- SUSEConnect
-
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
not in the body (see bsc#1185611)
- amazon-ssm-agent
-
- Update to version 3.0.1209.0 (bsc#1186239, bsc#1186262)
+ For detailed changes see RELEASENOTES.md
+ Drop fix-version.patch replaced by sed expression in spec file
+ Drop remove-unused-import.patch no longer included from upstream
+ Drop fix-config.patch all SUSE distros use systemd
+ Remove amazon-ssm-agent.service included in upstream source, use it
+ Move all binaries into sbin and fix the hard coded config path via sed
- Update to 2.3.1205.0:
* Updated the SSM Agent Snap to core18
* Bug fix for expired in-progress documents being resumed
* Bug fix for update specific files not being deleted after agent update is finished
* Bug fix for cached manifest files not being deleted in the configurepackage plugin
- Add patch to remove unused import
+ remove-unused-import.patch
- Refresh patches for new version
+ fix-version.patch
- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
shortcut through the -mini flavors.
- Update version patch.
- Update to 2.3.415.0 (2019-03-05)
- Update to 2.3.372.0 (2019-03-05)
- Update to 2.3.344.0 (2019-03-05)
- Update to 2.3.274.0 (2019-03-05)
- Update to 2.3.235.0 (2019-03-05)
- Update to 2.3.193.0 (2019-03-05)
- Update to 2.3.169.0 (2019-03-05)
- Update to 2.3.136.0 (2019-03-05)
- Update to 2.3.117.0 (2019-03-05)
- Update to 2.3.101.0 (2019-03-05)
- Update to 2.3.68.0 (2019-03-05)
- Update to 2.3.13.0 (2019-03-05)
- Update to 2.2.916.0 (2019-03-05)
- Update to 2.2.902.0 (2019-03-05)
- Update to 2.2.800.0 (2019-03-05)
+ Streaming AWS Systems Manager Run Command output to CloudWatch
Logs
- Update to 2.2.619.0 (2019-03-05)
- Update to 2.2.607.0 (2019-03-05)
- Update to 2.2.546.0 (2019-03-05)
+ Bug fix to retry sending document results if they couldn't
reach the service
- Update to 2.2.493.0 (2019-03-05)
+ Bug fix so that aws:downloadContent does not change permissions
of directories
+ Bug fix to Cloudwatch plugin where StartType has duplicated
Enabled value
- Update to 2.2.392.0 (2019-03-05)
+ Added support for agent hibernation so that Agent backs off or
enters hibernation mode if it does not have access to the
service
- Update to 2.2.355.0 (2019-03-05)
- apparmor
-
- apparmor-profiles-add-sssd-to-nameservice.patch: Enable access
to sssd fast cache for nameservice users (bsc#1183599)
- add-ld.so.preload-to-abstraction_base.patch: Add ld.so.preload to
abstraction/base (bsc#1181728)
- at
-
- Increase TasksMax limit from 512 (systemd default) to 4915,
fix bsc#1058557
- avahi
-
- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
HUP event in client_work (boo#1184521 CVE-2021-3468).
https://github.com/lathiat/avahi/pull/330
- Update avahi-daemon-check-dns-suse.patch: needed rebase against
the updated avahi-daemon-check-dns.sh.
- aws-cli
-
- Update to version 1.19.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.19.9/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.212
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.212/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.18.185
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.185/CHANGELOG.rst
- Rename README.md to README.rst in %doc section
- Update Requires in spec file from setup.py
- Update to version 1.18.156
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.156/CHANGELOG.rst
- Drop patches no longer required
+ hide_py_pckgmgmt.patch
- Update Requires in spec file from setup.py
- Update to version 1.18.133
+ For detailed changes see
https://github.com/aws/aws-cli/blob/1.18.133/CHANGELOG.rst
+ Forward port hide_py_pckgmgmt.patch
+ Update Requires in spec file from setup.py
- bash
-
- Add patch bash-4.3-boo1192785.patch
* setuid causing permission denied on popen (bsc#1192785)
- Add patch bsc1177369.patch to fix bsc#1177369
* tailf command does destroy terminal/console settings
- bind
-
- Fixed CVE-2021-25219:
The lame-ttl option controls how long named caches certain types
of broken responses from authoritative servers (see the security
advisory for details). This caching mechanism could be abused by
an attacker to significantly degrade resolver performance. The
vulnerability has been mitigated by changing the default value of
lame-ttl to 0 and overriding any explicitly set value with 0,
effectively disabling this mechanism altogether. ISC's testing has
determined that doing that has a negligible impact on resolver
performance while also preventing abuse.
Administrators may observe more traffic towards servers issuing
certain types of broken responses than in previous BIND 9 releases.
[bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
- In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also
affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview
Edition, An attacker on the network path for a TSIG-signed
request, or operating the server receiving the TSIG-signed request,
could send a truncated response to that request, triggering an
assertion failure, causing the server to exit. Alternately, an
off-path attacker would have to correctly guess when a TSIG-signed
request was sent, along with other characteristics of the packet
and message, and spoof a truncated response to trigger an assertion
failure, causing the server to exit.
[bsc#1188888, bind-CVE-2020-8622.patch, CVE-2020-8622]
- When FIPS mode is enabled, the named tools will complain that
MD5 is enabled. This is now checked, MD5 is ignored and a
warning is shown.
[bsc#1181495, bind-bsc1181495-disable-md5-when-in-fips-mode.patch]
- * A broken inbound incremental zone update (IXFR)
can cause named to terminate unexpectedly
[CVE-2021-25214, bind-CVE-2021-25214.patch]
* An assertion check can fail while answering queries
for DNAME records that require the DNAME to be processed to resolve
itself
[CVE-2021-25215, bind-CVE-2021-25215.patch]
* A second vulnerability in BIND's GSSAPI security
policy negotiation can be targeted by a buffer overflow attack
This is fixed by switching from ISC's implementation to the
use of gssapi.
[CVE-2021-25216, bind.spec]
[bsc#1185345]
- binutils
-
- Add binutils-revert-hlasm-insns.diff for compatibility on old
code stream that expect 'brcl 0,label' to not be disassembled
as 'jgnop label' on s390x. [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
(boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
PR28422, PR28192, PR28391. Also adds some s390x arch14
instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
binutils in different ways, adds binutils-compat-old-behaviour.diff
and adjusts binutils-revert-nm-symversion.diff and
binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
- -gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
- -sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses "/no
symbols"/ diagnostic.
- Includes fixes for these CVEs:
bnc#1181452 aka CVE-2021-20197 aka PR26945
bnc#1183511 aka CVE-2021-20284 aka PR26931
bnc#1184519 aka CVE-2021-20294 aka PR26929
bnc#1184620 aka CVE-2021-3487 aka PR26946
bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
- march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the "/variable section"/ from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
- -no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
- Includes fixes for these CVEs:
bnc#1179898 aka CVE-2020-16590 aka PR25821
bnc#1179899 aka CVE-2020-16591 aka PR25822
bnc#1179900 aka CVE-2020-16592 aka PR25823
bnc#1179901 aka CVE-2020-16593 aka PR25827
bnc#1179902 aka CVE-2020-16598 aka PR25840
bnc#1179903 aka CVE-2020-16599 aka PR25842
bnc#1180451 aka CVE-2020-35493 aka PR25307
bnc#1180454 aka CVE-2020-35496 aka PR25308
bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
* binutils-fix-relax.diff
* binutils-revert-nm-symversion.diff
* binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- Add binutils-fix-relax.diff to fix linking relaxation problems
with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
* Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
certain DWARF variable descriptions.
* Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
PR26711
* The above includes fixes for dwo files produced by modern dwp,
fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
* This is a point release over the previous 2.35 version, containing bug
fixes, and as an exception to the usual rule, one new feature. The
new feature is the support for a new directive in the assembler:
"/.nop"/. This directive creates a single no-op instruction in whatever
encoding is correct for the target architecture. Unlike the .space or
.fill this is a real instruction, and it does affect the generation of
DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
* Add xBPF target
* Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
testcases.
- Add binutils-2.35-branch.diff.gz: it includes fix for
nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
error message occuring without inputs and as-needed (affects
nvme-cli build).
- Update to binutils 2.35:
* The asseembler can now produce DWARF-5 format line number tables.
* Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
* Readelf will now display "/[...]"/ when it has to truncate a symbol name.
The old behaviour - of displaying as many characters as possible, up to
the 80 column limit - can be restored by the use of the --silent-truncation
option.
* The linker can now produce a dependency file listing the inputs that it
has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
[bsc#1163744]
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
by backport for PR25355.
- Update to binutils 2.34:
* The disassembler (objdump --disassemble) now has an option to
generate ascii art thats show the arcs between that start and end
points of control flow instructions.
* The binutils tools now have support for debuginfod. Debuginfod is a
HTTP service for distributing ELF/DWARF debugging information as
well as source code. The tools can now connect to debuginfod
servers in order to download debug information about the files that
they are processing.
* The assembler and linker now support the generation of ELF format
files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
bnc#1153768 aka CVE-2019-17451 aka PR25070
bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
* Adds support for the Arm Scalable Vector Extension version 2
(SVE2) instructions, the Arm Transactional Memory Extension (TME)
instructions and the Armv8.1-M Mainline and M-profile Vector
Extension (MVE) instructions.
* Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
Cortex-A76AE, and Cortex-A77 processors.
* Adds a .float16 directive for both Arm and AArch64 to allow
encoding of 16-bit floating point literals.
* For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no]
configure time option to set the default behavior. Set the default
if the configure option is not used to "/no"/.
* The Cortex-A53 Erratum 843419 workaround now supports a choice of
which workaround to use. The option --fix-cortex-a53-843419 now
takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
which can be used to force a particular workaround to be used.
See --help for AArch64 for more details.
* Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties
in the AArch64 ELF linker.
* Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
on inputs and use PLTs protected with BTI.
* Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
* Add --source-comment[=<txt>] option to objdump which if present,
provides a prefix to source code lines displayed in a disassembly.
* Add --set-section-alignment <section-name>=<power-of-2-align>
option to objcopy to allow the changing of section alignments.
* Add --verilog-data-width option to objcopy for verilog targets to
control width of data elements in verilog hex format.
* The separate debug info file options of readelf (--debug-dump=links
and --debug-dump=follow) and objdump (--dwarf=links and
- -dwarf=follow-links) will now display and/or follow multiple
links if more than one are present in a file. (This usually
happens when gcc's -gsplit-dwarf option is used).
In addition objdump's --dwarf=follow-links now also affects its
other display options, so that for example, when combined with
- -syms it will cause the symbol tables in any linked debug info
files to also be displayed. In addition when combined with
- -disassemble the --dwarf= follow-links option will ensure that
any symbol tables in the linked files are read and used when
disassembling code in the main file.
* Add support for dumping types encoded in the Compact Type Format
to objdump and readelf.
- Includes fixes for these CVEs:
bnc#1126826 aka CVE-2019-9077 aka PR1126826
bnc#1126829 aka CVE-2019-9075 aka PR1126829
bnc#1126831 aka CVE-2019-9074 aka PR24235
bnc#1140126 aka CVE-2019-12972 aka PR23405
bnc#1143609 aka CVE-2019-14444 aka PR24829
bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
binutils-pr24486.patch, riscv-abi-check.patch,
rx-gas-padding-pr24464.patch.
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
cross-avr-size.patch patch.
- bzip2
-
- Implement %check, bsc#1191648
- Remove bzip2-faster.patch, it causes a crash with libarchive and
valgrind points out uninitialized memory. See
https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
Required for bsc#1188891
- Fix basisms in bzgrep and bznew
* bzip2-1.0.6-fix-bashisms.patch
- ca-certificates-mozilla
-
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
- cairo
-
- Add cairo-fix-infinite-loop-bsc1122321-CVE-2019-6462.patch: This
fixes a potentially infinite loop (bsc#1122321, CVE-2019-6462,
glfo#cairo/cairo#155).
- cifs-utils
-
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
* add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
container; (bsc#1183239); CVE-2021-20208.
- cloud-netconfig
-
- Update to version 1.6:
+ Ignore proxy when accessing metadata (bsc#1187939)
+ Print warning in case metadata is not accessible
+ Documentation update
- cloud-regionsrv-client
-
- Update -addon-azure to 1.0.2 (bsc#1196305)
+ The is-registered() function expects a string of the update server FQDN.
The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
+ Lower case the region hint to reduce issues with Azure region name
case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
+ Refactor removes check_registration() function in utils implementation
+ Only start the registration service for PAYG images
- addon-azure sub-package to version 1.0.1
- Follow up changes to (jsc#PCT-130, bsc#1182026)
+ Fix executable name for AHB service/timer
+ Update manpage for BYOS instance registration
- Update to version 9.3.0 (jsc#PCT-130)
+ Support AHB-v3
+ Support registration of BYOS instances against the update infrastructure
+ Properly extract the region for local zones in AWS to ensure instances
get connected to the proper update servers
+ Azure addon service and executable rename
+ Support non SLE repos
+ Fix handling of regionservers configured with DNS names
- Avoid race confition with ca-certificates (bsc#1189362)
+ Make the service run after ca-sertificates is done
+ Attempt multiple times to update the trust chain
- New package to enable/disable access due to AHB
This references bsc#1182026, (jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249, jsc#SLE-21250)
- Update to version 9.2.0 (bsc#1029162)
+ Support IPv6 as best-effort, with fallback to IPv4
- Update to version 9.1.5 (bsc#1182779, bsc#1185234, bsc#1185198)
+ Another startup process may run zypper before the registration process
if zypper is still running we cannot get the lock and as such
the installed products cannot be determined. Wait for the lock to be
released for up to 30 seconds.
+ On any error durring product list generation return a list to avoid
a traceback by trying to iterate over None
- compat-openssl098
-
- Other OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
* CVE-2021-3712 continued
* bsc#1189521
* Add CVE-2021-3712-other-ASN1_STRING-issues.patch
* Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
2021-08-24 00:47 PDT by Marcus Meissner
- The function X509_CERT_AUX_print() has a bug which may cause a read buffer overrun
when printing certificate details. A malicious actor could construct a
certificate to deliberately hit this bug, which may result in a crash of the
application (causing a Denial of Service attack).
* CVE-2021-3712
* bsc#1189521
* Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
- Security fixes:
* Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
protection [bsc#1182333, CVE-2021-23840]
* Null pointer deref in X509_issuer_and_serial_hash()
[bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
- coreutils
-
- Add coreutils-du-fts-xfs-noleaf.patch to remove problematic
special leaf optimization cases for XFS that can lead to du
crashes. (bsc#1190354)
- corosync
-
- bsc#1191419, Update cancel_token_hold_on_retransmit_option patch, fix parsing of the option in corosync-2.3.6
Modified: bsc#1189680-cancel_token_hold_on_retransmit-option.patch
- corosync totem: bsc#1189680, Add cancel_token_hold_on_retransmit config option
Added: bsc#1189680-cancel_token_hold_on_retransmit-option.patch
- Fix bsc#1166899, return value of "/corosync-quorumtool -s"/ was not correct
Added: bug-1166899-quorumtool-Fix-exit-status-codes.patch
- totempg: Fix memory leak (bsc#1083030)
- cpio
-
- Fix segmentation fault caused by a regression (bsc#1189465)
* fix-CVE-2021-38185_4.patch
- Add another patch to fix regression (bsc#1189465)
* fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
* fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
(CVE-2021-38185, bsc#1189206)
* fix-CVE-2021-38185.patch
- cracklib
-
- %check: really test the package [bsc#1191736]
- crmsh
-
- Update to version 3.0.4+git.1620355734.1d9381cf:
* Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437)
* Dev: bootstrap: disable unnecessary warnings (bsc#1178118)
* Fix: bootstrap: raise warning when configuring diskless SBD with node's count less than 3(bsc#1181907)
* Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359)
* Fix: bootstrap: parse space in sbd device correctly(bsc#1183883)
* Fix: bootstrap: get the peer node name correctly (bsc#1183654)
* Fix: update verion and author (bsc#1183689)
* Fix: ui_configure: raise error when params not exist(bsc#1180126)
- Update to version 3.0.4+git.1614156978.4c1dc46d:
* Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
* Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
* Dev: utils: change default file mod as 644 for str2file function
* Dev: lock: give more specific error message when raise ClaimLockError
* Dev: corosync: change the permission of corosync.conf to 644
* Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869)
* Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454)
- cronie
-
- Increase limit of allowed entries in crontab files to fix bsc#1187508
* cronie-1.4.11-increase_crontab_limit.patch
- csync2
-
- VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
(bsc#1147137)
- VUL-1: CVE-2019-15523: csync2: incorrect TLS handshake error handling
(bsc#1147139)
Apply upstream patch:
0001-fail-HELLO-command-when-SSL-is-required.patch
0002-repeat-gnutls_handshake-call-in-case-of-warnings.patch
- cups
-
- When cupsd creates directories with specific owner group
and permissions (usually owner is 'root' and group matches
"/configure --with-cups-group=lp"/) specify same owner group and
permissions in the RPM spec file to ensure those directories
are installed by RPM with the right settings because if those
directories were installed by RPM with different settings then
cupsd would use them as is and not adjust its specific owner
group and permissions which could lead to privilege escalation
from 'lp' user to 'root' via symlink attacks e.g. if owner is
falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
- curl
-
- Security fix: [bsc#1190374, CVE-2021-22947]
* STARTTLS protocol injection via MITM
* Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
* Protocol downgrade required TLS bypassed
* Add curl-CVE-2021-22946.patch
- Security fix: [bsc#1188220, CVE-2021-22925]
* TELNET stack contents disclosure again
* Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
* Bad connection reuse due to flawed path name checks
* Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
* Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
* Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
- Security fix: [bsc#1186114, CVE-2021-22898]
* TELNET stack contents disclosure
- Add curl-CVE-2021-22898.patch
- Security fix: [bsc#1183933, CVE-2021-22876]
* The automatic referer leaks credentials
- Add curl-CVE-2021-22876-URL-API.patch curl-CVE-2021-22876.patch
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- dbus-1
-
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
* fix-upstream-userdb-constpointer.patch
* fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
(CVE-2020-12049, bsc#1172505)
* fix-upstream-CVE-2020-12049_2.patch
- dbus-1-x11
-
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
* fix-upstream-userdb-constpointer.patch
* fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
(CVE-2020-12049, bsc#1172505)
* fix-upstream-CVE-2020-12049_2.patch
- dhcp
-
- CVE-2021-25217, bsc#1186382, dhcp-CVE-2021-25217.patch: A buffer
overrun in lease file parsing code can be used to exploit a
common vulnerability shared by dhcpd and dhclient.
- drbd
-
- bsc#1183970, disconnect when invalid dual primaries
Add patch disconnect-invalid-two-primaries.patch
- bsc#1178388, build error with -Wreturn-type
Add patch fix-err-of-wrong-return-type.patch
- expat
-
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314-before.patch
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
- Security fix (CVE-2021-45960, bsc#1194251)
* A left shift by 29 (or more) places in the storeAtts function
in xmlparse.c can lead to realloc misbehavior.
* Added expat-CVE-2021-45960.patch
- Security fix (CVE-2021-46143, bsc#1194362)
* Integer overflow exists for m_groupSize in doProlog
* Added expat-CVE-2021-46143.patch
- Security fix (CVE-2022-22822, bsc#1194474)
* Integer overflow in addBinding in xmlparse.c
* Added expat-CVE-2022-22822.patch
- Security fix (CVE-2022-22823, bsc#1194476)
* Integer overflow in build_model in xmlparse.c
* Added expat-CVE-2022-22823.patch
- Security fix (CVE-2022-22824, bsc#1194477)
* Integer overflow in defineAttribute in xmlparse.c
* Added expat-CVE-2022-22824.patch
- Security fix (CVE-2022-22825, bsc#1194478)
* Integer overflow in lookup in xmlparse.c
* Added expat-CVE-2022-22825.patch
- Security fix (CVE-2022-22826, bsc#1194479)
* Integer overflow in nextScaffoldPart in xmlparse.c
* Added expat-CVE-2022-22826.patch
- Security fix (CVE-2022-22827, bsc#1194480)
* Integer overflow in storeAtts in xmlparse.c
* Added expat-CVE-2022-22827.patch
- fastjar
-
- Security fix: [bsc#1188517, CVE-2010-2322]
* Directory traversal vulnerabilities
* Add fastjar-CVE-2010-2322.patch
- fence-agents
-
- Update to version 4.9.0+git.1624456340.8d746be9:
* fence_azure_arm: corrections to support Azure SDK >= 15 - including backward compatibility (#415)
(bsc#1185058)
* fence_gce: make serviceaccount work with new libraries
* fence_kubevirt: new fence agent
* fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs
* configure: dont fail when --with-agents contains virt
* fence_mpath: watchdog retries support
* fencing: add multi plug support for reboot-action
* fence_redfish: add missing diag logic
* fencing: fix issue with hardcoded help text length for metadata
* fence_lindypdu: update metadata
* fence_lindypdu: new fence agent
* fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action
* fence_openstack: code formatting fixes per: https://github.com/ClusterLabs/fence-agents/pull/397#pullrequestreview-634281798
* Proper try-except for connection exception.
* Fix CI.
* Do not wrap as many values.
* Restore port metadata.
* Update xml metadata.
* Use standard logging.
* Revert change to __all__
* fence_virt: fix required=1 parameters that used to not be required and add deprecated=1 for old deprecated params
* Major rework of the original agent:
* fence_gce: default method moved back to powercycle (#389)
* fence_aws: add filter parameter to be able to limit which nodes are listed
* virt: fix a bunch of coverity scan errors in ip_lookup
* virt: make sure to provide an empty default to strncpy
* virt: make sure buffers are big enough for 0 byte end string
* virt: increase buffer size to avoid overruns
* virt: check return code in virt-sockets
* virt: fix error code checking
* virt: fix plugin (minor) memory leak and plug in load race
* virt: attempt to open file directly and avoid race condition
* virt: fix different coverity scan errors in common/tcp
* virt: cleanup deadcode in client/vsock
* virt: cleanup deadcode in client/tcp
* virt: fix potential buffer overrun
* virt: fix mcast coverity scan errors
* virt: drop pm-fence plugin
* build: tidy up module sources
* virt: drop libvirt-qmf plugin
* virt: drop null plugin
* build: enable fence_virtd cpg plugin by default
* virt: drop fence_virtd non-modular build
* virt: fix plugin installation regression on upgrades
* build: temporary disable -Wcast-align for some agents
* build: fix CFLAGS overrides when using clang
* fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks
* virt: make sure variable is initialized
* Drop travis CI
* Revert "/virt: drop -Werror to avoid unnecessary failures"/
* zvm: reformat fence_zvm to avoid gcc warnings
* build: fix make maintainerclean
* build: remove unnecessary build snippets
* virt: drop -Werror to avoid unnecessary failures
* virt: disable -Wunused for yy generated files
* virt: disable fence-virt on bsd variants
* virt: merge spec files
* build: fix more gcc warnings
* build: remove unused / obsoleted options
* build: fix some annoying warnings at ./autogen.sh time
* virt: move all virt CFLAGS/LDFLAGS in the right location
* virt: fix unused gcc warnings and re-enable all build warnings
* virt: fix write-strings gcc warnings
* virt: fix pointer-arith gcc warnings
* virt: fix declaration-after-statement gcc warnings
* virt: fix build with -Wmissing-prototypes
* build: don´t override clean target
* virt: plug fence_virt into the build
* virt: allow fence_virt build to be optional
* virt: drop support for LSB init script
* virt: collect docs in one location
* virt: remove unnecessary files and move build macros in place
* Ignore fence-virt man pages
* Merge done
* Move fence_virt to the correct location
* Start merge
* spec: use python3 path for newer releases
* spec: undo autosetup change that breaks builds w/git commit hashes
* Ignore unknown options on stdin
* fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available
* spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
* fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382)
* fence_virt: Fix minor typo in metadata
* fence_gce: update module reqs for SLES 15 (#383)
* Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus
* fence_redfish: Add diag action
* fence_vbox: updated metadata file
* fence_vbox: do not flood host account with vboxmanage calls
* fence_aws/fence_gce: allow building without cloud libs
* fence_gce: default to onoff
* fence_lpar: Make --managed a required option
* fence_zvmip: fix shell-timeout when using new disable-timeout parameter
* Adds service account authentication to GCE fence agent
* spec: dont build -all subpackage as noarch
* fence_mpath, fence_scsi: Improve logging for failed res/key get
* fence_mpath, fence_scsi: Capture stderr in run_cmd()
* build: depend on config changes to rebuild when running make after running ./configure
* fence_redfish: Fix typo in help.
* fence_aws: add support for IMDSv2
* fence_virt: add plug parameter that obsoletes old port parameter
* Try to detect directory for initscripts configuration
* Accept SIGTERM while waiting for initialization.
* Add man pages to fence_virtd service file.
* Fix spelling error in fence_virt.conf.5
* build: fix BRs for suse distros
* build: remove ExclusiveArch
* build: removed gcc-c++ BR
* build: add spec-file and rpm build targets
* build: cleanup/improvements to reworked build system
* [build] rework build system to use automake/libtool
* fence_virtd: Fix segfault in vl_get when no domains are found
* fence_virt: fix core dump
* build: harden and make it possible to build with -fPIE
* fence_virt: dont report success for incorrect parameters
* fence_virt: mcast: config: Warn when provided mcast addr is not used
* fence_virtd: Return control to main loop on select interruption
* fence-virtd: Add missing vsock makefile bits
* fence-virt: Add vsock support
* fence_virtd: Fix transposed arguments in startup message
* fence_virt: Rename challenge functions
* fence_virtd: Cleanup: remove unused configuration options
* fence_virt: Remove remaining references to checkpoints
* fence_virt: Remove remaining references to checkpoints
* fence-virt: Format string cleanup
* fence_virtd: Implment hostlist for the cpg backend
* fence_virt: Fix logic error in fence_xvm
* fence_virtd: Cleanup config module
* fence_virtd: cpg: Fail initialization if no hypervisor connections
* fence_virtd: Make the libvirt backend survive libvirtd restarts
* fence_virtd: Allow the cpg backend to survive libvirt failures
* fence_virtd: cpg: Fix typo
* fence-virtd: Add cpg-virt backend plugin
* fence_virtd: Remove checkpoint, replace it with a CPG only plugin
* fence-virt: Bump version
* fence_virtd: Add better debugging messages for the TCP listner
* fence_virtd: Fix potential unlocked pthread_cond_timedwait()
* fence-virtd: Cleanup small memory leak
* fence_virtd: Fix select logic in listener plugins
* Factor out common libvirt code so that it can be reused by multiple backends
* Document the fence_virtd -p command line flag
* fence_virtd: Log an error when startup fails
* Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete.
* Make the packet authentication code more resilient in the face of transient failures.
* Remove erroneous 'inline'
* Disable the libvirt-qmf backend by default
* Bump the versions of the libvirt and checkpoint plugins
* fence-virtd: Enable TCP listener plugin by default
* fence-virtd: Cleanup documentation of the TCP listener
* fence_xvm/fence_virt: Add support for the validate-all status op
* fence-virt: Add list-status command to man page and metadata
* fence-virt: Cleanup numeric argument parsing
* fence-virt: Log message to syslog in addition to stdout/stderr
* fence-virt: Permit explicitly setting delay to 0
* fence-virt: Add 'list-status' operation for compat with other agents
* Fix use of undefined #define
* Allow fence_virtd to run as non-root
* Remove delay from the status, monitor and list functions
* Resolves serveral problems in checkpoint plugin, making it functional.
