ cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292)
+ net/cmdline: replace type comments with annotations (#294)
+ HACKING.rst: add Type Annotations design section (#293)
+ net: introduce is_ip_address function (#288)
+ CiTestCase: remove now-unneeded parse_and_read helper method (#286)
+ .travis.yml: allow 30 minutes of inactivity in cloud tests (#287)
+ sources/tests/test_init: drop use of deprecated inspect.getargspec (#285)
+ setup.py: drop NIH check_output implementation (#282)
+ Identify SAP Converged Cloud as OpenStack [Silvio Knizek]
+ add Openbsd support (#147) [Gonéri Le Bouder]
+ HACKING.rst: add examples of the two test class types (#278)
+ VMWware: support to update guest info gc status if enabled (#261)
[xiaofengw-vmware]
+ Add lp-to-git mapping for kgarloff (#279)
+ set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder]
+ HACKING.rst: add Unit Testing design section (#277)
+ util: read_cc_from_cmdline handle urlencoded yaml content (#275)
+ distros/tests/test_init: add tests for _get_package_mirror_info (#272)
+ HACKING.rst: add links to new Code Review Process doc (#276)
+ freebsd: ensure package update works (#273) [Gonéri Le Bouder]
+ doc: introduce Code Review Process documentation (#160)
+ tools: use python3 (#274)
+ cc_disk_setup: fix RuntimeError (#270) (LP: #1868327)
+ cc_apt_configure/util: combine search_for_mirror implementations (#271)
+ bsd: boottime does not depend on the libc soname (#269)
[Gonéri Le Bouder]
+ test_oracle,DataSourceOracle: sort imports (#266)
+ DataSourceOracle: update .network_config docstring (#257)
+ cloudinit/tests: remove unneeded with_logs configuration (#263)
+ .travis.yml: drop stale comment (#255)
+ .gitignore: add more common directories (#258)
+ ec2: render network on all NICs and add secondary IPs as static (#114)
(LP: #1866930)
+ ec2 json validation: fix the reference to the 'merged_cfg' key (#256)
[Paride Legovini]
+ releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini]
+ cloudinit: remove six from packaging/tooling (#253)
+ util/netbsd: drop six usage (#252)
+ workflows: introduce stale pull request workflow (#125)
+ cc_resolv_conf: introduce tests and stabilise output across Python
versions (#251)
+ fix minor issue with resolv_conf template (#144) [andreaf74]
+ doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder]
+ Add Netbsd support (#62) [Gonéri Le Bouder]
+ tox.ini: avoid substition syntax that causes a traceback on xenial (#245)
+ Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby]
+ Introduce and use of a list of GitHub usernames that have signed CLA
(#244)
+ workflows/cla.yml: use correct username for CLA check (#243)
+ tox.ini: use xenial version of jsonpatch in CI (#242)
+ workflows: CLA validation altered to fail status on pull_request (#164)
+ tox.ini: bump pyflakes version to 2.1.1 (#239)
+ cloudinit: move to pytest for running tests (#211)
+ instance-data: add cloud-init merged_cfg and sys_info keys to json
(#214) (LP: #1865969)
+ ec2: Do not fallback to IMDSv1 on EC2 (#216)
+ instance-data: write redacted cfg to instance-data.json (#233)
(LP: #1865947)
+ net: support network-config:disabled on the kernel commandline (#232)
(LP: #1862702)
+ ec2: only redact token request headers in logs, avoid altering request
(#230) (LP: #1865882)
+ docs: typo fixed: dta → data [Alexey Vazhnov]
+ Fixes typo on Amazon Web Services (#217) [Nick Wales]
+ Fix docs for OpenStack DMI Asset Tag (#228)
[Mark T. Voelker] (LP: #1669875)
+ Add physical network type: cascading to openstack helpers (#200)
[sab-systems]
+ tests: add focal integration tests for ubuntu (#225)
- From 20.1 (first vesrion after 19.4)
+ ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
(LP: #1863943)
+ utils: use SystemRandom when generating random password. (#204)
[Dimitri John Ledkov]
+ docs: mount_default_files is a list of 6 items, not 7 (#212)
+ azurecloud: fix issues with instances not starting (#205) (LP: #1861921)
+ unittest: fix stderr leak in cc_set_password random unittest
output. (#208)
+ cc_disk_setup: add swap filesystem force flag (#207)
+ import sysvinit patches from freebsd-ports tree (#161) [Igor Galić]
+ docs: fix typo (#195) [Edwin Kofler]
+ sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
[Robert Schweikert] (LP: #1800854)
+ cloudinit: replace "/from six import X"/ imports (except in util.py) (#183)
+ run-container: use 'test -n' instead of 'test ! -z' (#202)
[Paride Legovini]
+ net/cmdline: correctly handle static ip= config (#201)
[Dimitri John Ledkov] (LP: #1861412)
+ Replace mock library with unittest.mock (#186)
+ HACKING.rst: update CLA link (#199)
+ Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
[Louis Bouchard]
+ cloudinit/cmd/devel/net_convert.py: add missing space (#191)
+ tools/run-container: drop support for python2 (#192) [Paride Legovini]
+ Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
+ Make the RPM build use Python 3 (#190) [Paride Legovini]
+ cc_set_password: increase random pwlength from 9 to 20 (#189)
(LP: #1860795)
+ .travis.yml: use correct Python version for xenial tests (#185)
+ cloudinit: remove ImportError handling for mock imports (#182)
+ Do not use fallocate in swap file creation on xfs. (#70)
[Eduardo Otubo] (LP: #1781781)
+ .readthedocs.yaml: install cloud-init when building docs (#181)
(LP: #1860450)
+ Introduce an RTD config file, and pin the Sphinx version to the RTD
default (#180)
+ Drop most of the remaining use of six (#179)
+ Start removing dependency on six (#178)
+ Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
+ docs: add proposed SRU testing procedure (#167)
+ util: rename get_architecture to get_dpkg_architecture (#173)
+ Ensure util.get_architecture() runs only once (#172)
+ Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann]
+ freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder]
+ ssh_auth_key_fingerprints_disable test: fix capitalization (#165)
[Paride Legovini]
+ util: move uptime's else branch into its own boottime function (#53)
[Igor Galić] (LP: #1853160)
+ workflows: add contributor license agreement checker (#155)
+ net: fix rendering of 'static6' in network config (#77) (LP: #1850988)
+ Make tests work with Python 3.8 (#139) [Conrad Hoffmann]
+ fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74]
+ freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder]
+ doc: make apt_update example consistent (#154)
+ doc: add modules page toc with links (#153) (LP: #1852456)
+ Add support for the amazon variant in cloud.cfg.tmpl (#119)
[Frederick Lefebvre]
+ ci: remove Python 2.7 from CI runs (#137)
+ modules: drop cc_snap_config config module (#134)
+ migrate-lp-user-to-github: ensure Launchpad repo exists (#136)
+ docs: add initial troubleshooting to FAQ (#104) [Joshua Powers]
+ doc: update cc_set_hostname frequency and descrip (#109)
[Joshua Powers] (LP: #1827021)
+ freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder]
+ cc_snappy: remove deprecated module (#127)
+ HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130)
+ freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder]
+ cloud-init: fix capitalisation of SSH (#126)
+ doc: update cc_ssh clarify host and auth keys
[Joshua Powers] (LP: #1827021)
+ ci: emit names of tests run in Travis (#120)
- Disable testing to aid elimination of unittest2 in Factory
- bsc#1170154: rsyslog warning, '~' is deprecated
+ replace deprecated syntax '& ~' by '& stop'
for more information please see https://www.rsyslog.com/rsyslog-error-2307/
- Update cloud-init-write-routes.patch
+ Explicitly test for netconfig version 1 as well as 2
- Update cloud-init-write-routes.patch
+ Handle netconfig v2 device configurations (bsc#1171546, bsc#1171995)
- Update cloud-init-write-routes.patch
+ In cases where the config contains 2 or more default gateway
specifications for an interface only write the first default route,
log warning message about skipped routes
+ Avoid writing invalid route specification if neither the network
nor destination is specified in the route configuration
- Update cloud-init-write-routes.patch
+ Still need to consider the "/network"/ configuration uption
for the v1 config implementation. Fixes regression
introduced with update from Wed Feb 12 19:30:42
- Update cloud-init-write-routes.patch (bsc#1165296)
+ Add the default gateway to the ifroute config file when specified
as part of the subnet configuration
+ Fix typo to properly extrakt provided netmask data (bsc#1163178)
- Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632)
+ Increase the default length of generated passwords
- Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631)
+ Use non-deterministic generator for password generation.
- Update cloud-init-write-routes.patch (bsc#1163178)
+ Entries in the routes definition have changed causing a traceback
during rout config file writing. This patch update addresses the
issue by extracting the new entries properly.
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavor.
- Add cloud-init-no-tempnet-oci.patch (bsc#1161132, bsc#1161133)
+ Do not attempt to configure an ephemeral network on OCI. We
boot off iSCSI and the network is up. Just read the data.
- Add patch to build properly with python 3.8:
* 0001-Make-tests-work-with-Python-3.8-139.patch
- Update to version 19.4
+ Remove patches included upstream:
- cloud-init-after-wicked.patch
- cloud-init-noresolv-merge-no-dns-data.diff
- cloud-init-renderer-detect.patch
- cloud-init-trigger-udev.patch
+ Removed patches merged with cloud-init-mix-static-dhcp.patch
- cloud-init-proper-ipv6-setting.patch
- cloud-init-static-net.patch
+ Added cloud-init-mix-static-dhcp.patch (bsc#1157894)
+ Forward port cloud-init-sysconf-path.patch
+ doc: specify _ over - in cloud config modules
+ [Joshua Powers] (LP: #1293254)
+ tools: Detect python to use via env in migrate-lp-user-to-github
+ [Adam Dobrawy]
+ Partially revert "/fix unlocking method on FreeBSD"/ (#116)
+ tests: mock uid when running as root (#113)
+ [Joshua Powers] (LP: #1856096)
+ cloudinit/netinfo: remove unused getgateway (#111)
+ docs: clear up apt config sections (#107) [Joshua Powers] (LP: #1832823)
+ doc: add kernel command line option to user data (#105)
+ [Joshua Powers] (LP: #1846524)
+ config/cloud.cfg.d: update README [Joshua Powers] (LP: #1855006)
+ azure: avoid re-running cloud-init when instance-id is byte-swapped
+ (#84) [AOhassan]
+ fix unlocking method on FreeBSD [Igor Galić] (LP: #1854594)
+ debian: add reference to the manpages [Joshua Powers]
+ ds_identify: if /sys is not available use dmidecode (#42)
+ [Igor Galić] (LP: #1852442)
+ docs: add cloud-id manpage [Joshua Powers]
+ docs: add cloud-init-per manpage [Joshua Powers]
+ docs: add cloud-init manpage [Joshua Powers]
+ docs: add additional details to per-instance/once [Joshua Powers]
+ Update doc-requirements.txt [Joshua Powers]
+ doc-requirements: add missing dep [Joshua Powers]
+ dhcp: Support RedHat dhcp rfc3442 lease format for option 121 (#76)
+ [Eric Lafontaine] (LP: #1850642)
+ network_state: handle empty v1 config (#45) (LP: #1852496)
+ docs: Add document on how to report bugs [Joshua Powers]
+ Add an Amazon distro in the redhat OS family [Frederick Lefebvre]
+ removed a couple of "/the"/s [gaughen]
+ docs: fix line length and remove highlighting [Joshua Powers]
+ docs: Add security.md to readthedocs [Joshua Powers]
+ Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo]
+ Revert "/travis: only run CI on pull requests"/
+ doc: update links on README.md [Joshua Powers]
+ doc: Updates to wording of README.md [Joshua Powers]
+ Add security.md [Joshua Powers]
+ setup.py: Amazon Linux sets libexec to /usr/libexec (#52)
+ [Frederick Lefebvre]
+ Fix linting failure in test_url_helper (#83) [Eric Lafontaine]
+ url_helper: read_file_or_url should pass headers param into readurl
+ (#66) (LP: #1854084)
+ dmidecode: log result *after* stripping n [Igor Galić]
+ cloud_tests: add azure platform support to integration tests
+ [ahosmanmsft]
+ set_passwords: support for FreeBSD (#46) [Igor Galić]
+ tools: migrate-lp-user-to-github removes repo_dir if created (#35)
+ Correct jumbled documentation for cc_set_hostname module (#64)
+ [do3meli] (LP: #1853543)
+ FreeBSD: fix for get_linux_distro() and lru_cache (#59)
+ [Igor Galić] (LP: #1815030)
+ ec2: Add support for AWS IMDS v2 (session-oriented) (#55)
+ tests: Fix cloudsigma tests when no dmidecode data is present. (#57)
+ [Scott Moser]
+ net: IPv6, accept_ra, slaac, stateless (#51)
+ [Harald] (LP: #1806014, #1808647)
+ docs: Update the configdrive datasource links (#44)
+ [Joshua Powers] (LP: #1852461)
+ distro: correctly set usr_lib_exec path for FreeBSD distro (#40)
+ [Igor Galić] (LP: #1852491)
+ azure: support secondary ipv6 addresses (#33)
+ Fix metadata check when local-hostname is null (#32)
+ [Mark Goddard] (LP: #1852100)
+ switch default FreeBSD salt minion pkg from py27 to py36
+ [Dominic Schlegel]
+ travis: only run CI on pull requests
+ add data-server dns entry as new metadata server detection [Joshua Hügli]
+ pycodestyle: remove unused local variable
+ reporting: Using a uuid to enforce uniqueness on the KVP keys. [momousta]
+ docs: touchups in rtd intro and README.md
+ doc: update launchpad git refs to github
+ github: drop pull-request template to prepare for migration
+ tools: add migrate-lp-user-to-github script to link LP to github
+ github: new basic project readme
- From 19.3
+ azure: support matching dhcp route-metrics for dual-stack ipv4 ipv6
+ (LP: #1850308)
+ configdrive: fix subplatform config-drive for /config-drive source
+ [David Kindred] (LP: #1849731)
+ DataSourceSmartOS: reconfigure network on each boot
+ [Mike Gerdts] (LP: #1765801)
+ Add config for ssh-key import and consuming user-data [Pavel Zakharov]
+ net: fix subnet_is_ipv6() for stateless|stateful
+ [Harald Jensås] (LP: #1848690)
+ OVF: disable custom script execution by default [Xiaofeng Wang]
+ cc_puppet: Implement csr_attributes.yaml support [Matthias Baur]
+ cloud-init.service: on centos/fedora/redhat wait on NetworkManager.service
+ (LP: #1843334)
+ azure: Do not lock user on instance id change [Sam Eiderman] (LP: #1849677)
+ net/netplan: use ipv6-mtu key for specifying ipv6 mtu values
+ Fix usages of yaml, and move yaml_dump to safeyaml.dumps. (LP: #1849640)
+ exoscale: Increase url_max_wait to 120s. [Chris Glass]
+ net/sysconfig: fix available check on SUSE distros
+ [Robert Schweikert] (LP: #1849378)
+ docs: Fix incorrect Azure IMDS IP address [Joshua Powers] (LP: #1849508)
+ introduce .travis.yml
+ net: enable infiniband support in eni and sysconfig renderers
+ [Darren Birkett] (LP: #1847114)
+ guestcust_util: handle special characters in config file [Xiaofeng Wang]
+ fix some more typos in comments [Dominic Schlegel]
+ replace any deprecated log.warn with log.warning
+ [Dominic Schlegel] (LP: #1508442)
+ net: handle openstack dhcpv6-stateless configuration
+ [Harald Jensås] (LP: #1847517)
+ Add .venv/ to .gitignore [Dominic Schlegel]
+ Small typo fixes in code comments. [Dominic Schlegel]
+ cloud_test/lxd: Retry container delete a few times
+ Add Support for e24cloud to Ec2 datasource. (LP: #1696476)
+ Add RbxCloud datasource [Adam Dobrawy]
+ get_interfaces: don't exclude bridge and bond members (LP: #1846535)
+ Add support for Arch Linux in render-cloudcfg [Conrad Hoffmann]
+ util: json.dumps on python 2.7 will handle UnicodeDecodeError on binary
+ (LP: #1801364)
+ debian/ubuntu: add missing word to netplan/ENI header (LP: #1845669)
+ ovf: do not generate random instance-id for IMC customization path
+ sysconfig: only write resolv.conf if network_state has DNS values
+ (LP: #1843634)
+ sysconfig: use distro variant to check if available (LP: #1843584)
+ systemd/cloud-init.service.tmpl: start after wicked.service
+ [Robert Schweikert]
+ docs: fix zstack documentation lints
+ analyze/show: remove trailing space in output
+ Add missing space in warning: "/not avalid seed"/ [Brian Candler]
+ pylintrc: add 'enter_context' to generated-members list
+ Add datasource for ZStack platform. [Shixin Ruan] (LP: #1841181)
+ docs: organize TOC and update summary of project [Joshua Powers]
+ tools: make clean now cleans the dev directory, not the system
+ docs: create cli specific page [Joshua Powers]
+ docs: added output examples to analyze.rst [Joshua Powers]
+ docs: doc8 fixes for instancedata page [Joshua Powers]
+ docs: clean up formatting, organize boot page [Joshua Powers]
+ net: add is_master check for filtering device list (LP: #1844191)
+ docs: more complete list of availability [Joshua Powers]
+ docs: start FAQ page [Joshua Powers]
+ docs: cleanup output & order of datasource page [Joshua Powers]
+ Brightbox: restrict detection to require full domain match .brightbox.com
+ VMWware: add option into VMTools config to enable/disable custom script.
+ [Xiaofeng Wang]
+ net,Oracle: Add support for netfailover detection
+ atomic_helper: add DEBUG logging to write_file (LP: #1843276)
+ doc: document doc, create makefile and tox target [Joshua Powers]
+ .gitignore: ignore files produced by package builds
+ docs: fix whitespace, spelling, and line length [Joshua Powers]
+ docs: remove unnecessary file in doc directory [Joshua Powers]
+ Oracle: Render secondary vnic IP and MTU values only
+ exoscale: fix sysconfig cloud_config_modules overrides (LP: #1841454)
+ net/cmdline: refactor to allow multiple initramfs network config sources
+ ubuntu-drivers: call db_x_loadtemplatefile to accept NVIDIA EULA
+ (LP: #1840080)
+ Add missing #cloud-config comment on first example in documentation.
+ [Florian Müller]
+ ubuntu-drivers: emit latelink=true debconf to accept nvidia eula
+ (LP: #1840080)
+ DataSourceOracle: prefer DS network config over initramfs
+ format.rst: add text/jinja2 to list of content types (+ cleanups)
+ Add GitHub pull request template to point people at hacking doc
+ cloudinit/distros/parsers/sys_conf: add docstring to SysConf
+ pyflakes: remove unused variable [Joshua Powers]
+ Azure: Record boot timestamps, system information, and diagnostic events
+ [Anh Vo]
+ DataSourceOracle: configure secondary NICs on Virtual Machines
+ distros: fix confusing variable names
+ azure/net: generate_fallback_nic emits network v2 config instead of v1
+ Add support for publishing host keys to GCE guest attributes [Rick Wright]
+ New data source for the Exoscale.com cloud platform [Chris Glass]
+ doc: remove intersphinx extension
+ cc_set_passwords: rewrite documentation (LP: #1838794)
+ net/cmdline: split interfaces_by_mac and init network config determination
+ stages: allow data sources to override network config source order
+ cloud_tests: updates and fixes
+ Fix bug rendering MTU on bond or vlan when input was netplan. (LP: #1836949)
+ net: update net sequence, include wait on netdevs, opensuse netrules path
(LP: #1817368)
- Add cloud-init-proper-ipv6-setting.patch (bsc#1156139)
+ Set proper IPv6 interface variable in ifcfg file
- Update cloud-init-write-routes.patch (bsc#1155376)
+ Write a route's destination network in CIDR notation instead of using the
netmask. This provides support for correctly recording IPv6 routes.
- Add cloud-init-renderer-detect.patch (bsc#1154092, boo#1142988)
+ Short curcuit the conditional for identifying the sysconfig renderer.
If we find ifup/ifdown accept the renderer as available.
- Add cloud-init-break-resolv-symlink.patch (bsc#1151488)
+ If /etc/resolv.conf is a symlink break it. This will avoid netconfig
from clobbering the changes cloud-init applied.
- Update to cloud-init 19.2 (bsc#1099358, bsc#1145622)
+ Remove, included upstream
- cloud-init-detect-nova.diff
- cloud-init-add-static-routes.diff
+ net: add rfc3442 (classless static routes) to EphemeralDHCP
(LP: #1821102)
+ templates/ntp.conf.debian.tmpl: fix missing newline for pools
(LP: #1836598)
+ Support netplan renderer in Arch Linux [Conrad Hoffmann]
+ Fix typo in publicly viewable documentation. [David Medberry]
+ Add a cdrom size checker for OVF ds to ds-identify
[Pengpeng Sun] (LP: #1806701)
+ VMWare: Trigger the post customization script via cc_scripts module.
[Xiaofeng Wang] (LP: #1833192)
+ Cloud-init analyze module: Added ability to analyze boot events.
[Sam Gilson]
+ Update debian eni network configuration location, retain Ubuntu setting
[Janos Lenart]
+ net: skip bond interfaces in get_interfaces
[Stanislav Makar] (LP: #1812857)
+ Fix a couple of issues raised by a coverity scan
+ Add missing dsname for Hetzner Cloud datasource [Markus Schade]
+ doc: indicate that netplan is default in Ubuntu now
+ azure: add region and AZ properties from imds compute location metadata
+ sysconfig: support more bonding options [Penghui Liao]
+ cloud-init-generator: use libexec path to ds-identify on redhat systems
(LP: #1833264)
+ tools/build-on-freebsd: update to python3 [Gonéri Le Bouder]
+ Allow identification of OpenStack by Asset Tag
[Mark T. Voelker] (LP: #1669875)
+ Fix spelling error making 'an Ubuntu' consistent. [Brian Murray]
+ run-container: centos: comment out the repo mirrorlist [Paride Legovini]
+ netplan: update netplan key mappings for gratuitous-arp (LP: #1827238)
+ freebsd: fix the name of cloudcfg VARIANT [Gonéri Le Bouder]
+ freebsd: ability to grow root file system [Gonéri Le Bouder]
+ freebsd: NoCloud data source support [Gonéri Le Bouder] (LP: #1645824)
+ Azure: Return static fallback address as if failed to find endpoint
[Jason Zions (MSFT)]
- Add cloud-init-after-wicked.patch
- Change the service order, the cloud-init service wants to run after
networking is started
- Add cloud-init-noresolv-merge-no-dns-data.diff
- Avoid writing resolv.conf if the network configuration contains no
dns entries.
- Follow up to update cloud-init-trigger-udev.patch (bsc#1144363)
- In this implementation the "/name"/ is not yet an attribute, use
get() to obtain the value from a dict. Source code version confusion.
- Add cloud-init-add-static-routes.diff (bsc#1141969)
+ Properly handle static routes. The EphemeralDHCP context manager did
not parse or handle rfc3442 classless static routes which prevented
reading datasource metadata in some clouds.
- Update cloud-init-trigger-udev.patch (bsc#1144363)
- The __str__ implementation no longer delivers the name of the interface,
use the "/name"/ attribute instead to form a proper path in the
sysfs tree
- Update cloud-init-write-routes.patch (boo#1144881, bsc#1148645)
+ If no routes are set for a subnet but the subnet has a gateway
specified, set the gateway as the default route for the interface
- Follow the ever changing inconsistencies of version definitions and
detection in the build service.
+ No more suse_version in SUSE internal instance for SLES 15 SP1
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut the build queues by allowing usage of systemd-mini
- Update to version 19.1 (bsc#1136440, bsc#1129124)
+ Remove, included upstream
- fix-default-systemd-unit-dir.patch
- cloud-init-sysconf-ethsetup.patch
- cloud-init-handle-def-route-set.patch
- cloud-init-no-empty-resolv.patch
- cloud-init-proper-ipv6-varname.patch
+ Forward port
- cloud-init-trigger-udev.patch
+ Add cloud-init-detect-nova.diff (bsc#1136440)
+ Modify cloud-init-python2-sigpipe.patch, import signal and constants
+ Update spec to account for new location of bash completion
+ freebsd: add chpasswd pkg in the image [Gonéri Le Bouder]
+ tests: add Eoan release [Paride Legovini]
+ cc_mounts: check if mount -a on no-change fstab path
[Jason Zions (MSFT)] (LP: #1825596)
+ replace remaining occurrences of LOG.warn [Daniel Watkins]
+ DataSourceAzure: Adjust timeout for polling IMDS [Anh Vo]
+ Azure: Changes to the Hyper-V KVP Reporter [Anh Vo]
+ git tests: no longer show warning about safe yaml.
+ tools/read-version: handle errors [Chad Miller]
+ net/sysconfig: only indicate available on known sysconfig distros
(LP: #1819994)
+ packages: update rpm specs for new bash completion path
[Daniel Watkins] (LP: #1825444)
+ test_azure: mock util.SeLinuxGuard where needed
[Jason Zions (MSFT)] (LP: #1825253)
+ setup.py: install bash completion script in new location [Daniel Watkins]
+ mount_cb: do not pass sync and rw options to mount
[Gonéri Le Bouder] (LP: #1645824)
+ cc_apt_configure: fix typo in apt documentation [Dominic Schlegel]
+ Revert "/DataSource: move update_events from a class to an instance..."/
[Daniel Watkins]
+ Change DataSourceNoCloud to ignore file system label's case.
[Risto Oikarinen]
+ cmd:main.py: Fix missing 'modules-init' key in modes dict
[Antonio Romito] (LP: #1815109)
+ ubuntu_advantage: rewrite cloud-config module
+ Azure: Treat _unset network configuration as if it were absent
[Jason Zions (MSFT)] (LP: #1823084)
+ DatasourceAzure: add additional logging for azure datasource [Anh Vo]
+ cloud_tests: fix apt_pipelining test-cases
+ Azure: Ensure platform random_seed is always serializable as JSON.
[Jason Zions (MSFT)]
+ net/sysconfig: write out SUSE-compatible IPv6 config [Robert Schweikert]
+ tox: Update testenv for openSUSE Leap to 15.0 [Thomas Bechtold]
+ net: Fix ipv6 static routes when using eni renderer
[Raphael Glon] (LP: #1818669)
+ Add ubuntu_drivers config module [Daniel Watkins]
+ doc: Refresh Azure walinuxagent docs [Daniel Watkins]
+ tox: bump pylint version to latest (2.3.1) [Daniel Watkins]
+ DataSource: move update_events from a class to an instance attribute
[Daniel Watkins] (LP: #1819913)
+ net/sysconfig: Handle default route setup for dhcp configured NICs
[Robert Schweikert] (LP: #1812117)
+ DataSourceEc2: update RELEASE_BLOCKER to be more accurate
[Daniel Watkins]
+ cloud-init-per: POSIX sh does not support string subst, use sed
(LP: #1819222)
+ Support locking user with usermod if passwd is not available.
+ Example for Microsoft Azure data disk added. [Anton Olifir]
+ clean: correctly determine the path for excluding seed directory
[Daniel Watkins] (LP: #1818571)
+ helpers/openstack: Treat unknown link types as physical
[Daniel Watkins] (LP: #1639263)
+ drop Python 2.6 support and our NIH version detection [Daniel Watkins]
+ tip-pylint: Fix assignment-from-return-none errors
+ net: append type:dhcp[46] only if dhcp[46] is True in v2 netconfig
[Kurt Stieger] (LP: #1818032)
+ cc_apt_pipelining: stop disabling pipelining by default
[Daniel Watkins] (LP: #1794982)
+ tests: fix some slow tests and some leaking state [Daniel Watkins]
+ util: don't determine string_types ourselves [Daniel Watkins]
+ cc_rsyslog: Escape possible nested set [Daniel Watkins] (LP: #1816967)
+ Enable encrypted_data_bag_secret support for Chef
[Eric Williams] (LP: #1817082)
+ azure: Filter list of ssh keys pulled from fabric [Jason Zions (MSFT)]
CVE-2019-0816
+ doc: update merging doc with fixes and some additional details/examples
+ tests: integration test failure summary to use traceback if empty error
+ This is to fix https://bugs.launchpad.net/cloud-init/+bug/1812676
[Vitaly Kuznetsov]
+ EC2: Rewrite network config on AWS Classic instances every boot
[Guilherme G. Piccoli] (LP: #1802073)
+ netinfo: Adjust ifconfig output parsing for FreeBSD ipv6 entries
(LP: #1779672)
+ netplan: Don't render yaml aliases when dumping netplan (LP: #1815051)
+ add PyCharm IDE .idea/ path to .gitignore [Dominic Schlegel]
+ correct grammar issue in instance metadata documentation
[Dominic Schlegel] (LP: #1802188)
+ clean: cloud-init clean should not trace when run from within cloud_dir
(LP: #1795508)
+ Resolve flake8 comparison and pycodestyle over-ident issues
[Paride Legovini]
+ opennebula: also exclude epochseconds from changed environment vars
(LP: #1813641)
+ systemd: Render generator from template to account for system
differences. [Robert Schweikert]
+ sysconfig: On SUSE, use STARTMODE instead of ONBOOT
[Robert Schweikert] (LP: #1799540)
+ flake8: use ==/!= to compare str, bytes, and int literals
[Paride Legovini]
+ opennebula: exclude EPOCHREALTIME as known bash env variable with a
delta (LP: #1813383)
+ tox: fix disco httpretty dependencies for py37 (LP: #1813361)
+ run-container: uncomment baseurl in yum.repos.d/*.repo when using a
proxy [Paride Legovini]
+ lxd: install zfs-linux instead of zfs meta package
[Johnson Shi] (LP: #1799779)
+ net/sysconfig: do not write a resolv.conf file with only the header.
[Robert Schweikert]
+ net: Make sysconfig renderer compatible with Network Manager.
[Eduardo Otubo]
+ cc_set_passwords: Fix regex when parsing hashed passwords
[Marlin Cremers] (LP: #1811446)
+ net: Wait for dhclient to daemonize before reading lease file
[Jason Zions] (LP: #1794399)
+ [Azure] Increase retries when talking to Wireserver during metadata walk
[Jason Zions]
+ Add documentation on adding a datasource.
+ doc: clean up some datasource documentation.
+ ds-identify: fix wrong variable name in ovf_vmware_transport_guestinfo.
+ Scaleway: Support ssh keys provided inside an instance tag. [PORTE Loïc]
+ OVF: simplify expected return values of transport functions.
+ Vmware: Add support for the com.vmware.guestInfo OVF transport.
(LP: #1807466)
+ HACKING.rst: change contact info to Josh Powers
+ Update to pylint 2.2.2.
- Update cloud-init-write-routes.patch (bsc#1132692)
+ Properly accumulate all the defined routes for a given network device.
Previously only the last defined route was written to the routes file.
- Update cloud-init-trigger-udev.patch (bsc#1125950)
+ Write the udev rules to a different file than the default
+ Settle udev if not all configured devices are in the device tree to
avoid race condition between udev and cloud-init
- Add cloud-init-trigger-udev.patch (bsc#1125950)
+ When the user configures a new rules file for network devices
the rules may not apply immediately, trigger udevadm
- Modify cloud-init-write-routes.patch (bsc#1125992)
+ Fix the order of calls, the SUSE implementation of route config file
writing must clobber the default implementation.
- Add cloud-init-proper-ipv6-varname.patch (bsc#1126101)
+ Use the proper name to designate IPv6 addresses in ifcfg-* files
- Modify cloud-init-write-routes.patch (boo#1123694)
+ Drop a '-' in the route file for the last column
- Add cloud-init-no-empty-resolv.patch (bsc#1119397)
- Update to version 18.5 (bsc#1121878, boo#1116767)
+ Remove
0001-Fix-the-service-order-for-SUSE-distributions.patch
0001-Follow-the-ever-bouncing-ball-for-openSUSE-distribut.patch
0002-Add-tests-for-additional-openSUSE-distro-condition-m.patch
included upstream
+ Forward port cloud-init-sysconf-ethsetup.patch
+ Add cloud-init-write-routes.patch
+ Add cloud-init-handle-def-route-set.patch
+ tests: add Disco release [Joshua Powers]
+ net: render 'metric' values in per-subnet routes (LP: #1805871)
+ write_files: add support for appending to files. [James Baxter]
+ config: On ubuntu select cloud archive mirrors for armel, armhf, arm64.
(LP: #1805854)
+ dhclient-hook: cleanups, tests and fix a bug on 'down' event.
+ NoCloud: Allow top level 'network' key in network-config. (LP: #1798117)
+ ovf: Fix ovf network config generation gateway/routes (LP: #1806103)
+ azure: detect vnet migration via netlink media change event
[Tamilmani Manoharan]
+ Azure: fix copy/paste error in error handling when reading azure ovf.
+ [Adam DePue]
+ tests: fix incorrect order of mocks in test_handle_zfs_root.
+ doc: Change dns_nameserver property to dns_nameservers. [Tomer Cohen]
+ OVF: identify label iso9660 filesystems with label 'OVF ENV'.
+ logs: collect-logs ignore instance-data-sensitive.json on non-root user
(LP: #1805201)
+ net: Ephemeral*Network: add connectivity check via URL
+ azure: _poll_imds only retry on 404. Fail on Timeout (LP: #1803598)
+ resizefs: Prefix discovered devpath with '/dev/' when path does not
exist [Igor Galić]
+ azure: retry imds polling on requests.Timeout (LP: #1800223)
+ azure: Accept variation in error msg from mount for ntfs volumes
[Jason Zions] (LP: #1799338)
+ azure: fix regression introduced when persisting ephemeral dhcp lease
[asakkurr]
+ azure: add udev rules to create cloud-init Gen2 disk name symlinks
(LP: #1797480)
+ tests: ec2 mock missing httpretty user-data and instance-identity routes
+ azure: remove /etc/netplan/90-hotplug-azure.yaml when net from IMDS
+ azure: report ready to fabric after reprovision and reduce logging
[asakkurr] (LP: #1799594)
+ query: better error when missing read permission on instance-data
+ instance-data: fallback to instance-data.json if sensitive is absent.
(LP: #1798189)
+ docs: remove colon from network v1 config example. [Tomer Cohen]
+ Add cloud-id binary to packages for SUSE [Jason Zions]
+ systemd: On SUSE ensure cloud-init.service runs before wicked
[Robert Schweikert] (LP: #1799709)
+ update detection of openSUSE variants [Robert Schweikert]
+ azure: Add apply_network_config option to disable network from IMDS
(LP: #1798424)
+ Correct spelling in an error message (udevadm). [Katie McLaughlin]
+ tests: meta_data key changed to meta-data in ec2 instance-data.json
(LP: #1797231)
+ tests: fix kvm integration test to assert flexible config-disk path
(LP: #1797199)
+ tools: Add cloud-id command line utility
+ instance-data: Add standard keys platform and subplatform. Refactor ec2.
+ net: ignore nics that have "/zero"/ mac address. (LP: #1796917)
+ tests: fix apt_configure_primary to be more flexible
+ Ubuntu: update sources.list to comment out deb-src entries. (LP: #74747)
- Add cloud-init-ostack-metadat-dencode.patch (bsc#1101894)
- Add cloud-init-static-net.patch (boo#1114160)
- Update to version 18.4 (bsc#1087331, bsc#1097388, boo#1111427, bsc#1095627)
+ Remove cloud-init-no-user-lock-if-already-locked.patch
cloud-init 18.4 is not supported on SLE 11 code base
+ Remove 0001-Support-chrony-configuration-lp-1731619.patch
Included upstream
+ Remove 0003-Distro-dependent-chrony-config-file.patch
Included upstream
+ Remove 0001-switch-to-using-iproute2-tools.patch
Included upstream
+ Remove cloud-init-no-python-linux-dist.patch
Included upstream
+ Remove cloud-init-no-trace-empt-sect.patch
Included upstream
+ Remove cloud-init-setpath-dsitentify.patch
Included upstream
+ Modify fix-default-systemd-unit-dir.patch
Use pkg-config, only modify the generator
+ Remove cloud-init-sysconfig-netpathfix.patch
Fixed upstream
+ Removed cloud-init-skip-ovf-tests.patch
Fixed upstream
+ Removed cloud-init-translate-netconf-ipv4-keep-gw.patch
Fixed upstream
+ Add cloud-init-template-py2.patch avoid Python 3 dependency when we build
for distros with Python 2 support
+ Add 0001-Follow-the-ever-bouncing-ball-for-openSUSE-distribut.patch
+ Add 0002-Add-tests-for-additional-openSUSE-distro-condition-m.patch
+ Add cloud-init-sysconf-path.patch
+ Add cloud-init-sysconf-ethsetup.patch
+ Add 0001-Fix-the-service-order-for-SUSE-distributions.patch
+ Add dhcp-client as requirement
cloud-init uses dhclient to setup temporary network for
metadata retrieval. THis is needed until lp#1733226 is addressed
+ add rtd example docs about new standardized keys
+ use ds._crawled_metadata instance attribute if set when writing
instance-data.json
+ ec2: update crawled metadata. add standardized keys
+ tests: allow skipping an entire cloud_test without running.
+ tests: disable lxd tests on cosmic
+ cii-tests: use unittest2.SkipTest in ntp_chrony due to new deps
+ lxd: adjust to snap installed lxd.
+ docs: surface experimental doc in instance-data.json
+ tests: fix ec2 integration tests. process meta_data instead of meta-data
+ Add support for Infiniband network interfaces (IPoIB). [Mark Goddard]
+ cli: add cloud-init query subcommand to query instance metadata
+ tools/tox-venv: update for new features.
+ pylint: ignore warning assignment-from-no-return for _write_network
+ stages: Fix bug causing datasource to have incorrect sys_cfg.
(LP: #1787459)
+ Remove dead-code _write_network distro implementations.
+ net_util: ensure static configs have netmask in translate_network result
[Thomas Berger] (LP: #1792454)
+ Fall back to root:root on syslog permissions if other options fail.
[Robert Schweikert]
+ tests: Add mock for util.get_hostname. [Robert Schweikert] (LP: #1792799)
+ ds-identify: doc string cleanup.
+ OpenStack: Support setting mac address on bond.
[Fabian Wiesel] (LP: #1682064)
+ bash_completion/cloud-init: fix shell syntax error.
+ EphemeralIPv4Network: Be more explicit when adding default route.
(LP: #1792415)
+ OpenStack: support reading of newer versions of metdata.
+ OpenStack: fix bug causing 'latest' version to be used from network.
(LP: #1792157)
+ user-data: jinja template to render instance-data.json in cloud-config
(LP: #1791781)
+ config: disable ssh access to a configured user account
+ tests: print failed testname instead of docstring upon failure
+ tests: Disallow use of util.subp except for where needed.
+ sysconfig: refactor sysconfig to accept distro specific templates paths
+ Add unit tests for config/cc_ssh.py [Francis Ginther]
+ Fix the built-in cloudinit/tests/helpers:skipIf
+ read-version: enhance error message [Joshua Powers]
+ hyperv_reporting_handler: simplify threaded publisher
+ VMWare: Fix a network config bug in vm with static IPv4 and no gateway.
[Pengpeng Sun] (LP: #1766538)
+ logging: Add logging config type hyperv for reporting via Azure KVP
[Andy Liu]
+ tests: disable other snap test as well [Joshua Powers]
+ tests: disable snap, fix write_files binary [Joshua Powers]
+ Add datasource Oracle Compute Infrastructure (OCI).
+ azure: allow azure to generate network configuration from IMDS per boot.
+ Scaleway: Add network configuration to the DataSource [Louis Bouchard]
+ docs: Fix example cloud-init analyze command to match output.
[Wesley Gao]
+ netplan: Correctly render macaddress on a bonds and bridges when
provided. (LP: #1784699)
+ tools: Add 'net-convert' subcommand command to 'cloud-init devel'.
+ redhat: remove ssh keys on new instance. (LP: #1781094)
+ Use typeset or local in profile.d scripts. (LP: #1784713)
+ OpenNebula: Fix null gateway6 [Akihiko Ota] (LP: #1768547)
+ oracle: fix detect_openstack to report True on OracleCloud.com DMI data
(LP: #1784685)
+ tests: improve LXDInstance trying to workaround or catch bug.
+ update_metadata re-config on every boot comments and tests not quite
right [Mike Gerdts]
+ tests: Collect build_info from system if available.
+ pylint: Fix pylint warnings reported in pylint 2.0.0.
+ get_linux_distro: add support for rhel via redhat-release.
+ get_linux_distro: add support for centos6 and rawhide flavors of redhat
(LP: #1781229)
+ tools: add '--debug' to tools/net-convert.py
+ tests: bump the version of paramiko to 2.4.1.
+ docs: note in rtd about avoiding /tmp when writing files (LP: #1727876)
+ ubuntu,centos,debian: get_linux_distro to align with platform.dist
(LP: #1780481)
+ Fix boothook docs on environment variable name (INSTANCE_I ->
INSTANCE_ID) [Marc Tamsky]
+ update_metadata: a datasource can support network re-config every boot
+ tests: drop salt-minion integration test (LP: #1778737)
+ Retry on failed import of gpg receive keys.
+ tools: Fix run-container when neither source or binary package requested.
+ docs: Fix a small spelling error. [Oz N Tiram]
+ tox: use simplestreams from git repository rather than bzr.
- From 18.3
+ docs: represent sudo:false in docs for user_groups config module
+ Explicitly prevent `sudo` access for user module
[Jacob Bednarz] (LP: #1771468)
+ lxd: Delete default network and detach device if lxd-init created them.
(LP: #1776958)
+ openstack: avoid unneeded metadata probe on non-openstack platforms
(LP: #1776701)
+ stages: fix tracebacks if a module stage is undefined or empty
[Robert Schweikert] (LP: #1770462)
+ Be more safe on string/bytes when writing multipart user-data to disk.
(LP: #1768600)
+ Fix get_proc_env for pids that have non-utf8 content in environment.
(LP: #1775371)
+ tests: fix salt_minion integration test on bionic and later
+ tests: provide human-readable integration test summary when --verbose
+ tests: skip chrony integration tests on lxd running artful or older
+ test: add optional --preserve-instance arg to integraiton tests
+ netplan: fix mtu if provided by network config for all rendered types
(LP: #1774666)
+ tests: remove pip install workarounds for pylxd, take upstream fix.
+ subp: support combine_capture argument.
+ tests: ordered tox dependencies for pylxd install
+ util: add get_linux_distro function to replace platform.dist
[Robert Schweikert] (LP: #1745235)
+ pyflakes: fix unused variable references identified by pyflakes 2.0.0.
+ Do not use the systemd_prefix macro, not available in this environment
[Robert Schweikert]
+ doc: Add config info to ec2, openstack and cloudstack datasource docs
+ Enable SmartOS network metadata to work with netplan via per-subnet
routes [Dan McDonald] (LP: #1763512)
+ openstack: Allow discovery in init-local using dhclient in a sandbox.
(LP: #1749717)
+ tests: Avoid using https in httpretty, improve HttPretty test case.
(LP: #1771659)
+ yaml_load/schema: Add invalid line and column nums to error message
+ Azure: Ignore NTFS mount errors when checking ephemeral drive
[Paul Meyer]
+ packages/brpm: Get proper dependencies for cmdline distro.
+ packages: Make rpm spec files patch in package version like in debs.
+ tools/run-container: replace tools/run-centos with more generic.
+ Update version.version_string to contain packaged version. (LP: #1770712)
+ cc_mounts: Do not add devices to fstab that are already present.
[Lars Kellogg-Stedman]
+ ds-identify: ensure that we have certain tokens in PATH. (LP: #1771382)
+ tests: enable Ubuntu Cosmic in integration tests [Joshua Powers]
+ read_file_or_url: move to url_helper, fix bug in its FileResponse.
+ cloud_tests: help pylint [Ryan Harper]
+ flake8: fix flake8 errors in previous commit.
+ typos: Fix spelling mistakes in cc_mounts.py log messages [Stephen Ford]
+ tests: restructure SSH and initial connections [Joshua Powers]
+ ds-identify: recognize container-other as a container, test SmartOS.
+ cloud-config.service: run After snap.seeded.service. (LP: #1767131)
+ tests: do not rely on host /proc/cmdline in test_net.py
[Lars Kellogg-Stedman] (LP: #1769952)
+ ds-identify: Remove dupe call to is_ds_enabled, improve debug message.
+ SmartOS: fix get_interfaces for nics that do not have addr_assign_type.
+ tests: fix package and ca_cert cloud_tests on bionic
(LP: #1769985)
+ ds-identify: make shellcheck 0.4.6 happy with ds-identify.
+ pycodestyle: Fix deprecated string literals, move away from flake8.
+ azure: Add reported ready marker file. [Joshua Chan] (LP: #1765214)
+ tools: Support adding a release suffix through packages/bddeb.
+ FreeBSD: Invoke growfs on ufs filesystems such that it does not prompt.
[Harm Weites] (LP: #1404745)
+ tools: Re-use the orig tarball in packages/bddeb if it is around.
+ netinfo: fix netdev_pformat when a nic does not have an address
assigned. (LP: #1766302)
+ collect-logs: add -v flag, write to stderr, limit journal to single
boot. (LP: #1766335)
+ IBMCloud: Disable config-drive and nocloud only if IBMCloud is enabled.
(LP: #1766401)
+ Add reporting events and log_time around early source of blocking time
[Ryan Harper]
+ IBMCloud: recognize provisioning environment during debug boots.
(LP: #1767166)
+ net: detect unstable network names and trigger a settle if needed
[Ryan Harper] (LP: #1766287)
+ IBMCloud: improve documentation in datasource.
+ sysconfig: dhcp6 subnet type should not imply dhcpv4 [Vitaly Kuznetsov]
+ packages/debian/control.in: add missing dependency on iproute2.
(LP: #1766711)
+ DataSourceSmartOS: add locking of serial device.
[Mike Gerdts] (LP: #1746605)
+ DataSourceSmartOS: sdc:hostname is ignored [Mike Gerdts] (LP: #1765085)
+ DataSourceSmartOS: list() should always return a list
[Mike Gerdts] (LP: #1763480)
+ schema: in validation, raise ImportError if strict but no jsonschema.
+ set_passwords: Add newline to end of sshd config, only restart if
updated. (LP: #1677205)
+ pylint: pay attention to unused variable warnings.
+ doc: Add documentation for AliYun datasource. [Junjie Wang]
+ Schema: do not warn on duplicate items in commands. (LP: #1764264)
+ net: Depend on iproute2's ip instead of net-tools ifconfig or route
+ DataSourceSmartOS: fix hang when metadata service is down
[Mike Gerdts] (LP: #1667735)
+ DataSourceSmartOS: change default fs on ephemeral disk from ext3 to
ext4. [Mike Gerdts] (LP: #1763511)
+ pycodestyle: Fix invalid escape sequences in string literals.
+ Implement bash completion script for cloud-init command line
[Ryan Harper]
+ tools: Fix make-tarball cli tool usage for development
+ renderer: support unicode in render_from_file.
+ Implement ntp client spec with auto support for distro selection
[Ryan Harper] (LP: #1749722)
+ Apport: add Brightbox, IBM, LXD, and OpenTelekomCloud to list of clouds.
+ tests: fix ec2 integration network metadata validation
+ tests: fix integration tests to support lxd 3.0 release
+ correct documentation to match correct attribute name usage.
[Dominic Schlegel] (LP: #1420018)
+ cc_resizefs, util: handle no /dev/zfs [Ryan Harper]
+ doc: Fix links in OpenStack datasource documentation.
[Dominic Schlegel] (LP: #1721660)
- Add a modified version of fix-default-systemd-unit-dir.patch
+ Removed pre-maturely, still needs 1 part of the patch
- Remove fix-default-systemd-unit-dir.patch
+ No longer needed, proper systemd config dir is queried from pckg-config
- The distribution inidcator is set to suse during template expansion,
we do not replace anything set to ubuntu
- Do not run cloud-init after network-online, this breaks functionality in
cloud-init. Certain parts of the code running in this phase expect to run
before the network is on-line. This "/re-introduces"/ boo#1097388. But the
changes made are not generic enough.
- Root should not be enabled by default. For image builders/users that want
root access by default they should provide an appropriate configuration
file during image build or image setup
- Let distribution default to opensuse/sles (boo#1099340)
- do not disable root user to make it easier to work with
- Run metadata detection after network-online (boo#1097388)
- Re-add generator (bsc#1089824, boo#1093501)
+ Add cloud-init-setpath-dsitentify.patch, upstream solution to
hanle PATH issue
+ Re-enable th egenerator to reduce effort in cloud-init configuration
- Drop the generator (bsc#1089824, boo#1093501)
+ The generator spawns a script called ds-identify which in turn calls
blkid. When the generator executes the environment may or may not be
ready. The generator speeds up the boot process in cases where
cloud-init is enabled but we are not in an environment where cloud-init
should run -> Don't do that.
- Update to version 18.2 (bsc#1092637, bsc#1084509)
+ Forward port cloud-init-python2-sigpipe.patch
+ Forward port cloud-init-no-python-linux-dist.patch
+ Add cloud-init-no-trace-empt-sect.patch
+ Hetzner: Exit early if dmi system-manufacturer is not Hetzner.
+ Add missing dependency on isc-dhcp-client to trunk ubuntu packaging.
+ (LP: #1759307)
+ FreeBSD: resizefs module now able to handle zfs/zpool.
+ [Dominic Schlegel] (LP: #1721243)
+ cc_puppet: Revert regression of puppet creating ssl and ssl_cert dirs
+ Enable IBMCloud datasource in settings.py.
+ IBMCloud: Initial IBM Cloud datasource.
+ tests: remove jsonschema from xenial tox environment.
+ tests: Fix newly added schema unit tests to skip if no jsonschema.
+ ec2: Adjust ec2 datasource after exception_cb change.
+ Reduce AzurePreprovisioning HTTP timeouts.
+ [Douglas Jordan] (LP: #1752977)
+ Revert the logic of exception_cb in read_url.
+ [Kurt Garloff] (LP: #1702160, #1298921)
+ ubuntu-advantage: Add new config module to support
+ ubuntu-advantage-tools
+ Handle global dns entries in netplan (LP: #1750884)
+ Identify OpenTelekomCloud Xen as OpenStack DS.
+ [Kurt Garloff] (LP: #1756471)
+ datasources: fix DataSource subclass get_hostname method signature
+ (LP: #1757176)
+ OpenNebula: Update network to return v2 config rather than ENI.
+ [Akihiko Ota]
+ Add Hetzner Cloud DataSource
+ net: recognize iscsi root cases without ip= on kernel command line.
+ (LP: #1752391)
+ tests: fix flakes warning for unused variable
+ tests: patch leaked stderr messages from snap unit tests
+ cc_snap: Add new module to install and configure snapd and snap
+ packages.
+ tests: Make pylint happy and fix python2.6 uses of assertRaisesRegex.
+ netplan: render bridge port-priority values (LP: #1735821)
+ util: Fix subp regression. Allow specifying subp command as a string.
+ (LP: #1755965)
+ doc: fix all warnings issued by 'tox -e doc'
+ FreeBSD: Set hostname to FQDN. [Dominic Schlegel] (LP: #1753499)
+ tests: fix run_tree and bddeb
+ tests: Fix some warnings in tests that popped up with newer python.
+ set_hostname: When present in metadata, set it before network bringup.
+ (LP: #1746455)
+ tests: Centralize and re-use skipTest based on json schema presense.
+ This commit fixes get_hostname on the AzureDataSource.
+ [Douglas Jordan] (LP: #1754495)
+ shellify: raise TypeError on bad input.
+ Make salt minion module work on FreeBSD.
+ [Dominic Schlegel] (LP: #1721503)
+ Simplify some comparisions. [Rémy Léone]
+ Change some list creation and population to literal. [Rémy Léone]
+ GCE: fix reading of user-data that is not base64 encoded. (LP: #1752711)
+ doc: fix chef install from apt packages example in RTD.
+ Implement puppet 4 support [Romanos Skiadas] (LP: #1446804)
+ subp: Fix subp usage with non-ascii characters when no system locale.
+ (LP: #1751051)
+ salt: configure grains in grains file rather than in minion config.
[Daniel Wallace]
- Update to version 18.1 (bsc#1085787, bsc#1084749)
+ Forward port cloud-init-python2-sigpipe.patch
+ Forward port 0003-Distro-dependent-chrony-config-file.patch
partial integration into 0001-Support-chrony-configuration-lp-1731619.patch
+ Forward port cloud-init-no-python-linux-dist.patch
+ Remove 0002-Disable-method-deprecation-warning-for-pylint.patch
use new cloud-init internal distro detection code
+ Remove cloud-init-resize-ro-btrfs.patch included upstream
+ Remove 0001-Set-syslog_fix_perms-for-SUSE-distro-addresses-bsc-1.patch
included upstream
+ OVF: Fix VMware support for 64-bit platforms. [Sankar Tanguturi]
+ ds-identify: Fix searching for iso9660 OVF cdroms. (LP: #1749980)
+ SUSE: Fix groups used for ownership of cloud-init.log [Robert Schweikert]
+ ds-identify: check /writable/system-data/ for nocloud seed.
(LP: #1747070)
+ tests: run nosetests in cloudinit/ directory, fix py26 fallout.
+ tools: run-centos: git clone rather than tar.
+ tests: add support for logs with lxd from snap and future lxd 3.
(LP: #1745663)
+ EC2: Fix get_instance_id called against cached datasource pickle.
(LP: #1748354)
+ cli: fix cloud-init status to report running when before result.json
(LP: #1747965)
+ net: accept network-config in netplan format for renaming interfaces
(LP: #1709715)
+ Fix ssh keys validation in ssh_util [Tatiana Kholkina]
+ docs: Update RTD content for cloud-init subcommands.
+ OVF: Extend well-known labels to include OVFENV. (LP: #1698669)
+ Fix potential cases of uninitialized variables. (LP: #1744796)
+ tests: Collect script output as binary, collect systemd journal, fix lxd.
+ HACKING.rst: mention setting user name and email via git config.
+ Azure VM Preprovisioning support. [Douglas Jordan] (LP: #1734991)
+ tools/read-version: Fix read-version when in a git worktree.
+ docs: Fix typos in docs and one debug message. [Florian Grignon]
+ btrfs: support resizing if root is mounted ro.
[Robert Schweikert] (LP: #1734787)
+ OpenNebula: Improve network configuration support.
[Akihiko Ota] (LP: #1719157, #1716397, #1736750)
+ tests: Fix EC2 Platform to return console output as bytes.
+ tests: Fix attempted use of /run in a test case.
+ GCE: Improvements and changes to ssh key behavior for default user.
[Max Illfelder] (LP: #1670456, #1707033, #1707037, #1707039)
+ subp: make ProcessExecutionError have expected types in stderr, stdout.
+ tests: when querying ntp server, do not do dns resolution.
+ Recognize uppercase vfat disk labels [James Penick] (LP: #1598783)
+ tests: remove zesty as supported OS to test [Joshua Powers]
+ Do not log warning on config files that represent None. (LP: #1742479)
+ tests: Use git hash pip dependency format for pylxd.
+ tests: add integration requirements text file [Joshua Powers]
+ MAAS: add check_instance_id based off oauth tokens. (LP: #1712680)
+ tests: update apt sources list test [Joshua Powers]
+ tests: clean up image properties [Joshua Powers]
+ tests: rename test ssh keys to avoid appearance of leaking private keys.
[Joshua Powers]
+ tests: Enable AWS EC2 Integration Testing [Joshua Powers]
+ cli: cloud-init clean handles symlinks (LP: #1741093)
+ SUSE: Add a basic test of network config rendering. [Robert Schweikert]
+ Azure: Only bounce network when necessary. (LP: #1722668)
+ lint: Fix lints seen by pylint version 1.8.1.
+ cli: Fix error in cloud-init modules --mode=init. (LP: #1736600)
- update cloud-init-sysconfig-netpathfix.patch:
* skip checking for files in /etc/sysconfig that never exist
on a wickedd based system
- Fix logfile permission settings (bsc#1080595)
+ Add 0001-Set-syslog_fix_perms-for-SUSE-distro-addresses-bsc-1.patch
- drop dependency on boto (only used in examples, and
should really be ported to botocore/boto3 instead)
- Update to version 17.2 (boo#1069635, bsc#1072811)
+ Add cloud-init-skip-ovf-tests.patch
+ Add cloud-init-no-python-linux-dist.patch
+ Add 0001-switch-to-using-iproute2-tools.patch
+ Add 0001-Support-chrony-configuration-lp-1731619.patch
+ Add 0002-Disable-method-deprecation-warning-for-pylint.patch
+ Add 0003-Distro-dependent-chrony-config-file.patch
+ removed cloud-init-add-variant-cloudcfg.patch replaced by
cloud-init-no-python-linux-dist.patch
+ removed zypp_add_repos.diff included upstream
+ removed zypp_add_repo_test.patch included upstream
+ removed cloud-init-hosts-template.patch included upstream
+ removed cloud-init-more-tasks.patch included upstream
+ removed cloud-init-final-no-apt.patch included upstream
+ removed cloud-init-ntp-conf-suse.patch included upstream
+ removed cloud-init-break-cycle-local-service.patch included upstream
+ removed cloud-init-reproduce-build.patch included upstream
+ For the complete changelog see https://launchpad.net/cloud-init/trunk/17.2
- patch distribution detection until a fix is delivered to python3 (bsc#997614)
add cloud-init-add-variant-cloudcfg.patch
- Fix usage of fdupes macro: there is no '-n' parameter to the
macro (there would be to fdupes, the command, though).
- Add cloud-init-reproduce-build.patch (boo#1069635)
+ Make builds reproducible
- Add cloud-init-resize-ro-btrfs.patch
+ cc_resizefs fails if the current root is a read-only btrfs
subvolume, use an always writeable subvolume instead [bsc#1042913]
- Add cloud-init-break-cycle-local-service.patch
+ Let systemd pull in the default targets. This breaks a cycle
- Fix variable name in cloud-init-translate-netconf-ipv4-keep-gw.patch
- Add cloud-init-translate-netconf-ipv4-keep-gw.patch (boo#1064854)
+ Properly insert the gateway information for v1 json network config data
- Add cloud-init-ntp-conf-suse.patch
+ ntp configuration was broken on sles and opensuse lp#1726572
- Add cloud-init-hosts-template.patch (bsc#1064594)
+ Properly expand the /etc/hosst file when manage_etc_hosts is set
- Fix sed expression to set distro properly (boo#1063716)
- Update to version 17.1 (bsc#1035106)
+ Version numbering scheme change now YY.NUMBER_OF_RELESE_THAT_YEAR
+ Remove cloud.cfg.suse, use generated default config file
+ Remove addopenSUSEBase.patch, included upstream
+ Remove suseIntegratedHandler.patch, included upstream
+ Remove openSUSEhostsTemplate.diff, included upstream
+ Remove cloud-init-handle-no-carrier.patch, included upstream
+ Remove cloud-init-digital-ocean-datasource.patch,
use upstream implementation
+ Remove cloud-init-digital-ocean-datasource-enable-by-default.patch,
use upstream implementation
+ Remove cloud-init-fix-unicode-handling-binarydecode.patch,
included upstream
+ Remove cloud-init-no-dmidecode-on-ppc64.patch, included upstream
+ Remove dataSourceOpenNebula.patch, use upstream implementation
+ Remove setupSUSEsysVInit.diff, included upstream
+ Remove suseSysVInit.diff, included upstream
+ Remove cloud-init-finalbeforelogin.patch, don't block login
+ Remove cloud-init-handle-not-implemented-query.patch, query option removed
+ Remove cloud-init-spceandtabs-clean.patch, indentation fixed upstream
+ Remove dynamicInitCmd.diff, different solution from upstream
+ Added cloud-init-more-tasks.patch, (bsc#1047363)
replace cloud-init-finalbeforelogin.patch
+ Forward port cloud-init-python2-sigpipe.patch
+ Remove cloud-init-net-eni.patch, included upstream
+ Remove cloud-init-service.patch, included upstream
+ Forward port cloud-init-sysconfig-netpathfix.patch
+ Remove cloud-init-net-sysconfig-lp1665441.patch, included upstream
+ Remove cloud-init-python26.patch, included upstream
+ Remove skip-argparse-on-python3.patch
+ Add cloud-init-tests-set-exec.patch
+ Add cloud-init-final-no-apt.patch
+ Add zypp_add_repo_test.patch
+ doc: document GCE datasource. [Arnd Hannemann]
+ suse: updates to templates to support openSUSE and SLES.
+ [Robert Schweikert] (LP: #1718640)
+ suse: Copy sysvinit files from redhat with slight changes.
+ [Robert Schweikert] (LP: #1718649)
+ docs: fix sphinx module schema documentation [Chad Smith]
+ tests: Add cloudinit package to all test targets [Chad Smith]
+ Makefile: No longer look for yaml files in obsolete ./bin/.
+ tests: fix ds-identify unit tests to set EC2_STRICT_ID_DEFAULT.
+ ec2: Fix maybe_perform_dhcp_discovery to use /var/tmp as a tmpdir
+ [Chad Smith] (LP: #1717627)
+ Azure: wait longer for SSH pub keys to arrive.
+ [Paul Meyer] (LP: #1717611)
+ GCE: Fix usage of user-data. (LP: #1717598)
+ cmdline: add collect-logs subcommand. [Chad Smith] (LP: #1607345)
+ CloudStack: consider dhclient lease files named with a hyphen.
+ (LP: #1717147)
+ resizefs: Drop check for read-only device file, do not warn on
+ overlayroot. [Chad Smith]
+ Do not provide systemd-fsck drop-in which could cause ordering cycles.
+ [Balint Reczey] (LP: #1717477)
+ tests: Enable the NoCloud KVM platform [Joshua Powers]
+ resizefs: pass mount point to xfs_growfs [Dusty Mabe]
+ vmware: Enable nics before sending the SUCCESS event. [Sankar Tanguturi]
+ cloud-config modules: honor distros definitions in each module
+ [Chad Smith] (LP: #1715738, #1715690)
+ chef: Add option to pin chef omnibus install version
+ [Ethan Apodaca] (LP: #1462693)
+ tests: execute: support command as string [Joshua Powers]
+ schema and docs: Add jsonschema to resizefs and bootcmd modules
+ [Chad Smith]
+ tools: Add xkvm script, wrapper around qemu-system [Joshua Powers]
+ vmware customization: return network config format
+ [Sankar Tanguturi] (LP: #1675063)
+ Ec2: only attempt to operate at local mode on known platforms.
+ (LP: #1715128)
+ Use /run/cloud-init for tempfile operations. (LP: #1707222)
+ ds-identify: Make OpenStack return maybe on arch other than intel.
+ (LP: #1715241)
+ tests: mock missed openstack metadata uri network_data.json
+ [Chad Smith] (LP: #1714376)
+ relocate tests/unittests/helpers.py to cloudinit/tests
+ [Lars Kellogg-Stedman]
+ tox: add nose timer output [Joshua Powers]
+ upstart: do not package upstart jobs, drop ubuntu-init-switch module.
+ tests: Stop leaking calls through unmocked metadata addresses
+ [Chad Smith] (LP: #1714117)
+ distro: allow distro to specify a default locale [Ryan Harper]
+ tests: fix two recently added tests for sles distro.
+ url_helper: dynamically import oauthlib import from inside oauth_headers
+ [Chad Smith]
+ tox: make xenial environment run with python3.6
+ suse: Add support for openSUSE and return SLES to a working state.
+ [Robert Schweikert]
+ GCE: Add a main to the GCE Datasource.
+ ec2: Add IPv6 dhcp support to Ec2DataSource. [Chad Smith] (LP: #1639030)
+ url_helper: fail gracefully if oauthlib is not available
+ [Lars Kellogg-Stedman] (LP: #1713760)
+ cloud-init analyze: fix issues running under python 2. [Andrew Jorgensen]
+ Configure logging module to always use UTC time.
+ [Ryan Harper] (LP: #1713158)
+ Log a helpful message if a user script does not include shebang.
+ [Andrew Jorgensen]
+ cli: Fix command line parsing of coniditionally loaded subcommands.
+ [Chad Smith] (LP: #1712676)
+ doc: Explain error behavior in user data include file format.
+ [Jason Butz]
+ cc_landscape & cc_puppet: Fix six.StringIO use in writing configs
+ [Chad Smith] (LP: #1699282, #1710932)
+ schema cli: Add schema subcommand to cloud-init cli and cc_runcmd schema
+ [Chad Smith]
+ Debian: Remove non-free repositories from apt sources template.
+ [Joonas Kylmälä] (LP: #1700091)
+ tools: Add tooling for basic cloud-init performance analysis.
+ [Chad Smith] (LP: #1709761)
+ network: add v2 passthrough and fix parsing v2 config with bonds/bridge
+ params [Ryan Harper] (LP: #1709180)
+ doc: update capabilities with features available, link doc reference,
+ cli example [Ryan Harper]
+ vcloud directory: Guest Customization support for passwords
+ [Maitreyee Saikia]
+ ec2: Allow Ec2 to run in init-local using dhclient in a sandbox.
+ [Chad Smith] (LP: #1709772)
+ cc_ntp: fallback on timesyncd configuration if ntp is not installable
+ [Ryan Harper] (LP: #1686485)
+ net: Reduce duplicate code. Have get_interfaces_by_mac use
+ get_interfaces.
+ tests: Fix build tree integration tests [Joshua Powers]
+ sysconfig: Dont repeat header when rendering resolv.conf
+ [Ryan Harper] (LP: #1701420)
+ archlinux: Fix bug with empty dns, do not render 'lo' devices.
+ (LP: #1663045, #1706593)
+ cloudinit.net: add initialize_network_device function and tests
+ [Chad Smith]
+ makefile: fix ci-deps-ubuntu target [Chad Smith]
+ tests: adjust locale integration test to parse default locale.
+ tests: remove 'yakkety' from releases as it is EOL.
+ tests: Add initial tests for EC2 and improve a docstring.
+ locale: Do not re-run locale-gen if provided locale is system default.
+ archlinux: fix set hostname usage of write_file.
+ [Joshua Powers] (LP: #1705306)
+ sysconfig: support subnet type of 'manual'.
+ tools/run-centos: make running with no argument show help.
+ Drop rand_str() usage in DNS redirection detection
+ [Bob Aman] (LP: #1088611)
+ sysconfig: use MACADDR on bonds/bridges to configure mac_address
+ [Ryan Harper] (LP: #1701417)
+ net: eni route rendering missed ipv6 default route config
+ [Ryan Harper] (LP: #1701097)
+ sysconfig: enable mtu set per subnet, including ipv6 mtu
+ [Ryan Harper] (LP: #1702513)
+ sysconfig: handle manual type subnets [Ryan Harper] (LP: #1687725)
+ sysconfig: fix ipv6 gateway routes [Ryan Harper] (LP: #1694801)
+ sysconfig: fix rendering of bond, bridge and vlan types.
+ [Ryan Harper] (LP: #1695092)
+ Templatize systemd unit files for cross distro deltas. [Ryan Harper]
+ sysconfig: ipv6 and default gateway fixes. [Ryan Harper] (LP: #1704872)
+ net: fix renaming of nics to support mac addresses written in upper
+ case. (LP: #1705147)
+ tests: fixes for issues uncovered when moving to python 3.6.
+ (LP: #1703697)
+ sysconfig: include GATEWAY value if set in subnet
+ [Ryan Harper] (LP: #1686856)
+ Scaleway: add datasource with user and vendor data for Scaleway.
+ [Julien Castets]
+ Support comments in content read by load_shell_content.
+ cloudinitlocal fail to run during boot [Hongjiang Zhang]
+ doc: fix disk setup example table_type options
+ [Sandor Zeestraten] (LP: #1703789)
+ tools: Fix exception handling. [Joonas Kylmälä] (LP: #1701527)
+ tests: fix usage of mock in GCE test.
+ test_gce: Fix invalid mock of platform_reports_gce to return False
+ [Chad Smith]
+ test: fix incorrect keyid for apt repository.
+ [Joshua Powers] (LP: #1702717)
+ tests: Update version of pylxd [Joshua Powers]
+ write_files: Remove log from helper function signatures.
+ [Andrew Jorgensen]
+ doc: document the cmdline options to NoCloud [Brian Candler]
+ read_dmi_data: always return None when inside a container. (LP: #1701325)
+ requirements.txt: remove trailing white space.
+ Azure: Add network-config, Refactor net layer to handle duplicate macs.
+ [Ryan Harper]
+ Tests: Simplify the check on ssh-import-id [Joshua Powers]
+ tests: update ntp tests after sntp added [Joshua Powers]
+ FreeBSD: Make freebsd a variant, fix unittests and
+ tools/build-on-freebsd.
+ FreeBSD: fix test failure
+ FreeBSD: replace ifdown/ifup with "/ifconfig down"/ and "/ifconfig up"/.
+ [Hongjiang Zhang] (LP: #1697815)
+ FreeBSD: fix cdrom mounting failure if /mnt/cdrom/secure did not exist.
+ [Hongjiang Zhang] (LP: #1696295)
+ main: Don't use templater to format the welcome message
+ [Andrew Jorgensen]
+ docs: Automatically generate module docs form schema if present.
+ [Chad Smith]
+ debian: fix path comment in /etc/hosts template.
+ [Jens Sandmann] (LP: #1606406)
+ suse: add hostname and fully qualified domain to template.
+ [Jens Sandmann]
+ write_file(s): Print permissions as octal, not decimal [Andrew Jorgensen]
+ ci deps: Add --test-distro to read-dependencies to install all deps
+ [Chad Smith]
+ tools/run-centos: cleanups and move to using read-dependencies
+ pkg build ci: Add make ci-deps-<distro> target to install pkgs
+ [Chad Smith]
+ systemd: make cloud-final.service run before apt daily services.
+ (LP: #1693361)
+ selinux: Allow restorecon to be non-fatal. [Ryan Harper] (LP: #1686751)
+ net: Allow netinfo subprocesses to return 0 or 1.
+ [Ryan Harper] (LP: #1686751)
+ net: Allow for NetworkManager configuration [Ryan McCabe] (LP: #1693251)
+ Use distro release version to determine if we use systemd in redhat spec
+ [Ryan Harper]
+ net: normalize data in network_state object
+ Integration Testing: tox env, pyxld 2.2.3, and revamp framework
+ [Wesley Wiedenmeier]
+ Chef: Update omnibus url to chef.io, minor doc changes. [JJ Asghar]
+ tools: add centos scripts to build and test [Joshua Powers]
+ Drop cheetah python module as it is not needed by trunk [Ryan Harper]
+ rhel/centos spec cleanups.
+ cloud.cfg: move to a template. setup.py changes along the way.
+ Makefile: add deb-src and srpm targets. use PYVER more places.
+ makefile: fix python 2/3 detection in the Makefile [Chad Smith]
+ snap: Removing snapcraft plug line [Joshua Powers] (LP: #1695333)
+ RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration.
+ [Andreas Karis] (LP: #1696176)
+ test: Fix pyflakes complaint of unused import.
+ [Joshua Powers] (LP: #1695918)
+ NoCloud: support seed of nocloud from smbios information
+ [Vladimir Pouzanov] (LP: #1691772)
+ net: when selecting a network device, use natural sort order
+ [Marc-Aurèle Brothier]
+ fix typos and remove whitespace in various docs [Stephan Telling]
+ systemd: Fix typo in comment in cloud-init.target. [Chen-Han Hsiao]
+ Tests: Skip jsonschema related unit tests when dependency is absent.
+ [Chad Smith] (LP: #1695318)
+ azure: remove accidental duplicate line in merge.
+ azure: identify platform by well known value in chassis asset tag.
+ [Chad Smith] (LP: #1693939)
+ tools/net-convert.py: support old cloudinit versions by using kwargs.
+ ntp: Add schema definition and passive schema validation.
+ [Chad Smith] (LP: #1692916)
+ Fix eni rendering for bridge params that require repeated key for
+ values. [Ryan Harper]
+ net: remove systemd link file writing from eni renderer [Ryan Harper]
+ AliYun: Enable platform identification and enable by default.
+ [Junjie Wang] (LP: #1638931)
+ net: fix reading and rendering addresses in cidr format.
+ [Dimitri John Ledkov] (LP: #1689346, #1684349)
+ disk_setup: udev settle before attempting partitioning or fs creation.
+ (LP: #1692093)
+ GCE: Update the attribute used to find instance SSH keys.
+ [Daniel Watkins] (LP: #1693582)
+ nplan: For bonds, allow dashed or underscore names of keys.
+ [Dimitri John Ledkov] (LP: #1690480)
+ python2.6: fix unit tests usage of assertNone and format.
+ test: update docstring on test_configured_list_with_none
+ fix tools/ds-identify to not write None twice.
+ tox/build: do not package depend on style requirements.
+ cc_ntp: Restructure cc_ntp unit tests. [Chad Smith] (LP: #1692794)
+ flake8: move the pinned version of flake8 up to 3.3.0
+ tests: Apply workaround for snapd bug in test case. [Joshua Powers]
+ RHEL/CentOS: Fix dual stack IPv4/IPv6 configuration.
+ [Andreas Karis] (LP: #1679817, #1685534, #1685532)
+ disk_setup: fix several issues with gpt disk partitions. (LP: #1692087)
+ function spelling & docstring update [Joshua Powers]
+ Fixing wrong file name regression. [Joshua Powers]
+ tox: move pylint target to 1.7.1
+ Fix get_interfaces_by_mac for empty macs (LP: #1692028)
+ DigitalOcean: remove routes except for the public interface.
+ [Ben Howard] (LP: #1681531.)
+ netplan: pass macaddress, when specified, for vlans
+ [Dimitri John Ledkov] (LP: #1690388)
+ doc: various improvements for the docs on cc_users_groups.
+ [Felix Dreissig]
+ cc_ntp: write template before installing and add service restart
+ [Ryan Harper] (LP: #1645644)
+ cloudstack: fix tests to avoid accessing /var/lib/NetworkManager
+ [Lars Kellogg-Stedman]
+ tests: fix hardcoded path to mkfs.ext4 [Joshua Powers] (LP: #1691517)
+ Actually skip warnings when .skip file is present.
+ [Chris Brinker] (LP: #1691551)
+ netplan: fix netplan render_network_state signature.
+ [Dimitri John Ledkov] (LP: #1685944)
+ Azure: fix reformatting of ephemeral disks on resize to large types.
+ (LP: #1686514)
+ Revert "/tools/net-convert: fix argument order for render_network_state"/
+ make deb: Add devscripts dependency for make deb. Cleanup
+ packages/bddeb. [Chad Smith] (LP: #1685935)
+ tools/net-convert: fix argument order for render_network_state
+ [Ryan Harper] (LP: #1685944)
+ openstack: fix log message copy/paste typo in _get_url_settings
+ [Lars Kellogg-Stedman]
+ unittests: fix unittests run on centos [Joshua Powers]
+ Improve detection of snappy to include os-release and kernel cmdline.
+ (LP: #1689944)
+ Add address to config entry generated by _klibc_to_config_entry.
+ [Julien Castets] (LP: #1691135)
+ sysconfig: Raise ValueError when multiple default gateways are present.
+ [Chad Smith] (LP: #1687485)
+ FreeBSD: improvements and fixes for use on Azure
+ [Hongjiang Zhang] (LP: #1636345)
+ Add unit tests for ds-identify, fix Ec2 bug found.
+ fs_setup: if cmd is specified, use shell interpretation.
+ [Paul Meyer] (LP: #1687712)
+ doc: document network configuration defaults policy and formats.
+ [Ryan Harper]
+ Fix name of "/uri"/ key in docs for "/cc_apt_configure"/ module
+ [Felix Dreissig]
+ tests: Enable artful [Joshua Powers]
+ nova-lxd: read product_name from environment, not platform.
+ (LP: #1685810)
+ Fix yum repo config where keys contain array values
+ [Dylan Perry] (LP: #1592150)
+ template: Update debian backports template [Joshua Powers] (LP: #1627293)
+ rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
+ Doc: add additional RTD examples [Joshua Powers] (LP: #1459604)
+ Fix growpart for some cases when booted with root=PARTUUID.
+ (LP: #1684869)
+ pylint: update output style to parseable [Joshua Powers]
+ pylint: fix all logging warnings [Joshua Powers]
+ CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
+ [Syed]
+ net: kernel lies about vlans not stealing mac addresses, when they do
+ [Dimitri John Ledkov] (LP: #1682871)
+ ds-identify: Check correct path for "/latest"/ config drive
+ [Daniel Watkins] (LP: #1673637)
+ doc: Fix example for resolve.conf configuration.
+ [Jon Grimm] (LP: #1531582)
+ Fix examples that reference upstream chef repository.
+ [Jon Grimm] (LP: #1678145)
+ doc: correct grammar and improve clarity in merging documentation.
+ [David Tagatac]
+ doc: Add missing doc link to snap-config module. [Ryan Harper]
+ snap: allows for creating cloud-init snap [Joshua Powers]
+ DigitalOcean: assign IPv4ll address to lowest indexed interface.
+ [Ben Howard]
+ DigitalOcean: configure all NICs presented in meta-data. [Ben Howard]
+ Remove (and/or fix) URL shortener references [Jon Grimm] (LP: #1669727)
+ HACKING.rst: more info on filling out contributors agreement.
+ util: teach write_file about copy_mode option
+ [Lars Kellogg-Stedman] (LP: #1644064)
+ DigitalOcean: bind resolvers to loopback interface. [Ben Howard]
+ tests: fix AltCloud tests to not rely on blkid (LP: #1636531)
+ OpenStack: add 'dvs' to the list of physical link types. (LP: #1674946)
+ Fix bug that resulted in an attempt to rename bonds or vlans.
+ (LP: #1669860)
+ tests: update OpenNebula and Digital Ocean to not rely on host
+ interfaces.
+ net: in netplan renderer delete known image-builtin content.
+ (LP: #1675576)
+ doc: correct grammar in capabilities.rst [David Tagatac]
+ ds-identify: fix detecting of maas datasource. (LP: #1677710)
+ netplan: remove debugging prints, add debug logging [Ryan Harper]
+ ds-identify: do not write None twice to datasource_list.
+ support resizing partition and rootfs on system booted without
+ initramfs. [Steve Langasek] (LP: #1677376)
+ apt_configure: run only when needed. (LP: #1675185)
+ OpenStack: identify OpenStack by product 'OpenStack Compute'.
+ (LP: #1675349)
+ GCE: Search GCE in ds-identify, consider serial number in check.
+ (LP: #1674861)
+ Add support for setting hashed passwords [Tore S. Lonoy] (LP: #1570325)
+ Fix filesystem creation when using "/partition: auto"/
+ [Jonathan Ballet] (LP: #1634678)
+ ConfigDrive: support reading config drive data from /config-drive.
+ (LP: #1673411)
+ ds-identify: fix detection of Bigstep datasource. (LP: #1674766)
+ test: add running of pylint [Joshua Powers]
+ ds-identify: fix bug where filename expansion was left on.
+ advertise network config v2 support (NETWORK_CONFIG_V2) in features.
+ Bigstep: fix bug when executing in python3. [root]
+ Fix unit test when running in a system deployed with cloud-init.
+ Bounce network interface for Azure when using the built-in path.
+ [Brent Baude] (LP: #1674685)
+ cloudinit.net: add network config v2 parsing and rendering [Ryan Harper]
+ net: Fix incorrect call to isfile [Joshua Powers] (LP: #1674317)
+ net: add renderers for automatically selecting the renderer.
+ doc: fix config drive doc with regard to unpartitioned disks.
+ (LP: #1673818)
+ test: Adding integratiron test for password as list [Joshua Powers]
+ render_network_state: switch arguments around, do not require target
+ support 'loopback' as a device type.
+ Integration Testing: improve testcase subclassing [Wesley Wiedenmeier]
+ gitignore: adding doc/rtd_html [Joshua Powers]
+ doc: add instructions for running integration tests via tox.
+ [Joshua Powers]
+ test: avoid differences in 'date' output due to daylight savings.
+ Fix chef config module in omnibus install. [Jeremy Melvin] (LP: #1583837)
+ Add feature flags to cloudinit.version. [Wesley Wiedenmeier]
+ tox: add a citest environment
+ Further fix regression to support 'password' for default user.
+ fix regression when no chpasswd/list was provided.
+ Support chpasswd/list being a list in addition to a string.
+ [Sergio Lystopad] (LP: #1665694)
+ doc: Fix configuration example for cc_set_passwords module.
+ [Sergio Lystopad] (LP: #1665773)
+ net: support both ipv4 and ipv6 gateways in sysconfig.
+ [Lars Kellogg-Stedman] (LP: #1669504)
+ net: do not raise exception for > 3 nameservers
+ [Lars Kellogg-Stedman] (LP: #1670052)
+ ds-identify: report cleanups for config and exit value. (LP: #1669949)
+ ds-identify: move default setting for Ec2/strict_id to a global.
+ ds-identify: record not found in cloud.cfg and always add None.
+ Support warning if the used datasource is not in ds-identify's list.
+ tools/ds-identify: make report mode write namespaced results.
+ Move warning functionality to cloudinit/warnings.py
+ Add profile.d script for showing warnings on login.
+ Z99-cloud-locale-test.sh: install and make consistent.
+ tools/ds-identify: look at cloud.cfg when looking for ec2 strict_id.
+ tools/ds-identify: disable vmware_guest_customization by default.
+ tools/ds-identify: ovf identify vmware guest customization.
+ Identify Brightbox as an Ec2 datasource user. (LP: #1661693)
+ DatasourceEc2: add warning message when not on AWS.
+ ds-identify: add reading of datasource/Ec2/strict_id
+ tools/ds-identify: add support for found or maybe contributing config.
+ tools/ds-identify: read the seed directory on Ec2
+ tools/ds-identify: use quotes in local declarations.
+ tools/ds-identify: fix documentation of policy setting in a comment.
+ ds-identify: only run once per boot unless --force is given.
+ flake8: fix flake8 complaints in previous commit.
+ net: correct errors in cloudinit/net/sysconfig.py
+ [Lars Kellogg-Stedman] (LP: #1665441)
+ ec2_utils: fix MetadataLeafDecoder that returned bytes on empty
+ apply the runtime configuration written by ds-identify.
+ ds-identify: fix checking for filesystem label (LP: #1663735)
+ ds-identify: read ds=nocloud properly (LP: #1663723)
+ support nova-lxd by reading platform from environment of pid 1.
+ (LP: #1661797)
+ ds-identify: change aarch64 to use the default for non-dmi systems.
+ Remove style checking during build and add latest style checks to tox
+ [Joshua Powers] (LP: #1652329)
+ code-style: make master pass pycodestyle (2.3.1) cleanly, currently:
+ [Joshua Powers]
+ manual_cache_clean: When manually cleaning touch a file in instance dir.
+ Add tools/ds-identify to identify datasources available.
+ Fix small typo and change iso-filename for consistency [Robin Naundorf]
+ Fix eni rendering of multiple IPs per interface
+ [Ryan Harper] (LP: #1657940)
+ tools/mock-meta: support python2 or python3 and ipv6 in both.
+ tests: remove executable bit on test_net, so it runs, and fix it.
+ tests: No longer monkey patch httpretty for python 3.4.2
+ Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
+ [Lars Kellogg-Stedman] (LP: #1658174)
+ reset httppretty for each test [Lars Kellogg-Stedman] (LP: #1658200)
+ build: fix running Make on a branch with tags other than master
+ EC2: Do not cache security credentials on disk
+ [Andrew Jorgensen] (LP: #1638312)
+ doc: Fix typos and clarify some aspects of the part-handler
+ [Erik M. Bray]
+ doc: add some documentation on OpenStack datasource.
+ OpenStack: Use timeout and retries from config in get_data.
+ [Lars Kellogg-Stedman] (LP: #1657130)
+ Fixed Misc issues related to VMware customization. [Sankar Tanguturi]
+ Fix minor docs typo: perserve > preserve [Jeremy Bicha]
+ Use dnf instead of yum when available
+ [Lars Kellogg-Stedman] (LP: #1647118)
+ validate-yaml: use python rather than explicitly python3
+ Get early logging logged, including failures of cmdline url.
- From 0.7.9
+ doc: adjust headers in tests documentation for consistency.
+ pep8: fix issue found in zesty build with pycodestyle.
+ integration test: initial commit of integration test framework
+ [Wesley Wiedenmeier]
+ LICENSE: Allow dual licensing GPL-3 or Apache 2.0 [Jon Grimm]
+ Fix config order of precedence, putting kernel command line over system.
+ [Wesley Wiedenmeier] (LP: #1582323)
+ pep8: whitespace fix
+ Update the list of valid ssh keys. [Michael Felt]
+ network: add ENI unit test for statically rendered routes.
+ set_hostname: avoid erroneously appending domain to fqdn
+ [Lars Kellogg-Stedman] (LP: #1647910)
+ doc: change 'nobootwait' to 'nofail' in docs [Anhad Jai Singh]
+ Replace an expired bit.ly link in code comment.
+ user-groups: fix bug when groups was provided as string and had spaces
+ (LP: #1354694)
+ mounts: use mount -a again to accomplish mounts (LP: #1647708)
+ CloudSigma: Fix bug where datasource was not loaded in local search.
+ (LP: #1648380)
+ when adding a user, strip whitespace from group list [Lars Kellogg-Stedman]
+ (LP: #1354694)
+ fix decoding of utf-8 chars in yaml test
+ Replace usage of sys_netdev_info with read_sys_net (LP: #1625766)
+ fix problems found in python2.6 test.
+ OpenStack: extend physical types to include hyperv, hw_veb, vhost_user.
+ (LP: #1642679)
+ tests: fix assumptions that expected no eth0 in system. (LP: #1644043)
+ net/cmdline: Consider ip= or ip6= on command line not only ip=
+ (LP: #1639930)
+ Just use file logging by default (LP: #1643990)
+ Improve formatting for ProcessExecutionError [Wesley Wiedenmeier]
+ flake8: fix trailing white space
+ Doc: various documentation fixes [Sean Bright]
+ cloudinit/config/cc_rh_subscription.py: Remove repos before adding
+ [Brent Baude]
+ packages/redhat: fix rpm spec file.
+ main: set TZ in environment if not already set. [Ryan Harper]
+ Azure: No longer rely on walinux agent. (LP: #1538522)
+ disk_setup: Use sectors as unit when formatting MBR disks with sfdisk.
+ [Daniel Watkins] (LP: #1460715)
+ Add activate_datasource, for datasource specific code paths. (LP: #1611074)
+ systemd: cloud-init-local use RequiresMountsFor=/var/lib/cloud
+ (LP: #1642062)
+ systemd: cloud-init remove After=systemd-networkd-wait-online
+ systemd: cloud-init-local change Before basic to sysinit
+ pep8: fix style errors reported by pycodestyle 2.1.0
+ systemd: drop both Wants and After local-fs.target
+ systemd: networking service adjustments. (LP: #1636912)
+ systemd: replace Before=basic.target, dbus.target with sysinit.target
+ (LP: #1629797)
+ doc: Add documentation on stages of boot.
+ doc: make the RST files consistently formated and other improvements.
+ Ec2: fix syntax and tox in previous commit.
+ Ec2: protect against non-dictionary in block-device-mapping.
+ doc: fixed example to not overwrite /etc/hosts [Chris Glass]
+ Doc: fix spelling / typos in ca_certs and scripts_vendor.
+ pyflakes: fix issue with pyflakes 1.3 found in ubuntu zesty-proposed.
+ net/cmdline: Further adjustments to ipv6 support [LaMont Jones]
+ (LP: #1621615)
+ Add coverage dependency to bddeb to fix package build.
+ doc: improve HACKING.rst file
+ dmidecode: Allow dmidecode to be used on aarch64 [Robert Schweikert]
+ AliYun: Add new datasource for Ali-Cloud ECS [kaihuan.pkh]
+ Add coverage collection to tox unit tests. [Joshua Powers]
+ cc_users_groups: fix remaing call to ds.normalize_user_groups [Ryan Harper]
+ disk-config: udev settle after partitioning in gpt format. (LP: #1626243)
+ unittests: do not read system /etc/cloud/cloud.cfg.d (LP: #1635350)
+ Add documentation for logging features. [Wesley Wiedenmeier]
+ Add support for snap create-user on Ubuntu Core images. [Ryan Harper]
+ Fix sshd restarts for rhel distros. [Jim Gorz]
+ OpenNebula: replace 'ip' parsing with cloudinit.net usage.
+ Fix python2.6 things found running in centos 6.
+ Move user/group functions to new ug_util file
+ DigitalOcean: enable usage of data source by default.
+ update Gentoo initscripts to run in the correct order [Matthew Thode]
+ MAAS: improve the main of datasource to look at kernel cmdline config.
+ tests: silence the Cheetah UserWarning about NameMapper C version.
+ systemd: Run cloud-init.service Before dbus.socket not dbus.target
+ [Daniel Watkins] (LP: #1629797)
+ systemd: run cloud-init.service Before dbus.service (LP: #1629797)
+ unittests: fix use of mock 2.0 'assert_called' when running make check
+ [Ryan Harper]
+ Improve module documentation and doc cleanup. [Wesley Wiedenmeier]
+ lxd: Update network config for LXD 2.3 [Stéphane Graber]
+ DigitalOcean: use meta-data for network configruation [Ben Howard]
+ ntp: move to run after apt configuration (LP: #1628337)
+ Decode unicode types in decode_binary [Robert Schweikert]
+ systemd: Ensure that cloud-init-local happens before NetworkManager
+ Allow ephemeral drive to be unpartitioned [Paul Meyer]
+ subp: add 'update_env' argument
+ net: support reading ipv6 dhcp config from initramfs [LaMont Jones]
+ (LP: #1621615, #1621507)
+ Adjust mounts and disk configuration for systemd. (LP: #1611074)
+ dmidecode: run dmidecode only on i?86 or x86_64 arch. [Robert Schweikert]
+ systemd: put cloud-init.target After multi-user.target (LP: #1623868)
- add skip-argparse-on-python3.patch: don't depend on argparse
for python3, it is builtin there (as of python 3.2, so the
patch should be good enough)
- python_sitelib does not seem to exist for non single-spec
python modules, use python2_sitelib and python3_sitelib instead.
- Drop python-cheetah as requirement
+ Cheetah is no maintained and cloud-init switches to Jinja2 as
templating engine if Cheetah is not available
- Drop argparse as dependency for Py3 build
+ argparse is built into Python
- Modify cloud-init-finalbeforelogin.patch (bsc#1047363)
+ Support user processes running in coud-init-final to consume a
large number of threads.
- Modify cloud-init-service.patch (bsc#1055649)
+ Start after dbus.service, needed by hotnamectl
- Modify cloud-init-handle-not-implemented-query.patch
+ print needs () for Python3
- Add cloud-init-spceandtabs-clean.patch
+ Fix inconsistent use of spaces and tabs in various files
- Modify suseIntegratedHandler.patch
+ Fix mode setting passed to function for file writing
- Set packag up to build with Python 3 for distros later than SLE 12
- On Tumbleweed we need net-tools-deprecated to setup the network
- add cloud-init-net-sysconfig-lp1665441.patch (lp#1665441)
- Don't call insserv if we use systemd
- Do not set mount options for ephemeral drive, use the defaults
that are built into the code (bsc#930524)
- Update fix-default-systemd-unit-dir.patch (bsc#1024709)
+ based on work by Thomas Abraham
- Add cloud-init-handle-not-implemented-query.patch (boo#1017832)
- Require net-tools for network setup
- Configuration split (bsc#1016160)
- fix syntax error in datasource LocalDisk (fix got somehow lost)
- adjust license (as of 0.7.8 AGPL-3.0 was added)
- fix unintentional edit in last change again
- Modify suseIntegratedHandler.patch (bsc#998103)
+ Store previous hostname so update_hostname module does not
overwrite manually set hostnames
- cloud-init-python26.patch
+ Compatibility fixes with Python 2.6
- fix the cloud.cfg split, cyclic non-versioned dependencies are
bad. also fix changelog entries
- add datasourceLocalDisk.patch:
* Fix datasourceLocalDisk module in case directory exists but is
empty.
- Add Conflicts for otherproviders of cloud-init-config.
- Add require for python-six (used by several modules)
- Add LocalDisk datasource datasourceLocalDisk.patch [FATE#321107]
- Reworked zypp_add_repos.diff to behave similar to zypper ar
- Move cloud.cfg into an own sub-package, so that we can have
a product specific version. [FATE#322039]
- Add zypp_add_repos.diff to support repos for zypper [FATE#322038]
- Modify suseIntegratedHandler.patch (bsc#1007529)
+ Fall back to the previous method of writing network information
We have to work out upstream how to have distro specific renderer
for sysconfig
- Add cloud-init-sysconfig-netpathfix.patch (bsc#1007529)
+ Fix the default path for network scripts
- Cosmetic changes to suseIntegratedHandler.patch
- Update cloud-init-no-dmidecode-on-ppc64.patch (bsc#1005616)
+ aarch64 does support dmidecode
- Update cloud-init-service.patch
+ Break another cycle this one in -final
- Update cloud-init-service.patch
+ Better match upstream intend Ubuntu networking.service is equivalent
to SUSE wicked, thus we cannot translate networking to network, but need
to translate it to wicked
- Update cloud-init-service.patch
+ We need the following order:
- something brings networking fully up (in our case wicked)
- cloud-init.service runs
- network-online.target is reached
- Update cloud-init-service.patch
+ The network must be up an running in order to get ssh key injected
- Update cloud-init-service.patch
+ Had self reference and thus cloud-init.service was never executed
which caused ssh key loading failure
- Do not own /lib/udev to not conflict with udev rpm
- Forward port suseIntegratedHandler.patch
+ Implement new abstract interfaces
+ Some minor implementation fixes
- Appease the build service, differences between OBS and IBS,
and own the directories
- Fix package, udev rules should be in /usr for distros after
SLES 11
- add cloud-init-digital-ocean-datasource-enable-by-default.patch,
cloud-init-digital-ocean-datasource.patch: add DigitalOcean support
- run tests on build
- Add cloud-init-handle-no-carrier.patch (boo#1003977)
- Handle the exception when attempting to detect if the network
device is up when it is not
- Update cloud-init-service.patch (boo#999942)
- Backport upstream commits 3705bb5964a and 6e45ffb21e96
- Decoding error (boo#998843)
+ Added cloud-init-fix-unicode-handling-binarydecode.patch
- Fix dependencies, depends on oauthlib instead of oauth
- Fix dataSourceOpenNebula.patch, missing closing paren (boo#998836)
- Fix typo in cloud-init-service.patch
- update to version 0.7.8 (bsc#998103)
+ added cloud-init-net-eni.patch based on work by eblock
- Using config-drive instead of metadata failed because the network
translation to Ubuntu-style did not return gateway information to
opensuse.py
+ added cloud-init-service.patch based on work by eblock
- The service file cloud-init.service referenced networking.service
which on SUSE is network.service
+ remove no_logic_change.patch included in updated upstream source
+ forward port suseIntegratedHandler.patch
+ forward port setupSUSEsysVInit.diff
+ forward port cloud-init-no-dmidecode-on-ppc64.patch
+ foward port dataSourceOpenNebula.patch
+ forward port fix-default-systemd-unit-dir.patch
+ forward port cloud-init-finalbeforelogin.patch
+ forward port cloud-init-python2-sigpipe.patch
+ SmartOS: more improvements for network configuration
+ add ntp config module [Ryan Harper]
+ ChangeLog: update changelog for previous commit.
+ Add distro tags on config modules that should have it.
+ NoCloud: fix bug providing network-interfaces via meta-data. (LP: 1577982)
+ ConfigDrive: recognize 'tap' as a link type. (LP: #1610784)
+ Upgrade to a configobj package new enough to work
+ MAAS: add vendor-data support (LP: #1612313)
+ DigitalOcean: use the v1.json endpoint [Ben Howard]
+ Get Azure endpoint server from DHCP client [Brent Baude]
+ Apt: add new apt configuration format [Christian Ehrhardt]
+ distros: fix get_primary_arch method use of os.uname [Andrew Jorgensen]
+ Fix Gentoo net config generation [Matthew Thode]
+ Minor cleanups to atomic_helper and add unit tests.
+ azure dhclient-hook cleanups
+ network: fix get_interface_mac for bond slave, read_sys_net for ENOTDIR
+ Generate a dummy bond name for OpenStack (LP: #1605749)
+ add install option for openrc [Matthew Thode]
+ Add a module that can configure spacewalk.
+ python2.6: fix dict comprehension usage in _lsb_release.
+ apt-config: allow both old and new format to be present.
[Christian Ehrhardt] (LP: #1616831)
+ bddeb: add --release flag to specify the release in changelog.
+ salt minion: update default pki directory for newer salt minion.
(LP: #1609899)
+ Fix typo in default keys for phone_home [Roland Sommer] (LP: #1607810)
+ apt config conversion: treat empty string as not provided. (LP: #1621180)
+ tests: cleanup tempdirs in apt_source tests
+ systemd: Better support package and upgrade. (LP: #1576692, #1621336)
+ remove obsolete .bzrignore
+ DataSourceOVF: fix user-data as base64 with python3 (LP: #1619394)
+ Allow link type of null in network_data.json [Jon Grimm] (LP: #1621968)
from 0.7.7:
+ Digital Ocean: add datasource for Digital Ocean. [Neal Shrader]
+ expose uses_systemd as a distro function (fix rhel7)
+ fix broken 'output' config (LP: #1387340)
+ begin adding cloud config module docs to config modules (LP: #1383510)
+ retain trailing eol from template files (sources.list) when
rendered with jinja (LP: #1355343)
+ Only use datafiles and initsys addon outside virtualenvs
+ Fix the digital ocean test case on python 2.6
+ Increase the usefulness, robustness, configurability of the chef module
so that it is more useful, more documented and better for users
+ Fix how '=' signs are not handled that well in ssh_utils (LP: #1391303)
+ Be more tolerant of ssh keys passed into 'ssh_authorized_keys'; allowing
for list, tuple, set, dict, string types and warning on other unexpected
types
+ Update to use newer/better OMNIBUS_URL for chef module
+ GCE: Allow base64 encoded user-data (LP: #1404311) [Wayne Witzell III]
+ GCE: use short hostname rather than fqdn (LP: #1383794) [Ben Howard]
+ systemd: make init stage run before login prompts shown [Steve Langasek]
+ hostname: on first boot apply hostname to be same as is written for
persistent hostname. (LP: #1246485)
+ remove usage of dmidecode on linux in favor of /sys interface [Ben Howard]
+ python3 support [Barry Warsaw, Daniel Watkins, Josh Harlow] (LP: #1247132)
+ support managing gpt partitions in disk config [Daniel Watkins]
+ Azure: utilze gpt support for ephemeral formating [Daniel Watkins]
+ CloudStack: support fetching password from virtual router [Daniel Watkins]
(LP: #1422388)
+ readurl, read_file_or_url returns bytes, user must convert as necessary
+ SmartOS: use v2 metadata service (LP: #1436417) [Daniel Watkins]
+ NoCloud: fix local datasource claiming found without explicit dsmode
+ Snappy: add support for installing snappy packages and configuring.
+ systemd: use network-online instead of network.target (LP: #1440180)
[Steve Langasek]
+ Add functionality to fixate the uid of a newly added user.
+ Don't overwrite the hostname if the user has changed it after we set it.
+ GCE datasource does not handle instance ssh keys (LP: 1403617)
+ sysvinit: make cloud-init-local run before network (LP: #1275098)
[Surojit Pathak]
+ Azure: do not re-set hostname if user has changed it (LP: #1375252)
+ Fix exception when running with no arguments on Python 3. [Daniel Watkins]
+ Centos: detect/expect use of systemd on centos 7. [Brian Rak]
+ Azure: remove dependency on walinux-agent [Daniel Watkins]
+ EC2: know about eu-central-1 availability-zone (LP: #1456684)
+ Azure: remove password from on-disk ovf-env.xml (LP: #1443311) [Ben Howard]
+ Doc: include information on user-data in OpenStack [Daniel Watkins]
+ Systemd: check for systemd using sd_booted symantics (LP: #1461201)
[Lars Kellogg-Stedman]
+ Add an rh_subscription module to handle registration of Red Hat instances.
[Brent Baude]
+ cc_apt_configure: fix importing keys under python3 (LP: #1463373)
+ cc_growpart: fix specification of 'devices' list (LP: #1465436)
+ CloudStack: fix password setting on cloudstack > 4.5.1 (LP: #1464253)
+ GCE: fix determination of availability zone (LP: #1470880)
+ ssh: generate ed25519 host keys (LP: #1461242)
+ distro mirrors: provide datasource to mirror selection code to support
GCE regional mirrors. (LP: #1470890)
+ add udev rules that identify ephemeral device on Azure (LP: #1411582)
+ _read_dmi_syspath: fix bad log message causing unintended exception
+ rsyslog: add additional configuration mode (LP: #1478103)
+ status_wrapper in main: fix use of print_exc when handling exception
+ reporting: add reporting module for web hook or logging of events.
+ NoCloud: fix consumption of vendordata (LP: #1493453)
+ power_state_change: support 'condition' to disable or enable poweroff
+ ubuntu fan: support for config and installing of ubuntu fan (LP: #1504604)
+ Azure: support extracting SSH key values from ovf-env.xml (LP: #1506244)
+ AltCloud: fix call to udevadm settle (LP: #1507526)
+ Ubuntu templates: modify sources.list template to provide same sources
as install from server or desktop ISO. (LP: #1177432)
+ cc_mounts: use 'nofail' if system uses systemd. (LP: #1514485)
+ Azure: get instance id from dmi instead of SharedConfig (LP: #1506187)
+ systemd/power_state: fix power_state to work even if cloud-final
exited non-zero (LP: #1449318)
+ SmartOS: Add support for Joyent LX-Brand Zones (LP: #1540965)
[Robert C Jennings]
+ systemd: support using systemd-detect-virt to detect container
(LP: #1539016) [Martin Pitt]
+ docs: fix lock_passwd documentation [Robert C Jennings]
+ Azure: Handle escaped quotes in WALinuxAgentShim.find_endpoint.
(LP: #1488891) [Dan Watkins]
+ lxd: add support for setting up lxd using 'lxd init' (LP: #1522879)
+ Add Image Customization Parser for VMware vSphere Hypervisor
Support. [Sankar Tanguturi]
+ timezone: use a symlink rather than copy for /etc/localtime
unless it is already a file (LP: #1543025).
+ Enable password changing via a hashed string [Alex Sirbu]
+ Added BigStep datasource [Alex Sirbu]
+ No longer run pollinate in seed_random (LP: #1554152)
+ groups: add defalt user to 'lxd' group. Create groups listed
for a user if they do not exist. (LP: #1539317)
+ dmi data: fix failure of reading dmi data for unset dmi values
+ doc: mention label for nocloud datasource must be 'cidata' [Peter Hurley]
+ ssh_pwauth: fix module to support 'unchanged' and match behavior
described in documentation [Chris Cosby]
+ quickly check to see if the previous instance id is still valid to
avoid dependency on network metadata service on every boot (LP: #1553815)
+ support network configuration in cloud-init --local with support
device naming via systemd.link.
+ FreeBSD: add support for installing packages, setting password and
timezone. Change default user to 'freebsd'. [Ben Arblaster]
+ locale: list unsupported environment settings in warning (LP: #1558069)
+ disk_setup: correctly send --force to mkfs on block devices (LP: #1548772)
+ chef: fix chef install from gems (LP: #1553345)
+ systemd: do not specify After of obsolete syslog.target (LP: #1536964)
+ centos: Ensure that resolve conf object is written as a str (LP: #1479988)
+ chef: straighten out validation_cert and validation_key (LP: #1568940)
+ phone_home: allow usage of fqdn (LP: #1566824) [Ollie Armstrong]
+ cloudstack: Only use DHCPv4 lease files as a datasource (LP: #1576273)
[Wido den Hollander]
+ Paths: fix instance path if datasource's id has a '/'. (LP: #1575938)
[Robert Jennings]
+ Ec2: do not retry requests for user-data path on 404.
+ settings on the kernel command line (cc:) override all local settings
rather than only those in /etc/cloud/cloud.cfg (LP: #1582323)
+ Improve merging documentation [Daniel Watkins]
+ apt sources: support inserting key/key-id only, custom sources.list,
long gpg key fingerprints with spaces, and dictionary format (LP: #1574113)
+ SmartOS: datasource improvements and support for metadata service
providing networking information.
+ Datasources: centrally handle 'dsmode' and no longer require datasources
to "/pass"/ if modules_init should be executed with network access.
+ ConfigDrive: improved support for networking information from
a network_data.json or older interfaces formated network_config.
+ Change missing Cheetah log warning to debug [Andrew Jorgensen]
+ Remove trailing dot from GCE metadata URL (LP: #1581200) [Phil Roche]
+ support network rendering to sysconfig (for centos and RHEL)
+ write_files: if no permissions are given, just use default without warn.
+ user_data: fix error when user-data is not utf-8 decodable (LP: #1532072)
+ fix mcollective module with python3 (LP: #1597699) [Sergii Golovatiuk]
- Add cloud-init-python2-sigpipe.patch (bsc#903449)
+ Restore SIGPIPE default handler when executing shell scripts
- Add cloud-init-finalbeforelogin.patch (bsc#978048)
+ Ordering issue, avoid login prompt before cloud-init is finished
- Update suseIntegratedHandler.patch (bsc#971275)
+ Properly handle the package_upgrade configuration option
- Add dependency on jinja2 (bsc#948995,bsc#948996)
- Add no_logic_change.patch to undo upstream logic changes introduced during
style clean up
- Properly write the routes file for static networks (bnc#920190)
+ modify suseIntegratedHandler.patch
- Remove suseSetInitCmd.patch
+ is now integrated with suseIntegratedHandler.patch
- pmtools only exist on Intel architecture (bnc#928552)
- update to 0.7.6:
- open 0.7.6
- Enable vendordata on CloudSigma datasource (LP: #1303986)
- Poll on /dev/ttyS1 in CloudSigma datasource only if dmidecode says
we're running on cloudsigma (LP: #1316475) [Kiril Vladimiroff]
- SmartOS test: do not require existance of /dev/ttyS1. [LP: #1316597]
- doc: fix user-groups doc to reference plural ssh-authorized-keys
(LP: #1327065) [Joern Heissler]
- fix 'make test' in python 2.6
- support jinja2 as a templating engine. Drop the hard requirement on
cheetah. This helps in python3 effort. (LP: #1219223)
- change install path for systemd files to /lib/systemd/system
[Dimitri John Ledkov]
- change trunk debian packaging to use pybuild and drop cdbs.
[Dimitri John Ledkov]
- SeLinuxGuard: remove invalid check that looked for stat.st_mode in os.lstat.
- do not write comments in /etc/timezone (LP: #1341710)
- ubuntu: provide 'ubuntu-init-switch' module to aid in systemd testing.
- status/result json: remove 'end' entry which was always null
- systemd: make cloud-init block ssh service startup to guarantee keys
are generated. [Jordan Evans] (LP: #1333920)
- default settings: fix typo resulting in OpenStack and GCE not working
unless config explicitly provided (LP: #1329583) [Garrett Holmstrom])
- fix rendering resolv.conf if no 'options' are provided (LP: #1328953)
- docs: fix disk-setup to reference 'table_type' [Rail Aliiev] (LP: #1313114)
- ssh_authkey_fingerprints: fix bug that prevented disabling the module.
(LP: #1340903) [Patrick Lucas]
- no longer use pylint as a checker, fix pep8 [Jay Faulkner].
- Openstack: do not load some urls twice.
- FreeBsd: fix initscripts and add working config file [Harm Weites]
- Datasource: fix broken logic to provide hostname if datasource does not
provide one
- Improved and less verbose logging.
- resizefs: first check that device is writable.
- configdrive: fix reading of vendor data to be like metadata service reader.
[Jay Faulkner]
- resizefs: fix broken background resizing [Jay Faulkner] (LP: #1338614)
- cc_grub_dpkg: fix EC2 hvm instances to avoid prompt on grub update.
(LP: #1336855)
- FreeBsd: support config drive datasource [Joseph bajin]
- cc_mounts: support creating a swap file
- Refresh addopenSUSEBase.patch
- Refresh setupSUSEsysVInit.diff
- Removed cloudinit-datasources.patch. Applied upstream
- BuildRequires pkg-config. Needed to find correct systemd unit dir.
- Add fix-default-systemd-unit-dir.patch . Use better default for
systemd system unit dir.
- Fix (bnc#919305 & bnc#918952)
- Properly handle persistent network device names for OpenNebula
+ add dataSourceOpenNebula.patch
- Properly set up network mode if interface config file
+ modified suseIntegratedHandler.patch
- Require e2fsprogs for filesystem resizing
- Remove Requires for python-yaml . There's already the right
requirement for python-PyYAML
- fixed syntax error in dmidecode on ppc64 patch (bnc#914920)
- cloud-netconfig
-
- Update to version 1.5:
+ Add support for GCE (bsc#1159460, bsc#1178486)
+ Improve default gateway determination
- Update to version 1.4:
+ copy routes from default routing table (bsc#1162705, bsc#1162707)
+ make CLOUD_NETCONFIG_MANAGE default configurable
- BuildRequire pkgconfig(udev) instead of udev: allow OBS to
shortcut through the -mini flavors.
- Removed obsolete Group tag from spec file
- Update to version 1.3:
+ Fix IPv4 address handling on secondary NICs in Azure
- Update to version 1.2:
+ support AWS IMDSv2 token
- Update to version 1.1
+ fix use of GATEWAY variable (bsc#1157117, bsc#1157190)
+ remove secondary IPv4 address only when added by cloud-netconfig
(bsc#1144282)
+ simplify routing setup for single NIC systems (partly fixes
bsc#1135592)
- Update to version 1.0:
+ pause and retry if API call throttling is detected in Azure
(bsc#1135257 bsc#1135263)
- Update to version 0.9:
+ run cloud-netconfig periodically (bsc#1118783 bsc#1122013)
+ do not treat eth0 special wrt routing policies (bsc#1123008)
+ reduce timeout on metadata read (bsc#1112822)
- Update to version 0.7:
+ no persistent interface names in Azure (bsc#1095485)
- Added dependency on curl
- Use otherproviders() only on SLES 11 builds
- Remove dependency on udev-persistent-ifnames (bsc#1075484)
- Add missing Provides/Conflicts statements to spec file
- Prepare for SLE11 submission (bsc#1063292)
- Update to version 0.6:
+ Use tested and supported metadata API versions
- Update to version 0.5
+ New API version for Azure metadata server
+ Wait for the metadata server in EC2
- Update to version 0.4:
Do not touch VF interfaces in Azure (bsc#1055553)
- Prepare for SLE submission (FATE#323820, bsc#1027212)
- Added conflict tags
- Fix requires for non-Leap platforms
- Initial version 0.3
- containerd
-
- Add patch for CVE-2021-32760. bsc#1188282
+ bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
SLES:
- 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
bsc#1181594
- Install the containerd-shim* binaries and stop creating
docker-containerd-shim because that isn't used by Docker anymore.
bsc#1183024
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
* 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
- Update to containerd v1.2.13, which is required for Docker 19.03.11-ce.
bsc#1172377
- Update to containerd v1.2.10, which is required for Docker 19.03.3-ce.
bsc#1153367 bsc#1157330
- Update to containerd v1.2.6, which is required for Docker v18.09.7-ce.
bsc#1139649
- Remove containerd-test (it's not useful for actual testing).
- Update to containerd v1.2.5, which is required for v18.09.5-ce.
bsc#1128376 boo#1134068
https://github.com/containerd/containerd/releases/tag/v1.2.5
- Update containerd to v1.2.4
* cri: Set /etc/hostname
* cri: Fix env performance issue
* runc updated to 6635b4f0c6af3810594d2770f662f34ddc15b40d to solve
bsc#1121967 CVE-2019-5736
* cri updated to da0c016c830b2ea97fd1d737c49a568a816bf964
* Windows: NewDirectIOFromFIFOSet
* Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.3
- Update to containerd v1.2.2, which is required for Docker v18.09.1-ce.
bsc#1124308
* Fix rare deadlock on FIFO creation with timeout
* Fix a bug that a container can't be stopped or inspected when its
corresponding image is deleted
* Fix a bug that the cri plugin handles containerd events outside of
k8s.io namespace
more changes at:
https://github.com/containerd/containerd/releases/tag/v1.2.2
Changelogs from previous versions also included in this update:
https://github.com/containerd/containerd/releases/tag/v1.2.1
https://github.com/containerd/containerd/releases/tag/v1.2.0
https://github.com/containerd/containerd/releases/tag/v1.1.4
https://github.com/containerd/containerd/releases/tag/v1.1.3
- Remove required_dockerrunc commit pinning, as it just lead to issues.
- Remove upstreamed patches.
- 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "/go get -u"/
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
- Add backport of https://github.com/containerd/containerd/pull/2764, which is
required for us to build containerd on i586 SLE-12 (where /bin/sh doesn't
like emoji in shell scripts). bsc#1102522 bsc#1113313
+ 0001-makefile-remove-emoji.patch
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
bsc#1102522
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "/kubic"/ flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
- Update to containerd v1.1.1, which is the required version for the Docker
v18.06.0-ce upgrade. bsc#1102522
- Add backport of https://github.com/containerd/containerd/pull/2534 to make
the man page no longer pollute the global namespace.
+ 0001-docs-man-rename-config.toml-5-to-be-more-descriptive.patch
- Remove the following patch since it has already been merged upstream.
- bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Remove systemd-related files and add docker-containerd-* symlinks; this
aligns with the upstream defaults where dockerd will execute
docker-containerd. Version upgrades of docker are expected to work more
smoothly as much of the upgrade logic is implemented in dockerd.
- Add containerd-rpmlintrc (or containerd-kubic-rpmlintrc) to deal with
/usr/src/containerd/* rpmlint errors (which don't affect normal users of this
package).
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
- Review obsoletes tag to fix bsc#1080978
- Put containerd under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- do not build on s390, only on s390x (no go on s390)
- Fix build with RPM 4.14: exclude is not meant for files to NOT be
packaged, but should only be used if the files are to be excluded
from a glob when they end up in a different package. Rather
remove the unwanted files in the install section.
- Update to containerd@06b9cb35161009dcb7123345749fef02f7cea8e0, which is
requried by Docker 17.09.1_ce.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Set --start-timeout=2m by default to match upstream. bsc#1064926
- Use the upstream makefile so that Docker can get the commit ID in `docker
info`. This also will avoid possible future warnings being spit out like
bsc#1065109 and boo#1053532.
- Backport https://github.com/containerd/containerd/pull/1686, which is
required for the above fix. bsc#1065109 boo#1053532
+ bsc1065109-0001-makefile-add-support-for-build_flags.patch
- Update to containerd@3addd840653146c90a254301d6c3a663c7fd6429, which is
required by Docker 17.07.0_ce (this commit is effectively v0.2.9 with a few
bugfixes missing).
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- change dependency to docker-runc
- fix golang requirement to 1.7 for the subpackages
- fix golang requirement to 1.7
- Replace %__-type macro indirections
- update containerd to the commit version needed for
docker-v17.04.0-ce (bsc#1034053)
fix bsc#1032769: containerd spurious messages filling journal
- make sure this package is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
is available in all archs
- Set TasksMax=infinity to make sure runC doesn't start failing randomly.
- update to docker 1.13.0 requirement
- Update docker to the version used in Docker 1.12.6. This is necessary to fix
CVE-2016-9962 (bsc#1012568).
- update containerd to the version used in docker 1.12.5 (bsc#1016307).
This fixes bsc#1015661
- fix runc version
fix bsc#1009961
- fix version so that it contains a sequence number and zypper does
not think is a downgrade
- fix bsc#1006368: docker/containerd is broken when installed by
SuSE Studio in an appliance: We were missing the
Requires(post): %fillup_prereq
- update runc requirement to 02f8fa7863dd3f82909a73e2061897828460d52f
(see RUNC_COMMIT in Dockerfile)
- update to commit 0366d7e which is the one required for docker-1.12.2
(bsc#1004490)
- fix go_arches definition: use global instead of define, otherwise
it fails to build
- Remove GOPATH at the end of the GOPATH assignment
cause GOPATH is empty and if we do that, we get the path "/"/
appended, which causes gcc6-go to complain
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
- update to v2.3.0 (bsc#995058)
- Remove patches which were already merged upstream:
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- bump git commit id to the one required by docker v1.12.0
- run test during build
- only run tests on architectures that provide the go list and got test tools
- add aarch64 to go arches
- Add containerd-test package which contains the source code and the test. This
package will be used to run the integration tests.
- Simplify package build and check sections: Instead of symlinking we default to
cp -avr. go list gets confused by symlinks hence, we need to copy the source
code anyway if we want to run unit tests during package build at some point.
* Explicitly state the version dependency for runC, to avoid potential
issues with incompatible component versions. These must be updated
* each time we do a release*. Unfortunately we cannot create a hard
dependency because that would conflict with Docker, and was a mistake
on upstream's part. bsc#993847
* Set --runtime option specifically to runC. bsc#978260
* Update to containerd v0.2.2. (bsc#989566 FATE#320763)
* Includes updates to the out-of-tree patches.
* Remove MountFlags=slave from containerd.service. This causes many issues with
interactions with Docker.
* Added /usr/sbin/rccontainerd symlink as per suse-missing-rclink.
* Updated socket activation patches to use the same patchset that was merged
upstream (https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Removed aarch64 that was patched upstream:
- fix-aarch64-epoll.patch
* Update containerd to 0.2.1. Upstream changelog:
* Fixes for cgroup memory updates and process labeling.
* Truncate the event log on disk and in memory so that it does not
grow forever. This is mainly used for higher levels to receive past
events if they miss any.
* Use the gc compiler for aarch64 builds.
* Add a patch to fix the new aarch64 build support, which has not yet been
merged upstream (https://github.com/docker/containerd/pull/195):
+ fix-aarch64-epoll.patch
* Rebase the socket activation patchset which has yet to be merged
(https://github.com/docker/containerd/pull/178):
* socket-activation-01-vendor.patch
* socket-activation-02-daemon.patch
* socket-activation-03-ctr.patch
* Update to containerd 0.2.0. Changelog:
+ Add Limit to PidsStats
+ Add timeout flag for container start times.
+ Add timeout option for GRPC connection.
+ Add no_pivot_root support.
+ Add runtimeArgs to pass to shim
* Move epoll syscall to a separate package so we can build on aarch64.
* Fix ctr termios restoration isssues.
* Several bug fixes.
- Remove dependencies on larger packages.
* Use socket activation with the containerd-daemon. This requires a
not-yet-upstream patchset (https://github.com/docker/containerd/pull/178):
+ socket-activation-01-vendor.patch
+ socket-activation-02-daemon.patch
+ socket-activation-03-ctr.patch
* Remove MountFlags=slave since it's not relevant to containerd and might cause
issues in the future.
* Update to containerd 0.1.0. This required quite a few fixes.
* Add initial packaging of containerd 0.0.5.
* Add service and sysconfig files.
* Separately package the client from the server.
* Install to /usr/sbin.
- coreutils
-
- prepare usrmerge (boo#1029961)
- gnulib-test-avoid-FP-perror-strerror.patch: Add patch to
avoid false-positive error in gnulib tests 'test-perror2' and
'test-strerror_r', visible on armv7l.
- coreutils.spec: Reference the patch.
- Drop suse-module-tools BuildRequires: this was used for the macro
regenerate_initrd_post/posttrans, which have been moved to
rpm-config-SUSE in Jan 2019.
- coreutils-gnulib-disable-test-float.patch: Add patch to temporarily
disable the gnulib test 'test-float' failing on ppc and ppc64le.
- coreutils.spec: Reference the patch. While at it, avoid conditional
Patch and Source entries as that break cross-platform builds from
source RPMs.
- add coreutils-use-python3.patch to minimally port away from
python 2.x use of pyinotify in the testsuite
- Update to 8.32:
* Noteworthy changes in release 8.32 (2020-03-05) [stable]
* * Bug fixes
cp now copies /dev/fd/N correctly on platforms like Solaris where
it is a character-special file whose minor device number is N.
[bug introduced in fileutils-4.1.6]
dd conv=fdatasync no longer reports a "/Bad file descriptor"/ error
when fdatasync is interrupted, and dd now retries interrupted calls
to close, fdatasync, fstat and fsync instead of incorrectly
reporting an "/Interrupted system call"/ error.
[bugs introduced in coreutils-6.0]
df now correctly parses the /proc/self/mountinfo file for unusual entries
like ones with 'r' in a field value ("/mount -t tmpfs tmpfs /foo$'r'bar"/),
when the source field is empty ('mount -t tmpfs "/"/ /mnt'), and when the
filesystem type contains characters like a blank which need escaping.
[bugs introduced in coreutils-8.24 with the introduction of reading
the /proc/self/mountinfo file]
factor again outputs immediately when stdout is a tty but stdin is not.
[bug introduced in coreutils-8.24]
ln works again on old systems without O_DIRECTORY support (like Solaris 10),
and on systems where symlink ("/x"/, "/."/) fails with errno == EINVAL
(like Solaris 10 and Solaris 11).
[bug introduced in coreutils-8.31]
rmdir --ignore-fail-on-non-empty now works correctly for directories
that fail to be removed due to permission issues. Previously the exit status
was reversed, failing for non empty and succeeding for empty directories.
[bug introduced in coreutils-6.11]
'shuf -r -n 0 file' no longer mistakenly reads from standard input.
[bug introduced with the --repeat feature in coreutils-8.22]
split no longer reports a "/output file suffixes exhausted"/ error
when the specified number of files is evenly divisible by 10, 16, 26,
for --numeric, --hex, or default alphabetic suffixes respectively.
[bug introduced in coreutils-8.24]
seq no longer prints an extra line under certain circumstances (such as
'seq -f "/%g "/ 1000000 1000000').
[bug introduced in coreutils-6.10]
* * Changes in behavior
Several programs now check that numbers end properly. For example,
'du -d 1x' now reports an error instead of silently ignoring the 'x'.
Affected programs and options include du -d, expr's numeric operands
on non-GMP builds, install -g and -o, ls's TABSIZE environment
variable, mknod b and c, ptx -g and -w, shuf -n, and sort --batch-size
and --parallel.
date now parses military time zones in accordance with common usage:
"/A"/ to "/M"/ are equivalent to UTC+1 to UTC+12
"/N"/ to "/Y"/ are equivalent to UTC-1 to UTC-12
"/Z"/ is "/zulu"/ time (UTC).