* Current implementation of event listener in virt-serial does not support keepalive, it does not generate nor capable to answer to keepalive requests, which causes libvirt connection to disconnect every 30 seconds (interval*timeout in libvirtd.conf). Furthermore, it does not clean up filehandlers and leaves hanging sockets. Also, if other thread opens its own connection to libvirt (i.e. checkpoint.c), event function in virt-serial.c just updates event listener file handler with a wrong one, what causes checkpoint.c malfunctions, fence_virtd hangs and so on. This patch uses default event listener implementation from libvirt and resolves theese problems.
* daemon_init: Removed PID check and update
* fence_virtd: drop legacy SysVStartPriority from service unit
* fence-virt: client: Do not truncate VM domains in list output
* client: fix "/delay"/ parameter checking (copy-paste)
* fence-virt: Fix broken restrictions on the port ranges
* Clarify debug message
* fence-virtd: Use perror only if the last system call returns an error.
* fence-virtd: Fix printing wrong system call in perror
* fence-virtd: Allow multiple hypervisors for the libvirt backend
* fence-virt: Don't overrwrite saved errno
* fence-virt: Fix small memory leak in the config module
* fence-virt: Fix mismatched sizeof in memset call
* fence-virt: Send complete hostlist info
* fence-virt: Clarify the path option in serial mode
* Bump version
* fence-virt: Bump version
* fence_virtd: Fix broken systemd service file
* fence_virt/fence_xvm: Print status when invoked with -o status
* fence-virt: Fix for missed libvirtd events
* fence-virt: Fail properly if unable to bind the listener socket
* client: dump all arguments structure in debug mode
* Drop executable flag for man pages (finally)
* Honor implicit "/ip_family=auto"/ in fence_xvm w/IPv6 mult.addr.
* Fix using bad struct item for auth algorithm
* Drop executable flag for man pages
* use bswap_X() instead of b_swapX()
* fence_virtd: Fix memcpy size params in the TCP plugin
* Revert "/fence-virt: Fix possible descriptor leak"/
* fence_virtd: Return success if a domain exists but is already off.
* fence-virt: Add back missing tcp_listener.h file
* fence-virt: Fix a few fd leaks
* fence-virt: Fix free of uninitialized variable
* fence-virt: Fix possible null pointer dereference
* fence-virt: Fix memory leak
* fence-virt: Fix fd leak when finding local addresses
* fence-virt: Fix possible descriptor leak
* fence-virt: Fix possible fd leak
* fence-virt: Fix null pointer deref
* fence-virt: Explicitly set delay to 0
* fence-virt: Fix return with lock held
* fence_virt: Fix typo in fence_virt(8) man page
* fence_virt: Return failure for nonexistent domains
* Initial commit
* Improve fence_virt.conf man page description of 'hash'
* Add a delay (-w) option.
* Remove duplicated port struct entry
* Add a TCP listener plugin for use with viosproxy
* In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout.
* Stop linking against unnecessary QPid libs.
* Update libvirt-qmf plugin and docs
* Fix crash when we fail to read key file.
* Fix erroneous man page XML
* Add 'interface' directive to example.conf
* Fix build
* Add old wait_for_backend directive handling & docs
* Return proper error if we can't set up our socket.
* Fix startup in systemd environments
* Add systemd unit file and generation
* Don't override user's pick for backend server module
* Use libvirt as default in shipped config
* Clean up compiler warnings
* Fix serial domain handling
* Fix monolithic build
* Clean up build and comments.
* Add missing pm_fence source code
* Disable CMAN / checkpoint build by default
* Rename libvirt-qpid -> libvirt-qmf
* Fix static analysis errors
* Reword assignment to appease static analyzers
* Handle return value from virDomainGetInfo
* Fix bad sizeof()
* Make listen() retry
* Add map_check on 'status' action
* Update README
* Don't reference out-of-scope temporary
* Ensure we don't try to strdup() or atoi() on NULL
* Add libvirt-qmf support to the libvirt-qpid plugin
* Convert libvirt-qpid plugin to QMFv2
* Fix incorrect return value on hash mismatch
* Fix error getting status from libvirt-qpid plugin
* Fix typo that broke multicast plugin
* Make fence-virt requests endian clean
* Update TODO
* Fix input parsing to allow domain again
* Provide 'domain' in metadata output for compatibility
* High: Fix UUID lookups in checkpoint backend
* Curtail 'list' operation requests
* Fix man page references: fence_virtd.conf -> fence_virt.conf
* Add 'list' operation for plugins; fix missing getopt line
* Fix build with newer versions of qpid
* Make configure.in actually disable plugins
* Fix metadata output
* Rename parameters to match other fencing agents
* Fix fence_xvm man page to point to the right location
* client: Clarify license in serial.c
* Return 2 for 'off' like other fencing agents
* Reset flags before returning from connect_nb
* Use nonblocking connect to vmchannel sockets
* More parity with other fencing agents' parameters
* Fix memory leaks found with valgrind
* Add basic daemon functions
* Fix bug in path pruning support for serial plugin
* Fix libvirt-qpid bugs found while testing
* Fix segfault caused by invalid map pointer assignment
* Fix another compiler warning
* Fix build warnings in client/serial.c
* Add 'monitor' as an alias for 'status'
* Add serial listener to configuration utility
* Make serial/vmchannel module enabled by default
* Add missing 'metadata' option to help text
* Add missing static_map.h
* Add metadata support to fence_xvm/fence_virt
* Allow IPs to be members of groups
* Allow use of static mappings w/ mcast listener
* Make 'path' be a directory
* Update TODO
* Remove useless debug printfs
* Enable VM Channel support in serial plugin
* Update TODO based on progress
* Pass source VM UUID (if known) to backend
* Mirror libvirt-qpid's settings in libvirt-qpid plugin
* libvirt-qpid: clean up global variable
* Enable a configurable host/port on libvirt-qpid plugin
* Minor config utility cleanups
* Man page cleanups
* Remove unnecessary name_mode from multicast plugin
* Add prototypes and clean up build warnings
* Use seqno in serial requests
* Minor debugging message cleanup
* Fix build error due to improper value
* Static map support and permissions reporting
* Sync up on SERIAL_MAGIC while waiting for a response
* Don't build serial vmchannel module by default
* Update TODO
* Initial checkin of serial server-side support
* Fix fence_virt.conf man page name
* Add Fedora init script
* Compiler warning cleanups in virt-serial.c
* Add wait-for-backend mode
* Fix up help text for clients
* Minor XML cleanups, add missing free() call
* add missing module_path to fence_virtd.conf.5
* Add capabilities to virt-serial
* Note that serial support is experimental
* Add a serial.so build target
* Add vmchannel serial event interface
* Split fence_virt vs. fence_xvm args
* Add static map functions.
* Fix build warning due to missing #include
* Fix multiple query code
* Better config query & multiple value/tag support
* Add simple configuration mode
* Add missing man pages
* More minor config cleanups
* Allow setting config values to NULL to clear them
* Clean up example config file
* Sort plugins by type when printing them
* Revert "/Sort plugins by type when printing them"/
* Sort plugins by type when printing them
* Clean up some configuration plugin information
* add empty line between names
* Make libvirt to automatically use uuid or names
* Improve error reporting
* Fix build for hostlist functionality
* Hostlist functionality for libvirt, libvirt-qpid
* Update TODO
* Work around broken nspr headers
* Fix installation target for man pages
* Fix default build script
* Add man page build infrastructure
* Initial commit of fence_virt & fence_xvm man pages
* Make fence_xvm compatibility mode enabled by default
* Fix libvirt / mcast support for name_mode
* Fix agent option parsing
* Fix dlsym mapping of C++ module
* Make uuids work with libvirt-qpid
* Fix uninitialized variable causing false returns
* Update monolithic build
* Fix linking problem
* Add 'help' to fence_virtd
* Fix libvirt-qpid build
* Make 'reboot' work
* Fix libvirt-qpid build
* Add libvirt-qpid build target
* Initial checking of libvirt-qpid plugin
* Fix build on i686
* Make symlink/compatibilty mode disabled by default
* Add simple tarball / release script
* Update TODO and requirements file
* Update TODO
* Use immediate resolution of symbols
* Example config tweaks
* Use sysconfdir for /etc/fence_virt.conf
* Fix package name and install locations
* Fix daemon return code
* Add 'maintainer-clean' target
* Fix build errors on Fedora
* Add missing header file
* Ignore automake error
* Add missing COPYING file; update TODO
* Make the build script actually build
* Make cluster mode plugin work
* Add basic cpg stuff for later
* Enable 'on' operation for libvirt backend
* Clean up modular build
* Minor build cleanups
* Yet more build fixes
* More build cleanups
* Build cleanups
* Initial port to autoconf
* Add checkpoint.c stub functions
* Add sequence numbers to requests for tracking
* Include missing include
* Call generic history functions
* Make history functions generic
* Make debugging work from modules again
* Revert "/Fix build issue breaking debug printing from modules"/
* Fix build issue breaking debug printing from modules
* Fix libvirt backend; VALIDATE was wrong
* Cleanups, add daemon support
* Add simple 'null' skeleton backend plugin
* Make all plugins dynamically loaded.
* Fix error message
* Remove dummy serial prototypes
* Remove modules in 'make clean'
* Make listeners plugins.
* Fix whitespace
* Move name_mode to fence_virtd block
* Add name_mode to example.conf
* Move VM naming scheme to top level of config
* Fix bad assignment due to wrong variable
* Fix use of wrong variable
* Revert "/Fix use of wrong variable"/
* Fix use of wrong variable
* Enable UUID use in libvirt.c
* Add missing log.c. Enable syslog wrapping
* Move options.c to client directory
* Fix context type names
* Minor cleanup
* Drop duplicate fencing requests
* Don't require specifying an interface in fence_virt.conf
* Fix empty node parsing
* Fix segfault
* Fix install targets
* Actually use the default port by default
* Don't overwrite config files
* Install modules, too.
* Fix config file name
* Add temporary 'make install' target
* Make a default configuration file
* Make mcast work with UUIDs
* Update TODO
* Remove useless prototype
* Update todo
* Add checkpoint.so to the build
* Fix missing carriage returns on debug prints
* Add architecture overview description
* Make serial_init match mcast_init.
* Make multicast use config file
* Integrate config file processing
* Create server-side plugin architecture
* Remove bad list_do/list_done macros
* Make libvirt a built-in plugin
* Update description text.
* Fix header in serial.c.
* serial: Make client work.
- remove patch contained by the update:
* 0001-fence_compute-Only-list-nova-compute-services-when-g.patch
* 0001-fence_gce-add-support-for-stackdriver-logging.patch
* 0001-fence_gce-filter-call-to-aggregatedList.patch
* 0001-fence_gce-fix-regression-missing-import-googleapicli.patch
* 0001-fence_gce-new-agent.patch
* 0001-fence_gce-Write-error-messages-to-log.patch
* 0001-fence_vmware_soap-fix-for-selfsigned-certificate.patch
* 0001-Zone-Project-parameters-are-mandatory.patch
* 0002-fence_compute-Don-t-list-hypervisors-but-nova-comput.patch
* 0002-fence_gce-fix-regression-missing-import-oauth2client.patch
* 0002-fence_gce-set-project-and-zone-as-not-required.patch
* 0003-fence_compute-Do-not-override-domain-if-it-is-alread.patch
* 0003-fence_gce-add-power-cycle-as-default-method.patch
* 0003-fence_gce-use-default-credentials-from-googleapiclie.patch
* 0004-fence_compute-Fix-handling-of-domain-None.patch
* 0004-fence_gce-add-missing-imports-to-retrieve-the-projec.patch
* 0005-fence_compute-Fix-fix_domain-to-not-return-too-early.patch
* 0005-fence_gce-s-loging-stackdriver-logging.patch
* 0006-fence_compute-Fix-fix_plug_name-when-looking-if-plug.patch
* 0006-fence_gce-use-root-logger-for-stackdriver.patch
* 0007-fence_compute-Remove-duplicate-check-for-binary-name.patch
* 0007-fence_gce-minor-changes-in-logging.patch
* 0008-fence_compute-fix-to-avoid-breaking-nova.patch
* 0009-Compute-Handle-differences-in-Nova-API-argument-pass.patch
* 0010-Compute-Split-out-evacation-functionality.patch
* 0011-evacuate-Handle-changes-to-the-nova-API.patch
* 0012-compute-Fix-unfencing-and-ensure-fencing-occurs-in-p.patch
* 0013-compute-update-metadata.patch
* 0014-evacuate-add-expected-metadata.patch
* 0015-fencing-Add-consistency-between-command-line-and-STD.patch
* 0016-fix-for-ignored-options.patch
* 0017-Maintain-ABI-compatibility-for-external-agents.patch
* 0018-fencing-include-timestamps-when-logging-to-STDERR-an.patch
* 0019-fencing-fix-help-for-quiet.patch
* 0020-compute-Add-support-for-keystone-v3-authentication.patch
* 0021-fence_compute-evacuate-update-metadata.patch
* 0022-Log-the-proper-nova_versions-variable.patch
* 0023-move-fence_evacuate-into-its-own-subdirectory.patch
* 0024-fence_compute-fence_evacuate-revert-to-old-parameter.patch
* 0100-Make-pywsman-dependency-optional.patch
- (jsc#SLE-18227) ECO: Update fence-agents
- (jsc#SLE-18200) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
- (jsc#SLE-18202) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
- Update all scripts to python3 (bsc#1065966)
Add patch:
* 0001-Use-Python-3-for-all-scripts-bsc-1065966.patch
- file
-
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
as well as bsc#1189093
- gd
-
fix CVE-2021-40812 [bsc#1190400], out-of-bounds read in GD library
+ gd-CVE-2021-40812.patch
- security update
- added patches
- gettext-runtime
-
- Added msgfmt-double-free.patch to fix a double free error
(CVE-2018-18751 bsc#1113719)
- glib2
-
- Add glib2-CVE-2021-27218.patch: g_byte_array_new_take takes a
gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328,
glgo#GNOME/glib!1944)
- Add glib2-CVE-2021-27219-add-g_memdup2.patch: g_memdup takes a
guint as parameter and sometimes leads into an integer overflow,
so add a g_memdup2 function which uses gsize to replace it.
(bsc#1182362, glgo#GNOME/glib!1927, glgo#GNOME/glib!1933,
glgo#GNOME/glib!1943)
- glibc
-
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
(CVE-2021-33574, bsc#1186489, BZ #27896)
- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
(bsc#1117993, BZ #23973)
- gmp
-
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
malformed input to mpz_inp_raw. [bsc#1192717, CVE-2021-43618]
- gnutls
-
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- graphviz
-
- Added graphviz-out-of-bounds-write.patch to fix CVE-2020-18032
(bsc#1185833)
- graphviz-plugins
-
- Added graphviz-out-of-bounds-write.patch to fix CVE-2020-18032
(bsc#1185833)
- grub2
-
- Fix disappeared snapshot menu entry (bsc#1078481)
- Fix incorrect check preventing the script from running (bsc#1078481)
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
* 80_suse_btrfs_snapshot
- Add support for simplefb (boo#1193532).
* grub2-simplefb.patch
- Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of
nvme namespace (bsc#1177751)
* 0001-ieee1275-Avoiding-many-unecessary-open-close.patch
- Fix error lvmid disk cannot be found after second disk added to the root
volume group (bsc#1189874) (bsc#1071559)
* 0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
* 0001-Filter-out-POSIX-locale-for-translation.patch
- Patch added for (jsc#SLE-20909):
Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
* 0001-Workaround-volatile-efi-boot-variable.patch
- Patch refreshed
* grub-install-force-journal-draining-to-ensure-data-i.patch
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
* grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure as journaled data not get drained due to abrupt power
off after grub-install (bsc#1167756)
- Fix boot failure after kdump due to the content of grub.cfg is not
completed with pending modificaton in xfs journal (bsc#1186975)
* grub-install-force-journal-draining-to-ensure-data-i.patch
- Fix executable stack in grub-emu (bsc#1181696)
* 0001-emu-fix-executable-stack-marking.patch
- hawk2
-
- Update to version 2.6.4:
* Fix wizards ui (bsc#1184274)
- Update to version 2.6.3:
* Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459)
* Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314)
* Sanitize filename to contains whitelist of alphanumeric (bsc#1182165)
- irqbalance
-
- Increase size of procinterrupts line readings by factor 32 (bsc#1184592)
A procinterrupts_read_buffer_increase.patch
- Use _fillupdir in spec file to also build against latest distros
which could be useful for comparing versions in case we get yet
another bug.
- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405)
A procinterrupts-check-xen-dyn-event-more-flexible.patch
- jasper
-
- bsc#1188437 CVE-2021-27845: Fix divide-by-zery in cp_create()
Add jasper-CVE-2021-27845.patch
- java-1_7_1-ibm
-
- Update to Java 7.1 Service Refresh 5 Fix Pack 0 [bsc#1194232]
[bsc#1194198, bsc#1192052, CVE-2021-41035]
[bsc#1191914, CVE-2021-35586] [bsc#1191913, CVE-2021-35564]
[bsc#1191911, CVE-2021-35559] [bsc#1191910, CVE-2021-35556]
[bsc#1191909, CVE-2021-35565] [bsc#1191905, CVE-2021-35588]
[bsc#1188564, CVE-2021-2341]
- Update to Java 7.1 Service Refresh 4 Fix Pack 90
[bsc#1188565, CVE-2021-2369] [bsc#1188568, CVE-2021-2432]
- Update to Java 7.1 Service Refresh 4 Fix Pack 85
[bsc#1185056, CVE-2021-2161][bsc#1185055, CVE-2021-2163]
* Class Libraries:
- Fix security vulnerability CVE-2021-2161
* JIT Compiler:
- A SEGV or AIOOB exception running jit compiled
chartobyteutf8.convert() on ZOS java 7.1.4.80
* Security:
- Java 7 JVM startup crashes with javacore dump in JGSS
nativecreds.dll.
- Kerberos ticket renewal fails with debug enabled following
java.lang.illegalstateexception
- javapackages-tools
-
- Can't assume non-existence of python38 macros in Leap.
gh#openSUSE/python-rpm-macros#107
Test for suse_version instead. Only Tumbleweed has and needs the
python_subpackage_only support.
- Fix typo in spec file sitearch -> sitelib
- Fix the python subpackage generation
gh#openSUSE/python-rpm-macros#79
- Support python subpackages for each flavor
gh#openSUSE/python-rpm-macros#66
- Replace old nose with pytest gh#fedora-java/javapackages#86
- when building extra flavor, BuildRequire javapackages-filesystem:
/etc/java is being cleaned out of the filesystems package.
- Upgrade to version 5.3.1
- Modified patch:
* suse-use-libdir.patch
+ rediff to changed context
- Define _rpmmacrodir for distributions that don't have it
- Use %{_rpmmacrodir} instead of %{_libexecdir}/rpm/macros.d: this
just happens to overlap in some distros.
- Rename gradle-local and ivy-local to javapackages-gradle and
javapackages-ivy and let them depend only on javapackages-tools
and javapackages-local. These packages only install files
produced during the javapackages-tools build. The dependencies
will be pulled by gradle-local, ivy-local and maven-local
meta-packages built in a separate spec file.
- Split maven-local meta-package out of javapackages-tools spec
file
- Make the ivy-local and maven-local sub-packages depend on the
right stuff, so that they actually can be used for building
- Provide both com.sun:tools and sun.jdk:jconsole that are part of
standard OpenJDK installation. These provides cannot be generated
from metadata due to build sequence.
- Modified patch:
* suse-use-libdir.patch
+ fix directories for eclipse.conf too
- Make the javapackages-local package depend on java-devel. It is
used for package building and this avoids each package to require
java-devel itself.
- Replace the occurences of /usr/lib by libdir in configuration
files too
- Update to version 5.3.0
- Modified patch:
* suse-no-epoch.patch
+ rediff to changed code
- Build the :extras flavour as noarch
- Added patch:
* suse-no-epoch.patch
+ we did not bump epoch of OpenJDK packages in SUSE
+ fix a potential generation of unresolvable requires
+ adapt the tests to not expect the epoch
- Switch to multibuild layout
- Update to version 5.2.0+git20180620.70fa2258:
* Rename the async kwarg in call_script to wait (reverses the logic)
* Actually bump version to 5.3.0 snapshot
* Bump version in VERSION file
* [man] s/Pacakge/Package/g
* Fix typos in README
* Fix configure-base.sh after filesystem macro split
* Split filesystem macros to separate macro file
* Introduce javapackages-filesystem package
* [java-functions] extend ABRT Java agent options
* change abrt-java-connector upstream URL
* Remove resolverSettings/prefixes from XMvn config
* Add macros to allow passing arbitrary options to XMvn
* [spec] Bump package version to 5.1.0
* Allow specifying custom repo when calling xmvn-install
- Refresh patches:
* suse-use-libdir.patch
* python-optional.patch
- Update to version 5.0.0+git20180104.9367c8f6:
* [java-functions] Avoid colons in jar names
* Workaround for SCL enable scripts not working with -e
* Second argument to pom_xpath_inject is mandatory
* [mvn_artifact] Provide more helpful error messages
* Fix traceback on corrupt zipfile
* [test] Add reproducer for rhbz#1481005
* [spec] Fix default JRE path
* [readme] Fix typo
* Add initial content to README.md (#21)
* Decouple JAVA_HOME setting from java command alternatives
- Rebase patches:
* python-optional.patch
* suse-use-libdir.patch
- Drop merged patch fix-abs2rel.patch
- Fix typo in suse-use-libdir.patch
- Fix url to correct one https://github.com/fedora-java/javapackages
- Split to python and non-python edition for smaller depgraph
- Add patch python-optional.patch
- Fix abs2rel shebang:
* fix-abs2rel.patch
- Fix Requires on subpackages to point to javapackages-tools proper
- Update to version 4.7.0+git20170331.ef4057e7:
* Reimplement abs2rel in Python
* Don't expand {scl} in macro definitions
* Install expanded rpmfc attr files
* [spec] Avoid file conflicts between in SCL
* Fix macros.d directory ownership
* Make %ant macro enable SCL when needed
* [spec] Fix file conflicts between SCL and non-SCL packages
* Fix ownership of ivyxmldir
* [test] Force locale for python processes
* Don't include timestamp in generated pom.properties
- Remove patch merged by upstream:
* create_valid_xml_comments.patch
- Remove patch suse-macros-install-location.patch
* We switch to /usr/lib/ location for macros
- Try to reduce some dependencies bsc#1036025
- Refresh patch suse-use-libdir.patch
- Add create_valid_xml_comments.patch
python-lxml 3.5.0 introduces validation for xml comments, and
one of the comments created in this package were not valid.
This patch fixes the problem. It backported from upstream and
should be in the next release.
https://github.com/mizdebsk/javapackages/commit/84211c0ee761e93ee507f5d37e9fc80ec377e89d
- Version update to 4.6.0:
* various bugfixes for maven tooling
* introduction to gradle-local package for gradle packaging
- Drop dependency over source-highlight as it causes build cycle
- Try to break buildcycle detected on Factory
- Fix build on SLE11
- Use python-devel instead of pkgconfig to build on sle11
- Add python-javapackages as requirement for main package
- Update requires on python packages to properly have all the needed
dependencies on runtime
- Install macros to /etc/rpm as we do in SUSE:
* suse-macros-install-location.patch
- Cleanup with spec-cleaner
- Drop patches
* depgen.patch
* javapackages-2.0.1-fix-bashisms.patch
* javapackages-2.0.1-java9.patch
* maven_depmap-no-attribute-exit.patch
- Remove hacky workarounds
- Fix rpmlint errors
- Enable maven-local
- Avoid unsatisfiable dependencies
- Enable unit tests
- Update to version 4.4.0
- Added patch:
* javapackages-2.0.1-java9.patch: create directories for java,
so that ant build works
- Add virtual provide jpackage-utils-java9 to be able to
distinguish the presence of java9 compatibility
- fix bashisms
- Added patches:
* javapackages-2.0.1-fix-bashisms.patch
- maven_depmap-no-attribute-exit.patch: SLES patch for ZipFile
having no attribute '__exit__' which was causing ecj build
failures
- set correct libxslt package when building for SLES
- kdump
-
- kdump-do-not-iterate-past-end-of-string.patch:
URLParser::extractAuthority(): Do not iterate past end of string
(bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
code checking after "/local"/ with assignment (bsc#1184616
LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
dracut command line (bsc#1182309).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
/etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
initrd.target.wants directory exists (bsc#1172670).
- kdump-activate-udev-rules-late-during-boot.patch: kdump: activate
udev rules late during boot (bsc#1154837).
- kdump-make-sure-that-the-udev-runtime-directory-exists.patch:
Make sure that the udev runtime directory exists (bsc#1164713).
- kernel-default
-
- Bluetooth: fix the erroneous flush_work() order (CVE-2021-3564
bsc#1186207).
- commit 6b62fb2
- moxart: fix potential use-after-free on remove path
(bsc1194516).
- commit 5c87126
- memstick: rtsx_usb_ms: fix UAF
- commit 9dca558
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit f8aba64
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Fix spelling mistake "/calledd"/ -> "/called"/
(bsc#1193507).
- net: mana: Support hibernation and kexec (bsc#1193507).
- net: mana: Improve the HWC error handling (bsc#1193507).
- net: mana: Fix the netdev_err()'s vPort argument in
mana_init_port() (bsc#1193507).
- net: mana: Allow setting the number of queues while the NIC
is down (bsc#1193507).
- net: mana: Use kcalloc() instead of kzalloc() (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
(bsc#1193507).
- commit b86c625
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5bf6fe1
- usb: gadget: configfs: Fix use-after-free issue with udc_name
(bsc#1193861 CVE-2021-39648).
- commit 57b5f12
- fget: clarify and improve __fget_files() implementation
(bsc#1193727).
- commit 696ea54
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 68b92fb
- ipv6: use prandom_u32() for ID generation (CVE-2021-45485
bsc#1194094).
- Refresh
patches.kabi/kabi-handle-addition-of-netns_ipv4-ip_id_key.patch.
- commit 7a68b0c
- cgroup: Use open-time credentials for process migraton perm
checks (bsc#1194302 CVE-2021-4197).
- commit eda1a06
- NFC: add NCI_UNREG flag to eliminate the race (CVE-2021-4202
bsc#1194529).
- NFC: reorder the logic in nfc_{un,}register_device
(CVE-2021-4202 bsc#1194529).
- NFC: reorganize the functions in nci_request (CVE-2021-4202
bsc#1194529).
- commit ce69894
- kprobes: Limit max data_size of the kretprobe instances
(bsc#1193669).
- commit c7e4a69
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
fallocate (bsc#1194272 CVE-2021-4155).
- commit c94e1fd
- fget: check that the fd still exists after getting a ref to it
(bsc#1193727 CVE-2021-4083).
- commit e9025bf
- btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149).
- commit 04a66fc
- inet: use bigger hash table for IP ID generation (CVE-2021-45486
bsc#1194087).
- commit b355639
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- commit e48d1db
- recordmcount.pl: look for jgnop instruction as well as bcrl
on s390 (bsc#1192267).
- Delete patches.suse/ftrace-recordmcount-binutils.patch.
- commit 6347684
- xen/netback: don't queue unlimited number of packages
(CVE-2021-28715 XSA-392 bsc#1193442).
- commit a531529
- xen/console: harden hvc_xen against event channel storms
(CVE-2021-28713 XSA-391 bsc#1193440).
- commit 58dceb5
- xen/netfront: harden netfront against event channel storms
(CVE-2021-28712 XSA-391 bsc#1193440).