For example, 'date -d "/09:00B"/ is now equivalent to 9am in UTC+2 time zone.
Previously, military time zones were parsed according to the obsolete
rfc822, with their value negated (e.g., "/B"/ was equivalent to UTC-2).
[The old behavior was introduced in sh-utils 2.0.15 ca. 1999, predating
coreutils package.]
ls issues an error message on a removed directory, on GNU/Linux systems.
Previously no error and no entries were output, and so indistinguishable
from an empty directory, with default ls options.
uniq no longer uses strcoll() to determine string equivalence,
and so will operate more efficiently and consistently.
* * New Features
ls now supports the --time=birth option to display and sort by
file creation time, where available.
od --skip-bytes now can use lseek even if the input is not a regular
file, greatly improving performance in some cases.
stat(1) supports a new --cached= option, used on systems with statx(2)
to control cache coherency of file system attributes,
useful on network file systems.
* * Improvements
stat and ls now use the statx() system call where available, which can
operate more efficiently by only retrieving requested attributes.
stat and tail now know about the "/binderfs"/, "/dma-buf-fs"/, "/erofs"/,
"/ppc-cmm-fs"/, and "/z3fold"/ file systems.
stat -f -c%T now reports the file system type, and tail -f uses inotify.
* * Build-related
gzip-compressed tarballs are distributed once again
- Refresh patches:
* coreutils-disable_tests.patch
* coreutils-getaddrinfo.patch
* coreutils-i18n.patch
* coreutils-invalid-ids.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch:
* uniq: remove collation handling as required by newer POSIX; see
- https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8e81d44b5
- https://www.austingroupbugs.net/view.php?id=963
- coreutils-ls-restore-8.31-behavior-on-removed-dirs.patch:
* Add patch for 'ls' to restore 8.31 behavior on removed directories.
- coreutils.spec:
* Version: bump version.
* %check: re-enable regular 'make check' for non-multibuild package.
* reference the above new patch.
- coreutils.keyring:
* Update from upstream (Savannah).
- disable single and testsuite builds in rings/staging
- remove duplicate "/coreutils"/ in flavor to make it look nicer in OBS
- minor: remove obsolete comment in spec file.
- switch to multibuild
- add coreutils-single subpackage that contains a single binary coreutils tool
similar to busybox
- package LC_CTIME directories also in lang package
- split off doc package
- remove info macros, handled by file trigger nowadays
- Do not recommend lang package. The lang package already has a
supplements.
- Update to 8.31:
* Noteworthy changes in release 8.31 (2019-03-10) [stable]
* * Bug fixes
'base64 a b' now correctly diagnoses 'b' as the extra operand, not 'a'.
[bug introduced in coreutils-5.3.0]
When B already exists, 'cp -il A B' no longer immediately fails
after asking the user whether to proceed.
[This bug was present in "/the beginning"/.]
df no longer corrupts displayed multibyte characters on macOS.
[bug introduced with coreutils-8.18]
seq no longer outputs inconsistent decimal point characters
for the last number, when locales are misconfigured.
[bug introduced in coreutils-7.0]
shred, sort, and split no longer falsely report ftruncate errors
when outputting to less-common file types. For example, the shell
command 'sort /dev/null -o /dev/stdout | cat' no longer fails with
an "/error truncating"/ diagnostic.
[bug was introduced with coreutils-8.18 for sort and split, and
(for shared memory objects only) with fileutils-4.1 for shred]
sync no longer fails for write-only file arguments.
[bug introduced with argument support to sync in coreutils-8.24]
'tail -f file | filter' no longer exits immediately on AIX.
[bug introduced in coreutils-8.28]
'tail -f file | filter' no longer goes into an infinite loop
if filter exits and SIGPIPE is ignored.
[bug introduced in coreutils-8.28]
* * Changes in behavior
cksum, dd, hostid, hostname, link, logname, sleep, tsort, unlink,
uptime, users, whoami, yes: now always process --help and --version options,
regardless of any other arguments present before any optional '--'
end-of-options marker.
nohup now processes --help and --version as first options even if other
parameters follow.
'yes a -- b' now outputs 'a b' instead of including the end-of-options
marker as before: 'a -- b'.
echo now always processes backslash escapes when the POSIXLY_CORRECT
environment variable is set.
When possible 'ln A B' now merely links A to B and reports an error
if this fails, instead of statting A and B before linking. This
uses fewer system calls and avoids some races. The old statting
approach is still used in situations where hard links to directories
are allowed (e.g., NetBSD when superuser).
ls --group-directories-first will also group symlinks to directories.
'test -a FILE' is not supported anymore. Long ago, there were concerns about
the high probability of humans confusing the -a primary with the -a binary
operator, so POSIX changed this to 'test -e FILE'. Scripts using it were
already broken and non-portable; the -a unary operator was never documented.
wc now treats non breaking space characters as word delimiters
unless the POSIXLY_CORRECT environment variable is set.
* * New features
id now supports specifying multiple users.
'date' now supports the '+' conversion specification flag,
introduced in POSIX.1-2017.
printf, seq, sleep, tail, and timeout now accept floating point
numbers in either the current or the C locale. For example, if the
current locale's decimal point is ',', 'sleep 0,1' and 'sleep 0.1'
now mean the same thing. Previously, these commands accepted only
C-locale syntax with '.' as the decimal point. The new behavior is
more compatible with other implementations in non-C locales.
test now supports the '-N FILE' unary operator (like e.g. bash) to check
whether FILE exists and has been modified since it was last read.
env now supports '--default-signal[=SIG]', '--ignore-signal[=SIG]', and
'--block-signal[=SIG], to setup signal handling before executing a program.
env now supports '--list-signal-handling' to indicate non-default
signal handling before executing a program.
* * New commands
basenc is added to complement existing base64,base32 commands,
and encodes and decodes printable text using various common encodings:
base64,base64url,base32,base32hex,base16,base2,z85.
* * Improvements
ls -l now better aligns abbreviated months containing digits,
which is common in Asian locales.
stat and tail now know about the "/sdcardfs"/ file system on Android.
stat -f -c%T now reports the file system type, and tail -f uses inotify.
stat now prints file creation time when supported by the file system,
on GNU Linux systems with glibc >= 2.28 and kernel >= 4.11.
- Refresh patches (line number changes only):
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-misc.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
* Version: bump version.
* URL: Use https scheme.
* %description: Add 'basenc' tool.
* Change gitweb to cgit URL with https in a comment.
- coreutils.keyring:
* Update for added section headers ('GPG keys of <MAINTAINER>').
- Update to 8.30:
* Noteworthy changes in release 8.30 (2018-07-01) [stable]
* * Bug fixes
'cp --symlink SRC DST' will again correctly validate DST.
If DST is a regular file and SRC is a symlink to DST,
then cp will no longer allow that operation to clobber DST.
Also with -d, if DST is a symlink, then it can always be replaced,
even if it points to SRC on a separate device.
[bugs introduced with coreutils-8.27]
'cp -n -u' and 'mv -n -u' now consistently ignore the -u option.
Previously, this option combination suffered from race conditions
that caused -u to sometimes override -n.
[bug introduced with coreutils-7.1]
'cp -a --no-preserve=mode' now sets appropriate default permissions
for non regular files like fifos and character device nodes etc.,
and leaves mode bits of existing files unchanged.
Previously it would have set executable bits on created special files,
and set mode bits for existing files as if they had been created.
[bug introduced with coreutils-8.20]
'cp --remove-destination file symlink' now removes the symlink
even if it can't be traversed.
[bug introduced with --remove-destination in fileutils-4.1.1]
ls no longer truncates the abbreviated month names that have a
display width between 6 and 12 inclusive. Previously this would have
output ambiguous months for Arabic or Catalan locales.
'ls -aA' is now equivalent to 'ls -A', since -A now overrides -a.
[bug introduced in coreutils-5.3.0]
'mv -n A B' no longer suffers from a race condition that can
overwrite a simultaneously-created B. This bug fix requires
platform support for the renameat2 or renameatx_np syscalls, found
in recent Linux and macOS kernels. As a side effect, ‘mv -n A A’
now silently does nothing if A exists.
[bug introduced with coreutils-7.1]
* * Changes in behavior
'cp --force file symlink' now removes the symlink even if
it is self referential.
ls --color now matches file extensions case insensitively.
* * New features
cp --reflink now supports --reflink=never to enforce a standard copy.
env supports a new -v/--debug option to show verbose information about
each processing step.
env supports a new -S/--split-string=S option to split a single argument
string into multiple arguments. Used to pass multiple arguments in scripts
(shebang lines).
md5sum accepts a new option: --zero (-z) to delimit the output lines with a
NUL instead of a newline character. This also disables file name escaping.
This also applies to sha*sum and b2sum.
rm --preserve-root now supports the --preserve-root=all option to
reject any command line argument that is mounted to a separate file system.
* * Improvements
cut supports line lengths up to the max file size on 32 bit systems.
Previously only offsets up to SIZE_MAX-1 were supported.
stat and tail now know about the "/exfs"/ file system, which is a
version of XFS. stat -f --format=%T now reports the file system type,
and tail -f uses inotify.
wc avoids redundant processing of ASCII text in multibyte locales,
which is especially significant on macOS.
* * Build-related
Adjust to glibc >= 2.28 (bsc#1182550, jsc#SLE-13520, jsc#SLE-13756)
- Refresh patches (line number changes only):
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.spec:
* (License): osc changed the value from "/GPL-3.0+"/ to "/GPL-3.0-or-later"/.
* (build): Make sure that parse-datetime.{c,y} ends up in debuginfo (rh#1555079).
- coreutils-i18n.patch:
* src/exand.c,src/unexpand.c: Avoid -Wcomment warning.
* src/cut.c (cut_characters_or_cut_bytes_no_split): Change idx from size_t
to uintmax_t type to avoid a regression on i586, armv7l and ppc.
Compare upstream, non-MB commit:
https://git.sv.gnu.org/cgit/coreutils.git/commit/?id=d1a754c8272
(cut_fields_mb): Likewise for field_idx.
* tests/misc/cut.pl: Remove downstream tweaks as upstream MB tests are
working since a while.
- coreutils.keyring: Update Assaf Gordon's GPG public key.
- Use %license (boo#1082318)
- Update to 8.29:
* Noteworthy changes in release 8.29 (2017-12-27) [stable]
* * Bug fixes
b2sum no longer crashes when processing certain truncated check files.
[bug introduced with b2sum coreutils-8.26]
dd now ensures the correct cache ranges are specified for the "/nocache"/
and "/direct"/ flags. Previously some pages in the page cache were not
invalidated. [bug introduced for "/direct"/ in coreutils-7.5,
and with the "/nocache"/ implementation in coreutils-8.11]
df no longer hangs when given a fifo argument.
[bug introduced in coreutils-7.3]
ptx -S no longer infloops for a pattern which returns zero-length matches.
[the bug dates back to the initial implementation]
shred --remove will again repeatedly rename files with shortening names
to attempt to hide the original length of the file name.
[bug introduced in coreutils-8.28]
stty no longer crashes when processing settings with -F also specified.
[bug introduced in fileutils-4.0]
tail --bytes again supports non seekable inputs on all systems.
On systems like android it always tried to process as seekable inputs.
[bug introduced in coreutils-8.24]
timeout will again notice its managed command exiting, even when
invoked with blocked CHLD signal, or in a narrow window where
this CHLD signal from the exiting child was missed. In each case
timeout would have then waited for the time limit to expire.
[bug introduced in coreutils-8.27]
* * New features
timeout now supports the --verbose option to diagnose forced termination.
* * Improvements
dd now supports iflag=direct with arbitrary sized files on all file systems.
tail --bytes=NUM will efficiently seek to the end of block devices,
rather than reading from the start.
Utilities which do not support long options (other than the default --help
and --version), e.g. cksum and sleep, now use more consistent error diagnostic
for unknown long options.
* * Build-related
Default man pages are now distributed which are used if perl is
not available on the build system, or when cross compiling.
- Refresh patches (line number changes only):
* coreutils-i18n.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- Update to 8.28
(for details see included NEWS file)
- Refresh patches:
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils.keyring: Update from upstream (Savannah).
- Remove now-upstream patches:
* coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch
* coreutils-tests-port-to-timezone-2017a.patch
- coreutils.spec: Add "/BuildRequires: user(bin)"/ for the tests.
- Drop coreutils-ocfs2_reflinks.patch
OCFS2 file system has supported file clone ioctls like btrfs,
then, coreutils doesn't need this patch from the kernel v4.10-rc1
- coreutils-cve-2017-7476-out-of-bounds-with-large-tz.patch:
Add upstream patch to fix an heap overflow security issue
in date(1) and touch(1) with a large TZ variable
(CVE-2017-7476, rh#1444774, boo#1037124).
- Update to 8.27
(for details see included NEWS file)
- Refresh patches:
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-getaddrinfo.patch
* coreutils-i18n.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
* coreutils-testsuite.spec
- coreutils.keyring: Update (now ascii-armored) by
'osc service localrun download_files'.
- coreutils-tests-port-to-timezone-2017a.patch: Add patch to
workaround a FP test failure with newer timezone-2017a.
- Update to 8.26
(for details see included NEWS file)
- coreutils.spec (%description): Add b2sum, a new utility.
(BuildRequires): Add timezone to enable new 'date-debug.sh' test.
- coreutils-i18n.patch: Sync I18N patch from Fedora, as the diff
for the old i18n implementation of expand/unexpand has become
unmaintainable:
git://pkgs.fedoraproject.org/coreutils.git
- Remove now-upstream patches:
* coreutils-df-hash-in-filter.patch
* coreutils-diagnose-fts-readdir-failure.patch
* coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch
* coreutils-maint-fix-dependency-of-man-arch.1.patch
- Refresh/merge all other patches:
* coreutils-invalid-ids.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-sysinfo.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-m5sum-sha-sum-fix-ignore-missing-with-00-checksums.patch:
Add upstream patch to fix "/md5sum --check --ignore-missing"/ which
treated files with checksums starting with "/00"/ as missing.
- coreutils-maint-fix-dependency-of-man-arch.1.patch: Add Upstream
patch to fix the build dependency between src/arch -> man/arch.1
which lead to spurious build failures.
- coreutils-df-hash-in-filter.patch: Refresh with -p0.
- Add coreutils-df-hash-in-filter.patch that speeds up df.
- coreutils-diagnose-fts-readdir-failure.patch: Add upstream patch
to diagnose readdir() failures in fts-based utilities: rm, chmod,
du, etc. (boo#984910)
- Update to 8.25
(for details see included NEWS file)
- coreutils.spec (%description): Add base32, a new utility.
- Remove now-upstream patch:
* coreutils-tests-avoid-FP-of-ls-stat-free-color.patch
- Refresh/merge all other patches:
* coreutils-build-timeout-as-pie.patch
* coreutils-disable_tests.patch
* coreutils-i18n.patch
* coreutils-invalid-ids.patch
* coreutils-misc.patch
* coreutils-ocfs2_reflinks.patch
* coreutils-remove_hostname_documentation.patch
* coreutils-remove_kill_documentation.patch
* coreutils-skip-gnulib-test-tls.patch
* coreutils-test_without_valgrind.patch
* coreutils-tests-shorten-extreme-factor-tests.patch
- coreutils-i18n.patch: Sync I18N patch from semi-official repository
(shared among distributions, maintained by Padraig Brady):
https://github.com/pixelb/coreutils/tree/i18n
This fixes the following issues in multi-byte locales:
* sort: fix large mem leak with --month-sort (boo#945361, rh#1259942):
https://github.com/pixelb/coreutils/commit/b429f5d8c7
* sort: fix assertion with some inputs to --month-sort
https://github.com/pixelb/coreutils/commit/31e8211aca
- coreutils-tests-avoid-FP-of-ls-stat-free-color.patch: Add upstream
patch on top of v8.24 to avoid a FP test failure with glibc>=2.22.
- Sync I18N patch from semi-official repository (shared among
distributions, maintained by Padraig Brady):
https://github.com/pixelb/coreutils/tree/i18n
* coreutils-i18n.patch: Improve cut(1) performance in field-mode
in UTF8 locales. Squash in sort-keycompare-mb.patch.
* sort-keycompare-mb.patch: Remove.
- coreutils-build-timeout-as-pie.patch: Refresh.
- Update to 8.24:
* * Bug fixes
* dd supports more robust SIGINFO/SIGUSR1 handling for outputting statistics.
Previously those signals may have inadvertently terminated the process.
* df --local no longer hangs with inaccessible remote mounts.
[bug introduced in coreutils-8.21]
* du now silently ignores all directory cycles due to bind mounts.
Previously it would issue a warning and exit with a failure status.
[bug introduced in coreutils-8.1 and partially fixed in coreutils-8.23]
* chroot again calls chroot(DIR) and chdir("//"/), even if DIR is "//"/.
This handles separate bind mounted "//"/ trees, and environments
depending on the implicit chdir("//"/).
[bugs introduced in coreutils-8.23]
* cp no longer issues an incorrect warning about directory hardlinks when a
source directory is specified multiple times. Now, consistent with other
file types, a warning is issued for source directories with duplicate names,
or with -H the directory is copied again using the symlink name.
* factor avoids writing partial lines, thus supporting parallel operation.
[the bug dates back to the initial implementation]
* head, od, split, tac, tail, and wc no longer mishandle input from files in
/proc and /sys file systems that report somewhat-incorrect file sizes.
* mkdir --parents -Z now correctly sets the context for the last component,
even if the parent directory exists and has a different default context.
[bug introduced with the -Z restorecon functionality in coreutils-8.22]
* numfmt no longer outputs incorrect overflowed values seen with certain
large numbers, or with numbers with increased precision.
[bug introduced when numfmt was added in coreutils-8.21]
* numfmt now handles leading zeros correctly, not counting them when
settings processing limits, and making them optional with floating point.
[bug introduced when numfmt was added in coreutils-8.21]
* paste no longer truncates output for large input files. This would happen
for example with files larger than 4GiB on 32 bit systems with a 'n'
character at the 4GiB position.
[the bug dates back to the initial implementation]
* rm indicates the correct number of arguments in its confirmation prompt,
on all platforms. [bug introduced in coreutils-8.22]
* shuf -i with a single redundant operand, would crash instead of issuing
a diagnostic. [bug introduced in coreutils-8.22]
* tail releases inotify resources when unused. Previously it could exhaust
resources with many files, or with -F if files were replaced many times.
[bug introduced in coreutils-7.5]
* tail -f again follows changes to a file after it's renamed.
[bug introduced in coreutils-7.5]
* tail --follow no longer misses changes to files if those files were
replaced before inotify watches were created.
[bug introduced in coreutils-7.5]
* tail --follow consistently outputs all data for a truncated file.
[bug introduced in the beginning]
* tail --follow=name correctly outputs headers for multiple files
when those files are being created or renamed.
[bug introduced in coreutils-7.5]
* * New features
* chroot accepts the new --skip-chdir option to not change the working directory
to "//"/ after changing into the chroot(2) jail, thus retaining the current wor-
king directory. The new option is only permitted if the new root directory is
the old "//"/, and therefore is useful with the --group and --userspec options.
* dd accepts a new status=progress level to print data transfer statistics
on stderr approximately every second.
* numfmt can now process multiple fields with field range specifications similar
to cut, and supports setting the output precision with the --format option.
* split accepts a new --separator option to select a record separator character
other than the default newline character.
* stty allows setting the "/extproc"/ option where supported, which is
a useful setting with high latency links.
* sync no longer ignores arguments, and syncs each specified file, or with the
- -file-system option, the file systems associated with each specified file.
* tee accepts a new --output-error option to control operation with pipes
and output errors in general.
* * Changes in behavior
* df no longer suppresses separate exports of the same remote device, as
these are generally explicitly mounted. The --total option does still
suppress duplicate remote file systems.
[suppression was introduced in coreutils-8.21]
* mv no longer supports moving a file to a hardlink, instead issuing an error.
The implementation was susceptible to races in the presence of multiple mv
instances, which could result in both hardlinks being deleted. Also on case
insensitive file systems like HFS, mv would just remove a hardlinked 'file'
if called like `mv file File`. The feature was added in coreutils-5.0.1.
* numfmt --from-unit and --to-unit options now interpret suffixes as SI units,
and IEC (power of 2) units are now specified by appending 'i'.
* tee will exit early if there are no more writable outputs.
* tee does not treat the file operand '-' as meaning standard output any longer,
for better conformance to POSIX. This feature was added in coreutils-5.3.0.
* timeout --foreground no longer sends SIGCONT to the monitored process,
which was seen to cause intermittent issues with GDB for example.
* * Improvements
* cp,install,mv will convert smaller runs of NULs in the input to holes,
and cp --sparse=always avoids speculative preallocation on XFS for example.
* cp will read sparse files more efficiently when the destination is a
non regular file. For example when copying a disk image to a device node.
* mv will try a reflink before falling back to a standard copy, which is
more efficient when moving files across BTRFS subvolume boundaries.
* stat and tail now know about IBRIX. stat -f --format=%T now reports the file
system type, and tail -f uses polling for files on IBRIX file systems.
* wc -l processes short lines much more efficiently.
* References from --help and the man pages of utilities have been corrected
in various cases, and more direct links to the corresponding online
documentation are provided.
- Patches adapted because of changed sources:
coreutils-disable_tests.patch
coreutils-i18n.patch
coreutils-misc.patch
coreutils-ocfs2_reflinks.patch
coreutils-remove_hostname_documentation.patch
coreutils-remove_kill_documentation.patch
coreutils-skip-gnulib-test-tls.patch
coreutils-tests-shorten-extreme-factor-tests.patch
sort-keycompare-mb.patch
- Patches removed because they're included in 8.24:
coreutils-chroot-perform-chdir-unless-skip-chdir.patch
coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
coreutils-df-improve-mount-point-selection.patch
coreutils-df-show-all-remote-file-systems.patch
coreutils-df-total-suppress-separate-remotes.patch
coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch
coreutils-fix_false_du_failure_on_newer_xfs.patch
coreutils-fix-man-deps.patch
coreutils-tests-aarch64-env.patch
coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
coreutils-tests-rm-ext3-perf-increase-timeout.patch
- coreutils-doc-adjust-reference-to-info-nodes-in-man-pages.patch:
add upstream patch:
doc: adjust reference to info nodes in man pages (boo#933396)
- coreutils-i18n.patch: Use a later version of the previous patch
to fix the sort I18N issue (boo#928749, CVE-2015-4041) to also
avoid CVE-2015-4042.
https://github.com/pixelb/coreutils/commit/bea5e36cc876
- Download keyring file from Savannah; prefer HTTPS over FTP
for remote sources.
- Fix memory handling error with case insensitive sort using UTF-8
(boo#928749): coreutils-i18n.patch
src/sort.c (keycompare_mb): Ensure the buffer is big enough
to handle anything output from wctomb(). Theoretically any
input char could be converted to multiple output chars,
and so we need to multiply the storage by MB_CUR_MAX.
- If coreutils changes, for consistency, we must regenerate
the initrd.
- Add gpg signature
- For openSUSE > 13.2 drop coreutils-build-timeout-as-pie.patch and
instead add a BuildRequire for gcc-PIE.
- coreutils-tests-aarch64-env.patch: Add patch to avoid false
positive failures of the coreutils-testsuite on OBS/aarch64:
work around execve() reversing the order of "/env"/ output.
- Add upstream patches for df(1) from upstream, thus aligning with SLES12:
* df: improve mount point selection with inaccurate mount list:
- coreutils-df-improve-mount-point-selection.patch
* doc: mention that df -a includes duplicate file systems (deb#737399)
- coreutils-df-doc-df-a-includes-duplicate-file-systems.patch
* df: ensure -a shows all remote file system entries (deb#737399)
- coreutils-df-show-all-remote-file-systems.patch
* df: only suppress remote mounts of separate exports with --total
(deb#737399, rh#920806, boo#866010, boo#901905)
- coreutils-df-total-suppress-separate-remotes.patch
- Refresh patches:
* coreutils-chroot-perform-chdir-unless-skip-chdir.patch
* coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch
Avoid spurious false positive failures of the testsuite on OBS due
to high load.
- coreutils-tests-rm-ext3-perf-increase-timeout.patch:
Add patch to increase timeout.
- coreutils-tests-make-inotify-rotate-more-robust-and-efficient.patch:
Add upstream patch.
- cpio
-
- Add another patch to fix regression (bsc#1189465)
* fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
(CVE-2021-38185, bsc#1189206)
* fix-CVE-2021-38185.patch
- add cpio-2.12-CVE-2019-14866.patch to fix a security issue where
cpio does not properly validate the values written in the header
of a TAR file through the to_oct() function [bsc#1155199]
[CVE-2019-14866]
- modify cpio-2.12-out_of_bounds_write.patch to fix a regression
causing cpio to crash for tar and ustar archive types
[bsc#1028410]
- Use macro for configure and make install
- Use update-alternatives according to current documentation
- Enable testsuite
- Enable mt building
- Separated cpio-mt subpackge
- Change recommend to own mt subpackge
- Remove cpio-mt.patch - those features available in original mt-st package
- Switch to use alternatives system for mt
- Disable rmt building: this binary fully identical to rmt from tar
- Change default rmt dir to /usr/bin
- cleanup with spec-cleaner
- Recommend mt_st as it is not hard dependency
- fix typos in the description
- add 'Require: mt_st' in order not to surprise users by the missing
'mt' binary
- Disable mt building: this binary from mt_st package offers
advanced capabilities with the same functionality.
- Enable rmt building: 'dump' package no longer include it, besides
cpio code base for rmt is more fresh.
- Reflect those changes in the package description.
- add cpio-2.12-out_of_bounds_write.patch to fix an out of bounds
write in a way cpio parses certain cpio files [bsc#963448],
[CVE-2016-2037]
- update to 2.12
* Improved documentation
* Manpages are installed by make install
* New options for copy-out mode: --ignore-devno,
- -renumber-inodes, --device-independent, --reproducible
* update
* cpio-use_new_ascii_format.patch
* cpio-mt.patch
* cpio-eof_tape_handling.patch
* cpio-pattern-file-sigsegv.patch
* cpio-check_for_symlinks.patch
* remove (no longer needed)
* cpio-stdio.in.patch
* 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
* add
* cpio-2.12-util.c_no_return_in_nonvoid_fnc.patch to add missing
return to the nonvoid get_inode_and_dev() function
- use spec-cleaner
- Add gpg signature
- Correct info scriplet dependencies
- Cleanup spec file with spec-cleaner
- build with PIE
- fix an OOB write with cpio -i (bnc#907456) (CVE-2014-9112)
* added 0001-Fix-memory-overrun-on-reading-improperly-created-lin.patch
- cracklib
-
- Update to version 2.9.7:
+ fix a buffer overflow processing long words.
- Drop 0003-overflow-processing-gecos.patch and
0004-overflow-processing-long-words.patch: fixed upstream.
- Update source URI.
- Remove use of translation-update-upstream. It cannot be added to
ring 0 on leap, and 2.9.7 has some translation fixes
(bsc#1172396).
- Enable translation-update-upstream on leap, to remove the use of
is_opensuse (jsc#SLE-12096).
- use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should
contain internal binaries, not data
- Use %license (boo#1082318)
- Update to 2.9.6
* fix issue with sort and locale
* some particularly bad cases to the cracklib small dictionary
* updates to cracklib-words (adds a bunch of other dictionary lists)
* migration to github
- run spec-cleaner
- Only buildrequire and call translation-update-upstream on SLE:
the package in openSUSE is a dummy and is empty.
- Add patch 0004-overflow-processing-long-words.patch
to fix a new buffer overflow identified together with bsc#992966.
- Relabel patches:
cracklib-magic.diff -> 0001-cracklib-magic.diff
cracklib-2.9.2-visibility.patch -> 0002-cracklib-2.9.2-visibility.patch
- Add patch 0003-overflow-processing-gecos.patch
to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318)
- Update to 2.9.5
* fix matching against first password in dictionary (Anton Dobkin)
- Changes for 2.9.4
* remove doubled prototype
- Changes for 2.9.3
* expose additional functions externally
- Cleanup spec file with spec-cleaner
- Remove old ppc provides/obsoletes
- Update to version 2.9.2
+ support build of python support outside of source tree
+ fix bug in Python string distance calculation
+ fix bug #16 / debian bug 724570 - broken optimization with packlib
prevblock
- Adapt patch to upstream changes
+ cracklib-visibility.patch > cracklib-2.9.2-visibility.patch
- crash
-
- Kernel commit 5c83511bdb9832c86be20fb86b783356e2f58062 removed
pv_init_ops, and commit 054ac8ad5ebe4a69e1f0e842483821ddbe560121
removed the Xen-specific paravirt patch function. As a result,
pvops Xen dumps are no longer recognized as Xen dumps, and
virtual-to-physical translation fails.
Use the value of xen_start_info to determine whether the kernel
is running in Xen PV mode. As suggested by Juergen Gross.
(bsc#1187634)
+ crash-xen-pvops.patch
- Fix bt command with SEV-ES (bsc#1185209)
+ crash-x86_64-VC-exception-stack-support.patch
- Add back some more missing KMP conditionals
- Refresh crash-sles9-time.patch
* fix warning: format '%ld' expects argument of type 'long int', but argument 3 has type 'int'
- Crash KMPs cannot be always built.
- Upgrade to version 7.2.9:
* x86_64: Add support for new divide_error name
* calc_kaslr_offset: 5-level paging support
* Append time zone to output of date and time
* s390dbf: support s390 debug feature version 3
* x86_64: Add support for 1GB huge pages to "/vtop"/ command
* Implement support for user-space zram reads on x86_64
* Prepare for the introduction of ARM64 8.3 Pointer Authentication
* New "/log -T"/ option
* New ARM64 "/--machdep vabits_actual=<value>"/ command line option
* Enhancement of the "/struct -r"/ option
* Enhancement of the "/bpf -p|-P"/ options
* New "/extend -s"/ option
- Dropped the following patches obsoleted by the version upgrade:
* crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
* crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
* crash-Fix-to-allow-the-translation-of-ARM64-FIXMAP-address.patch
* crash-Introduce-a-new-ARM64-machdep-vabits_actual-value-co.patch
* crash-Prepare-for-the-introduction-of-ARM64-8.3-Pointer-Au.patch
* crash-Several-fixes-for-ARM64-kernels.patch
* crash-arm64-Change-tcr_el1_t1sz-variable-name-to-TCR_EL1_T.patch
* crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
* crash-fix-memory_driver-build-kernel-5.8.patch
* crash-gdb-fix-aarch64.patch
* crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
* crash-update-whitepaper-URL.patch
* crash-verify-exception-frame-accessible-for-all-verify-requests.patch
* crash-xendump-fix-failure-to-match-arm-aarch64-elf-format-.patch
- Support the lockless printk ringbuffer added into kernel-5.10 (bsc#1183965)
* crash-printk-add-support-for-lockless-ringbuffer.patch
* crash-printk-use-committed-finalized-state-values.patch
- Install and ship the small built-in extensions snap.so, trace.so,
and dminfo.so. "/trace.so"/ is particularly useful.
Ship them in the main "/crash"/ package, as they are small.
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
(bsc#1177050)
- Update arm64 support (boo#1169099).
crash-Fix-to-allow-the-translation-of-ARM64-FIXMAP-address.patch
crash-Introduce-a-new-ARM64-machdep-vabits_actual-value-co.patch
crash-Prepare-for-the-introduction-of-ARM64-8.3-Pointer-Au.patch
crash-Several-fixes-for-ARM64-kernels.patch
crash-arm64-Change-tcr_el1_t1sz-variable-name-to-TCR_EL1_T.patch
crash-xendump-fix-failure-to-match-arm-aarch64-elf-format-.patch
crash-arm64-update-mapping-symbol-filter-in-arm64_verify_s.patch
crash-Fix-segmentation-fault-when-ikconfig-passed-nonstand.patch
- Fix "/kmem -i"/ option on Linux 5.9-rc1 and later kernels (bsc#1179970 ltc#188981).
crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
- Fix crash utility is taking forever to initialize a vmcore from large config
system (bsc#1178827 ltc#189279).
crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
- Corrected project URL in spec file to match the changed upstream
location as-of May 30th 2020.
Noted the project URL change in README.SUSE without removing the old URL
because it represents the location the project source was obtained from.
The next project source update is available from the new project URL. When
the package is updated with that source all URL project references will be
modified to only show the new URL.
Add crash-update-whitepaper-URL.patch
Note change of no longer valid old project whitepaper URL to current valid
project whitepaper URL in help output. Leave the old one reported because it
represents the location the project source was obtained from for this
package version.
(bsc#1179536)
- Fix build on aarch64:
crash-gdb-fix-aarch64.patch
- Add crash-verify-exception-frame-accessible-for-all-verify-requests.patch
In calls to search a stack for x86_64 exceptions a flag is used
to request the stack be verified for room to contain saved
registers. The verify is not performed if other flags are used
in the same call. Fixing this exposes another bug where only a
kernel stack is verified anyway, even if the exception is being
searched for on a userspace stack. Patch fixes both problems.
(bsc#1162297)
- Add eppic-remove-duplicate-symbols.patch
Fix eppic extension build.
- Add crash-fix-memory_driver-build-kernel-5.8.patch
Fix memory driver build failure with kernels 5.8+.
- Always build crash KMPs.
- remove bypass lto and add -mfull-toc for ppc64le to check boo#1146646
- Add crash-Define-fallback-PN_XNUM.patch
Add a fallback PN_XNUM definition.
- Make Factory ppc64 crash usable on both SLE 15 SP1 and releases before
SLE15 SP1 (bsc#1148197). This is only a workaround that requires to build
crash for each codestream separately.
- Drop crash-s390-autodetect-kaslr.patch which has been merged in 7.2.7.
- Add crash-fix-kmem-sS-for-caches-created-during-SLUB-bootstrap.patch
Fix "/kmem -[sS]"/ for caches created during SLUB bootstrap (bsc#1164815 ltc#182973).
- Add crash-Fix-for-reading-compressed-kdump-dumpfiles-from-syst.patch
Fix integer overflow with large memory configuration (bsc#1168233 ltc#184660).
- Upgraded the source to version 7.2.8. The previous version was
modified to support newer kernels used in SLE-15-SP2 but was not
complete.
* Includes a fix for kernels that contain:
e0703556644a531e50b5dc61b9f6ea83af5f6604
which introduces symbol namespaces. Without the change then
depending on architecture:
(1) the kernel module symbol list will contain garbage
(2) the session fails during initialization with a dump of
the internal buffer allocation stats followed by the
message "/crash: cannot allocate any more memory"/
(3) the session fails during initialization with a
segmentation violation (bsc#1162064)
* Includes the merge of the S390x patches since crash 7.2.7
(bsc#1156645/bsc#1161640)
* Source already includes XZ compressed module support, removed:
crash-symbols-add-support-for-XZ.patch
* Refreshed patches that were no longer aligned with source:
crash-allow-use-of-sadump-captured-KASLR-kernel.patch
crash-s390-autodetect-kaslr.patch
crash-sles9-time.patch
- Upgraded the source tarball to version 7.2.7. This is required
to support coredumps from currently used kernel versions in the
product (bsc#1159686).
- droped the patch obsoleted due to already being present in the
new source:
* crash-allow-kmem-section-is-early.patch
- Added commit c0371f6ee2cae31ec9f506bbd231ab8fbe334c13 - Fix to
allow live analysis of s390x kernels that have been configured
with CONFIG_RANDOMIZE_BASE=y (KASLR). This allows crash to load
the coredump without the need for "/--kaslr=<offset> on the
command-line.
Added:
crash-s390-autodetect-kaslr.patch
Implements jsc#SLE-9797
- add crash-symbols-add-support-for-XZ.patch (bnc#1155921)
- Disable LTO for PowerPC as bypass boo#1146646
- Added patch for commit 326e1b8f83a4318b09033ef754f40c785aed5e68
in linux 5.3:
crash-allow-kmem-section-is-early.patch
Upgraded the source tarball to version 7.2.6 to bring better
support of version 5 kernels such as 5.3 in SLE-15-SP2
(bsc#114706)
Dropped the following patches obsoleted by the version upgrade:
* crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
* crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
* crash-fix-for-virsh-dump-dumps-with-KASLR.patch
* crash-fix-kmem-z-on-kernel-5.0.patch
* crash-fix-kmem-i-on-kernel-5.0.patch
* crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
* crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
* crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
* crash-find-kernel-configuration-data-with-kernel-5.1.patch
* crash-fix-dev-dD-on-kernel-5.1.patch
crash-Fix-and-an-update-for-the-ipcs-command.patch
crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
Re-aligned the following patches with the new version source:
crash-allow-use-of-sadump-captured-KASLR-kernel.patch
crash-debuginfo-compressed.patch
crash-make-emacs-default.diff
crash-sles9-time.patch
Modified the following patches to integrate with version upgrade:
crash-compressed-booted-kernel.patch
crash-SLE15-SP1-With-Linux-4.19-rc1-up-MAX_PHYSMEM_BITS-to-128TB.patch
crash-SLE15-SP1-Fix-for-PPC64-kernel-virtual-address-translation-in.patch
- Upgrade the source tarball to version 7.2.5
- drop patches obsoleted by version upgrade:
* crash-fix-snprintf-overflow.patch
* crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
- post-7.2.5 upstream patches for kernel 5.0/5.1 compatibility:
* crash-fix-for-4.20-without-CONFIG_RANDOMIZE_BASE.patch
* crash-fix-for-virsh-dump-dumps-with-KASLR.patch
* crash-fix-kmem-z-on-kernel-5.0.patch
* crash-fix-kmem-i-on-kernel-5.0.patch
* crash-fix-sym-for-module-symbols-on-kernel-5.0.patch
* crash-fix-dis-function-for-module-symbols-on-kernel-5.0.patch
* crash-handle-radix_tree_root-changes-in-post-5.1-kernels.patch
* crash-find-kernel-configuration-data-with-kernel-5.1.patch
* crash-fix-dev-dD-on-kernel-5.1.patch
- Update for XEN dom0 changes in v4.11 that cause coredumps made
of a domU using virch on the dom0 to fail to load in the dom0
version of crash reporting "/crash: invalid kernel virtual address:
<address> type:fill_pcpu_struct"/, followed by "/WARNING: cannot
fill pcpu_struct"/ and "/crash: cannot read cpu_info"/
(bsc#1124690 and bsc#1122594)
Added:
crash-xen-invalid-pcpu-vaddr-use-hardware-domain-symbol.patch
- Update the recognition of x86_64 CPU_ENTRY_AREA (bsc#1104743, bsc#1090127)
Added:
crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
- Fix SLE15 SP1 Incorrect vmcore generated (bsc#1119791).
Added:
crash-SLE15-SP1-With-Linux-4.19-rc1-up-MAX_PHYSMEM_BITS-to-128TB.patch
crash-SLE15-SP1-Fix-for-PPC64-kernel-virtual-address-translation-in.patch
This is not compatible with SLE15 and SLE12 SP4.
- Sync with SLE15 SP1 (SR#173916) to enable the kmp-rt for SLERT15 SP1 only
set %if 0%{?sle_version} >= 150100
- Added:
crash-Fix-and-an-update-for-the-ipcs-command.patch
The update is required for Linux 4.11 and greater kernels, which
reimplemented the IDR facility to use radix trees in kernel commit
0a835c4f090af2c76fc2932c539c3b32fd21fbbb, titled "/Reimplement IDR and IDA
using the radix tree"/. Without the patch, if any IPCS entry exists, the
command would fail with the message "/ipcs: invalid structure member offset:
idr_top"/ (bsc#1092101)
- Added crash-fix-snprintf-overflow.patch
Fix to address a "/__builtin___snprintf_chk"/ compiler warning.
- Added crash-update-recognition-of-x86_64-CPU_ENTRY_AREA.patch
Update the recognition of x86_64 CPU_ENTRY_AREA.
- Upgrade the source tarball to version to 7.2.3
A complete changelog is available via the crash source page at:
http://people.redhat.com/anderson/crash.changelog.html
- Refreshed:
crash-compressed-booted-kernel.patch
- Upgraded to 7.2.1 because it includes the fixes to support
several core cases that recently were caused tofail to open.
As a result, removed patches that were already superceded by
7.2.1 source (bsc#1103371).
Removed:
crash-ppc64-book3s-update-hash-page-table-geometry.patch
crash-x86_64_kvtop-usable-symtab_init.patch
crash-ppc64-ensure-chosen-stack-symbol-relates-to-an-actual-backtrace.patch
crash-fix-error-cannot-resolve-schedulers-0001.patch
crash-fix-error-cannot-resolve-schedulers-0002.patch
crash-extend-direct-mapping-to-5TB.patch
Modified:
crash-allow-use-of-sadump-captured-KASLR-kernel.patch
- Added:
crash-fix-error-cannot-resolve-schedulers-0001.patch
crash-fix-error-cannot-resolve-schedulers-0002.patch
crash-extend-direct-mapping-to-5TB.patch
Fixes Xen dump files that cannot be opened in hypervisor mode.
bsc#1073993
- Added crash-ppc64-ensure-chosen-stack-symbol-relates-to-an-actual-backtrace.patch
With latest NMI IPI changes, crash_ipi_callback is found multiple
times on the stack. Ensure the chosen symbol relates to an actual
backtrace. bsc#1072718
- Escape the usage of %{VERSION} when calling out to rpm.
RPM 4.14 has %{VERSION} defined as 'the main packages version'.
- Added crash-x86_64_kvtop-usable-symtab_init.patch to change
x86_64_kvtop() so that it can be called during symtab_init()
Added crash-allow-use-of-sadump-captured-KASLR-kernel.patch to
allow use of dumps of KASLR enabled kernels that were captured
by sadump.
Both are bsc#1070278/FATE#323473
- Upgrade the source tarball to version to 7.2.0 which requires the
removal of patches that are then already applied:
crash-gdb-add-proc_service-sync-with-GLIBC.patch
crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch
A complete changelog is available via the crash source page at:
http://people.redhat.com/anderson/crash.changelog.html
Added crash-ppc64-book3s-update-hash-page-table-geometry.patch
from hbathini@linux.vnet.ibm.com via bsc#1067702 to correct
errors with virtual-to-physical address translation in the larger
virtual address range of newer kernels.
Added a BuildRequires of libelf that will populate the build
workspace with libelf (from elfutils) even though it is not
directly required by crash but is required by gdb (which crash
nests). It no longer got picked up automatically for build and
gdb and kernel module features had build errors before it.
- crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch:
Since linux kernel 3.19 crash readmem() can't be used to read
xen_p2m_addr associate memory directly during m2p translation.
PV domU p2m mapping is also stored at xd->xfd + xch_index_offset
and organized as struct xen_dumpcore_p2m. This patch implements
a special reading function read_xc_p2m() to extract the mfns
from xd->xfd + xch_index_offset and makes and crash support Xen
PV domU dumpfiles for kernel 3.19 and later (bsc#1043501).
- add crash-xen_add_support_for_domU_with_linux_kernel_from_3.19.patch
- Merge SLE changes into Factory (bsc#1041638)
- crash-stop_read_error_when_intent_is_retry.patch: When reading a
memory image fails it may not be an error if it is still possible
to switch image and retry the read. Fix the error message output
to only occur if no retries are intended (bsc#1038839).
- add crash-stop_read_error_when_intent_is_retry.patch
- Exclude openSUSE from RT KMP build (bsc#1013843)
- crash source nests gdb source but gdb has a new build error on
Factory due to the bug and build environment modifications. The
fix is upstream gdb but not upstream crash's gdb.
Created crash patch:
crash-gdb-add-proc_service-sync-with-GLIBC.patch
to create the gdb patch in expanded crash and added to the gdb
Makefile patch it's application. Resolves the build error.
- Upgrade of source tarball to 7.1.8 from upstream and refresh of
patches to align with the version. For a detailed changelog of
the source tarball see:
http://people.redhat.com/anderson/crash.changelog.html
Adds a feature to permit the use of the command-line options
"/--kaslr=<offset>"/ and/or "/--kaslr=auto"/ with the x86 32-bit
architecture.
- refresh crash-sles9-time.patch crash-compressed-booted-kernel.patch
- drop crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
merged upstram in 7.1.8
- Fix analyzing fadump dumps on PPC64 (bsc#1022962).
+ crash-Fix-for-the-PPC64-bt-command-for-non-panicking-activ.patch
- Upgrade of source tarball to 7.1.7 from upstream, removal of
crash-kernel-4.7.patch (source includes it) and refresh of other
patches to align with the version. For a detailed changelog of
the source tarball see:
http://people.redhat.com/anderson/crash.changelog.html
Feature enhancements included from 7.1.6:
- Introduction of support for "/live"/ ramdump files, such as those
that are specified by the latest QEMU version's mem-path
argument of a memory-backend-file object, e.g.:
$ qemu-kvm ...other-options... + - object memory-backend-file,id=MEM,size=128m,mem-path=/tmp/MEM,share=on + - numa node,memdev=MEM -m 128
and a live session run can be run against the guest kernel like so:
$ crash <path-to-guest-vmlinux> live:/tmp/MEM@0
- Implemented support for the redesigned ARM64 kernel virtual
memory layout that was introduced in Linux 4.6. Plus ARM64
support for 4k pages with 4-level page tables and 48 VA bits.
NB: On live systems automatic operation with Linux 4.6 ARM64
kernels requires that CONFIG_RANDOMIZE_BASE is not configured.
If it is configured then use with a live system requires two
- -machdep arguments, e.g.:
- -machdep phys_offset=<base physical address>
- -machdep kimage_voffset=<kernel kimage_voffset value>
- Improvement of the ARM64 bt -f display so that, for most cases,
the stack frame delimiter will be the location of the old FP
and LR pair.
- New bt -v option that checks all tasks for evidence of stack
overflows.
- Incorporation of an alternative stack backtrace mathod
accessed directly using bt -o and the default method can be
toggled between the two using bt -O.
- Fix for the case where the sym/dis commands fail for a symbol
name that is composed entirely of hexadecimal characters and
was previously interpreted as an address.
- Determine structure member data if the member is contained in
an anonymous structure or union (no longer necessary to use a]
discrete gdb "/printf"/ command to find the offset of it).
- Session initialization speed up.
- Addition of "/list -S"/ and "/tree -S"/ options (similar to the -s
option of each command) where member values are read from
memory instead of being interpreting gdb output (much faster
behavior for 1-, 2-, 4- and 8-byte members).
- Fix to recognize x86_64 Linux 4.8-rc1 and later kernels that
are configured with CONFIG_RANDOMIZE_MEMORY.
- Support for PPC64 virtual address translation of radix MMU.
- Improvement of "/dev -d"/ output to display I/O statistics for
devices that use the blk-mq interface.
Feature enhancements included from 7.1.7:
- Restore x86_64 "/dis"/ command's symbol translation for call or
jump target addresses for kernels configured with
CONFIG_RANDOMIZE_BASE.
- Re-factor of the trace extension module to locate all of the
ftrace buffers and extracts data from each of them rather than
only the primary one.
- Support for s390x CONFIG_THREAD_INFO_IN_TASK configuration so
that "/bt"/ command no longer shows incomplete output.
- Support for live ARM64 kernels from Linux 4.6 that have the
kernel image loaded anywhere in physical memory.
- Update of /dev/crash/kernel driver to v1.3 which adds support
Linux 4.6 and later ARM64 kernels configured with
CONFIG_HARDENED_USERCOPY and S390x kernels that use
xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() rather than
kmap() and kunmap().
- refresh eppic-support-arm64.patch crash-debuginfo-compressed.patch
- drop crash-linux-4.6-printk-flags.patch merged upstream in 7.1.6
- Enabled RT KMP build (bsc#1005578)
- crash-linux-4.6-printk-flags.patch: Fix warning "/failed to read
pageflag_names entry"/ on Linux 4.6 (bsc#978601).
- crash-kernel-4.7.patch:
support 4.7 kernel (page._count renamed to page._refcount)
- eppic-support-arm64.patch: Support for ARM64 (FATE#320844).
- Upgrade of source tarball to 7.1.5 from upstream and fix of
crash-sles9-time.patch for the version and refresh of other
patches to align with the version. For a detailed changelog of
the source tarball see:
http://people.redhat.com/anderson/crash.changelog.html
includes a fix for bsc#977306.
Feature enhancements include:
- "/whatis -r"/ and "/whatis -m"/ commands that allow search for
data structure of a specified size and that contains a member
of a given type respectively.
- Upgrade to 7.1.4 from upstream. For a detailed changelog see
http://people.redhat.com/anderson/crash.changelog.html
- Disable RT KMP build (bsc#962719)
- Enable RT KMP build (bsc#948840)
- For 7.1.3 ppc64le the following patches are obsoleted by mainline
crash-gdb-7.6-add-powerpc64le-linux.patch
crash-gdb-7.6-bound_minimal_symbol.patch
crash-gdb-7.6-floatformat.patch
crash-gdb-7.6-ppc64-ELFv2-trampoline-match.patch
crash-gdb-7.6-ppc64_sysv_abi_push_float.patch
crash-gdb-7.6-ppc64le.patch
crash-gdb-7.6-ppc_insns_match_pattern.patch
crash-gdb-7.6-update-autoconf-2013-04-24.patch
crash-gdb-7.6-update-autoconf-2013-06-10.patch
crash-gdb-7.6.series
crash-patch-gdb.patch
- Update to 7.1.3 (bsc#946458)
o Introduction of "/dis -f <address>"/ which disassembles from the
address to the end of the function
o Introduction of "/dis -s <address>"/ which displays the filename
and line number associated with the specified text location,
followed by a source code listing if available.
o Addition of a new "/--src <directory>"/ command line option for
use by the "/dis -s"/ option if the kernel source is not located
in the standard location.
o Do not search for a panic task in s390x dumpfiles that are
marked as a "/live dump"/
o Fix unnecessary error messages when a directory is used as a
command line argument
o See http://people.redhat.com/anderson/crash.changelog.html for
the complete changelog
- Removed these patches obsoleted by mainline:
crash-x86_64-nested-nmi.patch
crash-keep-file-orig-with-name-on-select.patch
crash-kmem_cache-downsize.patch
crash-s390x-add-vector-support.patch
- Refreshed patches
- crash-move-xen-dom0-handling-into-own-file.patch: Move Xen Dom0
handling into xen_dom0.c (FATE#316467).
- crash-move-xen-p2m-map.patch: Move xen p2m map initialization to
xen_kdump_p2m (FATE#316467).
- crash-use-xen_machine_addr-command.patch: Use XEN_MACHINE_ADDR
command flag instead of overriding readmem (FATE#316467).
- crash-move-xen-elf-note-processing.patch: Move Xen ELF note
processing to xen_dom0.c (FATE#316467).
- crash-add-xen-dom0-support-for-kdump.patch: Add Xen Dom0 support
for kdump compressed files (FATE#316467).
- crash-s390x-add-vector-support.patch: SIMD support for dump
tools (z13) (FATE#318058).
- Upgrade to 7.1.2 from upstream. For a detailed changelog see
http://people.redhat.com/anderson/crash.changelog.html
- Refreshed patch series with some changes required to
adjust for git host changes in eppic-switch-to-system-lib.patch
- Upgrade to 7.1.1 from upstream. At the time of writing the only
published changelog was supplied by e-mail list and is as follows
- Fix for two minor issues with the "/net"/ command. Without the patch,
the "/net -a"/ option appends its correct output with the command's
"/Usage:"/ message; and if either the "/net -x"/ or "/net -d"/ options are
used without also specifying "/-s"/ or "/-S"/, the error message would
indicate "/net: illegal flag: 800000"/ or "/net: illegal flag: 1000000"/
instead of showing the command's "/Usage:"/ message.
(anderson@redhat.com)
- If the kernel (live or dumpfile) has the TAINT_LIVEPATCH bit set, or
if the Red Hat "/kpatch"/ module is installed, the tag "/[LIVEPATCH]"/
will be displayed next to the kernel name in the initial system
banner and by the "/sys"/ command. This new tag replaces the
"/[KPATCH]"/ tag that was introduced in crash-7.0.7.
(anderson@redhat.com)
- Addressed three Coverity Scan complaints in vmware_vmss.c:
50:leaked_storage: Variable "/fp"/ going out of scope leaks the
storage it points to.
53:leaked_storage: Variable "/fp"/ going out of scope leaks the
storage it points to.
256:warning: Use of memory after it is freed
(anderson@redhat.com)
- Remove the LKCD-only "/propeller spinner"/ seen when a dumpfile read
requires more than 2048 page header accesses. This was put in place
because of the non-random-access design of LKCD dumpfiles. Without
the patch, the spinner display is intermingled with command output,
which complicates the parsing of the output.
(watters.sam@gmail.com)
- Fix to support the Linux version increment from 3 to 4. Without the
patch, both dumpfile and live sessions fail during initialization,
issuing the message "/WARNING: kernel version inconsistency between
vmlinux and dumpfile"/ or "/WARNING: kernel version inconsistency
between vmlinux and live memory"/, followed by the nonsensical fatal
error message "/crash: incompatible arguments: vmlinux is not SMP --
vmcore is SMP"/ or "/crash: incompatible arguments: vmlinux is not
SMP -- live system is SMP"/. To prevent unexpected kernel version
bumps in the future, support has been added for version 5.
(anderson@redhat.com)
- Add support for more than 16TB of physical memory space in the SADUMP
dumpfile format. Without the patch, there is a limitation caused
by several 32-bit members of dump_header structure, in particular
the max_mapnr member, which overflows if the dumpfile contains more
than 16TB of physical memory space. The header_version member of
the dump_header structure has been increased from 0 to 1 in this
extended new format, and the new 64-bit members will be used.
(d.hatayama@jp.fujitsu.com)
- Fix for command lines that are redirected to a pipe. Without the
patch, if an external piped-to command contains a quoted string that
includes a "/|"/ character, the command fails with the message "/crash:
pipe operation failed"/.
(anderson@redhat.com)
- Fix for insecure temporary file usage in _rl_tropen() as reported by
readline library CVE-2014-2524.
(anderson@redhat.com)
- When the gdb-<version>.patch file has changed and a rebuild is
done from within a previously-existing build tree, the "/patch -N"/
option is used to ignore patches that have been previously applied;
this patch also applies the "/patch -r-"/ option to prevent unnecessary
.rej files from being created.
(anderson@redhat.com)
- Fix to account for Xen hypervisor's "/domain"/ structure member name
change from "/is_paused_by_controller"/ to "/controller_pause_count"/.
Without the patch, in Xen 4.2.5 and later, the crash session fails
during initialization with the error message 'crash: invalid
structure member offset: domain_is_paused_by_controller"/.
(dietmar.hahn@ts.fujitsu.com)
- During initialization, reject useless ARM64 "/(A)"/ and "/(a)"/ absolute
symbols that are below the text region. Without the patch, several
recently-introduced absolute symbols have been introduced into the
kernel, which will be displayed by "/sym -l"/ prior to the first kernel
virtual address symbol, and will show up in command output where
memory values are translated into kernel symbol references.
(anderson@redhat.com)
- Fix for ARM64 kernels to account for changes in the virtual memory
layout introduced in Linux 3.17. The vmalloc region end address, and
the vmemmap start and end addresses are now calculated at kernel
build time, because they depend upon the size of a struct page.
Accordingly, the crash utility needs to calculate those three address
values dynamically, after the embedded gdb module has initialized.
Without the patch, reads of page structures return invalid data due
to incorrect virtual-to-physical translations of memory in the
vmemmap range. This in turn causes commands that require page
structure contents to fail or show invalid data, such as "/kmem -p"/,
"/kmem -[sS]"/, and the "/kmem -[fF]"/ options.
(anderson@redhat.com)
- Fix to support ELF vmcore dumpfiles whose PT_LOAD file offset values
of their respective memory segments are not laid out sequentially
from low to high in the dumpfile. This has only been seen in ELF
dumpfiles created by VMware's "/vmss2core -M"/ facility. Without the
patch, the crash session may fail during initialization, either with
the message "/cannot malloc ELF header buffer"/, or "/crash: <dumpfile>:
not a supported file format"/.
(anderson@redhat.com)
- Enhancement to the support of VMware .vmss suspended state dumpfiles.
There may be holes in the memory address saved for PCI, etc. In such
cases, the memory dump is divided into regions. With this patch, up
to 3 memory regions are supported.
(hfu@vmware.com)
- Fortified the error handling of task gathering from the pid_hash[]
chains during session initialization. If a chain has been corrupted,
the patch prevents the sequence from entering an infinite loop, and
the error messages associated with corrupt/invalid chains have been
updated to report the pid_hash[] index number.
(anderson@redhat.com)
- Implemented a new STRDUPBUF() utility that will duplicate an existing
string into a buffer allocated with GETBUF(). As is the case with
any buffer allocated with GETBUF(), it is only meant to exist during
the life-span of the current command. If it is not explicitly freed
via FREEBUF(), then it will be freed automatically prior to the next
command.
(anderson@redhat.com)
- Implemented a new fill_struct_member_data() function that gathers
a bundle of data that describes a structure member. The function
receives a pointer to a struct_member_data structure, in which the
caller has initialized the "/structure"/ and "/member"/ name pointers:
struct struct_member_data {
char *structure;
char *member;
long type;
long unsigned_type;
long length;
long offset;
long bitpos;
long bitsize;
};
A gdb "/printm"/ command is crafted using those two fields, and the
output of the command is used to initialize the remaining six fields.
Adapted from Qiao Nuohan's "/pstruct"/ extension module.
(anderson@redhat.com, qiaonuohan@cn.fujitsu.com)
- Implemented a new "/runq -c cpu(s)"/ option to display the run queue
data of specified cpus. It can be used in conjunction with all runq
command options. The cpus must be specified in a comma- and/or
dash-separated list; for examples, "/3"/, "/1,8,9"/, "/1-23"/, or "/1,8-15"/.
(anderson@redhat.com)
- Build extension modules that utilize the generic extensions/Makefile
with -g. In addition, build the snap.c extension module with -g.
(rabinv@axis.com)
- Several fixes, updates, and enhancements for 32-bit MIPS support:
(1) The MIPS general purpose registers in the elf_gregset_t
don't start at index 0 but at index 6.
(2) Adjust for the kernel's pt_regs structure changes between
kernel versions. For example, fields are inserted into the
middle based on build time options, and the amount of padding
at the head of the structure was changed relatively recently.
To handle this, split the structure definition into two parts
and get the offsets of these two parts dynamically.
(3) Do not display each parsed kernel symbol during initialization
when invoked with "/crash -d8"/.
(4) Add support for loading raw MIPS ramdump dumpfiles.
(5) Add support for compressed kdump dumpfiles.
(rabinv@axis.com)
- Fix for a typo in "/help foreach"/, and a fix for a spelling error in
"/help input"/.
(weijg.fnst@cn.fujitsu.com)
- Fix for "/and and"/ and "/the the"/ typos in the README file.
(weijg.fnst@cn.fujitsu.com)
- Fix to address the Xen 4.5.0 hypervisor symbol name change from
"/dom0"/ to "/hardware_domain"/. Without the patch, the crash session
fails with the error message "/crash: cannot resolve: dom0"/.
(dslutz@verizon.com)
- Fix for a regression in crash-7.1.0 that causes failures when the
"/crash -t"/ option is run on a live system, and when analyzing remote
Linux kernels. Without the patch, "/crash -t"/ on a live system fails
with the message "/crash: cannot open remote memory source: /dev/mem"/,
and attempts to analyze a Linux kernel remotely just shows the kernel
timestamp and exits immediately.
(dslutz@verizon.com, anderson@redhat.com)
- Speed up the session invocation time of "/flattened"/ format dumpfiles
created by the makedumpfile(8) facility. When sorting the blocks of
memory by their intended ELF or compressed kdump file offsets, the
patch replaces the bubble-sort method that is currently used with an
insertion sort method.
(dslutz@verizon.com)
- Remove the non-existent "/-L"/ option from the "/ps"/ command's mutually-
exclusive options error message.
(vvs@parallels.com)
- Fix for the "/irq"/, "/mount"/, "/kmem -p"/ and "/kmem -v"/ commands when
they are used in an input file. If more than one of any of those
four commands are used in an input file, the output of the second
and subsequent command instances will not display their respective
command headers.
(anderson@redhat.com)
- Implemented a new "/kmem -m"/ option that is similar to "/kmem -p"/,
but it allows the user to specify the page struct members to be
displayed. The option takes a comma-separated list of one or
more page struct members, which will be displayed following the
page structure address. The "/flags"/ member will always be expressed
in hexadecimal format, and the "/_count"/ and "/_mapcount"/ members will
always be expressed in decimal format. Otherwise, all other members
will be displayed in hexadecimal format unless the current output
radix is 10 and the member is a signed/unsigned integer. Members
that are data structures may be specified by the data structure's
member name, or expanded to specify a member of that data structure.
For example, "/-m lru"/ refers to a list_head data structure, in which
case both the list_head.next and list_head.prev pointer values will
be displayed; if "/-m lru.next"/ is specified, just the list_head.next
value will be displayed.