- commit 8877609
- xen-netfront: do not use ~0U as error return value for
xennet_fill_frags() (git-fixes).
- commit 6d6d065
- xen-netfront: do not assume sk_buff_head list is empty in
error handling (git-fixes).
- commit 28eaccf
- xen/netfront: don't bug in case of too many frags (bnc#1012382).
- commit 9558b52
- xen/netfront: don't cache skb_shinfo() (bnc#1012382).
- commit 009fd8c
- xen/blkfront: harden blkfront against event channel storms
(CVE-2021-28711 XSA-391 bsc#1193440).
- commit 4e5bb56
- tty: hvc: replace BUG_ON() with negative return value
(git-fixes).
- commit c255786
- xen/netfront: don't trust the backend response data blindly
(git-fixes).
- commit b986b56
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- commit 6944250
- xen/netfront: don't read data from request on the ring page
(git-fixes).
- commit ab5b1b6
- xen/netfront: read response from backend only once (git-fixes).
- commit ef6e21b
- xen/blkfront: don't trust the backend response data blindly
(git-fixes).
- commit d0c7fcb
- xen/blkfront: don't take local copy of a request from the ring
page (git-fixes).
- commit 8786833
- xen/blkfront: read response from backend only once (git-fixes).
- commit 766a2af
- xen: sync include/xen/interface/io/ring.h with Xen's newest
version (git-fixes).
- commit 586947d
- Update
patches.suse/ring-buffer-Protect-ring_buffer_reset-from-reentrancy.patch
(CVE-2020-27825 bsc#1179960).
- commit 6d2a553
- bpf: fix truncated jump targets on heavy expansions (bsc#1193575
CVE-2018-25020).
- commit 64cd10a
- ring-buffer: Protect ring_buffer_reset() from reentrancy
(bsc#1179960).
- commit 7a1c06f
- kABI compatibility for struct l2tp_tunnel (bsc#1192032
CVE-2021-0935).
- commit 0642c93
- l2tp: fix races with ipv4-mapped ipv6 addresses (bsc#1192032
CVE-2021-0935).
- Refresh
patches.kabi/kabi-preserve-struct-l2tp_tunnel-layout-after-adding.patch.
- commit 9536429
- net/x25: prevent a couple of overflows (bsc#1178590
CVE-2020-35519 bsc#1183696).
- commit 8ed397f
- ixgbe: fix large MTU request from VF (bsc#1192877
CVE-2021-33098).
- commit 8a7b6d5
- mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
(CVE-2021-43976 bsc#1192847).
- commit 4d86fa1
- mac80211: drop robust management frames from unknown TA
(CVE-2019-0136 bsc#1193157).
- mac80211: handle deauthentication/disassociation from TDLS peer
(CVE-2019-0136 bsc#1193157).
- commit 159b426
- hugetlbfs: flush TLBs correctly after huge_pmd_unshare
(bsc#1192946 (CVE-2021-4002)).
- commit b430748
- constraints: Build aarch64 on recent ARMv8.1 builders.
Request asimdrdm feature which is available only on recent ARMv8.1 CPUs.
This should prevent scheduling the kernel on an older slower builder.
- commit 1742151
- bpf: Add kconfig knob for disabling unpriv bpf
by default (jsc#SLE-22918)
- Update config files: Add
CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit 45c8b60
- Revert "/header.py: Reject Patch-mainline: No"/
Allow Patch-mainline: No on historical branch.
- commit 1d03b44
- config: disable unprivileged BPF by default (jsc#SLE-22918)
Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
when the config option is missing, but does not update our kernel configs
used for build. Update also these to make sure unprivileged BPF is really
disabled by default.
- commit 1289b84
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22918).
- commit f60b26f
- dm ioctl: fix out of bounds array access when no devices
(CVE-2021-31916 bsc#1192781).
- commit 918914d
- ipv4: make exception cache less predictible (bsc#1191790,
CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
(bsc#1191790, CVE-2021-20322).
- commit 3410ffc
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP
mode (bsc#1185758,bsc#1192400).
- commit 96d5947
- x86/CPU: Add more Icelake model numbers (bsc#1185758,bsc#1192400).
- commit 531b6d4
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
(bsc#1191961 CVE-2021-34981).
- commit dc6a99a
- blacklist.conf: Drop a line that was added by mistake
- commit 05edc23
- Refresh
patches.suse/bpf-Fix-leakage-due-to-insufficient-speculative-stor.patch.
- Refresh
patches.suse/bpf-prevent-memory-disambiguation-attack.patch.
Previous removal of unused variable caused build failure (mid-series), move
variable removal to the correct patch, and ensure all unused variable is removed.
- commit 21d40da
- ftrace: Fix scripts/recordmcount.pl due to new binutils
(bsc#1192267).
- commit 1485d76
- xfs: add agf freeblocks verify in xfs_agf_verify (bsc#1192296
CVE-2020-12655).
- commit 25b5716
- Update
patches.suse/isdn-cpai-check-ctr-cnr-to-avoid-array-index-out-of-bound.patch
(bsc#1191958 CVE-2021-43389).
- commit 2a5ea35
- Refresh
patches.suse/bpf-prevent-memory-disambiguation-attack.patch.
Missed the actual dropping of variable in last commit
- commit b097abb
- usb: hso: fix error handling code of hso_create_net_device
(bsc#1188601 CVE-2021-37159).
- commit c29a96d
- Refresh
patches.suse/bpf-prevent-memory-disambiguation-attack.patch.
Drop used variable that causes warning
- commit 81a205c
- blacklist.conf: blacklist pair of obsoleted patches
(bsc#1188601 CVE-2021-37159)
- commit 74d6ce4
- kABI: protect struct bpf_map (kabi).
- commit 6c2222c
- bpf: Fix leakage due to insufficient speculative store
bypass mitigation (bsc#1188983, bsc#1188985, CVE-2021-34556,
CVE-2021-35477).
- commit ff6ef1e
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit dc05895
- x86: Introduce barrier_nospec (CVE-2017-5753 bnc#1012382
bsc#1068032).
- commit 347afb0
- bpf: properly enforce index mask to prevent out-of-bounds
speculation (bsc#1098425).
- commit d97a4cc
- bpf: prevent memory disambiguation attack (bsc#1087082
CVE-2018-3639).
- commit 67bf14e
- bpf: fix branch pruning logic (CVE-2017-17862 CVE-2017-17864
bsc#1073928).
- Refresh
patches.suse/bpf-prevent-out-of-bounds-speculation.patch
- Refresh
patches.fixes/bpf-don-t-let-ldimm64-leak-map-addresses-on-unprivil.patch
- commit d19a62f
- bpf, array: fix overflow in max_entries and undefined behavior
in index_mask (bsc#1068032 CVE-2017-5753).
- commit 82640b4
- bpf: prevent out-of-bounds speculation (bsc#1068032
CVE-2017-5753).
- commit 24aa2da
- bpf: adjust insn_aux_data when patching insns (bsc#1068032
CVE-2017-5753).
- commit cec855b
- bpf: refactor fixup_bpf_calls() (bsc#1068032 CVE-2017-5753).
- commit c880a78
- bpf: move fixup_bpf_calls() function (bsc#1068032
CVE-2017-5753).
- commit dd9f281
- bpf: don't (ab)use instructions to store state (bsc#1068032
CVE-2017-5753).
- commit 77da822
- bpf: add bpf_patch_insn_single helper (bsc#1068032
CVE-2017-5753).
- commit b929767
- Update patches.kernel.org/patch-4.4.3-4 references (add CVE-2021-20265 bsc#1183089).
- commit bae5769
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- commit b4e86be
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
(CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
bsc#1188563).
- commit e541dd9
- xfs: fix up non-directory creation in SGID directories
(bsc#1190006 CVE-2018-13405).
- commit 755ccf4
- net/mlx4_en: Handle TX error CQE (bsc#1181854 bsc#1181855).
- net/mlx4_en: Avoid scheduling restart task if it is already
running (bsc#1181854 bsc#1181855).
- commit 8b82539
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
bsc#1190067).
- commit 9627eda
- Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 29edae6
- cipso,calipso: resolve a number of problems with the DOI
refcounts (CVE-2021-33033 bsc#1186109).
- commit 08ec772
- kabi: hide return value type change of sctp_af::from_addr_param
(CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
(CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
bsc#1188563).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- sctp: simplify addr copy (bsc#1188563).
- commit 566d229
- netfilter: nf_conntrack_h323: lost .data_len definition for
Q.931/ipv6 (CVE-2020-14305 bsc#1173346).
- commit 9d07e3d
- net_sched: cls_route: remove the right filter from hashtable
(CVE-2021-3715 bsc#1190349).
- commit 1e212d4
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(bsc#1191958 CVE-2021-3896).
- commit ef09121
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191801).
- commit 030262b
- media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit 629d851
- net: 6pack: fix slab-out-of-bounds in decode_data
(CVE-2021-42008 bsc#1191315).
- commit ede4274
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
bsc#1191193).
- commit 470c448
- ath9k: Postpone key cache entry deletion for TXQ frames
reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
(CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- ath9k: Clear key cache explicitly on disabling hardware
(CVE-2020-3702 bsc#1191193).
- ath: Use safer key clearing with key cache entries
(CVE-2020-3702 bsc#1191193).
- commit f4306c2
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
ath9k modules have some exported symbols for the common helpers
and the recent fixes broke kABI of those. They are specific to
ath9k's own usages, so safe to ignore.
- commit 67a4ab0
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- hv: mana: declare vzalloc (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: fake bitmap API (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- mm: replace open coded page to virt conversion with page_to_virt() (jsc#SLE-18779, bsc#1185727).
- commit dcd02a2
- Bluetooth: check for zapped sk before connecting (CVE-2021-3752
bsc#1190023).
- commit 1e8e3c3
- net: sched: sch_teql: fix null-pointer dereference
(bsc#1190717).
- commit 765d2f8
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
(bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass
(bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses
(bsc#1190601).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_*
(bsc#1190601).
- commit 3d1b37f
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1190159 CVE-2021-40490).
- commit b86c399
- x86/tlb: Flush global mappings when KAISER is disabled
(bsc#1190194).
- commit 4f166f1
- SUNRPC: improve error response to over-size gss credential
(bsc#1190022).
- commit 8a98f3a
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
CVE2020-12770).
- commit 1a21af1
- Bluetooth: schedule SCO timeouts with delayed_work
(CVE-2021-3640 bsc#1188172).
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 1527ca1
- virtio_console: Assure used length from device is limited
(CVE-2021-38160 bsc#1190117).
- commit a2f9927
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640 bsc#1188172).
- commit 7f7f308
- vt_kdsetmode: extend console locking (bsc#1190025
CVE-2021-3753).
- commit 8e66f30
- ovl: prevent private clone if bind mount is not allowed
(bsc#1189706, CVE-2021-3732).
- commit 07cac18
- [PATCH 4.4.y] KVM: nSVM: avoid picking up unsupported bits
from L2 in int_ctl (bsc#1189399, CVE-2021-3653).
- KVM: X86: MMU: Use the correct inherited permissions to get
shadow page (CVE-2021-38198 bsc#1189262).
- commit 0f83408
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- commit a3d3bcc
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
(CVE-2021-3640 bsc#1188172).
- commit a63cffe
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
(CVE-2021-3640 bsc#1188172).
- commit b3dcc45
- usb: max-3421: Prevent corruption of freed memory
(CVE-2021-38204 bsc#1189291).
- commit 3d3a79f
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
(CVE-2021-3679 bsc#1189057).
- commit fcd167b
- KVM: Fix UAF in nested posted interrupt processing
(CVE-2018-16882 bsc#1119934).
- commit 6411b52
- kabi: preserve struct l2tp_session layout after adding dead
member (CVE-2020-0429 bsc#1176724).
- kabi: preserve struct l2tp_tunnel layout after adding
acpt_newsess (CVE-2020-0429 bsc#1176724).
- kabi: restore l2tp_session_find_by_ifname (CVE-2020-0429
bsc#1176724).
- l2tp: Allow duplicate session creation with UDP (CVE-2020-0429
bsc#1176724).
- l2tp: don't close sessions in l2tp_tunnel_destruct()
(CVE-2020-0429 bsc#1176724).
- l2tp: fix race between l2tp_session_delete() and
l2tp_tunnel_closeall() (CVE-2020-0429 bsc#1176724).
- l2tp: ensure sessions are freed after their PPPOL2TP socket
(CVE-2020-0429 bsc#1176724).
- l2tp: prevent creation of sessions on terminated tunnels
(CVE-2020-0429 bsc#1176724).
- l2tp: initialise session's refcount before making it reachable
(CVE-2020-0429 bsc#1176724).
- l2tp: take a reference on sessions used in genetlink handlers
(CVE-2020-0429 bsc#1176724).
- l2tp: hold session while sending creation notifications
(CVE-2020-0429 bsc#1176724).
- l2tp: fix duplicate session creation (CVE-2020-0429
bsc#1176724).
- l2tp: ensure session can't get removed during
pppol2tp_session_ioctl() (CVE-2020-0429 bsc#1176724).
- l2tp: Refactor the codes with existing macros instead of
literal number (CVE-2020-0429 bsc#1176724).
- l2tp: Correctly return -EBADF from pppol2tp_getname
(CVE-2020-0429 bsc#1176724).
- commit d95bc23
- powerpc/pesries: Get STF barrier requirement from
H_GET_CPU_CHARACTERISTICS (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
(CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
from H_GET_CPU_CHARACTERISTICS (CVE-2020-4788 bsc#1177666 git-fixes bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
_setup_security_mitigations (CVE-2018-3639, bsc#1087082, bsc#1188885 ltc#193722).
- commit fc3927c
- net: mac802154: Fix general protection fault (CVE-2021-3659
bsc#1188876).
- commit 41ce3cc
- use 3.0 SPDX identifier in rpm License tags
As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
(SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
to adjust the tags with each maintenance update submission.
- commit c24e8b8
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
CVE-2021-37576).
- commit 3d81131
- netfilter: x_tables: fix compat match/target pad out-of-bound
write (CVE-2021-22555 bsc#1188116).
- commit 96e51be
- seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909).
- commit 7769711
- can: bcm: delay release of struct bcm_op after synchronize_rcu()
(CVE-2021-3609 bsc#1187215).
- commit cf3fef8
- mm: consider __HW_POISON pages when allocating from pcp lists
(bsc#1187388).
- commit 8479654
- hv_netvsc: Fix unwanted wakeup in netvsc_attach() (bsc#1175462).
- hv_netvsc: Fix tx_table init in rndis_set_subchannel()
(bsc#1175462).
- hv_netvsc: flag software created hash value (bsc#1175462).
- hv_netvsc: Fix error handling in netvsc_attach() (bsc#1175462).
- hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback()
(bsc#1175462).
- hv_netvsc: fix race that may miss tx queue wakeup (bsc#1175462).
- hv_netvsc: Fix unwanted wakeup after tx_disable (bsc#1175462).
- hv_netvsc: Fix IP header checksum for coalesced packets
(bsc#1175462).
- hv_netvsc: Fix hash key value reset after other ops
(bsc#1175462).
- hv_netvsc: Refactor assignments of struct netvsc_device_info
(bsc#1175462).
- hv_netvsc: fix schedule in RCU context (bsc#1175462).
- hv_netvsc: Fix a deadlock by getting rtnl lock earlier in
netvsc_probe() (bsc#1175462).
- hv/netvsc: Fix NULL dereference at single queue mode fallback
(bsc#1175462).
- hv/netvsc: fix handling of fallback to single queue mode
(bsc#1175462).
- hv_netvsc: split sub-channel setup into async and sync
(bsc#1175462).
- hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload
(bsc#1175462).
- hv_netvsc: fix network namespace issues with VF support
(bsc#1175462).
- hv_netvsc: Fix a network regression after ifdown/ifup
(bsc#1175462).
- hv_netvsc: Add handlers for ethtool get/set msg level
(bsc#1175462).
- hv_netvsc: typo in NDIS RSS parameters structure (bsc#1175462).
- hv_netvsc: set master device (bsc#1175462).
- hv_netvsc: Fix net device attach on older Windows hosts
(bsc#1175462).
- hv_netvsc: Ensure correct teardown message sequence order
(bsc#1175462).
- hv_netvsc: Split netvsc_revoke_buf() and netvsc_teardown_gpadl()
(bsc#1175462).
- hv_netvsc: Use Windows version instead of NVSP version on GPAD
teardown (bsc#1175462).
- commit c5c3097
- hv_netvsc: common detach logic (bsc#1175462).
- commit 0f53ecd
- hv_netvsc: pass netvsc_device to rndis halt (bsc#1175462).
- hv_netvsc: change GPAD teardown order on older versions
(bsc#1175462).
- hv_netvsc: use RCU to fix concurrent rx and queue changes
(bsc#1175462).
- hv_netvsc: disable NAPI before channel close (bsc#1175462).
- hv_netvsc: cancel subchannel setup before halting device
(bsc#1175462).
- hv_netvsc: fix error unwind handling if vmbus_open fails
(bsc#1175462).
- hv_netvsc: only wake transmit queue if link is up (bsc#1175462).
- hv_netvsc: avoid retry on send during shutdown (bsc#1175462).
- hv_netvsc: use reciprocal divide to speed up percent calculation
(bsc#1175462).
- hv_netvsc: preserve hw_features on mtu/channels/ringparam
changes (bsc#1175462).
- hv_netvsc: netvsc_teardown_gpadl() split (bsc#1175462).
- hv_netvsc: Set tx_table to equal weight after subchannels open
(bsc#1175462).
- hv_netvsc: avoid unnecessary wakeups on subchannel creation
(bsc#1175462).
- commit d0f2711
- hv_netvsc: fix deadlock on hotplug (bsc#1175462).
- commit 34afd59
- hv_netvsc: Simplify num_chn checking in rndis_filter_device_add() (bsc#1175462).
- commit 247cfe2
- netvsc: delay setup of VF device (bsc#1175462).
- commit 854e6c5
- netvsc: fix race on sub channel creation (bsc#1175462).
- commit 5301206
- netvsc: fix race during initialization (bsc#1175462).
- commit 58b9cfc
- af_key: pfkey_dump needs parameter validation (CVE-2021-0605
bsc#1187601).
- commit 237f852
- HID: make arrays usage and value to be the same (CVE-2021-0512
bsc#1187595).
- commit 7eba6bd
- scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes
(bsc#1187193).
- commit c316c7f
- can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693
bsc#1187452).
- commit adc6046
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385)
- commit a9ceda8
- Update
patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch
(bsc#1186463 CVE-2021-0129 CVE-2020-26558).
- commit 286bcbb
- Bluetooth: Fix slab-out-of-bounds read in
hci_extended_inquiry_result_evt() (CVE-2020-36386 bsc#1187038).
- commit bc6a7b3
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588
bsc#1185861).
- commit ea2af47
- Bluetooth: SMP: Fail if remote and local public keys are
identical (git-fixes).
- commit d6a09bf
- kgraft: truncate the output from state_show() sysfs attr
(bsc#1186235).
- commit 8ae6170
- powerpc/64s: Fix crashes when toggling entry flush barrier
(CVE-2020-4788 bsc#1177666 git-fixes).
- commit 340e962
- powerpc/64s: Fix crashes when toggling stf barrier (CVE-2018-3639 bsc#1087082 git-fixes).
- commit 940a4ed
- Update
patches.suse/bluetooth-eliminate-the-potential-race-condition-whe.patch
(bsc#1184611 CVE-2021-32399).
- commit cc66d51
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
- Drivers: hv: vmbus: Increase wait time for VMbus unload
(bsc#1185724).
- Drivers: hv: vmbus: Initialize unload_event statically
(bsc#1185724).
- commit ed6d3b2
- kABI workaround for hci_chan amp field addition (CVE-2021-33034
bsc#1186111).
- commit fd0206d
- Bluetooth: verify AMP hci_chan before amp_destroy
(CVE-2021-33034 bsc#1186111).
- commit e24f222
- Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062)
- commit 01ead6e
- net/nfc: fix use-after-free llcp_sock_bind/connect
(CVE-2021-23134 bsc#1186060).
- commit 8490bfc
- kABI workaround for cfg80211 changes (CVE-2020-24586
bsc#1185859).
- ath10k: Validate first subframe of A-MSDU before processing
the list (CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: Fix TKIP Michael MIC verification for PCIe
(CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: drop fragments with multicast DA for PCIe
(CVE-2020-26145 bsc#1185860).
- mac80211: extend protection against mixed key and fragment
cache attacks (CVE-2020-24586 bsc#1185859).
- mac80211: do not accept/forward invalid EAPOL frames
(CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
bsc#1185859).
- mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586
bsc#1185859).
- mac80211: check defrag PN against current frame (CVE-2020-24587
CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: add fragment cache to sta_info (CVE-2020-24587
CVE-2020-24586 bsc#1185863 bsc#1185859).
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587
CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: properly handle A-MSDUs that start with an RFC 1042
header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
bsc#1185859).
- mac80211: prevent mixed key and fragment cache attacks
(CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
bsc#1185859).
- mac80211: assure all fragments are encrypted (CVE-2020-26147
bsc#1185863 bsc#1185859).
- commit 3300524
- blacklist.conf: blacklist d120198bd5ff ("/xen/evtchn: Change irq_info lock to raw_spinlock_t"/)
no PREEMPT_RT kernel is pulling from this cve branch and this is a
follow up fix for a CVE fix.
- commit 449a07b
- Fix compile error
Refreshed:
patches.suse/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-.patch
- commit 7dca118
- KVM: Add proper lockdep assertion in I/O bus unregister
(bsc#1185555).
- KVM: Stop looking for coalesced MMIO zones if the bus is
destroyed (bsc#1185557).
- KVM: Destroy I/O bus devices on unregister failure _after_
sync'ing SRCU (bsc#1185556).
- commit 9c7b370
- KVM: fix memory leak in kvm_io_bus_unregister_dev() (CVE-2020-36312 bsc#1184509).
- commit 69dc2b9
- bluetooth: eliminate the potential race condition when removing
the HCI controller (bsc#1184611).
- commit 12d067d
- netfilter: x_tables: Use correct memory barriers (bsc#1184208
CVE-2021-29650).
- commit 9bdf87e
- hv_netvsc: remove ndo_poll_controller (bsc#1185248).
- commit cd1da8b
- Refresh
patches.suse/btrfs-fix-qgroup-data-rsv-leak-caused-by-falloc-fail.patch.
Fix uninitialized variable caused by a backport error.
- commit 73ac9e9
- btrfs: fix qgroup data rsv leak caused by falloc failure
(bsc#1182261).
- commit 41b28a4
- Refresh
patches.suse/btrfs-don-t-flush-from-btrfs_delayed_inode_reserve_metadata.patch.
Moved to sorted section.
- commit eb45fd3
- xen/events: fix setting irq affinity (bsc#1184583 XSA-332
CVE-2020-27673).
- commit fc05c5b
- bpf, x86: Validate computation of branch displacements for
x86-64 (bsc#1184391 CVE-2021-29154).
- commit d4aa467
- nfc: Avoid endless loops caused by repeated llcp_sock_connect()
(CVE-2020-25673 bsc#1178181).
- nfc: fix memory leak in llcp_sock_connect() (CVE-2020-25672
bsc#1178181).
- nfc: fix refcount leak in llcp_sock_connect() (CVE-2020-25671
bsc#1178181).
- nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670
bsc#1178181).
- nfc: fix memory leak in llcp_sock_bind() (CVE-2020-25670
bsc#1178181).
- commit 2b122d6
- fuse: fix live lock in fuse_iget() (bsc#1184211 CVE-2021-28950).
- fuse: fix bad inode (bsc#1184211 CVE-2020-36322).
- commit 98e06ce
- media: v4l: ioctl: Fix memory leak in video_usercopy
(bsc#1184120 CVE-2021-30002).
- commit 4b54793
- firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
(CVE-2021-3483 bsc#1184393).
- commit 126037f
- n_tty: Fix stall at n_tty_receive_char_special() (CVE-2021-20219
bsc#1184397).
- commit 0c9fa44
- usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
(CVE-2021-29265 bsc#1184167).
- commit f2ca2a0
- gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264
bsc#1184168).
- commit 8d361ee
- PCI: rpadlpar: Fix potential drc_name corruption in store
functions (CVE-2021-28972 bsc#1184198).
- commit 4cbce48
- staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
(CVE-2021-28660 bsc#1183593).
- commit fabc8f6
- blk-mq: Allow blocking queue tag iter callbacks (CVE-2020-0433
bsc#1176720 bsc#1167316).
- blk-mq: sync the update nr_hw_queues with
blk_mq_queue_tag_busy_iter (CVE-2020-0433 bsc#1176720).
- commit 7c68d9d
- xen/events: avoid handling the same event on two cpus at the
same time (bsc#1183638 XSA-332 CVE-2020-27673).
- commit 11e2c61
- xen/events: don't unmask an event channel when an eoi is pending
(bsc#1183638 XSA-332 CVE-2020-27673).
- commit 37de3be
- xen/events: reset affinity of 2-level event when tearing it down
(bsc#1183638 XSA-332 CVE-2020-27673).
- commit 6777f4f
- Update
patches.suse/Xen-gnttab-handle-p2m-update-errors-on-a-per-slot-ba.patch
(bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- Update
patches.suse/xen-netback-respect-gnttab_map_refs-s-return-value.patch
(bsc#1183022 XSA-367 CVE-2021-28038): added CVE number
- commit 70823bb
- scsi: iscsi: Verify lengths on passthrough PDUs (CVE-2021-27365
bsc#1182715).
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
(CVE-2021-27365 bsc#1182715).
- scsi: iscsi: Restrict sessions and handles to admin capabilities
(CVE-2021-27363 CVE-2021-27364 bsc#1182716 bsc#1182717).
- commit 903ccb3
- btrfs: fix qgroup_free wrong num_bytes in
btrfs_subvolume_reserve_metadata (bsc#1182261).
- Refresh
patches.suse/btrfs-qgroup-fix-qgroup-meta-rsv-leak-for-subvolume-.patch.
- commit 78ec07a
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- commit 926f592
- btrfs: Don't flush from btrfs_delayed_inode_reserve_metadata
(bsc#1182047).
- commit c92e90d
- btrfs: Free correct amount of space in
btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- commit c3fc3b5
- btrfs: qgroup: don't try to wait flushing if we're already
holding a transaction (bsc#1179575).
- commit 1d7f556
- btrfs: qgroup: don't commit transaction when we already hold
the handle (bsc#1178634).
- commit 7c8ca22
- btrfs: qgroup: fix qgroup meta rsv leak for subvolume
operations (bsc#1177856).
- commit 27d228c
- btrfs: drop unused parameter qgroup_reserved (bsc#1182261).
- Refresh
patches.suse/btrfs-qgroup-Always-free-PREALLOC-META-reserve-in-bt.patch.
- commit 5901c46
- btrfs: remove unused parameter from
btrfs_subvolume_release_metadata (bsc#1182261).
- Refresh
patches.suse/0007-btrfs-qgroup-Introduce-extent-changeset-for-qgroup-r.patch.
- Refresh
patches.suse/0017-Btrfs-rework-outstanding_extents.patch.
- Refresh
patches.suse/0023-btrfs-qgroup-Use-separate-meta-reservation-type-for-.patch.
- Refresh
patches.suse/btrfs-qgroup-Always-free-PREALLOC-META-reserve-in-bt.patch.
- commit 59b5536
- btrfs: qgroup: fix wrong qgroup metadata reserve for delayed
inode (bsc#1177855).