(atomlin@redhat.com, anderson@redhat.com)
- Support enhancement for the 32-bit MIPS architecture that retrieves
the per-cpu registers from the NT_PRSTATUS notes stored in the header
of compressed kdump dumpfiles.
(rabinv@axis.com)
- Fix to remove an invalid warning message on ARM64 if a crash session
is invoked with the "/-d<number>"/ debug flag. Without the patch,
the invalid message is "/WARNING: SPARSEMEM_EX: questionable section
values"/.
(anderson@redhat.com)
- Remove the leftover "/.constructor"/ build file in the extensions
subdirectory when "/make extensions"/ is complete, and update the
top-level .gitignore file to ignore post-build extensions
subdirectory files.
(anderson@redhat.com)
- Fix for a segmentation violation generated by the "/help -[n|D]"/
options on ARM64 compressed kdumps.
(anderson@redhat.com)
- Additional output for the "/help [-D|-n]"/ options on ARM64. For ELF
kdump vmcores and compressed kdumps, the elf_prstatus structure in
each NT_PRSTATUS note will be translated.
(anderson@redhat.com)
- The "/help -r"/ option has been extended to dump the ARM64 registers
stored in each per-cpu NT_PRSTATUS note in compressed kdump and
ELF kdump dumpfiles.
(anderson@redhat.com)
- Fix for the ARM64 page size determination on Linux 4.1 and later
kernels. Without the patch, the crash session fails during
initialization with the message "/crash: invalid/unsupported page
size: 98304"/ on kernels with 64K pages. On kernels with 4K pages,
the message is "/crash: invalid/unsupported page size: 6144"/. In
addition, the "/-p <page-size>"/ command line override option
had no effect on ARM64; that has been fixed as well.
(anderson@redhat.com)
- Fix for the DATE display in the initial system banner and by the
"/sys"/ command to account for the Linux 3.17 change that moved
the "/timekeeper"/ symbol and structure into a containing tk_core
structure; the "/shadow_timekeeper"/ timekeeper will be used as an
alternative. Without the patch, the DATE shows something within
a few hours of the Linux epoch, such as "/Wed Dec 31 18:00:00 1969"/.
(kmcmartin@redhat.com)
- Fixes for the translation of ARM64 PTEs, as displayed by the "/vm -p"/
and "/vtop"/ commands. Without the patch, if "/vm -p"/ references a
swapped-out page on Linux 4.0 and later kernels, the SWAP location
may indicate "/(unknown swap location)"/, and will show an invalid
OFFSET value; on Linux 3.13 and later kernels, running "/vtop"/ on a
user virtual address incorrectly translates the PTE contents of
swapped out pages by showing a PHYSICAL address and FLAGS translation
instead of the SWAP device and OFFSET. It is possible that there may
be PTE bit translation errors on other kernel versions; the patch
addresses the changes in ARM64 PTE bit definitions made in Linux
3.11, 3.13, and 4.0 kernels.
(anderson@redhat.com)
- Enhanced the "/struct.member"/ display capability of the "/struct"/,
"/union"/, "/task"/, "/list"/ and "/tree"/ commands. If a specified
structure member contains an embedded structure, the output may
be restricted to just the embedded structure by expressing the
.member argument as "/member.member"/. If a specified structure
member is an array, the output may be restricted to a single array
element by expressing the .member argument as "/member[index]"/.
Furthermore, these embedded member specifications may extend beyond
one level deep, for example, by expressing the member argument as
"/member.member.member"/, or "/member[index].member"/.
(Alexandr_Terekhov@epam.com, anderson@redhat.com)
- Fix for any command that passes strings to gdb for evaluation,
where the string contains a parentheses-within-parentheses
expression along with a "/>"/ or "/>>"/ operator inside the outermost
set of parentheses. Without the patch, a command such as the
following fails like so:
crash> p ((1+1) >> 1)
p: gdb request failed: p ((1+1)
crash>
(anderson@redhat.com)
- Fix for the handling of ARM64 kernel module per-cpu symbols. Without
the patch, if the debuginfo data of an ARM64 kernel module that
contains a per-cpu section is loaded by "/mod -s <module>"/ or
"/mod -S"/, commands such as "/bt"/ or "/sym"/ may incorrectly translate
the module's virtual addresses to symbol names.
(Jan.Karlsson@sonymobile.com)
- 0001-Prepare-for-the-future-increment-of-Linux-3.x-to-4.x.patch:
Dropped. Handling kernel 4.0 is now part of the upstream source.
- add patch from upstream to handle kernel 4.0
0001-Prepare-for-the-future-increment-of-Linux-3.x-to-4.x.patch
- Upgrade to 7.1.0 from upstream. For a detailed changelog see
http://people.redhat.com/anderson/crash.changelog.html
- Refreshed patch series with only re-alignment required.
- Upgrade to 7.0.9 from upstream, For a detailed changelog see
http://people.redhat.com/anderson/crash.changelog.html
- Refreshed patch series but no modifications required.
- cronie
-
- Increase limit of allowed entries in crontab files to fix bsc#1187508
* cronie-1.5.1-increase_crontab_limit.patch
- drop 'checkproc' line from the run-crons as the usage is bogus
[bsc#1155929]
- update cronie-nheader_lines.diff so it doesn't print the first 3
crontab lines (static comments) with the 'crontab -l' command
[bsc#1155114]
- remove cronie-nofork-nopid.patch that allowed running of multiple
"/cron -n"/ instances at once which is an unwanted behaviour
[bsc#1133100]
- update cronie-1.5.1-huge_crontab_DoS.patch to fix a regression
that caused that only the first job from a crontab was being run
[bsc#1130746]
- add cronie-1.5.1-huge_crontab_DoS.patch to fix two security issues
where users can cause DoS of the crond by loading huge crontab
files. We now allow maximum 1000 environment variables and 1000
crontab entries. Also the comments and whitespace between the
entries and variables are now limited to 32768 characters.
[bnc#1128937] [CVE-2019-9704] and [bnc#1128935] [CVE-2019-9705]
- Requires mail as it's really needed by cron-crons script, not
smtp_daemon [bsc#1070565] [bsc#1064834]
- Ensure that /etc/cron.{hourly,daily,weekly,monthly} have proper
permissions and owner. This is racy but prevents some LPE vectors
- Requires smtp_daemon (not just Recommends) as it's needed by
run-crons script [bsc#1064834]
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Require group trusted if we use them
- update to 1.5.1
* crontab: Use temporary file name that is ignored by crond.
* crond: Inherit PATH from the crond environment if -P option
is used.
* crond: Remove hardcoded "/system_u"/ SELinux user, use the
SELinux user
of the running crond.
* anacron: Small cleanups and fixes.
* crond: Fix longstanding race condition on repeated crontab
modification.
- refresh cronie-pam_config.diff
- get rid of %{name} macros in the patch names
- use %{ext_man} macro for anacron man pages
- fedorahosted.org was retired on March 1st, 2017
* update Url and Source address
- cleanup with spec-cleaner
- remove the omc xml config that is useless nowdays
- Add fix for bnc#983925 to run crons even when not on AC_POWER
* Nowdays it does not make much sense to not run crons when on
battery and actually it can even confuse people
- cron.service: Use KillMode=process like upstream does.
- revert last change, it is a bug in sssd.service, fixed in
SR#313709
- add support for MAILFROM, MAIL_CONFIG and different mailer binaries
in run-crons (bnc#812367, bnc#366762)
- Start cron after sssd.service bnc#926961
- Redo the post/pre update approach to fix migration from SLE11.
Should fix bnc#919028
- update to 1.5.0
* crond: Job environment variables are set also when executing
sendmail.
* crond: Adding duplicate orphans on reload is now prevented.
* crond: The regular crond shutdown is now logged.
* crontab: PAM is not called in crontab command if the caller's
uid is 0.
* crond: PAM is not called from crond for system cron jobs
(/etc/crontab, /etc/cron.d) which are run for uid 0.
* crond: The existence of an user is checked at time when job is
run and not when the crontab is parsed on database reload.
- use spec-cleaner
- cron.service: Start After=nss-user-lookup.target not
after ypbind.service nscd.service
-cron.service: Crons run at wall-time, order after time-sync.target
- fix bashisms in pre scripts
- cryptsetup
-
- SLE marker: implements jsc#SLE-5911, bsc#1165580, jsc#SLE-145149
- prepare usrmerge (boo#1029961)
- Update to 2.3.4:
* Fix a possible out-of-bounds memory write while validating LUKS2 data
segments metadata (CVE-2020-14382, boo#1176128).
* Ignore reported optimal IO size if not aligned to minimal page size.
* Added support for new no_read/write_wrokqueue dm-crypt options (kernel 5.9).
* Added support panic_on_corruption option for dm-verity devices (kernel 5.9).
* Support --master-key-file option for online LUKS2 reencryption
* Always return EEXIST error code if a device already exists.
* Fix a problem in integritysetup if a hash algorithm has dash in the name.
* Fix crypto backend to properly handle ECB mode.
* TrueCrypt/VeraCrypt compatible mode now supports the activation of devices
with a larger sector.
* LUKS2: Do not create excessively large headers.
* Fix unspecified sector size for BitLocker compatible mode.
* Fix reading key data size in metadata for BitLocker compatible mode.
- Update to 2.3.3:
* Fix BitLocker compatible device access that uses native 4kB
sectors
* Support large IV count (--iv-large-sectors) cryptsetup option
for plain device mapping
* Fix a memory leak in BitLocker compatible handling
* Allow EBOIV (Initialization Vector algorithm) use
* LUKS2: Require both keyslot cipher and key size option, do
not fail silently
- includes changes from 2.3.2:
* Add option to dump content of LUKS2 unbound keyslot
* Add support for discards (TRIM) for standalone dm-integrity
devices (Kernel 5.7) via --allow-discards, not for LUKS2
* Fix cryptsetup-reencrypt to work on devices that do not allow
direct-io device access.
* Fix a crash in the BitLocker-compatible code error path
* Fix Veracrypt compatible support for longer (>64 bytes)
passphrases
- Split translations to -lang package
- New version to 2.3.1
* Support VeraCrypt 128 bytes passwords.
VeraCrypt now allows passwords of maximal length 128 bytes
(compared to legacy TrueCrypt where it was limited by 64 bytes).
* Strip extra newline from BitLocker recovery keys
There might be a trailing newline added by the text editor when
the recovery passphrase was passed using the --key-file option.
* Detect separate libiconv library.
It should fix compilation issues on distributions with iconv
implemented in a separate library.
* Various fixes and workarounds to build on old Linux distributions.
* Split lines with hexadecimal digest printing for large key-sizes.
* Do not wipe the device with no integrity profile.
With --integrity none we performed useless full device wipe.
* Workaround for dm-integrity kernel table bug.
Some kernels show an invalid dm-integrity mapping table
if superblock contains the "/recalculate"/ bit. This causes
integritysetup to not recognize the dm-integrity device.
Integritysetup now specifies kernel options such a way that
even on unpatched kernels mapping table is correct.
* Print error message if LUKS1 keyslot cannot be processed.
If the crypto backend is missing support for hash algorithms
used in PBKDF2, the error message was not visible.
* Properly align LUKS2 keyslots area on conversion.
If the LUKS1 payload offset (data offset) is not aligned
to 4 KiB boundary, new LUKS2 keyslots area in now aligned properly.
* Validate LUKS2 earlier on conversion to not corrupt the device
if binary keyslots areas metadata are not correct.
- Update to 2.3.0 (include release notes for 2.2.0)
* BITLK (Windows BitLocker compatible) device access
* Veritysetup now supports activation with additional PKCS7 signature
of root hash through --root-hash-signature option.
* Integritysetup now calculates hash integrity size according to algorithm
instead of requiring an explicit tag size.
* Integritysetup now supports fixed padding for dm-integrity devices.
* A lot of fixes to online LUKS2 reecryption.
* Add crypt_resume_by_volume_key() function to libcryptsetup.
If a user has a volume key available, the LUKS device can be resumed
directly using the provided volume key.
No keyslot derivation is needed, only the key digest is checked.
* Implement active device suspend info.
Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags
that informs the caller that device is suspended (luksSuspend).
* Allow --test-passphrase for a detached header.
Before this fix, we required a data device specified on the command
line even though it was not necessary for the passphrase check.
* Allow --key-file option in legacy offline encryption.
The option was ignored for LUKS1 encryption initialization.
* Export memory safe functions.
To make developing of some extensions simpler, we now export
functions to handle memory with proper wipe on deallocation.
* Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot.
* Add optional global serialization lock for memory hard PBKDF.
* Abort conversion to LUKS1 with incompatible sector size that is
not supported in LUKS1.
* Report error (-ENOENT) if no LUKS keyslots are available. User can now
distinguish between a wrong passphrase and no keyslot available.
* Fix a possible segfault in detached header handling (double free).
* Add integritysetup support for bitmap mode introduced in Linux kernel 5.2.
* The libcryptsetup now keeps all file descriptors to underlying device
open during the whole lifetime of crypt device context to avoid excessive
scanning in udev (udev run scan on every descriptor close).
* The luksDump command now prints more info for reencryption keyslot
(when a device is in-reencryption).
* New --device-size parameter is supported for LUKS2 reencryption.
* New --resume-only parameter is supported for LUKS2 reencryption.
* The repair command now tries LUKS2 reencryption recovery if needed.
* If reencryption device is a file image, an interactive dialog now
asks if reencryption should be run safely in offline mode
(if autodetection of active devices failed).
* Fix activation through a token where dm-crypt volume key was not
set through keyring (but using old device-mapper table parameter mode).
* Online reencryption can now retain all keyslots (if all passphrases
are provided). Note that keyslot numbers will change in this case.
* Allow volume key file to be used if no LUKS2 keyslots are present.
* Print a warning if online reencrypt is called over LUKS1 (not supported).
* Fix TCRYPT KDF failure in FIPS mode.
* Remove FIPS mode restriction for crypt_volume_key_get.
* Reduce keyslots area size in luksFormat when the header device is too small.
* Make resize action accept --device-size parameter (supports units suffix).
- Create a weak dependency cycle between libcryptsetup and
libcryptsetup-hmac to make sure they are installed together
(bsc#1090768)
- Use noun phrase in summary.
- New version 2.1.0
* The default size of the LUKS2 header is increased to 16 MB.
It includes metadata and the area used for binary keyslots;
it means that LUKS header backup is now 16MB in size.
* Cryptsetup now doubles LUKS default key size if XTS mode is used
(XTS mode uses two internal keys). This does not apply if key size
is explicitly specified on the command line and it does not apply
for the plain mode.
This fixes a confusion with AES and 256bit key in XTS mode where
code used AES128 and not AES256 as often expected.
* Default cryptographic backend used for LUKS header processing is now
OpenSSL. For years, OpenSSL provided better performance for PBKDF.
* The Python bindings are no longer supported and the code was removed
from cryptsetup distribution. Please use the libblockdev project
that already covers most of the libcryptsetup functionality
including LUKS2.
* Cryptsetup now allows using --offset option also for luksFormat.
* Cryptsetup now supports new refresh action (that is the alias for
"/open --refresh"/).
* Integritysetup now supports mode with detached data device through
new --data-device option.
- 2.1.0 would use LUKS2 as default, we stay with LUKS1 for now until
someone has time to evaluate the fallout from switching to LUKS2.
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
* Fixes static build for integritysetup if the pwquality library is used.
* Allows passphrase change for unbound keyslots.
* Fixes removed keyslot number in verbose message for luksKillSlot,
luksRemoveKey and erase command.
* Adds blkid scan when attempting to open a plain device and warn the user
about existing device signatures in a ciphertext device.
* Remove LUKS header signature if luksFormat fails to add the first keyslot.
* Remove O_SYNC from device open and use fsync() to speed up
wipe operation considerably.
* Create --master-key-file in luksDump and fail if the file already exists.
* Fixes a bug when LUKS2 authenticated encryption with a detached header
wiped the header device instead of dm-integrity data device area (causing
unnecessary LUKS2 header auto recovery).
- make parallell installable version for SLE12
- New version 2.0.4
Changes since version 2.0.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Use the libblkid (blockid) library to detect foreign signatures
on a device before LUKS format and LUKS2 auto-recovery.
This change fixes an unexpected recovery using the secondary
LUKS2 header after a device was already overwritten with
another format (filesystem or LVM physical volume).
LUKS2 will not recreate a primary header if it detects a valid
foreign signature. In this situation, a user must always
use cryptsetup repair command for the recovery.
Note that libcryptsetup and utilities are now linked to libblkid
as a new dependence.
To compile code without blockid support (strongly discouraged),
use --disable-blkid configure switch.
* Add prompt for format and repair actions in cryptsetup and
integritysetup if foreign signatures are detected on the device
through the blockid library.
After the confirmation, all known signatures are then wiped as
part of the format or repair procedure.
* Print consistent verbose message about keyslot and token numbers.
For keyslot actions: Key slot <number> unlocked/created/removed.
For token actions: Token <number> created/removed.
* Print error, if a non-existent token is tried to be removed.
* Add support for LUKS2 token definition export and import.
The token command now can export/import customized token JSON file
directly from command line. See the man page for more details.
* Add support for new dm-integrity superblock version 2.
* Add an error message when nothing was read from a key file.
* Update cryptsetup man pages, including --type option usage.
* Add a snapshot of LUKS2 format specification to documentation
and accordingly fix supported secondary header offsets.
* Add bundled optimized Argon2 SSE (X86_64 platform) code.
If the bundled Argon2 code is used and the new configure switch
- -enable-internal-sse-argon2 option is present, and compiler flags
support required optimization, the code will try to use optimized
and faster variant.
Always use the shared library (--enable-libargon2) if possible.
This option was added because an enterprise distribution
rejected to support the shared Argon2 library and native support
in generic cryptographic libraries is not ready yet.
* Fix compilation with crypto backend for LibreSSL >= 2.7.0.
LibreSSL introduced OpenSSL 1.1.x API functions, so compatibility
wrapper must be commented out.
* Fix on-disk header size calculation for LUKS2 format if a specific
data alignment is requested. Until now, the code used default size
that could be wrong for converted devices.
Changes since version 2.0.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Expose interface to unbound LUKS2 keyslots.
Unbound LUKS2 keyslot allows storing a key material that is independent
of master volume key (it is not bound to encrypted data segment).
* New API extensions for unbound keyslots (LUKS2 only)
crypt_keyslot_get_key_size() and crypt_volume_key_get()
These functions allow to get key and key size for unbound keyslots.
* New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
* Add --unbound keyslot option to the cryptsetup luksAddKey command.
* Add crypt_get_active_integrity_failures() call to get integrity
failure count for dm-integrity devices.
* Add crypt_get_pbkdf_default() function to get per-type PBKDF default
setting.
* Add new flag to crypt_keyslot_add_by_key() to force update device
volume key. This call is mainly intended for a wrapped key change.
* Allow volume key store in a file with cryptsetup.
The --dump-master-key together with --master-key-file allows cryptsetup
to store the binary volume key to a file instead of standard output.
* Add support detached header for cryptsetup-reencrypt command.
* Fix VeraCrypt PIM handling - use proper iterations count formula
for PBKDF2-SHA512 and PBKDF2-Whirlpool used in system volumes.
* Fix cryptsetup tcryptDump for VeraCrypt PIM (support --veracrypt-pim).
* Add --with-default-luks-format configure time option.
(Option to override default LUKS format version.)
* Fix LUKS version conversion for detached (and trimmed) LUKS headers.
* Add luksConvertKey cryptsetup command that converts specific keyslot
from one PBKDF to another.
* Do not allow conversion to LUKS2 if LUKSMETA (external tool metadata)
header is detected.
* More cleanup and hardening of LUKS2 keyslot specific validation options.
Add more checks for cipher validity before writing metadata on-disk.
* Do not allow LUKS1 version downconversion if the header contains tokens.
* Add "/paes"/ family ciphers (AES wrapped key scheme for mainframes)
to allowed ciphers.
Specific wrapped ley configuration logic must be done by 3rd party tool,
LUKS2 stores only keyslot material and allow activation of the device.
* Add support for --check-at-most-once option (kernel 4.17) to veritysetup.
This flag can be dangerous; if you can control underlying device
(you can change its content after it was verified) it will no longer
prevent reading tampered data and also it does not prevent silent
data corruptions that appear after the block was once read.
* Fix return code (EPERM instead of EINVAL) and retry count for bad
passphrase on non-tty input.
* Enable support for FEC decoding in veritysetup to check dm-verity devices
with additional Reed-Solomon code in userspace (verify command).
Changes since version 2.0.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix a regression in early detection of inactive keyslot for luksKillSlot.
It tried to ask for passphrase even for already erased keyslot.
* Fix a regression in loopaesOpen processing for keyfile on standard input.
Use of "/-"/ argument was not working properly.
* Add LUKS2 specific options for cryptsetup-reencrypt.
Tokens and persistent flags are now transferred during reencryption;
change of PBKDF keyslot parameters is now supported and allows
to set precalculated values (no benchmarks).
* Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags
combination. Persistent flags are now stored only if the device was
successfully activated with the specified flags.
* Fix integritysetup format after recent Linux kernel changes that
requires to setup key for HMAC in all cases.
Previously integritysetup allowed HMAC with zero key that behaves
like a plain hash.
* Fix VeraCrypt PIM handling that modified internal iteration counts
even for subsequent activations. The PIM count is no longer printed
in debug log as it is sensitive information.
Also, the code now skips legacy TrueCrypt algorithms if a PIM
is specified (they cannot be used with PIM anyway).
* PBKDF values cannot be set (even with force parameters) below
hardcoded minimums. For PBKDF2 is it 1000 iterations, for Argon2
it is 4 iterations and 32 KiB of memory cost.
* Introduce new crypt_token_is_assigned() API function for reporting
the binding between token and keyslots.
* Allow crypt_token_json_set() API function to create internal token types.
Do not allow unknown fields in internal token objects.
* Print message in cryptsetup that about was aborted if a user did not
answer YES in a query.
- update to 2.0.1:
* To store volume key into kernel keyring, kernel 4.15 with
dm-crypt 1.18.1 is required
* Increase maximum allowed PBKDF memory-cost limit to 4 GiB
* Use /run/cryptsetup as default for cryptsetup locking dir
* Introduce new 64-bit byte-offset *keyfile_device_offset functions.
* New set of fucntions that allows 64-bit offsets even on 32bit systems
are now availeble:
- crypt_resume_by_keyfile_device_offset
- crypt_keyslot_add_by_keyfile_device_offset
- crypt_activate_by_keyfile_device_offset
- crypt_keyfile_device_read
The new functions have added the _device_ in name.
Old functions are just internal wrappers around these.
* Also cryptsetup --keyfile-offset and --new-keyfile-offset now
allows 64-bit offsets as parameters.
* Add error hint for wrongly formatted cipher strings in LUKS1 and
properly fail in luksFormat if cipher format is missing required IV.
- Update to version 2.0.0:
* Add support for new on-disk LUKS2 format
* Enable to use system libargon2 instead of bundled version
* Install tmpfiles.d configuration for LUKS2 locking directory
* New command integritysetup: support for the new dm-integrity kernel target
* Support for larger sector sizes for crypt devices
* Miscellaneous fixes and improvements
- Update to version 1.7.5:
* Fixes to luksFormat to properly support recent kernel running
in FIPS mode (bsc#1031998).
* Fixes accesses to unaligned hidden legacy TrueCrypt header.
* Fixes to optional dracut ramdisk scripts for offline
re-encryption on initial boot.
- Update to version 1.7.4:
* Allow to specify LUKS1 hash algorithm in Python luksFormat
wrapper.
* Use LUKS1 compiled-in defaults also in Python wrapper.
* OpenSSL backend: Fix OpenSSL 1.1.0 support without backward
compatible API.
* OpenSSL backend: Fix LibreSSL compatibility.
* Check for data device and hash device area overlap in
veritysetup.
* Fix a possible race while allocating a free loop device.
* Fix possible file descriptor leaks if libcryptsetup is run from
a forked process.
* Fix missing same_cpu_crypt flag in status command.
* Various updates to FAQ and man pages.
- Changes for version 1.7.3:
* Fix device access to hash offsets located beyond the 2GB device
boundary in veritysetup.
* Set configured (compile-time) default iteration time for
devices created directly through libcryptsetup
* Fix PBKDF2 benchmark to not double iteration count for specific
corner case.
* Verify passphrase in cryptsetup-reencrypt when encrypting a new
drive.
* OpenSSL backend: fix memory leak if hash context was repeatedly
reused.
* OpenSSL backend: add support for OpenSSL 1.1.0.
* Fix several minor spelling errors.
* Properly check maximal buffer size when parsing UUID from
/dev/disk/.
- Update to version 1.7.2:
* Update LUKS documentation format.
Clarify fixed sector size and keyslots alignment.
* Support activation options for error handling modes in
Linux kernel dm-verity module:
- -ignore-corruption - dm-verity just logs detected corruption
- -restart-on-corruption - dm-verity restarts the kernel if
corruption is detected
If the options above are not specified, default behavior for
dm-verity remains. Default is that I/O operation fails with
I/O error if corrupted block is detected.
- -ignore-zero-blocks - Instructs dm-verity to not verify
blocks that are expected to contain zeroes and always
return zeroes directly instead.
NOTE that these options could have security or functional
impacts, do not use them without assessing the risks!
* Fix help text for cipher benchmark specification
(mention --cipher option).
* Fix off-by-one error in maximum keyfile size.
Allow keyfiles up to compiled-in default and not that value
minus one.
* Support resume of interrupted decryption in cryptsetup-reencrypt
utility. To resume decryption, LUKS device UUID (--uuid option)
option must be used.
* Do not use direct-io for LUKS header with unaligned keyslots.
Such headers were used only by the first cryptsetup-luks-1.0.0
release (2005).
* Fix device block size detection to properly work on particular
file-based containers over underlying devices with 4k sectors.
- Update to version 1.7.1:
* Code now uses kernel crypto API backend according to new
changes introduced in mainline kernel
While mainline kernel should contain backward compatible
changes, some stable series kernels do not contain fully
backported compatibility patches.
Without these patches most of cryptsetup operations
(like unlocking device) fail.
This change in cryptsetup ensures that all operations using
kernel crypto API works even on these kernels.
* The cryptsetup-reencrypt utility now properly detects removal
of underlying link to block device and does not remove
ongoing re-encryption log.
This allows proper recovery (resume) of reencrypt operation later.
NOTE: Never use /dev/disk/by-uuid/ path for reencryption utility,
this link disappears once the device metadata is temporarily
removed from device.
* Cryptsetup now allows special "/-"/ (standard input) keyfile handling
even for TCRYPT (TrueCrypt and VeraCrypt compatible) devices.
* Cryptsetup now fails if there are more keyfiles specified
for non-TCRYPT device.
* The luksKillSlot command now does not suppress provided password
in batch mode (if password is wrong slot is not destroyed).
Note that not providing password in batch mode means that keyslot
is destroyed unconditionally.
- update to 1.7.0:
* The cryptsetup 1.7 release changes defaults for LUKS,
there are no API changes.
* Default hash function is now SHA256 (used in key derivation
function and anti-forensic splitter).
* Default iteration time for PBKDF2 is now 2 seconds.
* Fix PBKDF2 iteration benchmark for longer key sizes.
* Remove experimental warning for reencrypt tool.
* Add optional libpasswdqc support for new LUKS passwords.
* Update FAQ document.
- Fix missing dependency on coreutils for initrd macros (boo#958562)
- Call missing initrd macro at postun (boo#958562)
- Update to 1.6.8
* If the null cipher (no encryption) is used, allow only empty
password for LUKS. (Previously cryptsetup accepted any password
in this case.)
The null cipher can be used only for testing and it is used
temporarily during offline encrypting not yet encrypted device
(cryptsetup-reencrypt tool).
Accepting only empty password prevents situation when someone
adds another LUKS device using the same UUID (UUID of existing
LUKS device) with faked header containing null cipher.
This could force user to use different LUKS device (with no
encryption) without noticing.
(IOW it prevents situation when attacker intentionally forces
user to boot into different system just by LUKS header
manipulation.)
Properly configured systems should have an additional integrity
protection in place here (LUKS here provides only
confidentiality) but it is better to not allow this situation
in the first place.
(For more info see QubesOS Security Bulletin QSB-019-2015.)
* Properly support stdin "/-"/ handling for luksAddKey for both new
and old keyfile parameters.
* If encrypted device is file-backed (it uses underlying loop
device), cryptsetup resize will try to resize underlying loop
device as well. (It can be used to grow up file-backed device
in one step.)
* Cryptsetup now allows to use empty password through stdin pipe.
(Intended only for testing in scripts.)
- Enable verbose build log.
- regenerate the initrd if cryptsetup tool changes
(wanted by 90crypt dracut module)
- Update to 1.6.7
* Cryptsetup TCRYPT mode now supports VeraCrypt devices
(TrueCrypt extension)
* Support keyfile-offset and keyfile-size options even for plain
volumes.
* Support keyfile option for luksAddKey if the master key is
specified.
* For historic reasons, hashing in the plain mode is not used if
keyfile is specified (with exception of --key-file=-). Print
a warning if these parameters are ignored.
* Support permanent device decryption for cryptsetup-reencrypt.
To remove LUKS encryption from a device, you can now use
- -decrypt option.
* Allow to use --header option in all LUKS commands. The
- -header always takes precedence over positional device argument.
* Allow luksSuspend without need to specify a detached header.
* Detect if O_DIRECT is usable on a device allocation. There are
some strange storage stack configurations which wrongly allows
to open devices with direct-io but fails on all IO operations later.
* Add low-level performance options tuning for dmcrypt (for
Linux 4.0 and later).
* Get rid of libfipscheck library.
(Note that this option was used only for Red Hat and derived
distributions.) With recent FIPS changes we do not need to
link to this FIPS monster anymore. Also drop some no longer
needed FIPS mode checks.
* Many fixes and clarifications to man pages.
* Prevent compiler to optimize-out zeroing of buffers for on-stack
variables.
* Fix a crash if non-GNU strerror_r is used.
- cups
-
- When cupsd creates directories with specific owner group
and permissions (usually owner is 'root' and group matches
"/configure --with-cups-group=lp"/) specify same owner group and
permissions in the RPM spec file to ensure those directories
are installed by RPM with the right settings because if those
directories were installed by RPM with different settings then
cupsd would use them as is and not adjust its specific owner
group and permissions which could lead to privilege escalation
from 'lp' user to 'root' via symlink attacks e.g. if owner is
falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- cups-2.2.7-web-ui-kerberos-authentication.patch (bsc#1175960)
Fix web UI kerberos authentication
- cups-2.2.7-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-2.2.7-CVE-2019-8842.patch fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- cups-2.2.7-CVE-2020-3898.patch fixes CVE-2020-3898 (bsc#1168422)
heap-buffer-overflow in libcups ppdFindOption() function
- cups-2.2.7-CVE-2019-8675.CVE-2019-8696.patch fixes
CVE-2019-8675 and CVE-2019-8696 (bsc#1146358 and bsc#1146359)
and some other security/disclosure issues
https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
(Apple's internal issues rdar://51685251, rdar://50035411,
rdar://51373853, rdar://51373929)
- Add issue5509-fix-utf-8-validation-issue.patch (bsc#1118118)
Fixes https://github.com/apple/cups/issues/5509
- cups-2.2.7-CVE-2018-4700.patch fixes CVE-2018-4700: session
cookie is extremely predictable, effectively breaking the
CSRF protection of the CUPS web interface (bsc#1115750)
- cups-branch-2.2-commit-97cb566568a8c3a9c07c7ccec09f28f5c5015954.diff
is 'git show 97cb566568a8c3a9c07c7ccec09f28f5c5015954' for
https://github.com/apple/cups/commit/97cb566568a8c3a9c07c7ccec09f28f5c5015954
(except the not needed hunk for patching CHANGES.md which fails)
that fixes local privilege escalation to root and sandbox
bypasses in scheduler (Apple's internal issues rdar://37836779,
rdar://37836995, rdar://37837252, rdar://37837581)
in the CUPS 2.2 branch
bsc#1096405 CVE-2018-4180:
Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
bsc#1096406 CVE-2018-4181:
Limited Local File Reads as Root via cupsd.conf Include Directive
bsc#1096407 CVE-2018-4182:
cups-exec Sandbox Bypass Due to Insecure Error Handling
bsc#1096408 CVE-2018-4183:
cups-exec Sandbox Bypass Due to Profile Misconfiguration
- Version upgrade to 2.2.7:
CUPS 2.2.7 is a general bug fix release.
For details see https://github.com/apple/cups/releases
or the CHANGES.md file.
Changes include:
* Additional security fixes for:
bsc#1061066 DBUS library aborts caller process
in _dbus_check_is_valid_utf8 (in particular that aborts cupsd)
and
bsc#1087018 CVE-2017-18248: cups: The add_job function in
scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is
enabled, can be crashed by remote attackers by sending print
jobs with an invalid username, related to a D-Bus notification
which are the CUPS upstream issues
https://github.com/apple/cups/issues/5143
Remote DoS attack against cupsd via invalid username
and malicious D-Bus library
and
https://github.com/apple/cups/issues/5186
squash non-UTF-8 strings into ASCII on plain IPP level
and
https://github.com/apple/cups/issues/5229
persistently substitute invalid job attributes
with default values - not only in add_job
see also
bsc#1087072 dbus-1:
Disable assertions to prevent un-expected DDoS attacks
* NOTICE: Raw print queues are now deprecated (Issue #5269)
so that now there is a warning message when you
add or modify a queue to use the "/raw driver"/ but
raw printing will continue to work through CUPS 2.3.x, cf.
https://lists.cups.org/pipermail/cups/2018-March/074060.html
* Fixed an Avahi crash bug in the scheduler (Issue #5268)
* Systemd did not restart cupsd when configuration changes
were made that required a restart (Issue #5263)
* The scheduler could crash while adding an IPP Everywhere
printer (Issue #5258)
* The scheduler now supports using temporary print queues
for older IPP/1.1 print queues like those shared by CUPS 1.3
and earlier (Issue #5241)
* Kerberized printing to another CUPS server did not work
correctly (Issue #5233)
* More fixes for printing to old CUPS servers (Issue #5211)
* The scheduler now substitutes default values for invalid
job attributes when running in "/relaxed conformance"/
mode (Issue #5186)
* The cups-driverd program incorrectly stopped scanning PPDs
as soon as a loop was seen (Issue #5170)
* The `SSLOptions` directive now supports `MinTLS` and `MaxTLS`
options to control the minimum and maximum TLS versions
that will be allowed, respectively (Issue #5119)
* The scheduler did not write out dirty configuration and
state files if there were open client connections (Issue #5118)
* The `lpadmin` command now provides a better error message when
an unsupported System V interface script is used (Issue #5111)
* No longer support backslash, question mark, or quotes
in printer names (Issue #4966)
* The CUPS library now supports the latest HTTP Digest
authentication specification including support
for SHA-256 (Issue #4862)
* TLS connections now properly timeout (rdar://34938533)
- Make sure cups-libs-<targettype> is removed
- Version upgrade to 2.2.6:
CUPS 2.2.6 is a general bug fix release.
For details see https://github.com/apple/cups/releases
Changes include:
* DBUS notifications could crash the scheduler (Issue #5143)
(see also bsc#1061066 "/DBUS library aborts caller process"/)
- Use again the baselibs.conf from Fri Oct 13 11:11:10 UTC 2017
that got broken by the change on Wed Oct 18 06:11:10 UTC 2017.
- Version upgrade to 2.2.5:
CUPS 2.2.5 is a general bug fix release.
For details see https://github.com/apple/cups/releases
- Version upgrade to 2.2.4:
CUPS 2.2.4 is a general bug fix release.
For details see https://github.com/apple/cups/releases
- Removed
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch
0002-Save-work-on-Avahi-code.patch
0003-Avahi-fixes-for-cupsEnumDests.patch
because since CUPS 2.2.4 it is fixed in the upstream code
via https://github.com/apple/cups/pull/4989 more precisely via
https://github.com/apple/cups/commit/a2187a63425a3d6c05de1e1cbf8c26fd39a1aced
https://github.com/apple/cups/commit/657c5b5f91e6d5120c4ad7b118cf9098dd27f03d
https://github.com/apple/cups/commit/3fae3b337df0be1a766857be741173d8a9915da7
- Fix typo in requires
- Implement shared library packaging guideline [boo#862112]
- Update package descriptions.
- Remove redundant Requires(pre) line — the use of %post -p
already implies it.
- Pre-require user(lp) in cups-libs
- In /usr/lib/tmpfiles.d/cups.conf use
group 'root' for /run/cups/certs (boo#1042916).
- Major backward incompatible change since CUPS 2.2.0:
There is no longer the directory /etc/cups/interfaces because
since CUPS 2.2.0 so called "/System V style Interface Scripts"/
are no longer supported for security reasons (see below the
entry about the changes included in CUPS 2.2.0).
- Disabled cups-2.1.0-cups-systemd-socket.patch
because it does no longer apply which needs to be examined
and decided by someone who knows about systemd internals.
- Disabled
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch
0002-Save-work-on-Avahi-code.patch
0003-Avahi-fixes-for-cupsEnumDests.patch
because they do no longer apply which needs to be examined
and decided by someone who knows about Avahi internals.
- Version upgrade to 2.2.3:
CUPS 2.2.3 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* The IPP backend could get into an infinite loop for certain
errors, causing a hung queue (rdar://problem/28008717)
* The scheduler could pause responding to client requests in
order to save state changes to disk (rdar://problem/28690656)
* Added support for PPD finishing keywords
(Issue #4960, Issue #4961, Issue #4962)
* The IPP backend did not send a media-col attribute for just
the source or type (Issue #4963)
* IPP Everywhere print queues did not always support all print
qualities supported by the printer (Issue #4953)
* IPP Everywhere print queues did not always support all media
types supported by the printer (Issue #4953)
* The IPP Everywhere PPD generator did not return useful error
messages (Issue #4954)
* The IPP Everywhere finishings support did not work correctly
with common UI or command-line options (Issue #4976)
* Fixed an error handling issue for the network backends
(Issue #4979)
* The "/reprint job"/ option was not available for some canceled
jobs (Issue #4915)
* Updated the job listing in the web interface (Issue #4978)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.2:
CUPS 2.2.2 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Fixed some issues with IPP Everywhere printer support
(Issue #4893, Issue #4909, Issue #4916, Issue #4921,
Issue #4923, Issue #4932, Issue #4933, Issue #4938)
* The rastertopwg filter could crash with certain input
(Issue #4942)
* The scheduler did not detect when an encrypted connection
was closed by the client on Linux (Issue #4901)
* The cups-lpd program did not catch all legacy usage
of ISO-8859-1 (Issue #4899)
* The scheduler no longer creates log files on startup
(<rdar://problem/28332470>)
* The ippContainsString function now uses case-insensitive
comparisons for mimeMediaType, name, and text values in
conformance with RFC 2911.
* The network backends now log the addresses that were found
for a printer (<rdar://problem/29268474>)
* Let's Encrypt certificates did not work when the hostname
contained uppercase letters (Issue #4919)
* Fixed reporting of printed pages in the web interface
(Issue #4924)
* Updated systemd config files (Issue #4935)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.1:
CUPS 2.2.1 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Added "/CreateSelfSignedCerts"/ directive for cups-files.conf
to control whether the scheduler automatically creates
its own self-signed X.509 certificates for TLS connections
(Issue #4876)
* http*Connect did not handle partial failures (Issue #4870)
* cupsHashData did not use the correct hashing algorithm
(<rdar://problem/28209220>)
* Updated man pages (PR #4885)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.2.0:
CUPS 2.2.0 adds support for local IPP Everywhere print queues
and includes several performance and security improvements.
See https://github.com/apple/cups/releases
Changes include:
* Normalized the TLS certificate validation code and added
additional error messages to aid troubleshooting.
* http*Connect did not work on Linux when cupsd was not running
(Issue #4870)
* The --no-remote-any option of cupsctl had no effect
(Issue #4866)
* http*Connect did not return early when all addresses failed
(Issue #4870)
* The IPP backend did not validate TLS credentials properly.
* The printer-state-message attribute was not cleared after a
print job with no errors (Issue #4851)
* The CUPS-Add-Modify-Class and CUPS-Add-Modify-Printer
operations did not always return an error for failed
adds (Issue #4854)
* PPD files with names longer than 127 bytes did not work
(Issue #4860)
* CUPS now supports Let's Encrypt certificates on Linux.
* All CUPS commands now support POSIX options (Issue #4813)
* The scheduler now restarts faster (Issue #4760)
* Improved performance of web interface with large numbers
of jobs (Issue #3819)
* Encrypted printing can now be limited to only trusted
printers and servers (<rdar://problem/25711658>)
* The scheduler now advertises PWG Raster attributes for
IPP Everywhere clients (Issue #4428)
* The scheduler now logs informational messages for jobs
at LogLevel "/info"/ (Issue #4815)
* The scheduler now uses the getgrouplist function
when available (Issue #4611)
* The IPP backend no longer enables compression by default
except for certain raster formats that generally benefit
from it (<rdar://problem/25166952>)
* The scheduler did not handle out-of-disk situations
gracefully (Issue #4742)
* The LPD mini-daemon now detects invalid UTF-8 sequences
in job, document, and user names (Issue #4748)
* The IPP backend now continues on to the next job
when the remote server/printer puts the job on hold
(<rdar://problem/24858548>)
* The scheduler did not cancel multi-document jobs immediately
(<rdar://problem/24854834>)
* The scheduler did not return non-shared printers to local
clients unless they connected to the domain socket
(<rdar://problem/24566996>)
* The scheduler now reads the spool directory if one or more
job cache entries point to deleted jobs
(<rdar://problem/24048846>)
* Added support for disc media sizes (<rdar://problem/20219536>)
* The httpAddrConnect and httpConnect* APIs now try connecting
to multiple addresses in parallel (<rdar://problem/20643153>)
* Interface scripts are no longer supported for security reasons
(<rdar://problem/23135640>)
A detailed list of changes can be found in the CHANGES.txt file.
- Version upgrade to 2.1.4:
CUPS 2.1.4 is a general bug fix release.
See https://github.com/apple/cups/releases
Changes include:
* Fixed reporting of 1284 Device IDs (Issue #3835, PR #3836)
* Fixed printing of multiple files to raw queues (Issue #4782)
* The scheduler did not implement the Hold-New-Jobs opertion
correctly (Issue #4767)
* The cups-lpd mini-daemon incorrectly included the document-name
attribute when creating a job. It should only be included when
sending a job (Issue #4790)
A detailed list of changes can be found in the CHANGES.txt file.
- Replace krb5-devel BuildRequires with pkgconfig(krb5) on
suse_version >= 1315: give OBS a better chance to break up build
cycles.
- Drop cups-1.7.5-cupsEnumDests-react-to-all-for-now.diff and add
0001-Update-cupsEnumDests-implementation-to-return-early-if-all.patch,
0002-Save-work-on-Avahi-code.patch and
0003-Avahi-fixes-for-cupsEnumDests.patch which is what upstream
finally commited to cups 2.2 sources in response to
https://github.com/apple/cups/pull/4989 in order to fix cupsEnumDests
to react to the ALL_FOR_NOW avahi event (and also include a similar
fix for the dnssd case). Related to bsc#955432.
- Add cups-2.1.3-cupsEnumDests-react-to-all-for-now.diff .
Avahi sends an ALL_FOR_NOW event when it finishes sending
its cache contents. This patch makes cupsEnumDests finish
when the signal is received so it doesn't block the caller
doing nothing until the timeout finishes (related to bsc#955432,
submitted upstream at https://github.com/apple/cups/pull/4989)
- Add /etc/cups to cups-libs package [bsc#1025689]
- Replace pkgconfig(libsystemd-daemon) BuildRequires with
pkgconfig(libsystemd) on openSUSE 13.2 and newer: the various
sub-libraries have been merged into libsystemd since version 209.
openSUSE 13.1 was the last product to ship systemd 208.
- Remove CUPS.desktop and pixmap
* Obsoletes patch cups-1.3.9-desktop_file.patch
- Version upgrade to 2.1.3:
CUPS 2.1.3 fixes some issues in the scheduler, sample drivers,
and user commands.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* The scheduler should not exit under memory pressure
(<rdar://problem/23255001>)
* Fixed some issues in ipptool for skipped tests
(<rdar://problem/24137160>)
* The "/lp -H resume"/ command did not reset the
"/job-state-reasons"/ attribute value (STR #4752)
* The scheduler did not allow access to resource files
(icons, etc.) when the web interface was disabled (STR #4755)
- Version upgrade to 2.1.2:
CUPS 2.1.2 fixes an issue in the 2.1.1 source archives which
actually contained a current 2.2 snapshot.
There are no other changes.
- Version upgrade to 2.1.1:
CUPS 2.1.1 fixes a number of USB and IPP printing issues,
addresses some error reporting and hardening issues in
the scheduler, and updates some localizations.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* Security hardening fixes (<rdar://problem/23131948>,
<rdar://problem/23132108>, <rdar://problem/23132353>,
<rdar://problem/23132803>, <rdar://problem/23133230>,
<rdar://problem/23133393>, <rdar://problem/23133466>,
<rdar://problem/23133833>, <rdar://problem/23133998>,
<rdar://problem/23134228>, <rdar://problem/23134299>,
<rdar://problem/23134356>, <rdar://problem/23134415>,
<rdar://problem/23134506>, <rdar://problem/23135066>,
<rdar://problem/23135122>, <rdar://problem/23135207>,
<rdar://problem/23144290>, <rdar://problem/23144358>,
<rdar://problem/23144461>)
* The cupsGetPPD* functions did not work with IPP printers
(STR #4725)
* Some older HP LaserJet printers need a delayed close when
printing using the libusb-based USB backend (STR #4549)
* The libusb-based USB backend did not unload the kernel usblp
module if it was preventing the backend from accessing the
printer (STR #4707)
* Current Primera printers were incorrectly reported as Fargo
printers (STR #4708)
* The IPP backend did not always handle jobs getting canceled
at the printer (<rdar://problem/22716820>)
* Added USB quirk for Canon MP530 (STR #4730)
* The scheduler did not deliver job notifications for jobs
submitted to classes (STR #4733)
* Changing the printer-is-shared value for a remote queue
did not produce an error (STR #4738)
* The IPP backend incorrectly included the job-password
attribute in Validate-Job requests (<rdar://problem/23531939>)
- add -devel to build a 32bit wine on 64bit only Leap systems.
- Version upgrade to 2.1.0:
CUPS 2.1.0 offers improved support for IPP Everywhere,
adds support for advanced logging using journald on Linux, and
includes new security features for encrypted printing and
reduced network visibility in the default configuration.
A detailed list of changes can be found in the CHANGES.txt file.
Changes include (excerpt):
* Added support for 3D printers (basic types only,
no built-in filters) based on PWG white paper.
* The IPP backend now stops sending print data
if the printer indicates the job has been aborted
or canceled (<rdar://problem/17837631>)
* The IPP backend now sends the job-pages-per-set
attribute when printing multiple copy jobs with
finishings (<rdar://problem/16792757>)
* The IPP backend now updates the cupsMandatory values when the
printer configuration changes (<rdar://problem/18126570>)
* No longer install banner files since third-party banner
filters now supply their own (STR #4518)
* The scheduler no longer listens on the loopback
interface unless the web interface or printer sharing
are enabled (<rdar://problem/9136448>)
* Added a PPD generator for IPP Everywhere printers (STR #4258)
* Now install "/default"/ versions of more configuration
files (<rdar://problem/19024491>) in particular
cups-files.conf.default and snmp.conf.default
* Added SSLOptions values to allow Diffie-Hellman key exchange
and disable TLS/1.0 support.
* Updated the scheduler to support more IPP Everywhere
attributes (STR #4630)
* The scheduler now supports advanced ASL and journald logging
when "/syslog"/ output is configured (STR #4474)
* The scheduler now supports logging to stderr when running
in the foreground (STR #4505)
- Adapted patches so that they apply to CUPS 2.1.0 sources:
* cups-2.1.0-choose-uri-template.patch replaces
cups-1.2rc1-template.patch
* cups-2.1.0-default-webcontent-path.patch replaces
cups-1.4.3-default-webcontent-path.patch
* cups-2.1.0-cups-systemd-socket.patch replaces
cups-systemd-socket.patch
- Fix bnc#943950, escape the macro call %systemd-tmpfiles
in comment.
- Add gpg verification for the tarball
- Version update to 2.0.4:
* Fixed a bug in cupsRasterWritePixels (STR #4650)
* Fixed redirection in the web interface (STR #4538)
* The IPP backend did not respond to side-channel
requests (STR #4645)
* The scheduler did not start all pending jobs
at once (STR #4646)
* The web search incorrectly searched time-at-xxx
values (STR #4652)
* Fixed an RPM spec file issue (STR #4657)
* The scheduler incorrectly started jobs while canceling
multiple jobs (STR #4648)
* Fixed processing of server overrides without
port numbers (STR #4675)
* Documentation changes (STR #4651, STR #4674)
- cups-2.0.3-additional_policies.patch replaces
cups-1.7-additional_policies.patch that still adds the same
"/allowallforanybody"/ policy but now with separated "/Limit All"/
to avoid https://www.cups.org/str.php?L4659 (boo#936309).
- Added "/-p /bin/bash"/ to RPM shell commands scriptlets that
enforces bash to be safe against any possible "/bashisms"/, cf
https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets
- Fix the previous commit by using direct systemd call and
ensuring we work even on older distros
- Fix postin-without-tmpfile-creation and run %tmpfiles_create
macro on our cups.conf
- Version upgrade to 2.0.3:
The new release addresses two security vulnerabilities,
add localizations for German and Russian, and includes several
general bug fixes. Changes include (excerpt):
* Security: Fixed CERT VU #810572 CVE-2015-1158 CVE-2015-1159
exploiting the dynamic linker (STR #4609) (bsc#924208)
* Security: The scheduler could hang with malformed gzip data
(STR #4602)
* Restored missing generic printer icon file (STR #4587)
* Fixed logging of configuration errors to show up as errors
(STR #4582)
* Fixed potential buffer overflows in raster code and filters
(STR #4598, STR #4599, STR #4600, STR #4601)
* Fixed <Limit> inside <Location> (STR #4575)
* Fixed lpadmin when both -m and -o are used (STR #4578)
* The web interface always showed support for 2-sided printing
(STR #4595)
* cupsRasterReadHeader did not fully validate the raster header
(STR #4596)
* The rastertopwg filter did not check for truncated input
(STR #4597)
* The cups-lpd mini-daemon did not check for request parameters
(STR #4603)
* The scheduler could get caught in a busy loop (STR #4605)
* The sample Epson driver could crash (STR #4616)
* The IPP backend now correctly monitors jobs
(<rdar://problem/20495955>)
* The ppdhtml and ppdpo utilities crashed when the -D option
was used before a driver information file (STR #4627)
* ippfind incorrectly substituted "/=port"/ for service_port.
* The IPP/1.1 test file did not handle the initial print job
completing early (STR #4576)
* Fixed a memory leak in cupsConnectDest (STR #4634)
* PWG Raster Format output contained invalid ImageBox values
(<rdar://problem/21144309>)
* Added Russian translation (STR #4577)
* Added German translation (STR #4635)
- cups-busy-loop.patch fixed STR #4605 is obsolete because
it is fixed upstream (see above).
- cleaned up this whole RPM changlog (wrapped too long lines if
possible and removed trailing whitespaces).
- Add patch cups-busy-loop.patch to fix rh#1179596 , cups#4605
- Add back the posttrans cleanup script as it is needed
- Add patch cups-systemd-socket.patch to fix socket activation
and to match socket approach Fedora has.
- Version bump to 2.0.2:
* Security: cupsRasterReadPixels buffer overflow with invalid
page header and compressed raster data (STR #4551)
* Mapping of PPD keywords to IPP keywords did not work if the PPD
keyword was already an IPP keyword (<rdar://problem/19121005>)
* cupsGetPPD* sent bad requests (STR #4567)
* For detailed list see CHANGES.txt file
- Enable PIE for build
- Remove legacy paralel-port support as it is not really needed
as most do not want it
- Update descriptions to just state what changed and let user
find it out.
- Add back comment about %fdupes
- Remove exit 0 on scriptlets as it is provided by
the %service bla ones already
- Fix the comment about openSUSE version on tmpfilesdir declaration
- cups-2.0.1 update:
* lengthy list of changes see the upstream CHANGES.txt that is
distributed with the package
* Disabling of sslv3 to mitigate poodle
- Use gnutls to provide SSLOPtions configuration directive
* openssl is no longer supported upstream
* Remove the with-openssl-exception from license
- Remove cups.sysconfig as it is not used with systemd based distros
- Purposely lose support for SLE11 as it doubles size of some of the
sections and keep suppor for openSUSE+SLE12
* even with the conditions we would have to go unencrypted only
as needs newer gnutls, so don't bother with keeping the compat
- Use upstream service and socket files to allow more working tools
- Removed patches:
* cups-0001-systemd-add-systemd-socket-activation-and-unit-files.patch
* cups-0002-systemd-listen-only-on-localhost-for-socket-activation.patch
* cups-0003-systemd-secure-cups.service-unit-file.patch
* cups-1.3.6-access_conf.patch
* cups-1.5-additional_policies.patch
* cups-1.5.4-CVE-2012-5519.patch
* cups-1.5.4-strftime.patch
* cups-move-everything-to-run.patch
* cups-polld_avoid_busy_loop.patch
* cups-provides-cupsd-service.patch
* str4190.patch
* str4351.patch
* str4450.CVE-2014-3537.str4455.CVE-2014-5029.CVE-2014-5030.CVE-2014-5031.CUPS-1.5.4.patch
- Refreshed patches:
* cups-1.3.9-desktop_file.patch
* cups-config-libs.patch
- Added patches:
* cups-1.7-additional_policies.patch
* cups-systemd-socket.patch
- curl
-
- Security fix: [bsc#1188220, CVE-2021-22925]
* TELNET stack contents disclosure again
* Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
* Bad connection reuse due to flawed path name checks
* Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
* Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
* Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
* TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
- Add curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- Security fix: [bsc#1183934, CVE-2021-22890]
* When using a HTTPS proxy and TLS 1.3, libcurl can confuse
session tickets arriving from the HTTPS proxy but work as
if they arrived from the remote server and then wrongly
"/short-cut"/ the host handshake.
- Add curl-CVE-2021-22890.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
* The automatic referer leaks credentials
- Add curl-CVE-2021-22876.patch
- Security fix: [bsc#1179593, CVE-2020-8286]
* Inferior OCSP verification: libcurl offers "/OCSP stapling"/ via
the 'CURLOPT_SSL_VERIFYSTATUS' option that, when set, verifies
the OCSP response that a server responds with as part of the TLS
handshake. It then aborts the TLS negotiation if something is
wrong with the response. The same feature can be enabled with
'--cert-status' using the curl tool.
* As part of the OCSP response verification, a client should verify
that the response is indeed set out for the correct certificate.
This step was not performed by libcurl when built or told to use
OpenSSL as TLS backend.
- Add curl-CVE-2020-8286.patch
- Security fix: [bsc#1179399, CVE-2020-8285]
* FTP wildcard stack overflow: The wc_statemach() internal
function has been rewritten to use an ordinary loop instead of
the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1179398, CVE-2020-8284]
* Trusting FTP PASV responses: When curl performs a passive FTP
transfer, it first tries the 'EPSV' command and if that is not
supported, it falls back to using 'PASV'. A malicious server
can use the 'PASV' response to trick curl into connecting
back to a given IP address and port, and this way potentially
make curl extract information about services that are otherwise
private and not disclosed.
* The IP address part of the response is now ignored by default,
by making 'CURLOPT_FTP_SKIP_PASV_IP' default to '1L'. The same
goes for the command line tool, which then might need
'--no-ftp-skip-pasv-ip' set to prevent curl from ignoring the
address in the server response.
- Add curl-CVE-2020-8284.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
* An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then.
- Add curl-CVE-2020-8231.patch
- Security fix: [bsc#1173027, CVE-2020-8177]
* curl can be tricked my a malicious server to overwrite a local
file when using '-J' ('--remote-header-name') and '-i' ('--head')
in the same command line.
- Add curl-CVE-2020-8177.patch
- Security fix: [bsc#1173026, CVE-2020-8169]
* Partial password leak over DNS on HTTP redirect
- Add curl-CVE-2020-8169.patch
- Fix segfault in zypper ref: [bsc#1156481]
* remove_handle: clear expire timers after multi_done()
* Add patch curl-expire-clear.patch
- Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481]
[bsc#1149604, bsc#1149572, jsc#SLE-9295]
* Changes:
- CURLINFO_RETRY_AFTER: parse the Retry-After header value
- HTTP3: initial (experimental still not working) support
- curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
- curl: support parallel transfers with -Z
- curl_multi_poll: a sister to curl_multi_wait() that waits more
- sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
* Bugfixes:
- CVE-2019-5481: FTP-KRB double-free
- CVE-2019-5482: TFTP small blocksize heap buffer overflow
- CMake: remove needless newlines at end of gss variables
- CMake: use platform dependent name for dlopen() library
- CURLINFO docs: mention that in redirects times are added
- CURLOPT_ALTSVC.3: use a "/"/ file name to not load from a file
- CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED
- CURLOPT_HEADERFUNCTION.3: clarify
- CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly
- CURLOPT_READFUNCTION.3: provide inline example
- CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2
- Curl_addr2string: take an addrlen argument too
- Curl_fillreadbuffer: avoid double-free trailer buf on error
- HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown
- alt-svc: add protocol version selection masking
- alt-svc: fix removal of expired cache entry
- alt-svc: make it use h3-22 with ngtcp2 as well
- alt-svc: more liberal ALPN name parsing
- alt-svc: send Alt-Used: in redirected requests
- alt-svc: with quiche, use the quiche h3 alpn string
- asyn-thread: create a socketpair to wait on
- cleanup: move functions out of url.c and make them static
- cleanup: remove the 'numsocks' argument used in many places
- configure: avoid undefined check_for_ca_bundle
- curl.h: add CURL_HTTP_VERSION_3 to the version enum
- curl: cap the maximum allowed values for retry time arguments
- curl: handle a libcurl build without netrc support
- curl: make use of CURLINFO_RETRY_AFTER when retrying
- curl: use CURLINFO_PROTOCOL to check for HTTP(s)
- curl_global_init_mem.3: mention it was added in 7.12.0
- curl_version: bump string buffer size to 250
- curl_version_info.3: mentioned ALTSVC and HTTP3
- curl_version_info: offer quic (and h3) library info
- curl_version_info: provide nghttp2 details
- defines: avoid underscore-prefixed defines
- docs/ALTSVC: remove what works and the experimental explanation
- docs/EXPERIMENTAL: explain what it means and what's experimental now
- docs/MANUAL.md: converted to markdown from plain text
- docs/examples/curlx: fix errors
- docs: s/curl_debug/curl_dbg_debug in comments and docs
- easy: resize receive buffer on easy handle reset
- examples: Avoid reserved names in hiperfifo examples
- examples: add http3.c, altsvc.c and http3-present.c
- http09: disable HTTP/0.9 by default in both tool and library
- http2: when marked for closure and wanted to close == OK
- http2_recv: trigger another read when the last data is returned
- http: fix use of credentials from URL when using HTTP proxy
- http_negotiate: improve handling of gss_init_sec_context() failures
- md4: Use our own MD4 when no crypto libraries are available
- multi: call detach_connection before Curl_disconnect
- nss: use TLSv1.3 as default if supported
- openssl: build warning free with boringssl
- openssl: use SSL_CTX_set__proto_version() when available
- plan9: add support for running on Plan 9
- progress: reset download/uploaded counter between transfers
- readwrite_data: repair setting the TIMER_STARTTRANSFER stamp
- scp: fix directory name length used in memcpy
- smb: init *msg to NULL in smb_send_and_recv()
- smtp: check for and bail out on too short EHLO response
- source: remove names from source comments
- spnego_sspi: add typecast to fix build warning
- src/makefile: fix uncompressed hugehelp.c generation
- ssh-libssh: do not specify O_APPEND when not in append mode
- ssh: move code into vssh for SSH backends
- sspi: fix memory leaks
- tests: Replace outdated test case numbering documentation
- tftp: return error when packet is too small for options
- timediff: make it 64 bit (if possible) even with 32 bit time_t
- travis: reduce number of torture tests in 'coverage'
- url: make use of new HTTP version if alt-svc has one
- urlapi: verify the IPv6 numerical address
- urldata: avoid 'generic', use dedicated pointers
- vauth: Use CURLE_AUTH_ERROR for auth function errors
* Removed patches:
- curl-CVE-2018-0500.patch
- curl-CVE-2018-14618.patch
- curl-CVE-2018-16839.patch
- curl-CVE-2018-16840.patch
- curl-CVE-2018-16842.patch
- curl-CVE-2018-16890.patch
- curl-CVE-2019-3822.patch
- curl-CVE-2019-3823.patch
- curl-CVE-2019-5436.patch
- curl-CVE-2019-5481.patch
- curl-CVE-2019-5482.patch
- Security fix: [bsc#1149496,CVE-2019-5482]
* TFTP small blocksize heap buffer overflow
* Added curl-CVE-2019-5482.patch
- Security fix: [bsc#1149495,CVE-2019-5481]
* FTP-KRB: double-free during kerberos FTP data transfer
* Added curl-CVE-2019-5481.patch
- Update to 7.65.3
* progress: make the progress meter appear again
- Update to 7.65.2
* Bugfixes:
- CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH
- CMake: Fix finding Brotli on case-sensitive file systems
- CURLOPT_RANGE.3: Caution against using it for HTTP PUT
- CURLOPT_SEEKDATA.3: fix variable name
- bindlocal: detect and avoid IP version mismatches in bind()
- build: fix Codacy warnings
- c-ares: honor port numbers in CURLOPT_DNS_SERVERS
- config-os400: add getpeername and getsockname defines
- configure: --disable-progress-meter
- configure: fix --disable-code-coverage
- configure: more --disable switches to toggle off individual features
- configure: remove CURL_DISABLE_TLS_SRP
- conn_maxage: move the check to prune_dead_connections()
- curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds
- docs: Explain behavior change in --tlsv1. options since 7.54
- docs: Fix links to OpenSSL docs
- docs: fix string suggesting HTTP/2 is not the default
- headers: Remove no longer exported functions
- http2: call done_sending on end of upload
- http2: don't call stream-close on already closed streams
- http2: remove CURL_DISABLE_TYPECHECK define
- http: allow overriding timecond with custom header
- http: clarify header buffer size calculation
- krb5: fix compiler warning
- lib: Use UTF-8 encoding in comments
- libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS
- multi: enable multiplexing by default (again)
- multi: fix the transfer hashes in the socket hash entries
- multi: make sure 'data' can present in several sockhash entries
- netrc: Return the correct error code when out of memory
- nss: don't set unused parameter
- nss: inspect returnvalue of token check
- nss: only cache valid CRL entries
- openssl: define HAVE_SSL_GET_SHUTDOWN based on version number
- openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined
- openssl: fix pubkey/signature algorithm detection in certinfo
- os400: make vsetopt() non-static as Curl_vsetopt() for os400 support
- quote.d: asterisk prefix works for SFTP as well
- runtests: keep logfiles around by default
- runtests: report single test time + total duration
- test1165: verify that CURL_DISABLE_ symbols are in sync
- test1521: adapt to SLISTPOINT
- test1523: test CURLOPT_LOW_SPEED_LIMIT
- test153: fix content-length to avoid occasional hang
- test188/189: fix Content-Length
- tests: have runtests figure out disabled features
- tests: support non-localhost HOSTIP for dict/smb servers
- tests: update fixed IP for hostip/clientip split
- tool_cb_prg: Fix integer overflow in progress bar
- typecheck: CURLOPT_CONNECT_TO takes an slist too
- typecheck: add 3 missing strings and a callback data pointer
- unit1654: cleanup on memory failure
- unpause: trigger a timeout for event-based transfers
- url: Fix CURLOPT_MAXAGE_CONN time comparison
- Rebased patch curl-use_OPENSSL_config.patch
- Disable new added failing test1165
- Update to 7.65.1
* Bugfixes:
- CURLOPT_LOW_SPEED_* repaired
- NTLM: reset proxy "/multipass"/ state when CONNECT request is done
- PolarSSL: deprecate support step 1. Removed from configure
- cmake: check for if_nametoindex()
- cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
- conncache: Remove the DEBUGASSERT on length check
- conncache: make "/bundles"/ per host name when doing proxy tunnels
- curl_share_setopt.3: improve wording
- dump-header.d: spell out that no headers == empty file
- example/http2-download: fix format specifier
- examples: cleanups and compiler warning fixes
- http2: Stop drain from being permanently set
- http: don't parse body-related headers in bodyless responses
- md4: build correctly with openssl without MD4
- md4: include the mbedtls config.h to get the MD4 info
- multi: track users of a socket better
- nss: allow to specify TLS 1.3 ciphers if supported by NSS
- parse_proxy: make sure portptr is initialized
- parse_proxy: use the IPv6 zone id if given
- sectransp: handle errSSLPeerAuthCompleted from SSLRead()
- singlesocket: use separate variable for inner loop
- ssl: Update outdated "/openssl-only"/ comments for supported backends
- tests: add HAProxy keywords
- tests: make test 1420 and 1406 work with rtsp-disabled libcurl
- tls13-docs: mention it is only for OpenSSL >= 1.1.1
- tool_setopt: for builds with disabled-proxy, skip all proxy setopts()
- url: fix bad feature-disable #ifdef
- url: use correct port in ConnectionExists()
- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
* Changes:
- CURLOPT_DNS_USE_GLOBAL_CACHE: removed
- CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
- pipelining: removed
* Bugfixes:
- CVE-2019-5435: Integer overflows in curl_url_set
- CVE-2019-5436: tftp: use the current blksize for recvfrom()
- --config: clarify that initial : and = might need quoting
- CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
- CURLOPT_ADDRESS_SCOPE: fix range check and more
- CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
- CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
- CURL_MAX_INPUT_LENGTH: largest acceptable string input size
- Curl_disconnect: treat all CONNECT_ONLY connections as "/dead"/
- OS400/ccsidcurl: replace use of Curl_vsetopt
- OpenSSL: Report -fips in version if OpenSSL is built with FIPS
- WRITEFUNCTION: add missing set_in_callback around callback
- altsvc: Fix building with cookies disabled
- auth: Rename the various authentication clean up functions
- base64: build conditionally if there are users
- cmake: avoid linking executable for some tests with cmake 3.6+
- cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
- cmake: set SSL_BACKENDS
- configure: avoid unportable '==' test(1) operator
- configure: error out if OpenSSL wasn't detected when asked for
- configure: fix default location for fish completions
- cookie: Guard against possible NULL ptr deref
- curl: make code work with protocol-disabled libcurl
- curl: report error for "/--no-"/ on non-boolean options
- curlver.h: use parenthesis in CURL_VERSION_BITS macro
- docs/INSTALL: fix broken link
- doh: acknowledge CURL_DISABLE_DOH
- doh: disable DOH for the cases it doesn't work
- examples: remove unused variables
- ftplistparser: fix LGTM alert "/Empty block without comment"/
- hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
- http: acknowledge CURL_DISABLE_HTTP_AUTH
- http: mark bundle as not for multiuse on < HTTP/2 response
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
- http_negotiate: do not treat failure of gss_init_sec_context() as fatal
- http_ntlm: Corrected the name of the include guard
- http_ntlm_wb: Handle auth for only a single request
- http_ntlm_wb: Return the correct error on receiving an empty auth message
- lib509: add missing include for strdup
- lib557: initialize variables
- mbedtls: enable use of EC keys
- mime: acknowledge CURL_DISABLE_MIME
- multi: improved HTTP_1_1_REQUIRED handling
- netrc: acknowledge CURL_DISABLE_NETRC
- nss: allow fifos and character devices for certificates
- nss: provide more specific error messages on failed init
- ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
- openssl: mark connection for close on TLS close_notify
- openvms: Remove pre-processor for SecureTransport
- parse_proxy: use the URL parser API
- parsedate: disabled on CURL_DISABLE_PARSEDATE
- pingpong: disable more when no pingpong protocols are enabled
- polarssl_threadlock: remove conditionally unused code
- progress: acknowledge CURL_DISABLE_PROGRESS_METER
- proxy: acknowledge DISABLE_PROXY more
- resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
- revert "/multi: support verbose conncache closure handle"/
- sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- sasl: only enable if there's a protocol enabled using it
- singleipconnect: show port in the verbose "/Trying ..."/ message
- socks5: user name and passwords must be shorter than 256
- socks: fix error message
- socksd: new SOCKS 4+5 server for tests
- spnego_gssapi: fix return code on gss_init_sec_context() failure
- ssh-libssh: remove unused variable
- ssh: define USE_SSH if SSH is enabled (any backend)
- ssh: move variable declaration to where it's used
- test1002: correct the name
- test2100: Fix typos in test description
- tests: Run global cleanup at end of tests
- tests: make Impacket (SMB server) Python 3 compatible
- tool_cb_wrt: fix bad-function-cast warning
- tool_formparse: remove redundant assignment
- tool_help: Warn if curl and libcurl versions do not match
- tool_help: include for strcasecmp
- url: always clone the CUROPT_CURLU handle
- url: convert the zone id from a IPv6 URL to correct scope id
- urlapi: add CURLUPART_ZONEID to set and get
- urlapi: increase supported scheme length to 40 bytes
- urlapi: require a non-zero host name length when parsing URL
- urlapi: stricter CURLUPART_PORT parsing
- urlapi: strip off zone id from numerical IPv6 addresses
- urlapi: urlencode characters above 0x7f correctly
- vauth/cleartext: update the PLAIN login to match RFC 4616
- vauth/oauth2: Fix OAUTHBEARER token generation
- vauth: Fix incorrect function description for Curl_auth_user_contains_domain
- vtls: fix potential ssl_buffer stack overflow
- wildcard: disable from build when FTP isn't present
- xattr: skip unittest on unsupported platforms
- Security fix [bsc#1135170, CVE-2019-5436]
* A heap buffer overflow exists in tftp_receive_packet that
receives data from a TFTP server
* Added curl-CVE-2019-5436.patch
- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
* Changes:
- alt-svc: experiemental support added
- configure: add --with-amissl
* Bugfixes:
- AppVeyor: switch VS 2015 builds to VS 2017 image
- CURLU: fix NULL dereference when used over proxy
- Curl_easy: remove req.maxfd - never used!
- Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
- DoH: inherit some SSL options from user's easy handle
- Secure Transport: no more "/darwinssl"/
- Secure Transport: tvOS 11 is required for ALPN support
- cirrus: Added FreeBSD builds using Cirrus CI
- cleanup: make local functions static
- cli tool: do not use mime.h private structures
- cmdline-opts/proxytunnel.d: the option tunnnels all protocols
- configure: add additional libraries to check for LDAP support
- configure: remove the unused fdopen macro
- configure: show features as well in the final summary
- conncache: use conn->data to know if a transfer owns it
- connection: never reuse CONNECT_ONLY connections
- connection_check: restore original conn->data after the check
- connection_check: set ->data to the transfer doing the check
- cookie: Add support for cookie prefixes
- cookies: dotless names can set cookies again
- cookies: fix NULL dereference if flushing cookies with no CookieInfo set
- curl.1: --user and --proxy-user are hidden from ps output
- curl.1: mark the argument to --cookie as
- curl.h: use __has_declspec_attribute for shared builds
- curl: display --version features sorted alphabetically
- curl: fix FreeBSD compiler warning in the --xattr code
- curl: remove MANUAL from -M output
- curl_easy_duphandle.3: clarify that a duped handle has no shares
- curl_multi_remove_handle.3: use at any time, just not from within callbacks
- curl_url.3: this API is not experimental anymore
- dns: release sharelock as soon as possible
- docs: update max-redirs.d phrasing
- examples/10-at-a-time.c: improve readability and simplify
- examples/cacertinmem.c: use multiple certificates for loading CA-chain
- examples/crawler: Fix the Accept-Encoding setting
- examples/ephiperfifo.c: various fixes
- examples/externalsocket: add missing close socket calls
- examples/http2-download: cleaned up
- examples/http2-serverpush: add some sensible error checks
- examples/http2-upload: cleaned up
- examples/httpcustomheader: Value stored to 'res' is never read
- examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
- examples/sftpuploadresume: Value stored to 'result' is never read
- examples: only include
- examples: remove recursive calls to curl_multi_socket_action
- examples: remove superfluous null-pointer checks
- file: fix "/Checking if unsigned variable 'readcount' is less than zero."/
- fnmatch: disable if FTP is disabled
- gnutls: remove call to deprecated gnutls_compression_get_name
- gopher: remove check for path == NULL
- gssapi: fix deprecated header warnings
- hostip: make create_hostcache_id avoid alloc + free
- http2: multi_connchanged() moved from multi.c, only used for h2
- http2: verify :athority in push promise requests
- http: make adding a blank header thread-safe
- http: send payload when (proxy) authentication is done
- http: set state.infilesize when sending multipart formposts
- makefile: make checksrc and hugefile commands "/silent"/
- mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
- mbedtls: release sessionid resources on error
- memdebug: log pointer before freeing its data
- memdebug: make debug-specific functions use curl_dbg_ prefix
- mime: put the boundary buffer into the curl_mime struct
- multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
- multi: remove verbose "/Expire in"/ ... messages
- multi: removed unused code for request retries
- multi: support verbose conncache closure handle
- negotiate: fix for HTTP POST with Negotiate
- openssl: add support for TLS ASYNC state
- openssl: if cert type is ENG and no key specified, key is ENG too
- pretransfer: don't strlen() POSTFIELDS set for GET requests
- rand: Fix a mismatch between comments in source and header
- runtests: detect "/schannel"/ as an alias for "/winssl"/
- schannel: be quiet - remove verbose output
- schannel: close TLS before removing conn from cache
- schannel: support CALG_ECDH_EPHEM algorithm
- scripts/completion.pl: also generate fish completion file
- singlesocket: fix the 'sincebefore' placement
- source: fix two 'nread' may be used uninitialized warnings
- ssh: fix Condition '!status' is always true
- ssh: loop the state machine if not done and not blocking
- strerror: make the strerror function use local buffers
- test578: make it read data from the correct test
- tests: Fixed XML validation errors in some test files
- tests: add stderr comparison to the test suite
- tests: fix multiple may be used uninitialized warnings
- threaded-resolver: shutdown the resolver thread without error message
- tool_cb_wrt: fix writing to Windows null device NUL
- tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
- tool_operate: build on AmigaOS
- tool_operate: fix typecheck warning
- transfer.c: do not compute length of undefined hex buffer
- travis: add build using gnutls
- travis: add scan-build
- travis: bump the used wolfSSL version to 4.0.0
- travis: enable valgrind for the iconv tests
- travis: use updated compiler versions: clang 7 and gcc 8
- unit1307: require FTP support
- unit1651: survive curl_easy_init() fails
- url/idnconvert: remove scan for <= 32 ascii values
- url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
- urlapi: reduce variable scope, remove unreachable 'break'
- urldata: convert bools to bitfields and move to end
- urldata: simplify bytecounters
- urlglob: Argument with 'nonnull' attribute passed null
- version.c: silent scan-build even when librtmp is not enabled
- vtls: rename some of the SSL functions
- wolfssl: stop custom-adding curves
- x509asn1: "/Dereference of null pointer"/
- x509asn1: cleanup and unify code layout
- zsh.pl: escape ':' character
- zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
* curl-singlesocket-sincebefore-placement.patch
- Fix variable placement that wasn't properly reset within a loop
missing to notify sockets. [bsc#1129083, bsc#1129470]
* Added curl-singlesocket-sincebefore-placement.patch
- Add patches to fix use-after-free (boo#1127849):
* 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
* 0002-connection_check-restore-original-conn-data-after-th.patch
- BuildRequire libcurl4-mini for !bootstrap to avoid build cycles
due to cmake pulling libcurl4
- update to version 7.64.0
[bcs#1123371, CVE-2018-16890][bcs#1123377, CVE-2019-3822]
[bcs#1123378, CVE-2019-3823]
* Changes:
- cookies: leave secure cookies alone
- hostip: support wildcard hosts
- http: Implement trailing headers for chunked transfers
- http: added options for allowing HTTP/0.9 responses
- timeval: Use high resolution timestamps on Windows
* Bugfixes:
- CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
- CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
- CVE-2019-3823: SMTP end-of-response out-of-bounds read
- FAQ: remove mention of sourceforge for github
- OS400: handle memory error in list conversion
- OS400: upgrade ILE/RPG binding.
- README: add codacy code quality badge
- Revert http_negotiate: do not close connection
- THANKS: added several missing names from year <= 2000
- build: make 'tidy' target work for metalink builds
- cmake: added checks for variadic macros
- cmake: updated check for HAVE_POLL_FINE to match autotools
- cmake: use lowercase for function name like the rest of the code
- configure: detect xlclang separately from clang
- configure: fix recv/send/select detection on Android
- configure: rewrite --enable-code-coverage
- conncache_unlock: avoid indirection by changing input argument type
- cookie: fix comment typo
- cookies: allow secure override when done over HTTPS
- cookies: extend domain checks to non psl builds
- cookies: skip custom cookies when redirecting cross-site
- curl --xattr: strip credentials from any URL that is stored
- curl -J: refuse to append to the destination file
- curl/urlapi.h: include "/curl.h"/ first
- curl_multi_remove_handle() don't block terminating c-ares requests
- darwinssl: accept setting max-tls with default min-tls
- disconnect: separate connections and easy handles better
- disconnect: set conn->data for protocol disconnect
- docs/version.d: mention MultiSSL
- docs: fix the --tls-max description
- docs: use $(INSTALL_DATA) to install man page
- docs: use meaningless port number in CURLOPT_LOCALPORT example
- gopher: always include the entire gopher-path in request
- http2: clear pause stream id if it gets closed
- if2ip: remove unused function Curl_if_is_interface_name
- libssh: do not let libssh create socket
- libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
- libssh: free sftp_canonicalize_path() data correctly
- libtest/stub_gssapi: use "/real"/ snprintf
- mbedtls: use VERIFYHOST
- multi: multiplexing improvements
- multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
- ntlm: fix NTMLv2 compliance
- ntlm_sspi: add support for channel binding
- openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
- openssl: fix the SSL_get_tlsext_status_ocsp_resp call
- openvms: fix OpenSSL discovery on VAX
- openvms: fix typos in documentation
- os400: add a missing closing bracket
- os400: fix extra parameter syntax error
- pingpong: change default response timeout to 120 seconds
- pingpong: ignore regular timeout in disconnect phase
- printf: fix format specifiers
- runtests.pl: Fix perl call to include srcdir
- schannel: fix compiler warning
- schannel: preserve original certificate path parameter
- schannel: stop calling it "/winssl"/
- sigpipe: if mbedTLS is used, ignore SIGPIPE
- smb: fix incorrect path in request if connection reused
- ssh: log the libssh2 error message when ssh session startup fails
- test1558: verify CURLINFO_PROTOCOL on file:// transfer
- test1561: improve test name
- test1653: make it survive torture tests
- tests: allow tests to pass by 2037-02-12
- tests: move objnames-* from lib into tests
- timediff: fix math for unsigned time_t
- timeval: Disable MSVC Analyzer GetTickCount warning
- tool_cb_prg: avoid integer overflow
- travis: added cmake build for osx
- urlapi: Fix port parsing of eol colon
- urlapi: distinguish possibly empty query
- urlapi: fix parsing ipv6 with zone index
- urldata: rename easy_conn to just conn
- winbuild: conditionally use /DZLIB_WINAPI
- wolfssl: fix memory-leak in threaded use
- spnego_sspi: add support for channel binding
- Security fix [bsc#1123378, CVE-2019-3823]
* SMTP end-of-response out-of-bounds read
* Added patch curl-CVE-2019-3823.patch
- Security fix [bsc#1123377, CVE-2019-3822]
* NTLMv2 type-3 header stack buffer overflow
* Added patch curl-CVE-2019-3822.patch
- Fix wrong summary, curl is at version 7, not 4.
- Security fix [bsc#1123371, CVE-2018-16890]
* NTLM type-2 out-of-bounds buffer read
* Added patch curl-CVE-2018-16890.patch
- Provide libcurl4 = %version in the mini library package
- Update to version 7.63.0
Changes:
* curl: add %{stderr} and %{stdout} for --write-out
* curl: add undocumented option --dump-module-paths for w32
* setopt: add CURLOPT_CURLU
Bugfixes:
* (lib)curl.rc: fixup for minor bugs
* CURLINFO_REDIRECT_URL: extract the Location: header field unvalidated
* CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis/desc
* CURLOPT_WRITEFUNCTION.3: spell out that it gets called many times
* Curl_follow: accept non-supported schemes for "/fake"/ redirects
* KNOWN_BUGS: add --proxy-any connection issue
* NTLM: Remove redundant ifdef USE_OPENSS
* NTLM: force the connection to HTTP/1.1
* OS400: add URL API ccsid wrappers and sync ILE/RPG bindings
* SECURITY-PROCESS: bountygraph shuts down again
* TODO: Have the URL API offer IDN decoding
* ares: remove fd from multi fd set when ares is about to close the fd
* axtls: removed
* checksrc: add COPYRIGHTYEAR check
* cmake: fix MIT/Heimdal Kerberos detection
* configure: include all libraries in ssl-libs fetch
* configure: show CFLAGS, LDFLAGS etc in summary
* connect: fix building for recent versions of Minix
* cookies: create the cookiejar even if no cookies to save
* cookies: expire "/Max-Age=0"/ immediately
* curl: --local-port range was not "/including"/
* curl: fix --local-port integer overflow
* curl: fix memory leak reading --writeout from file
* curl: fixed UTF-8 in current console code page (Win)
* curl_easy_perform: fix timeout handling
* curl_global_sslset(): id == -1 is not necessarily an error
* curl_multibyte: fix a malloc overcalculation
* curle: move deprecated error code to ifndef block
* docs: curl_formadd field and file names are now escaped
* docs: escape "/n"/ codes
* doh: fix memory leak in OOM situation
* doh: make it work for h2-disabled builds too
* examples/ephiperfifo: report error when epoll_ctl fails
* ftp: avoid unsigned int overflows in FTP listing parser
* host names: allow trailing dot in name resolve, then strip it
* http2: Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1
* http: don't set CURLINFO_CONDIITON_UNMET for http status code 204
* http: fix HTTP DIgest auth to include query in URI
* http_negotiate: do not close connection until negotiation is completed
* impacket: add LICENSE
* infof: clearly indicate truncation
* ldap: fix LDAP URL parsing regressions
* libcurl: stop reading from paused transfers
* mprintf: avoid unsigned integer overflow warning
* netrc: don't ignore the login name specified with "/--user"/
* nss: Fall back to latest supported SSL version
* nss: Fix compatibility with nss versions 3.14 to 3.15
* nss: fix fallthrough comment to fix picky compiler warning
* nss: remove version selecting dead code
* nss: set default max-tls to 1.3/1.2
* openssl: Remove SSLEAY leftovers
* openssl: do not log excess "/TLS app data"/ lines for TLS 1.3
* openssl: do not use file BIOs if not requested
* openssl: fix unused variable compiler warning with old openssl
* openssl: support session resume with TLS 1.3
* openvms: fix example name
* os400: Add curl_easy_conn_upkeep() to ILE/RPG binding
* os400: add CURLOPT_CURLU to ILE/RPG binding
* os400: fix return type of curl_easy_pause() in ILE/RPG binding
* packages: remove old leftover files and dirs
* pop3: only do APOP with a valid timestamp
* runtests: use the local curl for verifying
* schannel: be consistent in Schannel capitalization
* schannel: better CURLOPT_CERTINFO support
* schannel: use Curl_prefix for global private symbols
* snprintf: renamed and now we only use msnprintf()
* ssl: fix compilation with OpenSSL 0.9.7
* ssl: replace all internal uses of CURLE_SSL_CACERT
* symbols-in-versions: add missing CURLU_symbols
* test328: verify Content-Encoding: none
* tests: disable SO_EXCLUSIVEADDRUSE for stunnel/Win
* tests: drop http_pipe.py script no longer used
* tests: drop http_pipe.py script no longer used
* tool_cb_wrt: Silence function cast compiler warning
* tool_doswin: Fix uninitialized field warning
* travis: build with clang sanitizers
* travis: remove curl before a normal build
* url: a short host name + port is not a scheme
* url: fix IPv6 numeral address parser
* urlapi: only skip encoding the first '=' with APPENDQUERY set
- refreshed curl-disabled-redirect-protocol-message.patch
- Update to version 7.62.0
Changes:
* multiplex: enable by default
* url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
* setopt: add CURLOPT_DOH_URL
* curl: --doh-url added
* setopt: add CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
* imap: change from "/FETCH"/ to "/UID FETCH"/
* configure: add option to disable automatic OpenSSL config loading
* upkeep: add a connection upkeep API: curl_easy_upkeep()
* URL-API: added five new functions
* vtls: MesaLink is a new TLS backend
Bugfixes:
* CVE-2018-16839: SASL password overflow via integer overflow [bsc#1112758]
* CVE-2018-16840: use-after-free in handle close [bsc#1113029]
* CVE-2018-16842: warning message out-of-buffer read [bsc#1113660]
* CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
* Curl_dedotdotify(): always nul terminate returned string
* Curl_follow: Always free the passed new URL
* Curl_http2_done: fix memleak in error path
* Curl_retry_request: fix memory leak
* Curl_saferealloc: Fixed typo in docblock
* FILE: fix CURLOPT_NOBODY and CURLOPT_HEADER output
* GnutTLS: TLS 1.3 support
* SECURITY-PROCESS: mention the bountygraph program
* VS projects: add USE_IPV6:
* certs: generate tests certs with sha256 digest algorithm
* checksrc: enable strict mode and warnings
* checksrc: handle zero scoped ignore commands
* cmake: Backport to work with CMake 3.0 again
* cmake: Improve config installation
* cmake: add support for transitive ZLIB target
* cmake: disable -Wpedantic-ms-format
* cmake: don't require OpenSSL if USE_OPENSSL=OFF
* cmake: fixed path used in generation of docs/tests
* cmake: remove unused *SOCKLEN_T variables
* cmake: suppress MSVC warning C4127 for libtest
* cmake: test and set missed defines during configuration
* config: Remove unused SIZEOF_VOIDP
* configure: force-use -lpthreads on HPUX
* configure: remove CURL_CONFIGURE_CURL_SOCKLEN_T
* configure: s/AC_RUN_IFELSE/CURL_RUN_IFELSE
* cookies: Remove redundant expired check
* cookies: fix leak when writing cookies to file
* curl-config.in: remove dependency on bc
* curl.1: --ipv6 mutexes ipv4 (fixed typo)
* curl: update the documentation of --tlsv1.0
* curl_multi_wait: call getsock before figuring out timeout
* curl_ntlm_wb: check aprintf() return codes
* data-binary.d: clarify default content-type is x-www-form-urlencoded
* docs/CIPHERS: Mention the options used to set TLS 1.3 ciphers
* docs/CIPHERS: fix the TLS 1.3 cipher names
* docs/CIPHERS: mention the colon separation for OpenSSL
* docs/examples: URL updates
* docs: add "/see also"/ links for SSL options
* example/asiohiper: insert warning comment about its status
* example/htmltidy: fix include paths of tidy libraries
* examples/http2-pushinmemory: receive HTTP/2 pushed files in memory
* examples/parseurl.c: show off the URL API
* examples: Fix memory leaks from realloc errors
* examples: do not wait when no transfers are running
* ftp: include command in Curl_ftpsend sendbuffer
* gskit: make sure to terminate version string
* gtls: Values stored to but never read
* hostip: fix check on Curl_shuffle_addr return value
* http2: fix memory leaks on error-path
* http: fix memleak in rewind error path
* krb5: fix memory leak in krb_auth
* memory: add missing curl_printf header
* memory: ensure to check allocation results
* multi: Fix error handling in the SENDPROTOCONNECT state
* multi: fix memory leak in content encoding related error path
* multi: make the closure handle "/inherit"/ CURLOPT_NOSIGNAL
* netrc: free temporary strings if memory allocation fails
* nss: try to connect even if libnssckbi.so fails to load
* ntlm_wb: Fix memory leaks in ntlm_wb_response
* ntlm_wb: bail out if the response gets overly large
* openssl: assume engine support in 0.9.8 or later
* openssl: enable TLS 1.3 post-handshake auth
* openssl: fix gcc8 warning
* openssl: load built-in engines too
* openssl: make 'done' a proper boolean
* openssl: output the correct cipher list on TLS 1.3 error
* openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
* openssl: show "/proper"/ version number for libressl builds
* pipelining: deprecated
* rand: add comment to skip a clang-tidy false positive
* rtmp: fix for compiling with lwIP
* runtests: ignore disabled even when ranges are given
* schannel: unified error code handling
* sendf: Fix whitespace in infof/failf concatenation
* ssh: free the session on init failures
* ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code
* system.h: use proper setting with Sun C++ as well
* test1299: use single quotes around asterisk
* test1452: mark as flaky
* test1651: unit test Curl_extract_certinfo()
* test320: strip out more HTML when comparing
* tests/negtelnetserver.py: fix Python2-ism in neg TELNET server
* tests: add unit tests for url.c
* tool_cb_hdr: handle failure of rename()
* travis: add a "/make tidy"/ build that runs clang-tidy
* travis: add build for "/configure --disable-verbose"/
* travis: bump the Secure Transport build to use xcode
* travis: make distcheck scan for BOM markers
* unit1300: fix stack-use-after-scope AddressSanitizer warning
* urldata: Fix "/connecting"/ comment
* urlglob: improve error message on bad globs
* vtls: fix ssl version "/or later"/ behavior change for many backends
* x509asn1: Fix SAN IP address verification
* x509asn1: always check return code from getASN1Element()
* x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
* x509asn1: suppress left shift on signed value
- Rebased patches after update:
* curl-disabled-redirect-protocol-message.patch
* curl-use_OPENSSL_config.patch
- Security fix [bsc#1113660, CVE-2018-16842]
* Fixed Out-of-bounds Read in tool_msgs.c
* Added curl-CVE-2018-16842.patch
- Security fix [bsc#1113029, CVE-2018-16840]
* use-after-free in handle close
* Added curl-CVE-2018-16840.patch
- Security fix [bsc#1112758, CVE-2018-16839]
* SASL password overflow via integer overflow
* Added curl-CVE-2018-16839.patch
- Security fix [CVE-2018-14618, bsc#1106019]
* NTLM password overflow via integer overflow
* Added patch curl-CVE-2018-14618.patch
- Update to version 7.61.1
Bugfixes:
* CVE-2018-14618: NTLM password overflow via integer overflow (bsc#1106019)
* CURLINFO_SIZE_UPLOAD: fix missing counter update
* CURLOPT_ACCEPT_ENCODING.3: list them comma-separated
* CURLOPT_SSL_CTX_FUNCTION.3: might cause accidental connection reuse
* Curl_getoff_all_pipelines: improved for multiplexed
* DEPRECATE: remove release date from 7.62.0
* HTTP: Don't attempt to needlessly decompress redirect body
* INTERNALS: require GnuTLS >= 2.11.3
* README.md: add LGTM.com code quality grade for C/C++
* SSLCERTS: improve the openssl command line
* Silence GCC 8 cast-function-type warnings
* ares: check for NULL in completed-callback
* asyn-thread: Remove unused macro
* auth: only pick CURLAUTH_BEARER if we *have* a Bearer token
* auth: pick Bearer authentication whenever a token is available
* cmake: CMake config files are defining CURL_STATICLIB for static builds
* cmake: Respect BUILD_SHARED_LIBS
* cmake: Update scripts to use consistent style
* cmake: bumped minimum version to 3.4
* cmake: link curl to the OpenSSL targets instead of lib absolute paths
* configure: conditionally enable pedantic-errors
* configure: fix for -lpthread detection with OpenSSL and pkg-config
* conn: remove the boolean 'inuse' field
* content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
* cookie tests: treat files as text
* cookies: support creation-time attribute for cookies
* curl: Fix segfault when -H @headerfile is empty
* curl: add http code 408 to transient list for --retry
* curl: fix time-of-check, time-of-use race in dir creation
* curl: use Content-Disposition before the "/URL end"/ for -OJ
* curl: warn the user if a given file name looks like an option
* curl_threads: silence bad-function-cast warning
* darwinssl: add support for ALPN negotiation
* docs/CURLOPT_URL: fix indentation
* docs/CURLOPT_WRITEFUNCTION: size is always 1
* docs/SECURITY-PROCESS: mention bounty, drop pre-notify
* docs/examples: add hiperfifo example using linux epoll/timerfd
* docs: add disallow-username-in-url.d and haproxy-protocol.d to dist
* docs: clarify NO_PROXY env variable functionality
* docs: improved the manual pages of some callbacks
* docs: mention NULL is fine input to several functions
* formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULT
* gopher: Do not translate `?' to `%09'
* header output: switch off all styles, not just unbold
* hostip: fix unused variable warning
* http2: Use correct format identifier for stream_id
* http2: abort the send_callback if not setup yet
* http2: avoid set_stream_user_data() before stream is assigned
* http2: check nghttp2_session_set_stream_user_data return code
* http2: clear the drain counter in Curl_http2_done
* http2: make sure to send after RST_STREAM
* http2: separate easy handle from connections better
* http: fix for tiny "/HTTP/0.9"/ response
* http_proxy: Remove unused macro SELECT_TIMEOUT
* lib/Makefile: only do symbol hiding if told to
* lib1502: fix memory leak in torture test
* lib1522: fix curl_easy_setopt argument type
* libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
* mime: check Curl_rand_hex's return code
* multi: always do the COMPLETED procedure/state
* openssl: assume engine support in 1.0.0 or later
* openssl: fix debug messages
* projects: Improve Windows perl detection in batch scripts
* retry: return error if rewind was necessary but didn't happen
* reuse_conn(): memory leak - free old_conn->options
* schannel: client certificate store opening fix
* schannel: enable CALG_TLS1PRF for w32api >= 5.1
* schannel: fix MinGW compile break
* sftp: don't send post-qoute sequence when retrying a connection
* smb: fix memory leak on early failure
* smb: fix memory-leak in URL parse error path
* smb_getsock: always wait for write socket too
* ssh-libssh: fix infinite connect loop on invalid private key
* ssh-libssh: reduce excessive verbose output about pubkey auth
* ssh-libssh: use FALLTHROUGH to silence gcc8
* ssl: set engine implicitly when a PKCS#11 URI is provided
* sws: handle EINTR when calling select()
* system_win32: fix version checking
* telnet: Remove unused macros TELOPTS and TELCMDS
* test1143: disable MSYS2's POSIX path conversion
* test1148: disable if decimal separator is not point
* test1307: (fnmatch testing) disabled
* test1422: add required file feature
* test1531: Add timeout
* test1540: Remove unused macro TEST_HANG_TIMEOUT
* test214: disable MSYS2's POSIX path conversion for URL
* test320: treat curl320.out file as binary
* tests/http_pipe.py: Use /usr/bin/env to find python
* tests: Don't use Windows path %PWD for SSH tests
* tests: fixes for Windows line endlings
* tool_operate: Fix setting proxy TLS 1.3 ciphers
* travis: build darwinssl on macos 10.12 to fix linker errors
* travis: execute "/set -eo pipefail"/ for coverage build
* travis: run a 'make checksrc' too
* travis: update to GCC-8
* travis: verify that man pages can be regenerated
* upload: allocate upload buffer on-demand
* upload: change default UPLOAD_BUFSIZE to 64KB
* urldata: remove unused pipe_broke struct field
* vtls: reinstantiate engine on duplicated handles
* windows: implement send buffer tuning
* wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
- Remove patch included upstream:
* curl-switch-off-all-styles.patch
- Added curl-switch-off-all-styles.patch: Fix output of wrong escape sequences,
which might mess up the terminal (bsc#1105624)
- security update
* CVE-2018-0500 [bsc#1099793]
+ curl-CVE-2018-0500.patch
- Update to version 7.61.0
[bsc#1099793, CVE-2018-0500]
Changes:
* getinfo: add microsecond precise timers for seven intervals
* curl: show headers in bold, switch off with --no-styled-output
* httpauth: add support for Bearer tokens
* Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
* curl: --tls13-ciphers and --proxy-tls13-ciphers
* Add CURLOPT_DISALLOW_USERNAME_IN_URL
* curl: --disallow-username-in-url
Bugfixes:
* CVE-2018-0500: smtp: fix SMTP send buffer overflow
* schannel: disable client cert option if APIs not available
* schannel: disable manual verify if APIs not available
* tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
* openssl: acknowledge --tls-max for default version too
* stub_gssapi: fix 'unused parameter' warnings
* examples/progressfunc: make it build on both new and old libcurls
* docs: mention it is HA Proxy protocol "/version 1"/
* curl_fnmatch: only allow two asterisks for matching
* docs: clarify CURLOPT_HTTPGET
* configure: replace a AC_TRY_RUN with CURL_RUN_IFELSE
* configure: do compile-time SIZEOF checks instead of run-time
* checksrc: make sure sizeof() is used *with* parentheses
* CURLOPT_ACCEPT_ENCODING.3: add brotli and clarify a bit
* schannel: make CAinfo parsing resilient to CR/LF
* tftp: make sure error is zero terminated before printfing it
* http resume: skip body if http code 416 (range error) is ignored
* configure: add basic test of --with-ssl prefix
* cmake: set -d postfix for debug builds
* multi: provide a socket to wait for in Curl_protocol_getsock
* content_encoding: handle zlib versions too old for Z_BLOCK
* winbuild: only delete OUTFILE if it exists
* winbuild: In MakefileBuild.vc fix typo DISTDIR->DIRDIST
* schannel: add failf calls for client certificate failures
* cmake: Fix the test for fsetxattr and strerror_r
* curl.1: Fix cmdline-opts reference errors
* cmdline-opts/gen.pl: warn if mutexes: or see-also: list non-existing options
* cmake: check for getpwuid_r
* configure: fix ssh2 linking when built with a static mbedtls
* psl: use latest psl and refresh it periodically
* fnmatch: insist on escaped bracket to match
* KNOWN_BUGS: restore text regarding #2101
* INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
* configure: override AR_FLAGS to silence warning
* os400: implement mime api EBCDIC wrappers
* curl.rc: embed manifest for correct Windows version detection
* strictness: correct {infof, failf} format specifiers
* tests: update .gitignore for libtests
* configure: check for declaration of getpwuid_r
* fnmatch: use the system one if available
* CURLOPT_RESOLVE: always purge old entry first
* multi: remove a potentially bad DEBUGF()
* curl_addrinfo: use same #ifdef conditions in source as header
* build: remove the Borland specific makefiles
* axTLS: not considered fit for use
* cmdline-opts/cert-type.d: mention "/p12"/ as a recognized type
* system.h: add support for IBM xlc C compiler
* tests/libtest: Add lib1521 to nodist_SOURCES
* mk-ca-bundle.pl: leave certificate name untouched
* boringssl + schannel: undef X509_NAME in lib/schannel.h
* openssl: assume engine support in 1.0.1 or later
* cppcheck: fix warnings
* test 46: make test pass after year 2025
* schannel: support selecting ciphers
* Curl_debug: remove dead printhost code
* test 1455: unflakified
* Curl_init_do: handle NULL connection pointer passed in
* progress: remove a set of unused defines
* mk-ca-bundle.pl: make -u delete certdata.txt if found not changed
* GOVERNANCE.md: explains how this project is run
* configure: use pkg-config for c-ares detection
* configure: enhance ability to build with static openssl
* maketgz: fix sed issues on OSX
* multi: fix memory leak when stopped during name resolve
* CURLOPT_INTERFACE.3: interface names not supported on Windows
* url: fix dangling conn->data pointer
* cmake: allow multiple SSL backends
* system.h: fix for gcc on 32 bit OpenServer
* ConnectionExists: make sure conn->data is set when "/taking"/ a connection
* multi: fix crash due to dangling entry in connect-pending list
* CURLOPT_SSL_VERIFYPEER.3: Add performance note
* netrc: use a larger buffer to support longer passwords
* url: check Curl_conncache_add_conn return code
* configure: Add dependent libraries after crypto
* easy_perform: faster local name resolves by using *multi_timeout()
* getnameinfo: not used, removed all configure checks
* travis: add a build using the synchronous name resolver
* CURLINFO_TLS_SSL_PTR.3: improve the example
* openssl: allow TLS 1.3 by default
* openssl: make the requested TLS version the *minimum* wanted
* openssl: Remove some dead code
* telnet: fix clang warnings
* DEPRECATE: new doc describing planned item removals
* example/crawler.c: simple crawler based on libxml2
* libssh: goto DISCONNECT state on error, not SESSION_FREE
* CMake: Remove unused functions
* darwinssl: allow High Sierra users to build the code using GCC
* scripts: include _curl as part of CLEANFILES
* examples: fix -Wformat warnings
* curl_setup: include <winerror.h> before <windows.h>
* schannel: make more cipher options conditional
* CMake: remove redundant and old end-of-block syntax
* post303.d: clarify that this is an RFC violation
- refreshed libcurl-ocloexec.patch
- Use OPENSSL_config instead of CONF_modules_load_file() to avoid
crashes due to openssl engines conflicts (bsc#1086367)
* add curl-use_OPENSSL_config.patch
- Update to version 7.60.0
[bsc#1092094, CVE-2018-1000300][bsc#1092098, CVE-2018-1000301]
Changes:
* Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol
* Add --haproxy-protocol for the command line tool
* Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses
Bugfixes:
* FTP: shutdown response buffer overflow CVE-2018-1000300
* RTSP: bad headers buffer over-read CVE-2018-1000301
* FTP: fix typo in recursive callback detection for seeking
* test1208: marked flaky
* HTTP: make header-less responses still count correct body size
* user-agent.d:: mention --proxy-header as well
* http2: fixes typo
* cleanup: misc typos in strings and comments
* rate-limit: use three second window to better handle high speeds
* examples/hiperfifo.c: improved
* pause: when changing pause state, update socket state
* multi: improved pending transfers handling => improved performance
* curl_version_info.3: fix ssl_version description
* add_handle/easy_perform: clear errorbuffer on start if set
* cmake: add support for brotli
* parsedate: support UT timezone
* vauth/ntlm.h: fix the #ifdef header guard
* lib/curl_path.h: added #ifdef header guard
* vauth/cleartext: fix integer overflow check
* CURLINFO_COOKIELIST.3: made the example not leak memory
* cookie.d: mention that "/-"/ as filename means stdin
* CURLINFO_SSL_VERIFYRESULT.3: fixed the example
* http2: read pending frames (including GOAWAY) in connection-check
* timeval: remove compilation warning by casting
* cmake: avoid warn-as-error during config checks
* travis-ci: enable -Werror for CMake builds
* openldap: fix for NULL return from ldap_get_attribute_ber()
* threaded resolver: track resolver time and set suitable timeout values
* cmake: Add advapi32 as explicit link library for win32
* docs: fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T
* test1148: set a fixed locale for the test
* cookies: when reading from a file, only remove_expired once
* cookie: store cookies per top-level-domain-specific hash table
* openssl: fix build with LibreSSL 2.7
* tls: fix mbedTLS 2.7.0 build + handle sha256 failures
* openssl: RESTORED verify locations when verifypeer==0
* file: restore old behavior for file:////foo/bar URLs
* FTP: allow PASV on IPv6 connections when a proxy is being used
* build-openssl.bat: allow custom paths for VS and perl
* winbuild: make the clean target work without build-type
* build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15
* curl: retry on FTP 4xx, ignore other protocols
* configure: detect (and use) sa_family_t
* examples/sftpuploadresume: Fix Windows large file seek
* build: cleanup to fix clang warnings/errors
* winbuild: updated the documentation
* lib: silence null-dereference warnings
* travis: bump to clang 6 and gcc 7
* travis: build libpsl and make builds use it
* proxy: show getenv proxy use in verbose output
* duphandle: make sure CURLOPT_RESOLVE is duplicated
* all: Refactor malloc+memset to use calloc
* checksrc: Fix typo
* system.h: Add sparcv8plus to oracle/sunpro 32-bit detection
* vauth: Fix typo
* ssh: show libSSH2 error code when closing fails
* test1148: tolerate progress updates better
* urldata: make service names unconditional
* configure: keep LD_LIBRARY_PATH changes local
* ntlm_sspi: fix authentication using Credential Manager
* schannel: add client certificate authentication
* winbuild: Support custom devel paths for each dependency
* schannel: add support for CURLOPT_CAINFO
* http2: handle on_begin_headers() called more than once
* openssl: support OpenSSL 1.1.1 verbose-mode trace messages
* openssl: fix subjectAltName check on non-ASCII platforms
* http2: avoid strstr() on data not zero terminated
* http2: clear the "/drain counter"/ when a stream is closed
* http2: handle GOAWAY properly
* tool_help: clarify --max-time unit of time is seconds
* curl.1: clarify that options and URLs can be mixed
* http2: convert an assert to run-time check
* curl_global_sslset: always provide available backends
* ftplistparser: keep state between invokes
* Curl_memchr: zero length input can't match
* examples/sftpuploadresume: typecast fseek argument to long
* examples/http2-upload: expand buffer to avoid silly warning
* ctype: restore character classification for non-ASCII platforms
* mime: avoid NULL pointer dereference risk
* cookies: ensure that we have cookies before writing jar
* os400.c: fix checksrc warnings
* configure: provide --with-wolfssl as an alias for --with-cyassl
* cyassl: adapt to libraries without TLS 1.0 support built-in
* http2: get rid of another strstr
* checksrc: force indentation of lines after an else
* cookies: remove unused macro
* CURLINFO_PROTOCOL.3: mention the existing defined names
* tests: provide 'manual' as a feature to optionally require
* travis: enable libssh2 on both macos and Linux
* CURLOPT_URL.3: added ENCODING section
* wolfssl: Fix non-blocking connect
* vtls: don't define MD5_DIGEST_LENGTH for wolfssl
* docs: remove extraneous commas in man pages
* URL: fix ASCII dependency in strcpy_url and strlen_url
* ssh-libssh.c: fix left shift compiler warning
* configure: only check for CA bundle for file-using SSL backends
* travis: add an mbedtls build
* http: don't set the "/rewind"/ flag when not uploading anything
* configure: put CURLDEBUG and DEBUGBUILD in lib/curl_config.h
* transfer: don't unset writesockfd on setup of multiplexed conns
* vtls: use unified "/supports"/ bitfield member in backends
* URLs: fix one more http url
* travis: add a build using WolfSSL
* openssl: change FILE ops to BIO ops
* travis: add build using NSS
* smb: reject negative file sizes
* cookies: accept parameter names as cookie name
* http2: getsock fix for uploads
* all over: fixed format specifiers
* http2: use the correct function pointer typedef
- Added message about protocol redirection not supported or
disabled to the function findprotocol() [bsc#1076446]
* Added curl-disabled-redirect-protocol-message.patch
- Update to version 7.59.0
[bsc#1084521, CVE-2018-1000120][bsc#1084524, CVE-2018-1000121]
[bsc#1084532, CVE-2018-1000122]
Changes:
* curl: add --proxy-pinnedpubkey
* added: CURLOPT_TIMEVALUE_LARGE and CURLINFO_FILETIME_T
* CURLOPT_RESOLVE: Add support for multiple IP addresses per entry
* Add option CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
* Add new tool option --happy-eyeballs-timeout-ms
* Add CURLOPT_RESOLVER_START_FUNCTION and CURLOPT_RESOLVER_START_DATA
Bugfixes:
* openldap: check ldap_get_attribute_ber() results for NULL before using
* FTP: reject path components with control codes
* readwrite: make sure excess reads don't go beyond buffer end
* lib555: drop text conversion and encode data as ascii codes
* lib517: make variable static to avoid compiler warning
* lib544: sync ascii code data with textual data
* GSKit: restore pinnedpubkey functionality
* darwinssl: Don't import client certificates into Keychain on macOS
* parsedate: fix date parsing for systems with 32 bit long
* openssl: fix pinned public key build error in FIPS mode
* SChannel/WinSSL: Implement public key pinning
* cookies: remove verbose "/cookie size:"/ output
* progress-bar: don't use stderr explicitly, use bar->out
* build: open VC15 projects with VS 2017
* curl_ctype: private is*() type macros and functions
* configure: set PATH_SEPARATOR to colon for PATH w/o separator
* curl_easy_reset: clear digest auth state
* curl/curl.h: fix comment typo for CURLOPT_DNS_LOCAL_IP6
* range: commonize FTP and FILE range handling
* progress-bar docs: update to match implementation
* fnmatch: do not match the empty string with a character set
* fnmatch: accept an alphanum to be followed by a non-alphanum in char set
* build: fix termios issue on android cross-compile
* getdate: return -1 for out of range
* formdata: use the mime-content type function
* openssl: Don't add verify locations when verifypeer==0
* fnmatch: optimize processing of consecutive *s and ?s pattern characters
* schannel: fix compiler warnings
* content_encoding: Add "/none"/ alias to "/identity"/
* get_posix_time: only check for overflows if they can happen
* http_chunks: don't write chunks twice with CURLOPT_HTTP_TRANSFER_DECODING
* README: language fix
* sha256: build with OpenSSL < 0.9.8
* smtp: fix processing of initial dot in data
* --tlsauthtype: works only if libcurl is built with TLS-SRP support
* tests: new tests for http raw mode
* libcurl-security.3: man page discussion security concerns when using libcurl
* curl_gssapi: make sure this file too uses our *printf()
* BINDINGS: fix curb link (and remove ruby-curl-multi)
* nss: use PK11_CreateManagedGenericObject() if available
* travis: add build with iconv enabled
* ssh: add two missing state names
* CURLOPT_HEADERFUNCTION.3: mention folded headers
* http: fix the max header length detection logic
* header callback: don't chop headers into smaller pieces
* CURLOPT_HEADER.3: clarify problems with different data sizes
* curl --version: show PSL if the run-time lib has it enabled
* examples/sftpuploadresume: resume upload via CURLOPT_APPEND
* Return error if called recursively from within callbacks
* sasl: prefer PLAIN mechanism over LOGIN
* winbuild: Use CALL to run batch scripts
* curl_share_setopt.3: connection cache is shared within multi handles
* projects/README: remove reference to dead IDN link/package
* lib655: silence compiler warning
* configure: Fix version check for OpenSSL 1.1.1
* docs/MANUAL: formfind.pl is not accessible on the site anymore
* unit1307: proper cleanup on OOM to fix torture tests
* curl_ctype: fix macro redefinition warnings
* build: get CFLAGS (including -werror) used for examples and tests
* NO_PROXY: fix for IPv6 numericals in the URL
* krb5: use nondeprecated functions
* http2: mark the connection for close on GOAWAY
* limit-rate: kick in even before "/limit"/ data has been received
* HTTP: allow "/header;"/ to replace an internal header with a blank one
* http2: verbose output new MAX_CONCURRENT_STREAMS values
* SECURITY: distros' max embargo time is 14 days
* curl tool: accept --compressed also if Brotli is enabled and zlib is not
* WolfSSL: adding TLSv1.3
* checksrc.pl: add -i and -m options
* CURLOPT_COOKIEFILE.3: "/-"/ as file name means stdin
- Refreshed patch libcurl-ocloexec.patch
- Sort a bit with spec-cleaner
- Install license with the library
- ignore all test failures for PowerPC as bypass boo#1075219
(not only the 1501 previously skipped)
* Added patch ignore_runtests_failure.patch
- Build curl with libssh.org
libssh offers a lot more features than libssh2, for example:
* Key Exchange Methods: curve25519-sha256@libssh.org
* Hostkey Types: ssh-ed25519
* Authentication: gssapi-with-mic
- Update to version 7.58.0
[bsc#1076360,CVE-2018-1000005][bsc#1077001,CVE-2018-1000007]
Changes:
* new libssh-powered SSH SCP/SFTP back-end
* curl-config: add --ssl-backends
Bugfixes:
* http2: fix incorrect trailer buffer size
* http: prevent custom Authorization headers in redirects
* travis: add boringssl build
* examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
* SSL: Avoid magic allocation of SSL backend specific data
* lib: don't export all symbols, just everything curl_*
* libssh2: send the correct CURLE error code on scp file not found
* libssh2: return CURLE_UPLOAD_FAILED on failure to upload
* openssl: enable pkcs12 in boringssl builds
* libssh2: remove dead code from SSH_SFTP_QUOTE
* sasl_getmesssage: make sure we have a long enough string to pass
* conncache: fix several lock issues
* threaded-shared-conn.c: new example
* conncache: only allow multiplexing within same multi handle
* configure: check for netinet/in6.h
* URL: tolerate backslash after drive letter for FILE:
* openldap: add commented out debug possibilities
* include: get netinet/in.h before linux/tcp.h
* CONNECT: keep close connection flag in http_connect_state struct
* BINDINGS: another PostgreSQL client
* curl: limit -# update frequency for unknown total size
* configure: add AX_CODE_COVERAGE only if using gcc
* curl.h: remove incorrect comment about ERRORBUFFER
* openssl: improve data-pending check for https proxy
* curl: remove __EMX__ #ifdefs
* CURLOPT_PRIVATE.3: fix grammar
* sftp: allow quoted commands to use relative paths
* CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
* RESOLVE: output verbose text when trying to set a duplicate name
* multi_done: prune DNS cache
* tests: update .gitignore for libtests
* tests: mark data files as non-executable in git
* CURLOPT_DNS_LOCAL_IP4.3: fixed the "/SEE ALSO"/ to not self-reference
* curl.1: documented two missing valid exit codes
* curl.1: mention http:// and https:// as valid proxy prefixes
* vtls: replaced getenv() with curl_getenv()
* setopt: less *or equal* than INT_MAX/1000 should be fine
* examples/smtp-mail.c: use separate defines for options and mail
* curl: support >256 bytes warning messsages
* conncache: fix a return code
* krb5: fix a potential access of uninitialized memory
* rand: add a clang-analyzer work-around
* CURLOPT_READFUNCTION.3: refer to argument with correct name
* brotli: allow compiling with version 0.6.0
* content_encoding: rework zlib_inflate
* curl_easy_reset: release mime-related data
* examples/rtsp: fix error handling macros
* curl: Support size modifiers for --max-filesize
* examples/cacertinmem: ignore cert-already-exists error
* brotli: data at the end of content can be lost
* curl_version_info.3: call the argument 'age'
* openssl: fix memory leak of SSLKEYLOGFILE filename
* build: remove HAVE_LIMITS_H check
* --mail-rcpt: fix short-text description
* scripts: allow all perl scripts to be run directly
* progress: calculate transfer speed on milliseconds if possible
* system.h: check __LONG_MAX__ for defining curl_off_t
* easy: fix connection ownership in curl_easy_pause
* setopt: reintroduce non-static Curl_vsetopt() for OS400 support
* setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
* configure.ac: append extra linker flags instead of prepending them
* HTTP: bail out on negative Content-Length: values
* docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
* mime: clone mime tree upon easy handle duplication
* openssl: enable SSLKEYLOGFILE support by default
* smtp/pop3/imap_get_message: decrease the data length too...
* CURLOPT_TCP_NODELAY.3: fix typo
* SMB: fix numeric constant suffix and variable types
* ftp-wildcard: fix matching an empty string with "/*[^a]"/
* curl_fnmatch: only allow 5 '*' sections in a single pattern
* openssl: fix potential memory leak in SSLKEYLOGFILE logic
* SSH: Fix state machine for ssh-agent authentication
* examples/url2file.c: add missing curl_global_cleanup() call
* http2: don't close connection when single transfer is stopped
* libcurl-env.3: first version
* curl: progress bar refresh, get width using ioctl()
* CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
- disable 1501 test for PowerPC as byass boo#1075219
- Update to version 7.57.0 [bsc#1069226, CVE-2017-8816]
[bsc#1069222, CVE-2017-8817] [bsc#1069714, CVE-2017-8818]
Changes:
* auth: add support for RFC7616 - HTTP Digest access authentication
* share: add support for sharing the connection cache
* HTTP: implement Brotli content encoding
Bugfixes:
* CVE-2017-8816: NTLM buffer overflow via integer overflow
* CVE-2017-8817: FTP wildcard out of bounds read
* CVE-2017-8818: SSL out of buffer access
* curl_mime_filedata.3: fix typos
* libtest: Add required test libraries for lib1552 and lib1553
* fix time diffs for systems using unsigned time_t
* ftplistparser: memory leak fix: free temporary memory always
* multi: allow table handle sizes to be overridden
* wildcards: don't use with non-supported protocols
* curl_fnmatch: return error on illegal wildcard pattern
* transfer: Fix chunked-encoding upload too early exit
* resolvers: only include anything if needed
* setopt: fix CURLOPT_SSH_AUTH_TYPES option read
* Curl_timeleft: change return type to timediff_t
* cmake: Export libcurl and curl targets to use by other cmake projects
* curl: in -F option arg, comma is a delimiter for files only
* curl: improved "/;type="/ handling in -F option arguments
* timeval: use mach_absolute_time() on MacOS
* curlx: the timeval functions are no longer provided as curlx_*
* mkhelp.pl: do not generate comment with current date
* memdebug: use send/recv signature for curl_dosend/curl_dorecv
* cookie: avoid NULL dereference
* url: fix CURLOPT_POSTFIELDSIZE arg value check to allow -1
* include: remove conncache.h inclusion from where its not needed
* CURLOPT_MAXREDIRS: allow -1 as a value
* tests: Fixed torture tests on tests 556 and 650
* http2: Fixed OOM handling in upgrade request
* url: fix CURLOPT_DNS_CACHE_TIMEOUT arg value check to allow -1
* CURLOPT_INFILESIZE: accept -1
* curl: pass through [] in URLs instead of calling globbing error
* curl: speed up handling of many URLs
* ntlm: avoid malloc(0) for zero length passwords
* url: remove faulty arg value check from CURLOPT_SSH_AUTH_TYPES
* HTTP: support multiple Content-Encodings
* travis: add a job with brotli enabled
* url: remove unncessary NULL-check
* fnmatch: remove dead code
* connect: store IPv6 connection status after valid connection
* imap: deal with commands case insensitively
* --interface: add support for Linux VRF
* content_encoding: fix inflate_stream for no bytes available
* cmake: Add missing setmode check
* connect.c: remove executable bit on file
* SMB: fix uninitialized local variable
* zlib/brotli: only include header files in modules needing them
* URL: return error on malformed URLs with junk after IPv6 bracket
* openssl: fix too broad use of HAVE_OPAQUE_EVP_PKEY
* macOS: Fix missing connectx function with Xcode version older than 9.0
* --resolve: allow IP address within [] brackets
* examples/curlx: Fix code style
* ntlm: remove unnecessary NULL-check to please scan-build
* Curl_llist_remove: fix potential NULL pointer deref
* mime: fix "/Value stored to 'sz' is never read"/ scan-build error
* openssl: fix "/Value stored to 'rc' is never read"/ scan-build error
* http2: fix "/Value stored to 'hdbuf' is never read"/ scan-build error
* http2: fix "/Value stored to 'end' is never read"/ scan-build error
* Curl_open: fix OOM return error correctly
* url: reject ASCII control characters and space in host names
* examples/rtsp: clear RANGE again after use
* connect: improve the bind error message
* make: fix "/make distclean"/
* connect: add support for new TCP Fast Open API on Linux
* metalink: fix memory-leak and NULL pointer dereference
* URL: update "/file:"/ URL handling
* ssh: remove check for a NULL pointer
* global_init: ignore CURL_GLOBAL_SSL's absense
- Update to version 7.56.1 [bsc#1063824]
Bugfixes:
* imap: if a FETCH response has no size, don't call write
callback [CVE-2017-1000257]
* ftp: UBsan fixup 'pointer index expression overflowed
* failf: skip the sprintf() if there are no consumers
* fuzzer: move to using external curl-fuzzer
* lib/Makefile.m32: allow customizing dll suffixes
* docs: fix typo in curl_mime_data_cb man page
* darwinssl: add support for TLSv1.3
* build: fix --disable-crypto-auth
* openssl: fix build without HAVE_OPAQUE_EVP_PKEY
* strtoofft: Remove extraneous null check
* multi_cleanup: call DONE on handles that never got that
* tests: added flaky keyword to tests 587 and 644
* pingpong: return error when trying to send without connection
* remove_handle: call multi_done() first, then clear dns cache pointer
* mime: be tolerant about setting the same header list twice in a part
* mime: improve unbinding top multipart from easy handle
* mime: avoid resetting a part's encoder when part's contents change
* mime: refuse to add subparts to one of their own descendants
* RTSP: avoid integer overflow on funny RTSP responses
* curl: don't pass semicolons when parsing Content-Disposition
* openssl: enable PKCS12 support for !BoringSSL
* FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
* CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
* CURLOPT_XFERINFODATA.3: fix duplicate see also
* test298: verify --ftp-method nowcwd with URL encoded path
* FTP: URL decode path for dir listing in nocwd mode
* smtp_done: fix memory leak on send failure
* ftpserver: support case insensitive commands
* test950; verify SMTP with custom request
* openssl: don't use old BORINGSSL_YYYYMM macros
* setopt: update current connection SSL verify params
* curl: reimplement stdin buffering in -F option
* mime: keep "/text/plain"/ content type if user-specified
* mime: fix the content reader to handle >16K data properly
* configure: remove the C++ compiler check
* memdebug: trace send, recv and socket
* runtests: use valgrind for torture as well
* ldap: silence clang warning
* makefile.m32: allow to override gcc, ar and ranlib
* setopt: avoid integer overflows when setting millsecond values
* setopt: range check most long options
* ftp: reject illegal IP/port in PASV 227 response
* mime: do not reuse previously computed multipart size
* vtls: change struct Curl_ssl `close' field name to `close_one'
* os400: add missing symbols in config file
* mime: limit bas64-encoded lines length to 76 characters
* mk-ca-bundle: Remove URL for aurora
* mk-ca-bundle: Fix URL for NSS
- Update to 7.56.0 [bsc#1061876, CVE-2017-1000254]
Changes:
* curl: enable compression for SCP/SFTP with --compressed-ssh
* libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION
* vtls: added dynamic changing SSL backend with curl_global_sslset()
* new MIME API, curl_mime_init() and friends
* openssl: initial SSLKEYLOGFILE implementation
Security fixes:
* CVE-2017-1000254 FTP PWD response parser out of bounds read
Bugfixes:
* FTP: zero terminate the entry path even on bad input
* examples/ftpuploadresume.c: use portable code
* runtests: match keywords case insensitively
* strtoofft: reduce integer overflow risks globally
* zsh.pl: produce a working completion script again
* cmake: remove dead code for CURL_DISABLE_RTMP
* progress: Track total times following redirects
* configure: fix --disable-threaded-resolver
* configure: fix clang version detection
* darwinssi: fix error: variable length array used
* configure: check for __builtin_available() availability
* http_proxy: fix build error for CURL_DOES_CONVERSIONS
* examples/ftpuploadresume: checksrc compliance
* ftp: fix CWD when doing multicwd then nocwd on same connection
* system.h: remove all CURL_SIZEOF_* defines
* http: Don't wait on CONNECT when there is no proxy
* system.h: check for __ppc__ as well
* http2_recv: return error better on fatal h2 errors
* tftp: fix memory leak on too long filename
* system.h: fix build for hppa
* cmake: enable picky compiler options with clang and gcc
* makefile.m32: add support for libidn2
* curl: shorten and clean up CA cert verification error message
* imap: support PREAUTH
* CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
* examples/threaded-ssl: mention that this is for openssl before 1.1
* tests: Make sure libtests & unittests call curl_global_cleanup()
* system.h: include sys/poll.h for AIX
* darwinssl: handle long strings in TLS certs
* strtooff: fix build for systems with long long but no strtoll
* asyn-thread: Improved cleanup after OOM situations
* curl.h: CURLSSLBACKEND_WOLFSSL used wrong value
* unit1301: fix error message on first test
* ossfuzz: moving towards the ideal integration
* http: fix a memory leakage in checkrtspprefix()
* examples/post-callback: stop returning one byte at a time
* schannel: return CURLE_SSL_CACERT on failed verification
* http-proxy: treat all 2xx as CONNECT success
* openssl: use OpenSSL's default ciphers by default
* runtests.pl: support attribute "/nonewline"/ in part verify/upload
* configure: remove --enable-soname-bump and SONAME_BUMP
* vtls: fix WolfSSL 3.12 build problems
* http-proxy: when not doing CONNECT, that phase is done immediately
* configure: fix curl_off_t check's include order
* configure: use -Wno-varargs on clang 3.9[.X] debug builds
* rtsp: do not call fwrite() with NULL pointer FILE *
* mbedtls: enable CA path processing
* checksrc: verify more code style rules
* HTTP proxy: on connection re-use, still use the new remote port
* tests: add initial gssapi test using stub implementation
* rtsp: Segfault when using WRITEDATA
* docs: clarify the CURLOPT_INTERLEAVE* options behavior
* non-ascii: use iconv() with 'char **' argument
* server/getpart: provide dummy function to build conversion enabled
* conversions: fix several compiler warnings
* openssl: add missing includes
* schannel: Support partial send for when data is too large
* socks: fix incorrect port number in SOCKS4 error message
* curl: fix integer overflow in timeout options
* cookies: reject oversized cookies instead of truncating
* cookies: use lock when using CURLINFO_COOKIELIST
* curl: check fseek() return code and bail on error
* examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
* openssl: only verify RSA private key if supported
* tests: make the imap server not verify user+password
* imap: quote atoms properly when escaping characters
* tests: fix a compiler warning in test 643
* file_range: avoid integer overflow when figuring out byte range
* reuse_conn: don't copy flags that are known to be equal
* http: fix adding custom empty headers to repeated requests
* docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS
* connect: fix race condition with happy eyeballs timeout
* cookie: fix memory leak if path was set twice in header
* vtls: compare and clone ssl configs properly
* proxy: read the "/no_proxy"/ variable only if necessary
- Refreshed patches:
* libcurl-ocloexec.patch
- Removed patches fixed upstream:
* curl-man3.patch
* ppc-build.patch
* curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch
* curl-disable-test1427-i586.patch
- Add curl-http-Don-t-wait-on-CONNECT-when-there-is-no-proxy.patch:
Fix NetworkManagers connectivity test.