- commit 2a452f6
- btrfs: qgroup: remove ASYNC_COMMIT mechanism in favor of
reserve retry-after-EDQUOT (bsc#1120163).
- commit 7a6a65b
- btrfs: qgroup: try to flush qgroup space when we get -EDQUOT
(bsc#1120163).
- commit 34d1a07
- btrfs: qgroup: allow to unreserve range without releasing
other ranges (bsc#1120163).
- commit d3d0651
- btrfs: qgroup: fix data leak caused by race between writeback
and truncate (bsc#1172247).
- commit c54b534
- btrfs: change timing for qgroup reserved space for ordered
extents to fix reserved space leak (bsc#1172247).
- commit 6f53911
- xen-netback: respect gnttab_map_refs()'s return value
(bsc#1183022 XSA-367).
- commit a5b0cfe
- Xen/gnttab: handle p2m update errors on a per-slot basis
(bsc#1183022 XSA-367).
- commit 65935ad
- btrfs: inode: move qgroup reserved space release to the callers
of insert_reserved_file_extent() (bsc#1172247).
- commit 4b19017
- btrfs: inode: refactor the parameters of
insert_reserved_file_extent() (bsc#1172247).
- commit 94c5865
- btrfs: make btrfs_ordered_extent naming consistent with
btrfs_file_extent_item (bsc#1172247).
- commit 36c7127
- btrfs: qgroup: Fix a bug that prevents qgroup to be re-enabled
after disable (bsc#1172247).
- commit 035ebc4
- btrfs: qgroup: mark qgroup inconsistent if we're inherting
snapshot to a new qgroup (bsc#1165823).
- commit f84426b
- btrfs: qgroup: Don't hold qgroup_ioctl_lock in
btrfs_qgroup_inherit() (bsc#1165823).
- commit a42bb5f
- Btrfs: add missing extents release on file extent cluster
relocation error (bsc#1159483).
- Refresh
patches.suse/btrfs-qgroup-Always-free-PREALLOC-META-reserve-in-bt.patch.
- commit f86a57d
- btrfs: tracepoints: Fix bad entry members of qgroup events
(bsc#1155186).
- commit d1b6145
- btrfs: tracepoints: Fix wrong parameter order for qgroup events
(bsc#1155184).
- commit bf2d301
- btrfs: qgroup: Always free PREALLOC META reserve in
btrfs_delalloc_release_extents() (bsc#1155179).
- commit 08d6f89
- btrfs: qgroup: Fix reserved data space leak if we have multiple
reserve calls (bsc#1152975).
- commit 0e53d82
- btrfs: qgroup: Fix the wrong target io_tree when freeing
reserved data space (bsc#1152974).
- commit e38cd4a
- kabi: mask changes to struct ipv6_stub (CVE-2020-1749
bsc#1165629).
- kabi: hide new parameter of ip6_dst_lookup_flow() (CVE-2020-1749
bsc#1165629).
- net: ipv6_stub: use ip6_dst_lookup_flow instead of
ip6_dst_lookup (CVE-2020-1749 bsc#1165629).
- net: ipv6: add net argument to ip6_dst_lookup_flow
(CVE-2020-1749 bsc#1165629).
- commit b290360
- cifs: report error instead of invalid when revalidating a
dentry fails (bsc#1177440).
- commit 7f491c1
- Delete
patches.suse/0001-cifs-ignore-revalidate-failures-in-case-of-process-g.patch.
- commit 10e49a7
- Delete
patches.suse/cifs-do-not-revalidate-mountpoint-dentries.patch.
- commit 29ff2ce
- Refresh
patches.fixes/bonding-fix-active-backup-failover-for-current-ARP-s.patch.
- commit 82c82a6
- xen-blkback: fix error handling in xen_blkbk_map() (XSA-365
CVE-2021-26930 bsc#1181843).
- commit 3332ae0
- xen-scsiback: don't "/handle"/ error by BUG() (XSA-362
CVE-2021-26931 bsc#1181753).
- commit dea8fbd
- xen-netback: don't "/handle"/ error by BUG() (XSA-362
CVE-2021-26931 bsc#1181753).
- commit 09948fd
- xen-blkback: don't "/handle"/ error by BUG() (XSA-362
CVE-2021-26931 bsc#1181753).
- commit a894675
- xen/arm: don't ignore return errors from set_phys_to_machine
(XSA-361 CVE-2021-26932 bsc#1181747).
- commit 5d66e33
- Xen/gntdev: correct error checking in gntdev_map_grant_pages()
(XSA-361 CVE-2021-26932 bsc#1181747).
- commit 018094f
- Xen/gntdev: correct dev_bus_addr handling in
gntdev_map_grant_pages() (XSA-361 CVE-2021-26932 bsc#1181747).
- commit 22a3fbe
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
(XSA-361 CVE-2021-26932 bsc#1181747).
- commit 51b7694
- Xen/x86: don't bail early from clear_foreign_p2m_mapping()
(XSA-361 CVE-2021-26932 bsc#1181747).
- commit 696d20a
- xen/netback: fix spurious event detection for common event case
(bsc#1182175).
- commit 1a8c5fa
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit 32875b8
- target: fix XCOPY NAA identifier lookup (CVE-2020-28374,
bsc#1178372).
- commit 18cb7d2
- ext4: check journal inode extents more carefully (bsc#1173485).
- commit 3245bb6
- ext4: don't allow overlapping system zones (bsc#1173485).
- commit 0759ec3
- ext4: handle error of ext4_setup_system_zone() on remount
(bsc#1173485).
- commit a559c95
- mm, memory_hotplug: do not clear numa_node association after
hot_remove (bnc#1115026).
- commit de1f3c2
- net/x25: fix a race in x25_bind() (networking-stable-19_03_15).
- commit 14e51bf
- less
-
- Add missing runtime dependency on which, which is used by lessopen.sh.
Fix bsc#1190552.
- libX11
-
- redone U_CVE-2021-31535.patch due to regressions (boo#1186643)
* fixes segfaults for xforms applications like fdesign
- U_CVE-2021-31535.patch
* adds missing request length checks in libX11 (CVE-2021-31535,
bsc#1182506)
- libcap
-
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690, bsc#1184434)
- Update to libcap 2.26 for supporting the ambient capabilities
(jsc#SLE-17092, jsc#ECO-3460)
- Drop obsoleted patch:
libcap-missing-capabilities.patch
- Use "/or"/ in the license tag to avoid confusion (bsc#1180073)
- libesmtp
-
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
- libgcrypt
-
- FIPS: Fix gcry_mpi_sub_ui subtraction [bsc#1193480]
* gcry_mpi_sub_ui: fix subtracting from negative value
* Add libgcrypt-FIPS-fix-gcry_mpi_sub_ui.patch
- Security fix: [bsc#1187212, CVE-2021-33560]
* Libgcrypt mishandles ElGamal encryption because it lacks exponent
blinding to address a side-channel attack against mpi_powm
- Add patches:
* libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
* libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
- libjpeg-turbo
-
fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the "/transform"/ component
+ libjpeg-turbo-CVE-2020-17541.patch
- security update
- added patches
- libjpeg62-turbo
-
fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the "/transform"/ component
+ libjpeg-turbo-CVE-2020-17541.patch
- security update
- added patches
- libnettle
-
- Security fix: [CVE-2021-3580, bsc#1187060]
* Remote crash in RSA decryption via manipulated ciphertext
* Add libnettle-CVE-2021-3580.patch
- Security fix: [bsc#1184401, bsc#1183835, CVE-2021-20305]
* multiply function being called with out-of-range scalars
* Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash().
- Add libnettle-CVE-2021-20305.patch
- libqb
-
- Add libqb-fix-linker-hack.patch to fix incomplete check for
needing a work-around, which is wrong for newer binutils. (bsc#1192470)
Related to [bsc#1075418].
- log: callsite symbols of main object are also handled in initializer (bsc#1075418)
* bsc#1075418-libqb-log_register_one.patch
- IPC: server: avoid temporary channel priority loss, up to deadlock-worth (gh#ClusterLabs/libqb#352, rh#1718773, bsc#1188212)
* bsc#1188212-0001-IPC-server-avoid-temporary-channel-priority-loss-up-.patch
- libqt5-qtbase
-
- Fix clipboard breaking when timer wraps after 50 days (bsc#1178600)
* 0001-XCB-Fix-clipboard-breaking-when-timer-wraps-after-50days.patch
- libsolv
-
- Turn on rich dependency handling needed for ptf support
[jsc#SLE-17973] [jsc#SLE-17974] [bnc#1190530]
- bump version to 0.6.38
- fix heap-buffer-overflow in repodata_schema2id [CVE-2019-20387]
[bnc#1161510]
- backport support for blacklisted packages to support ptf
packages and retracted patches [jsc#SLE-17973]
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare
cases
- testcase_read: error out if repos are added or the system is changed
too late [CVE-2021-3200] [bnc#1186229]
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
- bump version to 0.6.37
- libvirt
-
- CVE-2021-4147: libxl: Fix libvirtd segfault
a7a03324-libxl-protect-logger-access.patch
bsc#1193981, bsc#1194041
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF
1ac703a7-CVE-2021-3975.patch
bsc#1192876
- libvpx
-
- backport fix for out-of-bounds read on truncated key frames
CVE-2020-0034.patch bsc#1166066
- libxml2
-
- Security fix: [bsc#1186015, CVE-2021-3541]
* Exponential entity expansion attack bypasses all existing
protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
- Security fix: [bsc#1185698, CVE-2021-3537]
* NULL pointer dereference in valid.c:xmlValidBuildAContentModel
* Add libxml2-CVE-2021-3537.patch
- Security fix: [bsc#1185408, CVE-2021-3518]
* Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
* Add libxml2-CVE-2021-3518.patch
- Security fix: [bsc#1185410, CVE-2021-3517]
* Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3517.patch
- Security fix: [bsc#1185409, CVE-2021-3516]
* Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
* Add libxml2-CVE-2021-3516.patch
- libyui-qt
-
- Prevent segfault if an open dialog is left over:
Don't do anything widget related after the QApplication is
destroyed, in particular not deleting other widgets, even if
indirectly via YDialog::deleteAllDialogs() in YUI.
(bsc#1074596, bsc#1077991)
- 2.47.1.1
- Fix crash when shutting down the UI (gh#libyui-libyui-qt#41, bsc#931762)
- Fix a problem with hanging UI
- 2.47.1
- Add handler for Shift-F1 to show advanced keyboard shortcuts (bsc#1010039)
- 2.47.0
- Add support for @import directive in QSS
(related to bsc#768112 and bsc#780621)
- 2.46.30
- Rename Y2COLORMODE to Y2ALTSTYLE for consistency
(related to bsc#768112 and bsc#780621)
- 2.46.29
- Rename Y2HIGHCONTRAST environment variable to Y2COLORMODE
- Use 'alternate' instead of 'high-contrast'
- Load default style sheet if alternate style sheet does not exist
- All these changes are related to bsc#768112 and bsc#780621
- 2.46.28
- Fix high-contrast support (bsc#76811 and related to bsc#780621)
- 2.46.27
- Fix compilation with Qt 5.7 by using non-deprecated classes
(boo#1001141).
- Force showing widgets that were added after opening a dialog
(bsc#998593)
- Deliver timeout events only if the delivering dialog is still
the topmost (can only happen with Ctrl-Shift-Alt key combos)
- 2.46.25
- Do not append new line when content of log view do not change
(bnc#989155)
- 2.46.24
- Now Yast requests the focus to the window manager when running
fullscreen instead of relying on the window manager focus policy
(bsc#974627)
- 2.46.23
- Show help in wizard widget upon F1 and Alt-H (bnc#973389)
- 2.46.22
- fixed styling for the release notes dialog content (bsc#947167)
- 2.46.21
- Reorganized git for easier tarball creation:
- RPM spec files are kept in git verbatim, not as templates
- no longer call PREP_SPEC_FILES in CMakeLists.common
- No functional change but version bumped to push the package
down the pipeline (boo#946079).
- Handle QtInfoMsg value in switch; fixes build with Qt 5.5
(H Senjan, boo#942101).
- so-version bumped to match the main library.
- 2.46.19
- fixed styling for non-Wizard dialogues (bnc#925882)
- allow styling of the YQMainWinDock object (the main non-Wizard
window)
- the stylesheet editor (Ctrl+Shift+Alt+s) also works for
non-Wizard dialogues now
- 2.46.18
- fix layout of Help and Release Notes buttons (bsc#916814)
(credits to tgoettlicher)
- 2.46.17
- include Help and Release notes buttons in keyboard shortcut
resolution (bsc#880983)
- 2.46.16
- added keyboard shortcuts to Help and Release Notes buttons
(bnc#880983)
- 2.46.15
- added QT-specific dialog for displaying release notes
- Fixed building with cmake 3.1 (PREFIX in spec, boo#911875).
- 2.46.14
- libzypp
-
- Rephrase vendor conflict message in case 2 packages are
involved (bsc#1187760)
This covers the case where not the packages itself would change
its vendor, but replaces a package from a different vendor.
- RepoManager: Don't probe for plaindir repo if URL schema is
plugin: (bsc#1191286)
- version 16.22.3 (0)
- BuildRequires: libsolv-devel >= 0.6.38
Must rebuild all caches to make sure rich dependency handling is
turned on. Needed for PTF support. (jsc#SLE-17974, bsc#1190530)
- version 16.22.2 (0)
- Fix solver jobs for PTFs (bsc#1186503)
- version 16.22.1 (0)
- Add support for PTFs (jsc#SLE-17974)
- version 16.22.0 (0)
- Patch: Identify well-known category names (bsc#1179847)
This allows to use the RH and SUSE patch categrory names synonymously:
(recommendedi = bugfix) and (optional = feature = enhancement).
- version 16.21.5 (0)
- lifecycle-data-sle-live-patching
-
- Added data for 4_12_14-122_103, 4_12_14-122_98, 4_12_14-95_83,
4_4_180-94_150. (bsc#1020320)
- Added data for 4_12_14-122_88, 4_12_14-122_91. (bsc#1020320)
- Added data for 4_12_14-122_77, 4_12_14-122_80, 4_12_14-122_83,
4_12_14-95_80, 4_4_180-94_147. (bsc#1020320)
- Added data for 4_12_14-122_74, 4_12_14-95_77. (bsc#1020320)
- Added data for 4_12_14-122_66, 4_12_14-122_71, 4_12_14-95_74,
4_4_180-94_144. (bsc#1020320)
- Added data for 4_12_14-122_63, 4_12_14-95_71, 4_4_121-92_152,
4_4_180-94_141. (bsc#1020320)
- mozilla-nspr
-
- update to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
- update to version 4.31:
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
- update to version 4.30
* support longer thread names on macOS
* fix a build failure on OpenBSD
- update to version 4.29
* Remove macOS Code Fragment Manager support code
* Remove XP_MACOSX and OS_TARGET=MacOSX
* Refresh config.guess and config.sub
* Remove NSPR's patch to config.sub
* Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
* Fix a compiler warning
* Add rule for cross-compiling with cygwin
- update to version 4.27
* the macOS platform code for shared library loading was
changed to support macOS 11.
If the absolute path parameter given to PR_LoadLibrary
begins with either /System/ or /usr/lib/ then no test is
performed if the library exists at a file.
* An include statement for a Windows system library header
was added
- update to version 4.26
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
* Better support parallel building on Windows.
* The internal release automatic script requires python 3.
- mozilla-nss
-
- Mozilla NSS 3.68.2 (bsc#1193845)
* mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
(bmo#966856)
- Mozilla NSS 3.68.1
MFSA 2021-51 (bsc#1193170)
* CVE-2021-43527 (bmo#1737470)
Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
nss-bsc1193170.patch
- Removed nss-fips-kdf-self-tests.patch. This was made
obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
* Use GNU tar for the release helper script.
- update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
- update to NSS 3.63.1
* no upstream release notes for 3.63.1 (yet)
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt "/cachedCertTable"/
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
* required for Firefox 86
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
- update to NSS 3.59
Notable changes
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
* nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
obsolete by upstream changes.
- Modifications for NIST SP 800-56Ar3 compliance. This adds checks
and restricts Diffie-Hellman parameters in FIPS mode
(bsc#1176173).
New patches:
* nss-fips-stricter-dh.patch
* nss-fips-kdf-self-tests.patch
- update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
(boo#1176206)
- update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
nss-fips-constructor-self-tests.patch
- update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
* bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for "/O=Government
Root Certification Authority; C=TW"/ root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
* bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
- ncurses
-
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
CVE-2021-39537: ncurses: heap-based buffer overflow in
_nc_captoinfo in captoinfo.c
- net-snmp
-
- Fix hrStorage autofs objects timeout problems (bsc#1179699, bsc#1145864).
Add net-snmp-5.7.3-host-mib-skip-autofs-entries.patch
Add net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch
- Fix NSS mounted volumes in hrStorageDescr (bsc#1100146).
Add net-snmp-5.7.3-recognize-nss-pools-and-nss-volumes-oes.patch
- Fix subagent crash at save_set_var() (bsc#1178021).
Add net-snmp-5.7.3-subagent-set-response.patch
- Fix subagent data corruption (bsc#1178351, bsc#1179009).
Add net-snmp-5.7.3-fix-subagent-data-corruption.patch
- Fix confusing status for snmpd when start fails (bsc#1184839).
Modify rc.snmpd
- Fix output for high memTotalReal RAM values (bsc#1152968).
Add net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch
- Make extended MIB read-only (bsc#1174961, CVE-2020-15862).
Add net-snmp-5.7.3-make-extended-mib-read-only.patch
- nfs-utils
-
- Add 0200-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- 0191-mount-don-t-bind-a-socket-needlessly.patch
Don't bind() a non-priv socket immediately before connecting,
as this wastes port numbers.
(bsc#1187922)
- Add mountstats_0_3.py and man page.
mountstats_0_3 is mountstats from more recent a nfs-utils release.
It add more functionality, but as there are possible incompatible
changes, the old mountstats is left unchanged, and the new is provided
with the new name.
(bsc#1183297)
- 0190-manpage-Add-a-description-of-the-nconnect-mount-opti.patch
Improve nfs.man (bsc#1181651)
- 0181-mountd-reject-unknown-client-IP-when-use_ipaddr.patch
0182-mountd-Don-t-proactively-add-export-info-when-fh-inf.patch
0183-mountd-add-logging-for-authentication-results-for-ac.patch
0184-mountd-add-cache-use-ipaddr-option-to-force-use_ipad.patch
0185-mountd-make-default-ttl-settable-by-option.patch
Improve logging of authentication (bsc#1181540)
- ntp
-
- bsc#1186431: Fix a typo in %post .
- jsc#SLE-15482, ntp-clarify-interface.patch:
Adjust the documentation to clarify that "/interface ignore all"/
does not cover the wildcard and localhost addresses.
- Refactor the key handling in %post so that it does not overwrite
user settings (bsc#1036505, bsc#1183513).
- ocfs2-tools
-
- Rollback when dir_index creation fails (bsc#1192103)
+ libocfs2-roll-back-when-dir_index-creation-fails.patch
- Fix mounted.ocfs2 output when some devices are not ready (bsc#1191810)
+ fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch
+ update-mounted.ocfs2-mounted.c.patch
- openldap2-client
-
- bsc#1193296 - Resolve double free in sssvlv overlay
* 0223-ITS-8592-Fix-double-free-in-sssvlv-overlay.patch
- openslp
-
- Implement automatic active discovery retries so that DAs do
not get dropped if they are not reachable for some time
[bnc#1166637] [bnc#1184008]
new patch: openslp.unicastactivediscovery.diff
- openssh
-
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
(bsc#1190975, CVE-2021-41617), backported from upstream by
Ali Abdallah.
- openssl
-
- Other OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
* CVE-2021-3712 continued
* bsc#1189521
* Add CVE-2021-3712-other-ASN1_STRING-issues.patch
* Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
2021-08-24 00:47 PDT by Marcus Meissner
- The function X509_CERT_AUX_print() has a bug which may cause a read buffer overrun
when printing certificate details. A malicious actor could construct a
certificate to deliberately hit this bug, which may result in a crash of the
application (causing a Denial of Service attack).
* CVE-2021-3712
* bsc#1189521
* Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
- Security fixes:
* Integer overflow in CipherUpdate: Incorrect SSLv2 rollback
protection [bsc#1182333, CVE-2021-23840]
* Null pointer deref in X509_issuer_and_serial_hash()
[bsc#1182331, CVE-2021-23841]
- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch
- pacemaker
-
- scheduler: add test for probe of unmanaged resource on pending node (bsc#1188653)
* bsc#1188653-0003-Test-scheduler-add-test-for-probe-of-unmanaged-resou-1.1.patch
- scheduler: don't schedule probes of unmanaged resources on pending nodes (bsc#1188653)
* bsc#1188653-0001-Fix-scheduler-don-t-schedule-probes-of-unmanaged-res-1.1.patch
- libcrmcommon: Correctly handle case-sensitive ids of xml objects when changing a value. (bsc#1187414)
* bsc#1187414-0001-Fix-libcrmcommon-Correctly-handle-case-sensitive-ids.patch
- controld: purge attrd attributes when the remote node is up to ensure sync with CIB (bsc#1186693)
* bsc#1186693-clean-attrd-attributes-when-remote-node-is-up.patch
- iso8601: prevent sec overrun before adding up as long long
* 0001-Fix-iso8601-prevent-sec-overrun-before-adding-up-as-.patch
- execd: Skips merging of canceled fencing monitors.(Fix:#CLBZ5393)
* 0001-Mid-execd-Skips-merging-of-canceled-fencing-monitors.patch
- fencing: remove any devices that are not installed
* 0001-Fix-fencing-remove-any-devices-that-are-not-installe.patch
- liblrmd: Limit node name addition to proxied attrd update commands (rh#1907726)
* rh#1907726-0001-Fix-liblrmd-Limit-node-name-addition-to-proxied-attr.patch
- attrd: prevent leftover attributes of shutdown node in cib (bsc#1173668)
* bsc#1173668-0001-Fix-attrd-prevent-leftover-attributes-of-shutdown-no.patch
- controller, Pacemaker Explained: improve the documentation of `stonith-watchdog-timeout` cluster option (bsc#1174696, bsc#1184557)
* bsc#1174696-0003-Doc-controller-Pacemaker-Explained-improve-the-docum-1.1.patch
- scheduler: improve the documentation of `have-watchdog` cluster option (bsc#1174696, bsc#1184557)
* bsc#1174696-0002-Doc-scheduler-improve-the-documentation-of-have-watc-1.1.patch
- libpe_status: downgrade the message about the meaning of `have-watchdog=true` to info (bsc#1174696, bsc#1184557)
* bsc#1174696-0001-Log-libpe_status-downgrade-the-message-about-the-mea-1.1.patch
- crmadmin: printing DC quietly if needed (bsc#1178865, bsc#1181265)
* bsc#1178865-0001-Fix-crmadmin-printing-DC-quietly-if-needed-1.1.patch
- scheduler: update migrate-fail-9 test for migration code change (bsc#1177212, bsc#1182607)
* bsc#1177212-0009-Test-scheduler-update-migrate-fail-9-test-for-migrat-1.1.patch
- scheduler: don't schedule a dangling migration stop if one already occurred (bsc#1177212, bsc#1182607)
* bsc#1177212-0008-Fix-scheduler-don-t-schedule-a-dangling-migration-st-1.1.patch
- scheduler: properly detect dangling migrations (bsc#1177212)
* bsc#1177212-0007-Test-scheduler-test-failed-migration-followed-by-suc-1.1.patch
* bsc#1177212-0006-Fix-scheduler-properly-detect-dangling-migrations-1.1.patch
* bsc#1177212-0005-Refactor-scheduler-functionize-getting-call-ID-from--1.1.patch
- scheduler: only successful ops count for migration comparisons (bsc#1177212)
* bsc#1177212-0004-Low-scheduler-only-successful-ops-count-for-migratio-1.1.patch
* bsc#1177212-0003-Test-scheduler-fix-invalid-test-XML-1.1.patch
* bsc#1177212-0002-Refactor-libpe_status-reorganize-unpacking-migration-1.1.patch
- libpe_status: check for stops correctly when unpacking migration (bsc#1177212)
* bsc#1177212-0001-Low-libpe_status-check-for-stops-correctly-when-unpa-1.1.patch
- libpe_status: handle pending migrations correctly (bsc#1177212)
* bsc#1177212-0000-Low-libpe_status-handle-pending-migrations-correctly-1.1.patch
- pam
-
- pam_cracklib: backported code to check whether the password contains
a substring of of the user's name of at least <N> characters length
in some form from SLE-15.
This is enabled by the new parameter "/usersubstr=<N>"/
See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
[jsc#SLE-21741, pam-pam_cracklib-add-usersubstr.patch]
- Added tmpfiles for pam to set up directory for pam_faillock.
[pam.conf]
- Added pam_faillock to the set of modules.
[jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- In the 32-bit compatibility package for 64-bit architectures,
require "/systemd-32bit"/ to be also installed as it contains
pam_systemd.so for 32 bit applications.
[bsc#1185562, baselibs.conf]
- pam_limits: "/unlimited"/ is not a legitimate value for "/nofile"/
(see setrlimit(2)). So, when "/nofile"/ is set to one of the
"/unlimited"/ values, it is set to the contents of
"//proc/sys/fs/nr_open"/ instead.
Also changed the manpage of pam_limits to express this.
[bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
- pcre
-
- pcre 8.45 (the final release)
* Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
* Small patch to pcreposix.c to set the erroroffset field to -1 immediately
after a successful compile, instead of at the start of matching to avoid a
sanitizer complaint (regexec is supposed to be thread safe).
* Check the size of the number after (?C as it is read, in order to avoid
integer overflow. (bsc#1172974, CVE-2020-14155)
* Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
in pcretest.
- pcre 8.43
* In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
negative class with no characters less than 0x100 followed by a positive class
with only characters less than 0x100, the first class was incorrectly being
auto-possessified, causing incorrect match failures.
* If the only branch in a conditional subpattern was anchored, the whole
subpattern was treated as anchored, when it should not have been, since the
assumed empty second branch cannot be anchored. Demonstrated by test patterns
such as /(?(1)^())b/ or /(?(?=^))b/.
* Fix subject buffer overread in JIT when UTF is disabled and X or R has
a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
(bsc#1172973 CVE-2019-20838)
* If a pattern started with a subroutine call that had a quantifier with a
minimum of zero, an incorrect "/match must start with this character"/ could be
recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
be the first character of a match.
- pcre 8.42
* If a backreference with a minimum repeat count of zero was first in a
pattern, apart from assertions, an incorrect first matching character could be
recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
as the first character of a match.
* Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.
* When matching using the the REG_STARTEND feature of the POSIX API with a
non-zero starting offset, unset capturing groups with lower numbers than a
group that did capture something were not being correctly returned as "/unset"/
(that is, with offset values of -1).
* Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
containing multi-code-unit characters caused bad behaviour and possibly a
crash. This issue was fixed for other kinds of repeat in release 8.37 by change
38, but repeating character classes were overlooked.
- pcre 8.41
* Fix a missing else in the JIT compiler (bsc#1025709 CVE-2017-6004)
* A (?# style comment is now ignored between a basic quantifier and a
following '+' or '?' (example: /X+(?#comment)?Y/.
* Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
Pisar).
* In the 32-bit library in non-UTF mode, an attempt to find a Unicode
property for a character with a code point greater than 0x10ffff (the Unicode
maximum) caused a crash. (bsc#1030807 CVE-2017-7244)
* The alternative matching function, pcre_dfa_exec() misbehaved if it
encountered a character class with a possessive repeat, for example [a-f]{3}+.