- ppc-build.patch: Fix build for powerpc
- Upstream fix to build libcurl man3 pages
* Added patch curl-man3.patch
- Disabled test1425 that fails in i586 architecture
* Added patch curl-disable-test1427-i586.patch
- Update to 7.55.0
Changes:
* curl: allow --header and --proxy-header read from file
* getinfo: provide sizes as curl_off_t
* curl: prevent binary output spewed to terminal
* curl: added --request-target
* curl: added --socks5-{basic,gssapi}: control socks5 auth
* libcurl: added CURLOPT_REQUEST_TARGET
* libcurl: added CURLOPT_SOCKS5_AUTH
Bugfixes:
* Security Fixes:
- glob: do not parse after a strtoul() overflow range
(CVE-2017-1000101, bsc#1051643)
- tftp: reject file name lengths that don't fit
(CVE-2017-1000100, bsc#1051644)
- file: output the correct buffer to the user
(CVE-2017-1000099, bsc#1051645)
* includes: remove curl/curlbuild.h and curl/curlrules.h
* dist: make the hugehelp.c not get regenerated unnecessarily
* timers: store internal time stamps as time_t instead of doubles
* progress: let "/current speed"/ be UL + DL speeds combined
* http-proxy: do the HTTP CONNECT process entirely non-blocking
* lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV
* fuzz: bring oss-fuzz initial code converted to C89
* configure: disable nghttp2 too if HTTP has been disabled
* mk-ca-bundle.pl: Check curl's exit code after certdata download
* test1148: verify the -# progressbar
* tests: stabilize test 2032 and 2033
* HTTPS-Proxy: don't offer h2 for https proxy connections
* http-proxy: only attempt FTP over HTTP proxy
* curl-compilers.m4: enable vla warning for clang
* curl-compilers.m4: enable double-promotion warning
* curl-compilers.m4: enable missing-variable-declarations clang
warning
* curl-compilers.m4: enable comma clang warning
* CURLOPT_PREQUOTE: not supported for SFTP
* http2: fix OOM crash
* PIPELINING_SERVER_BL: cleanup the internal list use
* mkhelp.pl: fix script name in usage text
* lib1521: add curl_easy_getinfo calls to the test set
* travis: do the distcheck test build out-of-tree as well
* if2ip: fix compiler warning in ISO C90 mode
* lib: fix the djgpp build
* typecheck-gcc: add support for CURLINFO_OFF_T
* travis: enable typecheck-gcc warnings
* maketgz: switch to xz instead of lzma
* CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
* curl/system.h: add check for XTENSA for 32bit gcc
* test1537: fixed memory leak on OOM
* test1521: fix compiler warnings
* curl: fix memory leak on test 1147 OOM
* libtest/make: generate lib1521.c dynamically at build-time
* curl_strequal.3: fix typo in SYNOPSIS
* progress: prevent resetting t_starttransfer
* openssl: improve fallback seed of PRNG with a time based hash
* http2: improved PING frame handling
* test1450: add simple testing for DICT
* make: build the docs subdir only from within src
* gtls: fix build when sizeof(long) < sizeof(void *)
* url: make the original string get used on subsequent transfers
* timeval.c: Use long long constant type for timeval assignment
* tool_sleep: typecast to avoid macos compiler warning
* travis.yml: use --enable-werror on debug builds
* test1451: add SMB support to the testbed
* configure: remove checks for 5 functions never used
* configure: try ldap/lber in reversed order first
* smb: fix build for djgpp/MSDOS
* travis: install nghttp2 on linux builds
* smb: add support for CURLOPT_FILETIME
* select.h: avoid macro redefinition harder
* runtests: support "/threaded-resolver"/ as a feature
* test506: skip if threaded-resolver
* cmake: remove spurious "/-l"/ from linker flags
* cmake: add CURL_WERROR for enabling "/warning as errors"/
* memdebug: don't setbuf() if the file open failed
* curl_easy_escape.3: mention the (lack of) encoding
* test1452: add telnet negotiation
* CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
* cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC
* tests/valgrind.supp: supress OpenSSL false positive seen on
travis
* curl_setup_once: Remove ERRNO/SET_ERRNO macros
* rtspd: fix MSVC level 4 warning
* sockfilt: suppress conversion warning with explicit cast
* libtest: fix MSVC warning C4706
* tests/server/resolve.c: fix deprecation warning
* nss: fix a possible use-after-free in SelectClientCert()
* checksrc: escape open brace in regex
* multi: mention integer overflow risk if using > 500 million
sockets
* timeval: struct curltime is a struct timeval replacement
* curl_rtmp: fix a compiler warning
* include.d: clarify that it concerns the response headers
* cmake: support make uninstall
* include.d: clarify --include is only for response headers
* libcurl: Stop using error codes defined under CURL_NO_OLDIES
* http: fix response code parser to avoid integer overflow
* configure: fix the check for IdnToUnicode
* multi: fix request timer management
* curl_threads: fix MSVC compiler warning
* cmake: set MSVC warning level to 4
* netrc: skip lines starting with '#'
* FTP: skip unnecessary CWD when in nocwd mode
* gssapi: fix memory leak of output token in multi round context
* getparameter: avoid returning uninitialized 'usedarg'
* curl (debug build) easy_events: make event data static
* curl: detect and bail out early on parameter integer overflows
- Removed patch curl-invalid-free.patch
- Update License to 'curl' as per review on OBS sr#505976.
- Have the -mini packages conflict the real ones.
- Add curl-invalid-free.patch to fix an invalid free in
curl_multi_setopt function.
- Update to 7.54.1
Changes:
* curl now shows release date in --version output
Bugfixes:
* Fixes CVE-2017-9502: default protocol drive letter
buffer overflow bsc#1044243
* openssl: fix memory leak in servercert
* curl: set a 100K buffer size by default
* nss: do not leak PKCS #11 slot while loading a key
* nss: load libnssckbi.so if no other trust is specified
* curl: use utimes instead of obsolescent utime when available
* url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZE
* CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum size
* curl: non-boolean command line args reject --no- prefixes
* telnet: Write full buffer instead of byte-by-byte
* curl: remove --environment and tool_writeenv.c
* curl: generate the --help output
* curl.1: clarify --config
* curl.1: mention --oauth2-bearer's argument
* ssh: fix memory leak in disconnect due to timeout
* redirect: store the "/would redirect to"/ URL when max redirs is reached
* file: make speedcheck use current time for checks
* urlglob: fix division by zero
- Create curl-mini for bootstrapping (boo#1042919)
- Update to 7.54.0
Changes:
* Add CURL_SSLVERSION_MAX_* constants to CURLOPT_SSLVERSION
* Add --max-tls
* Add CURLOPT_SUPPRESS_CONNECT_HEADERS
* Add --suppress-connect-headers
Bugfixes:
* CVE-2017-7468: switch off SSL session id when client cert is used
* bsc#1033413
* tests: use consistent environment variables for setting charset
* proxy: fixed a memory leak on OOM
* ftp: removed an erroneous free in an OOM path
* ftp: fixed a NULL pointer dereference on OOM
* gopher: fixed detection of an error condition from Curl_urldecode
* url: fix unix-socket support for proxy-disabled builds
* fix potential use of uninitialized variables
* ares: return error at once if timed out before name resolve starts
* URL: return error on malformed URLs with junk after port number
* http2: Fix assertion error on redirect with CL=0
* --insecure: clarify that this option is for server connections
* authneg: clear auth.multi flag at http_done
* curl_easy_reset: Also reset the authentication state
* proxy: skip SSL initialization for closed connections
* http_proxy: ignore TE and CL in CONNECT 2xx responses
* multi: fix streamclose() crash in debug mode
* openssl: fall back on SSL_ERROR_* string when no error detail
* asiohiper: make sure socket is open in event_cb
* curl: check for end of input in writeout backslash handling
* openssl: exclude DSA code when OPENSSL_NO_DSA is defined
* http: Fix proxy connection reuse with basic-auth
* pause: handle mixed types of data when paused
* http: do not treat FTPS over CONNECT as HTTPS
* conncache: make hashkey avoid malloc
* multi: fix queueing of pending easy handles
* low_speed_limit: improved function for longer time periods
* nss: load CA certificates even with --insecure
* Curl_expire_latest: ignore already expired timers
* http2: fix handle leak in error path
* openssl: make SSL_ERROR_to_str more future-proof
* openssl: fix thread-safety bugs in error-handling
* openssl: don't try to print nonexistant peer private keys
- Update to 7.53.1
Bugfixes:
* url: Improve CURLOPT_PROXY_CAPATH error handling
* urldata: include curl_sspi.h when Windows SSPI is enabled
* formdata: check for EOF when reading from stdin
* tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047
* url: Default the proxy CA bundle location to CURL_CA_BUNDLE
* rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header
- Update to 7.53.0
Changes:
* unix_socket: added --abstract-unix-socket and
CURLOPT_ABSTRACT_UNIX_SOCKET
* CURLOPT_BUFFERSIZE: support enlarging receive buffer
Bugfixes:
* CVE-2017-2629: make SSL_VERIFYSTATUS work again
* gnutls-random: check return code for failed random
* openssl-random: check return code when asking for random
* http: remove "/Curl_http_done: called premature"/ message
* cyassl: use time_t instead of long for timeout
* build-wolfssl: Sync config with wolfSSL 3.10
* ftp-gss: check for init before use
* configure: accept --with-libidn2 instead
* ftp: failure to resolve proxy should return that error code
* curl.1: add three more exit codes
* docs/ciphers: link to our own new page about ciphers
* vtls: s/SSLEAY/OPENSSL - fixes multi_socket timeouts with openssl
* darwinssl: fix iOS build
* darwinssl: fix CFArrayRef leak
* cmake: use crypt32.lib when building with OpenSSL on windows
* curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked
* digest_sspi: copy terminating NUL as well
* curl: fix --remote-time incorrect times on Windows
* curl.1: several updates and corrections
* content_encoding: change return code on a failure
* curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use
* docs: TCP_KEEPALIVE start and interval default to 60
* darwinssl: --insecure overrides --cacert if both settings are in use
* TheArtOfHttpScripting: grammar
* CIPHERS.md: document GSKit ciphers
* wolfssl: support setting cipher list
* wolfssl: display negotiated SSL version and cipher
* lib506: fix build for Open Watcom
* asiohiper: improved socket handling
* examples: make the C++ examples follow our code style too
* tests/sws: retry send() on EWOULDBLOCK
* cmake: Fix passing _WINSOCKAPI_ macro to compiler
* smtp: Fix STARTTLS denied error message
* imap/pop3: don't print response character in STARTTLS denied messages
* rand: make it work without TLS backing
* url: fix parsing for when 'file' is the default protocol
* url: allow file://X:/path URLs on windows again
* gnutls: check for alpn and ocsp in configure
* IDN: Use TR46 'non-transitional' for toASCII translations
* url: Fix NO_PROXY env var to work properly with --proxy option
* CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char*
* docs: Add note about libcurl copying strings to CURLOPT_* manpages
* curl: reset the easy handle at --next
* --next docs: --trace and --trace-ascii are also global
* --write-out docs: 'time_total' is not always shown with ms precision
* http: print correct HTTP string in verbose output when using HTTP/2
* docs: improved language in README.md HISTORY.md CONTRIBUTE.md
* http2: disable server push if not requested
* nss: use the correct lock in nss_find_slot_by_name()
* usercertinmem.c: improve the short description
* CURLOPT_CONNECT_TO: Fix compile warnings
* docs: non-blocking SSL handshake is now supported with NSS
* *.rc: escape non-ASCII/non-UTF-8 character for clarity
* mbedTLS: fix multi interface non-blocking handshake
* PolarSSL: fix multi interface non-blocking handshake
* VC: remove the makefile.vc6 build infra
* telnet: fix windows compiler warnings
* cookies: do not assume a valid domain has a dot
* polarssl: fix hangs
* gnutls: disable TLS session tickets
* mbedtls: disable TLS session tickets
* mbedtls: implement CTR-DRBG and HAVEGE random generators
* openssl: Don't use certificate after transferring ownership
* cmake: Support curl --xattr when built with cmake
* OS400: Fix symbols
* docs: Add more HTTPS proxy documentation
* docs: use more HTTPS links
* cmdline-opts: Fixed build and test in out of source tree builds
* CHANGES.0: removed
* schannel: Remove incorrect SNI disabled message
* darwinssl: Avoid parsing certificates when not in verbose mode
* test552: Fix typos
* telnet: Fix typos
* transfer: only retry nobody-requests for HTTP
* http2: reset push header counter fixes crash
* nss: make FTPS work with --proxytunnel
* test1139: Added the --manual keyword since the manual is required
* polarssl, mbedtls: Fix detection of pending data
* http_proxy: Fix tiny memory leak upon edge case connecting to proxy
* URL: only accept "/;options"/ in SMTP/POP3/IMAP URL schemes
* curl.1: ftp.sunet.se is no longer an FTP mirror
* tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
* http2: fix memory-leak when denying push streams
* configure: Allow disabling pthreads, fall back on Win32 threads
* curl: fix typo in time condition warning message
* axtls: adapt to API changes
* tool_urlglob: Allow a glob range with the same start and stop
* winbuild: add note on auto-detection of MACHINE in Makefile.vc
* http: fix missing 'Content-Length: 0' while negotiating auth
* proxy: fix hostname resolution and IDN conversion
* docs: fix timeout handling in multi-uv example
* digest_sspi: Fix nonce-count generation in HTTP digest
* sftp: improved checks for create dir failures
* smb: use getpid replacement for windows UWP builds
* digest_sspi: Handle 'stale=TRUE' directive in HTTP digest
- Remove curl-7.52.1-idn-fixes.patch, fixed upstream.
- build with libidn2 for IDNA2008 support
FATE#321897 CVE-2016-8625 bsc#1005649
add curl-7.52.1-idn-fixes.patch to fix test, among other things
- re-enable tests that are no longer failing,
remove curl-disable_failing_tests.patch
- Update to 7.52.1
Bugfixes:
* CVE-2016-9594: unititialized random bsc#1016738
- Update to 7.52.0
Changes:
* nss: map CURL_SSLVERSION_DEFAULT to NSS default
* vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3
* curl: introduce the --tlsv1.3 option to force TLS 1.3
* curl: Add --retry-connrefused
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
* curl: add --fail-early
Bugfixes:
* CVE-2016-9586: printf floating point buffer overflow
* curl -w: added more decimal digits to timing counters
* easy: Initialize info variables on easy init and duphandle
* http2: Don't send header fields prohibited by HTTP/2 spec
* ssh: check md5 fingerprints case insensitively (regression)
* openssl: initial TLS 1.3 adaptions
* SPNEGO: Fix memory leak when authentication fails
* realloc: use Curl_saferealloc to avoid common mistakes
* openssl: make sure to fail in the unlikely event that PRNG
seeding fails
* URL-parser: for file://[host]/ URLs, the [host] must be localhost
* timeval: prefer time_t to hold seconds instead of long
* glob: fix [a-c] globbing regression
* curl.1: Clarify --dump-header only writes received headers
* http2: Fix address sanitizer memcpy warning
* http2: Use huge HTTP/2 windows
* connects: Don't mix unix domain sockets with regular ones
* url: Fix conn reuse for local ports and interfaces
* x509: Limit ASN.1 structure sizes to 256K
* http2: check nghttp2_session_set_local_window_size exists
* http2: Fix crashes when parent stream gets aborted
* CURLOPT_CONNECT_TO: Skip non-matching "/connect-to"/ entries
* URL parser: reject non-numerical port numbers
* CONNECT: reject TE or CL in 2xx responses
* CONNECT: read responses one byte at a time
* curl: support zero-length argument strings in config files
* openssl: don't use OpenSSL's ERR_PACK
* curl.1: generated with the new man page system
* curl_easy_recv: Improve documentation and example program
* Curl_getconnectinfo: avoid checking if the connection is closed
* CIPHERS.md: attempt to document TLS cipher names
- Update to 7.51.0
Changes:
* nss: additional cipher suites are now accepted by
CURLOPT_SSL_CIPHER_LIST
* New option: CURLOPT_KEEP_SENDING_ON_ERROR
Bugfixes:
* CVE-2016-8615: cookie injection for other servers
* CVE-2016-8616: case insensitive password comparison
* CVE-2016-8617: OOB write via unchecked multiplication
* CVE-2016-8618: double-free in curl_maprintf
* CVE-2016-8619: double-free in krb5 code
* CVE-2016-8620: glob parser write/read out of bounds
* CVE-2016-8621: curl_getdate read out of bounds
* CVE-2016-8622: URL unescape heap overflow via integer truncation
* CVE-2016-8623: Use-after-free via shared cookies
* CVE-2016-8624: invalid URL parsing with '#'
* CVE-2016-8625: IDNA 2003 makes curl use wrong host
* openssl: fix per-thread memory leak using 1.0.1 or 1.0.2
* http: accept "/Transfer-Encoding: chunked"/ for HTTP/2 as well
* LICENSE-MIXING.md: update with mbedTLS dual licensing
* examples/imap-append: Set size of data to be uploaded
* test2048: fix url
* darwinssl: disable RC4 cipher-suite support
* CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting
* openssl: don’t call CRYTPO_cleanup_all_ex_data
* libressl: fix version output
* easy: Reset all statistical session info in curl_easy_reset
* curl_global_cleanup.3: don't unload the lib with sub threads running
* dist: add CurlSymbolHiding.cmake to the tarball
* docs: Remove that --proto is just used for initial retrieval
* configure: Fixed builds with libssh2 in a custom location
* curl.1: --trace supports % for sending to stderr!
* cookies: same domain handling changed to match browser behavior
* formpost: trying to attach a directory no longer crashes
* CURLOPT_DEBUGFUNCTION.3: fixed unused argument warning
* formpost: avoid silent snprintf() truncation
* ftp: fix Curl_ftpsendf
* mprintf: return error on too many arguments
* smb: properly check incoming packet boundaries
* GIT-INFO: remove the Mac 10.1-specific details
* resolve: add error message when resolving using SIGALRM
* cmake: add nghttp2 support
* dist: remove PDF and HTML converted docs from the releases
* configure: disable poll() in macOS builds
* vtls: only re-use session-ids using the same scheme
* pipelining: skip to-be-closed connections when pipelining
* win: fix Universal Windows Platform build
* curl: do not set CURLOPT_SSLENGINE to DEFAULT automatically
* maketgz: make it support "/only"/ generating version info
* Curl_socket_check: add extra check to avoid integer overflow
* gopher: properly return error for poll failures
* curl: set INTERLEAVEDATA too
* polarssl: clear thread array at init
* polarssl: fix unaligned SSL session-id lock
* polarssl: reduce #ifdef madness with a macro
* curl_multi_add_handle: set timeouts in closure handles
* configure: set min version flags for builds on mac
* INSTALL: converted to markdown => INSTALL.md
* curl_multi_remove_handle: fix a double-free
* multi: fix inifinte loop in curl_multi_cleanup()
* nss: fix tight loop in non-blocking TLS handhsake over proxy
* mk-ca-bundle: Change URL retrieval to HTTPS-only by default
* mbedtls: stop using deprecated include file
* docs: fix req->data in multi-uv example
* configure: Fix test syntax for monotonic clock_gettime
* CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
- Refresh libcurl-ocloexec.patch
- update to 7.50.3
Bugfixes:
* CVE-2016-7167: escape and unescape integer overflows
* mk-ca-bundle.pl: use SHA256 instead of SHA1
* checksrc: detect strtok() use
* errors: new alias CURLE_WEIRD_SERVER_REPLY
* http2: support > 64bit sized uploads
* openssl: fix bad memory free (regression)
* CMake: hide private library symbols
* http: refuse to pass on response body when NO_NODY is set
* cmake: fix curl-config --static-libs
* mbedtls: switch off NTLM in build if md4 isn't available
* curl: --create-dirs on windows groks both forward and
backward slashes
- update to 7.50.2
Bugfixes:
* mbedtls: Added support for NTLM
* SSH: fixed SFTP/SCP transfer problems
* multi: make Curl_expire() work with 0 ms timeouts
* mk-ca-bundle.pl: -m keeps ca cert meta data in output
* TFTP: Fix upload problem with piped input
* CURLOPT_TCP_NODELAY: now enabled by default
* mbedtls: set verbose TLS debug when MBEDTLS_DEBUG is defined
* http2: always wait for readable socket
* cmake: Enable win32 large file support by default
* cmake: Enable win32 threaded resolver by default
* winbuild: Avoid setting redundant CFLAGS to compile commands
* curl.h: make CURL_NO_OLDIES define CURL_STRICTER
* docs: make more markdown files use .md extension
* docs: CONTRIBUTE and LICENSE-MIXING were converted to markdown
* winbuild: Allow changing C compiler via environment variable CC
* rtsp: accept any RTSP session id
* HTTP: retry failed HEAD requests on reused connections too
* configure: add zlib search with pkg-config
* openssl: accept subjectAltName iPAddress if no dNSName match
* MANUAL: Remove invalid link to LDAP documentation
* socks: improved connection procedure
* proxy: reject attempts to use unsupported proxy schemes
* proxy: bring back use of "/Proxy-Connection:"/
* curl: allow "/pkcs11:"/ prefix for client certificates
* spnego_sspi: fix memory leak in case *outlen is zero
* SOCKS: improve verbose output of SOCKS5 connection sequence
* SOCKS: display the hostname returned by the SOCKS5 proxy server
* http/sasl: Query authentication mechanism supported by SSPI before using
* sasl: Don't use GSSAPI authentication when domain name not specified
* win: Basic support for Universal Windows Platform apps
* nss: fix incorrect use of a previously loaded certificate from file,
https://curl.haxx.se/docs/adv_20160907.html
* nss: work around race condition in PK11_FindSlotByName()
* ftp: fix wrong poll on the secondary socket
* openssl: build warning-free with 1.1.0 (again)
* HTTP: stop parsing headers when switching to unknown protocols
* test219: Add http as a required feature
* TLS: random file/egd doesn't have to match for conn reuse
* schannel: Disable ALPN for Wine since it is causing problems
* http2: make sure stream errors don't needlessly close the connection
* http2: return CURLE_HTTP2_STREAM for unexpected stream close
* darwinssl: --cainfo is intended for backward compatibility only
* speed caps: not based on average speeds anymore
* configure: make the cpp -P detection not clobber CPPFLAGS
* http2: use named define instead of magic constant in read callback
* http2: skip the content-length parsing, detect unknown size
* http2: return EOF when done uploading without known size
* darwinssl: test for errSecSuccess in PKCS12 import rather than noErr
* openssl: fix CURLINFO_SSL_VERIFYRESULT
- update to 7.50.1
Bugfixes:
* TLS: switch off SSL session id when client cert is used
* TLS: only reuse connections with the same client cert
* curl_multi_cleanup: clear connection pointer for easy handles
* include the CURLINFO_HTTP_VERSION man page into the release tarball
* include the http2-server.pl script in the release tarball
* test558: fix test by stripping file paths from FD lines
* spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration
* tests: Fix for http/2 feature
* cmake: Fix for schannel support
* curl.h: make public types void * again
* win32: fix a potential memory leak in Curl_load_library
* travis: fix OSX build by re-installing libtool
* mbedtls: Fix debug function name
- removed 0001-tests-distribute-the-http2-server.pl-script-too.patch
- update to 7.50.0
Changes:
* http: add CURLINFO_HTTP_VERSION and %{http_version}
Bugfixes:
* openssl: fix build with OPENSSL_NO_COMP
* cmake: Added missing mbedTLS support
* URL parser: allow URLs to use one, two or three slashes
* curl: fix -q [regression]
* openssl: Use correct buffer sizes for error messages
* curl: fix SIGSEGV while parsing URL with too many globs
* vtls: fix ssl session cache race condition
* http: Fix HTTP/2 connection reuse [regression]
* checksrc: Add LoadLibrary to the banned functions list
* configure: occasional ignorance of --enable-symbol-hiding with GCC
* http2: test17xx are the first real HTTP/2 tests
* resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS
* curl_multi_socket_action.3: rewording
* CURLOPT_POSTFIELDS.3: Clarify what happens when set empty
* cmake: Fix build with winldap
* openssl: fix cert check with non-DNS name fields present
* curl.1: mention the units for the progress meter
* openssl: use more 'const' to fix build warnings with 1.1.0 branch
* cmake: now using BUILD_TESTING=ON/OFF
* vtls: Only call add/getsession if session id is enabled
* headers: forward declare CURL, CURLM and CURLSH as structs
* configure: improve detection of CA bundle path on FreeBSD
* SFTP: set a generic error when no SFTP one exists
* curl_global_init.3: expand on the SSL and WIN32 bits purpose
* conn: don't free easy handle data in handler->disconnect
* cookie.c: Fix misleading indentation
* library: Fix memory leaks found during static analysis
* CURLMOPT_SOCKETFUNCTION.3: fix typo
* curl_global_init: moved the "/IPv6 works"/ check here
* connect: disable TFO on Linux when using SSL
* vauth: Fixed memory leak due to function returning without free
- refresh libcurl-ocloexec.patch
- disable tests 1139 and 1140 which fail due to missing manpage
* add curl-disable_failing_tests.patch
- ship http2_server.pl for testing
* add 0001-tests-distribute-the-http2-server.pl-script-too.patch
- curl 7.49.1:
* http2: use HTTP/2 in the HTTP/1.1-alike response
* ssh: fix build for libssh2 before 1.2.6
* a number of bug and build fixes
- curl 7.49.0:
* schannel: Add ALPN support
* SSH: support CURLINFO_FILETIME
* SSH: new CURLOPT_QUOTE command "/statvfs"/
* wolfssl: Add ALPN support
* http2: added --http2-prior-knowledge
* http2: added CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE
* libcurl: added CURLOPT_CONNECT_TO
* curl: added --connect-to
* libcurl: added CURLOPT_TCP_FASTOPEN
* curl: added --tcp-fastopen
* curl: remove support for --ftpport, -http-request and --socks
* a number of bug and build fixes
- update upstream signing key and download URLs
- 0001-Fix-invalid-Network-is-unreachable-errors.patch is upstream
- Depend on libssh2 >= 1.6.0 since curl depends on the
libssh2_scp_recv2 symbol now. Fixes boo#983170
- Add 0001-Fix-invalid-Network-is-unreachable-errors.patch.
Fixes "/Network is unreachable"/ errors in valid situations when ipv6
is not available but ipv4 is working fine. This also fixes the same
error from happening in applications using libcurl4 (like zypper).
(bsc#915846)
- Update to 7.48.0
* configure: --with-ca-fallback: use built-in TLS CA fallback
* TFTP: add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS
* getinfo: CURLINFO_TLS_SSL_PTR supersedes CURLINFO_TLS_SESSION
* Lots of bugfixes, see https://curl.haxx.se/changes.html#7_48_0
- Drop curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff,
superseded by --with-ca-fallback configure option.
- curl 7.47.1:
* getredirect.c: fix variable name
* tool_doswin: silence unused function warning
* curl.1: Explain remote-name behavior if file already exists
* sasl_sspi: Fix memory leak in domain populate
* openssl: Fix signed/unsigned mismatch warning in X509V3_ext
- Enable PSL (Publix Suffix List)
- Make building more verbose
- update to 7.47.0
* fixes CVE-2016-0755 (bsc#962983)
(NTLM credentials not-checked for proxy connection re-use)
* drop curl-fix-zsh-completion.patch (upstream)
Changes:
* version: Add flag CURL_VERSION_PSL for libpsl
* http: added CURL_HTTP_VERSION_2TLS to do HTTP/2 for HTTPS only
* curl: use 2TLS by default
* curl --expect100-timeout: added
* Add .dir-locals and set c-basic-offset to 2 (for emacs)
- Fix path to curl in zsh.pl to unbreak _curl completion
* curl-fix-zsh-completion.patch
- Update to 7.46.0
* Added CURLOPT_STREAM_DEPENDS
* Added CURLOPT_STREAM_DEPENDS_E
* Added CURLOPT_STREAM_WEIGHT
* Added CURLFORM_CONTENTLEN
* oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP,
POP3 and SNMP
* Many bugfixes, see http://curl.haxx.se/changes.html#7_46_0 for the
complete list.
- revert the curl-config change for bsc#900419 until we have a better
fix, because it was breaking builds of other packages
- Enable HTTP/2 support, buildrequires pkgconfig(libnghttp2)
- Update to 7.45.0
* added CURLOPT_DEFAULT_PROTOCOL
* added new tool option --proto-default
* getinfo: added CURLINFO_ACTIVESOCKET
* turned CURLINFO_* option docs as stand-alone man pages
* curl: point out unnecessary uses of -X in verbose mode
- Drop curl-disable_failing_tests.patch as it is now part of
upstream
- drop a hack that made curl-config print only -lcurl (bsc#900419)
* --as-needed is used by default now
- update to 7.44.0
http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA
examples: added http2-serverpush.c
http2: added curl_pushheader_byname() and curl_pushheader_bynum()
docs: added CODE_OF_CONDUCT.md
curl: Add --ssl-no-revoke to disable certificate revocation checks
libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS
makefile: Added support for VC14
- dropped unexpire-test46.patch (upstream)
- unexpire-test46.patch: Unexpire test 46
- do not run flaky tests for any architecture (bnc#940009)
at least test 1510 do fail for i586 and ppc64le
- fix a typo in curl-secure-getenv.patch (bsc#936676)
- Update to 7.43.0
* Added CURLOPT_PROXY_SERVICE_NAME
* Added CURLOPT_SERVICE_NAME
* New curl option: --proxy-service-name
* Mew curl option: --service-name
* New curl option: --data-raw
* Added CURLOPT_PIPEWAIT
* Added support for multiplexing transfers using HTTP/2, enable
this with the new CURLPIPE_MULTIPLEX bit for
CURLMOPT_PIPELINING
* HTTP/2: requires nghttp2 1.0.0 or later
* scripts: add zsh.pl for generating zsh completion
* curl.h: add CURL_HTTP_VERSION_2
* CVE-2015-3236: lingering HTTP credentials in connection re-use
* CVE-2015-3237: SMB send off unrelated memory contents
- Disable HTTP/2 as it would create build cycle
- enable HTTP/2 support
- make the testsuite failure fatal
* added curl-disable_failing_tests.patch
* added groff to BuildRequires to enable builtin manual (test 1026)
- update to 7.42.1
* fixes CVE-2015-3153 (bnc#928533)
- sensitive HTTP server headers also sent to proxies
- rename curl-devel to libcurl-devel in baselibs.conf
- update to 7.42.0
* refresh libcurl-ocloexec.patch
- fixes security vulnerabilities:
* CVE-2015-3143 (bnc#927556)
- Re-using authenticated connection when unauthenticated
* CVE-2015-3144 (bnc#927608)
- host name out of boundary memory access
* CVE-2015-3145 (bnc#927607)
- cookie parser out of boundary memory access
* CVE-2015-3148 (bnc#927746)
- Negotiate not treated as connection-oriented
- don't hardcode /etc/ssl/certs. Use openssl's default instead
(curl-7.41.0-use-openssl-s-built-in-verify-path-as-fallback.diff)
- update to 7.41.0:
* Changes:
NetWare build: added TLS-SRP enabled build
winbuild: Added option to build with c-ares
Added --cert-status
Added CURLOPT_SSL_VERIFYSTATUS
sasl: implement EXTERNAL authentication mechanism
- Re-enable metalink supoort
- Use pkgconfig() style dependencies
- update to 7.40.0:
* fixes CVE-2014-8150 (bnc#911363)
* Changes:
http_digest: Added support for Windows SSPI based authentication
version info: Added Kerberos V5 to the supported features
Makefile: Added VC targets for WinIDN
config-win32: Introduce build targets for VS2012+
SSL: Add PEM format support for public key pinning
smtp: Added support for the conversion of Unix newlines during mail send
smb: Added initial support for the SMB/CIFS protocol
Added support for HTTP over unix domain sockets,
via CURLOPT_UNIX_SOCKET_PATH and --unix-socket
sasl: Added support for GSS-API based Kerberos V5 authentication
- build with PIE
- update to 7.39.0:
- changes:
SSLv3 is disabled by default
CURLOPT_COOKIELIST: Added "/RELOAD"/ command
build: Added WinIDN build configuration options to Visual Studio projects
ssh: improve key file search
SSL: public key pinning. Use CURLOPT_PINNEDPUBLICKEY and --pinnedpubkey
vtls: remove QsoSSL support, use gskit!
mk-ca-bundle: added SHA-384 signature algorithm
docs: added many examples for libcurl opts and other doc improvements
build: Added VC ssh2 target to main Makefile
MinGW: Added support to build with nghttp2
NetWare: Added support to build with nghttp2
build: added Watcom support to build with WinSSL
build: Added optional specific version generation of VC project files
... and a bunch of bugfixes
- refreshed libcurl-ocloexec.patch
- removed gpg-offline verification
- spec-cleaned curl.spec
- Ensure the curl command line tool always require
the same libcurl it was used for build, even expert users
got confused.
- cyrus-sasl
-
- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root
due to insecure tmp file usage. (bsc#1180669)
Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary
files.
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The packages cyrus-sasl and cyrus-sasl-saslauthd are built
without Berkely DB support. gdbm will be used instead of BDB.
The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Don’t prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- cyrus-sasl-saslauthd
-
- Remove Berkeley DB dependency (JIRA#SLE-12190)
The pacakges cyrus-sasl and cyrus-sasl-saslauthd are build
without Berkely DB support. gdbm will be used instead of BDB.
The pacakges cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are build
with Berkely DB support.
- Update to 2.1.27
* Added support for OpenSSL 1.1
* Added support for lmdb
* Lots of build fixes
* Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech
* DIGEST-MD5 plugin:
Fixed memory leaks
Fixed a segfault when looking for non-existent reauth cache
Prevent client from going from step 3 back to step 2
Allow cmusaslsecretDIGEST-MD5 property to be disabled
* GSSAPI plugin:
Added support for retrieving negotiated SSF
Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF
Properly compute maxbufsize AFTER security layers have been set
* SCRAM plugin:
Added support for SCRAM-SHA-256
* LOGIN plugin:
Don’t prompt client for password until requested by server
* NTLM plugin:
Fixed crash due to uninitialized HMAC context
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- bsc#983938 `After=syslog.target` left-overs in several unit files
- added patches:
fix_libpq-fe_include.diff for fixing including libpq-fe.h
- removed patches obsoleted by upstream changes:
* shared_link_on_ppc.patch
* cyrus-sasl-2.1.27-openssl-1.1.0.patch
* 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* 0003-Check-return-error-from-gss_wrap_size_limit.patch
* 0004-Add-support-for-retrieving-the-mech_ssf.patch
* 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
* cyrus-sasl-fix-logging-in-gssapi.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
* Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
* Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
* Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
* Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- added backport-patch cyrus-sasl-bug587.patch which fixes
off-by-one error in _sasl_add_string function
(see CVE-2019-19906 bsc#1159635)
- bnc#1044840 syslog is polluted with messages "/GSSAPI client step 1"/
By server context the connection will be sent to the log function.
Client content does not have log level information. I.e. there is no
way to stop DEBUG level logs nece I've removed it.
* add cyrus-sasl-fix-logging-in-gssapi.patch
- OpenSSL 1.1 support (bsc#1055463)
* add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora
- added cyrus-sasl-issue-402.patch to fix
SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402
(see https://github.com/cyrusimap/cyrus-sasl/issues/402)
- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5
- really use SASLAUTHD_PARAMS variable (bnc#938657)
- bnc#908883 cyrus-sasl-scram refers to wrong RFC
- Make sure /usr/sbin/rcsaslauthd exists
- dapl
-
- Add ucm-mcm-fix-backlog-parameter-for-socket.patch to fix
a "/deadlock"/ that causes socket connection to timeout when
net.ipv4.tcp_syncookies=0. (bsc#1094657)
- Update to 2.1.10
* dtest_suite: add option to pause the test.
* dtestcm: add client retry, give server time to queue up all listens
* dtest: Add new man pages. (dtestx dtestcm dtestsrq)
* cma: fix open_query mode, initialize attributes
* ucm: up level CM timer logging, increase drep time at scale
* dtest: fix return value check on do_rdma_write_with_msg
* dtestx: check device capabilities and do atomic tests only if supported by HW
* common: set atomic attributes based on provider/device capabilities
* build: dtest_suite.sh was moved to test/scripts
* mpxyd: let TX thread sleep if no open devices are referenced
* mcm: when mmap req from MIC return with fail stat print WARN.
* dtest_suite: remove duplicate dtest_suite.sh
* dtest: enable -D option (data check) to work with scif provider
* dtest_suite: fix typo in user_string var
* mcm: remove logs from post send speed path
* mcm proxy: push WR from MIC to host with scif mmap memory instead of scif_send.
* dtest: the default size in pingpong test is set to 1 byte regardless to user input.
* dtest: cleanup 4 printfs from the middle of performance test, may reduce performance.
- Refresh patches against 2.1.10
- Merge .changes files with SLE12-SP3 (bsc#1041579)
- Add conflicts between dapl and dapl-debug packages for devel
and utils
- Rename dapl-utils tests to avoid conflicts with other packages (dateutils)
* dapltest => dapl-test
* dtest => dapl-utest
* dtestcm => dapl-testcm
* dtestsrq => dapl-testsrq
* dtestx => dapl-testx
- Remove librdmacm and libibverbs version dependencies
- Restore description of libdapl. Fix some grammar errors.
- Disable dapl on armv7hl
- Make dependencies on libs now coming from rdma-core versioned.
- Remove unused patch dapl-rename_dtest.patch
- Update to 2.1.8 git version (bsc#970668).
List of changes is too long so please see the included ChangeLog.
- Patches removed because the fixes are included upstream:
dapl-fix_type_punning.patch
dapl-autotools.patch
dapl-add-s390x-platform-support.patch
dapl-add-aarch64-platform-support.patch
dapl-add-s390x-platform-support.patch
- Add dapl-s390.patch so that the defines are also valid for s390
- add dapl-add-aarch64-platform-support.patch (fate#318444)
- revert last change
- Exclude aarch64 as there is currently no assembler code for this
architecture.
- Replace dapl-s390_support.patch with
dapl-add-s390x-platform-support.patch (bsc#934683).
- Fix library name in baselibs.conf.
- Tag baselibs.conf and dapl-rpmlintrc as source.
- libdapl*.so work like plugins, hence they do not get a separate
subpackage. So shut up rpmlint complaining about the package
name.
- Drop the dapl-doc sub package and move the man pages to the
packages containing the files/programs they describe.
- Also have dapl-utils conflict with dapl-debug-utils.
- Fix baselibs.conf to build libdat2-2-32bit.
- dapl-debug can't obsolete dapl or zypper will switch between the versions
all the time. They do conflict though
- Add dapl-rename_dtest.patch to rename dtest to dpltest because
of name clash with dateutils.
- Also rename the man page for dtest.
- Make dapl-devel and dapl-debug-devel obsolete each other.
- Readd s390 support (bnc#856126).
- Remove s390 support (bnc#856126).
- Add baselibs.conf and dapl-rpmlintrc as source.
- Fix dapl-fix_type_punning.patch.
- Fix type punning in cm.c
- Remove dapl-2.0.13-build_error.patch as it isn't needed anymore.
- Provide full source URL
- Fix typo in dapl_test.c.
- Reenable the code for s390x also for s390.
- Adapt dapl-fix_type_punning.patch to changed code.
- Fix obsoletes entry.
- Fix type punning with memcpy instead of unions.
- Update tp 2.0.42 from OFED 3.12 RC2.
Changes since 2.0.40:
* dapltest: increase DTO evd size to prevent CQ overflow on
limit_rpost test.
* Creation of reserved SP moves EP state to DAT_EP_STATE_RESERVED
even in failure cases. Reserve EP after successfully binding the
listening port.
* dapl: fix string bug in dapls_dto_op_str
This led to indexing off the end of the array and gave
surprising results for OP_RECV_UD.
* dapltest: change server port, from 45278 to 62000, out of
registered IANA range.
* dat: lower log level on load errors of provider library
* dat: dat_ia_open should close provider after failure
* dapltest: set default limit max to 1000
* openib: add new provider specific attributes
* dapltest: update scripts for regression testing purposes
* cl.sh and srv.sh update to provide better examples and
a methods to quickly regression test any dapltest changes.
* dapltest: Add final send/recv "/sync"/ for transaction tests.
For the complete and unabbreviated Changes please see the file
ChangeLog in the package documentation.
- Update to 2.0.40 (fate#315488):
dist: ib collective extension include files missing
dapltest: the quit command is missing changes for -n option.
Server-port was not being set properly during param init phase
on the client side.
dat.conf: remove v1, add Mellanox Connect-IB and Intel Xeon Phi
MIC.
NULL undefined on Fedora, incorrectly using kernel stddef.h
- Add dapl-autotools.patch to make autoreconf complain less.
- Update to 2.0.39 from 3.12 daily snapshot.
- Include dapl-s390_support.patch from IBM for s390 support.
- Remove now unneeded patches:
dapl-2.0.13-build_error.patch
- Use script to generate spec and changes for dapl-debug from the
dapl files.
- Build for s390x
- Add another filter to dapl-rpmlintrc as the packages for
the runtime library are named differently but contain a library
that's named the same.
- Reinstate the arch exclusion of s390(x).
- Recompress with bzip2.
- Remove redundant tags/sections from specfile
- Remove unjustified s390* arch exclusion
- Implement shared library policy
- Update to OFED 1.5.4.1 (dapl unchanged).
- Rename the package with tracing enabled dapl-tracing.
- Adapt baselibs.conf to new packages and names.
- Use one .spec and .changes file and create the -tracing
variants with pre_checkin.sh.
- Update FSF address in LICENSE3.txt.
- Put shared libs into a versioned package.
- Fix man pages
- Add a rpmlintrc to shut up warnings that can only be solved upstream.
- Use unions for type punning (dapl-type_punning.patch).
- Include stddef.h to get NULL defined.
- Require automake, autoconf and libtool.
- Provide obsoleted items.
- Update to OFED 1.5.4
- Don't recompress the tarball.
- Remove unneeded patches and adapt the remaining ones.
- Sed is also needed.
- After last change dapl needs cat so add prereq (bnc#688511).
- Don't remove the configuration for this dapl version on update
(bnc#676731).
- Use cat instead of multiple echos.
- Include /etc/dat.conf as %conf %ghost.
- Fix tmp race in post/postun (bnc#676700).
- Incorporate fixes done for the update in SLE10:
- Split off man pages into their own sub package that can be
required by compat-dapl.
- Fix type-punning in test app so that we don't need
- fno-strict-aliasing allowing better code optimisation.
- Also fix type punning in other files that the newer gcc in SLE11
detected.
- realigned-disconnect.patch fixing bnc#656702
- added cma-fix-debug-build-issue.patch fixing debug build.
- Let the caller detect EINTR (bnc#655518).
- Update to v2.0.30 from OFED 1.5.2
- Update to include more lines for dat.conf
- Patch to remove extra rdma_destroy_id() (bnc#647915)
- fix build on ia64: help configure dectecting suse_version
- Update to v2.0.19 from OFED 1.4.2
- dbus-1
-
- Add missing patch for CVE-2020-12049
* fix-upstream-CVE-2020-12049_2.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
(CVE-2020-12049, bsc#1172505)
* fix-upstream-CVE-2020-12049.patch
- Rebased fix-CVE-2019-12749.patch
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
* fix-upstream-userdb-constpointer.patch
* fix-upstream-CVE-2020-35512.patch
- Fix CVE-2019-12749 Authentication bypass (CVE-2019-12749 bsc#1137832)
* added fix-CVE-2019-12749.patch
- Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory
- Use %license instead of %doc [bsc#1082318]
- Avoid bashisms in scriptlets.
- Avoid ugly error message from %pre(install) script when installing
for the first time.
- Don't spit out a warning if /usr/bin/dbus-daemon does not exist
when we run the pre-script.
- Swap a missed libdir to libexecdir
- Do not hide errors during useradd.
- Fix dbus-daemon-launch-helper to use proper ref to libexecdir
- use %{_libexecdir}/dbus-1 as libexecdir
- Update to 1.12.2
Deprecations:
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
See the release notes for spec version 0.31 (in dbus 1.11.14).
• [Unix] Flag files in /var/run/console/${username} are deprecated.
See the release notes for 1.11.18.
New APIs:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="/true"/, send_broadcast="/false"/,
max_unix_fds="/N"/, min_unix_fds="/N"/ (for some integer N).
See the release notes for 1.11.18.
• dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returns a DBusError.
• New APIs around DBusMessageIter to simplify cleanup.
See the release notes for 1.11.16.
• The message bus daemon now implements the standard Introspectable,
Peer and Properties interfaces. See the release notes for
dbus 1.11.14 and spec version 0.31.
• DTDs for introspection XML and bus configuration are installed.
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
never uses Linux abstract sockets, which is advantageous for
containers. On non-Linux it is equivalent to unix:tmpdir=….
See the release notes for dbus 1.11.14 and spec version 0.31.
• [Unix] New option "/dbus-launch --exit-with-x11"/.
• [Unix] Session managers can create transient .service files in
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
Miscellaneous behaviour changes:
• [Unix] The session bus now logs to syslog if it was started by
dbus-launch.
• [Unix] Internal warnings are logged to syslog if configured.
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
or to stderr.
- Enabled "/make check test suite"/
- Patches removed, fixed upstream
* fix-upstream-drop-install-sections-from-user-services.patch
* fix-upstream-increase-backlog.patch
* fix-upstream-timeout-reset-1.patch
* fix-upstream-timeout-reset-2.patch
- boo#1027201 dbus-daemon not found
- boo#978477 systemd reseting under heavy load
* fix-upstream-timeout-reset-1.patch
* fix-upstream-timeout-reset-2.patch
- boo#1027200 don't generate machine-id in %post systemd will do it
on first boot.
- swap usage of /bin/false to /usr/bin/false
- Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1
- No need to set --libdir anymore now that prefix is /usr/bin,
* fixes boo#1047532
- No need to set --bindir, bindir in dbus-1-x11 was incorrect
- Other fixes required to properly change prefix
- Don't pass --with-initscripts we don't use them anymore.
- Update to 1.10.20
* Fixes:
+ Fix a reference leak when blocking on a pending call on a
connection that has been disconnected (fdo#101481, Shin-ichi
MORITA)
+ Don't put timestamps in the Doxygen-generated documentation,
for closer-to-reproducible builds (fdo#100692, Simon
McVittie)
+ Avoid an assertion failure when connecting to a
semicolon-separated series of addresses, one of which fails
(fdo#101257, Simon McVittie)
* Documentation:
+ Update git URIs in HACKING document to sync up with
cgit.freedesktop.org (fdo#100715, Simon McVittie)
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
* bsc#980928 increase listen() backlog of AF_UNIX sockets to
SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
entries
* bsc#867256 (No longer applicable)
* bsc#916785 (No longer applicable)
* bsc#1012564 (Not applicable)
* fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
* dbus-log-deny.patch to feature-suse-log-deny.patch
* dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch
* 0001-Add-RefuseManualStartStop.patch to
feature-suse-refuse-manual-start-stop.patch
* 0001-Drop-Install-sections-from-user-services.patch to
fix-upstream-drop-install-sections-from-user-services.patch
- Update to 1.10.18
* Fixes
+ Re-order dbus-daemon startup so that on SELinux systems, the
thread that reads AVC notifications retains the ability to
write to the audit log (fdo#92832, Debian #857660; Laurent
Bigonville)
+ Fix a harmless read overflow and some memory leaks in a unit
test (fdo#100568, Philip Withnall)
- Update to 1.10.16
Fixes:
* Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "/nonce"/, in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
(fd.o #99828, Simon McVittie) (bsc#1025950)
* Avoid symlink attacks in the "/embedded tests"/, which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie) (bsc#1025951)
* Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "/in flight"/ for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
* Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
Enhancements:
* Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
- A note for scripts bsc#974092 (remove sysvinit script) is already
fixed here.
- Don't restart dbus on upgrade - Includes temporary work around
for last version boo#1020301
- Add 0001-Add-RefuseManualStartStop.patch don't allow users to Manually
start or stop dbus.
- Add systemd unit files to start session bus via systemd
- Added patch:
* 0001-Drop-Install-sections-from-user-services.patch
+ remove install section from socket unit because it does not
need to be enabled explicitly (see fdo#92402)
- Requires systemd >= 209 and drop the compatibility pkg-config
names that don't exist in newer systemd
- Drop useless --with-pic which is only for static libs
- Abort installation when user/group creation fails
- Avoid calling %service_* more than once
- Build the dbus-1 package without X in the dbus-1.spec
- Move the dbus-launch.nox11 to the dbus-1 package and install
it by default
- Build devel-doc package in dbus-1.spec and don't build any
documentation in dbus-1-x11
- Make dbus-1-x11 package contains only the X11-enabled dbus-launch
- Fix some rpmlint warnings
- Delete the dbus-1-x11.spec.in file, since maintaining it is
more complicated then keeping in sync a dbus-1-x11.spec file of
less then 120 lines
- Create new subpackage: dbus-1-nox11
- contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
without X11
- Solves [bnc#934214]
- Update to 1.10.12
* Security fixes:
+ Do not treat ActivationFailure message received from
root-owned systemd name as a format string. In principle this
is a security vulnerability, but we do not believe it is
exploitable in practice, because only privileged processes can
own the org.freedesktop.systemd1 bus name, and systemd does
not appear to send activation failures that contain "/%"/.
Please note that this probably *was* exploitable in dbus
versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing
check which at the time was only thought to be a denial of
service vulnerability (CVE-2015-0245). If you are still
running one of those versions, patch or upgrade immediately.
(fdo#98157, bsc#1003898, Simon McVittie)
* Other fixes:
+ Harden dbus-daemon against malicious or incorrect
ActivationFailure messages by rejecting them if they do not
come from a privileged process, or if systemd activation is
not enabled (fdo#98157, Simon McVittie)
+ Avoid undefined behaviour when setting reply serial number
without going via union DBusBasicValue (fdo#98035, Marc Mutz)
+ autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
- Moved dbus-run-session from dbus-1-x11 to dbus-1 (bdo#836296)
- Update to 1.10.10
* Fixes:
+ On Linux, when dbus-daemon is run with reduced susceptibility
to the OOM killer (typically via systemd), do not let child
processes inherit that setting (fdo#32851;
Kimmo Hämäläinen, WaLyong Cho)
+ Output valid shell syntax in ~/.dbus/session-bus/ if the bus
address contains a semicolon (fdo#94746, Thiago Macieira)
+ Fix memory leaks and thread safety in subprocess starting on
Windows (fdo#95191, Ralf Habacker)
+ Do not require systemd to have a service file if using it for
activation (fdo#93194; Simon McVittie; backport from 1.11.0)
+ Stop test-dbus-daemon incorrectly failing on platforms that
cannot discover the process ID of clients (fdo#96653,
Руслан Ижбулатов)
+ In tests that exercise correct handling of crashing D-Bus
services, suppress Windows crash handler (fdo#95155;
Yiyang Fei, Ralf Habacker)
+ Explicitly check for stdint.h (Ioan-Adrian Ratiu)
+ update-activation-environment: produce better diagnostics on
error (fdo#96653, Simon McVittie)
+ Don't fail the build with an unused const variable warning
under gcc 6 (fdo#97282; Thomas Zimmermann, Simon McVittie)
+ Merge dbus-1.10-ci branch, containing backports from 1.11.0
in build/test code to support continuous integration
(fdo#93194, Simon McVittie)
- Avoid -Wunused-label when compiling with libselinux but no
libaudit
- In development builds, allow OOM tests to be disabled as
documented
- Accept and ignore the --tap argument in all "/embedded
tests"/, and run all automated tests with that argument for
better diagnostics
- Fix the systemd activation test under CMake by installing
the required files
- In Automake, fix shell syntax for installcheck-local with
no DESTDIR
- In Automake, don't try to run manual tests in installcheck
- In CMake, don't run manual-tcp test as an automated test
- Add travis-ci.org build machinery
- Update to 1.10.8
* Fixes:
+ Enable "/large file support"/ on systems where it exists:
dbus-daemon is not expected to open large files, but it might
need to stat files that happen to have large inode numbers
(fdo#93545, Hongxu Jia)
+ Eliminate padding inside DBusMessageIter on 64-bit platforms,
which might result in a pedantic C compiler not copying the
entire contents of a DBusMessageIter; statically assert that
this is not an ABI change in practice (fdo#94136, Simon
McVittie)
+ Document dbus-test-tool echo --sleep-ms=N instead of
incorrect --sleep=N (fdo#94244, Dmitri Iouchtchenko)
+ Correctly report test failures in C tests from run-test.sh
(fdo#93379; amit tewari, Simon McVittie)
+ When tests are enabled, run all the marshal-validate tests,
not just the even-numbered ones (fdo#93908, Nick Lewycky)
+ Correct the expected error from one marshal-validate test,
which was previously not run due to the above bug(fdo#93908,
Simon McVittie)
- Update to 1.10.6
* Fixes:
- On Unix when running tests as root, don't assert that root
and the dbus-daemon user can still call
UpdateActivationEnvironment; assert that those privileged
users can call BecomeMonitor instead (fdo#93036, Simon
McVittie)
- On Windows, fix a memory leak in the autolaunch transport
(fdo#92899, Simon McVittie)
- On Windows Autotools builds, don't run tests that rely on
dbus-run-session and other Unix-specifics (fdo#92899, Simon
McVittie)
- Update to 1.10.4
* Changes between 1.10.2 and 1.10.4
- Enhancements:
+ GetConnectionCredentials, GetConnectionUnixUser and
GetConnectionUnixProcessID with argument
"/org.freedesktop.DBus"/ will now return details of the
dbus-daemon itself. This is required to be able to call
SetEnvironment on systemd. (fdo#92857, Jan Alexander
Steffens)
- Fixes:
+ Make UpdateActivationEnvironment always fail with
AccessDenied on the system bus. Previously, it was
possible to configure it so root could call it, but the
environment variables were not actually used, because the
launch helper would discard them. (fdo#92857, Jan Alexander
Steffens)
+ On Unix with --systemd-activation on a user bus, make
UpdateActivationEnvironment pass on its arguments to
systemd's SetEnvironment method, solving inconsistency
between the environments used for traditional activation
and systemd user-service activation. (fdo#92857, Jan
Alexander Steffens)
+ On Windows, don't crash if <syslog/> or --syslog is used
(fdo#92538, Ralf Habacker)
+ On Windows, fix a memory leak when setting a DBusError from
a Windows error (fdo#92721, Ralf Habacker)
+ On Windows, don't go into infinite recursion if we abort the
process with backtraces enabled (fdo#92721, Ralf Habacker)
+ Fix various failing tests, variously on Windows and
cross-platform:
. don't test system.conf features (users, groups) that only
make sense on the system bus, which is not supported on
Windows
. don't call _dbus_warn() when we skip a test, since it is
fatal
. fix computation of expected <standard_session_servicedirs/>
. when running TAP tests, translate newlines to Unix format,
fixing cross-compiled tests under Wine on Linux
. don't stress-test refcounting under Wine, where it's
really slow
. stop assuming that a message looped-back to the test will
be received immediately
. skip some system bus tests on Windows since they make no
sense there (fdo#92538, fdo#92721; Ralf Habacker, Simon
McVittie)
* Changes between 1.10.0 and 1.10.2
- Fixes:
+ Correct error handling for activation: if there are multiple
attempts to activate the same service and it fails
immediately, the first attempt would get the correct reply,
but the rest would time out. We now send the same error
reply to each attempt. (fdo#92200, Simon McVittie)
+ If BecomeMonitor is called with a syntactically invalid
match rule, don't crash with an assertion failure, fixing a
regression in 1.9.10. This was not exploitable as a denial
of service, because the check for a privileged user is done
first. (fdo#92298, Simon McVittie)
+ On Linux with --enable-user-session, add the bus address to
the environment of systemd services for better backwards
compatibility (fdo#92612, Jan Alexander Steffens)
+ On Windows, fix the logic for replacing the installation
prefix in service files' Exec lines (fdo#83539; Milan Crha,
Simon McVittie)
+ On Windows, if installed in the conventional layout with
${prefix}/etc and ${prefix}/share, use relative paths
between bus configuration files to allow the tree to be
relocated (fdo#92028, Simon McVittie)
+ Make more of the regression tests pass in Windows builds
(fdo#92538, Simon McVittie)
* Summary of major changes since 1.8.0:
- The basic setup for the well-known system and session buses is
now done in read-only files in ${datadir} (normally /usr/share).
- AppArmor integration has been merged, with features similar to
the pre-existing SELinux integration. It is mostly compatible
with the patches previously shipped by Ubuntu, with one
significant change: Ubuntu's GetConnectionAppArmorSecurityContext
method has been superseded by GetConnectionCredentials and was
not included.
- The --enable-user-session configure option can be enabled
by OS integrators intending to use systemd to provide a
session bus per user (in effect, treating all concurrent
graphical and non-graphical login sessions as one large session).
- The new listenable address mode "/unix:runtime=yes"/ listens on
$XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the
systemd user session. libdbus and "/dbus-launch --autolaunch"/
will connect to this address by default. GLib >= 2.45.3 and
sd-bus >= 209 have a matching default.
- All executables are now dynamically linked to libdbus-1.