(bsc#1030066 CVE-2017-7186)
* When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
length incorrectly, which could result in buffer overflow.
(bsc#1030805 CVE-2017-7245, bsc#1030803 CVE-2017-7246)
* Fix returned offsets from regexec() when REG_STARTEND is used with a
starting offset greater than zero.
- pcre 8.40
* Fix register overwite in JIT when SSE2 acceleration is enabled.
* Ignore "/show all captures"/ (/=) for DFA matching.
* Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
* In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
without PCRE_UCP set, a negative character type such as D in a positive
class should cause all characters greater than 255 to match, whatever else
is in the class. There was a bug that caused this not to happen if a
Unicode property item was added to such a class, for example [DP{Nd}] or
[WpL].
* A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
the conditional was interpreted as a reference to capturing group 1 instead
of a test for recursion. Any group whose name began with R was
misinterpreted in this way. (The reference interpretation should only
happen if the group's name is precisely "/R"/.)
* A number of bugs have been mended relating to match start-up optimizations
when the first thing in a pattern is a positive lookahead. These all
applied only when PCRE_NO_START_OPTIMIZE was *not* set:
(a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
both an initial 'X' and a following 'X'.
(b) Some patterns starting with an assertion that started with .* were
incorrectly optimized as having to match at the start of the subject or
after a newline. There are cases where this is not true, for example,
(?=.*[A-Z])(?=.{8,16})(?!.*[s]) matches after the start in lines that
start with spaces. Starting .* in an assertion is no longer taken as an
indication of matching at the start (or after a newline).
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- CVE-2021-4034: fixed a local privilege escalation in pkexec (bsc#1194568)
added CVE-2021-4034-pkexec-fix.patch
- CVE-2021-3560: fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync()
(bsc#1186497)
CVE-2021-3560.patch
- psmisc
-
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Fix bsc#1185208 to make private mount namespaces work as well
as to distinguish NFS mounts from same remote device share.
- Remove patch bsc1185208.patch as now solved in main patch/commit
- Fix for SG#60627, bsc#1185208:
* bsc1185208.patch: Don't list all processes from different private
namespace when fuser is run on a NFS mount.
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
* Fix bsc#1178407: fuser does not show open kvm storage image files
such as qcow2 files. Patch from Ali Abdallah <ali.abdallah@suse.com>
- python
-
- Set correct value of %python2_package_prefix to python
(as expected on SLE-12). (bsc#1175619)
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Update to 2.7.18, final release of Python 2. Ever.:
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in `PyArg_Parse` and similar
functions for format units "/es#"/ and "/et#"/ when the macro
`PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
warning about dangers of zip-bombs and other security problems
with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
"/Python urrlib allowed an HTTP server to conduct Regular
Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
- python-PyJWT
-
- Update in SLE-12 (bsc#1186173)
- Drop patches for issues fixed upstream
* CVE-2017-12880-pkcs1-pubkey.patch
* PyJWT-1.1.0.diff
- Avoid not needed python-pytest-cov and python-pytest-runner
BuildRequires. There is no need todo a coverage run during
package build.
- update to version 1.5.3:
* Changed
+ Increase required version of the cryptography package to
>=1.4.0.
* Fixed
+ Remove uses of deprecated functions from the cryptography
package.
+ Warn about missing algorithms param to decode() only when verify
param is True #281
- update to 1.5.2:
- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]
- Change optparse for argparse. [#238][238]
- Guard against PKCS1 PEM encododed public keys [#277][277]
- Add deprecation warning when decoding without specifying `algorithms` [#277][277]
- Improve deprecation messages [#270][270]
- PyJWT.decode: move verify param into options [#271][271]
- Support for Python 3.6 [#262][262]
- Expose jwt.InvalidAlgorithmError [#264][264]
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
- Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187]
- Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
- Tokens with future 'iat' values are no longer rejected [#190][190]
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims [#252][252]
- Add back 'ES512' for backward compatibility (for now) [#225][225]
- Fix incorrectly named ECDSA algorithm [#219][219]
- Fix rpm build [#196][196]
- Add JWK support for HMAC and RSA keys [#202][202]
- Restore runtime dependency python-ecdsa
- Convert to singlespec
- Remove unneeded dependency python-ecdsa
- Use "/download_files"/ in _service file to automate source fetching
- Drop pycrypto as dependency, we only need cryptography
- Use update-alternatives so it can be co-installable with python3-PyJWT
- Use dos2unix on jwt/__init__.py
- updated source url to files.pythonhosted.org
- Run the spec file through spec-cleaner
- Drop PyJWT-1.1.0.diff which was only used on rhel (?)
- python-PyYAML
-
- Add pyyaml.CVE-2020-14343.patch (bsc#1174514 CVE-2020-14343)
Prevents arbitrary code execution during python/object/* constructors
This patch contains the upstream git commit a001f27 from the 5.4 release.
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 5.3.1
* fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution
during python/object/new constructor
- update to 5.3
* Use `is` instead of equality for comparing with `None`
* fix typos and stylistic nit
* Fix up small typo
* Fix handling of __slots__
* Allow calling add_multi_constructor with None
* Add use of safe_load() function in README
* Fix reader for Unicode code points over 0xFFFF
* Enable certain unicode tests when maxunicode not > 0xffff
* Use full_load in yaml-highlight example
* Document that PyYAML is implemented with Cython
* Fix for Python 3.10
* increase size of index, line, and column fields
* remove some unused imports
* Create timezone-aware datetimes when parsed as such
* Add tests for timezone
- update to 5.2
* A more flexible fix for custom tag constructors
* Change default loader for yaml.add_constructor
* Change default loader for add_implicit_resolver, add_path_resolver
* Move constructor for object/apply to UnsafeConstructor
* Fix logic for quoting special characters
- python-base
-
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Update to 2.7.18, final release of Python 2. Ever.:
- Newline characters have been escaped when performing uu
encoding to prevent them from overflowing into to content
section of the encoded file. This prevents malicious or
accidental modification of data during the decoding process.
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- Fixed line numbers and column offsets for AST nodes for calls
without arguments in decorators.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
injection URLs now cause a InvalidURL to be raised.
- Fix urllib.urlretrieve failing on subsequent ftp transfers
from the same host.
- Fix problems identified by GCC's -Wstringop-truncation
warning.
- AddRefActCtx() was needlessly being checked for failure in
PC/dl_nt.c.
- Prevent failure of test_relative_path in test_py_compile on
macOS Catalina.
- Fixed possible leak in `PyArg_Parse` and similar
functions for format units "/es#"/ and "/et#"/ when the macro
`PY_SSIZE_T_CLEAN` is not defined.
- Remove upstreamed patches:
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
warning about dangers of zip-bombs and other security problems
with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
to python-base to keep both packages always synchronized (add
%{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
"/Python urrlib allowed an HTTP server to conduct Regular
Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
dependencies
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
- python-boto3
-
- Version update to 1.17.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
* api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
- from version 1.17.8
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``kinesis-video-archived-media``: [``botocore``] Update kinesis-video-archived-media
client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``redshift-data``: [``botocore``] Update redshift-data client to latest version
* api-change:``workmailmessageflow``: [``botocore``] Update workmailmessageflow client to latest version
* api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
- from version 1.17.7
* api-change:``personalize-events``: [``botocore``] Update personalize-events client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``iam``: [``botocore``] Update iam client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``detective``: [``botocore``] Update detective client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``appsync``: [``botocore``] Update appsync client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.17.6
* api-change:``databrew``: [``botocore``] Update databrew client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.17.5
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
- from version 1.17.4
* api-change:``dataexchange``: [``botocore``] Update dataexchange client to latest version
* api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``ivs``: [``botocore``] Update ivs client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.17.3
* api-change:``macie``: [``botocore``] Update macie client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.17.2
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
* api-change:``emr-containers``: [``botocore``] Update emr-containers client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``athena``: [``botocore``] Update athena client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.17.1
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``databrew``: [``botocore``] Update databrew client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``workmail``: [``botocore``] Update workmail client to latest version
* api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
- from version 1.17.0
* api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
* feature:Python: Dropped support for Python 3.4 and 3.5
* api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling
client to latest version
* api-change:``lookoutvision``: [``botocore``] Update lookoutvision client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
* feature:Python: [``botocore``] Dropped support for Python 3.4 and 3.5
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``rds-data``: [``botocore``] Update rds-data client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``route53``: [``botocore``] Update route53 client to latest version
* api-change:``location``: [``botocore``] Update location client to latest version
* enhancement:s3: [``botocore``] Amazon S3 now supports AWS PrivateLink, providing direct access
to S3 via a private endpoint within your virtual private network.
* api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
- from version 1.16.63
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
- from version 1.16.62
* api-change:``wellarchitected``: [``botocore``] Update wellarchitected client to latest version
* api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``databrew``: [``botocore``] Update databrew client to latest version
* bugfix:Validator: [``botocore``] Fix showing incorrect max-value in error message for
range and length value validation
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
- from version 1.16.61
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
* api-change:``customer-profiles``: [``botocore``] Update customer-profiles client to latest version
* api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
* api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
- from version 1.16.60
* api-change:``backup``: [``botocore``] Update backup client to latest version
- from version 1.16.59
* api-change:``greengrassv2``: [``botocore``] Update greengrassv2 client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.58
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi
client to latest version
- from version 1.16.57
* api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
- from version 1.16.56
* api-change:``sns``: [``botocore``] Update sns client to latest version
- from version 1.16.55
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
* api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
- from version 1.16.54
* api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
* api-change:``personalize``: [``botocore``] Update personalize client to latest version
- from version 1.16.53
* api-change:``appstream``: [``botocore``] Update appstream client to latest version
* api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.16.52
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``kms``: [``botocore``] Update kms client to latest version
- from version 1.16.51
* api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
- from version 1.16.50
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``transfer``: [``botocore``] Update transfer client to latest version
* api-change:``autoscaling-plans``: [``botocore``] Update autoscaling-plans client to latest version
- from version 1.16.49
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling
client to latest version
- from version 1.16.48
* api-change:``healthlake``: [``botocore``] Update healthlake client to latest version
* api-change:``cloudsearch``: [``botocore``] Update cloudsearch client to latest version
- from version 1.16.47
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.16.46
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.45
* api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
* api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
- from version 1.16.44
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
- from version 1.16.43
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
* api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
- from version 1.16.42
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.41
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
* api-change:``service-quotas``: [``botocore``] Update service-quotas client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``connectparticipant``: [``botocore``] Update connectparticipant client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``qldb-session``: [``botocore``] Update qldb-session client to latest version
* api-change:``outposts``: [``botocore``] Update outposts client to latest version
* api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry
client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
- from version 1.16.40
* api-change:``rds``: [``botocore``] Update rds client to latest version
* bugfix:SSO: [``botocore``] Fixed timestamp format for SSO credential expirations
* api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime
client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.39
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``kms``: [``botocore``] Update kms client to latest version
* api-change:``route53resolver``: [``botocore``] Update route53resolver client to latest version
* api-change:``sqs``: [``botocore``] Update sqs client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
* api-change:``route53``: [``botocore``] Update route53 client to latest version
- from version 1.16.38
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``amp``: [``botocore``] Update amp client to latest version
* api-change:``location``: [``botocore``] Update location client to latest version
* api-change:``wellarchitected``: [``botocore``] Update wellarchitected client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.37
* api-change:``iotwireless``: [``botocore``] Update iotwireless client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``greengrassv2``: [``botocore``] Update greengrassv2 client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``iotdeviceadvisor``: [``botocore``] Update iotdeviceadvisor client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
* api-change:``amp``: [``botocore``] Update amp client to latest version
* api-change:``iotfleethub``: [``botocore``] Update iotfleethub client to latest version
- from version 1.16.36
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator
client to latest version
* api-change:``devops-guru``: [``botocore``] Update devops-guru client
to latest version
- from version 1.16.35
* api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``pi``: [``botocore``] Update pi client to latest version
* api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
- from version 1.16.34
* api-change:``networkmanager``: [``botocore``] Update networkmanager
client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.33
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator
client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
- from version 1.16.32
* api-change:``ecr``: [``botocore``] Update ecr client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``auditmanager``: [``botocore``] Update auditmanager client to latest version
* api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
* api-change:``sagemaker-edge``: [``botocore``] Update sagemaker-edge client to latest version
* api-change:``forecast``: [``botocore``] Update forecast client to latest version
* api-change:``healthlake``: [``botocore``] Update healthlake client to latest version
* api-change:``emr-containers``: [``botocore``] Update emr-containers client to latest version
- from version 1.16.31
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry
client to latest version
- from version 1.16.30
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.16.29
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
* api-change:``amplifybackend``: [``botocore``] Update amplifybackend client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
- from version 1.16.28
* api-change:``customer-profiles``: [``botocore``] Update customer-profiles
client to latest version
- from version 1.16.27
* api-change:``sagemaker-featurestore-runtime``: [``botocore``] Update
sagemaker-featurestore-runtime client to latest version
* api-change:``ecr-public``: [``botocore``] Update ecr-public client to latest version
* api-change:``honeycode``: [``botocore``] Update honeycode client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``amplifybackend``: [``botocore``] Update amplifybackend client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``lookoutvision``: [``botocore``] Update lookoutvision client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``connect-contact-lens``: [``botocore``] Update connect-contact-lens client to latest version
* api-change:``profile``: [``botocore``] Update profile client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``appintegrations``: [``botocore``] Update appintegrations client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
* api-change:``devops-guru``: [``botocore``] Update devops-guru client to latest version
- from version 1.16.26
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.16.25
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
* api-change:``fsx``: [``botocore``] Update fsx client to latest version
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``timestream-write``: [``botocore``] Update timestream-write client to latest version
* api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``cloudtrail``: [``botocore``] Update cloudtrail client to latest version
* api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``mwaa``: [``botocore``] Update mwaa client to latest version
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
* api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
- from version 1.16.24
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``translate``: [``botocore``] Update translate client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``application-insights``: [``botocore``] Update application-insights client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``signer``: [``botocore``] Update signer client to latest version
* api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version
* api-change:``codeartifact``: [``botocore``] Update codeartifact client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``forecast``: [``botocore``] Update forecast client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``timestream-query``: [``botocore``] Update timestream-query client to latest version
* api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``outposts``: [``botocore``] Update outposts client to latest version
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
- from version 1.16.23
* api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry client to latest version
* api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``cloudhsmv2``: [``botocore``] Update cloudhsmv2 client to latest version
* api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``cognito-identity``: [``botocore``] Update cognito-identity client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
- from version 1.16.22
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``lex-runtime``: [``botocore``] Update lex-runtime client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``ds``: [``botocore``] Update ds client to latest version
* api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
- from version 1.16.21
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
* api-change:``cloudformation``: [``botocore``] Update cloudformation client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* bugfix:Retry: [``botocore``] Fix bug where retries were attempted on any response with an "/Error"/ key.
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``backup``: [``botocore``] Update backup client to latest version
* api-change:``outposts``: [``botocore``] Update outposts client to latest version
- from version 1.16.20
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``fms``: [``botocore``] Update fms client to latest version
* api-change:``network-firewall``: [``botocore``] Update network-firewall client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.16.19
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``iotsecuretunneling``: [``botocore``] Update iotsecuretunneling client to latest version
* api-change:``sns``: [``botocore``] Update sns client to latest version
* api-change:``synthetics``: [``botocore``] Update synthetics client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``codepipeline``: [``botocore``] Update codepipeline client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.18
* api-change:``textract``: [``botocore``] Update textract client to latest version
* api-change:``shield``: [``botocore``] Update shield client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- from version 1.16.17
* api-change:``personalize-runtime``: [``botocore``] Update personalize-runtime client to latest version
* api-change:``servicecatalog-appregistry``: [``botocore``] Update servicecatalog-appregistry client to latest version
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
* api-change:``polly``: [``botocore``] Update polly client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
* api-change:``lightsail``: [``botocore``] Update lightsail client to latest version
- from version 1.16.16
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``databrew``: [``botocore``] Update databrew client to latest version
* api-change:``forecast``: [``botocore``] Update forecast client to latest version
* api-change:``amplify``: [``botocore``] Update amplify client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.16.15
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.16.14
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``fsx``: [``botocore``] Update fsx client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``iotanalytics``: [``botocore``] Update iotanalytics client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``ecs``: [``botocore``] Update ecs client to latest version
* api-change:``datasync``: [``botocore``] Update datasync client to latest version
- from version 1.16.13
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
- from version 1.16.12
* api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``appmesh``: [``botocore``] Update appmesh client to latest version
- from version 1.16.11
* api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``mq``: [``botocore``] Update mq client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``meteringmarketplace``: [``botocore``] Update meteringmarketplace client to latest version
* api-change:``autoscaling``: [``botocore``] Update autoscaling client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.16.10
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.16.9
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
* api-change:``braket``: [``botocore``] Update braket client to latest version
* api-change:``sns``: [``botocore``] Update sns client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.16.8
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``codeartifact``: [``botocore``] Update codeartifact client to latest version
* api-change:``marketplacecommerceanalytics``: [``botocore``] Update marketplacecommerceanalytics client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
- from version 1.16.7
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``workmail``: [``botocore``] Update workmail client to latest version
- from version 1.16.6
* api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.16.5
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``neptune``: [``botocore``] Update neptune client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
- from version 1.16.4
* api-change:``mediatailor``: [``botocore``] Update mediatailor client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.16.3
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``sns``: [``botocore``] Update sns client to latest version
* api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
- from version 1.16.2
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
* api-change:``globalaccelerator``: [``botocore``] Update globalaccelerator client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.16.1
* api-change:``elasticbeanstalk``: [``botocore``] Update elasticbeanstalk client to latest version
* api-change:``appsync``: [``botocore``] Update appsync client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
- from version 1.16.0
* api-change:``backup``: [``botocore``] Update backup client to latest version
* api-change:``docdb``: [``botocore``] Update docdb client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* feature:imds: [``botocore``] Updated InstanceMetadataFetcher to use custom ipv6 uri as endpoint if envvar or config set
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.15.18
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.15.17
* api-change:``transfer``: [``botocore``] Update transfer client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``groundstation``: [``botocore``] Update groundstation client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``budgets``: [``botocore``] Update budgets client to latest version
* api-change:``accessanalyzer``: [``botocore``] Update accessanalyzer client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``workmail``: [``botocore``] Update workmail client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
- from version 1.15.16
* api-change:``snowball``: [``botocore``] Update snowball client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``amplify``: [``botocore``] Update amplify client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
- Update BuildRequires and Requires from setup.py
- Only build Python3 flavors for distributions 15 and greater
- Version update to 1.15.15
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``sns``: [``botocore``] Update sns client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``rekognition``: [``botocore``] Update rekognition client to latest version
- from version 1.15.14
* api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``compute-optimizer``: [``botocore``] Update compute-optimizer client to latest version
* api-change:``elasticache``: [``botocore``] Update elasticache client to latest version
- from version 1.15.13
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
* api-change:``marketplace-catalog``: [``botocore``] Update marketplace-catalog client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.15.12
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
* api-change:``dynamodb``: [``botocore``] Update dynamodb client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
- from version 1.15.11
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``personalize-events``: [``botocore``] Update personalize-events client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``servicediscovery``: [``botocore``] Update servicediscovery client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
- from version 1.15.10
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``appsync``: [``botocore``] Update appsync client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``wafv2``: [``botocore``] Update wafv2 client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
- from version 1.15.9
* api-change:``datasync``: [``botocore``] Update datasync client to latest version
* api-change:``s3control``: [``botocore``] Update s3control client to latest version
* api-change:``imagebuilder``: [``botocore``] Update imagebuilder client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
* api-change:``s3outposts``: [``botocore``] Update s3outposts client to latest version
* api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version
* api-change:``directconnect``: [``botocore``] Update directconnect client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
* api-change:``mediaconnect``: [``botocore``] Update mediaconnect client to latest version
* api-change:``pinpoint``: [``botocore``] Update pinpoint client to latest version
- from version 1.15.8
* api-change:``timestream-write``: [``botocore``] Update timestream-write client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``schemas``: [``botocore``] Update schemas client to latest version
* api-change:``timestream-query``: [``botocore``] Update timestream-query client to latest version
- from version 1.15.7
* api-change:``application-autoscaling``: [``botocore``] Update application-autoscaling client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.15.6
* api-change:``frauddetector``: [``botocore``] Update frauddetector client to latest version
* api-change:``config``: [``botocore``] Update config client to latest version
* api-change:``batch``: [``botocore``] Update batch client to latest version
* api-change:``docdb``: [``botocore``] Update docdb client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``sts``: [``botocore``] Update sts client to latest version
- from version 1.15.5
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``textract``: [``botocore``] Update textract client to latest version
* api-change:``amplify``: [``botocore``] Update amplify client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``savingsplans``: [``botocore``] Update savingsplans client to latest version
* api-change:``synthetics``: [``botocore``] Update synthetics client to latest version
- from version 1.15.4
* api-change:``translate``: [``botocore``] Update translate client to latest version
* api-change:``ce``: [``botocore``] Update ce client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``backup``: [``botocore``] Update backup client to latest version
- from version 1.15.3
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
* api-change:``workmail``: [``botocore``] Update workmail client to latest version
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
- from version 1.15.2
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``resourcegroupstaggingapi``: [``botocore``] Update resourcegroupstaggingapi client to latest version
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``events``: [``botocore``] Update events client to latest version
* api-change:``resource-groups``: [``botocore``] Update resource-groups client to latest version
* api-change:``rds``: [``botocore``] Update rds client to latest version
- from version 1.15.1
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
* api-change:``codestar-connections``: [``botocore``] Update codestar-connections client to latest version
- from version 1.15.0
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``apigateway``: [``botocore``] Update apigateway client to latest version
* api-change:``es``: [``botocore``] Update es client to latest version
* api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
* feature:dependency: [``botocore``] botocore has removed docutils as a required dependency
- from version 1.14.63
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
* api-change:``dlm``: [``botocore``] Update dlm client to latest version
* api-change:``greengrass``: [``botocore``] Update greengrass client to latest version
* api-change:``connect``: [``botocore``] Update connect client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.14.62
* api-change:``transcribe``: [``botocore``] Update transcribe client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``medialive``: [``botocore``] Update medialive client to latest version
* api-change:``budgets``: [``botocore``] Update budgets client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
- from version 1.14.61
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``managedblockchain``: [``botocore``] Update managedblockchain client to latest version
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``docdb``: [``botocore``] Update docdb client to latest version
- from version 1.14.60
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
- from version 1.14.59
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``ebs``: [``botocore``] Update ebs client to latest version
* api-change:``sso-admin``: [``botocore``] Update sso-admin client to latest version
* api-change:``s3``: [``botocore``] Update s3 client to latest version
- from version 1.14.58
* api-change:``kinesisanalyticsv2``: [``botocore``] Update kinesisanalyticsv2 client to latest version
* api-change:``glue``: [``botocore``] Update glue client to latest version
* api-change:``redshift-data``: [``botocore``] Update redshift-data client to latest version
- from version 1.14.57
* api-change:``lex-models``: [``botocore``] Update lex-models client to latest version
* api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
- Update BuildRequires and Requires from setup.py
- Version update to 1.14.56
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
- from version 1.14.55
* api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
* api-change:``guardduty``: [``botocore``] Update guardduty client to latest version
* api-change:``mediapackage``: [``botocore``] Update mediapackage client to latest version
* api-change:``kendra``: [``botocore``] Update kendra client to latest version
- from version 1.14.54
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
- from version 1.14.53
* api-change:``codeguru-reviewer``: [``botocore``] Update codeguru-reviewer client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
- from version 1.14.52
* api-change:``sqs``: [``botocore``] Update sqs client to latest version
* api-change:``backup``: [``botocore``] Update backup client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
- from version 1.14.51
* api-change:``cur``: [``botocore``] Update cur client to latest version
* api-change:``route53``: [``botocore``] Update route53 client to latest version
* api-change:``cloudfront``: [``botocore``] Update cloudfront client to latest version
* api-change:``emr``: [``botocore``] Update emr client to latest version
- from version 1.14.50
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``redshift``: [``botocore``] Update redshift client to latest version
* api-change:``gamelift``: [``botocore``] Update gamelift client to latest version
* api-change:``mediaconvert``: [``botocore``] Update mediaconvert client to latest version
- from version 1.14.49
* api-change:``appflow``: [``botocore``] Update appflow client to latest version
* api-change:``route53resolver``: [``botocore``] Update route53resolver client to latest version
- from version 1.14.48
* api-change:``iotsitewise``: [``botocore``] Update iotsitewise client to latest version
* api-change:``xray``: [``botocore``] Update xray client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``logs``: [``botocore``] Update logs client to latest version
* api-change:``dms``: [``botocore``] Update dms client to latest version
* api-change:``ssm``: [``botocore``] Update ssm client to latest version
* api-change:``kafka``: [``botocore``] Update kafka client to latest version
- from version 1.14.47
* api-change:``chime``: [``botocore``] Update chime client to latest version
* api-change:``fsx``: [``botocore``] Update fsx client to latest version
* api-change:``apigatewayv2``: [``botocore``] Update apigatewayv2 client to latest version
- from version 1.14.46
* api-change:``lakeformation``: [``botocore``] Update lakeformation client to latest version
* api-change:``storagegateway``: [``botocore``] Update storagegateway client to latest version
* api-change:``ivs``: [``botocore``] Update ivs client to latest version
* api-change:``organizations``: [``botocore``] Update organizations client to latest version
* api-change:``servicecatalog``: [``botocore``] Update servicecatalog client to latest version
- from version 1.14.45
* api-change:``identitystore``: [``botocore``] Update identitystore client to latest version
* api-change:``codebuild``: [``botocore``] Update codebuild client to latest version
* api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
* api-change:``datasync``: [``botocore``] Update datasync client to latest version
* api-change:``sesv2``: [``botocore``] Update sesv2 client to latest version
* api-change:``securityhub``: [``botocore``] Update securityhub client to latest version
- from version 1.14.44
* api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
* api-change:``quicksight``: [``botocore``] Update quicksight client to latest version
* api-change:``kinesis``: [``botocore``] Update kinesis client to latest version
* api-change:``ecr``: [``botocore``] Update ecr client to latest version
* api-change:``acm``: [``botocore``] Update acm client to latest version
* api-change:``robomaker``: [``botocore``] Update robomaker client to latest version
* api-change:``elb``: [``botocore``] Update elb client to latest version
* api-change:``acm-pca``: [``botocore``] Update acm-pca client to latest version
- from version 1.14.43
* api-change:``braket``: [``botocore``] Update braket client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``license-manager``: [``botocore``] Update license-manager client to latest version
* api-change:``sagemaker``: [``botocore``] Update sagemaker client to latest version
* api-change:``appstream``: [``botocore``] Update appstream client to latest version
- from version 1.14.42
* api-change:``rds``: [``botocore``] Update rds client to latest version
* api-change:``eks``: [``botocore``] Update eks client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``macie2``: [``botocore``] Update macie2 client to latest version
* api-change:``cognito-idp``: [``botocore``] Update cognito-idp client to latest version
* api-change:``appsync``: [``botocore``] Update appsync client to latest version
* api-change:``braket``: [``botocore``] Update braket client to latest version
- from version 1.14.41
* api-change:``transfer``: [``botocore``] Update transfer client to latest version
* api-change:``comprehend``: [``botocore``] Update comprehend client to latest version
* api-change:``ec2``: [``botocore``] Update ec2 client to latest version
* api-change:``fsx``: [``botocore``] Update fsx client to latest version
* api-change:``workspaces``: [``botocore``] Update workspaces client to latest version
* api-change:``lambda``: [``botocore``] Update lambda client to latest version
* api-change:``iot``: [``botocore``] Update iot client to latest version
* api-change:``cloud9``: [``botocore``] Update cloud9 client to latest version
- Update BuildRequires and Requires from setup.py
- python-botocore
-
- Version update to 1.20.9 (bsc#1182421, bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
* api-change:``devops-guru``: Update devops-guru client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
- from version 1.20.8
* api-change:``lightsail``: Update lightsail client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``kinesis-video-archived-media``: Update kinesis-video-archived-media
client to latest version
* api-change:``config``: Update config client to latest version
* api-change:``pinpoint``: Update pinpoint client to latest version
* api-change:``redshift-data``: Update redshift-data client to latest version
* api-change:``workmailmessageflow``: Update workmailmessageflow client to latest version
* api-change:``mediatailor``: Update mediatailor client to latest version
- from version 1.20.7
* api-change:``personalize-events``: Update personalize-events client to latest version
* api-change:``eks``: Update eks client to latest version
* api-change:``iam``: Update iam client to latest version
* api-change:``codepipeline``: Update codepipeline client to latest version
* api-change:``detective``: Update detective client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``wafv2``: Update wafv2 client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``appsync``: Update appsync client to latest version
* api-change:``rds``: Update rds client to latest version
- from version 1.20.6
* api-change:``databrew``: Update databrew client to latest version
* api-change:``rds``: Update rds client to latest version
- from version 1.20.5
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``mediaconvert``: Update mediaconvert client to latest version
* api-change:``qldb-session``: Update qldb-session client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``gamelift``: Update gamelift client to latest version
- from version 1.20.4
* api-change:``dataexchange``: Update dataexchange client to latest version
* api-change:``cloudtrail``: Update cloudtrail client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``ivs``: Update ivs client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``globalaccelerator``: Update globalaccelerator client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
- from version 1.20.3
* api-change:``macie``: Update macie client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``organizations``: Update organizations client to latest version
- from version 1.20.2
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``appflow``: Update appflow client to latest version
* api-change:``emr-containers``: Update emr-containers client to latest version
* api-change:``dlm``: Update dlm client to latest version
* api-change:``athena``: Update athena client to latest version
* api-change:``ec2``: Update ec2 client to latest version
- from version 1.20.1
* api-change:``lambda``: Update lambda client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``databrew``: Update databrew client to latest version
* api-change:``securityhub``: Update securityhub client to latest version
* api-change:``workmail``: Update workmail client to latest version
* api-change:``auditmanager``: Update auditmanager client to latest version
* api-change:``compute-optimizer``: Update compute-optimizer client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
- from version 1.20.0
* api-change:``appmesh``: Update appmesh client to latest version
* api-change:``application-autoscaling``: Update application-autoscaling client to latest version
* api-change:``lookoutvision``: Update lookoutvision client to latest version
* api-change:``organizations``: Update organizations client to latest version
* feature:Python: Dropped support for Python 3.4 and 3.5
* api-change:``s3control``: Update s3control client to latest version
* api-change:``rds-data``: Update rds-data client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``route53``: Update route53 client to latest version
* api-change:``location``: Update location client to latest version
* enhancement:s3: Amazon S3 now supports AWS PrivateLink, providing direct
access to S3 via a private endpoint within your virtual private network.
* api-change:``iotwireless``: Update iotwireless client to latest version
- from version 1.19.63
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``connect``: Update connect client to latest version
* api-change:``medialive``: Update medialive client to latest version
- from version 1.19.62
* api-change:``wellarchitected``: Update wellarchitected client to latest version
* api-change:``managedblockchain``: Update managedblockchain client to latest version
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``databrew``: Update databrew client to latest version
* bugfix:Validator: Fix showing incorrect max-value in error message for
range and length value validation
* api-change:``iot``: Update iot client to latest version
* api-change:``robomaker``: Update robomaker client to latest version
- from version 1.19.61
* api-change:``elasticache``: Update elasticache client to latest version
* api-change:``customer-profiles``: Update customer-profiles client to latest version
* api-change:``sesv2``: Update sesv2 client to latest version
* api-change:``accessanalyzer``: Update accessanalyzer client to latest version
* api-change:``lightsail``: Update lightsail client to latest version
* api-change:``es``: Update es client to latest version
- from version 1.19.60
* api-change:``backup``: Update backup client to latest version
- from version 1.19.59
* api-change:``greengrassv2``: Update greengrassv2 client to latest version
* api-change:``redshift``: Update redshift client to latest version
* api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``lexv2-models``: Update lexv2-models client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``ec2``: Update ec2 client to latest version
- from version 1.19.58
* api-change:``kafka``: Update kafka client to latest version
* api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi
client to latest version
- from version 1.19.57
* api-change:``acm-pca``: Update acm-pca client to latest version
* api-change:``chime``: Update chime client to latest version
* api-change:``ecs``: Update ecs client to latest version
- from version 1.19.56
* api-change:``sns``: Update sns client to latest version
- from version 1.19.55
* api-change:``pinpoint``: Update pinpoint client to latest version
* api-change:``cognito-identity``: Update cognito-identity client to latest version
* api-change:``s3control``: Update s3control client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
- from version 1.19.54
* api-change:``frauddetector``: Update frauddetector client to latest version
* api-change:``personalize``: Update personalize client to latest version
- from version 1.19.53
* api-change:``appstream``: Update appstream client to latest version
* api-change:``auditmanager``: Update auditmanager client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
* api-change:``lightsail``: Update lightsail client to latest version
- from version 1.19.52
* api-change:``rds``: Update rds client to latest version
* api-change:``kms``: Update kms client to latest version
- from version 1.19.51
* api-change:``devops-guru``: Update devops-guru client to latest version
* api-change:``codepipeline``: Update codepipeline client to latest version
* api-change:``mediaconvert``: Update mediaconvert client to latest version
- from version 1.19.50
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``transfer``: Update transfer client to latest version
* api-change:``autoscaling-plans``: Update autoscaling-plans client to latest version
- from version 1.19.49
* api-change:``ce``: Update ce client to latest version
* api-change:``application-autoscaling``: Update application-autoscaling
client to latest version
- from version 1.19.48
* api-change:``healthlake``: Update healthlake client to latest version
* api-change:``cloudsearch``: Update cloudsearch client to latest version
- Add python-nose to BuildRequires
- Drop python-pytest from BuildRequires
- Drop patch which no longer applies but hasn't been merged upstream yet
+ remove_nose.patch
- Switch testsuite invocation back to python-nose
- Update to 1.19.47
* api-change:servicecatalog: Update servicecatalog client to
latest version
- Changes in 1.19.46
* api-change:macie2: Update macie2 client to latest version
* api-change:elasticache: Update elasticache client to latest
version
- Changes in 1.19.45
* api-change:acm-pca: Update acm-pca client to latest version
* api-change:apigatewayv2: Update apigatewayv2 client to latest
version
- Changes in 1.19.44
* api-change:cloudfront: Update cloudfront client to latest
version
- Changes in 1.19.43
* api-change:compute-optimizer: Update compute-optimizer client
to latest version
* api-change:resource-groups: Update resource-groups client to
latest version
* api-change:dms: Update dms client to latest version
- Changes in 1.19.42
* api-change:ssm: Update ssm client to latest version
* api-change:iotwireless: Update iotwireless client to latest
version
* api-change:rds: Update rds client to latest version
* api-change:glue: Update glue client to latest version
* api-change:ce: Update ce client to latest version
* api-change:connect: Update connect client to latest version
* api-change:elasticache: Update elasticache client to latest
version
- Changes in 1.19.41
* api-change:config: Update config client to latest version
* api-change:ec2: Update ec2 client to latest version
* api-change:glue: Update glue client to latest version
* api-change:batch: Update batch client to latest version
* api-change:managedblockchain: Update managedblockchain client
to latest version
* api-change:service-quotas: Update service-quotas client to
latest version
* api-change:s3: Update s3 client to latest version
* api-change:connectparticipant: Update connectparticipant
client to latest version
* api-change:securityhub: Update securityhub client to latest
version
* api-change:qldb-session: Update qldb-session client to latest
version
* api-change:outposts: Update outposts client to latest version
* api-change:servicecatalog-appregistry: Update servicecatalog-
appregistry client to latest version
* api-change:dms: Update dms client to latest version
* api-change:apigateway: Update apigateway client to latest
version
- Changes in 1.19.40
* api-change:rds: Update rds client to latest version
* bugfix:SSO: Fixed timestamp format for SSO credential
expirations
* api-change:personalize-runtime: Update personalize-runtime
client to latest version
* api-change:ec2: Update ec2 client to latest version
- Changes in 1.19.39
* api-change:ec2: Update ec2 client to latest version
* api-change:servicecatalog: Update servicecatalog client to
latest version
* api-change:dlm: Update dlm client to latest version
* api-change:kms: Update kms client to latest version
* api-change:route53resolver: Update route53resolver client to
latest version
* api-change:sqs: Update sqs client to latest version
* api-change:config: Update config client to latest version
* api-change:imagebuilder: Update imagebuilder client to latest
version
* api-change:route53: Update route53 client to latest version
- Changes in 1.19.38
* api-change:ce: Update ce client to latest version
* api-change:amp: Update amp client to latest version
* api-change:location: Update location client to latest version
* api-change:wellarchitected: Update wellarchitected client to
latest version
* api-change:quicksight: Update quicksight client to latest
version
- Changes in 1.19.37
* api-change:iotwireless: Update iotwireless client to latest
version
* api-change:lambda: Update lambda client to latest version
* api-change:greengrassv2: Update greengrassv2 client to latest
version
* api-change:ssm: Update ssm client to latest version
* api-change:iotdeviceadvisor: Update iotdeviceadvisor client to
latest version
* api-change:iot: Update iot client to latest version
* api-change:iotanalytics: Update iotanalytics client to latest
version
* api-change:amp: Update amp client to latest version
* api-change:iotfleethub: Update iotfleethub client to latest
version
- Changes in 1.19.36
* api-change:ec2: Update ec2 client to latest version
* api-change:globalaccelerator: Update globalaccelerator client
to latest version
* api-change:devops-guru: Update devops-guru client to latest
version
- Changes in 1.19.35
* api-change:guardduty: Update guardduty client to latest
version
* api-change:iotsitewise: Update iotsitewise client to latest
version
* api-change:autoscaling: Update autoscaling client to latest
version
* api-change:cloudwatch: Update cloudwatch client to latest
version
* api-change:pi: Update pi client to latest version
* api-change:cloudtrail: Update cloudtrail client to latest
version
- Changes in 1.19.34
* api-change:networkmanager: Update networkmanager client to
latest version
* api-change:kendra: Update kendra client to latest version
* api-change:ec2: Update ec2 client to latest version
- Changes in 1.19.33
* api-change:globalaccelerator: Update globalaccelerator client
to latest version
* api-change:ec2: Update ec2 client to latest version
* api-change:redshift: Update redshift client to latest version
- Changes in 1.19.32
* api-change:ecr: Update ecr client to latest version
* api-change:sagemaker: Update sagemaker client to latest
version
* api-change:kendra: Update kendra client to latest version
* api-change:quicksight: Update quicksight client to latest
version
* api-change:auditmanager: Update auditmanager client to latest
version
* api-change:sagemaker-runtime: Update sagemaker-runtime client
to latest version
* api-change:sagemaker-edge: Update sagemaker-edge client to
latest version
* api-change:forecast: Update forecast client to latest version
* api-change:healthlake: Update healthlake client to latest
version
* api-change:emr-containers: Update emr-containers client to
latest version
- Changes in 1.19.31
* api-change:dms: Update dms client to latest version
* api-change:servicecatalog-appregistry: Update servicecatalog-
appregistry client to latest version
- Changes in 1.19.30
* api-change:ssm: Update ssm client to latest version
* api-change:ec2: Update ec2 client to latest version
* api-change:workspaces: Update workspaces client to latest
version
* api-change:license-manager: Update license-manager client to
latest version
* api-change:lambda: Update lambda client to latest version
* api-change:ds: Update ds client to latest version
* api-change:kafka: Update kafka client to latest version
* api-change:medialive: Update medialive client to latest
version
* api-change:rds: Update rds client to latest version
- Changes in 1.19.29
* api-change:license-manager: Update license-manager client to
latest version
* api-change:compute-optimizer: Update compute-optimizer client
to latest version
* api-change:amplifybackend: Update amplifybackend client to
latest version
* api-change:batch: Update batch client to latest version
- Changes in 1.19.28
* api-change:customer-profiles: Update customer-profiles client
to latest version
- Changes in 1.19.27
* api-change:sagemaker-featurestore-runtime: Update sagemaker-
featurestore-runtime client to latest version
* api-change:ecr-public: Update ecr-public client to latest
version
* api-change:honeycode: Update honeycode client to latest
version
* api-change:eks: Update eks client to latest version
* api-change:amplifybackend: Update amplifybackend client to
latest version
* api-change:lambda: Update lambda client to latest version
* api-change:sagemaker: Update sagemaker client to latest
version
* api-change:lookoutvision: Update lookoutvision client to
latest version
* api-change:ec2: Update ec2 client to latest version
* api-change:connect: Update connect client to latest version
* api-change:connect-contact-lens: Update connect-contact-lens
client to latest version
* api-change:profile: Update profile client to latest version
* api-change:s3: Update s3 client to latest version
* api-change:appintegrations: Update appintegrations client to
latest version
* api-change:ds: Update ds client to latest version
* api-change:devops-guru: Update devops-guru client to latest
version
- Changes in 1.19.26
* api-change:ec2: Update ec2 client to latest version
- Unpin upper versions
- Refresh remove_nose.patch
- Version update to 1.19.25
* api-change:``mediaconvert``: Update mediaconvert client to latest version
* api-change:``cloudformation``: Update cloudformation client to latest version
* api-change:``appflow``: Update appflow client to latest version
* api-change:``fsx``: Update fsx client to latest version
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``timestream-write``: Update timestream-write client to latest version
* api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version
* api-change:``batch``: Update batch client to latest version
* api-change:``cloudtrail``: Update cloudtrail client to latest version
* api-change:``cognito-idp``: Update cognito-idp client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``comprehend``: Update comprehend client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``mwaa``: Update mwaa client to latest version
* api-change:``lex-models``: Update lex-models client to latest version
* api-change:``gamelift``: Update gamelift client to latest version
- from version 1.19.24
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``translate``: Update translate client to latest version
* api-change:``kafka``: Update kafka client to latest version
* api-change:``application-insights``: Update application-insights client to latest version
* api-change:``glue``: Update glue client to latest version
* api-change:``signer``: Update signer client to latest version
* api-change:``codestar-connections``: Update codestar-connections client to latest version
* api-change:``codeartifact``: Update codeartifact client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``forecast``: Update forecast client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``ecs``: Update ecs client to latest version
* api-change:``timestream-query``: Update timestream-query client to latest version
* api-change:``sso-admin``: Update sso-admin client to latest version
* api-change:``securityhub``: Update securityhub client to latest version
* api-change:``lambda``: Update lambda client to latest version
* api-change:``outposts``: Update outposts client to latest version
* api-change:``license-manager``: Update license-manager client to latest version
* api-change:``dynamodb``: Update dynamodb client to latest version
- from version 1.19.23
* api-change:``servicecatalog-appregistry``: Update servicecatalog-appregistry client to latest version
* api-change:``appmesh``: Update appmesh client to latest version
* api-change:``kafka``: Update kafka client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``chime``: Update chime client to latest version
* api-change:``cloudhsmv2``: Update cloudhsmv2 client to latest version
* api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``cognito-identity``: Update cognito-identity client to latest version
* api-change:``connect``: Update connect client to latest version
- from version 1.19.22
* api-change:``ce``: Update ce client to latest version
* api-change:``lex-runtime``: Update lex-runtime client to latest version
* api-change:``glue``: Update glue client to latest version
* api-change:``lex-models``: Update lex-models client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``ds``: Update ds client to latest version
* api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
* api-change:``redshift``: Update redshift client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``lambda``: Update lambda client to latest version
- from version 1.19.21
* api-change:``elasticache``: Update elasticache client to latest version
* api-change:``cloudformation``: Update cloudformation client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* bugfix:Retry: Fix bug where retries were attempted on any response with an "/Error"/ key.
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``s3control``: Update s3control client to latest version
* api-change:``backup``: Update backup client to latest version
* api-change:``outposts``: Update outposts client to latest version
- from version 1.19.20
* api-change:``connect``: Update connect client to latest version
* api-change:``chime``: Update chime client to latest version
* api-change:``fms``: Update fms client to latest version
* api-change:``network-firewall``: Update network-firewall client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``macie2``: Update macie2 client to latest version
- from version 1.19.19
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``dms``: Update dms client to latest version
* api-change:``iotsecuretunneling``: Update iotsecuretunneling client to latest version
* api-change:``sns``: Update sns client to latest version
* api-change:``synthetics``: Update synthetics client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* api-change:``codepipeline``: Update codepipeline client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
- from version 1.19.18
* api-change:``textract``: Update textract client to latest version
* api-change:``shield``: Update shield client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
- from version 1.19.17
* api-change:``personalize-runtime``: Update personalize-runtime client to latest version
* api-change:``servicecatalog-appregistry``: Update servicecatalog-appregistry client to latest version
* api-change:``lex-models``: Update lex-models client to latest version
* api-change:``polly``: Update polly client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``robomaker``: Update robomaker client to latest version
* api-change:``lightsail``: Update lightsail client to latest version
- from version 1.19.16
* api-change:``mediaconvert``: Update mediaconvert client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* api-change:``databrew``: Update databrew client to latest version
* api-change:``forecast``: Update forecast client to latest version
* api-change:``amplify``: Update amplify client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
- from version 1.19.15
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``ssm``: Update ssm client to latest version
- from version 1.19.14
* api-change:``dynamodb``: Update dynamodb client to latest version
* api-change:``es``: Update es client to latest version
* api-change:``fsx``: Update fsx client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``iotanalytics``: Update iotanalytics client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``storagegateway``: Update storagegateway client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``ecs``: Update ecs client to latest version
* api-change:``datasync``: Update datasync client to latest version
- from version 1.19.13
* api-change:``ssm``: Update ssm client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``dlm``: Update dlm client to latest version
- from version 1.19.12
* api-change:``frauddetector``: Update frauddetector client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``kendra``: Update kendra client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``dynamodb``: Update dynamodb client to latest version
* api-change:``lambda``: Update lambda client to latest version
* api-change:``es``: Update es client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``appmesh``: Update appmesh client to latest version
- from version 1.19.11
* api-change:``cloudwatch``: Update cloudwatch client to latest version
* api-change:``es``: Update es client to latest version
* api-change:``xray``: Update xray client to latest version
* api-change:``mq``: Update mq client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``meteringmarketplace``: Update meteringmarketplace client to latest version
* api-change:``autoscaling``: Update autoscaling client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
- from version 1.19.10
* api-change:``ec2``: Update ec2 client to latest version
- from version 1.19.9
* api-change:``medialive``: Update medialive client to latest version
* api-change:``dms``: Update dms client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``imagebuilder``: Update imagebuilder client to latest version
* api-change:``braket``: Update braket client to latest version
* api-change:``sns``: Update sns client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
- from version 1.19.8
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``codeartifact``: Update codeartifact client to latest version
* api-change:``marketplacecommerceanalytics``: Update marketplacecommerceanalytics client to latest version
* api-change:``apigateway``: Update apigateway client to latest version
* api-change:``sesv2``: Update sesv2 client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``storagegateway``: Update storagegateway client to latest version
- from version 1.19.7
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``workmail``: Update workmail client to latest version
- from version 1.19.6
* api-change:``glue``: Update glue client to latest version
- from version 1.19.5
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``neptune``: Update neptune client to latest version
* api-change:``kendra``: Update kendra client to latest version
- from version 1.19.4
* api-change:``mediatailor``: Update mediatailor client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``macie2``: Update macie2 client to latest version
- from version 1.19.3
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* api-change:``sns``: Update sns client to latest version
* api-change:``accessanalyzer``: Update accessanalyzer client to latest version
* api-change:``appflow``: Update appflow client to latest version
- from version 1.19.2
* api-change:``organizations``: Update organizations client to latest version
* api-change:``globalaccelerator``: Update globalaccelerator client to latest version
* api-change:``kendra``: Update kendra client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``glue``: Update glue client to latest version
- from version 1.19.1
* api-change:``elasticbeanstalk``: Update elasticbeanstalk client to latest version
* api-change:``appsync``: Update appsync client to latest version
* api-change:``batch``: Update batch client to latest version
- from version 1.19.0
* api-change:``backup``: Update backup client to latest version
* api-change:``docdb``: Update docdb client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* feature:imds: Updated InstanceMetadataFetcher to use custom ipv6 uri as endpoint if envvar or config set
* api-change:``ssm``: Update ssm client to latest version
- from version 1.18.18
* api-change:``medialive``: Update medialive client to latest version
* api-change:``organizations``: Update organizations client to latest version
- from version 1.18.17
* api-change:``transfer``: Update transfer client to latest version
* api-change:``xray``: Update xray client to latest version
* api-change:``dms``: Update dms client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``groundstation``: Update groundstation client to latest version
* api-change:``rekognition``: Update rekognition client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``workspaces``: Update workspaces client to latest version
* api-change:``glue``: Update glue client to latest version
* api-change:``budgets``: Update budgets client to latest version
* api-change:``accessanalyzer``: Update accessanalyzer client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``workmail``: Update workmail client to latest version
* api-change:``iot``: Update iot client to latest version
- from version 1.18.16
* api-change:``snowball``: Update snowball client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* api-change:``eks``: Update eks client to latest version
* api-change:``amplify``: Update amplify client to latest version
* api-change:``medialive``: Update medialive client to latest version
- Update BuildRequires and Requires
- Only build Python3 flavors for distributions 15 and greater
- Version update to 1.18.15
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``sns``: Update sns client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``rekognition``: Update rekognition client to latest version
- from version 1.18.14
* api-change:``mediapackage``: Update mediapackage client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``compute-optimizer``: Update compute-optimizer client to latest version
* api-change:``elasticache``: Update elasticache client to latest version
- from version 1.18.13
* api-change:``dms``: Update dms client to latest version
* api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
* api-change:``marketplace-catalog``: Update marketplace-catalog client to latest version
* api-change:``ec2``: Update ec2 client to latest version
- from version 1.18.12
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``mediaconvert``: Update mediaconvert client to latest version
* api-change:``dynamodb``: Update dynamodb client to latest version
* api-change:``glue``: Update glue client to latest version
- from version 1.18.11
* api-change:``batch``: Update batch client to latest version
* api-change:``personalize-events``: Update personalize-events client to latest version
* api-change:``rds``: Update rds client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``servicediscovery``: Update servicediscovery client to latest version
* api-change:``s3``: Update s3 client to latest version
- from version 1.18.10
* api-change:``glue``: Update glue client to latest version
* api-change:``kafka``: Update kafka client to latest version
* api-change:``appsync``: Update appsync client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``wafv2``: Update wafv2 client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
- from version 1.18.9
* api-change:``datasync``: Update datasync client to latest version
* api-change:``s3control``: Update s3control client to latest version
* api-change:``imagebuilder``: Update imagebuilder client to latest version
* api-change:``securityhub``: Update securityhub client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``emr``: Update emr client to latest version
* api-change:``s3outposts``: Update s3outposts client to latest version
* api-change:``application-autoscaling``: Update application-autoscaling client to latest version
* api-change:``directconnect``: Update directconnect client to latest version
* api-change:``s3``: Update s3 client to latest version
* api-change:``mediaconnect``: Update mediaconnect client to latest version
* api-change:``pinpoint``: Update pinpoint client to latest version
- from version 1.18.8
* api-change:``timestream-write``: Update timestream-write client to latest version
* api-change:``connect``: Update connect client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``schemas``: Update schemas client to latest version
* api-change:``timestream-query``: Update timestream-query client to latest version
- from version 1.18.7
* api-change:``application-autoscaling``: Update application-autoscaling client to latest version
* api-change:``rds``: Update rds client to latest version
- from version 1.18.6
* api-change:``frauddetector``: Update frauddetector client to latest version
* api-change:``config``: Update config client to latest version
* api-change:``batch``: Update batch client to latest version
* api-change:``docdb``: Update docdb client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``sts``: Update sts client to latest version
- from version 1.18.5
* api-change:``transcribe``: Update transcribe client to latest version
* api-change:``textract``: Update textract client to latest version
* api-change:``amplify``: Update amplify client to latest version
* api-change:``eks``: Update eks client to latest version
* api-change:``savingsplans``: Update savingsplans client to latest version
* api-change:``synthetics``: Update synthetics client to latest version
- from version 1.18.4
* api-change:``translate``: Update translate client to latest version
* api-change:``ce``: Update ce client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``backup``: Update backup client to latest version
- from version 1.18.3
* api-change:``comprehend``: Update comprehend client to latest version
* api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
* api-change:``workmail``: Update workmail client to latest version
* api-change:``lex-models``: Update lex-models client to latest version
- from version 1.18.2
* api-change:``glue``: Update glue client to latest version
* api-change:``resourcegroupstaggingapi``: Update resourcegroupstaggingapi client to latest version
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``events``: Update events client to latest version
* api-change:``resource-groups``: Update resource-groups client to latest version
* api-change:``rds``: Update rds client to latest version
- from version 1.18.1
* api-change:``medialive``: Update medialive client to latest version
* api-change:``sso-admin``: Update sso-admin client to latest version
* api-change:``codestar-connections``: Update codestar-connections client to latest version
- from version 1.18.0
* api-change:``kendra``: Update kendra client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``comprehend``: Update comprehend client to latest version
* api-change:``apigateway``: Update apigateway client to latest version
* api-change:``es``: Update es client to latest version
* api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
* feature:dependency: botocore has removed docutils as a required dependency
- from version 1.17.63
* api-change:``servicecatalog``: Update servicecatalog client to latest version
* api-change:``dlm``: Update dlm client to latest version
* api-change:``greengrass``: Update greengrass client to latest version
* api-change:``connect``: Update connect client to latest version
* api-change:``ssm``: Update ssm client to latest version
- from version 1.17.62
* api-change:``transcribe``: Update transcribe client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``medialive``: Update medialive client to latest version
* api-change:``budgets``: Update budgets client to latest version
* api-change:``kafka``: Update kafka client to latest version
* api-change:``kendra``: Update kendra client to latest version
* api-change:``organizations``: Update organizations client to latest version
- from version 1.17.61
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``managedblockchain``: Update managedblockchain client to latest version
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``docdb``: Update docdb client to latest version
- from version 1.17.60
* api-change:``workspaces``: Update workspaces client to latest version
- from version 1.17.59
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``ebs``: Update ebs client to latest version
* api-change:``sso-admin``: Update sso-admin client to latest version
* api-change:``s3``: Update s3 client to latest version
- from version 1.17.58
* api-change:``kinesisanalyticsv2``: Update kinesisanalyticsv2 client to latest version
* api-change:``glue``: Update glue client to latest version
* api-change:``redshift-data``: Update redshift-data client to latest version
- from version 1.17.57
* api-change:``lex-models``: Update lex-models client to latest version
* api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``elbv2``: Update elbv2 client to latest version
- Drop patches no longer required
* hide_py_pckgmgmt.patch
- Refresh patches for new version
* remove_nose.patch
- Update BuildRequires and Requires from requirements.txt and setup.py
- Adjust remove_nose.patch to apply again
- Version update to 1.17.56
* api-change:``workspaces``: Update workspaces client to latest version
* api-change:``xray``: Update xray client to latest version
* api-change:``ssm``: Update ssm client to latest version
- from version 1.17.55
* api-change:``stepfunctions``: Update stepfunctions client to latest version
* api-change:``guardduty``: Update guardduty client to latest version
* api-change:``mediapackage``: Update mediapackage client to latest version
* api-change:``kendra``: Update kendra client to latest version
- from version 1.17.54
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``macie2``: Update macie2 client to latest version
- from version 1.17.53
* api-change:``codeguru-reviewer``: Update codeguru-reviewer client to latest version
* api-change:``securityhub``: Update securityhub client to latest version
- from version 1.17.52
* api-change:``sqs``: Update sqs client to latest version
* api-change:``backup``: Update backup client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``ec2``: Update ec2 client to latest version
- from version 1.17.51
* api-change:``cur``: Update cur client to latest version
* api-change:``route53``: Update route53 client to latest version
* api-change:``cloudfront``: Update cloudfront client to latest version
* api-change:``emr``: Update emr client to latest version
- from version 1.17.50
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``redshift``: Update redshift client to latest version
* api-change:``gamelift``: Update gamelift client to latest version
* api-change:``mediaconvert``: Update mediaconvert client to latest version
- from version 1.17.49
* api-change:``appflow``: Update appflow client to latest version
* api-change:``route53resolver``: Update route53resolver client to latest version
- from version 1.17.48
* api-change:``iotsitewise``: Update iotsitewise client to latest version
* api-change:``xray``: Update xray client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``logs``: Update logs client to latest version
* api-change:``dms``: Update dms client to latest version
* api-change:``ssm``: Update ssm client to latest version
* api-change:``kafka``: Update kafka client to latest version
- from version 1.17.47
* api-change:``chime``: Update chime client to latest version
* api-change:``fsx``: Update fsx client to latest version
* api-change:``apigatewayv2``: Update apigatewayv2 client to latest version
- from version 1.17.46
* api-change:``lakeformation``: Update lakeformation client to latest version
* api-change:``storagegateway``: Update storagegateway client to latest version
* api-change:``ivs``: Update ivs client to latest version
* api-change:``organizations``: Update organizations client to latest version
* api-change:``servicecatalog``: Update servicecatalog client to latest version
- from version 1.17.45
* api-change:``identitystore``: Update identitystore client to latest version
* api-change:``codebuild``: Update codebuild client to latest version
* api-change:``cognito-idp``: Update cognito-idp client to latest version
* api-change:``datasync``: Update datasync client to latest version
* api-change:``sesv2``: Update sesv2 client to latest version
* api-change:``securityhub``: Update securityhub client to latest version
- from version 1.17.44
* api-change:``elbv2``: Update elbv2 client to latest version
* api-change:``quicksight``: Update quicksight client to latest version
* api-change:``kinesis``: Update kinesis client to latest version
* api-change:``ecr``: Update ecr client to latest version
* api-change:``acm``: Update acm client to latest version
* api-change:``robomaker``: Update robomaker client to latest version
* api-change:``elb``: Update elb client to latest version
* api-change:``acm-pca``: Update acm-pca client to latest version
- from version 1.17.43
* api-change:``braket``: Update braket client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``license-manager``: Update license-manager client to latest version
* api-change:``sagemaker``: Update sagemaker client to latest version
* api-change:``appstream``: Update appstream client to latest version
- from version 1.17.42
* api-change:``rds``: Update rds client to latest version
* api-change:``eks``: Update eks client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``macie2``: Update macie2 client to latest version
* api-change:``cognito-idp``: Update cognito-idp client to latest version
* api-change:``appsync``: Update appsync client to latest version
* api-change:``braket``: Update braket client to latest version
- from version 1.17.41
* api-change:``transfer``: Update transfer client to latest version
* api-change:``comprehend``: Update comprehend client to latest version
* api-change:``ec2``: Update ec2 client to latest version
* api-change:``fsx``: Update fsx client to latest version
* api-change:``workspaces``: Update workspaces client to latest version
* api-change:``lambda``: Update lambda client to latest version
* api-change:``iot``: Update iot client to latest version
* api-change:``cloud9``: Update cloud9 client to latest version
- Add remove_nose.patch which ports test suite from nose to
pytest (mostly just plain unittest, I just don't know how to
mark tests as slow). Filed upstream as gh#boto/botocore#2134.