Previously, some executables, most notably dbus-daemon, were
statically linked to a specially-compiled variant of libdbus.
This results in various private functions in the _dbus
namespace being exposed by the shared library. These are not
API, and must not be used outside the dbus source tree.
- On platforms with ELF symbol versioning, all public symbols
are versioned LIBDBUS_1_3.
* New bus APIs:
- org.freedesktop.DBus.GetConnectionCredentials returns
LinuxSecurityLabel where supported
- org.freedesktop.DBus.Monitoring interface (privileged)
. BecomeMonitor method supersedes match rules with eavesdrop=true,
which are now deprecated
- org.freedesktop.DBus.Stats interface (semi-privileged)
. now enabled by default
. new GetAllMatchRules method
- org.freedesktop.DBus.Verbose interface (not normally compiled)
. toggles the effect of DBUS_VERBOSE
* New executables:
- dbus-test-tool
- dbus-update-activation-environment
* New optional dependencies:
- The systemd: pseudo-transport requires libsystemd or libsd-daemon
- Complete documentation requires Ducktype and yelp-tools
- Full test coverage requires GLib 2.36 and PyGI
- AppArmor integration requires libapparmor and optionally libaudit
* Dependencies removed:
- dbus-glib
- Update to 1.8.20:
* Fixes:
- Fix a memory leak when GetConnectionCredentials() succeeds
(fdo#91008, Jacek Bukarewicz)
- Ensure that dbus-monitor does not reply to messages intended
for others (fdo#90952, Simon McVittie)
- Account for openSUSE:Leap in the conditional for chosing right
local state directories (boo#941352)
- Move common-begin sections around to make pre_checkin work again
- Unconditionally build with systemd features, there are no cycles
now, systemd no longer buildrequires dbus-1-devel
- Update to 1.8.18:
* Security hardening:
- On Unix platforms, change the default configuration for the
session bus to only allow EXTERNAL authentication (secure
kernel-mediated credentials-passing), as was already done for
the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on
strongly unpredictable pseudo-random numbers; under certain
circumstances (/dev/urandom unreadable or malloc() returns
NULL), dbus could fall back to using rand(), which does not
have the desired unpredictability. The fallback to rand() has
not been changed in this stable-branch since the necessary
code changes for correct error-handling are rather intrusive.
If you are using D-Bus over the (unencrypted!) tcp: or
nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1
and a shared home directory using NFS or similar, you will
need to reconfigure the session bus to accept DBUS_COOKIE_SHA1
by commenting out the <auth> element. This configuration is
not recommended. (bsc#931066, fdo#90414, Simon McVittie)
* Other fixes:
- Add locking to DBusCounter's reference count and notify
function (fdo#89297, Adrian Szyndela)
- Ensure that DBusTransport's reference count is protected by
the corresponding DBusConnection's lock (fdo#90312,
Adrian Szyndela)
- On Windows, listen on the same port for IPv4 and IPv6
(previously broken by an endianness mistake), and fix a
failure to bind TCP sockets on approximately 1 attempt in 256
(fdo#87999, Ralf Habacker)
- Correctly release DBusServer mutex before early-return if we
run out of memory while copying authentication mechanisms
(fdo#90021, Ralf Habacker)
- Correctly initialize all fields of DBusTypeReader (fdo#90021,
Ralf Habacker, Simon McVittie)
- Fix some missing n in verbose (debug log) messages
(fdo#90021, Ralf Habacker)
- Clean up some memory leaks in test code (fdo#90021,
Ralf Habacker)
- Sync changes from SLE12 conditionalized for suse_version <= 1315
- Update to 1.8.16:
* Security fixes:
- Do not allow non-uid-0 processes to send forged
ActivationFailure messages. On Linux systems with systemd
activation, this would allow a local denial of service:
unprivileged processes could flood the bus with these forged
messages, winning the race with the actual service activation
and causing an error reply to be sent back when service
auto-activation was requested. This does not prevent the real
service from being started, so it only works while the real
service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
Simon McVittie)
* Other fixes:
- fix a Windows build failure (fdo#88009, Ralf Habacker)
- on Windows, allow up to 8K connections to the dbus-daemon
instead of the previous 64, completing a previous fix which
only worked under Autotools (fdo#71297, Ralf Habacker)
- Update to 1.8.14
* Security hardening:
- Do not allow calls to UpdateActivationEnvironment from uids
other than the uid of the dbus-daemon. If a system service
installs unsafe security policy rules that allow arbitrary
method calls (such as CVE-2014-8148) then this prevents
memory consumption and possible privilege escalation via
UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is
avoided by dbus-daemon-launch-helper sanitizing its
environment; but it seems better to be safe.
- Do not allow calls to UpdateActivationEnvironment or the
Stats interface on object paths other than
/org/freedesktop/DBus. Some system services install unsafe
security policy rules that allow arbitrary method calls to
any destination, method and interface with a specified object
path; while less bad than allowing arbitrary method calls,
these security policies are still harmful, since dbus-daemon
normally offers the same API on all object paths and other
system services might behave similarly.
* Other fixes:
- Add missing initialization so GetExtendedTcpTable doesn't
crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
- Update to 1.8.12:
* Fixes:
- Partially revert the CVE-2014-3639 patch by increasing the
default authentication timeout on the system bus from 5
seconds back to 30 seconds, since this has been reported to
cause boot regressions for some users, mostly with parallel
boot (systemd) on slower hardware.
On fast systems where local users are considered particularly
hostile, administrators can return to the 5 second timeout
(or any other value in milliseconds) by saving this as
/etc/dbus-1/system-local.conf:
<busconfig>
<limit name="/auth_timeout"/>5000</limit>
</busconfig>
(fdo#86431, Simon McVittie)
- Add a message in syslog/the Journal when the auth_timeout is
exceeded (fdo#86431, Simon McVittie)
- Send back an AccessDenied error if the addressed recipient is
not allowed to receive a message (and in builds with
assertions enabled, don't assert under the same conditions).
(fdo#86194, Jacek Bukarewicz)
- Update to 1.8.10:
* Security fixes:
- Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fdo#85105; Simon McVittie, Alban Crequy)
- dejavu-fonts
-
- Update to 2.37
* Changes from 2.36 to 2.37
* Fix issue with empty glyphs in condensed typefaces in the released source files.
* Changes from 2.35 to 2.36
* Math: added DejaVu Math Tex Gyre by B. Jackowski, P. Strzelczyk and P. Pianowski (on behalf of TeX users groups)
* Sans: removed dot of U+06BA in all forms
* Sans: fixed position of three dots of U+06BD in init and medi forms (by Denis Jacquerye)
* Sans: corrected direction of contours in U+05E7 (by Lior Halphon]])
* Sans: added U+1F643 (by Olleg Samoylov)
* Serif: moved up U+0360-0361 (by Gee Fung Sit 薛至峰]])
* Serif: increased spacing of Roman numerals U+2161-2163, U+2165-2168, U+216A-216B (by Gee Fung Sit 薛至峰)
* Serif: fixed anchor position of U+00E6 (by Gee Fung Sit 薛至峰)
* Sans: fixed vertical position of U+20BA (by Gee Fung Sit 薛至峰)
* Sans, Serif: fixed glyph height of Block Elements (by Gee Fung Sit 薛至峰)
* Sans, Serif: added U+A698-A699 (by Gee Fung Sit 薛至峰)
* Sans, Mono, Serif: added U+037F (by Gee Fung Sit 薛至峰)
* Mono: added U+0376-0377, U+037B-037D (by Gee Fung Sit 薛至峰)
* Serif: removed duplicate point from U+1D05 (by Gee Fung Sit 薛至峰)
* Mono: added U+20BA, U+20BD (by Gee Fung Sit 薛至峰)
* Sans: Added moon symbols U+1F311-1F318 (by Ben Laenen)
- Update to 2.35:
* For details see: http://dejavu-fonts.org/wiki/Changelog
- Update to 2.34:
* This release includes the addition of Lisu, an update of Georgian,
the addition of some symbols and the addition and modification
of several Latin characters.
* Sans, SansMono, Serif: unlinked references of U+2596 for bug 50848
* Sans, SansMono, Serif: added U+A7AA
* Sans, SansMono, Serif: added U+2A6A, U+2A6B, U+2E1F based on U+223B
* Sans, Serif: removed superfluous ligature definitions for
ffl und ffi (bug 55363)
* Sans, Serif: swapped glyphs for U+25D2 and U+25D3 (bug 55197)
* Sans, Serif: added U+A740, U+A741
* Sans: added U+20BA Turkish Lira sign
* Sans: replaced Georgian Asomtavruli U+10A0-U+10C5 and Mkhedruli
U+10D0-U+10FC with new version
* Sans: added Georgian Nuskhuri U+2D00-U+U+2D25
* Sans: added Private Use Area glyphs for Georgian U+F400-U+F441
* Sans: tweaked U+0250, U+0254
* Sans: adjusted hinting of U+032C-U+032D, avoiding problem on
some platforms
* Sans: added U+A7A0-U+A7A9, pre-1921 Latvian letters with
oblique stroke
* Sans: added anchors to U+2C6D
* Sans: added cedilla anchor to some Latin characters
* Sans: added ogonek anchor to A, E, O, U, Y
* Sans: adjusted ogonek reference in U+0172, U+01EA, U+01EB
* Sans: added anchors to U+0104, U+0105
* Sans: added U+1F600, U+1F611, U+1F615, U+1F617, U+1F619,
U+1F61B, U+1F61F, U+1F626-U+1F627, U+1F62E-U+1F62F, U+1F634
* Sans: replaced U+27A1 with mirror image of U+2B05 for consistency
* Sans: copied hints from U+14A3, U+14A7 to U+2142-U+2143
* Sans: added Lisu block
* Sans: typographical improvements to U+0166-U+0167, U+02A6, U+02AA
* Sans: slightly change hinting of "/2"/ to fix bug 37395
* Sans: fixed U+1444 which had wrong top dot that shouldn't be there
* Sans: added anchors for diacritics to U+01B7, U+01B8, U+01B9, U+0292
* Sans: added U+01B7, U+01B8 to context for case diacritics above
* SansMono: fixed U+0574
* SansMono: added U+2016, U+27C2
* SansMono: added U+02CE, U+02CF
* SansMono: added U+2148, U+27E6-U+27E7, U+2B05-U+2B0D, U+1D55A
* Serif: added U+02BA, U+02C2-U+02C5, U+02CA-U+02CB, U+02D7, U+02F3,
U+02F7, U+046C-U+046D, U+0476-U+0477, U+1D7C-U+1D7F, U+20B8, U+2132,
U+214E, U+2C7B to Serif
* Serif: typographic improvements to U+0194, U+01B1, U+0263, U+028A,
U+02A6, U+02A8, U+02AA, U+02E0, U+03DC, U+1D3B, U+1D7B
* Serif: added small cap versions of q, x (in italic styles), delta,
theta, xi, sigma, phi, omega, not wired in yet
* Serif: added anchors to U+0234-U+0236
* Serif: added U+02EC, U+02EF, U+02F0, U+0360
- Added url as source.
Please see http://en.opensuse.org/SourceUrls
- amend spec file to reflect new font packaging scheme
(see openFATE#313536);
- call spec-cleaner
- license update: SUSE-Permissive
Use this SPDX proprietary extension tag until upstream SPDX adopts a
permissive category
- Renamed dejavu -> dejavu-fonts according to
openSUSE packaging guidelines and FATE#313035
Adjusted Obsoletes and Provides accordingly
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)
- update to version 2.33
* added Old Italic block to Sans
* added U+051E, U+051F to Sans
* added U+01BA, U+0372-U+0373, U+0376-U+0377, U+03CF, U+1D00-U+1D01,
U+1D03-U+1D07, U+1D0A-U+1D13, U+1D15, U+1D18-U+1D1C, U+1D20-U+1D2B,
U+1D2F, U+1D3D, U+1D5C-U+1D61, U+1D66-U+1D6B, U+1DB8, U+1E9C-U+1E9D,
U+1EFA-U+1EFB, U+2C60-U+2C61, U+2C63, U+A726-U+A73C, U+A73E-U+A73F,
U+A746-U+A747, U+A74A-U+A74B, U+A74E+U+A74F, U+A768-U+A769,
U+A77B-U+A77C, U+A780-U+A787, U+A790-U+A791, U+A7FA-U+A7FF to Serif
* added alternate forms to U+014A and U+01B7 in Serif
* typographical improvements to U+0166-U+0167, U+0197, U+01B5-U+01B6,
U+01BB, U+0222-U+0223, U+023D, U+0250-U+0252, U+026E, U+0274, U+028F,
U+029F, U+02A3-U+02A5, U+02AB, U+03FE-U+03FF, U+1D02, U+1D14,
U+1D1D-U+1D1F, U+1D3B, U+1D43-U+1D46, U+1D59, U+1D9B, U+2C71, U+2C73 in Serif
* fixed bugs #31762 and #34700 plus other small fixes
(wrong direction, duplicate points, etc.) for Sans and Serif
* added U+204B to Mono
* added U+26E2 to Sans
* added Playing Cards block (U+1F0A0-U+1F0DF) to Sans
* emoticons in Sans: replace U+2639-U+263B with better versions,
add U+1F601-U+1F610, U+1F612-U+1F614, U+1F616, U+1F618,
U+1F61A, U+1F61C-U+1F61E, U+1F620-U+1F624, U+1F625,
U+1F628-U+1F62B, U+1F62D, U+1F630-U+1F633, U+1F635-U+1F640
* added U+A78E, U+A790-U+A791 to Sans and Mono
* added U+A7FA to Sans
* subscripts: added U+2095-U+209C to Sans, Serif and Mono,
adjusted U+1D49-U+1D4A in Sans and Mono
* added U+0243 to Mono
* adjusted U+0307 to match dot of i, replaced dotaccent U+02D9 with
U+0307 in most dependencies in Sans
* adjusted anchors of f and added them to long s in Sans
* added anchors to precomposed dependencies of D and d
* added debug glyphs U+F002 and U+F003 which will show current point size
* use correct version for Serbian italic be
* added pictograms U+1F42D-U+1F42E, U+1F431, U+1F435
* improved Hebrew in Sans
* improved Armenian in Sans, and added Armenian in Serif and Mono
* remove "/locl"/ feature for Romanian for S/T/s/t with cedilla/comma accent
* replace wrong "/dflt"/ script tag in Mono with "/DFLT"/
- updated to version 2.32:
* added to Sans: Latin small letter p with stroke (U+1D7D),
Latin capital letter p with stroke through descender (U+A750),
Latin small letter p with stroke through descender (U+A751),
Latin capital letter thorn with stroke (U+A764),
Latin small letter thorn with stroke (U+A765),
Latin capital letter thorn with stroke through descender (U+A766),
Latin small letter thorn with stroke through descender (U+A767),
Latin capital letter q with stroke through descender (U+A756),
Latin small letter q with stroke through descender (U+A757),
Latin capital letter p with flourish (U+A752),
Latin small letter p with flourish (U+A753)
* add new Indian rupee symbol (U+20B9) to Sans, Serif and Mono
* Sans: adjusted U+0E3F, U+20AB, U+20AD-U+20AE, U+20B1, U+20B5, U+20B8
to have them take up the same width as digits
* added U+23E8 to Sans
* fixed numerous bugs (#22579, #28189, #28977, N'Ko in Windows, fixed U+FB4F,
anchors for U+0332-U+0333, made extensions in Misc. Technical connect,
and other small fixes)
* added looptail g as stylistic variant to Serif
* added the remaining precomposed characters in Latin Extended Additional
in Serif
* added Georgian Mkhedruli (U+10D0-U+10FC) to Sans ExtraLight
* fix spacing in hinting of U+042E in Mono
* replaced U+2650 and minor changes to U+2640-U+2642, U+2699,
U+26A2-U+26A5, U+26B2-U+26B5, U+26B8 in Sans
* added U+1E9C-U+1E9D, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2150-U+2152,
U+2189, U+26C0-U+26C3, U+A722-U+A725, U+1F030-U+1F093 to Sans
* added U+1E9C-U+1E9E, U+1EFA-U+1EFB, U+2028-U+2029, U+20B8, U+2181-U+2182,
U+2185 U+A722-U+A725, to Sans ExtraLight
* added U+20B8, U+22A2-U+22A5, U+A722-U+A725 to Mono
* added U+02CD, U+01BF, U+01F7, U+0222-U+0223, U+0243-U+0244, U+0246-U+024F,
U+2150-U+2152, U+2189, U+239B-U+23AD and U+A73D to Serif
- updated to version 2.31:
* Fixed bug where Serif Condensed Italic wouldn't get proper subfamily tags
* Added math operators U+2234-U+2237 to Mono
* Removed buggy instructions of U+032D
* added U+2C70, U+2C7E, U+2C7F to Sans and Sans Mono
* added U+2C7D to Sans Mono
* added U+2C6D, U+2C70-2C73, U+2C7E-2C7F to Serif
* added extremas to alpha U+03B1 in Serif-Italic
* added U+4A4, U+4A5 to Mono
* added Arabic letters U+0657, U+0670, U+0688-U+0690, U+0693-U+0694,
U+0696-U+0697, U+0699-U+06A0, U+06A2-U+06A3, U+06A5, U+06A7-U+06A8,
U+06AA-U+06AE, U+06B0-U+06B4, U+06B6-U+06B9, U+06BB-U+06BE and their
contextual forms to Sans
* added U+A78D LATIN CAPITAL LETTER TURNED H for coming Unicode 6.0
- removed unnecessary buildrequires for too old distros
- updated to version 2.30:
* added U+0462-U+0463 to Mono
* corrected U+1E53 in Serif
* added U+1E4C-U+1E4D to Mono and Serif
* added U+1E78-U+1E79 to Mono
* fixed missing diacritics in Latin Extended Additional in Sans ExtraLight
* fixed anchors on U+1E78 in Serif
* added U+1DC4-U+1DC9 to Serif
* renamed above-mark to above-mark in Serif-Italic
* added U+1DC4-U+1DC9 to context class for dotless substitution
* changed Doubleacute to Doublegrave in Sans ExtraLight
* removed redundant reference in U+01FB in Sans Oblique
* added U+A726-U+A727 to Mono
* changed U+04BE and U+04BF according to recommedations of Sasha Ankwab in Sans
* remove "/Symbol Charset"/ from set of codepages in Sans
- updated to version 2.29:
* modified U+10FB in Sans to be a mirror image of U+2056
* added U+2B1F, U+2B24, U+2B53, U+2B54 in Sans
* fixed TUR opentype language tag to TRK in Serif (bug 19825)
* early implementation of Abkhaz letter U+0524-U+0525 in Sans
* flipped U+1D538 in Sans
* added U+26B3-U+26B8, U+1D7D8-U+1D7E1 in Sans
* corrected U+1D7A9 in Sans Bold Oblique
* Fixed U+0649 to be dual-joining in Sans Mono
* Remove unnecessary 'isol' feature from Sans Mono
* Remove 'cmap' mappings for U+066E, U+066F, U+067C, U+067D, U+0681,
U+0682, U+0685, U+0692, U+06A1, U+06B5, U+06BA, U+06C6, U+06CE,
and U+06D5 in Sans Mono (bug 20323)
* add half brackets (U+2E22 - U+2E25, by Steve Tinney)
- deltarpm
-
- Make python2 and python3 conditional to ensure we can build with
python3 only
- Correct provides/obsoletes for python2 subpackage
- Build python3 bindings as well
- Rename python2 subpackage to name consistent with current python
packaging
- Drop patch.sles8 - there does not seem to be any reason for it
- update to version 3.6.1
- remove upstreamed patch deltarpm-zlibcppflags.diff
- fix off-by-one error in delta generation code (bnc#948504)
This could lead to a segfault in rare circumstances.
- Return error rather than crashing if we can't allocate memory
- add newline in missing prelink error
- do not finish applydeltarpm jobs when in the middle of a request
- fix zlibcppflags typo
- update to deltarpm-3.6
* fixes failing applydeltarpm with gzip -9 compression
* adds a couple of manpages
- Package binary Python module, python-deltarpm isn't noarch any more
- Run spec-cleaner
- Add python-deltarpm subpackage
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)
- Use %_smp_mflags for parallel build
- update to current git to get support for the '-m' option,
which limits memory consumption
- adapt to rpm-4.7 lzma level change
- update to version 3.5
- no changes, just patch integration
- dhcp
-
- Oops, when upgrading to 4.3.6-P1 in 2018 only isc_version was
bumped, but not the RPM package version.
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
overrun in lease file parsing code can be used to exploit a
common vulnerability shared by dhcpd and dhclient.
- bsc#1185157:
Use /run instead of /var/run for PIDFile in dhcrelay.service.
- bsc#1134078, CVE-2019-6470, dhcp-CVE-2019-6470.patch:
DHCPv6 server crashes regularly.
- Add compile option --enable-secs-byteorder to avoid duplicate
lease warnings [bsc#1089524].
- bsc#1136572: Use IPv6 when called as dhclient6, dhcpd6, and
dhcrelay6 (0021-dhcp-ip-family-symlinks.patch).
- Update to dhcp-4.3.6-P1:
* CVE-2018-5733, bsc#1083303: reference count overflow in dhcpd.
* CVE-2018-5732, bsc#1083302: buffer overflow bug in dhclient.
* Plugged a socket descriptor leak in OMAPI
* The server now allows the client identifier (option 61) to own
leases in more than one subnet concurrently [ISC-Bugs #41358].
* When replying to a DHCPINFORM, the server will now include
options specified at the pool scope, provided the ciaddr field
of the DHCPINFORM is populated.
[ISC-Bugs #43219] [ISC-Bugs #45051].
* When memory allocation fails in a repeated way the process
writes "/Run out of memory."/ on the standard error and exists
with status 1 [ISC-Bugs #32744].
* The new lmdb (Lightning Memory DataBase) bind9 configure
option is now disabled by default to avoid the presence of
this library to be detected which can lead to a link failure.
[ISC-Bugs #45069]
* The linux interface discovery code has been modified to use
getifaddrs() as is done for BSD and OS-X.
[ISC-Bugs #28761] and others.
* Fixed a bug in OMAPI that causes omshell to crash when a
name-value pair with a zero length value is shipped in an
object [ISC-Bugs #29108].
* On 64-bit platforms, dhclient now generates the correct value
for the script environment variable, "/expiry"/, the lease
expiry value exceeds 0x7FFFFFFF [ISC-Bugs #43326].
* Common timer logic was modified to cap the maximum timeout
values at 0x7FFFFFFF - 1 [ISC-Bugs #28038].
* DHCP6 FQDN option unpacking code now correctly handles values
that contain spaces, special, or non-printable characters.
[ISC-Bugs #43592]
* When running in -6 mode, dhclient can enforce the require
option statement and will discard offered leases that do not
contain all the required options specified in the client
configuration [ISC-Bugs #41473].
* Altered DHCPv4 lease time calculation to avoid roll over
errors on 64-bit OS systems when using -1 or large values
for default-lease-time [ISC-Bugs #41976],
* Added --dad-wait-time parameter to dhclient [ISC-Bugs #36169].
* The server nows checks both the address and length of a
prefix delegation when attempting to match it to a prefix
pool [ISC-Bugs #35378].
* Modified DDNS support initialization such that DNS related
ports will only be opened by the server (dhcpd) at startup
if ddns-update-style is not "/none"/; by dhclient only if and
when the it first attempts an update; and never by dhcrelay.
[ISC-Bugs #45290] [ISC-Bugs #33377]
* Added error logging to two memory allocation failure checks.
[ISC-Bugs #41185]
* Corrected a dhclient -6 issue that caused the client to crash
with an "/Impossible condition"/ error after de-preferencing its
only IA binding [ISC-Bugs #44373].
* By defining CALL_SCRIPT_ON_ONETRY_FAIL in includes/site.h,
dhclient will now call the script with reason set to FAIL when
run with -1 (one try) and there are no server responses.
[ISC-bugs #18183]
* The server now detects failover peers that are not referenced
in at least one pool when run with the command line option for
test mode, -T [ISC-Bugs #29892].
* Linux script updated [ISC-bugs #19430] [ISC-bugs #18111].
* Changed severity of the log message indicating UDP checksum
errors in the received packets from 'info' to 'debug'.
[ISC-bugs #41757]
* Corrected a bug which could cause the server to sporadically
crash while loading lease files with the lease-id-format is
set to "/hex"/ [ISC-Bugs #43185].
- Obsoleted patches:
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch
* 0019-dhcp-4.2.4-P1-interval.patch
* 0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch
* 0022-Optimized-if-and-when-DNS-client-context-and-ports.patch
- Optimized if and when DNS client context and ports
are initted (bsc#1073935)
[+0022-Optimized-if-and-when-DNS-client-context-and-ports.patch]
- Plugs a socket descriptor leak in OMAPI(bsc#1076119, CVE-2017-3144)
[ +0021-master-Plugs-a-socket-descriptor-leak-in-OMAPI.patch]
- add PIDFile= setting to dhcrelay.service, without this systemd
stops the service immediately after starting
- Drop old sysvinit support from the spec file. All the supported
openSUSE distributions are systemd based so there isn't much point
in keeping sysvinit support and files around.
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Replace net-tools Requires in dhcp-client with hostname on
suse_version >= 1330 (CODE15): net-tools does no longer provide
any tool referenced by dhclient-script, but we require hostname
(which is also a dependency to net-tools, thus hiding the issue).
- use .gz year instead of current one to make build reproducible
- fixed a typo in nis-servers option name breaking the config file introduced
in previous change to workaround issues in NetworkManager parser.
- Update to dhcp-4.3.5
- Corrected a bug which could cause the server to sporadically crash while
loading lease files with the lease-id-format is set to "/hex"/. Our thanks
to Jay Ford, University of Iowa for reporting the issue.
[ISC-Bugs #43185]
- Eliminated a noisy, but otherwise harmless debug log statment that may
appear during server startup when building with --enable-binary-leases
and configuring multiple pools in a shared network. Thanks to Fernando
Soto from BlueCat Networks for reporting the issue and supplying a patch.
[ISC-Bugs #43262]
- Fixed util/bindvar.sh error handling.
[ISC-Bugs #41973]
- Correct error message in relay to use remote id length instead
of circuit id length.
[ISC-Bugs #42556]
- Add logic to test directory Makefiles to avoid copying Attfile(s)
when building within the source tree. This eliminates a noisy but
otherwise harmless error message when running "/make check"/.
[ISC-Bugs #41883]
- Leases are now scrubbed of certain prior use information when pool
re-balancing reassigns them from one FO peer to the other. This
corrects an issue where leases that were offered but not used
by the client retained the client hostname from the original
client. Thanks to Pavel Polacek, Jan Evangelista Purkyne University
for reporting the issue.
[ISC-Bugs #42008]
- In the LDAP code and schema add some missing '6' characters to use
the v6 instead of the v4 versions. Thanks to Denis Taranushin for
reporting this issue and supplying its patch.
[ISC-Bugs #42666]
- Correct how the pick-first-value expression is written to a lease
file. Previously it was written as a concat expression due to
a cut and paste error.
[ISC-Bugs #42253]
- Modify the DDNS code to clean up the PTR record even if there
are issues while cleaning up the A or AAAA records.
[ISC-Bugs #23954]
- Added global configuration parameter, abandon-lease-time, which determines
the amount of time a lease remains abandoned. The default is 84600 seconds.
Additionaly, the server now conducts a ping check (if ping checks are
enabled) prior to offering an abandoned lease to client. Our thanks to
David Zych at University of Illinois for reporting the issue and working
with us to produce a viable solution.
[ISC-Bugs #41815]
- Correct handling of interface names during interface discovery. This
addresses an issue where interface names of 15 characters in length
could lead to crashes or interface recognition errors during startup
of dhcpd, dhclient, and dhcrelay.
[ISC-Bugs #42226]
- Updates to contrib/dhcp-lease-list.pl to make it more friendly.
The updates are: looking for the lease file in more places and skipping
the "/processing complete"/ output when creating machine readable
output. Thanks to Cameron Paine (cbp at null dot net) for the
patch.
[ISC-Bugs #42113]
- When reusing a lease for dhcp-cache-threshold return the hostname
to the original lease. Also if the host pointer, UID or hardware address
change don't allow reuse of the lease.
Thanks to Michael Vincent for reporting this and helping us
verify the problem and fix.
[ISC-Bugs #42849]
- Change dmalloc to use a size_t as the length argument to bring it
in line with the call it will make to malloc().
[ISC-Bugs #40843]
- If the failover socket can't be bound, close it. Otherwise if the
user configures an incorrect address in the failover stanza the
server will continue to open new sockets every 90 seconds until
it runs out.
[ISC-Bugs #42452]
- Add DHCPv4-mode, dhcrelay command line options, "/-iu"/ and "/-id"/, that
allow interfaces to be upstream or downstream respectively. Upstream
interfaces will accept and forward only BOOTP replies, while downstream
interfaces will accept and forward only BOOTP requests.
[ISC-Bugs #41547]
- Clean up some memory references in the vendor-class construct.
[ISC-Bugs #42984]
[*0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch,
* 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
* 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
* 0016-infiniband-support.patch,
* 0017-server-no-success-report-before-send.919959.patch]
- Set all requested dhcp options on a single line, so they are
actually requested (boo#1046969, boo#1047004).
- Relax permission of dhclient-script for libguestfs(bsc#987170)
- Require insserv only if needed
- Fix requires of client subpackage
- Add config file for registering dhcp server in slp (bsc#992072)
- Use /usr/sbin/arping instead of /sbin/arping in the dhcp scripts.
/sbin/arping is a symlink to /usr/sbin/arping in order to ease the
transition for the /usr merge. Newest releases of iputils may only
install utilities in /usr/* so this dependency will no longer be valid.
Moreover, we replace the '/sbin/arping' dependency with 'iputils'.
- Update to dhcp-4.3.3-P1 correcting bounds checking when
receiving a packet (bsc#961305,CVE-2015-8605,ISC-Bugs#41267).
- adjusted interval check.
[*0019-dhcp-4.2.4-P1-interval.patch]
- Fixed improper lease duration checking. Also added fixes for integer
overflows in the date and time handling code(bsc#936923, bsc#880984).
[+0020-dhcp-4.x.x-fixed-improper-lease-duration-checking.patch]
- fixed service files to start dhcpd after slapd (bsc#956159)
- dhclient-script: complain in the log about conflicts, added
a see log messages to the dhclient log message (bsc#960506)
[* 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- Applied a patch by Jiri Popelka catching dhcp server aborts with
"/Unable to set up timer: out of range"/ on very long or infinite
timer intervals / lease lifetimes (bsc#947780)
[+ 0019-dhcp-4.2.4-P1-interval.patch]
- Corrected patch references in and a missed (bsc#919959) patch
description in previous changelog entry.
- Update to dhcp-4.3.3 (fate#319067) provinding many bug fixes,
features and obsoletes several patches we were using before.
For complete changelog, please read the RELNOTES file shipped
along with this package or online at:
https://kb.isc.org/article/AA-01297/82/DHCP-4.3.3-Release-Notes.html
- Replaced hostname patch with a dhcpv6 and fqdn aware variant:
[- 0006-dhcp-4.2.5-dhclient-send-hostname-rml.patch,
+ 0006-dhcp-4.3.2-dhclient-send-hostname-or-fqdn.patch]
- Removed obsolete patches included upstream now:
[- 0007-dhcp-4.2.6-ldap-mt01.patch,
- 0009-dhcp-4.2.6-xen-checksum.patch,
- 0013-dhcp-4.2.3-P1-dhclient-log-pid.patch,
- 0015-Ignore-SIGPIPE-to-not-die-in-socket-code.patch,
- 0016-server-log-DHCPv6-addresses-assigned-to-clients.patch,
- 0019-dhcp-4.2.x-ldap-debug-write.bnc835818.patch,
- 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch,
- 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch,
- 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch,
- 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch,
- 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Adjusted patch numbers in the spec file:
[- 0008-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
- 0010-dhcp-4.2.2-dhclient-option-checks.patch,
- 0011-dhcp-4.2.6-close-on-exec.patch,
- 0012-dhcp-4.2.2-quiet-dhclient.patch,
- 0014-Fixed-linux-interface-discovery-using-getifaddrs.patch,
- 0020-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
- 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0007-dhcp-4.1.1-P1-lpf-bind-msg-fix.patch,
+ 0008-dhcp-4.2.2-dhclient-option-checks.patch,
+ 0009-dhcp-4.2.6-close-on-exec.patch,
+ 0010-dhcp-4.2.2-quiet-dhclient.patch,
+ 0011-Fixed-linux-interface-discovery-using-getifaddrs.patch,
+ 0012-dhcp-4.2.x-chown-server-leases.bnc868253.patch,
+ 0013-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch]
- Fixed to not pass DHCPv6 address lifetimes a positive (unsigned
32bit) integers to scripts and properly format timestamps as long
to not break them on 64bit architectures (bsc#926159).
[+ 0014-dhclient6-unsigned-lifetimes-for-script-bsc-926159.patch]
- dhclient: expose next-server DHCPv4 option to script (bsc#928390)
[+ 0015-Expose-next-server-DHCPv4-option-to-dhclient-script.patch]
- Replaced infiniband support patch with fixed variant (bsc#910984):
[- 0017-dhcp-4.2.6-lpf-ip-over-ib-support.patch,
- 0018-dhcp-4.2.6-improved-xid.patch,
- 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch,
+ 0016-infiniband-support.patch]
- Moved dhcp-devel package include files and static libraries
to /usr/include/dhcp and /usr/lib/dhcp subdirectories.
DHCP requires a specific bind library version and conflicts
with the files shipped by bind-devel package, which is not
source and binary compatible (bsc#910686).
- Corrected changes to provide complete patch file references.
- Fixed server to not report success before send (bsc#919959)
[+ 0017-server-no-success-report-before-send.919959.patch]
- Fixed dhclient to check pre-init results reported by dhclient-script
and fail if pre-init fails for a requested interface (bsc#912098).
[+ 0018-client-fail-on-script-pre-init-error-bsc-912098.patch]
- do not check scripts not in the src.rpm
- Applied fix by Jiri Slaby to not crash in interface discovery
when the interface address is NULL, which has been introduced
by the infiniband support patch (bsc#909189,bsc#870535).
[+ 0027-dhcp-4.2.x-handle-ifa_addr-NULL.909189.patch]
- fix bashisms in dhcprelay script
- Applied contrib/ldap/dhcpd-conf-to-ldap patch by Ales Novak to
reorder config to add all global options or option declarations
to the dhcpService object instead to create new service object
(bsc#886094,ISC-Bugs#37876).
[+ 0022-dhcp-4.2.x-contrib-conf-to-ldap-reorder.886094.patch]
- Applied an upstream patch by Thomas Markwalder adding missed
mapping of SHA TSIG algorithm names to their constants to enable
hmac-sha1, hmac_sha224, hmac_sha256, hmac_sha384 and hmac_sha512
authenticated dynamic DNS updates (bsc#890731, ISC-Bugs#36947).
[+ 0023-dhcp-4.2.x-ddns-tsig-hmac-sha-support.890731.patch]
- Decline IPv6 addresses on Duplicate Address Detection failure
and stop client message exchanges on reached MRD rather than
at some point after it. Applied fedora patches by Jiri Popelka
and added DAD reporting via exit 3 to the dhclient-script and
a fix to use correct address variables in the DEPREF6 action
(bsc#872609,ISC-Bugs#26735,ISC-Bugs#21238).
[+ 0024-dhcp-4.2.x-dhcpv6-decline-on-DAD-failure.872609.patch,
+ 0025-dhcp-4.2.x-dhcpv6-retransmission-until-MRD.872609.patch]
- Applied backport patch by William Preston avoiding to bind ddns
socket in the server when ddns-update-style is none (bsc#891655).
[+ 0026-dhcp-4.2.x-disable-unused-ddns-port-in-server.891655.patch]
- Applied patch for the contrib/ldap/dhcpd-conf-to-ldap script
fixing subclass statement handling (bnc#878846,[ISC-Bugs #36409])
[+ 0021-dhcp-4.2.4-P2-bnc878846-conf-to-ldap.patch]
- Updated licence statement and FSF address in our scripts.
- Added missed service_add_pre macro calls for dhcrelay services
- No longer perform gpg validation; osc source_validator does it
implicit:
+ Drop gpg-offline BuildRequires.
+ No longer execute gpg_verify.
- diffutils
-
- Add ppc64_disable_failing_test to disable a sporadically failing
test for ppc64 and ppc64le builds (boo#1156913)
- Use %license (boo#1082318)
- Update to version 3.6:
* When one file is a prefix of the other, cmp now appends the
shorter file's size to the EOF diagnostic.
* diff's default algorithm has been tweaked to deal better with
larger files, reversing some of the changes made in
diffutils-3.4.
- Define packager and bug reporting url
- Update to a pre-release version (3.5.15):
* remove big-file-performance.patch and gnulib-diffseq.patch
* comment signature source as the release is not officially signed yet
- gnulib-diffseq.patch, big-file-performance.patch: Avoid performance
regression on big files (bsc#1004991)
- Diffutils 3.5:
* diff3 no longer malfunctions due to use-after-free
[bug introduced in 3.4]
* diff --color no longer colorizes when TERM=dumb
- Update to version 3.4
* diff accepts two new options --color and --palette to generate
and configure colored output. --color takes an optional
argument specifying when to colorize a line: --color=always,
- -color=auto, --color=never. --palette is used to configure
which colors are used.
* many bugfixes
- New -lang subpackage
- Drop no longer needed gnulib-perl522.patch
- Make building more verbose
- Move info page removal to preun
- Cleanup spec file with spec-cleaner
- Update provides/obsoletes
- add gnulib-perl522.patch from gnulib upstream
- build with PIE
- dmidecode
-
1 recommended fix from upstream:
- dmidecode-missing-commas.patch: Two missing commas in data arrays
cause off-by-one or mangling during index resolution
(bsc#1174257).
Partial support for SMBIOS 3.4.0:
- dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch,
dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch,
dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch,
dmidecode-add-system-slot-types-from-smbios-3.4.0.patch: Add
enumerated values from SMBIOS 3.4.0 (bsc#1174257).
1 presentation fix from upstream:
- dmidecode-skip-details-of-uninstalled-memory-modules.patch:
Skip details of uninstalled memory modules (bsc#1174257).
Partial support for SMBIOS 3.3.0:
- dmidecode-add-enumerated-values-from-smbios-3.3.0.patch: Add
enumerated values from SMBIOS 3.3.0 (bsc#1153533 bsc#1158833
jsc#SLE-10875).
3 recommended fixes from upstream:
- dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only
scan /dev/mem for entry point on x86 (fixes reboot on ARM64).
- dmidecode-fix-formatting-of-tpm-table-output.patch: Fix
formatting of TPM table output (missing newlines).
- dmidecode-fix-system-slot-information-for-pcie-ssd.patch: Fix
System Slot Information for PCIe SSD.
- dmidecode-add-logical-non-volatile-device.patch: Add "/Logical
non-volatile device"/ to the memory device types (bsc#1120149).
- Use %doc directly on files instead of installing them explicitly.
- Don't overwrite the path of license (boo#1121851).
- dmidecode-fix-redfish-hostname-print-length.patch: Fix Redfish
Hostname print length (bsc#1112755).
- Update to upstream version 3.2 (FATE#326044):
* [COMPATIBILITY] The UUID is now displayed using lowercase
letters, per RFC 4122 (#53569). You must ensure that any code
parsing it is case-insensitive.
* Support for SMBIOS 3.2.0. This includes new processor names,
new socket and port connector types, new system slot state and
property, and support for non-volatile memory (NVDIMM).
* Support for Redfish management controllers.
* A new command line option to query a specific structure by its
handle.
* A new command line option to query the system family string.
* Support for 3 ThinkPad-specific structures (patch #9642).
* Support for HPE's new company name.
* Support UEFI on FreeBSD.
* Important bug fixes:
Fix firmware version of TPM device
Fix the HPE UEFI feature flag check
* (biosdecode) A new command line option to fully decode PIR
information (support request #109339).
* Obsoletes dmioem-reflect-hpe-new-company-name.patch,
dmidecode-fix-tpm-device-firmware-version.patch, and
dmioem-fix-hpe-type-219-uefi-flag.patch.
* CHANGELOG is gone, package more compact NEWS file instead.
- Reenable signature checking.
- Use %license for LICENSE file.
- dmioem-reflect-hpe-new-company-name.patch: Reflect HPE's new
company name.
- dmidecode-fix-tpm-device-firmware-version.patch: Fix firmware
version of TPM device.
- dmioem-fix-hpe-type-219-uefi-flag.patch: Fix the reporting of
HP/HPE UEFI feature.
- Add missing bug numbers and FATE references in changes file
(bsc#1041670).
- Update to upstream version 3.1:
* Support for SMBIOS 3.1.0 and 3.1.1. This includes new chassis
types, new processor family names, new processor family upgrade
names, and new slot types, as well as support of larger BIOS
ROM sizes and cache sizes, and a new structure type (43, TPM
Device.)
* A new command line option to query OEM strings.
* All error messages are now printed on stderr (#47274, #48158.)
* Fixes a crash with SIGBUS (#46066.)
* Various minor fixes, improvements and cleanups.
* Obsoletes dmidecode-01-add-no-sysfs-option-description-to-h-output.patch,
dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch,
dmidecode-03-let-read_file-return-the-actual-data-size.patch,
dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch,
dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch,
dmidecode-06-hide-irrelevant-fixup-message.patch, and
dmidecode-07-only-decode-one-dmi-table.patch.
- dmidecode-07-only-decode-one-dmi-table.patch: Only decode one
DMI table.
https://savannah.nongnu.org/bugs/?50022
- dmidecode-01-add-no-sysfs-option-description-to-h-output.patch:
Add "/--no-sysfs"/ option description to -h output.
- dmidecode-02-fix-no-smbios-nor-dmi-entry-point-found-on-smbios3.patch:
Fix 'No SMBIOS nor DMI entry point found' on SMBIOS3.
- dmidecode-03-let-read_file-return-the-actual-data-size.patch:
Let read_file return the actual data size.
- dmidecode-04-use-read_file-to-read-the-dmi-table-from-sysfs.patch:
Use read_file() to read the DMI table from sysfs.
https://savannah.nongnu.org/bugs/?46176
- dmidecode-05-use-dword-for-structure-table-maximum-size-in-smbios3.patch:
Use DWORD for Structure table maximum size in SMBIOS3.
- dmidecode-06-hide-irrelevant-fixup-message.patch:
Hide irrelevant fixup message.
http://savannah.nongnu.org/support/?109024
- Update to upstream version 3.0 (FATE#320746, FATE#320773):
* Adds support for SMBIOS 3.0. This includes a new (64-bit) entry
point format and new enumerated values for recent hardware.
* Adds support for the new kernel interface (as of Linux v4.2) as
an alternative to relying on /dev/mem to access the entry point
and DMI table.
* Adds decoding of Acer-specific DMI type 170 and HP-specific DMI
types 212, 219 and 233.
* Obsoletes dmidecode-1.173-drop-cast.patch,
dmidecode-1.175-fix-SMBIOS-2.8.0.patch,
dmidecode-1.176-SMBIOS-2.8-is-supported.patch,
dmidecode-1.177-decode-pcie3-slot-id.patch,
dmidecode-1.181-decode-CPUID-recent-AMD.patch, and
dmidecode-1.182-decode-ddr4-memory-type.patch.
* Various minor fixes and clean-ups.
* Skip the SMBIOS version comparison in quiet mode (bsc#974862).
- dmidecode.keyring was empty, reference the savannah keyring.
but the tarball is signed by someone unknown without gpg signatures,
so no keyring for now.
- Cleanup spec file with spec-cleaner
- Add gpg signature
- dmidecode-1.181-decode-CPUID-recent-AMD.patch: Decode the CPUID
of recent AMD processors (DMI type 4).
- dmidecode-1.182-decode-ddr4-memory-type.patch: Add support for
DDR4 memory type (DMI type 17) (bsc#955705).
https://savannah.nongnu.org/bugs/?43370
- docker
-
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
+ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.5-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
- cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
tools. boo#1182476
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
It appears that SLES doesn't like the patch. bsc#1180401
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
(CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
- 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
the upstream runc package (it's stable enough and Docker no longer pins git
versions). docker-libnetwork is so unstable that it doesn't have any
versioning scheme and so it really doesn't make sense to maintain the project
as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
docker-runc and docker-libnetwork.
- 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
- bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
+ cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
our patches. While doing this, I've collapsed all patches into one branch
per-release and thus all the patches are now just one series:
- packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
+ 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- secrets-0002-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- private-registry-0001-Add-private-registry-mirror-support.patch
+ 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
was fixed.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
https://github.com/docker/docker-ce/releases/tag/v19.03.14
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with
nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
(boo#1178801, SLE-16460)
* boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols,
only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
spurrious errors due to Go returning -EINTR from I/O syscalls much more often
(due to Go 1.14's pre-emptive goroutine support).
- bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
dependencies much more quickly.
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
can build Docker with Go 1.14 (upstream uses Go 1.13).
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
Allow OBS to shortcut through the -mini flavors.
- Add backport of https://github.com/docker/docker/pull/39121. bsc#1122469
+ bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
- Support older SLE systems which don't have "/usermod -w -v"/.
- Update to Docker 19.03.5-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
- Update to Docker 19.03.4-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Drop containerd.service workaround (we've released enough versions without
containerd.service -- there's no need to support package upgrades that old).
- Update to Docker 19.03.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1153367
- Update to Docker 19.03.2-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1150397
- Fix zsh-completion (docker -> _docker)
- Fix default installation such that --userns-remap=default works properly
(this appears to be an upstream regression, where --userns-remap=default
doesn't auto-create the group and results in an error on-start). boo#1143349
- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
- Update to Docker 19.03.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
- Remove upstreamed patches:
- bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
- bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Rebase pacthes:
* bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Move bash-completion to correct location.
- Update to Docker 18.09.8-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
* Includes fixes for CVE-2019-13509 bsc#1142160.
- Update to Docker 18.09.7-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1139649
- Remove upstreamed patches:
- CVE-2018-15664.patch
- Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
- Add patch for CVE-2018-15664. bsc#1096726
+ CVE-2018-15664.patch
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- Rebase patches:
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Update to Docker 18.09.5-ce see upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1128376 boo#1134068
- Rebase patches:
* bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
* bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
* packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Updated patch name:
+ bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to Docker 18.09.3-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
- docker-test: improvements to test packaging (we don't need to ship around the
entire source tree, and we also need to build the born-again integration/
tests which contain a suite-per-directory). We also need a new patch which
fixes the handling of *-test images. bsc#1128746
+ bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
- Move daemon.json file to /etc/docker directory, bsc#1114832
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs cofiguration, bsc#1114832
- Update to Docker 18.09.1-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
* Includes fix for CVE-2018-10892 bsc#1100331.
* Includes fix for CVE-2018-20699 bsc#1121768.
- Remove upstreamed patches.
- bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Disable leap based builds for kubic flavor. bsc#1121412
- Update go requirements to >= go1.10.6 to fix
* bsc#1118897 CVE-2018-16873
go#29230 cmd/go: remote command execution during "/go get -u"/
* bsc#1118898 CVE-2018-16874
go#29231 cmd/go: directory traversal in "/go get"/ via curly braces in import paths
* bsc#1118899 CVE-2018-16875
go#29233 crypto/x509: CPU denial of service
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
boo#1119634). I believe Docker is one of the only packages with this problem.
- Add backports of https://github.com/docker/docker/pull/37302 and
https://github.com/docker/cli/pull/1130, which allow for users to explicitly
specify the NIS domainname of a container. bsc#1001161
+ bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
+ bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
- Update docker.service to match upstream and avoid rlimit problems.
bsc#1112980
- Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. boo#1115464 bsc#1118990
- Add revert of an upstream patch to fix docker-* handling.
+ packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
- Rebase patches:
* bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove upstreamed patches:
- bsc1100727-0001-build-add-buildmode-pie.patch
- Reduce the disk footprint by recommending git-core instead of
hard requiring it.
bsc#1108038
- ExcludeArch i586 for entire docker-kubic flavour
- ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
- Add patch to make package reproducible, which is a backport of
https://github.com/docker/cli/pull/1306. boo#1047218
+ bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
- Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce
- Remove patches that were merged upstream:
- bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce
upgrade. This is a potential security issue (the CRI plugin was enabled by
default, which listens on a TCP port bound to 0.0.0.0) that will be fixed
upstream in the 18.06.1-ce upgrade. bsc#1102522
+ bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
- Kubic: Make crio default, docker as alternative runtime
(boo#1104821)
- Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
subpackage
- Merge -kubic packages back into the main Virtualization:containers packages.
This is done using _multibuild to add a "/kubic"/ flavour, which is then used
to conditionally compile patches and other kubic-specific features.
bsc#1105000
- Rework docker-rpmlintrc with the new _multibuild setup.
- Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
to work with Docker and containerd. fate#325877
- Upgrade to docker-ce v18.06.0-ce. bsc#1102522
- Remove systemd-service dependency on containerd, which is now being started
by dockerd to align with upstream defaults.
- Removed the following patches as they are merged upstream:
- bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Rebased the following patches:
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* bsc1100727-0001-build-add-buildmode-pie.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Build the client binary with -buildmode=pie to fix issues on POWER.
bsc#1100727
+ bsc1100727-0001-build-add-buildmode-pie.patch
- Update the AppArmor patchset again to fix a separate issue where changed
AppArmor profiles don't actually get applied on Docker daemon reboot.
bsc#1099277
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
+ bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
- Update to AppArmor patch so that signal mediation also works for signals
between in-container processes. bsc#1073877
* bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. boo#1095817
- Update secrets patch to not log incorrect warnings when attempting to inject
non-existent host files. bsc#1065609
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Review Obsoletes to fix bsc#1080978
- Put docker under the podruntime slice. This the recommended
deployment to allow fine resource control on Kubernetes.
bsc#1086185
- Add patch to handle AppArmor changes that make 'docker kill' stop working.
bsc#1073877 boo#1089732
+ bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
- Fix manpage generation breaking ppc64le builds due to a missing
- buildemode=pie.
- Compile and install all manpages.
bsc#1085117
- Add requirement for catatonit, which provides a docker-init implementation.
fate#324652 bsc#1085380
- Fix private-registry-0001-Add-private-registry-mirror-support.patch to
deal corretly with TLS configs of 3rd party registries.
fix bsc#1084533
- Update patches to be sourced from https://github.com/suse/docker-ce (which
are based on the upstream docker/docker-ce repo). The reason for this change
(though it is functionally identical to the old patches) is so that public
patch maintenance is much simpler.
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* private-registry-0001-Add-private-registry-mirror-support.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add ${version} to equivalent non-kubic package provides
- Add Provides for equivalent non-kubic packages
- Disable all tests for docker/client and docker/pkg/discovery. The unit tests
of those packages broke reproducibly the builds in IBS.
- Disable flaky tests github.com/docker/docker/pkg/discovery/kv.
- Add patch to support mirroring of private/non-upstream registries. As soon as
the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this
patch will be replaced by the backported one from upstream.
+ private-registry-0001-Add-private-registry-mirror-support.patch
fix bsc#1074971
- Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
we've pretty much removed it from everywhere except the containers module.
bsc#1069758
- Remove requirement on bridge-utils, which has been replaced by libnetwork in
Docker. bsc#1072798
- Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
- Removed patches (merged upstream):
- bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Update to Docker v17.09.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
- Rebased patches:
* bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
* bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Removed patches (merged upstream):
- bsc1064781-0001-Allow-to-override-build-date.patch
- Add a patch to dynamically probe whether libdevmapper supports
dm_task_deferred_remove. This is necessary because we build the containers
module on a SLE12 base, but later SLE versions have libdevmapper support.
This should not affect openSUSE, as all openSUSE versions have a new enough
libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
bsc#1021227 bsc#1029320 bsc#1058173
+ bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
- Fix up the ordering of tests in docker.spec. This is to keep things easier to
backport into the SLE package.
- Include secrets fix to handle "/old"/ containers that have orphaned secret
data. It's not clear why Docker caches these secrets, but fix the problem by
trashing the references manually. bsc#1057743
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
- Remove migration code for the v1.9.x -> v1.10.x migration. This has been
around for a while, and we no longer support migrating from such an old
version "/nicely"/. Docker still has migration code that will run on
first-boot, we are merely removing all of the "/nice"/ warnings which tell
users how to avoid issues during an upgrade that ocurred more than a year
ago.
- Drop un-needed files:
- docker-plugin-message.txt
- docker-update-message.txt
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
security issue where a maliciously crafted image could be used to crash a
Docker daemon. bsc#1066210 CVE-2017-14992
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
security issue where a Docker container (with a disabled AppArmor profile)
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
CVE-2017-16539
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Correctly set `docker version` information, including the version, git
commit, and SOURCE_DATE_EPOCH (requires a backport). This should
* effectively* make Docker builds reproducible, with minimal cost. boo#1064781
+ bsc1064781-0001-Allow-to-override-build-date.patch
- Add backport of https://github.com/moby/moby/pull/35205. This used to be
fixed in docker-runc, but we're moving it here after upstream discussion.
bsc#1055676
+ bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
- Update to Docker v17.07.0_ce. Upstream changelog:
https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
- Removed no-longer needed patches.
- bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- integration-cli-fix-TestInfoEnsureSucceeds.patch
- Added backport of https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Rewrite secrets patches to correctly handle directories in a way that doesn't
cause errors when starting new containers.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
start the daemon, which is insufficient in cases where the daemon
takes longer to start. Instead, set the service type from 'simple' to
'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
newer version of docker-libnetwork. This is necessary because of a versioning
bug we found in bsc#1057743.
- fix /var/adm/update-message/docker file name to be
/var/adm/update-message/docker-%{version}-%{release}
- devicemapper: add patch to make the dm storage driver remove a container's
rootfs mountpoint before attempting to do libdm operations on it. This helps
avoid complications when live mounts will leak into containers. Backport of
https://github.com/moby/moby/pull/34573. bsc#1045628
+ bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
- Fix a regression in our SUSE secrets patches, which caused the copied files
to not carry the correct {uid,gid} mapping when using user namespaces. This
would not cause any bugs (SUSEConnect does the right thing anyway) but it's
possible some programs would not treat the files correctly. This is
tangentially related to bsc#1055676.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
- enable deferred removal for sle12sp2 and newer (and openSUSE
equivalent. fix bsc#1021227
- enable libseccomp on sle12sp2 and newer, 42.2 and newer
fix bsc#1028638 - docker: conditional filtering not supported on
libseccomp for sle12
- add SuSEfirewall2.service to the After clause in docker.service
in order to fix bsc#1046024
- fix path to docker-runc in systemd service file
- change dependency to docker-runc
- Fix bsc#1029630: docker does not wait for lvm on system startup
I added "/lvm2-monitor.service"/ as an "/After dependency"/ of the docker systemd
unit.
- Fix bsc#1032287: missing docker systemd configuration
- Update SUSE secrets patch to correctly handle restarting of containers.
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
backport of https://github.com/moby/moby/pull/33250.
+ bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
- Fix bsc#1038476 warning about non-executable docker
* Simply verify we have binary prior using it, might happen if
someone had docker installed and then did remove it and install
from scratch again
- Add a partial fix for boo#1038493.
- Fixed bsc#1037436 where execids were being leaked due to bad error handling.
This is a backport of https://github.com/docker/cli/pull/52.
+ bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
- Fix golang requirements in the subpackages
- Update golang build requirements to use golang(API) symbol: this is
needed to solve a conflict between multiple versions of Go being available
- Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
substitute docker/distribution/digest by opencontainers/digest
- Update to version 17.04.0-ce (fix bsc#1034053 )
- Patches removed because have been merged into this version:
* pr31549-cmd-docker-fix-TestDaemonCommand.patch
* pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Patches rebased:
* integration-cli-fix-TestInfoEnsureSucceeds.patch
- Build man pages for all archs (bsc#953182)
- Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
see /usr/share/doc/packages/docker/CHANGELOG.md
- Make sure this is being built with go 1.7
- remove the go_arches macro because we are using go1.7 which
is available in all archs
- remove gcc specific patches
* gcc-go-patches.patch
* netlink_netns_powerpc.patch
* boltdb_bolt_add_brokenUnaligned.patch
- Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
understand.
- Update SUSE secrets patch to handle boo#1030702.
* secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
* secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Fix (bsc#1032644)
Change lvm2 from Requires to Recommends
Docker usually uses a default storage driver, when it's not configured
explicitly. This default driver then depends on the underlying
system and gets chosen during installation.
- Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
docker needs a higher version. Otherwise, we get the error
"/conditional filtering requires libseccomp version >= 2.2.1
(bsc#1028639 and bsc#1028638)
- Add a backport of fix to AppArmor lazy loading docker-exec case.
https://github.com/docker/docker/pull/31773
+ pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
- Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
Docker 1.13.0, which removes the need to implement any secret handling
ourselves. This resulted in a split up of the patch.
- docker-mount-secrets.patch
+ secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
+ secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Remove old plugins.json to prevent docker-1.13 to fail to start
- Fix bsc#1026827: systemd TasksMax default throttles docker
- Fix post section by adding shadow as a package requirement
Otherwise the groupadd instruction fails
- Add patch to fix TestDaemonCommand failure in %check. This is an upstream
bug, and has an upstream PR to fix it https://github.com/docker/docker/pull/31549.
+ pr31549-cmd-docker-fix-TestDaemonCommand.patch
- update docker to 1.13.0
see details in https://github.com/docker/docker/releases/tag/v1.13.0
- use the same buildflags for building docker and for building the
tests.
- enable pkcs11:
https://github.com/docker/docker/commit/37fa75b3447007bb8ea311f02610bb383b0db77f
- enable architecture s390x for openSUSE
- provide the oci runtime so that containers which were using an old
runtime option, when started on the new docker version, the runtime
is changed to the new one. fix bsc#1020806 bsc#1016992
- fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
plus an extra commit to fix liverestore:
https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218
- add "/a wait"/ when starting docker service to fix
bsc#1019251
- remove netlink_gcc_go.patch after integration of PR
https://github.com/golang/go/issues/11707
- new boltdb_bolt_add_brokenUnaligned.patch for ppc64
waiting for https://github.com/boltdb/bolt/pull/635
- Remove old flags from dockerd's command-line, to be more inline with
upstream (now that docker-runc is provided by the runc package). -H is
dropped because upstream dropped it due to concerns with socket
activation.
- Remove socket activation entirely.
- update docker to 1.12.5 (bsc#1016307).
This fixes bsc#1015661
- fix bash-completion
- Add packageand(docker:bash) to bash-completion to match zsh-completion.
- fix runc and containerd revisions
fix bsc#1009961
- update docker to 1.12.3
- fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
- other fixes:
https://github.com/docker/docker/releases/tag/v1.12.3
- update docker to 1.12.2 (bsc#1004490). See changelog
https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
- update docker-mount-secrets.patch to 1.12.2 code
- docker-mount-secrets.patch: change the internal mountpoint name to not use
"/:"/ as that character can be considered a special character by other tools.
bsc#999582
- fix go_arches definition: use global instead of define, otherwise
it fails to build
- Add dockerd(8) man page.
- add missing patch to changelog
- fix integration test case
- add integration-cli-fix-TestInfoEnsureSucceeds.patch
- update rpmlintrc
- make test timeout configurable
- Remove noarch from docker-test, which was causing lots of fun issues when
trying to run them.
- Fix build for ppc64le: use static libgo for dockerd and docker-proxy
as in docker build.
- Update docker to 1.12.1 (bsc#996015)
see changelog in https://github.com/docker/docker/releases/tag/v1.12.1
- Add asaurin@suse.com's test.sh test script.
- Add integration test binary in docker.spec file. This is work done by
asaurin@suse.com.
- Package docker-proxy (which was split out of the docker binary in 1.12).
boo#995620
- fix bsc#995102 - Docker "/migrator"/ prevents installing "/docker"/,
if docker 1.9 was installed before but there were no images
- Update docker.service file with several changes.
* Reapply fix for bsc#983015 (Limit*=infinity).
* Specify an "/OCI"/ runtime for our runc package explicitly. bsc#978260
- remove disable-pprof-trace.patch: We can remove this patch because
we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
- add go_arches in project configuration: this way, we can use the
same spec file but decide in the project configuration if to
use gc-go or gcc-go for some archs.
- use gcc6-go instead of gcc5-go (bsc#988408)
- build ppc64le with gc-go because this version builds with gc-go 1.6
- remove bnc964673-boltdb-metadata-recovery.patch because it has already
been merged
- update to v1.12.0 (bsc#995058)
see detailed changelog at
https://github.com/docker/docker/releases/tag/v1.12.0
- disable test that fail in obs build context
- only run unit tests on architectures that provide the go list and go test
tools
- disable dockerd, parser, integration test, and devicemapper related tests
on versions below SLE12 and openSUSE_13.2
- bump test timeout to 10m (for aarch64)
- run unit tests during the build
- Adapt docker.service file.
- adapt install sections for gccgo builds: gccgo build are not built in separate
folders for client and daemon. They both reside in dyngccgo.
- gcc-go-patch: link against systemd when compiling the daemon.
- Add disable-pprof-trace.patch
pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
packages. This patch comments out the pprof.Trace() section.