- python-cffi
-
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to version 1.11.5:
* Issue #357: fix ffi.emit_python_code() which generated a buggy
Python file if you are using a struct with an anonymous union
field or vice-versa.
* Windows: ffi.dlopen() should now handle unicode filenames.
* ABI mode: implemented ffi.dlclose() for the in-line case (it used
to be present only in the out-of-line case).
* Fixed a corner case for setup.py install --record=xx --root=yy
with an out-of-line ABI module. Also fixed Issue #345.
* More hacks on Windows for running CFFI’s own setup.py.
* Issue #358: in embedding, to protect against (the rare case of)
Python initialization from several threads in parallel, we have to
use a spin-lock. On CPython 3 it is worse because it might
spin-lock for a long time (execution of Py_InitializeEx()). Sadly,
recent changes to CPython make that solution needed on CPython 2
too.
* CPython 3 on Windows: we no longer compile with Py_LIMITED_API by
default because such modules cannot be used with virtualenv. Issue
[#350] mentions a workaround if you still want that and are not
concerned about virtualenv: pass a
define_macros=[("/Py_LIMITED_API"/, None)] to the
ffibuilder.set_source() call.
- specfile:
* delete patch cffi-loader.patch; included upstream
- update to version 1.11.4:
* Windows: reverted linking with python3.dll, because virtualenv
does not make this DLL available to virtual environments for
now. See Issue #355. On Windows only, the C extension modules
created by cffi follow for now the standard naming scheme
foo.cp36-win32.pyd, to make it clear that they are regular CPython
modules depending on python36.dll.
- changes from version 1.11.3:
* Fix on CPython 3.x: reading the attributes __loader__ or __spec__
from the cffi-generated lib modules gave a buggy
SystemError. (These attributes are always None, and provided only
to help compatibility with tools that expect them in all modules.)
* More Windows fixes: workaround for MSVC not supporting large
literal strings in C code (from
ffi.embedding_init_code(large_string)); and an issue with
Py_LIMITED_API linking with python35.dll/python36.dll instead of
python3.dll.
* Small documentation improvements.
- python-colorama
-
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix build on SLE-12
+ Set LANG to en_US.UTF8 in %build, %install and %check sections
- update to 0.4.4:
* Fixes
- update to version 0.4.3
* Several documentation & demo fixes.
- update to version 0.4.1:
* Fix issue #196: prevent exponential number of calls when calling
'init' multiple times. Reported by bbayles and fixed by Delgan.
- Switch to github tarball to get tests
- specfile:
* update copyright year
* move from tar.gz to zip on pypi
* be more specific in %files section
* remove devel from noarch
- update to version 0.4.0:
* Fix issue #142: reset LIGHT_EX colors with RESET_ALL. Reported by
Delgan
* Fix issue #147: ignore invalid "/erase"/ ANSI codes. Reported by
shin-
* Fix issues #163 and #164: fix stream wrapping under
PyCharm. Contributed by veleek and Delgan.
* Thanks to jdufresne for various code cleanup and updates to
documentation and project metadata. (pull requests #171, #172,
[#173], #174, #176, #177, #189, #190, #192)
* #186: added contextlib magic methods to ansitowin32.StreamWrapper.
Contributed by hoefling.
* Fix issue #131: don't cache stdio handles, since they might be
closed/changed by fd redirection. This fixes an issue with pytest.
Contributed by segevfiner.
* #146, #157: Drop support for EOL Python 2.5, 2.6, 3.1, 3.2 and
3.3, and add 3.6. Thanks to hugovk.
- python-cryptography
-
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 2.8
* Added support for Python 3.8.
* Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
* Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
* We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
* Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
* cryptography no longer depends on asn1crypto.
* FreshestCRL is now allowed as a CertificateRevocationList extension.
- Convert to single-spec (fate#324191, bsc#1065275)
- Run fdupes to hardlink duplicate files
+ Add fdupes to BuildRequires
+ Add %fdupes %{buildroot}/%{_prefix} to %install
- update to 2.7
* BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
The CMAC and HMAC APIs have not changed, but they are no longer registered
as MACContext instances.
* Removed support for running our tests with setup.py test.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
* Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an Extension object.
- Simplify the test execution to be more understandable
- update to 2.6.1:
* BACKWARDS INCOMPATIBLE:
Removedcryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature
andcryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature,
which had been deprecated for nearly 4 years. Use encode_dss_signature()
and decode_dss_signature()instead.
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
had been deprecated for nearly 3 years. Use serial_number instead.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
OpenSSL 1.1.1b.
* Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
* Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
* load_ssh_public_key() can now load ed25519 public keys.
* Add support for easily mapping an object identifier to its elliptic curve
class viaget_curve_for_oid().
* Add support for OpenSSL when compiled with the no-engine
(OPENSSL_NO_ENGINE) flag.
- Dependency on python-idna changed to "/Recommends"/ aligned with
change in upstream source (see below)
- update to 2.5:
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
but this version removes the default idna dependency as well. If you still
need this deprecated path please install cryptography with the idna extra:
pip install cryptography[idna].
* BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
* Numerous classes and functions have been updated to allow bytes-like
types for keying material and passwords, including symmetric algorithms,
AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a.
* Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
* Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1.
* Added support for X448 key exchange when using OpenSSL 1.1.1.
* Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
* Added initial support for parsing PKCS12 files with load_key_and_certificates().
* Added support for IssuingDistributionPoint.
* Added rfc4514_string() method to x509.Name,
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
or component an RFC 4514 Distinguished Name string.
* Added from_encoded_point(), which immediately checks if the point is on
the curve and supports compressed points. Deprecated the previous method
from_encoded_point().
* Added signature_hash_algorithm to OCSPResponse.
* Updated X25519 key exchange support to allow additional serialization
methods. Calling public_bytes() with no arguments has been deprecated.
* Added support for encoding compressed and uncompressed points via
public_bytes(). Deprecated the previous method encode_point().
- Update to version 2.4.2:
* Updated Windows, macOS, and manylinux1 wheels to be compiled
with OpenSSL 1.1.0j.
- Update to 2.4.1:
* Dropped support for LibreSSL 2.4.x.
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
longer supported by the OpenSSL project. At this time there
is no time table for dropping support, however we strongly
encourage all users to upgrade or install cryptography from
a wheel.
* Added initial :doc:`OCSP </x509/ocsp>` support.
* Added support for cryptography.x509.PrecertPoison.
- Fix fdupes call
- Update to 2.3.1:
* updated tests for upstream wycheproof changes
* many other tiny test tweaks
- update to 2.3:
* SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
which can allow tag forgery in some cases. The method now enforces the
min_tag_length provided to the GCM constructor.
* Added support for Python 3.7.
* Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
* Support for Python 2.7.x without hmac.compare_digest has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
cryptography release.
* Fixed multiple issues preventing cryptography from compiling
against LibreSSL 2.7.x.
* Added get_revoked_certificate_by_serial_number for quick
serial number searches in CRLs.
* The RelativeDistinguishedName class now preserves the order of attributes.
Duplicate attributes now raise an error instead of silently discarding duplicates.
* aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
if the wrapped key is an invalid length, instead of ValueError.
- update to 2.2.2
* fix build on some systems with openssl 1.1.0h
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls
- Update to upstream release 2.2.1:
* Reverted a change to GeneralNames which prohibited having zero elements,
due to breakages.
* Fixed a bug in
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding`
that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
* BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
* Resolved a bug in HKDF that incorrectly constrained output size.
* Added
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP256R1`,
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP384R1`, and
:class:`~cryptography.hazmat.primitives.asymmetric.ec.BrainpoolP512R1` to
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
:meth:`~cryptography.fernet.MultiFernet.rotate`.
* Fixed a memory leak in
:func:`~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key`.
* Added support for AES key wrapping with padding via
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap_with_padding` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap_with_padding` .
* Allow loading DSA keys with 224 bit q.
- fix deps for hypothesis, pytest
- Fix previous change and explicitly require python2 instead of
python because python itself is also provided by python3.
This fixes:
ImportError: No module named _ssl
when using python-cryptography in a python2 build environment
- Fix the previous change to not pull in py2 on py3 enviroment
- fix requires on python ssl once more after the last change
- build python3 subpackage (FATE#324435, bsc#1073879)
- python-py-doc
-
- CVE-2020-29651.patch (bsc#1179805, CVE-2020-29651, bsc#1184505)
* python-py: regular expression denial of service in svnwc.py
- python-requests
-
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix build on SLE-12
+ Add python to BuildRequires for suse_version < 1500
- remove patch pr_5251-pytest5.patch, not needed anymore.
- update to version 2.24.0:
- pyOpenSSL TLS implementation is now only used if Python
either doesn't have an `ssl` module or doesn't support
SNI. Previously pyOpenSSL was unconditionally used if available.
This applies even if pyOpenSSL is installed via the
`requests[security]` extra (#5443)
- Redirect resolution should now only occur when
`allow_redirects` is True. (#5492)
- No longer perform unnecessary Content-Length calculation for
requests that won't use it. (#5496)
- update to 2.23.0
- dropped merged_pr_5049.patch
- refreshed requests-no-hardcoded-version.patch
* Remove defunct reference to prefetch in Session __attrs__
* Requests no longer outputs password in basic auth usage warning
- Remove python-urllib3, python-certifi and ca-certificates from
main package BuildRequires, not required for building.
- Do not require full python, (implicit) python-base is sufficient.
- Add two patches only updating test logic to remove pytest 3 pin
- merged_pr_5049.patch
- pr_5251-pytest5.patch
- Hardcode pytest 3.x series as upstream even in git does not work
with newer versions (they pinned the release)
- Update to 2.22.0:
* Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)
- Rebase requests-no-hardcoded-version.patch
- Do not hardcode version requirements in setup.py allowing us to
update and verify functionality on our own:
* requests-no-hardcoded-version.patch
- Skip one more test that is flaky
- Do not depend on python-py
- Update few of the requirements
- update to version 2.21.0:
* Requests now supports idna v2.8.
- Support older Red Hat platforms that don't offer "/Recommends:"/
- Move name ahead of version in spec file to resolve build issues
on older distributions
- fdupe more thoroughly.
- update to version 2.20.1:
* Bugfixes
+ Fixed bug with unintended Authorization header stripping for
redirects using default ports (http/80, https/443).
- python-rsa
-
- Add cve_2020-13757.patch (CVE-2020-13757 bsc#1172389)
+ Handle leading '0' bytes during decryption of ciphertext
- python-six
-
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix testsuite on SLE-12
+ Add python to BuildRequires for suse_version < 1500
- Include in SLE-12 (FATE#326838, bsc#1113302)
- build python3 subpackage (FATE#324435, bsc#1073879)
- Submit 1.9.0 to SLE-12 (fate#319030, fate#318838, bsc#940812)
- sanitize release line in specfile
- python-urllib3
-
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
* Improve performance of sub-authority splitting in URL
- Update in SLE-12 (bsc#1182421, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
To maintain reproducibility, keep upstreams possibly outdated
RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
(gh#urllib3/urllib3#2109, bsc#1176389) and
test_timeout_errors_cause_retries should not fail.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
method. (bsc#1177120, CVE-2020-26137)
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
* Added support for ``SSLKEYLOGFILE`` environment variable for
logging TLS session keys with use with programs like
Wireshark for decrypting captured web traffic (Pull #1867)
* Fixed loading of SecureTransport libraries on macOS Big Sur
due to the new dynamic linker cache (Pull #1905)
* Collapse chunked request bodies data and framing into one
call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
* Don't insert ``None`` into ``ConnectionPool`` if the pool
was empty when requesting a connection (Pull #1866)
* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
* Added ``InvalidProxyConfigurationWarning`` which is raised when
erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
support connecting to HTTPS proxies but will soon be able to
and we would like users to migrate properly without much breakage.
* Drain connection after ``PoolManager`` redirect (Pull #1817)
* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
* Allow the CA certificate data to be passed as a string (Pull #1804)
* Raise ``ValueError`` if method contains control characters (Pull #1800)
* Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
* Drop support for EOL Python 3.4
* Optimize _encode_invalid_chars
* Preserve chunked parameter on retries
* Allow unset SERVER_SOFTWARE in App Engine
* Fix issue where URL fragment was sent within the request target.
* Fix issue where an empty query section in a URL would fail to parse.
* Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
* Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
6.x changed the API
- Update to 1.25.5:
* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
* Propagate Retry-After header settings to subsequent retries. (Pull #1607)
* Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
* Remove dependency on rfc3986 for URL parsing.
* Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
* Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
* Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Add urllib3-remove-authorization-header-when-redirecting-cross-host.patch
Remove Authorization header when redirecting cross-host
(gh#urllib3/urllib3#1316,boo#1119376,CVE-2018-20060)
- Use old pytest 3.x as newer do not work with this release
* this will be fixed with next release, just spread among
numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
python-urllib3 to python2-urllib3: the number of installed
instances of python2-urlliib3 is at this moment 1, unlike in
regular updates. This is due to a name change, which consists not
of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
directory-to-symlink switch, which cannot be handled by RPM
internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
python-urllib3, fixes boo#1138746
- Skip test_source_address_error as we raise different error with
fixes that we provide in new python2/3
- Add more test to skip as with new openssl some behaviour changed
and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
* Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
* Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
* Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
* Add support for Google's Brotli package. (Pull #1572, Pull #1579)
* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
This makes the check to be run always and ensure the urls are
"/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
* Require and validate certificates by default when using HTTPS
* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
encrypted ``key_file`` without creating your own ``SSLContext`` object.
* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
implementations. (Pull #1496)
* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
* Fixed issue where OpenSSL would block if an encrypted client private key was
given and no password was given. Instead an ``SSLError`` is raised.
* Added support for Brotli content encoding. It is enabled automatically if
``brotlipy`` package is installed which can be requested with
``urllib3[brotli]`` extra.
* Drop ciphers using DSS key exchange from default TLS cipher suites.
Improve default ciphers when using SecureTransport.
* Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
- Implemented a more efficient HTTPResponse.__iter__() method.
(Issue #1483)
- Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
(Pull #1487)
- Remove Authorization header regardless of case when
redirecting to cross-site. (Issue #1510)
- Added support for key_password for HTTPSConnectionPool to use
encrypted key_file without creating your own SSLContext
object. (Pull #1489)
- Fixed issue where OpenSSL would block if an encrypted client
private key was given and no password was given. Instead an
SSLError is raised. (Pull #1489)
- Require and validate certificates by default when using HTTPS
(Pull #1507)
- Added support for Brotli content encoding. It is enabled
automatically if brotlipy package is installed which can be
requested with urllib3[brotli] extra. (Pull #1532)
- Add TLSv1.3 support to CPython, pyOpenSSL, and
SecureTransport SSLContext implementations. (Pull #1496)
- Drop ciphers using DSS key exchange from default TLS cipher
suites. Improve default ciphers when using SecureTransport.
(Pull #1496)
- Add support for IPv6 addresses in subjectAltName section of
certificates. (Issue #1269)
- Switched the default multipart header encoder from RFC 2231
to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
* Remove quadratic behavior within GzipDecoder.decompress()
(Issue #1467)
* Restored functionality of ciphers parameter for
create_urllib3_context(). (Issue #1462)
- Update to 1.24:
* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
* Test against Python 3.7 on AppVeyor. (Pull #1453)
* Early-out ipv6 checks when running on App Engine. (Pull #1450)
* Change ambiguous description of backoff_factor (Pull #1436)
* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
* Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)
* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
* Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
* Move urllib3 to src/urllib3 (Pull #1409)
- Drop patch 1414.patch merged upstream
- Refresh patches:
* python-urllib3-recent-date.patch
* urllib3-ssl-default-context.patch
- Switch to multibuild to minize requirements for providing
urllib3 module.
- fix dependency again for passing tests for python 2.x
- Do not use ifpython2 for BRs where it does not work
- add python-ipaddress dependency for python 2.x
- Drop not needed devel and nose deps
- update to 1.23
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
* Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the Authorization header. Different
headers can be set via Retry.remove_headers_on_redirect.
* Fix util.selectors._fileobj_to_fd to accept long
* Dropped Python 3.3 support.
* Put the connection back in the pool when calling stream()
or read_chunked() on a chunked HEAD response.
* Fixed pyOpenSSL-specific ssl client authentication issue when clients
attempted to auth via certificate + chain
* Add the port to the connectionpool connect print
* Don't use the uuid module to create multipart data boundaries.
* read_chunked() on a closed response returns no chunks.
* Add Python 2.6 support to contrib.securetransport
* Added support for auth info in url for SOCKS proxy
- python3
-
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
(bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
reading potential HTTP headers after a 100 Continue status response
from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
rechecking solution for bsc#1129071).
- Refresh patches:
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- CVE-2019-9947-no-ctrl-char-http.patch
- CVE-2020-8492-urllib-ReDoS.patch
- Python-3.3.0b2-multilib.patch
- python-3.6-CVE-2017-18207.patch
- python3-urllib-prefer-lowercase-proxies.patch
- subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2020-27619-no-eval-http-content.patch fixing
CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- python3-PyYAML
-
- Add pyyaml.CVE-2020-14343.patch (bsc#1174514 CVE-2020-14343)
Prevents arbitrary code execution during python/object/* constructors
This patch contains the upstream git commit a001f27 from the 5.4 release.
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 5.3.1
* fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution
during python/object/new constructor
- update to 5.3
* Use `is` instead of equality for comparing with `None`
* fix typos and stylistic nit
* Fix up small typo
* Fix handling of __slots__
* Allow calling add_multi_constructor with None
* Add use of safe_load() function in README
* Fix reader for Unicode code points over 0xFFFF
* Enable certain unicode tests when maxunicode not > 0xffff
* Use full_load in yaml-highlight example
* Document that PyYAML is implemented with Cython
* Fix for Python 3.10
* increase size of index, line, and column fields
* remove some unused imports
* Create timezone-aware datetimes when parsed as such
* Add tests for timezone
- update to 5.2
* A more flexible fix for custom tag constructors
* Change default loader for yaml.add_constructor
* Change default loader for add_implicit_resolver, add_path_resolver
* Move constructor for object/apply to UnsafeConstructor
* Fix logic for quoting special characters
- python3-base
-
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
(bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
reading potential HTTP headers after a 100 Continue status response
from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
rechecking solution for bsc#1129071).
- Refresh patches:
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-18348-CRLF_injection_via_host_part.patch
- CVE-2019-9947-no-ctrl-char-http.patch
- CVE-2020-8492-urllib-ReDoS.patch
- Python-3.3.0b2-multilib.patch
- python-3.6-CVE-2017-18207.patch
- python3-urllib-prefer-lowercase-proxies.patch
- subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2020-27619-no-eval-http-content.patch fixing
CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support
calls eval() on content retrieved via HTTP.
- Make sure to close the import_failed.map file after the exception
has been raised in order to avoid ResourceWarnings when the
failing import is part of a try...except block.
- Add CVE-2021-23336-only-amp-as-query-sep.patch which forbids
use of semicolon as a query string separator (bpo#42967,
bsc#1182379, CVE-2021-23336).
- regionServiceClientConfigEC2
-
- Update to version 3.1.0 (bsc#1029162)
+ Add IPv6 addresses to config
+ Include IPv6 certificates
+ Requires cloud-regionsrv-client >= v9.3.0
- Update to version 3.0.0 (bsc#1176005, bsc#1176007)
+ Reduce the number of region servers
+ Require python3-ec2metadata to support IMDSv2 only setups
- release-notes-sles
-
- 12.3.20211208 (tracked in bsc#933411)
- Added note about unprivileged eBPF (jsc#DOCTEAM-433)
- Added note about virtual users in vsftpd (jsc#SLE-12573)
- Added note about LibreOffice 6.4 (jsc#SLE-11596)
- Added note about Salt 3000 update (jsc#SLE-12830)
- Added note about new kernel-firmware package (bsc#1143465)
- resource-agents
-
- SAPInstance fails to detect SAP unit files for systemd
(bsc#1189535)
Add upstream patches:
0001-Clear-out-the-DIR_EXECUTABLE-variable-so-we-catch-th.patch
0001-SAPInstance_fails_to_detect_SAP_unit_files_for_systemd.patch
0002-SAPInstance_fails_to_detect_SAP_unit_files_for_systemd.patch
- rsync
-
- Fix a segmentation fault in iconv [bsc#1188258]
* Add rsync-iconv-segfault.patch
- rsyslog
-
- fix memory leak when internal messages not processed internally
(bsc#1190483)
* add 0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
- fix memory leak in omfile (bsc#1189737)
* add 0001-omfile-bugfix-file-handle-leak.patch
- fix SIGSEV/SIGABRT in da-queue when using libfastjson (bsc#1187590)
* add 0001-Fix-race-condition-related-to-libfastjson-when-using.patch
- fix race in async writer (bsc#1179089)
* add 0001-omfile-bugfix-race-file-when-async-writing-is-enable.patch
- ruby2
-
Add patches to fix the following CVE's:
- CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
vulnerability in Net:IMAP (bsc#1188160)
- CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
responses vulnerability in Net:FTP (bsc#1188161)
- CVE-2020-25613.patch (CVE-2020-25613): Fix potential HTTP request
smuggling in WEBrick (bsc#1177125)
- CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
vulnerability in RDoc (bsc#1190375)
- samba
-
- CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bsc#1194859); (bso#14914).
- The username map [script] advice from CVE-2020-25717 advisory
note has undesired side effects for the local nt token. Fallback
to a SID/UID based mapping if the name based lookup fails;
(bsc#1192849); (bso#14901).
- CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
domain members; (bsc#1192284); (bso#14556);
- CVE-2021-20254 Buffer overrun in sids_to_unixids();
(bso#14571); (bsc#1184677).
- Avoid free'ing our own pointer in memcache when memcache_trim
attempts to reduce cache size; (bso#14625); (bnc#1179156).
- Adjust smbcacls '--propagate-inheritance' feature to align with
upstream; (bsc#1178469).
- sapconf
-
- version update from 5.0.2 to 5.0.3
- adapt the activity detection of saptune to the upcoming saptune
version 3
(bsc#1189496)
- version update from 5.0.1 to 5.0.2
- added sapconf_check and supportconfig plugin for sapconf
- change log message for 'MIN_PERF_PCT' parameter to reduce the
spot light
(bsc#1179524)
- add additional check to detect an active saptune service
(started but disabled and without any notes applied).
Improve the logging message.
(bsc#1182314)
- correct a typo in the last changelog entry (confused saptune and
sapconf).
Clarify the man page section about profile handling.
(bsc#1179880)
- preserve the state of the sapconf.service during the package
update. Only disable the sapconf service, if saptune is active.
In any other cases don't touch the state of the sapconf service.