- update gcc-go-patch and docker-mount-secrets.patch
- Fixed binary split, install both required binaries correctly
* Explicitly state the version dependencies for runC and containerd, to
avoid potential issues with incompatible component versions. These
must be updated *each time we do a release*. bsc#993847
- Don't exit mid install, add the ability to not restart the docker
service during certain updates with long migration phases
bsc#980555
- remove kernel dependency (bsc#987198)
- remove sysconfig.docker.ppc64le patch
setting iptables option on ppc64le works now (bsc#988707)
- fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
syntax error
* Update docker.service to include changes from upstream, including the
soon-to-be-merged patch https://github.com/docker/docker/pull/24307,
which fixes bnc#983015.
- readd dropped declaration for patch200
* Removed patches:
- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
* Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
* Networking
* Fix a stale endpoint issue on overlay networks during ungraceful restart
(#23015)
* Fix an issue where the wrong port could be reported by docker
inspect/ps/port (#22997)
* Runtime
* Fix a potential panic when running docker build (#23032)
* Fix interpretation of --user parameter (#22998)
* Fix a bug preventing container statistics to be correctly reported (#22955)
* Fix an issue preventing container to be restarted after daemon restart
(#22947)
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
* Fix a possible deadlock on image deletion and container attach (#22918)
* Fix an issue where containers fail to start after a daemon restart if they
depend on a containerized cluster store (#22561)
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
(#22168, #23067)
* Fix a bug preventing to docker exec into a container when using
devicemapper (#22168, #23067)
- Fix udev files ownership
- Pass over with spec-cleaner, no factual changes
* Make sure we *always* build unstripped Go binaries.
* Add a patch to fix database soft corruption issues if the Docker dameon dies
in a bad state. There is a PR upstream to vendor Docker to have this fix as
well, but it probably won't get in until 1.11.2. bnc#964673
(https://github.com/docker/docker/pull/22765)
+ bnc964673-boltdb-metadata-recovery.patch
* Remove conditional Patch directive for SUSE secrets, since conditionally
including patches results in incompatible .src.rpms. The patch is still
applied conditionally.
* Update to Docker 1.11.1. Changelog from upstream:
* Distribution
- Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
* Documentation
+ Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
* Builder
* Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
* Networking
- Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
- Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
* Runtime
- Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
- Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
- Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
- Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
- Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
- Removed scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
- Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
- Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
- Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
- Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
- Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
- Revert deprecation of non-existing host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
- Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
- Fix go version to 1.5 (bsc#977394)
- Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
+ cve-2016-3697-numeric-uid.patch
The upstream PR is here[1] and was vendored into Docker here[2].
[1]: https://github.com/opencontainers/runc/pull/708
[2]: https://github.com/docker/docker/pull/21665
- Supplemnent zsh from zsh-completion
* zsh-completion will be automatically installed if zsh and
docker are installed
- Remove gcc5_socker_workaround.patch: This patch is not needed anymore
since gcc5 has been updated in all platforms
* Removed patches that have been fixed upstream and in gcc-go:
- boltdb_bolt_powerpc.patch
- fix-apparmor.patch
- fix-btrfs-ioctl-structure.patch
- fix-docker-init.patch
- libnetwork_drivers_bridge_powerpc.patch
- ignore-dockerinit-checksum.patch
* Require containerd, as it is the only currently supported Docker execdriver.
* Update docker.socket to require containerd.socket and use --containerd in
docker.service so that the services are self-contained.
* Update to Docker 1.11.0. Changelog from upstream:
* Builder
- Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
- Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
* Client
* Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
+ The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
* Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
* Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
- Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
- Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
* Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
- Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
+ Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
+ Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
* `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
* `docker info` now also report Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
- Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
* Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
* `docker ps` no longer show exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
- Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
* Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
* Distribution
- Fix a panic that occurred when pulling an images with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
- Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
+ All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
+ OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
* `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
* `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
* Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
* Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
- Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
- Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
* Logging
- Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
* Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
* Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
* Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
+ Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
* Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
+ The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
+ Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
* Misc
+ When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/c))
+ Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
+ Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
* The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
- Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
- Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
* Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
* Docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
* Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
* `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
+ Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
+ Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
* Networking
- Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
- Fix "/error creating vxlan interface"/ when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
* `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
+ Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
* Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
- Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
* `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
+ Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
* Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
- Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
* Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
- Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
- Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
- Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
- Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
- Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
- Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
- Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
- For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
- Fix a panic when deleting an entry from /etc/hosts file ([#21019](https://github.com/docker/docker/pull/21019))
- Source the forwarded DNS queries from the container net namespace ([#21019](https://github.com/docker/docker/pull/21019))
- Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
- Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
* Plugins
- Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
- Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
* Runtime
- Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
- Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
- Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
- Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
+ It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
+ `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
+ Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
* Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
* Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
- Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
- Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
- Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
- Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
- Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
- Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
* Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
- Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
* The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
+ Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
- Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
+ Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
- Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
+ Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
+ Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
- Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
* Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
- Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
* `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
* `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
+ Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
- `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
- Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
- Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
- Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
* Security
* Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
* `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
* `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
* Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
* Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
* Volumes
* Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
* Local volumes can now accepts options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
- Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
+ `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
- docker.spec: apply gcc5 socket patch also for sle12 and leap
because gcc5 has been updated there as well.
- docker.spec: add a "/is_opensuse"/ check for the mount-secrets patch.
This way we can use this same package for opensuse.
- use go-lang for aarch64:
- drop fix_platform_type_arm.patch (works around a gcc-go bug, so
unnecessary)
- Add patch from upstream (https://github.com/docker/docker/pull/21723) to fix
compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
+ fix-btrfs-ioctl-structure.patch bnc#974208
- Changed systemd unit file and default sysconfig file to include network options,
this is needed to get SDN like flannel to work
- docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
by the migration script.
- docker.spec: only Reccomends: the docker-image-migrator package as it is no
longer required for our ugly systemctl hacks.
- docker.spec: fix up documentation to refer to the script you need to run in
the migrator package.
- docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
- spec: switch to new done file name from docker-image-migrator
- update to docker 1.10.3 (bnc#970637)
Runtime
Fix Docker client exiting with an "/Unrecognized input header"/ error #20706
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
Distribution
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
Plugin system
Fix issue preventing volume plugins to start when SELinux is enabled #20834
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
Fix plugin system leaking file descriptors if a plugin has an error #20680
Security
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
Fix user namespaces not working on Linux From Scratch #20685
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
More at https://github.com/docker/docker/releases/tag/v1.10.3
- spec: improve file-based migration checks to make sure that it doesn't cause
errors if running on a /var/lib/docker without /var/lib/docker/graph.
- spec: implement file-based migration checks. The migrator will be updated to
match the warning message's instructions. This looks like it works with my
testing.
- more patches to build on ppc64 architecture
update netlink_gcc_go.patch
new netlink_netns_powerpc.patch
new boltdb_bolt_powerpc.patch
new libnetwork_drivers_bridge_powerpc.patch to replace
deleted fix-ppc64le.patch
- fix bsc#968972 - let docker manage the cgroups of the processes
that it launches without systemd
- Require docker-image-migrator (bnc#968933)
Update to version 1.10.2 (bnc#968933)
- Runtime
Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
Fix chown permissions used during docker cp when userns is used #20446
Fix configuration loading issue with all booleans defaulting to true #20471
Fix occasional panic with docker logs -f #20522
- Distribution
Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
Handle gracefully a corner case when canceling migration #20372
Fix docker import on compressed data #20367
Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
- Networking
Fix daemon crash if embedded DNS is sent garbage #20510
- Volumes
Fix issue with multiple volume references with same name #20381
- Security
Fix potential cache corruption and delegation conflict issues #20523
link to changelog:
https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
- fix-apparmor.patch: switch to a backported version of docker/docker#20305,
which also fixes several potential issues if the major version of apparmor
changes.
- Remove 1.10.0 tarball.
- Update to docker 1.10.1
It includes some fixes to 1.10.0, see detailed changelog in
https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
- Update docker to 1.10.0 (bnc#965918)
Add usernamespace support
Add support for custom seccomp profiles
Improvements in network and volume management
detailed changelog in
https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
- removed patches, because code has been merged in 1.10.0 release:
libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
use_fs_cgroups_by_default.patch
fix_cgroup.parent_path_sanitisation.patch
add_bolt_ppc64.patch
add_bolt_arm64.patch
add_bolt_s390x.patch
- remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
- removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- added patches:
fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
Which "/fixes"/ the data type for RawSockaddr.Data
However, docker now expects the "/wrong"/ data type, since docker had a workaround
for that issue.
Thus, we need to workaround the workaround in tumbleweed
netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
version 2.8 and not openSUSE which has version 2.9.
fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
- reviewed patches:
ignore-dockerinit-checksum.patch: review context in patch
fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
gcc-go-patches.patch: review context in patch
- Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
However, for version 1.10, we need go 1.5.3
see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
- fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
- docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
- docker-mount-secrets.patch: properly register /run/secrets as a
mountpoint, so that it is unmounted properly when the container
is removed and thus container removal works. (bnc#963142)
- docker-mount-secrets.patch: in addition, add some extra debugging
information to the secrets patch.
- fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
in weird circumstances. https://github.com/docker/docker/issues/14203
- fix_bnc_958255.patch: fix Docker creates strange apparmor profile
(bnc#958255)
- use_fs_cgroups_by_default.patch: Use fs cgroups by default:
https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0
- fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
sanitisation:
https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02
- Add rules for auditd. This is required to fix bnc#959405
- Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
* Removed:
- docker_missing_ppc64le_netlink_linux_files.patch: the code that this
bug refers to has benn removed upstream
- docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
refers to has been removed upstream
- Remove fix_15279.patch: code has been merged upstream
- Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
- Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
merged upstream
- Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
has been removed upstream
- Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
this patch is giving the error we were trying to fix, implying that the
code has been fixed somewhere else.
* Added:
- add_bolt_ppc64.patch
- add_bolt_arm64.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
- docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
- docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
- gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
In order to do this, we had to work-around an issue from gcc-go:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69357
* Modify:
- Upgrade to 1.9.1(bnc#956434)
* Runtime:
- Do not prevent daemon from booting if images could not be restored
(#17695)
- Force IPC mount to unmount on daemon shutdown/init (#17539)
- Turn IPC unmount errors into warnings (#17554)
- Fix `docker stats` performance regression (#17638)
- Clarify cryptic error message upon `docker logs` if `--log-driver=none`
(#17767)
- Fix seldom panics (#17639, #17634, #17703)
- Fix opq whiteouts problems for files with dot prefix (#17819)
- devicemapper: try defaulting to xfs instead of ext4 for performance
reasons (#17903, #17918)
- devicemapper: fix displayed fs in docker info (#17974)
- selinux: only relabel if user requested so with the `z` option
(#17450, #17834)
- Do not make network calls when normalizing names (#18014)
* Client:
- Fix `docker login` on windows (#17738)
- Fix bug with `docker inspect` output when not connected to daemon
(#17715)
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
* Builder:
- Fix regression with symlink behavior in ADD/COPY (#17710)
* Networking:
- Allow passing a network ID as an argument for `--net` (#17558)
- Fix connect to host and prevent disconnect from host for `host` network
(#17476)
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
is not the first block in the network (#17853)
- Restore deterministic `IPv6` generation from `MAC` address on default
`bridge` network (#17890)
- Allow port-mapping only for endpoints created on docker run (#17858)
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
* Distribution:
- Correct parent chain in v2 push when v1Compatibility files on the disk
are inconsistent (#18047)
- Update to version 1.9.0 (bnc#954812):
* Runtime:
- `docker stats` now returns block IO metrics (#15005)
- `docker stats` now details network stats per interface (#15786)
- Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
containers based on their ancestor images (#14570)
- Add `label=<somelabel>` filter to `docker ps --filter` to filter
containers based on label (#16530)
- Add `--kernel-memory` flag to `docker run` (#14006)
- Add `--message` flag to `docker import` allowing to specify an optional
message (#15711)
- Add `--privileged` flag to `docker exec` (#14113)
- Add `--stop-signal` flag to `docker run` allowing to replace the
container process stopping signal (#15307)
- Add a new `unless-stopped` restart policy (#15348)
- Inspecting an image now returns tags (#13185)
- Add container size information to `docker inspect` (#15796)
- Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
(#17275)
- Remove the deprecated `/container/ps` endpoint from the API (#15972)
- Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
- Share shm and mqueue between containers sharing IPC namespace (#15862)
- Event stream now shows OOM status when `--oom-kill-disable` is
set (#16235)
- Ensure special network files (/etc/hosts etc.) are read-only if
bind-mounted
with `ro` option (#14965)
- Improve `rmi` performance (#16890)
- Do not update /etc/hosts for the default bridge network, except for links
(#17325)
- Fix conflict with duplicate container names (#17389)
- Fix an issue with incorrect template execution in `docker inspect`
(#17284)
- DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
(#16271)
* Client:
- Allow `docker import` to import from local files (#11907)
* Builder:
- Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
stop-signal for the container process (#15307)
- Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
`docker build`
that allows to add build-time environment variables (#15182)
- Improve cache miss performance (#16890)
* Storage:
- devicemapper: Implement deferred deletion capability (#16381)
* Networking:
- `docker network` exits experimental and is part of standard release
(#16645)
- New network top-level concept, with associated subcommands and API
(#16645)
WARNING: the API is different from the experimental API
- Support for multiple isolated/micro-segmented networks (#16645)
- Built-in multihost networking using VXLAN based overlay driver (#14071)
- Support for third-party network plugins (#13424)
- Ability to dynamically connect containers to multiple networks (#16645)
- Support for user-defined IP address management via pluggable IPAM drivers
(#16910)
- Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
nodes discovery (#16229)
- Add `--cluster-store-opt` for setting up TLS settings (#16644)
- Add `--dns-opt` to the daemon (#16031)
- DEPRECATE following container `NetworkSettings` fields in API v1.21:
`EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
`IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
Those are now specific to the `bridge` network. Use
`NetworkSettings.Networks` to inspect
the networking settings of a container per network.
* Volumes:
- New top-level `volume` subcommand and API (#14242)
- Move API volume driver settings to host-specific config (#15798)
- Print an error message if volume name is not unique (#16009)
- Ensure volumes created from Dockerfiles always use the local volume driver
(#15507)
- DEPRECATE auto-creating missing host paths for bind mounts (#16349)
* Logging:
- Add `awslogs` logging driver for Amazon CloudWatch (#15495)
- Add generic `tag` log option to allow customizing container/image
information passed to driver (e.g. show container names) (#15384)
- Implement the `docker logs` endpoint for the journald driver (#13707)
- DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
* Distribution:
- `docker search` now works with partial names (#16509)
- Push optimization: avoid buffering to file (#15493)
- The daemon will display progress for images that were already being
pulled by another client (#15489)
- Only permissions required for the current action being performed are
requested (#)
- Renaming trust keys (and respective environment variables) from `offline`
to `root` and `tagging` to `repository` (#16894)
- DEPRECATE trust key environment variables
`DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
`DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
* Security:
- Add SELinux profiles to the rpm package (#15832)
- Fix various issues with AppArmor profiles provided in the deb package
(#14609)
- Add AppArmor policy that prevents writing to /proc (#15571)
- Change systemd unit file to no longer use the deprecated "/-d"/ option
(bnc#954737)
- Changed docker-mount-secrets.patch: allow removal of containers
even when the entry point failed. bnc#954797
- Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
- Merged the fix_libsecomp_error_bnc_950931.patch and the
fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
- Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
had created and empty file jump_amd64.go instead of removing it.
This broke the build for x86_64.
This commit fixes it by removing that empty file.
fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
removes empty file jump_amd64.go
- Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
type.
gcc5_socket_workaround.patch
- Add patches for fixing ppc64le build (bnc#950931)
fix_libsecomp_error_bnc_950931.patch
fix_incompatible_assignment_error_bnc_950931.patch
docker_missing_ppc64le_netlink_linux_files.patch
- Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
with the previous patches.
- Exclude libgo as a requirement. The auto requires script was adding
libgo as a requirement when building with gcc-go which was wrong.
- Add patch for missing systemcall for s390x. See
https://github.com/docker/docker/commit/eecf6cd48cf7c48f00aa8261cf431c87084161ae
add_missing_syscall_for_s390x.patch: contains the patch
- Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
thus we don't want to exclude sle12sp1 but only sle12.
- Update docker to 1.8.3 version:
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
- Update docker to 1.8.2 version
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.2
fix bsc#946653 update do docker 1.8.2
- devicemapper: fix zero-sized field access
Fix issue #15279: does not build with Go 1.5 tip
Due to golang/go@7904946
the devices field is dropped.
This solution works on go1.4 and go1.5
See more in https://github.com/docker/docker/pull/15404
This fix was not included in v1.8.2. See previous link
on why.
fix_15279.patch: contains the patch for issue#15279
- new patch as per upstream issue
https://github.com/docker/docker/issues/14056#issuecomment-113680944
docker_rename_jump_amd64_as_jump_linux.patch
- ignore-dockerinit-checksum.patch need -p1 in spec
- Update to docker 1.8.1(bsc#942369 and bsc#942370):
- Fix a bug where pushing multiple tags would result in invalid images
- Update to docker 1.8.0:
see detailed changelog in
https://github.com/docker/docker/releases/tag/v1.8.0
- remove docker-netns-aarch64.patch: This patch was adding
vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go
which is now included upstream, so we don't need this patch anymore
- Remove 0002-Stripped-dockerinit-binary.patch because we do not
use it anymore (we got rid of that when updating to 1.7.1)
- Exclude archs where docker does not build. Otherwise it gets into
and infinite loop when building.
We'll fix that later if we want to release for those archs.
- Update to 1.7.1 (2015-07-14) (bnc#938156)
* Runtime
- Fix default user spawning exec process with docker exec
- Make --bridge=none not to configure the network bridge
- Publish networking stats properly
- Fix implicit devicemapper selection with static binaries
- Fix socket connections that hung intermittently
- Fix bridge interface creation on CentOS/RHEL 6.6
- Fix local dns lookups added to resolv.conf
- Fix copy command mounting volumes
- Fix read/write privileges in volumes mounted with --volumes-from
* Remote API
- Fix unmarshalling of Command and Entrypoint
- Set limit for minimum client version supported
- Validate port specification
- Return proper errors when attach/reattach fail
* Distribution
- Fix pulling private images
- Fix fallback between registry V2 and V1
- Exclude init scripts other than systemd from the test-package
- Exclude intel 32 bits arch. Docker does not built on that. Let's
make it explicit.
- rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
to make them apply again.
- introduce go_arches for architectures that use the go compiler
instead of gcc-go
- add docker-netns-aarch64.patch: Add support for AArch64
- enable build for aarch64
- Build man pages only on platforms where gc compiler is available.
- Updated to 1.7.0 (2015-06-16) - bnc#935570
* Runtime
- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
- The `exec` command supports the `-u|--user` flag to specify the new process owner
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
- Container block IO can be controlled in `docker run` using`--blkio-weight`
- ZFS support
- The `docker logs` command supports a `--since` argument
- UTS namespace can be shared with the host with `docker run --uts=host`
* Quality
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
* Build
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
* Distribution
- Client support for v2 mirroring support for the official registry
* Bugfixes
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
and fixed to build with latest version of docker
- Add test subpackage and fix line numbers in patches
- Fixed ppc64le name inside of spec file
- Build docker on PPC and S390x using gcc-go provided by gcc5
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
despite some iptables issues. To be removed soon
* ignore-dockerinit-checksum.patch: applied only when building with
gcc-go. Required to workaround a limitation of gcc-go
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
link libgo statically into docker itself.
- Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
from SUSEConnect by the container service
- Automatically set SCC_URL environment variable inside of the
containers by parsing the /etc/SUSEConnect.example file
* Add set-SCC_URL-env-variable.patch
- Place SCC machine credentials inside of /run/secrets/credentials.d
* Edit docker-mount-scc-credentials.patch¬
- pass the SCC machine credentials to the container
* Add docker-mount-scc-credentials.patch
- build and install man pages
- Update to version 1.6.2 (2015-05-13) [bnc#931301]
* Revert change prohibiting mounting into /sys
Updated to version 1.6.1 (2015-05-07) [bnc#930235]
* Security
- Fix read/write /proc paths (CVE-2015-3630)
- Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
- Fix opening of file-descriptor 1 (CVE-2015-3627)
- Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
- Prohibit mount of /sys
* Runtime
- Update Apparmor policy to not allow mounts
- Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
changes introduced by docker 1.6.1
- Get rid of SocketUser and SocketGroup workarounds for docker.socket
- Updated to version 1.6.0 (2015-04-07) [bnc#908033]
* Builder:
+ Building images from an image ID
+ build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
+ `commit --change` to apply specified Dockerfile instructions while committing the image
+ `import --change` to apply specified Dockerfile instructions while importing the image
+ basic build cancellation
* Client:
+ Windows Support
* Runtime:
+ Container and image Labels
+ `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
+ Logging drivers, `json-file`, `syslog`, or `none`
+ Pulling images by ID
+ `--ulimit` to set the ulimit on a container
+ `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
- Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
the latest version of Docker.
- bnc#908033: support of Docker Registry API v2.
- enable build for armv7l
- Updated docker.spec to fixed building with the latest version of our
Go pacakge.
- Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
the docker daemon against the dockerinit binary.
- Updated systemd service and socket units to fix socket activation
and to align with best practices recommended by upstram. Moreover
socket activation fixes bnc#920645.
- Updated to 1.5.0 (2015-02-10):
* Builder:
- Dockerfile to use for a given `docker build` can be specified with
the `-f` flag
- Dockerfile and .dockerignore files can be themselves excluded as part
of the .dockerignore file, thus preventing modifications to these files
invalidating ADD or COPY instructions cache
- ADD and COPY instructions accept relative paths
- Dockerfile `FROM scratch` instruction is now interpreted as a no-base
specifier
- Improve performance when exposing a large number of ports
* Hack:
- Allow client-side only integration tests for Windows
- Include docker-py integration tests against Docker daemon as part of our
test suites
* Packaging:
- Support for the new version of the registry HTTP API
- Speed up `docker push` for images with a majority of already existing
layers
- Fixed contacting a private registry through a proxy
* Remote API:
- A new endpoint will stream live container resource metrics and can be
accessed with the `docker stats` command
- Containers can be renamed using the new `rename` endpoint and the
associated `docker rename` command
- Container `inspect` endpoint show the ID of `exec` commands running in
this container
- Container `inspect` endpoint show the number of times Docker
auto-restarted the container
- New types of event can be streamed by the `events` endpoint: ‘OOM’
(container died with out of memory), ‘exec_create’, and ‘exec_start'
- Fixed returned string fields which hold numeric characters incorrectly
omitting surrounding double quotes
* Runtime:
- Docker daemon has full IPv6 support
- The `docker run` command can take the `--pid=host` flag to use the host
PID namespace, which makes it possible for example to debug host processes
using containerized debugging tools
- The `docker run` command can take the `--read-only` flag to make the
container’s root filesystem mounted as readonly, which can be used in
combination with volumes to force a container’s processes to only write to
locations that will be persisted
- Container total memory usage can be limited for `docker run` using the
`—memory-swap` flag
- Major stability improvements for devicemapper storage driver
- Better integration with host system: containers will reflect changes
to the host's `/etc/resolv.conf` file when restarted
- Better integration with host system: per-container iptable rules are moved
to the DOCKER chain
- Fixed container exiting on out of memory to return an invalid exit code
* Other:
- The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
properly taken into account by the client when connecting to the
Docker daemon
- Updated to 1.4.1 (2014-12-15):
* Runtime:
- Fix issue with volumes-from and bind mounts not being honored after
create (fixes bnc#913213)
- Added e2fsprogs as runtime dependency, this is required when the
devicemapper driver is used. (bnc#913211).
- Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
- Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
bnc#907014 (CVE-2014-6408)
* Security:
- Fix tar breakout vulnerability
- Extractions are now sandboxed chroot
- Security options are no longer committed to images
* Runtime:
- Fix deadlock in `docker ps -f exited=1`
- Fix a bug when `--volumes-from` references a container that failed to start
* Registry:
- `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
- Private registries whose IPs fall in the 127.0.0.0/8 range do no need
the `--insecure-registry` flag
- Skip the experimental registry v2 API when mirroring is enabled
- Fixed minor packaging issues.
- Updated to version 1.3.1 2014-10-28)
* Security:
- Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
registry [CVE-2014-5277]
- Secure HTTPS connection to registries with certificate verification and
without HTTP fallback unless `--insecure-registry` is specified
* Runtime:
- Fix issue where volumes would not be shared
* Client:
- Fix issue with `--iptables=false` not automatically
setting `--ip-masq=false`
- Fix docker run output to non-TTY stdout
* Builder:
- Fix escaping `$` for environment variables
- Fix issue with lowercase `onbuild` Dockerfile instruction
- Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
`WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
- Upgraded to version 1.3.0 (2014-10-14)
* docker `exec` allows you to run additional processes inside existing containers
* docker `create` gives you the ability to create a container via the cli without executing a process
* `--security-opts` options to allow user to customize container labels and apparmor profiles
* docker `ps` filters
* wildcard support to copy/add
* move production urls to get.docker.com from get.docker.io
* allocate ip address on the bridge inside a valid cidr
* use drone.io for pr and ci testing
* ability to setup an official registry mirror
* Ability to save multiple images with docker `save`
- dos2unix
-
- Update to 7.3.5
* New option --allow-chown to allow file ownership change
in old file mode.
- Replace suboptimal find ;
- Use find -exec instead of find | xargs: helps handle cases for
files with spaces and quotes in their filenames.
- Update to 7.3.5
- Update to 7.3.4
- Update to 7.3.3
- Update to 7.3.2
* New: Swedish translation of messages and manual.
* Updated: Danish and Brazilian Portuguese translations.
* Fix: The -iso option was misinterpreted as a corrupted -i option.
* Fix: Compilation for MSYS 1.
- Update to 7.3.1
* New: Simplified Chinese translation of messages and manual.
* Fix: Compilation error "/'wchar_t' undeclared"/ when Unicode support is disabled.
* Fix: Compilation errors when MinGW compiler was used (MinGW-w64 was OK).
- Update to 7.3
* New: Unicode file name support on Windows.
* Fix: Options -ul and -ub caused option -i to report wrong BOM for no_bom.
- Update to 7.2.3
* Fix: Check for file I/O errors while reading input files, and added
a few missing checks while writing output files.
* Fix: Compilation for msys.
- Update to 7.2.2
* Fix: Fixed symlink support on FreeBSD.
* Fix: Skip GB18030 test on FreeBSD.
* Fix: When conversion of an UTF-16 file with binary symbols was forced,
null characters were not written in the output.
* Fix: Check UTF-16 input for invalid surrogate pairs.
- Update to 7.2.1
* Fix: Skip the GB18030 tests when the system does not support the
Chinese locale with GB18030 character encoding.
* Fix: Small corrections in the manual in section GB18030 and OPTIONS -m.
- Update to 7.2
* New: Japanese translation of the UI messages.
* New: Support Chinese GB18030 locale.
* Change: On Unix/Linux convert UTF-16 to the locale encoding. It is
no longer required that the locale encoding is UTF-8.
- Fixed license type: BSD-2-Clause
- Added missing manual translations: da, fr, pt_BR.
- Update to 7.1:
* New: Option -i, --info to print file information.
This new option prints number of DOS, Unix, and Mac line breaks, the byte
order mark, and if the file is text or binary. And it can print the names
of files that would be converted.
Version 7.0
* New: automated self-tests.
* New: option -u to keep UTF-16 encoding.
* New: option -v to print information about BOMs and converted line breaks.
* Change: stdio mode does not automatically set quiet mode.
* Change: stdio mode does not automatically force conversion of binaries.
An error is returned when the stdin stream contains a binary symbol.
* Bugfix: dos2unix -l created DOS line breaks from Mac line breaks.
* Bugfix: system error number was not always returned.
* Bugfix: an Unicode input file disabled 7bit and iso mode for next input files.
* Bugfix: mac2unix help text, options -b and -r.
* The code has been cleaned up.
- Update to 6.0.6:
* Bugfix: mac2unix conversion produced corrupted output from
UTF-16 input file.
* New options -b (keep BOM) and -r (remove BOM).
* New translation of the UI messages: Norwegian Bokmaal.
- Update to 6.0.5
* Dos2unix is part of the Translation Project (TP).
All translations go via the Translation Project.
See http://translationproject.org/
* New translations of UI messages: Brazilian Portuguese, Chinese (traditional),
Danish, French, Hungarian, Polish, Serbian, Ukrainian, Vietnamese.
* New translations of the manual: Brazilian Portuguese, French, German,
Polish, Ukrainian.
* Generated man pages are included in the source package to prevent
compilation problems with very old or very new perl/pod2man versions.
* Manuals are now generated from gettext PO files with po4a for easier
translation.
* All manuals are now in UTF-8 encoding.
* Skip symbolic links on Windows by default (same as on Unix).
- Update to 6.0.4.
* New options -ul and -ub to conver UTF-16 files without BOM
* New Russian translation of the messages
* Build 32 bit Windows binaries with Large File Support (LFS) by
using mingw-w64 for 32 bit Windows
* When a binary symbol is encountered the value is printed
- Update to 6.0.3. Changes since 6.0:
- Version 6.0.3
* Source code compiles with Microsoft Visual C.
* Print system error when writing output fails.
- Version 6.0.2
* The locale encoding detection when NLS was disabled has been fixed.
* Print line number when a binary symbol is found.
* Updated makefiles for Watcom C, and added a new one for OS/2.
- Version 6.0.1
* Update Spanish translations.
* Update manual.
- fix build against openSUSE:Factory / standard: man page paths
- update to 6.0:
* Conversion of Windows UTF-16 files to Unix UTF-8 files
* Conversion of Unix UTF-8 files to Windows UTF-8 files with byte
order mark
- Update to 5.3.3:
- enabled wildcard expansion
- small update in RETURN VALUE section of man page
- removed dos2unix-correct_ending.patch (instead pass HTMLEXT="/html"/
to make)
- Update to 5.3.2:
- Change of hmoepage URL.
- All other changes are for non Unix platforms.
- Don't recompress the package anymore.
- cross-build fix: use %__cc macro
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)
- Update to 5.3.1:
* Spanish tranlation of messages and manual.
* File ownership is maintained in old file mode (Unix only).
* Dos2unix and Unix2dos share the same language files.
* Code cleanup.
- Add buildrequire on xz.
- Repackage with xz.
- Open all fds with O_CLOEXEC.
- Version update to 5.3
- removed patch dos2unix-no_pdf.patch, this version doesn't
generate pdf/ps documents.
- updated dos2unix-correct_ending.patch
- fixed Url: in the spec file
- Don't generate ps/pdf documents, thus no need for ghostscript.
- Update to 5.2:
ISO conversion mode supports same DOS code pages as SunOS dos2unix does:
CP437 (US), CP850 (Western European), CP860 (Portuguese),
CP863 (French Canadian), and CP865 (Nordic).
ISO conversion mode supports Windows code page CP1252 (Western).
SunOS compatible options -ascii, -iso, -7, -437, -850, -860, -863, and -865.
Active code page detection for ISO mode.
Fixed ISO conversion of non-breaking space (NBSP).
Treat ASCII Form Feed control characters as valid text.
Update manual pages.
Don't include generated documentation files in Unix source package.
- Suffix for HTML pages is .html not .htm
- remove unsupported locales
- fix file list
- Use %_smp_mflags
- Update 5.1.1:
* Added Dutch translation of the manual
* Updated German translation
- Add eo-x directories to fix build.
- Update to 5.1:
* Esperanto translations have been added.
* Command-line options can be set in stdio mode.
* Localization information has been added to the manual.
* Man pages have been merged.
* Man page generation from Perl POD file.
- Update to 5.0:
* Dos2unix and Unix2dos have been bundled in a single package.
* German translations have been added.
* Dos2unix -l --newline also works in MAC mode.
* Unix2dos also got option -l, --newline.
* Added MAC mode to Unix2dos: Convert Unix line endings to Mac line endings.
* Cleanup of messages and manual.
- Update to 4.1.2:
* dos2unix.c: Preserve file mode in 'new file mode'.
* Makefile: Allow CFLAGS to be set externally.
- Adapt Makefile patch and German message catalog.
- fix translation
- Update to 4.0:
* version 4.0
* Added internationalisation using gettext.
* Added Dutch translation.
* New option -L/--license that prints software license.
* Code cleanup
* Update manual
* version 3.2
* version.mk: New file.
* README: New file.
* INSTALL: Updated.
* Makefile: Makefile according GNU standards.
* ChangeLog : New file.
* Applied all patches from RedHat:
- Use DESTDIR only in install makefile targets.
- Add a German translation.
- enable parallel building
- Don't destroy original file if the output is on a different file
system (bnc#488261).
- dosfstools
-
- Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863)
to work with different size of clusters.
- Update to version 4.1:
* Now the default for mkfs for filesystems smaller than 512 MB is
64 / 32 sectors
* The parsing of octal character specifications for filenames in
the -u and -d 25 options of fsck now works.
* Fixed a possible fatlabel crash when writing a label to an
unlabelled filesystem
* Testsuite is now available
- Update to 4.0
* Switch build system to autotools.
* Fixed data corruption errors in fsck.fat Writing to the third
to last cluster on FAT12 with an odd number of clusters would
corrupt the following cluster.
* The automatic alignment of data clusters that was added in
3.0.8 and broken for FAT32 starting with 3.0.20 has been
reinstated.
- Small spec file cleanup
- Drop no longer needed dosfstools-suse-dirs.patch
- Update to 3.0.28
* mkfs.fat now allows choosing 0xF0 as the media byte which was
previously rejected.
* mkfs.fat now supports the --invariant option to facilitate
testing mkfs.fat itself.
* Bugs fixed in fsck.fat are a read one byte beyond the end of
an allocated array when checking some FAT12 filesystems, and
checking that the first cluster of a file as specified in the
directory entry is not 1.
- Cleanup spec file with spec-cleaner
- fix url
- updated to 3.0.27:
* fsck.fat: Don't print version string every time -v is
encountered
* Fix attempt to rename root dir in fsck due to uninitialized
fields
* Support long file names in volume labeling code
- upstream changed
- Drop gpg-offline build-time requirement; this is now handled by
the local source validator
- added fsck.{v,}fat and mkfs.{v,}fat compat symlinks in /sbin
[bnc#884516]
- call spec-cleaner
- updated to 3.0.26:
* Fix "/odd"/ files created by frequent power-loss.
- updated to 3.0.25:
* Prevent corruption of FAT during fsck on 64 bit platforms.
unsigned long is 64 bit on x86-64, which means set_fat was writing two
entries, which corrupts the next entry. This can cause loss of data in
another file.
* Fixed remaining 64 bit build warnings.
- dracut
-
- Update to version 049.1+suse.203.g8ee14a90:
* fix(suse-initrd): use $kernel rather than $(uname -r)
* fix(suse-initrd): exclude modules that are built-in (bsc#1185646)
* fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
* docs: fix reference to insmodpost module (bsc#1187774)
- Update to version 049.1+suse.196.g8706843b:
* fix(suse-initrd): restore INITRD_MODULES in mkinitrd script
* fix(suse-initrd): call dracut_instmods with hostonly=
- Update to version 049.1+suse.192.g00425ead:
* fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
* fix(suse-initrd) fix list of modprobe.d directories
* fix(install): handle $LIB in ldd output parsing (bsc#1185615)
- Update to version 049.1+suse.188.gbf445638:
* 90kernel-modules-extra: don't resolve symlinks before instmod (bsc#1185277)
- Update to version 049.1+suse.187.g63c1504f:
* fix(shutdown): add timeout to umount calls (bsc#1178219)
- Update to version 049.1+suse.186.g320cc3d1:
* network-legacy: fix route parsing issues in ifup (bsc#1182688)
* 90kernel-modules: arm/arm64: Add reset controllers
* Prevent creating unexpected files on the host when running dracut
* As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
- Update to version 049.1+suse.185.g9324648a:
* 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336)
* Prevent creating unexpected files on the host when running dracut (bsc#1176171)
- Update to version 049.1+suse.183.g7282fe92:
* As of v246 of systemd "/syslog"/ and "/syslog-console"/ switches have been deprecated
(multiple backported commits, bsc#1180119)
- Update to version 049.1+suse.174.g150b9981:
* make collect optional (bsc#1177870)
* Inclusion of dracut modifications to enable nvme-fc boot support (bsc#1142248)
* suse.spec: add nvmf module
* 95nvmf: Implement 'fc,auto' commandline syntax
* 95nvmf: add nvmf-autoconnect script
* 95nvmf: Fixup FC connections
* 95nvmf: rework parameter handling
* 95nvmf: fix typo in the example documentation
* 95nvmf: add NVMe over TCP support
* 95nvmf: add module for NVMe-oF
Adds new module 95nvmf, see jsc#ECO-3063.
- Update to version 049.1+suse.171.g65b2addf:
* dracut.sh: FIPS workaround for openssl-libs (bsc#1178217)
* 01fips: turn info calls into fips_info calls (bsc#1164076)
* 00systemd: add missing cryptsetup-related targets (bsc#1177811)
- Update to version 049.1+suse.156.g7d852636:
* net-lib.sh: support infiniband network mac addresses (bsc#996146)
* 95nfs: use ip_params_for_remote_addr() (bsc#1167494)
* 95iscsi: use ip_params_for_remote_addr() (bsc#1167494)
* dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494)
- Update to version 049.1+suse.152.g8506e86f:
* 01fips: modprobe failures during manual module loading is not fatal (bsc#bsc#1169997)
* 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828)
* 95iscsi: fix ipv6 target discovery (bsc#1172807)
* 35network-legacy: correct conditional for creating did-setup file (bsc#1172807)
- Update to version 049.1+suse.148.gc4a6c2dd:
* 95fcoe: load 'libfcoe' module as a fallback (bsc#1173560)
* 99base: enable the initqueue in both 'dracut --add-device' and 'dracut --mount' cases.
(bsc#bsc#1161573)
- Update to version 049.1+suse.146.g6f5195cf:
* 35network-legacy: Fix dual stack setups (bsc#1172807)
- Update to version 049.1+suse.145.g8ae82192:
* 95iscsi: fix missing space when compiling cmdline args (bsc#1172816)
- Update to version 049.1+suse.144.ge0eaf296:
* Add wicked specific config files (bsc#1089333)
- Update to version 049.1+suse.143.g368f585a:
* modules.d: fix udev rules detection of multipath devices (bsc#1171370)
- Update to version 049.1+suse.142.gf8776da4:
* Run format_spec_file
- Update to version 049.1+suse.141.g7563c620:
* network-legacy/net-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1161438)
* 35network-legacy: call initqueue/online for DHCP, too (boo#1161438)
* 90nvdimm: include nvdimm keys in initrd (bsc#1161343)
- Update to version 049.1+git138.9068a629:
* systemd: install systemd-tty-ask-password-agent systemd-ask-password
* Mark interface setup after dhcp (bsc#1167161)
* Store nameserver received from wicked dhcp lease (bsc#1167161)
- Changed scheme to 049.1+suse.139.g8a7d3d9e to match systemd package
* Scheme pattern> <PARENT_TAG>+suse.<TAG_OFFSET>.g<SHA1>
* No functional change
- Update to version 049.1+git135.46dceb02:
* 40network: Do not require hostname binary
* suse.spec: add new modules 90nvdimm and 99suse-initrd
* 95fcoe: default rd.nofcoe to false (bsc#1163343)
* Add module "/99suse-initrd"/ for parsing "/SUSE INITRD"/ lines (bsc#1161343)
Dependent commits:
* Add module "/90nvdimm"/ for NVDIMM support
* 90kernel-modules: remove nfit from static module list
- Update to version 049.1+git129.0f19bbfd:
* 35network-legacy: dhclient is optional (bsc#1166188)
* suse.spec: Create -extra package (bsc#1166188)
* suse.spec: Remove obsolete permission fixups
* 00warpclock: Fix permissions in warpclock.sh
- Update to version 049.1+git125.e2b2c9ef:
* 01fips: handle SHA1 on machines without AVX (bsc#1160318)
* Update: 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git124.70941b30:
* 90kernel-modules: Add PCI host controller modules (boo#1162669)
- Update to version 049.1+git123.c2a6645e:
* dracut: add warning when including unsupported modules (bsc#1163055)
* 01fips: Boot without BOOT_IMAGE being set (bsc#1161292)
* 01fips: Use correct kernel image name for more platforms (bsc#1164076)
- Update to version 049.1+git120.dbfbfcb8:
* 95zfcp_rules/parse-zfcp.sh: remove rule existence check (bsc#1008352)
- Update to version 049.1+git119.abf1a408:
* 30convertfs: adopt for SUSE (boo#1158777)
- Update to version 049+git118.a6090e2f:
* Implement support for verifying the boot with fipscheck (bsc#1158530)
- Update to version 049+git117.d3206e79:
* Remove purge-kernels scripts and service (jsc#SLE-10162)
- Update to version 049+git116.e9995c78:
* dracut.spec: add convertfs module correctly (boo#1158777)
- Update to version 049+git115.c2d8d6fb:
* suse: Remove incorrect usage of %_libexecdir (boo#1155785)
- Update to version 049+git114.058e566c:
* 35network-legacy: only skip waiting for interfaces if netroot is set (bsc#1152006)
* fixup "/Dracut: only login to one target at a time"/ (bsc#1152650)
- Update to version 049+git112.fe41ccd9:
* dracut: move /var/run and /var/lock from directory to symlink (bsc#1149103, ECO#323)
* 35network-legacy: signalize the setup in ifup when dhcp (bsc#1146661)
* 35network-legacy: fix typo
* 35network-legacy: install hostname required by ifup.sh (bsc#1146661)
- Update to version 049+git108.6c9d1156:
* dracut-init.sh: Nuke unused install_kmod_with_fw function
* dracut-install: Support the compressed firmware files correctly (boo#1146769)
* dracut: let module handling function accept optional path option
* dracut.sh: Fix udevdir detection
- Update to version 049+git104.1244eed7:
* mkinitrd-suse.sh: remove trailing "/|"/
- Update to version 049+git103.c8d99b62:
* Add support for compressed kernel modules (boo#1135854)
- Update to version 049+git102.9ee0c387:
* dracut-install: Add support for compressed firmware files (boo#1136677)
- Update to version 049+git101.17c579a0:
* call netroot on wicked dhcp setup
* nfsroot follow ifcfg settings for boot protocol
- Update to version 049+git99.76df40e7:
* 95fcoe: Fix startup when fcoe module is included (boo#1136977)
* tests: Ignore .testdir
* Add support for riscv64
* mkinitrd-suse.sh: simplify get_kernel_version (bsc#1139939)
* 95dasd-rules & 95zfcp_rules: Look for correct rule name (bsc#1137784)
- Update to version 049+git94.aef7a52b:
* ucode: properly include early only ucode (bsc#1098915, bsc#1125393)
* keep network device naming scheme on upgrade (bsc#1136927)
- Bump to 049
- Contains fixes for bsc#1134472, bsc#1134347 and bsc#1133819
- Patches are now maintained in git
* Removed 0012-40network-Fix-race-condition-when-wait-for-networks.patch
* Removed 0013-40network-always-start-netroot-in-ifup.sh.patch
* Removed 0015-40network-replace-dhclient-with-wickedd-dhcp-supplic.patch
* Removed 0016-Add-new-s390x-specific-rule-files.patch
* Removed 0017-45ifcfg-use-distro-specific-scripts.patch
* Removed 0020-00warpclock-Set-correct-timezone.patch
* Removed 0021-95dcssblk-Add-new-module-for-DCSS-block-devices.patch
* Removed 0048-40network-Only-enable-network-interfaces-if-explicit.patch
* Removed 0053-01fips-fixup-loading-issues.patch
* Removed 0056-81cio_ignore-handle-cio_ignore-commandline.patch
* Removed 0057-01fips-Include-some-more-hmacs.patch
* Removed 0058-dracut-add-warning-when-including-unsupported-module.patch
* Removed 0059-99suse-Add-SUSE-specific-initrd-parsing.patch
* Removed 0060-45ifcfg-Add-SUSE-specific-write-ifcfg-file.patch
* Removed 0061-45ifcfg-Fixup-error-message-in-write-ifcfg-suse.patch
* Removed 0075-95dasd_rules-enable-parsing-of-rd.dasd-commandline-p.patch
* Removed 0076-Correctly-set-cio_ignore-for-dynamic-s390-rules.patch
* Removed 0079-95dasd_rules-fixup-rd.dasd-parsing.patch
* Removed 0080-95dasd_rules-print-out-rd.dasd-commandline.patch
* Removed 0081-95dasd_mod-do-not-set-module-parameters-if-dasd_cio_.patch
* Removed 0083-95zfcp_rules-Fixup-rd.zfcp-parsing.patch
* Removed 0085-95zfcp_rules-print-out-rd.zfcp-commandline-parameter.patch
* Removed 0086-95zfcp_rules-Auto-generate-udev-rule-for-ipl-device.patch
* Removed 0087-95dasd_rules-Auto-generate-udev-rule-for-ipl-device.patch
* Removed 0088-91zipl-Add-new-module-to-update-s390x-configuration.patch
* Removed 0089-40network-create-var-lib-wicked-in-ifup.sh.patch
* Removed 0090-dracut-caps-Remove-whole-caps-module.patch
* Removed 0091-dracut-biosdevname-In-SUSE-biosdevname-package-is-in.patch
* Removed 0094-Implement-shortcut-ip-ifname-static-for-static-confi.patch
* Removed 0107-Fixup-typo-firmare-instead-of-firmware.patch
* Removed 0108-91zipl-Store-commandline-correctly.patch
* Removed 0109-95dasd_rules-Store-all-devices-in-commandline.patch
* Removed 0110-95zfcp_rules-Store-all-devices-in-commandline.patch
* Removed 0113-91zipl-Install-script-as-executable.patch
* Removed 0114-91zipl-Translate-ext2-3-into-ext4.patch
* Removed 0116-Mark-scripts-as-executable.patch
* Removed 0117-95dasd_rules-Enable-the-device-before-checking-devic.patch
* Removed 0118-95zfcp_rules-Enable-the-device-before-checking-devic.patch
* Removed 0121-Adjust-initramfs-kernel.img-to-SUSE-default-initrd-k.patch
* Removed 0123-95zfcp_rules-fix-typo-in-module_setup.patch
* Removed 0124-40network-Update-iBFT-scanning-code-to-handle-IPv6.patch
* Removed 0125-40network-separate-mask-and-prefix.patch
* Removed 0126-01fips-Add-drbg-module-to-force-loaded-modules.patch
* Removed 0128-90lvm-Install-dm-snapshot-module.patch
* Removed 0130-nfs-Always-add-all-kernel-modules-for-kdump.patch
* Removed 0131-40network-handle-prefixed-IP-addresses-correctly.patch
* Removed 0132-40network-fixup-static-network-configuration.patch
* Removed 0133-Allow-multiple-configurations-per-network-interface-.patch
* Removed 0137-Switch-from-Mozilla-NSS-sha256hmac-checking-to-fipsc.patch
* Removed 0138-fips_add_aesni-intel.patch
* Removed 0139-fips-kernel-4.4-fixes.patch
* Removed 0142-40network-Don-t-report-error-for-etc-sysconfig-netwo.patch
* Removed 0144-90crypt-Fixed-crypttab_contains-to-also-work-with-de.patch
* Removed 0145-40network-handle-ip-ifname-static-correctly.patch
* Removed 0150-Find-kernel-modules-in-extra-and-weak-updates-path-a.patch
* Removed 0157-Add-boot-zipl-to-host-devs-if-it-is-a-mount-point.patch
* Removed 0158-Add-SUSE-kernel-module-dependencies-in-etc-modprobe.patch
* Removed 0159-network-Try-to-load-xennet.patch
* Removed 0160-s390-update_active_devices_initrd.patch
* Removed 0161-95zfcp_rules-simplified-rd.zfcp-commandline-for-NPIV.patch
* Removed 0162-network-Request-DHCP-lease-instead-of-getting-applyi.patch
* Removed 0163-Install-etc-sysconfig-console-to-see-specific-fonts.patch
* Removed 0164-Fix-initramfs-ver.img-vs-initrd-ver-in-dracut-initra.patch
* Removed 0168-remove_plymouth_logo_file.patch
* Removed 0169-network_set_mtu_macaddr_for_dhcp.patch
* Removed 0170-iscsi-skip-ibft-invalid-dhcp.patch
* Removed 0180-i18n_add_correct_fontmaps.patch
* Removed 0182-fix-include-parsing.patch
* Removed 0183-fix_add_drivers_hang.patch
* Removed 0188-95dasd_rules-Install-collect-udev-helper-binary.patch
* Removed 0190-replace-iscsistart-with-systemd-service-files.patch
* Removed 0191-static_network_setup_return_zero.patch
* Removed 0192-iscsi_set_boot_protocol_from_ifcfg.patch
* Removed 0193-95iscsi-Set-number-of-login-retries.patch
* Removed 0196-ibft-wait-for-session-on-all-paths.patch
* Removed 0197-95iscsi-Do-not-require-network-for-qla4xxx-flash-ses.patch
* Removed 0198-95iscsi-set-rd.iscsi.firmware-for-qla4xxx-sessions.patch
* Removed 0199-rd-iscsi-waitnet-default-false.patch
* Removed 0200-dracut_fix_multipath_without_config.patch
* Removed 0201-fix_nfs_with_ip_instead_of_hostname.patch
* Removed 0202-dracut_dmraid_use_udev.patch
* Removed 0203-no-fail-builtin-module.patch
* Removed 0204-mkinitrd-fix-monster.patch
* Removed 0205-mdraid_ignore_hostonly.patch
* Removed 0206-nfs_dns_alias.patch
* Removed 0207-handle_module_aliases.patch
* Removed 0208-no_forced_virtnet.patch
* Removed 0209-fix_modules_load_d_hostonly.patch
* Removed 0210-add_fcoe_uefi_check.patch
* Removed 0212-fcoe_reorder_init_path.patch
* Removed 0213-Fix-wrong-keymap-inclusion.patch
* Removed 0214-95fcoe-Do-not-overwrite-FCoE-configuration.patch
* Removed 0215-95fcoe-Do-not-complain-about-missing-etc-hba.conf.patch
* Removed 0216-95fcoe-silence-lldpad-warnings.patch
* Removed 0217-95fcoe-Allow-to-specify-the-FCoE-mode-via-the-fcoe-p.patch
* Removed 0218-40network-allow-persistent-interface-names.patch
* Removed 0219-95fcoe-use-interface-names-instead-of-MAC-addresses.patch
* Removed 0220-95fcoe-always-set-AUTO_VLAN-for-fcoemon.patch
* Removed 0221-95fcoe-Add-shutdown-script.patch
* Removed 0222-90dm-Fixup-shutdown-script.patch
* Removed 0223-90dm-fixup-dependency-cycle-between-MD-and-DM-shutdo.patch
* Removed 0224-95iscsi-setup-bnx2i-offload-connections-properly.patch
* Removed 0225-95fcoe-do-not-start-fcoemon-twice.patch
* Removed 0300-dracut_dont_use_dpkg_defaults_on_SUSE.patch
* Removed 0301-include_sysconfig_language.patch
* Removed 0302-Revert-90multipath-add-hostonly-multipath.conf-in-ca.patch
* Removed 0303-fix_multipath_check_hostonly.patch
* Removed 0304-90multipath-Start-daemon-after-udev-settle.patch
* Removed 0305-90multipath-load-dm_multipath-module-during-startup.patch
* Removed 0306-90multipath-add-shutdown-script.patch
* Removed 0307-90multipath-parse-kernel-commandline-option-multipat.patch
* Removed 0308-mdraid_add_IMSM_NO_PLATFORM_env.patch
* Removed 0309-90dmraid-do-not-delete-partitions.patch
* Removed 0310-95resume-Do-not-resume-on-iSCSI.patch
* Removed 0311-95iscsi-ip-ibft-is-deprecated.patch
* Removed 0312-40network-Do-not-print-message-about-tmp-net.ibft0.c.patch
* Removed 0313-90mdraid-Use-stock-MD-rules-to-assemble-RAID-arrays.patch
* Removed 0314-nfs_do_not_pass_ifname_for_bonding_devices.patch
* Removed 0402-driver-fail-summary.patch
* Removed 0403-95lunmask-Add-module-to-handle-LUN-masking.patch
* Removed 0404-dracut-emergency-optionally-print-fs-help.patch
* Removed 0450-Strip-NUL-bytes-in-stream-before-push-in-string.patch
* Removed 0451-systemd-initrd-add-initrd-root-device.target.patch
* Removed 0452-Always-try-to-add-pinctrl-cherryview.patch
* Removed 0453-Resolve-symbolic-links-for-i-and-k-parameters-bsc-90.patch
* Removed 0454-Add-md4-and-arc4-modules-for-ntlm.patch
* Removed 0500-Reset-IFS-variable.patch
* Removed 0501-dasd_fix_ssid_bigger_zero.patch
* Removed 0502-persistent_device_policy_param_enhance.patch
* Removed 0503-dracut.sh-create-the-initramfs-non-world-readable-al.patch
* Removed 0504-ibft-fix-boot-flag-check.patch
* Removed 0505-Allow-booting-from-degraded-MD-RAID-arrays.patch
* Removed 0506-Boot-on-s390x-with-fips-1-on-the-kernel-commnad-line.patch
* Removed 0507-Set-TaskMax-inifinite-for-the-emergency-shell.patch
* Removed 0508-90multipath-start-before-local-fs-pre.target.patch
* Removed 0509-01fips-Remove-zlib-module-as-requirement.patch
* Removed 0510-01fips-Some-modules-use-separators-other-than.patch
* Removed 0511-01fips-ensure-fips-initialization-succeeds-on-s390-x.patch
* Removed 0512-Make-binutils-optional-when-elfutils-are-available.patch
* Removed 0513-Fix-regression-caused-by-6f9bf2b8ac436259bdccb110545.patch
* Removed 0514-man-make-the-k-option-clear-using-mkinitrd.patch
* Removed 0515-90kernel-modules-also-add-block-device-driver-revers.patch
* Removed 0516-mkinitrd-suse.sh-Fix-prefix-calculation.patch
* Removed 0517-95fcoe-fixup-fcoe-genrules.sh-for-VN2VN-mode.patch
* Removed 0518-90kernel-modules-Fix-backlight-on-Cherrytrail-device.patch
* Removed 0519-90kernel-modules-Ensure-phy-drivers-are-loaded-in-in.patch
* Removed 0520-Ignore-module-resolution-errors.patch
* Removed 0521-Ensure-udev-persistent-storage-compat-rules-get-crea.patch
* Removed 0522-Fix-typo-from-commit-3f1cdb520.patch
* Removed 0523-98dracut-systemd-Fix-module-force-loading-with-syste.patch
* Removed 0524-Suppress-nonsensical-error-message-bsc-1032029.patch
* Removed 0525-backport-bail-out-if-module-directory-does-not-exist.patch
* Removed 0526-iscsiroot-call-handle_firmware-only-for-non-iface-in.patch
* Removed 0527-switch-fips-checking-to-use-the-libkcapi-based-fipsc.patch
* Removed 0528-Ensure-dracut.sh-responds-properly-to-hostonly_cmdli.patch
* Removed 0529-systemd-add-missing-.slice-unit.patch
* Removed 0530-dracut-systemd-dracut-cmdline-ask-fix-dracut-kernel-.patch
* Removed 0531-dracut-systemd-.service-conflict-with-shutdown-targe.patch
* Removed 0532-List-drivers-rather-than-looking-for-reverse-depende.patch
* Removed 0533-instmods-check-modules.builtin-in-srcmods.patch
* Removed 0534-ssh-client-Include-nss_-libraries.patch
* Removed 0535-Sync-initramfs-after-creation.patch
* Removed 0536-90multipath-drop-67-kpartx-compat.rules.patch
* Removed 0537-dracut-init.sh-ignore-crc32.ko-in-builtin-test.patch
* Removed 0538-Enable-core-dumps-with-systemd-from-initrd.patch
* Removed 0539-Add-IMA-functionality-fate-323289.patch
* Removed 0540-Check-the-proper-variable-for-a-custom-IMA-keys-dire.patch
* Removed 0541-Make-sure-70-persistent-net.rules-is-included-in-ini.patch
* Removed 0542-Include-crc32c-intel-module-when-using-btrfs.patch
* Removed 0543-Remove-00systemd-bootchart.patch
* Removed 0544-40network-Make-ip-dhcp-work.patch
* Removed 0545-Add-early-microcode-support-for-AMD-family-16h.patch
* Removed 0546-Support-Microcode-Updates-for-AMD-CPU-Family-0x17.patch
* Removed 0547-Fix-task-limit-in-emergency.service-the-same-change-.patch
* Removed 0548-95fcoe-Switch-back-to-using-fipvlan-for-bnx2fc.patch
* Removed 0549-fcoe-up-Increase-sleeptime-to-13s.patch
* Removed 0550-95fcoe-add-timeout-initqueue-entries.patch
* Removed 0551-fips-use-lib-modules-uname-r-modules.fips.patch
* Removed 0552-98integrity-support-validating-the-IMA-policy-file-s.patch
* Removed 0553-98integrity-support-loading-x509-into-the-trusted-bu.patch
* Removed 0554-98integrity-support-X.509-only-EVM-configuration.patch
* Removed 0555-Avoid-executing-emergency-hooks-twice.patch
* Removed 0556-95qeth_rules-Add-new-module-to-copy-qeth-rules.patch
* Removed 0557-40network-make-arping-optional.patch
* Removed 0558-40network-remove-brctl-dependency.patch
* Removed 0559-Add-wickedd-duid.xml-and-iaid.xml-if-available.patch
* Removed 0560-90kernel-modules-Ensure-PCI-host-modules-are-include.patch
* Removed 0561-Add-the-qedi-driver-to-driver-list-for-iscsi-boot.patch
* Removed 0562-Adjust-driver-list-to-modern-kernels.patch
* Removed 0563-40network-collapse-arping-and-dhcp-calls-into-wicked.patch
* Removed 0564-40network-Always-set-the-gw-variable.patch
* Removed 0565-90kernel-modules-Include-Intel-Volume-Management-Dev.patch
* Removed 0566-95nfs-If-no-server-is-configured-read-BOOTSERVERADDR.patch
* Removed 0567-Fix-booting-with-fips-1-on-SLES-15.patch
* Removed 0568-95multipath-Pickup-files-in-etc-multipath-conf.d.patch
* Removed 0569-10i18n-Load-all-keymaps-for-a-given-locale.patch
* Removed 0570-10i18n-Fix-possible-infinite-recursion.patch
* Removed 0571-40network-Fix-static-network-setup.patch
* Removed 0572-lsinitrd-no-more-cat-write-error-Broken-pipe.patch
* Removed 0573-lsinitrd.sh-quote-filename-in-extract_files.patch
* Removed 0574-s-find_btrfs_devs-btrfs_devs.patch
* Removed 0580-check_for_CONFIG_ACPI_TABLE_UPGRADE.patch
* Removed 0581-kernel-modules-add-nfit.patch
* Removed 0582-98dracut-systemd-Start-systemd-vconsole-setup-before.patch
* Removed 0583-99base-Allow-files-with-backslashes-in-hostonly-file.patch
* Removed 0584-95dasd_rules-mark-dasd-rules-host_only.patch
* Removed 0585-emergency-mode-use-sulogin.patch
* Removed 0586-95zfcp_rules-parse-zfcp.sh-remove-rule-existence-check.patch
* Removed 0587-Fix-a-missing-space-in-example-configs.patch
* Removed 0588-Ensure-mmc-host-modules-get-included-properly.patch
* Removed 0589-Fix-98dracut-systemd-dracut-emergency.sh.patch
* Removed 0590-00systemd-check-if-systemd-version-is-a-number.patch
* Removed 0591-91zipl-Don-t-use-contents-of-commented-lines.patch
* Removed 0592-95iscsi-handle-qedi-like-bnx2i.patch
* Removed 0593-dracut-only-copy-xattr-if-root.patch
* Removed 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
* Removed 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
* Removed 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
* Removed 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
* Removed 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
* Removed 0599-iscsiroot-try-targets-only-once.patch
* Removed 0600-iscsiroot-remove-bashisms.patch
* Removed 0601-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- dracut-lib.sh:dev_unit_name() guard against $dev beginning with "/-"/ (bsc#1132448)
* adds 0601-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- 95iscsi: avoid error messages when building initrd, multipath timeouts
(bsc#1130114, bsc#1130107, bsc#1121238)
* adds 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
* adds 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
* adds 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
* adds 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
* adds 0599-iscsiroot-try-targets-only-once.patch
* adds 0600-iscsiroot-remove-bashisms.patch
- Bump version to 044.2 to provide a version to lock on to (bsc#1127891)
- Check SUSE kernel module dependencies recursively (bsc#1127891)
* adds 0594-Check-SUSE-kernel-module-dependencies-recursively.patch
- Handle non-versioned dependency in purge-kernels.
- purge-kernels: Avoid endless loop when uninstalling kernels that depend on
KMPs which in themselves depend on other packages (bsc#1125327)
- Avoid "/Failed to chown ... Operation not permitted"/ when run from non-root,
by not copying xattrs. (osc#1092178)
* adds 0593-dracut-only-copy-xattr-if-root.patch
- Correct fix for displaying text on emergency consoles (boo#1124088)
* removes 0589-Fix-displaying-text-on-emergency-consoles.patch
* adds 0589-Fix-98dracut-systemd-dracut-emergency