If tuned has problems and the command 'tune-adm off' does not
work properly in the preinstall script of the package, try to
stop the tuned service to avoid weird error messages in the log
of tuned during and after the package update
(bsc#1182906)
from a persistent location in /var/lib/sapconf to a temporary
location at /run/sapconf_act_profile
- sbd
-
- Update to version 1.5.0+20210720.f4ca41f:
- sbd-inquisitor: Implement default delay start for diskless sbd (bsc#1189398)
- sbd-inquisitor: Sanitize numeric arguments
- Update to version 1.5.0+20210629.1c72cf2:
- sbd-inquisitor: tolerate and strip any leading spaces of command line option values (bsc#1187547)
- sbd-inquisitor: tell the actual watchdog device specified with `-w` (bsc#1187547)
- Revert "/Doc: adapt description of startup/shutdown sync with pacemaker"/
* 0001-Revert-Doc-adapt-description-of-startup-shutdown-syn.patch
- Update to version 1.5.0+20210614.d7f447d (v1.5.0):
- Deprecated path "//var/run/"/ used in systemd-services (bsc#1185182)
- Update to version 1.4.2+20210305.926b554:
- sbd-inquisitor: take the defaults for the options set in sysconfig with empty strings (bsc#1183259)
- Update to version 1.4.2+20210305.57b84b5:
- sbd-inquisitor: prevent segfault if no command is supplied (bsc#1183237)
- Update to version 1.4.2+20210304.488a5b9:
- sbd-inquisitor,sbd-md: make watchdog warning messages more understandable (bsc#1182648)
- sbd-inquisitor: calculate the default timeout for watchdog warning based on the watchdog timeout consistently (bsc#1182648)
- sbd-inquisitor: ensure the timeout for watchdog warning specified with `-5` option is respected (bsc#1182648)
- sbd-common: ensure the default timeout for watchdog warning is about 3/5 of the default watchdog timeout (bsc#1182648)
- sbd-inquisitor: downgrade the warning about SBD_SYNC_RESOURCE_STARTUP to notice (bsc#1180966)
* bsc#1180966-0001-Log-sbd-inquisitor-downgrade-the-warning-about-SBD_S.patch
- Update to version 1.4.2+20210129.5e2100f:
- Doc: adapt description of startup/shutdown sync with pacemaker
- Update to version 1.4.2+20201214.01c18c7:
- sbd-inquisitor: check SBD_SYNC_RESOURCE_STARTUP only in watch mode (bsc#1180966)
- Update to version 1.4.2+20201202.0446439 (v1.4.2):
- ship sbd.pc with basic sbd build information for downstream packages to use
- Update to version 1.4.1+20201105.507bd5f:
- sbd: inform the user to restart the sbd service (bsc#1179655)
- Update the uses of the systemd rpm macros
* use '%service_del_postun_without_restart' instead of '%service_del_postun -n'
* drop use of '%service_del_preun -n' as '-n' is unsafe and is deprecated
This part still needs to be reworked as leaving services running why their
package has been removed is unsafe.
- Update to version 1.4.1+20200819.4a02ef2:
- sbd-pacemaker: stay with basic string handling
- build: use configure for watchdog-default-timeout & others
- Update to version 1.4.1+20200807.7c21899:
- Update to version 1.4.1+20200727.1117c6b:
- make syncing of pacemaker resource startup configurable
- sbd-pacemaker: sync with pacemakerd for robustness
- Update to version 1.4.1+20200727.971affb:
- sbd-cluster: match qdevice-sync_timeout against wd-timeout
- Rebase:
* bsc#1140065-Fix-sbd-cluster-exit-if-cmap-is-disconnected.patch
- Update to version 1.4.1+20200624.cee826a:
- sbd-pacemaker: handle new no_quorum_demote (rh#1850078)
- sqlite3
-
- Sync version 3.36.0 from Factory to implement jsc#SLE-16032.
- The following CVEs have been fixed in upstream releases up to
this point, but were not mentioned in the change log so far:
* bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
multiSelectOrderBy due to mishandling of query-flattener
optimization
* bsc#1164719, CVE-2020-9327: NULL pointer dereference and
segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator
* bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
with WITH stack unwinding even after a parsing error
* bsc#1160438, CVE-2019-19959: memory-management error via
ext/misc/zipfile.c involving embedded '0' input
* bsc#1160309, CVE-2019-19923: improper handling of certain uses
of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference
* bsc#1159850, CVE-2019-19924: improper error handling in
sqlite3WindowRewrite()
* bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
during an update of a ZIP archive
* bsc#1159715, CVE-2019-19926: improper handling of certain
errors during parsing multiSelect in select.c
* bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
allows attackers to trigger an invalid pointer dereference
* bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
and CREATE VIEW statements, does not consider confusion with
a shadow table name
* bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
integrity_check PRAGMA command in certain cases of generated
columns
* bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements
* bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service
* bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also
has certain ORDER BY usage
* bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
vulnerability
* bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
collation-sequence names
* CVE-2020-13434 boo#1172115: integer overflow in
sqlite3_str_vappendf
* CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
* CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
to one of its shadow tables
* CVE-2020-13632 boo#1172240: NULL pointer dereference via
crafted matchinfo() query
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (boo#1172091)
- Remove the following patches from there which are all upstream:
* sqlite3-CVE-2017-10989.patch
* sqlite3-CVE-2017-2518.patch,
* sqlite3-CVE-2018-20346.patch,
* sqlite3-CVE-2018-8740.patch,
* sqlite3-CVE-2019-16168.patch,
* sqlite3-CVE-2019-8457.patch,
* sqlite3-journal-file.patch,
* sqlite3-xFetch-null.patch,
* sqlite3-CVE-2016-6153.patch
- sudo
-
- Tenable Scan reports sudo is still vulnerable to CVE-2021-3156
[bsc#1183936]
- supportutils
-
- Changes to version 3.0.10
+ Adding ethtool options g l m to network.txt (jsc#SLE-18239)
+ lsof options to improve performance (bsc#1186687)
+ Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
- Additions to version 3.0.9
+ prevent running 'systool -vb memory' by default on systems with 16TB or more #57 (bsc#1127734)
- Additions to version 3.0.9
+ Checks package signatures in rpm.txt (bsc#1021918)
+ Optimizing find (bsc#1184911)
- Using zypper --xmlout (bsc#1181351)
- Error fix for sysfs.txt (bsc#1089870)
- Additions to version 3.0.9
+ Added drbd information and configuration details to drbd.txt (bsc#1063765)
+ Added list-timers and list-jobs to systemd.txt (bsc#1169348)
+ nfs4 in search (bsc#1184828)
- Captures rotated logs with different compression methods (bsc#1179188)
- Minor wording change in text
- Removed deprecated mii-tool (bsc#1043601)
- Added -u for HTTPS and -a for FTPES uploads to SUSE FTP servers
(bsc#1051419)
- supportutils-plugin-ha-sap
-
- Update to version 0.0.2+git.1623772960.fed5aa7:
to fix bsc#1187373
* Added process list for sid<adm> user
* Added ENSA1 and ENSA2 informational messages
* Added filter to gather logs for "/sap_suse_cluster_connector"/
* Fixed documentation links
* Updated Documentation Links
* Added Authentication Section and capture information about
sid<adm> user
* Added some additional logic.
* Obscure clear text password from cluster resources using
"/crm configure show"/ output
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- suse-module-tools
-
- Update to version 12.6.1: Import kernel scriptlets from kernel-source
* rpm-script: fix bad exit status in OpenQA (bsc#1191922)
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
* cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
* cert-script: Only print mokutil output in verbose mode.
* inkmp-script(postun): don't pass existing files to weak-modules2
(boo#1191200)
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems
(boo#1191260)
* rpm-script: link config also into /boot (boo#1189879)
* Import kernel scriptlets from kernel-source.
(bsc#1189841, bsc#1190598)
* Provide "/suse-kernel-rpm-scriptlets"/
- sysstat
-
- Fix possible segfault in read_task_stats() [bsc#1194679]
- Add sysstat-fix-segfault-in-read_task_stats.patch
- systemd
-
- Added 1001-basic-unit-name-do-not-use-strdupa-on-a-path.patch (CVE-2021-33910 bsc#1188063)
This patch will be moved to the git repo once the bug will become
public.
- Import commit 45e55ba407af6c95bb31ee6274a410221b270631
7ee5d00c35 mount-util: shorten the loop a bit (#7545)
d11f9ecd26 mount-util: do not use the official MAX_HANDLE_SZ (#7523)
061ad6d042 mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
a3b6ac5b16 mount-util: fix bad indenting
2f1216da61 mount-util: EOVERFLOW might have other causes than buffer size issues
6aad8e1164 mount-util: fix error propagation in fd_fdinfo_mnt_id()
7f212aaf82 mount-util: drop exponential buffer growing in name_to_handle_at_loop()
575cd1cd59 udev: port udev_has_devtmpfs() to use path_get_mnt_id()
6e640e0f72 mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
f897e6fa6b mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
9a99b8e39b mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
2d37137b9a basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- Import commit e41f1650e7f69f44569d5b27a7ca27b69b162792
514ffd3db7 sysusers: use the usual comment style
5aa120f089 test/TEST-21-SYSUSERS: add tests for new functionality
8e55e98aae sysusers: allow admin/runtime overrides to command-line config
dca71da06a basic/strv: add function to insert items at position
0b0c80f431 sysusers: allow the shell to be specified
57cf9a6680 sysusers: move various user credential validity checks to src/basic/
cece58038d man: reformat table in sysusers.d(5)
579642f528 sysusers: take configuration as positional arguments
c3b02cbec6 sysusers: emit a bit more info at debug level when locking fails
e1beaac365 sysusers: allow force reusing existing user/group IDs (#8037)
c4dc42a352 sysusers: ensure GID in uid:gid syntax exists
7a55d8caf3 sysusers: make ADD_GROUP always create a group
895392a9a4 test: add TEST-21-SYSUSERS test
753dc29ca0 sysuser: use OrderedHashmap
5275d4e204 sysusers: allow uid:gid in sysusers.conf files
a15c051441 sysusers: fix memleak (#4430)
These commits implement the option '--replace' for systemd-sysusers
so %sysusers_create_package can be introduced in SLE and packages
can rely on this rpm macro without wondering whether the macro is
available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- Import commit 29b66d7e01845caec85e303e784ba216918715c1
b06adcab32 systemctl: add --value option
e1f9d7b8f0 execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
d2396ab8b7 rlimit-util: introduce setrlimit_closest_all()
d1e0854de9 system-conf: drop reference to ShutdownWatchdogUsec=
91110a7331 core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
b249d10eb5 Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- Import commit 0c74cd4d58ef31f346e1edb1be7692d61961897c
611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
65f4fa852e write_net_rules: set execute bits (bsc#1178561)
f60153e565 udev: rework network device renaming
df31eb968a Revert "/Revert "/udev: network device renaming - immediately give up if the target name isn't available"/"/
- Import commit d7219f1b222f5ca3ff58701d413bf09fe8ce2e82 (bsc#1183790)
b66e9a5e5a service: go through stop_post on failure (#4770)
8d4001767f service: only fail notify services on empty cgroup during start
322324c5e6 service: fix main processes exit behavior for type notify services
fdb06bc393 service: introduce protocol error type
1a94e63978 core: when a service's ExecStartPre= times out, skip ExecStop=
- Import commit fadcac5bb458e57306bd370995938af4c7ea05f8
832c6d3161 shutdown: bump kmsg log level to LOG_WARNING only
77fa130932 shutdown: rework bump_sysctl_printk_log_level() to use sysctl_writef()
17e2859d11 sysctl: add sysctl_writef() helper
0826c7395e shutdown: use "/int"/ for log level type
d3345e5d0d killall: bump log message about unkilled processes to LOG_WARNING
408ad0aeed core/killall: Log the process names not killed after 10s
235fb3716f shutdown: Bump sysctl kernel.printk log level in order to see info msg
816497776a core/killall: Propagate errors and return the number of process left
ea84ca6f13 shutdown: always pass errno to logging functions
28de6884a5 umount: beef up logging when umount/remount child processes fail
7954277e26 umount: Try unmounting even if remounting read-only failed
3e1b1be184 core: Implement sync_with_progress() (bsc#1178219)
748da3e5c7 core: Implement timeout based umount/remount limit (bsc#1178219)
705b3d7618 core: remove "/misuse"/ of getpgid() in systemd-shutdown
573617ed8a core: systemd-shutdown: avoid confusingly redundant messages
f07ddb30ad core: systemd-shutdown: add missing check for umount_changed
016365166a umount: always use MNT_FORCE in umount_all() (#7213)
f831b68e56 pid1: improve logging when failing to remount / ro (#5940)
4d1bbd1bc1 signal-util: use a slightly less likely to conflict variable name instead of 't'
447ed76ff9 shutdown: already sync IO before we enter the final killing spree
0a80b4a9ac shutdown: use (void)
8428aa0e6d shutdown: use 90s SIGKILL timeout
5cbaf621ca basic: mark unused variable as such
a320b497db nss: block various signals while running NSS lookups
87b294baa5 core: free m->deserialized_subscribed on daemon-reexec
0ba5127071 PATCH] Always free deserialized_subscribed on reload (bsc#1180020)
A bunch of commits which should improve the logs emitted by
systemd-shutdown during the shutdown process when some badly written
applications cannot be stopped properly and prevents some mount
points to be unmounted properly. See bsc#1178219 for an example of
such case.
- Don't use shell redirections when calling a rpm macro (bsc#1183094)
It's broken since the redirection is expanded where the parameters
of the macro are, which can be anywhere in the body of macro.
- systemd requires aaa_base >= 13.2
This dependency is required because 'systemctl
{is-enabled,enable,disable} <initscript>"/ ends up calling
systemd-sysv-install which in its turn calls "/chkconfig
- -no-systemctl"/.
aaa_base package has a weird versioning but the '--no-systemctl'
option has been introduced starting from SLE12-SP2-GA, which shipped
version "/13.2+git20140911.61c1681"/.
Spotted in bsc#1180083.
- Import commit 4eae068097b42f2fd2a942e637e91ba3c12b37af
386e85dcd3 core: Fix edge case when processing /proc/self/mountinfo (#7811) (bsc#1180596)
7be6e949dc udev: create /dev/disk/by-label symlink for LUKS2 (#8998) (bsc#1180885)
3bce298616 core: fix memory leak on reload (bsc#1180020)
b24b36d76c journal: do not trigger assertion when journal_file_close() get NULL (bsc#1179824)
703c08e0ae udev: Fix sound.target dependency (bsc#1179363)
07dc6d987d rules: enable hardware-related targets also for user instances
5cfed8b620 scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope
2710a4be38 core: serialize u->pids until the processes have been moved to the scope cgroup (bsc#1174436)
d3b81a8940 core: make sure RequestStop signal is send directed
bbe11f8400 time-util: treat /etc/localtime missing as UTC (bsc#1141597)
- tar
-
- security update
- added patches
fix CVE-2021-20193 [bsc#1181131], Memory leak in read_header() in list.c
+ tar-CVE-2021-20193.patch
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- tcsh
-
- Modify patch tcsh-6.18.01-toolong.patch to avoid to be oom killed
by broken history files (bsc#1192472)
- Add patch tcsh-6.18.01-toolong.patch which is an upstream commit
ported back to 6.18.01 to fix bsc#1179316 about history file growing
- telnet
-
- Update Source location to use Gentoo mirror, fixes bsc#1129925
- spec-cleaner used for cleaning the specfile up
- url was repaired
- tiff
-
- security update: Fix buffer overwrite
* CVE-2019-17546[bsc#1154365]
+ tiff-CVE-2019-17546.patch
- security update: Fix heap based buffer overflow in pal2rgb
* CVE-2017-17095[bsc#1071031]
+ tiff-CVE-2017-17095.patch
- security update: Fix OOB in _TIFFmemcpy
* CVE-2022-22844[bsc#1194539]
+ tiff-CVE-2022-22844.patch
- security update: Fix memory allocation failure in tif_read.c
* CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
+ tiff-CVE-2020-35521,CVE-2020-35522.patch
- security update: Fix DOS via invertImage()
* CVE-2020-19131[bsc#1190312]
+ tiff-CVE-2020-19131.patch
- security update: Fix heap-based buffer overflow in TIFF2PDF tool
* CVE-2020-35524[bsc#1182812]
+ tiff-CVE-2020-35524.patch
- security update: Fix integer overflow in tif_getimage
* CVE-2020-35523 [bsc#1182811]
+ tiff-CVE-2020-35523.patch
- tigervnc
-
- tigervnc-FIPS-use-RFC7919.patch
* Enable GnuTLS 3.6.0 and later to use Diffie-Hellman parameters
from RFC7919 instead of generating our own, for FIPS compliance.
* Specify RFC7919 parameters for GnuTLS older than 3.6.0.
* bsc#1179809
- timezone
-
- timezone update 2021e (bsc#1177460):
* Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
* Fiji suspends DST for the 2021/2022 season
* 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
- Install tzdata.zi (bsc#1188127)
- util-linux
-
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
util-linux-ipcs-shmall-overflow-1.patch,
util-linux-ipcs-shmall-overflow-2.patch).
- libblkid: Do not trigger CDROM autoclose (bsc#1084671,
util-linux-libblkid-cdrom-autoclose-1.patch,
util-linux-libblkid-cdrom-autoclose-2.patch,
util-linux-libblkid-cdrom-autoclose-3.patch).
- Modernize patch util-linux-sulogin4bsc1175514.patch
* Try to autoconfigure broken serial lines
- Add patch util-linux-sulogin4bsc1175514.patch
Avoid sulogin failing on not existing or not functional console
devices (bsc#1175514)
- Build with libudev support to support non-root users
(boo#1169006).
- lscpu: avoid segfault on PowerPC systems with valid hardware
configurations
(bsc#1175623, bsc#1178554, bsc#1178825,
lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch)
- Fix for SG#57988, bsc#1174942:
libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts
to CIFS with mount –a.
- blockdev: Do not fail --report on kpartx-style partitions on
multipath (bsc#1168235, util-linux-blockdev-report-dm.patch).
- nologin: Add support for -c to prevent error from su -c
(bsc#1151708, util-linux-nologin-su-c.patch).
- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch:
Avoid triggering autofs in lookup_umount_fs_by_statfs
(boo#1168389)
- Issue a warning for outdated pam files
(bsc#1082293, boo#1081947#c68).
- Do not skip trim of file systems with bind mounts
(boo1089529, util-linux-fstrim-a-bindmount.patch).
- Do not trim read-only volumes
(boo#1106214, util-linux-fstrim-RO.patch).
- libmount: To prevent incorrect behavior, recognize more pseudofs
and netfs (bsc#1122417, util-linux-libmount-pseudofs.patch).
- Fix license of libraries: LGPL-2.1-or-later and BSD-3-Clause for
libuuid (bsc#1135708).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196,
util-linux-agetty-smart-reload-01.patch,
util-linux-agetty-smart-reload-02.patch,
util-linux-agetty-smart-reload-03.patch,
util-linux-agetty-smart-reload-04.patch,
util-linux-agetty-smart-reload-05.patch,
util-linux-agetty-smart-reload-06.patch,
util-linux-agetty-smart-reload-07.patch,
util-linux-agetty-smart-reload-08.patch,
util-linux-agetty-smart-reload-09.patch,
util-linux-agetty-smart-reload-10.patch,
util-linux-agetty-smart-reload-11.patch,
util-linux-agetty-smart-reload-12.patch).
- agetty: Return previous response of agetty for special characters
(bsc#1085196, bsc#1125886,
util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch).
- agetty BEHAVIOR CHANGE: Terminal switches to character mode when
entering logname; echo is generated by the agetty itself.
(In past, logname echo was generated locally by the terminal,
using the canonical line editing mode.)
- util-linux-systemd
-
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
util-linux-ipcs-shmall-overflow-1.patch,
util-linux-ipcs-shmall-overflow-2.patch).
- libblkid: Do not trigger CDROM autoclose (bsc#1084671,
util-linux-libblkid-cdrom-autoclose-1.patch,
util-linux-libblkid-cdrom-autoclose-2.patch,
util-linux-libblkid-cdrom-autoclose-3.patch).
- Modernize patch util-linux-sulogin4bsc1175514.patch
* Try to autoconfigure broken serial lines
- Add patch util-linux-sulogin4bsc1175514.patch
Avoid sulogin failing on not existing or not functional console
devices (bsc#1175514)
- Build with libudev support to support non-root users
(boo#1169006).
- lscpu: avoid segfault on PowerPC systems with valid hardware
configurations
(bsc#1175623, bsc#1178554, bsc#1178825,
lscpu-avoid-segfault-on-PowerPC-systems-with-valid-h.patch)
- Fix for SG#57988, bsc#1174942:
libmount-fix-mount-a-EBUSY-for-cifs.patch: Fix warning on mounts
to CIFS with mount –a.
- blockdev: Do not fail --report on kpartx-style partitions on
multipath (bsc#1168235, util-linux-blockdev-report-dm.patch).
- nologin: Add support for -c to prevent error from su -c
(bsc#1151708, util-linux-nologin-su-c.patch).
- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch:
Avoid triggering autofs in lookup_umount_fs_by_statfs
(boo#1168389)
- Issue a warning for outdated pam files
(bsc#1082293, boo#1081947#c68).
- Do not skip trim of file systems with bind mounts
(boo1089529, util-linux-fstrim-a-bindmount.patch).
- Do not trim read-only volumes
(boo#1106214, util-linux-fstrim-RO.patch).
- libmount: To prevent incorrect behavior, recognize more pseudofs
and netfs (bsc#1122417, util-linux-libmount-pseudofs.patch).
- Fix license of libraries: LGPL-2.1-or-later and BSD-3-Clause for
libuuid (bsc#1135708).
- raw.service: Add RemainAfterExit=yes (bsc#1135534).
- agetty: Reload issue only if it is really needed (bsc#1085196,
util-linux-agetty-smart-reload-01.patch,
util-linux-agetty-smart-reload-02.patch,
util-linux-agetty-smart-reload-03.patch,
util-linux-agetty-smart-reload-04.patch,
util-linux-agetty-smart-reload-05.patch,
util-linux-agetty-smart-reload-06.patch,
util-linux-agetty-smart-reload-07.patch,
util-linux-agetty-smart-reload-08.patch,
util-linux-agetty-smart-reload-09.patch,
util-linux-agetty-smart-reload-10.patch,
util-linux-agetty-smart-reload-11.patch,
util-linux-agetty-smart-reload-12.patch).
- agetty: Return previous response of agetty for special characters
(bsc#1085196, bsc#1125886,
util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch).
- agetty BEHAVIOR CHANGE: Terminal switches to character mode when
entering logname; echo is generated by the agetty itself.
(In past, logname echo was generated locally by the terminal,
using the canonical line editing mode.)
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
[+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
[+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
- xen
-
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
- Fix xsa385.patch, xsa388-1.patch, and xsa389.patch.
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
designated memory limit (XSA-385)
xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
xen: PoD operations on misaligned GFNs (XSA-388)
xsa388-1.patch
xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
with partially successful P2M updates on x86 (XSA-389)
xsa389.patch
- xsa378-3.patch, xsa380-2.patch: Integrate bugfixes. (bsc#1189373
and bsc#1189378)
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
XENMAPSPACE_grant_table handling (XSA-384)
xsa384.patch
- bsc#1189882 - refresh libxc.sr.superpage.patch
prevent superpage allocation in the LAPIC and ACPI_INFO range
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
xsa378-0a.patch
xsa378-0b.patch
xsa378-0c.patch
xsa378-0d.patch
xsa378-1.patch
xsa378-2.patch
xsa378-3.patch
xsa378-4.patch
xsa378-5.patch
xsa378-6.patch
xsa378-7.patch
xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
pages may remain accessible after de-allocation. (XSA-379)
xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
grant table handling. (XSA-380)
xsa380-0.patch
xsa380-1.patch
xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
status frames array bounds check. (XSA-382)
xsa382.patch
- bsc#1182654 - VUL-1: CVE-2021-20255: xen: eepro100: stack
overflow via infinite recursion
CVE-2021-20255-qemut-eepro100-stack-overflow-via-infinite-recursion.patch
- Drop aarch64-maybe-uninitialized.patch as fix is in tarball.
- bsc#1187369 - VUL-1: CVE-2021-3592: xen: slirp: invalid pointer
initialization may lead to information disclosure (bootp)
CVE-2021-3592-qemut-slirp-bootp-1.patch
CVE-2021-3592-qemut-slirp-bootp-2.patch
- bsc#1187378 - VUL-1: CVE-2021-3594: xen: slirp: invalid pointer
initialization may lead to information disclosure (udp)
CVE-2021-3594-qemut-slirp-udp.patch
- bsc#1187376 - VUL-1: CVE-2021-3595: xen: slirp: invalid pointer
initialization may lead to information disclosure (tftp)
CVE-2021-3595-qemut-slirp-tcp.patch
- Prerequisite patches for above security issues
CVE-2021-3592-3594-3595-qemut-prereq1.patch
CVE-2021-3592-3594-3595-qemut-prereq2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
timeout detection / handling (XSA-373)
xsa373-0.patch
xsa373-1.patch
xsa373-2.patch
xsa373-3.patch
xsa373-4.patch
xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
Bypass (XSA-375)
xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
protections not restored after S3 (XSA-377)
xsa377.patch
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
format as expected by fillup. (bsc#1185682)
Each comment needs to be followed by an enabled key. Otherwise
fillup will remove manually enabled key=value pairs, along with
everything that looks like a stale comment, during next pkg update
- A recent systemd update caused a regression in xenstored.service
systemd now fails to track units that use systemd-notify
(bsc#1183790)
- Add xenstore-launch.patch, which adds a delay between the call
to systemd-notify and the final exit of the wrapper script
(bsc#1185021, bsc#1185196)
- bsc#1182846 - VUL-0: CVE-2021-20257: xen: infinite loop issue in
the e1000 NIC emulator
CVE-2021-20257-qemut-infinite-loop-issue-in-the-e1000-NIC-emulator.patch
- bsc#1182431 - VUL-0: CVE-2021-27379: xen: missed flush in XSA-321
backport (XSA-366)
xsa366.patch
- xfsprogs
-
- mkfs: don't treat files as though they are block devices (bsc#1186054)
* add xfsprogs-mkfs-don-t-treat-files-as-though-they-are-block-devi.patch
- xterm
-
- xterm-CVE-2021-27135.patch: Fixed buffer-overflow when clicking
on selected utf8 text. (bsc#1182091 CVE-2021-27135)
- yast2
-
- Do not use the 'installation-helper' binary to create snapshots
during installation or offline upgrade (bsc#1180142).
- Add a new exception to properly handle exceptions
when reading/writing snapshots numbers (related to bsc#1180142).
- save_y2logs: save kernel messages and udev log (snwint@suse.de).
Related to bsc#1089647 and bsc#1085212.
- 3.2.46.2
- yast2-installation
-
- Do not crash when it is not possible to create a snapshot after
installing or upgrading the system (bsc#1180142).
- 3.2.57.1
- yast2-pkg-bindings
-
- Pkg.ProvidePackage() - download the latest package version from
the repository, this ensures that the installer is updated with
the latest packages from the installer updates repository
(bsc#1185240)
- 3.2.5.1
- Fixed Pkg.ExpandedUrl to return also the password part
of the URL (bsc#1067007)
- 3.2.5
- yast2-update
-
- Do not rely on the 'installation-helper' binary to create
snapshots after installation or offline upgrade (bsc#1180142).
- Do not crash when it is not possible to create a snapshot before
upgrading the system (related to bsc#1180142).
- 3.2.2.1
- zsh
-
- Add CVE-2018-0502_CVE-2018-13259.patch. Fixes CVE-2018-0502 and
CVE-2018-13259 (bsc#1107296 and bsc#1107294).
- zypper
-
- Add support for PTFs (jsc#SLE-17974)
- version 1.13.60
- man: point out more clearly that patches update affected
packages to the latest available version (bsc#1187466)
- version 1.13.59